1.Notification of information and documents required pursuant to the notification obligations laid down in Regulations (EU) No 1307/2013 and (EU) No 1308/2013 and in the acts adopted on the basis of those Regulations shall be made by means of an information-technology-based system that the Commission makes available to Member States.
The information and documents shall be set up and notified in accordance with:
(a)the procedures established for the information system;
(b)the access rights granted by the single liaison body referred to in Delegated Regulation (EU) 2017/1183; and
(c)the forms made available to users in the information system.
2.By way of exception to the first paragraph of paragraph 1, Member States may make the required information available to the Commission by mail, by telefax, by electronic mail or by hand:
(a)if the Commission has not made available the information technology means for a specific notification obligation;
(b)in cases of force majeure or exceptional circumstances which make it impossible for the Member State to use the information system referred to in paragraph 1.
The information system made available by the Commission shall be designed to protect the integrity of the documents notified and held. In particular, it shall:
allow each user to be unequivocally identified and shall incorporate effective control measures of access rights in order to protect against illegal, malicious or unauthorised access, deletion, alteration or movement of documents, files or metadata;
be equipped with physical protection systems against intrusions and environmental incidents and with software protection against possible cyber-attacks;
prevent any unauthorised changes and incorporate integrity mechanisms to check if a document has been altered over time;
keep an audit trail for each essential stage of the procedure;
safeguard stored data in an environment which is secure in both physical and software terms, in accordance with point (b);
provide reliable format conversion and migration procedures in order to guarantee that documents are legible and accessible throughout the entire storage period required;
have sufficiently detailed and up-to-date functional and technical documentation on the operation and characteristics of the system; that documentation shall be accessible at all times to the organisational entities responsible for the functional and/or technical specifications.
The authenticity of a document notified or stored using an information system in conformity with this Regulation is recognised if the person who sent the document is duly identified and if the document has been set up and notified in compliance with this Regulation.
1.The provisions of this Regulation shall apply without prejudice to Directive 95/46/EC, Regulation (EC) No 45/2001, Regulation (EC) No 1049/2001, and Directive 2002/58/EC and the provisions adopted pursuant to them.
2.Member States shall take the necessary steps to protect the confidentiality of data received from economic operators.
3.Where information notified to the Commission is obtained from less than three operators, or where information from a single operator accounts for more than 70 % of the quantum of such information notified, the Member State concerned shall signal this to the Commission when notifying the information.
4.The Commission shall not publish information in such a way that can lead to the identification of an individual operator. Where such a risk exists, the Commission shall only publish such information in an aggregate form.
Save as otherwise provided for in the acts referred to in Article 1, where a Member State has not notified the Commission the required information or documents by the deadline (‘nil return’), the Member State shall be deemed to have notified the Commission:
in the case of quantitative information, of a zero value;
in the case of qualitative information, of a ‘nothing to report’ situation.