52004PC0835

Brussels, 28.12.2004

COM(2004) 835 final

2004/0287 (COD)

Proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

concerning the Visa Information System (VIS) and the exchange of data between Member States on short stay-visas SEC(2004)1628

(presented by the Commission)

EXPLANATORY MEMORANDUM

1. GENERAL OBJECTIVE

When progressively establishing an area of freedom, security and justice, the European Union shall ensure the free movement of persons and a high level of security. In this context, top priority has been given to the development and establishment of the Visa Information System (VIS) as a system for the exchange of visa data between Member States, which represents one of the key initiatives within the EU policies aimed at supporting stability and security.

Building upon the Conclusions of the European Council of Laeken, Seville and Thessalonica, the JHA Council adopted on 19 February 2004 conclusions on the development of the Visa Information System[1]. Reaffirmed by the European Council of Brussels on 25-56 March 2004[2], these Council conclusions give orientation for the development of the VIS to be taken “into account when preparing the technical implementation of the VIS and the proposal for the legal instrument concerning the establishment of the VIS, while fully respecting the Communities’ legislation on the protection of personal data”[3].

Prior to this proposal, the Council adopted on 8 June 2004 Council Decision 2004/512/EC establishing the Visa Information System (VIS)[4], which constitutes the required legal basis to allow for the inclusion in the budget of the European Communities of the necessary appropriations for the development of VIS and the execution of that part of the budget, defines the architecture of the VIS and gives the Commission the mandate to develop the VIS at technical level, assisted by the SIS II committee[5], whereas the national systems shall be adapted and/or developed by the Member States.

The further development and establishment of the VIS requires the elaboration of a comprehensive legal framework. The objective of the present proposal for a Regulation of the European Parliament and the Council is to define the purpose, the functionalities and responsibilities for the VIS, to give to the Commission the mandate to set up and maintain the VIS and to establish the procedures and conditions for the exchange of data between Member States on short-stay visa applications to facilitate the examination of such applications and the related decisions.

The VIS shall improve the administration of the common visa policy, the consular cooperation and the consultation between central consular authorities in order to prevent threats to internal security and ‘visa shopping’, to facilitate the fight against fraud and checks at external border checkpoints and within the territory of the Member States, to assist in the identification and return of illegal immigrants and to facilitate the application of the “Dublin II Regulation” (EC) No 343/2003[6]. The improvement of the assessment of visa applications including the consultation between central authorities, and the verification and identification of applicants at consulates and at checkpoints contributes to the internal security of the Member States and towards combating terrorism[7], which constitutes a horizontal objective and basic criterion for the common visa policy, as well as the fight against illegal immigration[8]. Simultaneously, the VIS will benefit bona fide travellers by improving the procedures for issuing visas and for checks.

The scope of this Regulation is related to the exchange of data on Schengen short- stay visas as the primary purpose of the VIS, including the national long-stay visas which are concurrently valid as short-stay visas. The exchange of data on other national long-stay visa of the Schengen States, which is also included in the Council conclusions of 19 February 2004[9], requires a separate legal instrument: Other than for the short-term visas there exists no common aquis on procedures on the issue of long-term visas by Member States and for the relevant Article 63 point (3)(a) of the Treaty, the co-decision procedure does not apply, as long as there is no decision according to Article 67(2) of the Treaty.

This Regulation shall constitute the core instrument for the legal framework for the VIS. However, to complement this legal framework, further legal instruments will be needed in particular for:

a) amending the Common Consular Instructions (CCI)[10], concerning standards and procedures for taking the biometric data, including the obligation and specifying the exceptions to the recording of biometrics;

b) the development of a mechanism for the exchange of data with Ireland and the United Kingdom for the purposes to facilitate the application of the Dublin II Regulation (EC) No 343/2003[11] and to assist in the identification and administrative procedures for returning of illegal immigrants, as far as Ireland and the UK participate in immigration and return policy;

c) the exchange of data on long stay-visas which are not concurrently valid as short-stay visas by the VIS; this would need further political orientation in view of the absence of a common aquis for such visas.

2. IMPACTS OF THE VISA INFORMATION SYSTEM (VIS)

The Extended Impact Assessment[12] annexed to this proposal, highlights the need for the VIS and its impacts in comparison to other policy options, and motivates in particular why the storage and use of biometric data in the VIS is essential to achieve the objectives of the VIS and what should be the appropriate safeguards for data protection and data security. In view of the related sensitive issues for the protection of personal data, inter alia the consultation of the Article 29 Working Party[13] is required.

3. LEGAL BASIS

This Regulation is founded on Article 62 point (2)(b)(ii) and Article 66 of the EC Treaty. Article 66 provides the appropriate legal basis for setting-up and maintaining the VIS and for procedures for the exchange of visa data between Member States, ensuring cooperation between the relevant authorities of the Member States’ as well as between those authorities and the Commission in the areas covered by Title IV of the Treaty. These areas include the implementation of the common visa policy, but also checks on external borders and measures on asylum and illegal immigration.

However, quite apart from the mechanisms and procedures for the introduction, exchange and consultation of visa data in the VIS, the Regulation implies procedures which are necessary conditions for the examination and issuance of short-stay visas by the Member States on the basis of the Schengen acquis for the common visa policy. The introduction of information into the VIS, at the moment of the receipt of visa application and the checking of the VIS for previous applications, being obligatory steps in the examination of such an application, are themselves procedures and conditions for the issuing of visas within the meaning of Article 62(2)(b)(ii).

According to Article 67(4) TEC, measures referred to in Article 62 (2)(b)(ii) TEC shall be adopted in accordance with the co-decision procedure referred to in Article 251. Since Article 66 is now subject to qualified majority and not unanimity as formerly[14], the two legal bases are compatible and can be combined. Therefore the co-decision procedure applies for the adoption of the Regulation as an integral whole.

4. PARTICIPATION IN THE VIS

Since the Regulation covers the exchange of data on short stay visas between Member States "which have abolished checks at their internal borders"[15], it constitutes a development of the Schengen acquis on the common visa policy. The consequences for the participation in the VIS are as follows:

Iceland and Norway:

The procedures laid down in the Association Agreement[16] concluded by the Council and the Republic of Iceland and the Kingdom of Norway concerning the latters' association with the implementation, application and development of the Schengen acquis are applicable, since the present proposal builds on the Schengen acquis as defined in Annex A of this Agreement.

Denmark :

Pursuant to the Protocol on the position of Denmark annexed to the TEU and the TEC, Denmark will not participate in the adoption of the Regulation and is therefore not bound by it or subject to its application. Given the fact that the Regulation is an act which aims to build upon the Schengen acquis in accordance with the provisions of Title IV of the TEC, Article 5 of the above-mentioned Protocol applies.

United Kingdom and Ireland :

According to Articles 4 and 5 of the Protocol integrating the Schengen acquis into the framework of the European Union and Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland[17], and Council Decision 2002/192/EC of 28 February 2002 concerning Ireland's request to take part in some of the provisions of the Schengen acquis [18], the United Kingdom and Ireland are not taking part in the adoption of the Regulation and are not bound by it or subject to its application.

New Member States :

Since the initiative constitutes an act building upon the Schengen acquis or otherwise related to it within the meaning of Article 3(2) of the Act of Accession, the Regulation shall only apply in a new Member State pursuant to a Council decision in conformity with this provision.

Switzerland :

This Regulation constitutes a development of the provisions of the Schengen aquis within the meaning of the Agreement signed by the European Union, the European Community and the Swiss Confederation on the latter’s association with the implementation, application and development of the Schengen acquis[19] which fall within the area referred to in Article 4(1) of the Council decision on the signing, on behalf of the European Community, and on the provisional application of certain provisions of this Agreement[20].

5. SUBSIDIARITY AND PROPORTIONALITY

Article 62 (2)(b)(ii) creates a Community responsibility for the procedures and conditions for issuing short stay visas by Member States. Article 66 creates a Community responsibility for measures to ensure cooperation between Member States’ authorities as well as between them and the Commission. This responsibilities must, however, be exercised in accordance with Article 5 of the Treaty establishing the European Community. The proposal satisfies the criteria of this provision:

The objectives of the Regulation, to set up a common system and common procedures for the exchange of visa data between Member States cannot be sufficiently achieved by the Member States and can therefore, by reason of the scale and impact of the action, be better achieved at Community level.

The activities of the Commission are limited to the setting-up and maintenance of the Central Visa Information System, the National Interfaces and the communication infrastructure between the Central VIS and the National Interfaces, whereas the competence for its National System remains by each Member State. The form of a regulation has been chosen because it is necessary to adopt an act of general application which is binding in its entirety and directly applicable in the Member States.

The present initiative does not go beyond what is necessary to achieve its objective: The data to be entered into the VIS are the data required to examine visa applications and on the decisions taken thereto. The alphanumeric data on the applicant are to be taken from the current application form. To ensure exact verification and identification of visa applicants, it is necessary to process biometric data in the VIS. This allows the verification and identification independent from the existence, presentation and malfunctioning of other storage media like microchips. However, this proposal does not include the storage of scanned documents, although this is foreseen by the Council conclusions[21], since this is not considered to be proportional in view of the need for such further documents only in specific cases; in such cases the copies of documents can be transmitted on request by the Member State that has issued the visa[22].

The consultation of the data is exclusively reserved to duly authorised staff of the competent authorities of each Member State, specified for each of the purposes as defined in this Regulation and limited to the extent the data are required for the performance of the tasks in accordance with these purposes.

6. STRUCTURE AND CONTENT OF THE PROPOSAL

This proposal for the second legal instrument for the legal framework for the VIS comprises seven chapters: The first chapter provides the subject matter of the Regulation and the purpose of the VIS, definitions, the categories of data and general rules on the access to the VIS.

The second chapter details the obligations and procedures for entering and the use of data by the visa authorities. It specifies the data, which shall be entered upon registration of the application and those added when a decision has been taken to issue, to refuse, to annul, revoke or extend a visa or to refuse the examination of the application. Furthermore, this chapter provides the obligations for the visa authorities to use the VIS for examining visa applications and procedures for the use of the VIS for consultation between central authorities and the request for documents, thus integrating the technical functionalities of the current VISION network into the VIS. Provision is also made to the use of data by the visa authorities for reporting and statistics.

