Ga verder naar contentGa verder naar content en skip ook inhoudsopgave
NDFR
Home

Regulation (EU) 2019/816 of the European Parliament and of the Council of 17 April 2019 establishing a centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN) to supplement the European Criminal Records Information System and amending Regulation (EU) 2018/1726

Regulation (EU) 2019/816 of the European Parliament and of the Council of 17 April 2019 establishing a centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN) to supplement the European Criminal Records Information System and amending Regulation (EU) 2018/1726

CHAPTER I General provisions

Article 1 Subject matter

This Regulation establishes:

  1. a system to identify the Member States holding information on previous convictions of third-country nationals (‘ECRIS-TCN’);

  2. the conditions under which ECRIS-TCN shall be used by the central authorities in order to obtain information on such previous convictions through the European Criminal Records Information System (ECRIS) established by Decision 2009/316/JHA, as well as the conditions under which Eurojust, Europol and the EPPO shall use ECRIS-TCN;

  3. the conditions under which ECRIS-TCN contributes to facilitating and assisting in the correct identification of persons registered in ECRIS-TCN under the conditions and for the purposes of Article 20 of Regulation (EU) 2019/818 of the European Parliament and of the Council(1), by storing identity data, travel document data and biometric data in the CIR;

  4. the conditions under which data in ECRIS-TCN may be used by the VIS designated authorities as referred to in Article 9d and Article 22b(13) of Regulation (EC) No 767/2008 of the European Parliament and of the Council(2) for the purpose of assessing whether an applicant for a visa, a long-stay visa or a residence permit could pose a threat to public policy or internal security as referred to in point (i) of Article 2(1) and point (a) of Article 2(2) of that Regulation;

  5. the conditions under which data in ECRIS-TCN may be used by the ETIAS Central Unit, established within the European Border and Coast Guard Agency in accordance with Article 7 of Regulation (EU) 2018/1240 of the European Parliament and of the Council(3), for the purpose of supporting the ETIAS objective of contributing to a high level of security by providing for a thorough security risk assessment of applicants, prior to their arrival at external border crossing points, in order to determine whether there are factual indications or reasonable grounds based on factual indications to conclude that the presence of the person on the territory of the Member States poses a security risk;

  6. the conditions under which data in ECRIS-TCN may be used by the screening authorities as defined in Article 2, point (10), of Regulation (EU) 2024/1356 of the European Parliament and of the Council(4) for the purpose of performing a security check in order to assess whether a third-country national might pose a threat to internal security as referred to in Article 15 of that Regulation (EU).

Article 2 Scope

This Regulation applies to the processing of identity information of third-country nationals who have been subject to convictions in the Member States, for the purpose of identifying the Member States where such convictions were handed down. With the exception of point (b)(ii) of Article 5(1), the provisions of this Regulation that apply to third-country nationals also apply to citizens of the Union who also hold a nationality of a third country and who have been subject to convictions in the Member States.

This Regulation:

  1. supports the VIS objective of assessing whether the applicant for a visa, a long-stay visa or a residence permit could pose a threat to public policy or internal security, in accordance with Regulation (EC) No 767/2008;

  2. supports the ETIAS objective of contributing to a high level of security, in accordance with Regulation (EU) 2018/1240;

  3. facilitates and assists in the correct identification of persons in accordance with this Regulation and with Regulation (EU) 2019/818;

  4. enables access to ECRIS-TCN for the purpose of supporting the performance of a security check established by Regulation (EU) 2024/1356.

Article 3 Definitions

For the purposes of this Regulation, the following definitions apply:

  1. ‘conviction’ means any final decision of a criminal court against a natural person in respect of a criminal offence, to the extent that the decision is entered in the criminal records of the convicting Member State;

  2. ‘criminal proceedings’ means the pre-trial stage, the trial stage and the execution of the conviction;

  3. ‘criminal record’ means the national register or registers recording convictions in accordance with national law;

  4. ‘convicting Member State’ means the Member State in which a conviction is handed down;

  5. ‘central authority’ means an authority designated in accordance with Article 3(1) of Framework Decision 2009/315/JHA;

  6. ‘competent authorities’ means the central authorities, Eurojust, Europol, the EPPO, the VIS designated authorities as referred to in Article 9d and Article 22b(13) of Regulation (EC) No 767/2008, the ETIAS Central Unit and the screening authorities as defined in Article 2, point (10), of Regulation (EU) 2024/1356, which are competent to access or query ECRIS-TCN in accordance with this Regulation;

  7. ‘third-country national’ means a person who is not a citizen of the Union within the meaning of Article 20(1) TFEU, or who is a stateless person or a person whose nationality is unknown;

  8. ‘interface software’ means the software hosted by the competent authorities allowing them to access the central system through the communication infrastructure referred to in point (d) of Article 4(1);

  9. ‘identity information’ means alphanumeric data, fingerprint data and facial images that are used to establish a connection between these data and a natural person;

  10. ‘alphanumeric data’ means data represented by letters, digits, special characters, spaces and punctuation marks;

  11. ‘fingerprint data’ means the data relating to plain and rolled impressions of the fingerprints of each of a person's fingers;

  12. ‘facial image’ means a digital image of a person's face;

  13. ‘hit’ means a match or matches established by comparison between identity information recorded in the central system and the identity information used for a search;

  14. ‘national central access point’ means the national connection point to the communication infrastructure referred to in point (d) of Article 4(1);

  15. ‘ECRIS reference implementation’ means the software developed by the Commission and made available to the Member States for the exchange of criminal records information through ECRIS;

  16. ‘national supervisory authority’ means an independent public authority which is established by a Member State pursuant to applicable Union data protection rules;

  17. ‘supervisory authorities’ means the European Data Protection Supervisor and the national supervisory authorities;

  18. ‘CIR’ means the common identity repository established by Article 17(1) of Regulation (EU) 2019/818;

  19. ‘ECRIS-TCN data’ means all data stored in the central system and in the CIR in accordance with Article 5;

  20. ‘ESP’ means the European search portal established by Article 6(1) of Regulation (EU) 2019/818.

