Having regard to Regulation (EU) 2020/1056 of the European Parliament and of the Council of 15 July 2020 on electronic freight transport information(1), and in particular Article 8 thereof,
Regulation (EU) 2020/1056 requires Member States to ensure that all their competent authorities have access to electronic freight transport information (‘eFTI’) in line with common procedures and detailed rules, including common technical specifications and procedures for processing regulatory information and for communicating with the economic operators in relation to that information.
In order to lay down these common procedures and rules, pursuant to Article 8 of Regulation (EU) 2020/1056, the Commission should list the main information communication technology (‘ICT’) components of the eFTI exchange environment to be provided by the Members States and detail their functional and technical specifications.
To ensure flexibility in the application of these common procedures and detailed rules, Member States should be able to decide how to organise the provision of the ICT components, provided those components comply with the respective functional and technical specifications laid down in this Regulation. More specifically, Member State may decide to set these up as separate components, or integrated in a single component or in several distinct components performing the respective functionalities. They may also set up multiple components performing the same set of functionalities.
Member States should be able to reuse existing ICT components they already developed for other digital public services, insofar as these components already provide or are adjusted to provide the required functionalities in line with the specifications, including technical requirements, where applicable, set out in this Regulation. Member States should also be able to choose to establish, develop and maintain one or more of the ICT components provided for in this Regulation jointly with other Member States.
Each Member State should be responsible for ensuring the maintenance and security of the ICT components that they set up or for which they are responsible, including for ensuring the security and confidentiality of the information processed within those components. If several Member States decide to set up and manage jointly some of these components, they should ensure that their respective responsibilities are laid down in appropriate agreements or memoranda of understanding.
Pursuant to Regulation (EU) 2020/1056 all communication within the eFTI exchange environment is to take place by means of secure connections between duly identified and authorised parties. Therefore, the common functional and technical specifications laid down in this Regulation should ensure that such requirements are met for all communication taking place among the participants in the eFTI exchange environment by means of ICT components, including with the eFTI platforms.
The number of participants in the eFTI exchange environment is expected to be high, both at the level of the competent authorities, and at the level of the economic operators concerned, who will be free to use the eFTI platforms of their choice. An adequate number of secure, authenticated and authorised connections would therefore need to be established and maintained between the ICT components of the eFTI exchange environment. To reduce the costs associated with such a high number of connections, some of the ICT components of the eFTI exchange environment to be established by the Member States should mediate this exchange by playing a gateway function, while maintaining a high level of security and compliance with applicable authorisations.
Such gateways, or ‘eFTI Gates’ should mediate the exchange of regulatory freight transport information between the economic operators concerned and the competent authorities. The eFTI Gates should ensure secure and authenticated connections to the ICT components that mediate the access of individual officers at the level of the competent authorities in a specific Member State, on the one hand, and to the eFTI platforms that hold the data to which these officers would need to have access, on the other hand. They should not store or process eFTI data, except for metadata connected to eFTI data processing such as identifiers or operation logs, and only for legitimate purposes such as routing, format validation or adaptation and for monitoring or statistical purposes.
Furthermore, to reduce the costs involved in establishing connections between eFTI platforms and an eFTI Gate, particularly for the economic operators – but also for the competent authorities, as provided for in Article 8(2) of Regulation (EU) 2020/1056 – eFTI platforms should be required to establish and maintain a secure and authenticated connection to only one eFTI Gate. That eFTI Gate should then mediate the connection to all the competent authorities in all the Member States, by means of a network of secure and authenticated connections between the different eFTI Gates.
In view of the requirement in Article 11 of Regulation (EU) 2020/1056 that Member States maintain an up-to-date list of the eFTI platforms which hold a valid certification issued by a conformity assessment body accredited in their Member State, this single connection of an eFTI platform to the network of eFTI Gates should be established with the eFTI Gate of the Member State where that platform’s certification was issued. This would facilitate and make less costly the process of verifying the validity of the certification of an eFTI platform, as part of the process of ensuring the security and authenticity of the communication with an eFTI platform. However, to accommodate situations where no conformity assessment bodies have been accredited to certify eFTI platforms in a Member State, eFTI platforms should be able to establish their single connection to the eFTI Gate of that Member State, even when they obtained the certification in other Member States.