The third chapter details the conditions and procedures for the use of data by other authorities for the specific purposes of the VIS: for checks on visas, for identification and return of illegal immigrants, for determining the responsibility for asylum applications and for examining asylum applications. The authorities which should have access to consult the VIS are defined by these specific purposes.

The fourth chapter lays down rules for the retention and amendment of the data recorded in the VIS. The fifth chapter provides the responsibilities for the VIS, including for the operational management of the VIS, for the use of data and data security, and rules on liability, records and penalties.

The sixth chapter concerns rights and supervision on data protection. Whereas Directive 95/46/EC and Regulation (EC) No 45/2001 fully apply for this Regulation[23], the provision of this chapter clarify certain points in respect of safeguarding the rights of the data subject and of the roles of the national supervisory authorities and the Independent Supervisory Authority.

The final chapter covers the implementation, the start of transmission and operation, comitology, monitoring and evaluation, the entry into force and the applicability of this Regulation.

A commentary on the individual articles is annexed to this proposal.

2004/0287 (COD)

Proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

concerning the Visa Information System (VIS) and the exchange of data between Member States on short stay-visas

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty establishing the European Community, and in particular Article 62 (2)(b)(ii) and Article 66 thereof,

Having regard to the proposal from the Commission[24],

Acting in accordance with the procedure laid down in Article 251 of the Treaty[25],

Whereas:

(1) Building upon the conclusions of the Council of 20 September 2001, and the conclusions of the European Council in Laeken on 14 and 15 December 2001, in Seville on 21 and 22 June 2002, in Thessaloniki on 19 and 20 June 2003 and in Brussels on 25 and 26 March 2004, the establishment of the Visa Information System (VIS) represents one of the key initiatives within the politics of the European Union aimed at supporting stability and security.

(2) Council Decision 2004/512/EC of 8 June 2004 establishing the Visa Information System (VIS)[26] established the VIS as a system for the exchange of visa data between Member States.

(3) It is now necessary to give the Commission the mandate to set up and maintain the VIS and to define the purpose, the functionalities and responsibilities for the VIS, and to establish the conditions and procedures for the exchange of visa data between Member States to facilitate the examination of visa applications and the related decisions, taking into account the orientations for the development of the VIS adopted by the Council on 19 February 2004.

(4) The Visa Information System should improve the administration of the common visa policy, consular cooperation and consultation between central consular authorities by facilitating the exchange of data between Member States on applications and on the decisions relating thereto, in order to prevent threats to internal security of any of the Member States and ‘visa shopping’ and to facilitate the fight against fraud and checks at external border checkpoints and within the territory of the Member States. The VIS should also facilitate the identification and return of illegal immigrants and the application of Council Regulation (EC) No 343/2003 of 18 February 2003 establishing the criteria and mechanism for determining the Member State responsible for examining an asylum application lodged in one of the Member States by a third country national[27].

(5) The Visa Information System should be connected to the national systems of the Member States to enable competent Member States’ authorities to process data on visa applications and on visas issued, annulled, revoked or extended.

(6) The conditions and procedures for entering, amending, deleting and consulting the data in the VIS should take into account the procedures laid down in the Common Consular Instructions on visas for the diplomatic missions and consular posts (hereinafter referred to as ‘the Common Consular Instructions’)[28].

(7) The technical functionalities of the network for consulting the central national authorities as laid down in Article 17(2) of the Convention implementing the Agreement of 14 June 1985 on the gradual abolition of checks at common borders[29] should be integrated into the VIS.

(8) The data to be processed by the VIS should be determined in view of the data provided by the common form for visa applications as introduced by Council Decision 2002/354/EC of 25 April 2002 on the adaptation of Part III of, and the creation of an Annex 16 to, the Common Consular Instructions[30], and the information on the visa sticker provided for in Council Regulation (EC) No 1683/95 of 29 May 1995 laying down a uniform format for visas[31].

(9) To ensure exact verification and identification of visa applicants, it is necessary to process biometric data in the VIS.

(10) It is necessary to define the competent Member States’ authorities, duly authorised staff of which are to have access to enter, amend, delete or consult data for the specific purposes of the VIS, to the extent necessary for the performance of their tasks.

(11) The personal data stored in the VIS should be kept for no longer than is necessary for the purposes of the VIS. It is appropriate to keep the data for a period of five years, in order to enable data on previous applications to be taken into account for the assessment of visa applications, including the applicants’ good faith and for the documentation of illegal immigrants who may, at some stage, have applied for a visa. A shorter period would not be sufficient for those purposes. The data should be deleted after the period of five years, unless there are grounds to delete it earlier.

(12) Precise rules should be laid down as regards the responsibilities of the Commission for the establishment and operation of the VIS, on the one hand, and of the Member States for the national systems and the use of data by the national authorities, on the other hand.

(13) Rules on the liability of the Member States in respect of damage arising from any breach of this Regulation should be laid down. The liability of the Commission in respect of such damage is governed by the second paragraph of Article 288 of the Treaty.

(14) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data[32] applies to the processing of personal data by the Member States in application of this Regulation. However, certain points should be clarified in respect of the responsibility for the use of data, of safeguarding the rights of the data subjects and of the supervision on data protection.

(15) Regulation (EC) No 45/2001 of 18 December 2000 of the European Parliament and the Council on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data[33] applies to the activities of the Commission in relation to the protection of personal data. However, certain points should be clarified in respect of the responsibility for the use of data and of the supervision on data protection.

(16) The national supervisory authorities established in accordance with Article 28 of Directive 95/46/EC should monitor the lawfulness of the processing of personal data by the Member States, whilst the European Data Protection Supervisor as established by Regulation (EC) No 45/2001 should monitor the activities of the Commission in relation to the protection of such data.

(17) The effective monitoring of the application of this Regulation requires evaluation at regular intervals.

(18) The Member States should lay down rules on penalties applicable to infringements of the provisions of this Regulation and ensure that they are implemented.

(19) The measures necessary for the implementation of this Regulation should be adopted in accordance with Council Decision 1999/468/EC of 28 June 1999 laying down the procedures for the exercise of implementing powers conferred on the Commission[34].

(20) This Regulation respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union.

(21) The establishment of a common Visa Information System and the creation of common obligations, conditions and procedures for the exchange of visa data between Member States cannot be sufficiently achieved by the Member States and can therefore, by reason of the scale and impact of the action, be better achieved at Community level, the Community may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty. In accordance with the principle of proportionality, as set out in that Article, the Regulation does not go beyond what is necessary in order to achieve this objective.

(22) In accordance with Articles 1 and 2 of the Protocol on the position of Denmark, annexed to the Treaty on European Union and the Treaty establishing the European Community, Denmark is not taking part in the adoption of this Regulation and is therefore not bound by it or subject to its application. Given that this Regulation builds upon the Schengen acquis under the provisions of Title IV of Part Three of the Treaty establishing the European Community, Denmark shall, in accordance with Article 5 of the said Protocol, decide within a period of six months after the adoption of this instrument whether it will implement it in its national law.

(23) As regards Iceland and Norway, this Regulation constitutes a development of provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis [35], which fall within the area referred to in Article 1, point B of Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis [36] .

(24) An arrangement has to be made to allow representatives of Iceland and Norway to be associated with the work of committees assisting the Commission in the exercise of its implementing powers. Such an arrangement has been contemplated in the Exchange of Letters between the Community and Iceland and Norway, annexed to the above mentioned Association Agreement[37].

(25) This Regulation constitutes a development of provisions of the Schengen acquis in which the United Kingdom does not take part, in accordance with Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis [38]; the United Kingdom is therefore not taking part in its adoption and is not bound by it or subject to its application.

(26) This Regulation constitutes a development of provisions of the Schengen acquis in which Ireland does not take part, in accordance with Council Decision 2002/192/EC of 28 February 2002 concerning Ireland's request to take part in some of the provisions of the Schengen acquis [39]; Ireland is therefore not taking part in its adoption and is not bound by it or subject to its application.

(27) This Regulation constitutes an act building on the Schengen acquis or otherwise related to it within the meaning of Article 3(2) of the Act of Accession.

(28) As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen aquis within the meaning of the Agreement signed by the European Union, the European Community and the Swiss Confederation on the latter’s association with the implementation, application and development of the Schengen acquis which fall within the area referred to in Article 4(1) of the Council decision on the signing, on behalf of the European Community, and on the provisional application of certain provisions of this Agreement,

HAVE ADOPTED THIS REGULATION:

CHAPTER I

General Provisions

Article 1 Subject matter and scope

1. This Regulation defines the purpose, the functionalities of and responsibilities for the Visa Information System (VIS), as established by Article 1 of Decision 2004/512/EC. It sets up the conditions and procedures for the exchange of data between Member States on applications for short stay visas and on the decisions taken thereto, including the decision whether to annul, revoke or extend the visa, to facilitate the examination of such applications and the related decisions.

2. The VIS shall improve the administration of the common visa policy, consular cooperation and consultation between central consular authorities by facilitating the exchange of data between Member States on applications and on the decisions thereto, in order:

(a) to prevent threats to internal security of any of the Member States;

(b) to prevent the bypassing of the criteria for the determination of the Member State responsible for examining the application;

(c) to facilitate the fight against fraud;

(d) to facilitate checks at external border checkpoints and within the territory of the Member States;

(e) to assist in the identification and return of illegal immigrants;

(f) to facilitate the application of Regulation (EC) No 343/2003.

