THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816(1), and in particular Article 38(3) thereof,
Whereas:
Regulation (EU) 2019/818, together with Regulation (EU) 2019/817 of the European Parliament and of the Council(2) establishes a framework to ensure interoperability between the EU information systems in the field of borders, visa, police and judicial cooperation, asylum and migration.
Those Regulations provide for a universal message format (UMF) to serve as a standard for structured, cross-border information exchange between information systems, authorities or organisations in the field of Justice and Home Affairs.
It is necessary to lay down specific UMF rules for the development of Eurodac, ECRIS-TCN, the European search portal (ESP), the common identity repository (CIR) and the multiple-identity detector (MID) as provided for in Regulation (EU) 2019/818, and to have a specific provision for labelling data fields for the systems that are in the scope of interoperability.
Given that Regulation (EU) 2019/818 builds upon the Schengen acquis, in accordance with Article 4 of Protocol No 22 on the Position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark notified the implementation of Regulation (EU) 2019/818 in its national law. It is therefore bound by this Decision.
This Decision constitutes a development of the provisions of the Schengen acquis in which Ireland does not take part(3); Ireland is therefore not taking part in the adoption of this Decision and is not bound by it or subject to its application.
As regards Iceland and Norway, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis(4) which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC(5).
As regards Switzerland, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis(6), which fall within the area referred to in Article 1, point A of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/146/EC(7).
As regards Liechtenstein, this Decision constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis(8) which fall within the area referred to in Article 1, point A of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU(9).
As regards Cyprus, Bulgaria and Romania, this Decision constitutes an act building upon, or otherwise relating to, the Schengen acquis within, respectively, the meaning of Article 3(1) of the 2003 Act of Accession and Article 4(1) of the 2005 Act of Accession.
The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council(10) and delivered an opinion on 2 August 2022.
The measures provided for in this Decision are in accordance with the opinion of the Committee established by Article 70(1) of Regulation (EU) 2019/818,
HAS ADOPTED THIS DECISION:
For the purposes of this Decision,
‘information system’ means a central or national data processing systems and any of the following interoperability components: the European search portal (ESP), the common identity repository (CIR) and the multiple-identity detector (MID).
The universal message format (UMF) standard for cross-border information exchange between authorities or organisations in the field of Justice and Home Affairs shall be as set out in Annex I.
The UMF standard shall be used, if appropriate, in the development by the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA) or by any other Union agency for new information exchange models and information systems in the area of Justice and Home Affairs.
The elements set out in Annex II, derived from the universal message format (UMF) standard, shall be used in the development of the Eurodac, the European Criminal Records Information System for third-country nationals (ECRIS-TCN), and the following interoperability components: the ESP, the CIR and the MID.
The UMF standard may be used for information exchange between information systems, authorities or organisations in the field of Justice and Home Affairs.
The UMF standard shall be used to describe information exchanged between information systems in the field of Justice and Home Affairs without prejudice to the specific provisions related to the interoperability components laid down in Articles 4 and 5.
The UMF standard shall not be mandatory for the description of data elements stored in an information system or database.
The UMF standard shall be used to describe and label the identity, travel document and biometric data queried and received via the ESP.