Regulation (EU) 2017/2226 of the European Parliament and of the CouncilShow full title

CHAPTER IU.K. GENERAL PROVISIONS

Article 1U.K.Subject matter

1.This Regulation establishes an ‘Entry/Exit System’ (EES) for:

(a)the recording and storage of the date, time and place of entry and exit of third–country nationals crossing the borders of the Member States at which the EES is operated;

(b)the calculation of the duration of the authorised stay of such third-country nationals;

(c)the generation of alerts to Member States when the authorised stay has expired; and

(d)the recording and storage of the date, time and place of refusal of entry of third-country nationals whose entry for a short stay has been refused, as well as the authority of the Member State which refused the entry and the reasons therefor.

2.For the purposes of the prevention, detection and investigation of terrorist offences or of other serious criminal offences, this Regulation also lays down the conditions under which Member States’ designated authorities and Europol may obtain access to the EES for consultation.

[F13. By storing identity data, travel document data and biometric data in the common identity repository (CIR) established by Article 17(1) of Regulation (EU) 2019/817 of the European Parliament and of the Council (1) , the EES contributes to facilitating and assisting in the correct identification of persons registered in the EES under the conditions and for the purposes of Article 20 of that Regulation.]

Article 2U.K.Scope

1.This Regulation applies to:

(a)third-country nationals admitted for a short stay to the territory of the Member States who are subject to border checks in accordance with Regulation (EU) 2016/399 when crossing the borders at which the EES is operated; and

(b)third-country nationals, on entry to and exit from the territory of the Member States, who:

2.This Regulation also applies to third-country nationals whose entry for a short stay to the territory of the Member States is refused in accordance with Article 14 of Regulation (EU) 2016/399.

3.This Regulation does not apply to:

(a)third–country nationals who are members of the family of a Union citizen to whom Directive 2004/38/EC applies and who hold a residence card pursuant to that Directive, whether or not they accompany or join that Union citizen;

(b)third-country nationals who are members of the family of a national of a third country, whether or not they accompany or join that national of a third country, where:

(c)holders of residence permits referred to in point 16 of Article 2 of Regulation (EU) 2016/399 other than those covered by points (a) and (b) of this paragraph;

(d)third-country nationals exercising their right to mobility in accordance with Directive 2014/66/EU of the European Parliament and of the Council(3) or Directive (EU) 2016/801 of the European Parliament and of the Council(4);

(e)holders of long-stay visas;

(f)nationals of Andorra, Monaco and San Marino and [X1holders of a passport issued by the Vatican City State or the Holy See;]

(g)persons or categories of persons exempt from border checks or benefiting from specific rules in relation to border checks as referred to in point (g) of Article 6a(3) of Regulation (EU) 2016/399;

(h)persons or categories of persons referred to in points (h), (i), (j) and (k) of Article 6a(3) of Regulation (EU) 2016/399.

4.The provisions of this Regulation regarding the calculation of the duration of the authorised stay and the generation of alerts to Member States when the authorised stay has expired do not apply to third-country nationals who:

(a)are members of the family of a Union citizen to whom Directive 2004/38/EC applies or of a national of a third country enjoying the right of free movement equivalent to that of Union citizens under an agreement between the Union and its Member States, on the one hand, and a third country, on the other; and

(b)do not hold a residence card pursuant to Directive 2004/38/EC or a residence permit pursuant to Regulation (EC) No 1030/2002.

Article 3U.K.Definitions

1.For the purposes of this Regulation, the following definitions apply:

2.The terms defined in Article 4 of Regulation (EU) 2016/679 shall have the same meaning in this Regulation in so far as personal data are processed by the authorities of Member States for the purposes laid down in Article 6(1) of this Regulation.

3.The terms defined in Article 3 of Directive (EU) 2016/680 shall have the same meaning in this Regulation in so far as personal data are processed by the authorities of the Member States for the purposes laid down in Article 6(2) of this Regulation.