Article 2 Definitions

For the purposes of this Regulation, the following definitions shall apply:

(1) ‘visa’ means:

(a) ‘short stay visa’ as defined in Article 11(1)(a) of the Convention implementing the Agreement of 14 June 1985 on the gradual abolition of checks at common borders[40] (hereinafter referred to as “the Schengen Convention”);

(b) ‘transit visa’ as defined in Article 11(1)(b) of the Schengen Convention;

(c) ‘airport transit visa’ as defined in part I, point 2.1.1, of the Common Consular Instructions on visas for the diplomatic missions and consular posts (hereinafter referred to as “the Common Consular Instructions”);

(d) ‘visa with limited territorial validity’ as defined in Article 11(2) of the Schengen Convention;

(e) ‘national long-stay visa valid concurrently as a short-stay visa’ as defined in Article 18 of the Schengen Convention;

(2) ‘visa sticker’ means the uniform format for visas as defined by Regulation (EC) No 1683/95;

(3) ‘visa authorities’ means the authorities of each Member State which are responsible for examining applications and for decisions taken thereto or for decisions whether to annul, revoke or extend visas;

(4) ‘application form’ means the uniform application form for visas in Annex 16 to the Common Consular Instructions;

(5) ‘applicant’ means a third country national who has lodged an application for a visa;

(6) ‘third country national’ means any citizen who is not a citizen of the European Union within the meaning of Article 17(1) of the EC Treaty;

(7) ‘group members’ means other applicants with whom the applicant is travelling together, including the spouse and the children accompanying the applicant;

(8) ‘travel document’ means a passport or other equivalent document, entitling the holder to cross the external borders and to which a visa may be affixed;

(9) ‘Member State responsible’ means the Member State which has entered the data in the VIS;

(10) ‘verification’ means the process of comparison of sets of data to establish the validity of a claimed identity (one-to-one check);

(11) ‘identification’ means the process of determining a person’s identity through a data base search against multiple sets of data (one-to-many check).

Article 3 Categories of data

1. Only the following categories of data shall be recorded in the VIS:

(a) alphanumeric data on the applicant and on visas requested, issued, refused, annulled, revoked or extended;

(b) photographs;

(c) fingerprint data;

(d) links to other applications.

2. The messages transmitted by the infrastructure of the VIS, referred to in Article 14, Article 21(2) and Article 22(2), shall not be recorded in the VIS, without prejudice to the recording of the data processing operations pursuant to Article 28.

Article 4 Access for entering, amending, deleting and consulting data

1. Access to the VIS for entering, amending or deleting the data referred to in Article 3(1) in accordance with this Regulation shall be reserved exclusively to duly authorised staff of the visa authorities.

2. Access to the VIS for consulting the data shall be reserved exclusively to duly authorised staff of the authorities of each Member State which are competent for the purposes laid down in Articles 13 to 19, limited to the extent the data is required for the performance of the tasks in accordance with these purposes.

3. Each Member State shall designate the competent authorities, the staff of which shall have access to enter, amend, delete or consult data in the VIS. Each Member State shall communicate to the Commission a list of these authorities.

The Commission shall publish these lists in the Official Journal of the European Union .

CHAPTER II

Entry and use of data by visa authorities

Article 5 Procedures for entering data upon the application

1. On receipt of an application, the visa authority shall create without delay the application file, by entering the data referred to in Articles 6 and 7 in the VIS.

2. When creating the application file, the visa authority shall check in the VIS whether a previous application of the individual applicant has been registered in the VIS by any of the Member States.

3. If a previous application has been registered, the visa authority shall link each new application file to the previous application file on that applicant.

4. If the applicant is travelling in a group with other applicants, the visa authority shall create an application file for each applicant and link the application files of the group members.

Article 6 Data upon lodging the application

The visa authority shall enter the following data in the application file:

(1) the application number;

(2) status information, indicating that a visa has been requested;

(3) the authority to which the application has been lodged, and whether the application has been lodged to that authority on behalf of another Member State;

(4) the following data to be taken from the application form:

(a) surname, surname at birth (earlier surname(s)); first names; sex; date, place and country of birth;

(b) current nationality and nationality at birth;

(c) type and number of the travel document, the authority which issued it and the date of issue and of expiry;

(d) place and date of the application;

(e) type of visa requested;

(f) details of the person issuing an invitation or liable to pay the costs of living during the stay, being,

(i) in the case of a natural person, surname, first name and address of the person;

(ii) in the case of a company, the name of the company and surname and first name of the contact person in that company;

(5) the photograph of the applicant, in accordance with Regulation (EC) No 1683/95;

(6) fingerprints of the applicant, in accordance with the relevant provisions of the Common Consular Instructions.

Article 7 Additional da ta in case of a consultation between central authorities

If consultation between central authorities is required by any of the Member States according to Article 17(2) of the Schengen Convention, the visa authority shall enter the following additional data to be taken from the application form:

(1) main destination and duration of the intended stay;

(2) purpose of travel;

(3) date of arrival and departure;

(4) border of first entry or transit route;

(5) residence;

(6) current occupation and the employer; for students: name of school;

(7) surname and first name(s) of the applicants father and mother.

Article 8 Data to be added for a visa issued

1. Where a decision has been taken to issue a visa, the competent visa authority shall add the following data to the application file:

(a) status information indicating that the visa has been issued, replacing the status information that the visa has been requested;

(b) the authority that issued the visa, and whether that authority issued it on behalf of another Member State;

(c) date and place where the visa was issued;

(d) the type of visa;

(e) the number of the visa sticker;

(f) the territory in which the holder of the visa is entitled to travel, in accordance with the relevant provisions of the Common Consular Instructions;

(g) the period of validity of the visa;

(h) the number of entries authorised by the visa in the territory for which the visa is valid;

(i) the duration of the stay as authorised by the visa.

2. If an application is withdrawn before a decision has been taken whether to issue a visa, the visa authority to which the application was lodged shall replace the status information that the visa has been requested by the status information that the application has been withdrawn, indicating the date of the withdrawal.

Article 9 Data to be added in case of a refusal to examine the application

In case of a refusal to examine the application, the visa authority to which the application was lodged shall add the following data to the application file:

(1) status information indicating that the examination of the application has been refused, replacing the status information that the visa has been requested;

(2) the authority that refused the examination of the application and whether this decision was taken on behalf of another Member State;

(3) place and date of the decision;

(4) the Member State competent to examine the application.

Article 10 Data to be added for a visa refused

1. Where a decision has been taken to refuse a visa, the competent visa authority shall add the following data to the application file:

(a) status information indicating that the visa has been refused, replacing the status information that the visa has been requested;

(b) the authority that refused the visa and whether this decision was taken on behalf of another Member State;

(c) place and date of the decision.

2. The application file shall also indicate the ground(s) for refusal of the visa, which shall be one or more of the following:

(a) failure to submit a valid travel document;

(b) failure to submit documents proving the purpose and conditions of the intended stay, failure to prove the possession of sufficient means for subsistence during the stay or failure to prove that the applicant is in a position to acquire such means lawfully;

(c) an alert on the applicant for the purposes to refuse entry;

(d) the applicant constitutes a threat to public policy, internal security, public health or the international relations of any of the Member States.

Article 11 Data to be added for a visa annulled or revoked

1. Where a decision has been taken to annul or to revoke a visa, the competent visa authority shall add the following data to the application file:

(a) status information indicating that the visa has been annulled or revoked, replacing the status information that the visa has been issued;

(b) authority that annulled or revoked the visa and whether this decision was taken on behalf of another Member State;

(c) place and date of the decision;

(d) the reduced period of validity of the visa, if appropriate.

2. The application file shall also indicate the ground(s) for annulment or revocation of the visa, which shall be:

(a) in the case of annulment or revocation, one or more of the grounds listed in Article 10(2);

(b) in the case of a decision to shorten the length of the period of validity of the visa, one or more of the following:

(i) for the purposes of the expulsion of the applicant;

(ii) absence of adequate means of subsistence for the initially intended duration of the stay.

Article 12 Data to be added for a visa extended

1. Where a decision has been taken to extend a visa, the competent visa authority shall add the following data to the application file:

(a) status information indicating that the visa has been extended, replacing the status information that the visa has been issued;

(b) the authority that extended the visa and whether this decision was taken on behalf of another Member State;

(c) place and date of the decision;

(d) the number of the visa sticker, if the extension of the visa shall take the form of a new visa sticker;

(e) period of the extension of the validity;

(f) period of the extension of the authorised duration of the stay.

2. The application file shall also indicate the ground(s) for extending the visa, which shall be one or more of the following:

(a) force majeure;

(b) humanitarian reasons;

(c) serious occupational reasons;

(d) serious personal reasons.

Article 13 Use of the VIS for examining applications

1. The competent visa authority shall consult the VIS for the purposes of the examination of applications and the decisions relating to those applications in accordance with the relevant provisions of the Common Consular Instructions.

2. For the purposes referred to in paragraph 1, the competent visa authority shall be given access to search with one or several of the following data:

(a) the application number;

(b) the data referred to in Article 6(4)(a);

(c) the data on the travel document, referred to in Article 6(4)(c);

(d) the name of the person or company referred to in Article 6(4)(f);

(e) photographs;

(f) fingerprints;

(g) the number of the visa sticker of any previous visa issued.

3. If the search with one or several of the data listed in paragraph 2 indicates that data on the applicant is recorded in the VIS, the visa authority shall be given access to the application file and the linked application file(s), solely for the purposes referred to in paragraph 1.

Article 14 Use of the VIS for consultation and requests for documents

1. For the purposes of consultation between central national authorities on applications according to Article 17(2) of the Schengen Convention, the consultation request and the responses thereto shall be transmitted in accordance with paragraph 2.

2. The Member State which is responsible for examining the application shall transmit the consultation request with the application number to the VIS, indicating the Member State or the Member States to be consulted.

The VIS shall transmit the request to the Member State or the Member States indicated.

The Member State or the Member States consulted shall transmit the response to the VIS, which shall transmit that response to the Member State which launched the request.

3. The procedure set out in paragraph 2 may also apply for the transmission of information on the issuance of visas with limited territorial validity and other messages related to the consular cooperation as well as for the transmission of requests to the competent visa authority to forward copies of travel documents and other documents supporting the application.

4. The personal data transmitted pursuant to this article shall be solely used for the consultation of central national authorities and consular cooperation.

Article 15 Use of data for reporting and statistics

The competent visa authorities shall have access to consult the following data, solely for the purposes of reporting and statistics:

(1) status information;

(2) the competent authorities;

(3) current nationality of the applicant;

(4) border of first entry;

(5) date and place of the application or the decision concerning the visa;

(6) the type of visa requested or issued;

(7) the type of the travel document;

(8) the grounds indicated for any decision concerning the visa or visa application;

(9) the competent authority and the date of the decision refusing any previous visa application.

CHAPTER III

Use of data by other authorities

Article 16 Use of data for checks on visas

1. The competent authorities for carrying out checks at external borders and within the territory of the Member State, shall have access to search with the following data, for the sole purpose of verifying the identity of the person and/or the authenticity of the visa:

(a) the data referred to in Article 6(4)(a);

(b) data on the travel document, referred to in Article 6(4)(c);

(c) photographs,;

(d) fingerprints;

(e) the number of the visa sticker.

