http://www.legislation.gov.uk/id/eur/2018/1240

CHAPTER VTHE ETIAS SCREENING RULES AND THE ETIAS WATCHLIST

Article 33The ETIAS screening rules

1.

The ETIAS screening rules shall be an algorithm enabling profiling as defined in point 4 of Article 4 of Regulation (EU) 2016/679 through the comparison in accordance with Article 20 of this Regulation of the data recorded in an application file of the ETIAS Central System with specific risk indicators established by the ETIAS Central Unit under paragraph 4 of this Article pointing to security, illegal immigration or high epidemic risks. The ETIAS Central Unit shall register the ETIAS screening rules in the ETIAS Central System.

2.

The Commission shall adopt a delegated act in accordance with Article 89 to further define the risks related to security or illegal immigration or a high epidemic risk on the basis of:

(a)

statistics generated by the EES indicating abnormal rates of overstaying and refusals of entry for a specific group of travellers;

(b)

statistics generated by ETIAS in accordance with Article 84 indicating abnormal rates of refusals of travel authorisations due to a security, illegal immigration or high epidemic risk associated with a specific group of travellers;

(c)

statistics generated by ETIAS in accordance with Article 84 and the EES indicating correlations between information collected through the application form and overstaying by travellers or refusals of entry;

(d)

information substantiated by factual and evidence-based elements provided by Member States concerning specific security risk indicators or threats identified by that Member State;

(e)

information substantiated by factual and evidence-based elements provided by Member States concerning abnormal rates of overstaying and refusals of entry for a specific group of travellers for that Member State;

(f)

information concerning specific high epidemic risks provided by Member States as well as epidemiological surveillance information and risk assessments provided by the ECDC and disease outbreaks reported by the WHO.

3.

The Commission shall, by means of an implementing act, specify the risks, as defined in this Regulation and in the delegated act referred to in paragraph 2 of this Article, on which the specific risks indicators referred to in paragraph 4 of this Article shall be based. That implementing act shall be adopted in accordance with the examination procedure referred to in Article 90(2).

The specific risks shall be reviewed at least every six months and, where necessary, a new implementing act shall be adopted by the Commission in accordance with the examination procedure referred to in Article 90(2).

4.

Based on the specific risks determined in accordance with paragraph 3, the ETIAS Central Unit shall establish a set of specific risk indicators consisting of a combination of data including one or several of the following:

(a)

age range, sex, nationality;

(b)

country and city of residence;

(c)

level of education (primary, secondary, higher or none);

(d)

current occupation (job group).

5.

The specific risk indicators shall be targeted and proportionate. They shall in no circumstances be based solely on a person’s sex or age. They shall in no circumstances be based on information revealing a person’s colour, race, ethnic or social origin, genetic features, language, political or any other opinion, religion or philosophical belief, trade union membership, membership of a national minority, property, birth, disability or sexual orientation.

6.

The specific risk indicators shall be defined, established, assessed ex ante, implemented, evaluated ex post, revised and deleted by the ETIAS Central Unit after consultation of the ETIAS Screening Board.

Article 34The ETIAS watchlist

1.

The ETIAS watchlist shall consist of data related to persons who are suspected of having committed or taken part in a terrorist offence or other serious criminal offence or persons regarding whom there are factual indications or reasonable grounds, based on an overall assessment of the person, to believe that they will commit a terrorist offence or other serious criminal offence. The ETIAS watchlist shall form part of the ETIAS Central System.

2.

The ETIAS watchlist shall be established on the basis of information related to terrorist offences or other serious criminal offences.

3.

The information referred to in paragraph 2 shall be entered into the ETIAS watchlist by Europol without prejudice to Regulation (EU) 2016/794 or by Member States. Each of Europol or the Member State concerned shall be responsible for all the data they enter. The ETIAS watchlist shall indicate, for each item of data, the date and time of entry by Europol or by the Member State that entered it.

4.

On the basis of the information referred to in paragraph 2, the ETIAS watchlist shall be composed of data consisting of one or more of the following items:

(a)

surname;

(b)

surname at birth;

(c)

date of birth;

(d)

other names (alias(es), artistic name(s), usual name(s));

(e)

travel document(s) (type, number and country of issuance of the travel document(s));

(f)

home address;

(g)

email address:

(h)

phone number;

(i)

the name, email address, mailing address, phone number of a firm or organisation;

(j)

IP address.

If available, the following items of data shall be added to the related items constituted of at least one of the items of data listed above: first name(s), place of birth, country of birth, sex and nationality.

Article 35Responsibilities and tasks regarding the ETIAS watchlist

1.

Before Europol or a Member State enters data into the ETIAS watchlist, it shall:

(a)

determine whether the information is adequate, accurate and important enough to be included in the ETIAS watchlist;

(b)

assess the potential impact of the data on the proportion of applications manually processed;

(c)

verify whether the data correspond to an alert entered in SIS.

2.

eu-LISA shall create a specific tool for the purpose of assessment under point (b) of paragraph 1.

3.

Where verification under point (c) of paragraph 1 reveals that the data correspond to an alert entered in SIS, it shall not be entered into the ETIAS watchlist. Where the conditions for using the data to enter an alert in SIS are fulfilled, priority shall be given to entering an alert in SIS.

4.

Member States and Europol shall be responsible for the accuracy of the data referred to in Article 34(2) that they enter into the ETIAS watchlist and for keeping them up to date.

5.

Europol shall review and verify the continued accuracy of the data it has entered into the ETIAS watchlist regularly, and at least once a year. Member States shall likewise review and verify the continued accuracy of the data they have entered into the ETIAS watchlist regularly and at least once a year. Europol and Member States shall develop and implement a joint procedure to ensure fulfilment of their responsibilities under this paragraph.

6.

Following a review, Member States and Europol shall withdraw data from the ETIAS watchlist if it is proven that the reasons for which they were entered no longer hold, or that the data are obsolete or not up to date.

7.

The ETIAS watchlist and the assessment tool referred to in paragraphs 1 and 2 of this Article shall be developed technically and hosted by eu-LISA. The Commission shall, by means of implementing acts, establish the technical specifications of the ETIAS watchlist and of that assessment tool. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 90(2).