Article 4U.K.Borders at which the EES is operated and use of the EES at those borders

1.The EES shall be operated at the external borders.

2.The Member States which apply the Schengen acquis in full shall introduce the EES at their internal borders with Member States which do not yet apply the Schengen acquis in full but operate the EES.

3.The Member States which apply the Schengen acquis in full and the Member States which do not yet apply the Schengen acquis in full but operate the EES shall introduce the EES at their internal borders with the Member States which do not yet apply the Schengen acquis in full and do not operate the EES.

4.Member States which do not yet apply the Schengen acquis in full but operate the EES shall introduce the EES at their internal borders as defined under points (b) and (c) of Article 2(1) of Regulation (EU) 2016/399.

5.By way of derogation from the third and fourth subparagraphs of Article 23(2) and from Article 27, a Member State which does not yet apply the Schengen acquis in full but operates the EES shall introduce the EES without biometric functionalities at its internal land borders with a Member State which does not yet apply the Schengen acquis in full but operates the EES. Where, at those internal borders, a third-country national has not yet been registered in the EES, that third-country national’s individual file shall be created without recording biometric data. Biometric data shall be added at the next border crossing point where the EES is operated with biometric functionalities.

Article 5U.K.Set-up of the EES

eu-LISA shall develop the EES and ensure its operational management, including the functionalities for processing biometric data as referred to in point (d) of Article 16(1) and points (b) and (c) of Article 17(1), as well as the adequate security of the EES.

Article 6U.K.Objectives of the EES

1.By recording and storing data in the EES and by providing Member States with access to such data, the objectives of the EES shall be to:

(a)enhance the efficiency of border checks by calculating and monitoring the duration of the authorised stay on the entry and exit of third-country nationals admitted for a short stay;

(b)assist in the identification of third-country nationals who do not or no longer fulfil the conditions for entry to, or for short stay on, the territory of the Member States;

(c)allow the identification and detection of overstayers and enable the competent national authorities of the Member States to take appropriate measures;

(d)allow refusals of entry in the EES to be checked electronically;

(e)enable automation of border checks on third-country nationals;

(f)enable visa authorities to have access to information on the lawful use of previous visas;

(g)inform third-country nationals of the duration of their authorised stay;

(h)gather statistics on the entries and exits, refusals of entry and overstays of third-country nationals in order to improve the assessment of the risk of overstays and support evidence-based Union migration policy making;

(i)combat identity fraud and the misuse of travel documents[F2;]

[F1(j) ensure the correct identification of persons.]

2.By granting access to designated authorities in accordance with the conditions set out in this Regulation, the objectives of the EES shall be to:

(a)contribute to the prevention, detection and investigation of terrorist offences or of other serious criminal offences;

(b)enable the generation of information for investigations related to terrorist offences or other serious criminal offences, including the identification of perpetrators, suspects and victims of those offences who have crossed the external borders.

3.The EES shall, where relevant, support Member States in operating their national facilitation programmes established in accordance with Article 8d of Regulation (EU) 2016/399, in order to facilitate border crossing for third-country nationals, by:

(a)enabling the national competent authorities referred to in Article 8d of Regulation (EU) 2016/399 to have access to information on previous short stays or refusals of entry for the purposes of the examination of applications for access to national facilitation programmes and the adoption of decisions referred to in Article 25 of this Regulation;

(b)notifying the border authorities that access is granted to a national facilitation programme.

Article 7U.K.Technical architecture of the EES

1.The EES shall be composed of:

(a)a Central System (EES Central System);

[F1(aa) the CIR central infrastructure as referred to in point (a) of Article 17(2) of Regulation (EU) 2019/817;]

(b)a National Uniform Interface (NUI) in each Member State based on common technical specifications and identical for all Member States, enabling the connection of the EES Central System to the national border infrastructures in Member States in a secure manner;

(c)a Secure Communication Channel between the EES Central System and the VIS Central System;

(d)a Communication Infrastructure, which shall be secure and encrypted, between the EES Central System and the NUIs;

(e)the web service referred to in Article 13;

[F2(f) a secure communication infrastructure between the EES Central System and the central infrastructures of the ESP and the CIR.]