2. If the search with any of data the listed in paragraph 1 indicates that data on the applicant is recorded in the VIS, the competent authority shall be given access to consult the following data of the application file as well as of linked application file(s) of group members, for the sole purpose referred to in paragraph 1:

(a) the status information and the data taken from the application form, referred to in Article 6(2), (4) and Article 7;

(b) photographs,

(c) fingerprints;

(d) the data entered in respect of any visa previously issued, annulled, revoked or extended.

Article 17 Use of data for identification and return of illegal immigrants

1. The competent immigration authorities shall have access to search with the following data, solely for the purposes of identification and return of illegal immigrants:

(a) the data referred to in Article 6(4)(a);

(b) photographs;

(c) fingerprints.

2. If the search with one or several of the data listed in paragraph 1 indicates that data on the applicant is recorded in the VIS, the competent authority shall be given access to consult the following data of the application file and the linked application file(s), solely for the purposes referred to in paragraph 1:

(a) the status information and the authority to which the application was lodged;

(b) the data taken from the application form, referred to in Article 6(4) and Article 7;

(c) photographs;

(d) the data entered in respect of any visa previously issued, refused, annulled, revoked or extended.

Article 18 Use of data for determining the responsibility for asylum applications

1. The competent asylum authorities shall have access to search with the following data for the sole purpose of determining the Member State responsible for examining an asylum application according to Article 9 of Regulation (EC) No 343/2003:

(a) the data referred to in Article 6(4)(a);

(b) photographs;

(c) fingerprints.

2. If the search with one or several of the data listed in paragraph 1 indicates that a visa issued with an expiry date of no more than six months before the date of the asylum application, and/or a visa extended to an expiry date of no more than six months before the date of the asylum application, is recorded in the VIS, the competent authority shall be given access to consult the following data on such visa, for the sole purpose referred to in paragraph 1:

(a) the authority that issued or extended the visa;

(b) the type of visa;

(c) the period of validity of the visa;

(d) the duration of the stay

(e) photographs.

Article 19 Use of data for examining the application for asylum

1. The competent asylum authorities shall have access in accordance with Regulation (EC) No 343/2003 to search with the following data, for the sole purpose of examining an application for asylum:

(a) the data referred to in Article 6(4)(a);

(b) photographs;

(c) fingerprints.

2. If the search with one or several of the data listed in paragraph 1 indicates that data on the applicant is recorded in the VIS, the competent authority shall have access to consult the following data of the application file and the linked application file(s), for the sole purpose referred to in paragraph 1:

(a) the status information and the authority to which the application has been lodged;

(b) the data taken from the application form, referred to in Article 6(4) and Article 7;

(c) photographs;

(d) the data entered in respect of any visa previously issued, refused, annulled, revoked or extended, or in respect of the refusal to examine the application.

CHAPTER IV

Retention and amendment of the data

Article 20 Retention period for data storage

1. Each application file shall be stored in the VIS for five years, without prejudice to the deletion referred to in Article 21 and Article 22 and to the keeping of records referred to in Article 28.

That period shall start:

(a) with the expiry date of the visa, if a visa has been issued;

(b) with the new expiry date of the visa, if a visa has been annulled, revoked or extended;

(c) on the data of the creation of the application file in the VIS, if a visa or the examination of the application has been refused, or the application has been withdrawn.

2. Upon expiry of the period referred to in paragraph 1, the VIS shall automatically delete the application file and the link(s) to this file.

Article 21 Amendment of data

1. Only the Member State responsible shall have the right to amend data which it has transmitted to the VIS, by up-dating, supplementing or correcting such data, or to delete it pursuant to paragraph 3 of this Article or to Article 22.

2. If a Member State has evidence to suggest that data processed in the VIS is inaccurate or that data was processed in the VIS contrary to this Regulation, it shall advise the Member State responsible immediately. Such message may be transmitted by the infrastructure of the VIS.

3. The Member State responsible shall check the data concerned and, if necessary, amend or delete it immediately.

Article 22 Advance data deletion

1. Application files and the links relating to an applicant who has acquired the nationality of any Member State before expiry of the period referred to in Article 20(1) shall be deleted from the VIS immediately as the Member State responsible becomes aware that the applicant has acquired such nationality.

2. Each Member State shall advise the Member State responsible immediately, if an applicant has acquired its nationality. Such message may be transmitted by the infrastructure of the VIS.

CHAPTER V

Operation and Responsibilities

Article 23 Operational management

1. The Commission shall be responsible for establishing and operating the Central Visa Information System and the communication infrastructure between the Central Visa Information System and the National Interfaces.

2. The data shall be processed by the VIS on behalf of the Member States.

3. In relation to the processing of personal data in the VIS, each Member State shall designate the authority which is to be considered as controller in accordance with Article 2(d) of Directive 95/46/EC. Each Member State shall communicate this authority to the Commission.

Article 24 Relation to the National Systems

1. The VIS shall be connected to the National System of each Member State via the National Interface in the Member State concerned.

2. Each Member State shall designate a national authority, which shall provide the access of the competent authorities referred to in Article 4(1) and (2) to the VIS, and connect that national authority to the National Interface.

3. Each Member State shall observe automated procedures for processing the data.

4. Each Member State shall be responsible for:

(a) the development of the National System and/or its adaptation to the VIS according to Article 2(2) of Decision 2004/512/EC;

(b) the organisation, management, operation and maintenance of its National System;

(c) the management and arrangements for access of duly authorised staff of the competent national authorities to the VIS in accordance with this Regulation.

(d) to bear the costs incurred by the National Systems and the costs for their connection to the National Interface, including the investment and operational costs for the communication infrastructure between the National Interface and the National System.

Article 25 Responsibility for the use of data

1. Each Member State shall ensure that the data is processed lawfully. The Member State responsible shall ensure in particular that:

(a) the data is collected lawfully;

(b) the data is transmitted lawfully to the VIS;

(c) the data is accurate and up-to-date when it is transmitted to the VIS.

2. The Commission shall ensure that the VIS is operated in accordance with this Regulation and its implementing rules. In particular, the Commission shall:

(a) take the necessary measures to ensure the security of the Central Visa Information System and the communication infrastructure between the Central Visa Information System and the National Interfaces, without prejudice to the responsibilities of each Member State;

(b) ensure that only duly authorised staff has access to data processed in the VIS for the performance of the tasks of the Commission in accordance with this Regulation.

3. The Commission shall inform the European Parliament and the Council of the measures it takes pursuant to paragraph 2.

Article 26 Data security

1. The Member State responsible shall ensure the security of the data before and during the transmission to the National Interface. Each Member State shall ensure the security of the data it receives from the VIS.

2. Each Member State shall take the necessary measures to:

(a) prevent any unauthorised person from having access to national installations in which the Member State carries out operations in accordance with the purposes of the VIS (checks at entrance to the installation);

(b) prevent data and data media from being read, copied, modified or deleted by unauthorised persons (control of data media);

(c) ensure that it is possible to check and establish what data has been processed in the VIS, when and by whom (control of data recording);

(d) prevent the unauthorised processing of data in the VIS and any unauthorised modification or deletion of data processed in the VIS (control of data entry);

(e) ensure that, in using the VIS, authorised persons have access only to data which is within their competence (control of access);

(f) ensure that it is possible to check and establish the authorities to which data recorded in the VIS may be transmitted by data transmission equipment (control of transmission);

(g) prevent the unauthorised reading, copying, modification or deletion of data during the transmission of data to or from the VIS (control of transport).

3. The Commission shall take measures equivalent to those mentioned in paragraph 2 as regards the operation of the VIS.

Article 27 Liability

1. Any person who, or Member State which, has suffered damage as a result of an unlawful processing operation or any act incompatible with this Regulation shall be entitled to receive compensation from the Member State which is responsible for the damage suffered. That State shall be exempted from its liability, in whole or in part, if it proves that it is not responsible for the event giving raise to the damage.

2. If failure of a Member State to comply with its obligations under this Regulation causes damage to the VIS, that Member State shall be held liable for such damage, unless and insofar as the Commission failed to take reasonable measures to prevent the damage from occurring or to minimise its impact.

3. Claims for compensation against a Member State for the damage referred to in paragraphs 1 and 2 shall be governed by the provisions of national law of the defendant Member State.

Article 28 Keeping of records

1. Each Member State and the Commission shall keep records of all data processing operations within the VIS. These records shall show the purpose of access referred to in Article 4(1) and in Articles 13 to 19, the date and time, the data transmitted, the data used for interrogation and the name of the authority entering or retrieving the data. In addition, each Member State shall keep records of the persons responsible for putting in or retrieving the data.

2. Such records may be used only for the data-protection monitoring of the admissibility of data processing as well as to ensure data security. The records shall be protected by appropriate measures against unauthorised access and deleted after a period of one year after the retention period referred to in Article 20(1) has been expired, if they are not required for monitoring procedures which have already begun.

Article 29 Penalties

The Member States shall lay down the rules on penalties applicable to infringements of the provisions of this Regulation relating to data protection and shall take all measures necessary to ensure that they are implemented. The penalties provided for must be effective, proportionate and dissuasive. The Member States shall notify those provisions to the Commission by the date of the notification referred to in Article 37(1) at the latest and shall notify it without delay of any subsequent amendment affecting them.

CHAPTER VI

Rights and supervision on data protection

Article 30 Right of information

1. Applicants and the persons referred to in Article 6(4)(f) shall be informed of the following by the Member State responsible:

(a) the identity of the controller referred to in Article 23(3) and of his representative, if any;

(b) the purposes for which the data will be processed within the VIS;

(c) the recipients of the data;

(d) that the taking of the data is mandatory for the examination of the application;

(e) the existence of the right of access to, and the right to rectify, the data concerning that person.

2. The information referred to in paragraph 1 shall be provided to the applicant when the data from the application form, the photograph and the fingerprint data as referred to in Article 6(4), (5), (6) and Article 7 are taken.

3. The information referred to in paragraph 1 shall be provided to the persons referred to in Article 6(4)(f) in the forms to be signed by those persons providing proof of invitation, sponsorship and accommodation.

