EUR-Lex Access to European Union law
This document is an excerpt from the EUR-Lex website
The legislation applies to the processing of identity information of non-EU nationals with previous convictions* in one of the Member States, in order to determine which Member State handed down the sentence. It applies equally to EU citizens who also hold non-EU nationality. Information on the conviction itself can only be obtained from the convicting Member State.
The technical architecture of ECRIS-TCN consists of:
An implementing act, Commission Implementing Decision (EU) 2022/2470, lays down measures necessary for the technical development and implementation of ECRIS-TCN. It sets out the specifications for processing alphanumeric and fingerprint data, data quality, entering the data, accessing and querying ECRIS-TCN, keeping and accessing logs and providing statistics, along with performance and availability requirements of ECRIS-TCN.
National central authorities* must create a data record in ECRIS-TCN as quickly as possible for each non-EU national they convict. This contains:
National central authorities can use ECRIS-TCN to identify the Member State holding criminal record information on a non-EU national, in order to subsequently obtain information on an individual’s previous convictions via ECRIS, when this is required for the purposes of criminal proceedings against that individual or for:
The EPPO, Eurojust and Europol:
Non-EU countries and international organisations may ask Eurojust for information as to which Member States may hold criminal records of a non-EU national concerned, only for the purposes of criminal proceedings. If there is a hit, and the Member State concerned consents, Eurojust informs the non-EU country or international organisation which Member State is concerned, so that they may ask that Member State for the relevant extracts from the criminal records.
Data:
eu-LISA is responsible for:
Member States are responsible for:
An individual or a Member State suffering damage from behaviour incompatible with the regulation may receive compensation from:
Non-EU nationals may contact a Member State’s central authority to request access to their personal data, its correction, erasure or restriction on its use.
Penalties or disciplinary measures apply with respect to any misuse of data entered in ECRIS-TCN.
The European Data Protection Supervisor monitors eu-LISA’s personal data-processing activities and produces an audit at least every 3 years for the Parliament, the Council and the Commission.
For further information, see:
Regulation (EU) 2019/816 of the European Parliament and of the Council of 17 April 2019 establishing a centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN) to supplement the European Criminal Records Information System and amending Regulation (EU) 2018/1726 (OJ L 135, 22.5.2019, pp. 1–26).
Successive amendments to Regulation (EU) 2019/816 have been incorporated into the original text. This consolidated version is of documentary value only.
Commission Implementing Decision (EU) 2022/2470 of 14 December 2022 laying down measures necessary for the technical development and implementation of the centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN) (OJ L 322, 16.12.2022, pp. 107–121).
Regulation (EU) 2021/1133 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EU) No 603/2013, (EU) 2016/794, (EU) 2018/1862, (EU) 2019/816 and (EU) 2019/818 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the Visa Information System (OJ L 248, 13.7.2021, pp. 1–10).
Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (OJ L 135, 22.5.2019, pp. 85–135).
See consolidated version.
Regulation (EU) 2018/1727 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for Criminal Justice Cooperation (Eurojust), and replacing and repealing Council Decision 2002/187/JHA (OJ L 295, 21.11.2018, pp. 138–183).
See consolidated version.
Regulation (EU) 2018/1726 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), and amending Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) No 1077/2011 (OJ L 295, 21.11.2018, pp. 99–137).
See consolidated version.
Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, pp. 39–98).
Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, pp. 1–71).
See consolidated version.
Council Regulation (EU) 2017/1939 of 12 October 2017 implementing enhanced cooperation on the establishment of the European Public Prosecutor’s Office (‘the EPPO’) (OJ L 283, 31.10.2017, pp. 1–71).
See consolidated version.
Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA (OJ L 135, 24.5.2016, pp. 53–114).
See consolidated version.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, pp. 1–88).
See consolidated version.
Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, pp. 89–131).
See consolidated version.
Council Framework Decision 2009/315/JHA of 26 February 2009 on the organisation and content of the exchange of information extracted from the criminal record between Member States (OJ L 93, 7.4.2009, pp. 23–32).
See consolidated version.
Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) (OJ L 218, 13.8.2008, pp. 60–81).
See consolidated version.
last update 10.05.2023