[F11a. The CIR shall contain the data referred to in points (a) to (d) of Article 16(1), points (a), (b) and (c) of Article 17(1) and Article 18(1) and (2). The remaining EES data shall be stored in the EES Central System.]

2.The EES Central System shall be hosted by eu-LISA in its technical sites. It shall provide the functionalities laid down in this Regulation in accordance with the conditions of availability, quality and speed pursuant to Article 37(3).

3.Without prejudice to Commission Decision 2008/602/EC(8), certain hardware and software components of the Communication Infrastructure of the EES shall be shared with the communication infrastructure of the VIS referred to in Article 1(2) of Decision 2004/512/EC. Logical separation of VIS data and EES data shall be ensured.

Article 8U.K.Interoperability with the VIS

1.eu-LISA shall establish a Secure Communication Channel between the EES Central System and the VIS Central System to enable interoperability between the EES and the VIS. Direct consultation between the EES and the VIS shall only be possible where provided for by both this Regulation and Regulation (EC) No 767/2008. The retrieval of visa-related data from the VIS, their importation into the EES and the updating of data from the VIS in the EES shall be an automated process once the operation in question is launched by the authority concerned.

2.Interoperability shall enable the border authorities using the EES to consult the VIS from the EES in order to:

(a)retrieve the visa-related data directly from the VIS and import them into the EES in order to create or update the entry/exit record or the refusal of entry record of a visa holder in the EES in accordance with Articles 14, 16 and 18 of this Regulation and Article 18a of Regulation (EC) No 767/2008;

(b)retrieve the visa-related data directly from the VIS and import them into the EES in order to update the entry/exit record in the event that a visa is annulled, revoked or extended in accordance with Article 19 of this Regulation and Articles 13, 14 and 18a of Regulation (EC) No 767/2008;

(c)verify, pursuant to Article 23 of this Regulation and Article 18(2) of Regulation (EC) No 767/2008, the authenticity and validity of the relevant visa or whether the conditions for entry to the territory of the Member States in accordance with Article 6 of Regulation (EU) 2016/399 are fulfilled;

(d)verify at the borders at which the EES is operated whether a visa-exempt third-country national has been previously registered in the VIS in accordance with Article 23 of this Regulation and Article 19a of Regulation (EC) No 767/2008; and

(e)where the identity of a visa holder is verified using fingerprints, verify at the borders at which the EES is operated the identity of a visa holder by comparing the fingerprints of the visa holder with the fingerprints recorded in the VIS in accordance with Article 23 of this Regulation and Article 18(6) of Regulation (EC) No 767/2008.

3.Interoperability shall enable the visa authorities using the VIS to consult the EES from the VIS in order to:

(a)examine visa applications and adopt decisions relating to those applications in accordance with Article 24 of this Regulation and Article 15(4) of Regulation (EC) No 767/2008;

(b)examine, for the Member States which do not yet apply the Schengen acquis in full but operate the EES, applications for national short-stay visas and adopt decisions relating to those applications;

(c)update the visa-related data in the entry/exit record in the event that a visa is annulled, revoked or extended in accordance with Article 19 of this Regulation and Articles 13 and 14 of Regulation (EC) No 767/2008.

4.For the operation of the EES web service referred to in Article 13, the separate read-only database referred to in Article 13(5) shall be updated on a daily basis by the VIS via a one-way extraction of the minimum necessary subset of VIS data.

Article 9U.K.Access to the EES for entering, amending, erasing and consulting data

1.Access to the EES for entering, amending, erasing and consulting the data referred to in Article 14 and Articles 16 to 20 shall be reserved exclusively for the duly authorised staff of the national authorities of each Member State which are competent for the purposes laid down in Articles 23 to 35. That access shall be limited to the extent necessary for the performance of the tasks of those national authorities in accordance with those purposes and shall be proportionate to the objectives pursued.