Article 31 Right of access, correction and deletion

1. Without prejudice to the obligation to provide other information in accordance with Article 12(a) of Directive 95/46/EC, any person shall have the right to obtain communication of the data relating to him recorded in the VIS and of the Member State which transmitted it to the VIS. Such access to data may be granted only by a Member State.

2. Any person may request that data relating to him which is inaccurate be corrected or that data recorded unlawfully may be deleted. The correction and deletion shall be carried out without delay by the Member State responsible, in accordance with its laws, regulations and procedures.

3. If the request is made to a Member State, other than the Member State responsible, the authorities of the Member State to which the request has been lodged shall contact the authorities of the Member State responsible. The Member State responsible shall check the accuracy of the data and the lawfulness of its processing in the VIS.

4. If it emerges that data recorded in the VIS are inaccurate or have been recorded unlawfully, the Member State responsible shall correct or delete the data in accordance with Article 21(3). The Member State responsible shall confirm in writing to the person concerned without delay that it has taken action to correct or delete data relating to him.

5. If the Member State responsible does not agree that data recorded in the VIS is inaccurate or has been recorded unlawfully, it shall explain in writing to the person concerned without delay why it is not prepared to correct or delete data relating to him.

6. The Member State responsible shall also provide the person concerned with information explaining the steps which he can take if he does not accept the explanation provided. This shall include information on how to bring an action or a complaint before the competent authorities or courts of that Member State and any financial or other assistance that is available in accordance with the laws, regulations and procedures of that Member State.

Article 32 Cooperation to ensure the rights on data protection

1. The competent authorities of the Member States shall cooperate actively to enforce the rights laid down in Article 31(2), (3) and (4).

2. In each Member State, the national supervisory authority shall assist and, where requested, advise the person concerned in exercising his right to correct or delete data relating to him in accordance with Article 28(4) of Directive 95/46/EC in exercising his rights.

3. The national supervisory authority of the Member State responsible which transmitted the data shall assist and, where requested, advise the person concerned in exercising her right to correct or erase the data relating to him. Both national supervisory authorities shall cooperate to this end. The person concerned may also apply for assistance and advice to the independent supervisory authority referred to in Article 35.

Article 33 Remedies

1. In each Member State any person shall have the right to bring an action or a complaint before the competent courts of that Member State if he is refused the right of access to or the right of correction or deletion of data relating to him, provided for in Article 31(1) and (2).

2. The obligations of the national supervisory authorities to assist and, where requested, advise the person concerned, in accordance with Article 32(3), shall subsist throughout the proceedings.

Article 34 National supervisory authority

Each Member State shall require the national supervisory authority or authorities established in accordance with Article 28(1) of Directive 95/46/EC to monitor independently, in accordance with its national law, the lawfulness of the processing, in accordance with this Regulation, of personal data by the Member State in question, including their transmission to and from the VIS.

Article 35 Independent Supervisory Authority

1. The European Data Protection Supervisor as established by Article 41(1) of Regulation (EC) No 45/2001 shall monitor the activities of the Commission to ensure that the rights of persons covered by this Regulation are not violated by the processing of data in the VIS, including that the personal data is transmitted lawfully between the National Interfaces and the Central Visa Information System.

2. In the performance of its tasks, the European Data Protection Supervisor shall, if necessary, be actively supported by the national supervisory authorities.

3. The Commission shall supply information requested by the European Data Protection Supervisor, give him access to all documents and to its records referred to in Article 28(1) and allow him access to all its premises, at all times.

CHAPTER VII

Final Provisions

Article 36 Implementation

1. The Central Visa Information System, the National Interface in each Member State and the communication infrastructure between the Central Visa Information System and the National Interfaces shall be implemented in two phases.

In the first phase, the functionalities for processing alphanumeric data and the photographs, as referred to in Article 3(1)(a) and (b), shall be implemented by 31 December 2006 at the latest.

In the second phase, the functionalities for processing the biometric data referred to in Article 3(1)(c) shall be implemented by 31 December 2007 at the latest.

2. The measures necessary for the technical implementation of the functionalities referred to in paragraph 1 shall be adopted in accordance with the procedure referred to in Article 39(2).

Article 37 Start of transmission

1. Each Member State shall notify the Commission that it has made the necessary technical and legal arrangements to transmit data to the Central Visa Information System via the National Interface in accordance with Article 36.

2. The Member States referred to in Article 38 shall start to collect and enter the data by the date referred to in that article.

3. A Member State which notifies that it has made the necessary arrangements after the date referred to in Article 38, shall start to collect and enter the data by the date specified in the notification to the Commission.

4. No Member State shall consult the data transmitted by other Member States to the VIS before it starts entering data in accordance with paragraphs 2 and 3.

Article 38 Start of operations

When the measures referred to in Article 36(2) have been adopted in respect of the first phase of implementation and at least five Member States have notified the Commission that they have made the necessary technical and legal arrangements to transmit data to the VIS in accordance with Article 37(1) the Commission shall determine the date from which the VIS is to start operations.

It shall publish that date in the Official Journal of the European Union .

Article 39 Committee

1. The Commission shall be assisted by the committee set up by Article 5(1) of Regulation (EC) No 2424/2001.

2. Where reference is made to this paragraph, Articles 4 and 7 of Decision 1999/468/EC shall apply.

The period laid down in Article 4(3) of Decision 1999/468/EC shall be two months.

3. The committee shall adopt its Rules of Procedure.

Article 40 Monitoring and evaluation

1. The Commission shall ensure that systems are in place to monitor the functioning of the VIS against objectives, in terms of outputs, cost-effectiveness and quality of service.

2. Two years after the VIS starts operations and every two years hereafter, the Commission shall submit to the European Parliament and the Council a report on the technical functioning of the VIS. This report shall include information on the performance of the VIS against quantitative indicators predefined by the Commission.

3. Four years after the VIS starts operations and every four years thereafter, the Commission shall produce an overall evaluation of the VIS including examining results achieved against objectives and assessing the continuing validity of the underlying rationale and any implications of future operations. The Commission shall submit the reports on the evaluations to the European Parliament and the Council.

Article 41 Entry into force and applicability

1. This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union .

2. It shall apply from the date referred to in the first paragraph of Article 38.

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaty establishing the European Community.

Done at Brussels,

For the European Parliament For the Council

The President The President

ANNEX

COMMENTARY ON THE ARTICLES

1. Chapter I: General Provisions

Article 1 defines in paragraph 1 the object of the Regulation and gives the Commission the mandate for setting up and maintaining the VIS. Article 1 of Council Decision 2004/512/EC, which is referred to by paragraph 1, established the VIS as a system for the exchange of visa data between Member States, which shall enable authorised national authorities to enter and update visa data and to consult these data electronically and shall be based on a centralised architecture and consist of the Central Visa Information System, a National Interface in each Member State and the communication infrastructure between the Central Visa Information System and the National Interfaces.

Paragraph 2 sets out the objectives of the VIS in line with the Council conclusions of 19 February 2004[41]. These objectives are translated in Chapters II and III into the specific purposes for the use of the data, creating obligations for the visa authorities and giving other competent authorities access to the relevant visa data.

The definitions in Article 2 refer to the Treaty or the Schengen acquis on visa policy, except for the terms ‘visa authority’, ‘applicant’, ‘group members’, ‘Member State responsible’, ‘verification’ and ‘identification’, which are defined specifically for the purposes of this Regulation.

Article 3 sets out the categories of data to be recorded in the VIS: alphanumeric data, photographs and fingerprint data, which are detailed in the referred provisions of Chapter II. However, as outlined in the Extended Impact Assessment, for reasons of proportionality the processing of scanned documents as foreseen by the Council conclusions[42] is not included[43].

Paragraph 2 provides that messages transmitted for the purposes of the consultation between central authorities, as well as messages between the competent authorities shall not be recorded, except for the purposes of data protection monitoring and data security pursuant to Article 28 of this Regulation.

Article 4 provides the basic rules for the access to the data: Access for entering, amending or deleting the data shall be reserved only to duly authorised staff of the visa authorities. Access for consulting data and the right to search and to use data shall be reserved exclusively to duly authorised staff of the authorities competent for the purposes as specified in Chapters II and III, limited to the extent as needed for the performance of these tasks. The competent authorities shall be designated and communicated by each Member State to the Commission, which shall publish these lists in the Official Journal of the European Union.

2. Chapter II: Entry and use of data by visa authorities

Article 5 determines the procedures for entering data, when a visa application has been lodged: The competent visa authority shall create an application file by entering the data referred to in Article 6 and 7 into the VIS and link previous applications of the same applicant to this application file as well as the application files of the applicants travelling in a group with other applicants, e.g. in the framework of an ADS agreement[44], or together with family members. As laid down in paragraph 4, the visa authority shall create an application file in the VIS for each of the group members, i.e. also in case of family members using one single travel document.

Articles 6 and 7 detail the data to be entered when creating the application file: The unique application number, the status information and the authority to which the application has been lodged are needed to identify the set of data on the application and the competent visa authority. The source for the alphanumeric data listed under point 4 of Article 6 and under Article 7 is the uniform application form (Annex 16 of the CCI). These data are required for the assessment of the application and for checks on the visa and the applicant. In view of proportionality, the storage of two sets of alphanumeric personal data is foreseen: The data under point 4 of Article 6 shall be entered for each applicant. The inclusion of data on persons and companies issuing invitations will help to identify those persons and companies which make fraudulent invitations. This constitutes important information in the fight against visa fraud, illegal immigration, human trafficking and the related criminal organisations which often operate in an international scale[45].

The data listed in Article 7 shall be entered only in the specific cases[46] for which the consultation between central authorities according to Article 17(2) of the Schengen Convention and part V, point 2.3, of the CCI is required by any of the Member States. The use of the VIS for this consultation in line with the Council conclusions[47] is laid down in Article 14 of this proposal. The categories for which such consultation is needed are specified in Annex 5B to the CCI. In the cases where the applicants come under these categories, these data are also relevant for checks at external borders and within the territories of the Member States as well as for identification and return purposes and for examining asylum applications. Thus these data shall be also available for these purposes, cf. Articles 16(2)(a), 17(2)(b) and 19(2)(b) of this proposal.