To ensure a high level of trust in the eFTI exchange environment, Member States should remain responsible for ensuring that all access by their competent authorities to the eFTI exchange environment is duly identified, authenticated and authorised. Member States should ensure that accessing and processing by competent authorities of data made available by economic operators on eFTI platforms is allowed only following due identification and authentication of the identity of the responsible officers, as well as due authorisation based on assigned access and processing rights of the officers, based on their respective responsibilities in relation to the EU and national provisions falling under the scope of Regulation (EU) 2020/1056. For that purpose, Member States should ensure that all competent authorities establish and maintain registries that keep updated records of the access and processing rights of each responsible officer, and that all requests for accessing and processing eFTI data include references to the access and processing rights of the officer responsible for the request. Those access and processing rights should be expressed as coded references to minimise the transfer of the personal data of the officers, as defined by Regulation (EU) 2016/679 of the European Parliament and of the Council(2). Member States should also ensure that their competent authorities take any necessary measures, such as testing, trainings and audits, to ensure that their officers access and process data in compliance with applicable EU and national rules on data privacy and commercial confidentiality.
Regulation (EU) 2020/1056 requires the economic operators concerned to communicate to the competent authorities the ‘unique electronic identifying link’ to the machine-readable eFTI data corresponding to the regulatory information. Procedurally, this communication should be done in two ways, and the ICT components to be set up by the Member States should support both procedures. The competent authorities should be able to choose either procedure when requesting access to eFTI data to perform regulatory information checks.
Firstly, in line with current paper-based compliance check procedures, the economic operators concerned should be able to communicate directly to the competent authority the unique electronic identifying link during checks performed in physical presence, either during the transport operation or during checks performed at the premises of the economic operator, where applicable EU or national provisions provide for the possibility of checks after the completion of transport operations. To facilitate processing by the competent authorities, the unique electronic identifying link should be communicated in a machine-readable format such as a bar code or QR code, displayed on the screen of an electronic handheld device such as a mobile phone or tablet, or printed on paper. Member States’ authorities should be able to decide to accept that, during physical checks of ongoing transport operations, the economic operator may on an exceptional basis communicate the unique electronic identifying link by email or other electronic messaging application, in situations where the link could not be directly displayed by the operator on screen or on paper. For checks performed at the premises of the economic operators, when the number of transport operations to be inspected is substantially higher, competent authorities should be able to choose to receive the unique electronic identifying links via email or other electronic messaging application, to facilitate and optimise the processing of these links. The choice of these additional communication means should remain with the respective competent authorities.
Secondly, and more compatible with a future where processes are increasingly automated, economic operators should communicate the unique electronic identifying link by publishing it in an electronic repository, or registry, together with certain identifiers, such as the unique identification of the means of transport, derived from the eFTI data set associated with that unique electronic identifying link. Competent authorities could then retrieve that link from the registry by running a query based on those identifiers. This would enable competent authorities to check the information on the goods being transported on a truck, train or barge without physically stopping or boarding the means of transport and, where relevant, apply follow-up measures in accordance with national law. It would also allow competent authorities to more easily or reliably retrieve the information on multiple transport operations performed by a given means of transport, in a given time period, such as in the case of road cabotage checks, in line with the provisions of Regulation (EC) No 1072/2009 of the European Parliament and of the Council(3).
To ensure the interoperability and security of the information exchange between the eFTI Gates set up by the different Member States, and between the eFTI Gates and the eFTI platforms, a set of harmonised standards and specifications for message exchange, including the configuration of message exchange agreements, business processes, data formats, identifiers and security certificates should be used within the eFTI environment. Member States should also agree on secure procedures for the exchange of the security certificates, such as by means of a custom-built system or secure file transfer protocol.