2.Each Member State shall designate the competent national authorities which shall be border authorities, visa authorities and immigration authorities for the purposes of this Regulation. The duly authorised staff of the competent national authorities shall have access to the EES to enter, amend, erase or consult data. Each Member State shall communicate a list of those competent national authorities to eu-LISA without delay. That list shall specify for which purpose each authority is to have access to the data stored in the EES.

3.The authorities entitled to consult or access the EES data in order to prevent, detect and investigate terrorist offences or other serious criminal offences shall be designated in accordance with Chapter IV.

[F14. Access to the EES data stored in the CIR shall be reserved exclusively for the duly authorised staff of the national authorities of each Member State and for the duly authorised staff of the Union agencies that are competent for the purposes laid down in Article 20 and Article 21 of Regulation (EU) 2019/817. Such access shall be limited according to the extent that the data are required for the performance of their tasks for those purposes, and proportionate to the objectives pursued.]

Article 10U.K.General principles

1.Each competent authority authorised to access the EES shall ensure that the use of the EES is necessary, appropriate and proportionate.

2.Each competent authority shall ensure that the use of the EES, including the capturing of biometric data, is in accordance with the safeguards laid down in the Convention for the Protection of Human Rights and Fundamental Freedoms, in the Charter of Fundamental Rights of the European Union and in the United Nations Convention on the Rights of the Child. In particular, when capturing a child’s data, the best interests of the child shall be a primary consideration.

Article 11U.K.Automated calculator and obligation to inform third-country nationals on the remaining authorised stay

1.The EES shall include an automated calculator that indicates the maximum duration of authorised stay for third-country nationals registered in the EES.

The automated calculator shall not apply to third-country nationals:

(a)who are members of the family of a Union citizen to whom Directive 2004/38/EC applies or of a national of a third country enjoying the right of free movement equivalent to that of Union citizens under an agreement between the Union and its Member States, on the one hand, and a third country, on the other; and

(b)who do not hold a residence card pursuant to Directive 2004/38/EC or a residence permit pursuant to Regulation (EC) No 1030/2002.

2.The automated calculator shall inform the competent authorities:

(a)on entry, of the maximum duration of authorised stay of third-country nationals and whether the number of authorised entries of a short-stay visa issued for one or two entries has been exhausted;

(b)during checks or verifications carried out within the territory of the Member States, of the remaining authorised stay or duration of overstay of the third-country nationals;

(c)on exit, of any overstay of third-country nationals;

(d)when examining and deciding on short-stay visa applications, of the maximum remaining duration of authorised stay based on intended entry dates.

3.The border authorities shall inform the third-country national of the maximum duration of authorised stay, which shall take into account the number of entries and the length of stay authorised by the visa in accordance with Article 8(9) of Regulation (EU) 2016/399. That information shall be provided either by the border guard at the moment of the border checks or by means of equipment installed at the border crossing point enabling the third-country national to consult the web service as referred to in Article 13(1) and (2) of this Regulation.

4.For third-country nationals subject to a visa requirement staying on the basis of a short-stay visa or a national short-stay visa in a Member State which does not yet apply the Schengen acquis in full but operates the EES, the automated calculator shall not indicate the authorised stay based on the short-stay visa or the national short-stay visa.

In the case referred to in the first subparagraph, the automated calculator shall only verify:

(a)compliance with the overall limit of 90 days in any 180-day period; and

(b)for short-stay visas, compliance with the period of validity of such visas.

5.For the purpose of verifying whether third-country nationals holding a short-stay visa issued for one or two entries have already used the number of entries authorised by their short-stay visa, the automated calculator shall only take into account entries into the territory of Member States which apply the Schengen acquis in full. That verification shall not be carried out, however, at the entry into the territory of Member States which do not yet apply the Schengen acquis in full but operate the EES.