The photograph listed under point 6 of Article 8) has been introduced by Regulation (EC) No 334/2002 amending Regulation (EC) No 334/2002 for the visa sticker. The storage of photographs in the VIS is needed for the visual identity of the applicant. Further development at a later stage might enable the use of photographs for facial recognition. The fingerprint data (point 7 of Article 8) are essential to ensure exact verification and identification of visa applicants. In a large database it is not possible to identify persons with alphanumeric data alone. Even for bona-fide travellers the spelling of the same name can be different from one country to another, many instances of the same name exist and in some countries dates of births are not completely known. Identifying undocumented persons or persons is virtually impossible without biometrics. The standards, conditions and procedures for taking the biometric data shall be laid down in an amendment of the CCI.

Article 8 creates the obligation for the visa authorities to add to the application file the data which shall be introduced in the visa sticker, when the decision has been taken to issue a visa. The ‘territory’ listed under point (f) shall indicate according to part VI, point 1.1 of the CCI either the Schengen area or individual Schengen State(s). Paragraph 2 covers the case that the application is withdrawn before a decision has been taken.

Article 9 provides which data should be added in case of a refusal of the visa authority to examine the application according to cf. part V, point 2.4, of the CCI.

Article 10 concerns the data to be added when a visa has been refused. The grounds for refusing the visa are based upon the conditions for issuing a visa as laid down in Article 15 in conjunction with Article 5(1)(a), (c), (d) and (e) of the Schengen Convention, and, as far as “public health” is referred to in subparagraph 2(a), in the proposal on a Community Code for the movement of persons across borders[48]. These grounds are introduced for the purposes of this Regulation, i.e. without constituting or affecting any obligation to motivate the related decision towards the applicant.

Article 11 covers the data to be added when the decision has been taken to annul or to revoke a visa. In line with the Decision of the Executive Committee SCH/Com-ex(93)24[49], paragraph 2 concerns the grounds, in case that checks reveal that the applicant does not fulfil or no longer fulfils one or several of these conditions, and paragraph 3 to grounds for shortening the length of the validity of the visa.

Article 12 provides the data to be added for a visa extended, defining grounds in line with the Decision of the Executive Committee SCH/Com-ex(93)21[50].

Article 13 covers the obligations of the visa authorities to use the VIS for examining visa applications and for the examination whether to annul, revoke or extend visas. Since for these purposes all information stored in the VIS may be relevant, the competent visa authority shall have access to the complete application file and the linked application files of previous applications of the applicant and of group members travelling together with the applicant. Even if the applicant uses not the same identity to re-apply for the Schengen visa after visa refusal, the consular authorities in another Member State would have the possibility to establish the identity of the visa applicant by the use of biometrics and the personal data about the visa applicant from his previous application. The access shall be given in two steps: If the search with data listed in paragraph 2 indicates that data on the applicant are recorded in the VIS, in a second step access shall be given to the relevant application file(s), Fingerprints shall be used to identify the person. The photograph might be used to increase accuracy if facial recognition would be implemented if the photo quality improves and facial recognition techniques become more mature.

Article 14 integrates the technical functionalities of the consultation between central authorities according to Article 17(2) of the Schengen Convention (VISION network) into the VIS, in line with the Council Conclusions[51], and provides the possibility to use the VIS for other messages in the framework of consular cooperation and for requests for documents. The mechanism introduced in paragraph 1 is building upon the procedure as laid down in part V, point 2.3, of the CCI, replacing the current transmission procedure by the transmission of requests and the responses thereto via the VIS. The transmission of the application number enables duly authorised staff to consult the relevant application file(s), including the linked application files on previous applications or on the applications of persons travelling in a group. The Member States to be consulted shall be indicated by the central authority asking for consultation pursuant to Annex 5B of the CCI. As part of the procedures for the examination of visa applications, the central authorities consulted shall have access to the relevant application files.

The integration of the technical functionalities of the current VISION network in the VIS will not only avoid redundancy of the data flow but improve the current consultation and the related background checks in national databases according to the relevant national law. In particular the use of the fingerprint data would significantly improve the possibility to detect persons who constitute a threat to internal security. In particular these functionalities of the VIS would strengthen the horizontal task of visa authorities to prevent such threats for any of the Member States. Paragraph 4 stresses that the personal data transmitted pursuant to this article may be solely used for the consultation of central authorities and consular cooperation.

Article 15 specifies the use of data for reporting and statistics by the visa authorities. The nature of the data referred to in this provision do not allow identifying individual applicants.

3. Chapter III: Use of data by other authorities

Article 16 covers the use of data for checks at external borders and within the territory of the Member States: Paragraph 1 defines this purpose as well as the data to be searched with. Paragraph 2 specifies to which data access shall be given, if the search with these data indicates that data on the applicant are recorded in the VIS.

Article 17 concerns the use for identification and return purposes: Paragraph 1 defines these purposes, as well as the data to be searched with. Paragraph 2 specifies to which data access shall be given, if the search with these data indicates that data on the applicant are recorded in the VIS.

Articles 18 and 19 cover the use for the application of the Dublin Regulation (EC) No 343/2003, defining the specific purposes, the data to be searched with and the data to which access shall be given. The access to the VIS for the purposes to determine the Member State responsible for examining an asylum application is limited by Article 18(2) to the visa data needed for the application of Article 9 of the Dublin Regulation, which connects the responsibility for examining an asylum application to the previous issuing or extending of a visa to the asylum seeker. Article 19(2) specifies to which data access shall be given for the purposes to examine the asylum application, in accordance with the Dublin Regulation[52].

4. Chapter IV: Retention and amendment of data

Article 20 sets out a retention period of five years for each application file. For the determination of this retention period has been taken into account that for reasons of data protection, personal data should be kept no longer than it is necessary for the purposes of the VIS (cf. Article 6(1)(e) of Directive 95/46/EC). This retention period is necessary to meet the objectives of the VIS, e.g. the assessment of the applicant’s good faith or detect continued practices of fraud or visa shopping over years. If personal data would be retained only for the period of the visa's validity, the contribution to these purposes would be very limited. This retention period would not allow any speeding up of subsequent applications for regular travellers, as their record would only be stored for the time period the visa is valid. In addition, it would be unlikely that such a period of validity would assist in the documentation of illegal migrants, who, at some stage had applied for a visa. Moreover, in exceptional cases a short term visa can be valid up to five years (cf. CCI, part V, point 2.1). The five-year period is also indicated in part VII, point 2, of the CCI which foresees the filing of visa applications for “at least five years where the visa has been refused”.

Paragraph 2 specifies that the period shall start for a visa issued, annulled, revoked or extended with the expiry date, and in other cases with the creation of the application file. Paragraph 3 creates the obligation to carry out automatically the deletion of the application and the link(s) to this application file as referred to in Article 5(3) and (4).

Article 21 provides that only the Member State responsible shall have the right to amend the data. Paragraph 2 creates the obligation for each Member State to advise this Member State if there is evidence that data are inaccurate or were processed contrary to this Regulation.

Article 22 ensures the deletion of data of applicants who have required the nationality of a Member State before expiry of the retention period. However, if a third country national becomes member of the family of a EU citizen without requiring the nationality of a Member State, this will not affect the storage of his data in the VIS. In such case, a third country national can still be subject to a visa obligation. Since the data on previous applications are needed for the assessment of subsequent applications it is necessary that in such cases the data remain in the VIS till the retention period ends.

5. Chapter V: Operation and responsibilities

Article 23 clarifies that the Commission shall be responsible for establishing and operating the VIS and that the Member States are the controllers of the data processed in the VIS.

Article 24 creates in paragraphs 1 to 3 the obligation for each Member State to connect the VIS to each National System via the National Interface, to designate a national authority to provide the access for the competent authorities and to observe automated procedures for processing the data. According to Article 1 of Decision 1(2) of Decision 2004/512/EC, the National Interface shall provide the connection to the relevant central national authority of the respective Member State to enable national authorities to access the VIS. Paragraph 4 clarifies the competences of each Member State for its National System and the burden for the related costs, including the competence for the development of the National System and/or its adaptation to the VIS, as laid down in Article 2(2) of Council Decision 2004/512/EC.

Article 25 sets out in paragraph 1 the responsibilities of the Member States for the use of the data, acting as a controller at the moment of collection, transmission and reception of personal data. Paragraph 2 creates obligations for the Commission as processor with regard to confidentiality and security, pursuant to Articles 16 and 17 of Directive 95/46/EC and Articles 21 and 22 of Regulation (EC) No 45/2001.

Article 26 determines according to Article 17 of Directive 95/46/EC which measures have to be implemented to ensure the security of processing. Paragraph 2 creates the obligation for the Commission to take equivalent measures; in particular the Commission provisions on security have to be respected[53].

Article 27 sets out the applicable rules on liability of Member States for damages. The liability of the Commission is governed by Article 288(2) of the Treaty.

Article 28 creates the obligation for the Member States and the Commission to keep complete records of data processing operations for one year after expiry of the retention period, which may solely be usedfor the purposes of data protection monitoring and data security.

Article 29 creates the obligation of each Member State to ensure the proper processing and use of data by appropriate penalties, as an essential complement to the data protection and security arrangements.

6. Chapter VI: Rights and supervision on data protection

For the protection of personal data, the relevant Community’s legislation, Directive 95/46/EC and Regulation (EC) 45/2001, fully apply for this ‘first pillar’ instrument (cf. recitals 14 and 15). The provisions in this chapter clarify certain points in respect of safeguarding the rights of the persons concerned and of the supervision on data protection.

Article 30 covers the right of information of the applicants, but also persons issuing invitations or liable to pay the costs of living during the stay, whose data shall be stored in the VIS pursuant to Article 8(4)(f). Paragraph 1 contains in conformity with Article 10 of Directive 95/46/EC a list of items the person concerned has to be informed about. Paragraph 3 refers to the harmonised forms, specimens of which are published in Annex 15 of the CCI.

As far as the applicant’s employer and parents are concerned according Article 7(6) and (7) of this Regulation, the provision of such provision would involve a disproportionate effort in the meaning of Article 11(2) of Directive 95/46/EC, if the visa authority would be required to send a specific information to these persons named in the application form. However, these data shall only be stored in the VIS if a consultation between central authorities is required and the safeguards clarified in Articles 31 to 35 of this chapter apply also for these persons.