To reduce the costs and the time taken to set up the eFTI Gates and the other ICT components, Member States should, to the extent possible, rely on open standards maintained by European or international organisations, and on reusable solutions. For message exchange formats, the most widely used, internationally accepted open standards are XML and JSON. While JSON is a more recent and, in certain respects, simpler to implement format, XML is the most common format used by the ICT systems of competent authorities in most Member States. Therefore, to allow Member States to re-use existing solutions and thus reduce their initial implementation costs, all communication between eFTI Gates and between eFTI Gates and eFTI platforms should be done using a single message exchange format, the XML. Similarly, the standards for secure message exchanges maintained by the Commission as part of the eDelivery digital building block(4), and in particular the eDelivery AS4 profile, provide a cost-efficient technical solution that Member States already have experience in implementing.
At the same time, Member States should be able to reuse message exchange standards and solutions already in use for other digital public services for the communication between the eFTI Gate and the eFTI platforms set up in that Member State, in addition to eDelivery. The detailed requirements and standards underlying those solutions should be made publicly available to enable their implementation by interested eFTI platforms developers, and to enable the accredited conformity assessment bodies to assess their compliance with the specifications.
Similarly, to allow competent authorities’ officers to make use of the ICT components that constitute the point of access, or the ‘authority access points’, to the eFTI environment, Member States should be able to make use of existing electronic solutions that ensure the identification and authentication of the identity of officers when accessing other national digital public services that give access to personal or commercial data of third parties. These solutions should rely, where available, on the means of electronic identification set out in Regulation (EU) No 910/2014 of the European Parliament and of the Council(5).
In the same spirit, Member States should be able to re-use any other existing components of their competent authorities’ ICT systems that perform similar functions to those specified in this Regulation, such as authorisation registries, provided they are adapted in line with the specific requirements laid down in this Regulation.
To make it as easy as possible for competent authority officers to use the eFTI exchange environment and to facilitate their analysis of the eFTI data made available by economic operators on an eFTI platform, Member States should be able to tailor the user application and its graphical user interface to the needs of their officers. Member States should also be able to introduce additional functionalities to be supported by the user applications, such as the use of smart algorithms that can pre-process the eFTI data, also combining information from other electronic sources, should they so wish.
The continuous and smooth functioning of the eFTI environment requires that any operational issues related to the ICT components set up by the Member States be speedily resolved. To help ensure that, the Member States and the Commission should establish a network of technical support, consisting of dedicated helpdesks at national and, respectively, Union level. This network should establish clear communication procedures and ensure synchronised minimum periods of availability to enable quick reaction to any possible incidents and downtimes which may affect the functioning of the eFTI exchange environment. Those technical support contact points should have the powers and sufficient human and financial resources to enable them to carry out their tasks. Based on activity reports, helpdesks may publish aggregated information on dedicated helpdesk dashboards. The minimum periods of common availability of the helpdesks should be periodically revised, to allow adjusting their activity and efficiently allocate resources.
The ICT components to be set up by the Member States will work as integral components of the wider eFTI exchange environment. That means that the establishment and maintenance of these components should rely on coordinated efforts, based on a harmonised interpretation of the specifications laid down in this Regulation. To this end, Member States should also create a network of operational support, in cooperation with the Commission, in the form of a dedicated group of experts. To harness the expertise and experience developed within the Digital Transport and Logistics Forum (DTLF), the expert group set up by the Commission(6) to assist in the development and implementation of the Union’s activities and programmes aimed at the digitalisation of the transport and logistics sector, that group of experts should be set up as a subgroup of the DTLF.
To facilitate Members States’ implementation efforts and ensure uniform implementation of these specifications, it is envisaged to complement this Regulation by more detailed, non-binding technical support documents drawn up by the Commission in cooperation with the Member States within this dedicated group of experts.
The measures provided for in this Regulation are in accordance with the opinion of the Digital Transport and Trade Facilitation Committee,