6.The automated calculator shall also apply to short stays based on a short-stay visa with limited territorial validity issued pursuant to point (b) of Article 25(1) of Regulation (EC) No 810/2009. In that case, the automated calculator shall take into account the authorised stay as defined by such a visa, irrespective of whether the cumulative stay of the third-country national concerned exceeds 90 days in any 180-day period.

Article 12U.K.Information mechanism

1.The EES shall include a mechanism that shall automatically identify which entry/exit records do not have exit data immediately following the date of expiry of an authorised stay and automatically identify records for which the maximum duration of authorised stay was exceeded.

2.For third-country nationals who cross a border on the basis of a valid Facilitated Transit Document issued in accordance with Council Regulation (EC) No 693/2003(9) (FTD), the EES shall include a mechanism which shall automatically identify which entry/exit records do not have exit data immediately following the time of expiry of authorised stay and automatically identify records [X1for which the maximum duration of authorised stay was exceeded.]

3.A list generated by the EES containing the data referred to in Articles 16 and 17 of all persons identified as overstayers shall be available to the competent national authorities designated in accordance with Article 9(2) in order to enable those authorities to adopt appropriate measures.

Article 13U.K.Web service

1.In order to enable third-country nationals to verify at any moment the remaining authorised stay, a secure internet access to a web service hosted by eu-LISA in its technical sites shall allow third-country nationals to provide the data required pursuant to point (b) of Article 16(1) together with their intended date of entry or exit, or both. On that basis, the web service shall provide third-country nationals with an OK/NOT OK answer, as well as the information on the remaining authorised stay.

2.By way of derogation from paragraph 1, for an intended stay in a Member State which does not yet apply the Schengen acquis in full but operates the EES, the web service shall not provide any information on the authorised stay based on a short-stay visa or a national short-stay visa.

In the case referred to in the first subparagraph, the web service shall enable third-country nationals to verify the compliance with the overall limit of 90 days in any 180-day period and to receive information on the remaining authorised stay under that limit. This information shall be provided for stays in the 180-day period preceding the consultation of the web service or their intended date of entry or exit, or both.

3.In order to fulfil their obligation under point (b) of Article 26(1) of the Convention implementing the Schengen Agreement, carriers shall use the web service to verify whether third-country nationals holding a short-stay visa issued for one or two entries have already used the number of entries authorised by their visa. Carriers shall provide the data listed under points (a), (b) and (c) of Article 16(1) of this Regulation. On that basis, the web service shall provide carriers with an OK/NOT OK answer. Carriers may store the information sent and the answer received in accordance with the applicable law. Carriers shall establish an authentication scheme to ensure that only authorised staff may access the web service. It shall not be possible to regard the OK/NOT OK answer as a decision to authorise or refuse entry in accordance with Regulation (EU) 2016/399.

4.For the purpose of implementing Article 26(2) of the Convention implementing the Schengen Agreement or for the purpose of resolving any potential dispute arising from Article 26 of the Convention implementing the Schengen Agreement, eu-LISA shall keep logs of all data processing operations carried out within the web service by carriers. Those logs shall show the date and time of each operation, the data used for interrogation, the data transmitted by the web service and the name of the carrier in question.

Logs shall be stored for a period of two years. Logs shall be protected by appropriate measures against unauthorised access.

5.The web service shall make use of a separate read-only database updated on a daily basis via a one-way extraction of the minimum necessary subset of EES and VIS data. eu-LISA shall be responsible for the security of the web service, for the security of the personal data it contains and for the process of extracting the personal data into the separate read-only database.

6.The web service shall not enable carriers to verify whether third-country nationals holding a national short-stay visa issued for one or two entries have already used the number of entries authorised by that visa.

7.The Commission shall adopt implementing acts concerning the detailed rules on the conditions for the operation of the web service and the data protection and security rules applicable to the web service. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 68(2).