Article 31 provides in paragraphs 1 and 2 any person the right of access, correction and deletion of data relating to him which are inaccurate or recorded unlawfully, and clarifies in paragraph 3 that the related request may be lodged to each Member State. Paragraphs 4 to 6 specify the requirements according to Article 12 of Directive 95/46/EC.

Article 32 lays down an obligation for the competent authorities to ensure the proper operation of the mechanism laid down in Article 31 and the assistance and advice by the national supervisory authority, specifying the obligations laid down in Article 28(4) and (6) of Directive 95/46/EC.

Article 33 clarifies pursuant to Article 22 of Directive 95/46/EC the right of any person on remedies before the courts of each Member State if the rights of access to or of correction or deletion of data relating to him is refused.

Article 34 clarifies the competence of the national supervisory authorities to review the lawfulness of all the processing operations carried out by the Member States.

Article 35 provides that the European Data Protection Supervisor as established by Article 41(1) of Regulation (EC) No 45/2001 shall monitor the activities of the Commission related to the rights of persons covered by this Regulation. Paragraphs 2 and 3 create obligations to support this monitoring.

7. Chapter VII: Final Provisions

Article 36 covers the implementation approach to start with alphanumeric data and the photographs and adding in a second phase the functionalities for processing biometric data, in line with the step-wise approach as set out by the Council conclusions[54]. Paragraph 2 provides that the measures necessary for the technical implementation of these functionalities shall be adopted in accordance with the management procedure.

Article 37 connects the start of transmission of data to the notification of each Member State to the Commission that it has made the necessary technical and legal arrangements for the transmission of data to the VIS. Paragraph 2 lays down that the Member States which have notified as a condition for the applicability of this Regulation, shall start to collect and enter the data by the date laid down in Article 38. Paragraph 3 provides that the Member States which have notified at a later date shall start to collect and enter the data by the date of their respective notification. Paragraph 4 ensures the entering of data by the individual Member State as a precondition for consulting the data transmitted by other Member States.

Article 38 concerns the start of operations, the date of which shall be published by the Commission when the conditions laid down in this provision have been met.

Article 39 extends the mandate of the SIS II committee, further to the measures for the development of the VIS as specified in Articles 3 and 4 of Council Decision 2004/512/EC, to measures for implementing this Regulation by the management procedure. These measures are, as specified in Article 37(2) the technical measures for implementing the functionalities of the VIS.

Article 40 creates the obligation of the Commission to monitor and evaluate the operation of the VIS and produce monitoring and evaluation reports, to be submitted to the European Parliament and the Council.

Article 41 concerns the entry into force and applicability. Due to the technical requirements involved in establishing the VIS, it is not possible to provide for simultaneous entry into force and applicability of the Regulation.

FICHE FINANCIÈRE

+++++ TABLE +++++

1. BUDGET LINE(S) + HEADING(S)

18.08.03 Visa Information System

2. OVERALL FIGURES

2.1. Total allocation for action (Part B):

97 million € for commitment until 2013.

2.2. Period of application:

Undetermined duration. Foreseen for 2007-2013:

- Investment costs for biometric processing: 64 Mio €

- Exploitation costs for biometric processing: 33 Mio €

The amounts foreseen for the period 2007-2013 are subject to the adoption of the new financial perspectives.

2.3. Overall multi-annual estimate of expenditure:

(a) Schedule of commitment appropriations/payment appropriations (financial intervention)

€ million

+++++ TABLE +++++

As explained in 5.2.2 all investments will be done at the beginning of each year, so annual payments are estimated at around 80% of the commitments.

(b) Overall financial impact of human resources and other administrative expenditure

+++++ TABLE +++++

+++++ TABLE +++++

2.4. Compatibility with financial programming and financial perspectives

[] Proposal is compatible with existing financial programming.

2.5. Financial impact on revenue:

[X] Proposal has financial impact – the effect on revenue is as follows:

The present proposal builds upon the Schengen acquis, as defined in Annex A of the Agreement signed on 18 May 1999 between the Council and the Republic of Iceland and the Kingdom of Norway concerning the association of both these States with the implementation, application and development of the Schengen acquis [55]. Article 12(1) last paragraph lays down:

“In cases where operational costs are attributed to the general budget of the European Community, Iceland and Norway shall share in these costs by contributing to the said budget an annual sum in accordance with the percentage of the gross national product of their countries in relation with the gross national product of all participating States”

Contribution from Iceland/Norway: 2.128% (2002 figures)

(€ million to one decimal place)

+++++ TABLE +++++

4. LEGAL BASIS

This statement accompanies a legislative proposal for a Regulation of the European Parliament and the Council concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas, based on Article 62 point (2)(b)(ii) TEC and Article 66 TEC.

5. DESCRIPTION AND GROUNDS

5.1. Need for Community intervention

5.1.1. Objectives pursued

The present financial statement is designed to allow for the second phase of the VIS to take place by means of Community financing as of 2007 and in accordance with the relevant provisions of the Treaty.

The implementation of the Visa Information System is done in phases as follows:

- Phase 1: the functionalities for processing of alphanumeric data and photographs.

- Phase 2: the functionalities for processing biometrics.

The Commission has followed a two-step approach for the legal framework of the VIS:

A first legal instrument, Council Decision 2004/512/EC establishing the Visa Information System (VIS) [56] , which constitutes the required legal base to allow for the inclusion in the budget of the European Union of the necessary appropriations for the development of VIS and the execution of that part of the budget, defines the architecture of the VIS and gives the Commission the mandate to develop the Visa Information System at the technical level, assisted by the SIS II committee[57], whereas the national systems shall be adapted and/or developed by the Member States. The financial statement made in the financial statement of this Decision relates to the procurement of technical expertise, management expertise, hardware and software, etc. for the first phase of the setting-up of the VIS system containing alphanumeric data and photographs.

The present proposal for a Regulation of the European Parliament and the Council, the second “fully fledged” legal instrument, gives the Commission the mandate to set up, maintain and operate the VIS and defines the purpose, functionalities and responsibilities for the Visa Information System and the procedures and conditions for the exchange of visa data between Member States. This second legal instrument has been elaborated on the basis of the political orientation given by the Council conclusions of 19 February 2004. The financial statement for this legal instrument relates, in particular, to the costs for processing biometrics, phase 2 of the VIS.

Community intervention is needed, since the establishment of a common Visa Information System and the creation of common obligations, conditions and procedures for the exchange of visa data between Member States cannot be sufficiently achieved by the Member States and can, therefore, by reason of the scale and impact of the action, be better achieved at Community level.

Article 1(2) of the proposal states the purpose of the VIS:

“The VIS shall improve the administration of the common visa policy, consular cooperation and consultation between central consular authorities, by facilitating the exchange of data between Member States on applications and on the decisions thereto, in order:

(a) to prevent threats to the internal security of any of the Member States;

(b) to prevent the bypassing of the criteria for the determination of the Member State responsible for examining the application;

(c) to facilitate the fight against fraud;

(d) to facilitate checks at external border checkpoints and within the territory of the Member States;

(e) to assist in the identification and return of illegal immigrants;

(f) to facilitate the application of Regulation (EC) No 343/2003.”

In order to achieve these objectives, the VIS shall be connected to a National System in each Member State, to enable duly authorised staff of the competent authorities of each Member State to enter, amend, transmit or consult the data by means of an automated procedure in accordance with this Regulation.

5.1.2. Measures taken in connection with ex ante evaluation

A feasibility study on technical and financial aspects of the VIS was launched by the Commission on 16 September 2002 and submitted to the Council in May 2003. The study provides an analysis of the technical and financial aspects of the VIS.

The importance of biometrics for the overall efficiency of the system must be underlined. The study assessed three options, which can for the time being be envisaged as biometric identifiers: iris scanning, facial recognition and fingerprints and recommends the latter as main biometric identifier for identification purposes. Fingerprint technology would provide the required accuracy to identify individuals and fingerprint databases would still be used for many years, even if the biometric technology changes. The use of biometrics on such an unprecedented scale will have a significant impact on the system, both in technical and financial terms.

On the budgetary aspects, the figures are based on estimates provided by the feasibility study on technical and financial aspects of a system for the exchange of visa data between Member States, but take into account the rapid drop in prices for fingerprint matching systems. The estimates set out in the feasibility study cover the fixed costs of the central system, the CS-VIS, and for 27 NI-VIS, including their communication infrastructure, as well as the annual costs for operations, networks and human resources. These estimates for the development and operation of the “biometrics” module were extremely high. Currently, however, prices for biometric systems are dropping rapidly. Therefore, the original estimates of the feasibility study have been adapted to match these lower price trends.

In accordance to the Commission’s Work Programme 2004, an Extended Impact Assessment was launched. One of its main conclusions is that the further development of the VIS, with the processing of biometric data, is needed to ensure exact verification and identification of visa applicants. Only with the inclusion of biometric data processing in the VIS can the objectives be sufficiently reached. The Extended Impact report is annexed to the legal instrument that this financial statement accompanies.

5.1.3. Measures taken following ex post evaluation

Not applicable

5.2. Action envisaged and budget intervention arrangements

This proposal envisages the further development of the Visa Information System, in particular biometric processing.

5.2.1 Operational costs for alphanumeric and photo

The legal and financial base for the first phase has been established in Council Decision 512/2004/EC establishing the VIS, whereby an annual amount of seven million euros is foreseen for operational costs, as of 2007.

5.2.2 Investment costs for biometric processing

For the second phase, (biometric data for verification and identification purposes, including background checks) in 2003 the feasibility study estimated that an extra investment of 144 million euros would be needed. However, prices for finger print matching systems have come down dramatically. In fact, current experience shows that prices for fingerprint matching systems follow Moore’s law: every 18 months the capacity doubles for the same price. In the calculation this amounts to an annual estimated drop in price of 37%.

The price estimations in this financial statement are based on a gradual increase of capacity, with annual investments of the capacity needed for the next year, and taking into account the constant drop in prices. Thus, in the beginning of 2007 the capacity to handle the matching needed until 2008 only is budgeted. In early 2008, the extra capacity is bought for the needs until mid-2009, estimated at a price lowered by 37%.