Article 4 Technical architecture of ECRIS-TCN

1.

ECRIS-TCN shall be composed of:

  1. a central system;

  2. the CIR;

  3. a national central access point in each Member State;

  4. interface software enabling the connection of the competent authorities to the central system via the national central access points and the communication infrastructure referred to in point (d);

  5. a communication infrastructure between the central system and the national central access points;

  6. a communication infrastructure between the central system and the central infrastructures of the ESP and the CIR.

2.

The central system shall be hosted by eu-LISA at its technical sites.

3.

The interface software shall be integrated with the ECRIS reference implementation. The Member States shall use the ECRIS reference implementation or, in the situation and under the conditions set out in paragraphs 4 to 8, the national ECRIS implementation software to query ECRIS-TCN and to send subsequent requests for criminal records information.

4.

The Member States which use their national ECRIS implementation software shall be responsible for ensuring that their national ECRIS implementation software allows their national criminal records authorities to use ECRIS-TCN, with the exception of the Interface Software, in accordance with this Regulation. For that purpose, they shall, before the date of start of operations of ECRIS-TCN in accordance with Article 35(4), ensure that their national ECRIS implementation software functions in accordance with the protocols and technical specifications established in the implementing acts referred to in Article 10, and with any further technical requirements established by eu-LISA pursuant to this Regulation based on those implementing acts.

5.

For as long as they do not use the ECRIS reference implementation, Member States which use their national ECRIS implementation software shall also ensure the implementation of any subsequent technical adaptations to their national ECRIS implementation software required by any changes to the technical specifications established in the implementing acts referred to in Article 10, or changes to any further technical requirements established by eu-LISA pursuant to this Regulation based on those implementing acts, without undue delay.

6.

The Member States which use their national ECRIS implementation software shall bear all the costs associated with the implementation, maintenance and further development of their national ECRIS implementation software and its interconnection with ECRIS-TCN, with the exception of the interface software.

7.

If a Member State which uses its national ECRIS implementation software is unable to comply with its obligations under this Article, it shall be obliged to use the ECRIS reference implementation, including the integrated interface software, to make use of ECRIS-TCN.

8.

In view of the assessment to be carried out by the Commission pursuant to point (b) of Article 36(10), the Member States concerned shall provide the Commission with all necessary information.

CHAPTER II Entry and use of data by central authorities

Article 5 Data entry in ECRIS-TCN

Article 6 Facial images

Article 7 Use of ECRIS-TCN for identifying the Member States holding criminal records information

Article 7a Use of ECRIS-TCN for VIS verifications

Article 7b Use of ECRIS-TCN for ETIAS verifications

Article 7c Use of ECRIS-TCN for the purposes of the screening

CHAPTER III Retention and modification of the data

Article 8 Retention period for data storage

Article 9 Modification and erasure of data

CHAPTER IV Development, operation and responsibilities

Article 10 Adoption of implementing acts by the Commission

Article 11 Development and operational management of ECRIS — TCN

Article 12 Responsibilities of the Member States

Article 13 Responsibility for the use of data

Article 14 Access for Eurojust, Europol, and the EPPO

Article 15 Access by authorised staff of Eurojust, Europol and the EPPO

Article 16 Responsibilities of Eurojust, Europol and the EPPO

Article 17 Contact point for third countries and international organisations

Article 18 Providing information to a third country, international organisation or private party

Article 19 Data Security

Article 20 Liability

Article 21 Self-monitoring

Article 22 Penalties

CHAPTER V Data protection rights and supervision

Article 23 Data controller and data processor

Article 24 Purpose of the processing of personal data

Article 25 Right of access, rectification, erasure and restriction of processing

Article 26 Cooperation to ensure respect for data protection rights

Article 27 Remedies

Article 28 Supervision by the national supervisory authorities

Article 29 Supervision by the European Data Protection Supervisor

Article 30 Cooperation among national supervisory authorities and the European Data Protection Supervisor

Article 31 Keeping of logs

Article 31a Keeping of logs for the purposes of interoperability with VIS

Article 31b Keeping of logs for the purposes of interoperability with ETIAS

CHAPTER VI Final provisions

Article 32 Use of data for reporting and statistics

Article 33 Costs

Article 34 Notifications

Article 35 Entry of data and start of operations

Article 36 Monitoring and evaluation

Article 37 Exercise of the delegation

Article 38 Committee procedure

Article 39 Advisory Group

Article 40 Amendments to Regulation (EU) 2018/1726

Article 41 Implementation and transitional provisions

Article 42 Entry into force

ANNEX

ANNEX IICorrespondence table