Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences

For the purposes of this Decision, the following definitions shall apply:

1. ‘Visa Information System (VIS)’ means the Visa Information System as established by Decision 2004/512/EC;

2. ‘Europol’ means the European Police Office as established by the Convention of 26 July 1995 on the Establishment of a European Police Office (the Europol Convention);

3. ‘terrorist offences’ means the offences under national law which correspond or are equivalent to the offences in Articles 1 to 4 of Council Framework Decision 2002/475/JHA of 13 June 2002 on combating terrorism⁽¹⁾;

4. ‘serious criminal offences’ means the forms of crime which correspond or are equivalent to those referred to in Article 2(2) of Framework Decision 2002/584/JHA;

5. ‘designated authorities’ means authorities which are responsible for the prevention, detection or investigation of terrorist offences or of other serious criminal offences and designated by the Member States pursuant to Article 3.

The definitions in Regulation (EC) No 767/2008 shall also apply.

Member States shall designate the authorities referred to in Article 2(1)(e) which are authorised to access VIS data pursuant to this Decision.

Every Member State shall keep a list of the designated authorities. By 2 December 2008 every Member State shall notify in a declaration to the Commission and the General Secretariat of the Council their designated authorities and may at any time amend or replace its declaration by another declaration.

Every Member State shall designate the central access point(s) through which the access is done. Member States may designate more than one central access point to reflect their organisational and administrative structure in fulfilment of their constitutional or legal requirements. By 2 December 2008 every Member State shall notify in a declaration to the Commission and the General Secretariat of the Council their central access point(s) and may at any time amend or replace its declaration by another declaration.

The Commission shall publish the declarations referred to in paragraphs 2 and 3 in the Official Journal of the European Union.

At national level, each Member State shall keep a list of the operating units within the designated authorities that are authorised to access the VIS through the central access point(s).

Only duly empowered staff of the operational units as well as the central access point(s) shall be authorised to access the VIS in accordance with Article 4.

Where the conditions of Article 5 are fulfilled the operating units referred to in Article 3(5) shall submit a reasoned written or electronic request to the central access points referred to in Article 3(3) to access the VIS. Upon receipt of a request for access the central access point(s) shall verify whether the conditions for access referred to in Article 5 are fulfilled. If all conditions for access are fulfilled, the duly authorised staff of the central access point(s) shall process the requests. The VIS data accessed shall be transmitted to the operating units referred to in Article 3(5) in such a way as not to compromise the security of the data.

In an exceptional case of urgency, the central access point(s) may receive written, electronic or oral requests. In such cases, the central access point(s) shall process the request immediately and only verify ex-post whether all the conditions of Article 5 are fulfilled, including whether an exceptional case of urgency existed. The ex-post verification shall take place without undue delay after the processing of the request.

Access to the VIS for consultation by designated authorities shall take place within the scope of their powers and if the following conditions are met:

1. access for consultation must be necessary for the purpose of the prevention, detection or investigation of terrorist offences or other serious criminal offences;

2. access for consultation must be necessary in a specific case;

3. there are reasonable grounds to consider that consultation of VIS data will substantially contribute to the prevention, detection or investigation of any of the criminal offences in question.

In cases where the designated authorities have launched a query of the common identity repository (CIR) in accordance with Article 22 of Regulation (EU) 2019/817 of the European Parliament and of the Council⁽²⁾, and where the conditions for access laid down in this Article are met, they may access the VIS for consultation where the reply received as referred to in Article 22(2) of that Regulation reveals that data are stored in the VIS.

Consultation of the VIS shall be limited to searching with any of the following VIS data in the application file:

1. surname, surname at birth (former surname(s)); first name(s); sex; date, place and country of birth;

2. current nationality and nationality at birth;

3. type and number of the travel document, the authority which issued it and the date of issue and of expiry;

4. main destination and duration of the intended stay;

5. purpose of travel;

6. intended date of arrival and departure;

7. intended border of first entry or transit route;

8. residence;

9. fingerprints;

10. type of visa and the number of the visa sticker;

11. details of the person issuing an invitation and/or liable to pay the applicant's subsistence costs during the stay.

Consultation of the VIS shall, in the event of a hit, give access to all of the data listed in paragraph 2 as well as to:

1. any other data taken from the application form;

2. photographs;

3. the data entered in respect of any visa issued, refused, annulled, revoked or extended.