As for the capacity of the databases, the calculations are based on the start in mid-2007 with an empty database, with gradual connection of all consular posts over a period of one year. It is estimated that mid-2008 all consular posts of all Member States will be connected. The feasibility study estimates 20 million visa requests per year, of which 30% are repeated travellers whose fingerprints are already in the VIS. The total storage capacity needed for a five year storage period will be 70 million sets of fingerprints.

Matching capacity needs will rise linearly with the number of fingerprints in the database.

The details:

+++++ TABLE +++++

It is estimated that the payments for the equipment will be done in the year of commitment, with an exception of a guarantee sum (around 10% of the price). The figures calculated might vary according to the final technical solution chosen.

5.2.3 Exploitation costs for biometric processing

In addition to the operational costs for alphanumeric and photo functionalities, extra operational costs for biometrics are foreseen.

The costs consist of extra human resources for the system management (estimated in the feasibility study at 100 000 € per year), extra network costs (700 000 €) and annual maintenance and licences. These maintenance and licence costs will depend very much on the technical solution chosen. The annual maintenance costs are estimated at 4.2 Mio € per year. As operations will start in mid-2007, the costs for 2007 will be lower.

The details:

+++++ TABLE +++++

Most of the payments will be done in the same year as the commitments.

5.2.5 National infrastructure costs

According to Article 2 (2) of Decision 2004/512 EC establishing the VIS, the national infrastructures beyond the national interfaces in the Member States shall be adapted and/or developed by the Member States. This includes the financial burden for the development of these infrastructures and the adaptation of existing national systems to the VIS, the world-wide connections to their consular posts and their equipment, shipping and training.

Cost estimates and cost-benefit analyses concerning the impacts of VIS on national infrastructures and national budgets are the responsibility of each Member State. To provide cost estimates would require a detailed analysis of every national environment and national organisation. This can only be done by Member States themselves.

5.3. Methods of implementation

Development will be carried out under direct management of the Commission using its own staff assisted by external contractors. The development of the alphanumeric functionalities of the system has been tendered. Additional technical support has also been tendered to assist Commission services in the follow up of the implementation.

A third call for tender will be launched for the biometric equipment needed.

The system shall be set up and maintained by the Commission. The Commission shall be responsible for operating the Central Visa Information System and the communication infrastructure between the Central Visa Information System and the National Interfaces. The data shall be processed by the VIS on behalf of the Member States.

Member States are closely involved in the work via the SIS II committee, in accordance with Article 5 of Decision 2004/512/EC establishing the VIS, and Article 39 of the present proposal.

In relation to the objectives of the Freedom programme, the Council has reached an agreement on the proposed external borders agency. The scope for entrusting tasks related to the management of large-scale IT systems (Eurodac, SIS II, VIS) to this agency at a later stage will be explored.

6. FINANCIAL IMPACT

6.1. Total financial impact on Part B - (over the entire programming period)

Figures in brackets are for operational costs for alphanumeric and photo functionalities and costs for external assistance for project management, audit and evaluation already covered by the financial statement annexed to Decision 2004/512/EC establishing the VIS.

The indicative global costs for the VIS for the period 2007-2013 amount to 153 Mio€, of which 97 Mio€ are covered by the present proposal and 56 Mio€ by Decision 2004/512/EC.

Commitments (in € million to three decimal places)

+++++ TABLE +++++

7. IMPACT ON STAFF AND ADMINISTRATIVE EXPENDITURE

7.1. Impact on human resources

Figures in bracket are for human and administrative resources already covered by the financial statement annexed to Decision 2004/512/EC establishing the VIS.

+++++ TABLE +++++

The needs for human and administrative resources shall be covered within the allocation granted to the managing DG in the framework of the annual allocation procedure.

7.2. Overall financial impact of human resources

+++++ TABLE +++++

The amounts are total expenditure for twelve months.

7.3. Other administrative expenditure deriving from the action

Figures below are resources already covered by the financial statement annexed to the Decision establishing the VIS and repeated for information only.

+++++ TABLE +++++

+++++ TABLE +++++

8. FOLLOW-UP AND EVALUATION

8.1. Follow-up arrangements

Deliverables are foreseen for the development envisaged in point 5.2 . Each deliverable produced will be submitted to an acceptance procedure, which will vary depending on the type of deliverable.

8.2. Arrangements and schedule for the planned evaluation

Council Decision 512/2004/EC establishing the VIS foresees that the Commission presents to the Council and the European Parliament a yearly progress report concerning the development of the VIS.

The current proposal provides the following arrangements for monitoring and evaluation:

The Commission shall ensure that systems are in place to monitor the functioning of the VIS against objectives in terms of outputs, cost-effectiveness and quality of service.

Two years after the VIS starts operations and every two years thereafter, the Commission shall submit to the European Parliament and the Council a report on the technical functioning of the VIS. This report shall include information on the performance of the VIS against quantitative indicators predefined by the Commission.

Four years after the VIS starts operations and every four years thereafter, the Commission shall produce an overall evaluation of the VIS, including examining results achieved against objectives and assessing the continuing validity of the underlying rationale and any implications for future operations. The Commission shall submit the reports on the evaluations to the European Parliament and the Council.

9. ANTI-FRAUD MEASURES

The Commission procedures for the award of contracts will be applied, ensuring compliance with Community law on public contracts.

[1] Council Document 6535/04 VISA 33 COMIX 111.

[2] Cf. point 5(c) of the declaration on combating terrorism, Council document 7764/04 JAI 94.

[3] See point 3 of the Council conclusions.

[4] OJ L 213 of 15.6.2004, p. 5.

[5] Set up by Article 5 (1) of Council Regulation (EC) No 2424/2001 (OJ L 328, 13.12.2001, p. 4).

[6] OJ L 50 of 25.2.2003, p. 1.

[7] Cf. Council conclusions of 19.2.2004, point 1(g) of the annex thereto.

[8] Cf. Articles 5(1)(e) and 15 of the Schengen Convention and CCI, introduction to part V.

[9] Cf. Council conclusions of 19.2.2004, points 2 and 3(a) of the annex thereto, including also “’national visas’ (…) of the Member States which have abolished checks at their internal borders”.

[10] OJ C 310, 19.12.2003, p. 1.

[11] OJ L 50, 25.2.2003, p. 1.

[12] According the Commission’s Work Programme 2004, COM(2003) 645final.

[13] The Working Party on the Protection of Individuals with Regard to the Processing of Personal Data, set up by Article 29 of Directive 95/46/EC of 24.10.1995, OJ L 281 of 23.11.1995, p. 31.

[14] Protocol on Article 67 annexed to the Nice Treaty.

[15] Council conclusions of 19.2.2004, point 2 of the Annex thereto.[16] OJ L 176, 10.7.1999, p. 36.

[17] OJ L 176, 10.7.1999, p. 36.

[18] OJ L 131, 1.6.2000, p. 43.

[19] OJ L 64, 7.3.2002, p. 20.

[20] Council document 13054/04.

[21] Council document 13466/04.

[22] Cf. Council conclusions of 19.2.2004, points 2 and 4 of the annex thereto, stating that “in a further step supporting documents could be scanned and processed”.

[23] Cf. the Extended Impact Assessment, point 6.2.

[24] Cf. recitals 14 and 15 of this proposal.

[25] OJ C , , p. .

[26] OJ C , , p. .

[27] OJ L 213, 15.6.2004, p. 5.

[28] OJ L 50, 25.2.2003, p. 1.

[29] OJ C 310, 19.12.2003, p. 1.

[30] OJ L 239, 22.9.2000, p. 19.

[31] OJ L 123, 9.5.2002, p. 50.

[32] OJ L 164, 14.7.1995, p. 1, amended by Council Regulation (EC) No 334/2002,OJ L 53, 23.2.2002, p. 7.

[33] OJ L 281, 23.11.1995, p. 31.

[34] OJ L 8, 12.1.2001, p. 1.

[35] OJ L 184, 17.7.1999, p. 23.

[36] OJ L 176, 10.7.1999, p. 36.

[37] OJ L 176, 10.7.1999, p. 31.

[38] OJ L 176, 10.7.1999, p. 53.

[39] OJ L 131, 1.6.2000, p. 43

[40] OJ L 64, 7.3.2002, p. 20.

[41] OJ L 239, 22.9.2000, p. 19.

[42] See point 1 of the annex to the Council conclusions of 19.2.2004.

[43] Cf. the Council conclusions of 19.2.2004, points 2 and 4 of the annex thereto.

[44] Cf. point 6.2 of the Extended Impact Assessment.

[45] Approved Destination Status, cf. the ADS Agreement with China of 12.2.2004,OJ L 83 of 20.3.2004, p. 14.

[46] Cf. Extended Impact Assessment, point 5.3, section “Reductions in fraud and visa shopping”.

[47] According the Extended Impact Assessment, point 6.1, currently about 20 % of the visa applications.

[48] Council conclusions of 19.2.2004, point 5 of the annex thereto.

[49] Cf. Article 5(1)(e) of the proposal for a Council Regulation establishing a Community Code on the rules governing the movement of persons across borders that proposal, COM(2004)391 final, which shall replace Article 5 of the Schengen Convention.

[50] OJ L 239 of 22.9.2000, p. 154.

[51] OJ L 239 of 22.9.2000, p. 151.

[52] Council conclusions of 19.2.2004, point 5 of the annex thereto.

[53] Cf. Article 21(1)(b) and (2)(e) of Regulation (EC) No 343/2003.

[54] Commission Decision 2001/844/EC, ECSC, Euratom of 29.11.2001 (OJ L 317 of 3.12.2001, p. 1).

[55] Council conclusions of 19.2.2004, point 2 of the annex thereto; for the reasons not to include scanned documents, as also foreseen by the conclusions, see point 6.2 of the Extended Impact Assessment.

[56] OJ L 176, 10. 7.1999, p. 36.

[57] OJ L 213 of 15.6.2004, p. 5.

[58] Set up by Article 5 (1) of Council Regulation (EC) No 2424/2001 (OJ L 328, 13.12.2001, p. 4).

[59] An annual amount of seven million euros is already foreseen in the financial statement annexed to the Decision 2004/512/EC establishing the VIS

[60] Operating expenditure directly derived from the feasibility study.

[61] An annual amount of one million euros is already foreseen in the financial statement annexed to the Decision 2004/512/EC establishing the VIS.