Ga verder naar contentGa verder naar content en skip ook inhoudsopgave
In- en Uitvoer
Home

Commission Implementing Decision (EU) 2025/1274 of 30 June 2025 laying down rules for the application of Regulation (EU) 2023/969 of the European Parliament and of the Council, as regards the necessary measures for the technical implementation of the joint investigation teams collaboration platform

Commission Implementing Decision (EU) 2025/1274 of 30 June 2025 laying down rules for the application of Regulation (EU) 2023/969 of the European Parliament and of the Council, as regards the necessary measures for the technical implementation of the joint investigation teams collaboration platform

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) 2023/969 of the European Parliament and of the Council of 10 May 2023 establishing a collaboration platform to support the functioning of joint investigation teams and amending Regulation (EU) 2018/1726(1), and in particular Article 6, first paragraph, points (a) to (g), thereof,

Whereas:

  1. Regulation (EU) 2023/969 established a collaboration platform to support the functioning of joint investigation teams (‘the JITs collaboration platform’, or ‘the platform’). The Regulation also laid down rules on the division of responsibilities between the JITs collaboration platform users, the conditions under which those users may be granted access to the platform, as well as specific provisions on data protection necessary to supplement the existing data protection arrangements.

  2. Before the JITs collaboration platform is developed, it is necessary to adopt a number of measures for its technical implementation and, in particular, on the platform’s functionalities required for the coordination and management of a JIT and for secure communications, specifications of the connection between the centralised information system and the relevant IT tools that support the functioning of JITs and are managed by the JITs Network Secretariat, security aspects, logs, information and statistics, as well as performance and availability requirements.

  3. Based on those measures, the European Union Agency for the Operational Management of Large-Scale IT systems in the Area of Freedom, Security and Justice (eu-LISA), which is responsible for the design and development of the platform, should then be able to design the physical architecture of the JITs collaboration platform, including its technical specifications.

  4. To ensure the confidentiality and security of investigations, the platform should consist of isolated JIT collaboration spaces, each of them representing one individual JIT. The platform should not allow any interactions between these individual JIT collaboration spaces.

  5. Access to the functionalities of the platform should be determined through user profiles assigned to all individual JITs collaboration platform users.

  6. Once eu-LISA has received the respective JIT agreement, including any appendices, it should initiate the process of creating the new JIT collaboration space for that JIT, and grant access to the future JIT collaboration space to the Member State administrator or administrators, and the EPPO administrator or administrators. Afterwards, each Member State administrator or each EPPO administrator should be able to create the relevant JIT collaboration space.

  7. To ensure appropriate management of the JIT collaboration spaces, each JIT collaboration space should allow for the designation of one or several Member State administrator or administrators, and EPPO administrator or administrators, each representing one or more Member States, who should have equal rights as regards managing the rights of the JITs collaboration platform users.

  8. Within the rules set out in the JIT agreement, the Member State administrator or administrators, the EPPO administrator or administrators, or the JITs Network Secretariat administrator or administrators, may change the user profiles of the individual JITs collaboration platform users, or grant or remove their access to the relevant JIT collaboration space.

  9. eu-LISA, in consultation with the JITs CP Advisory Group, should set out the business and technical specifications of the centralised information system’s and communication software’s functionalities, as well as of the connection between the centralised information system and the relevant IT tools that support the functioning of JITs and are managed by the JITs Network Secretariat.

  10. The ‘evidence traceability’ functionality should allow keeping track of all evidence exchanged through the JITs collaboration platform, including its access and processing. Enabling or disabling the ‘evidence traceability’ functionality should not affect the technical logs provided for in Article 25 of Regulation (EU) 2023/969 and Article 9 of this Decision.

  11. Since the platform should ensure a high level of security, eu-LISA should take all necessary technical and organisational measures to quickly and effectively handle any suspicious activity and security incidents.

  12. The platform should contain a centralised log repository, accessible only to eu-LISA, to securely store and monitor infrastructure and technical logs.

  13. To ensure that the use of the platform is monitored, it should automatically produce daily statistics. The statistics should not contain any personal data or make it possible to identify individual JITs collaboration platform users or the data they exchange.

  14. To ensure the platform’s reliability, the availability ratio of the centralised information system and the communication software should be at least 97,6 %, calculated over a calendar year.

  15. To get the necessary assistance, the JITs collaboration platform users should be able, via the centralised information system, to submit technical support requests to eu-LISA, and business support requests to the JITs Network Secretariat.

  16. In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark did not take part in the adoption of Regulation (EU) 2023/969 and is not bound by it or subject to its application. Denmark is therefore not bound by this Decision or subject to its application.

  17. Ireland is bound by Regulation (EU) 2023/969 and is therefore taking part in the adoption of this Decision.

  18. The European Data Protection Supervisor delivered an opinion on 17 March 2025.

  19. The measures provided for in this Decision are in accordance with the opinion of the Joint Investigation Teams Collaboration Platform Committee,

HAS ADOPTED THIS DECISION:

Article 1 General rules

1.

Only one JIT collaboration space may be created on the platform for each individual joint investigation team (JIT).

2.

The platform shall not allow for any interactions or cross-cutting functionalities between the individual JIT collaboration spaces.

3.

A JIT collaboration space may be created, or may function, only if JIT members representing at least two Member States are granted access to it.

Article 2 User profiles

1.

For every JIT collaboration space, each individual JITs collaboration platform user shall, in accordance with the rules laid down in paragraphs 2 to 6, be assigned only one of the following user profiles:

  1. standard user;

  2. limited access user, including access to the communication software;

  3. limited access user, excluding access to the communication software;

  4. communication software user;

  5. JITs Network Secretariat support;

  6. JITs Network Secretariat administrator;

  7. Member State administrator;

  8. EPPO administrator; or

  9. eu-LISA technical administrator.

2.

The ‘standard user’, ‘limited access user, including access to the communication software’, ‘limited access user, excluding access to the communication software’, and the ‘communication software user’ profiles shall be assigned only to JIT members, Eurojust, Europol, OLAF and other competent Union bodies, offices and agencies, or representatives of an international judicial authority that participates in a JIT.

3.

The ‘JITs Network Secretariat support’ profile and the ‘JITs Network Secretariat administrator’ profile may be assigned to the same individual JITs collaboration platform user. Those user profiles shall be assigned only to representatives of the JITs Network Secretariat.

4.

The ‘Member State administrator’ profile shall be assigned only to JIT members who represent Member States bound by Regulation (EU) 2023/969.

5.

The ‘EPPO administrator’ profile shall be assigned only to EPPO JIT members.

6.

The ‘eu-LISA technical administrator’ profile shall be assigned only to representatives of eu-LISA.

7.

Unless explicitly restricted by this Decision, all functionalities of the platform shall be available to all user profiles.

Article 3 Administration

1.

In the context of the technical support referred to in Article 13(3) of Regulation (EU) 2023/969, the eu-LISA technical administrator shall initiate the creation of a JIT collaboration space, provided that eu-LISA has received the respective JIT agreement, including any appendices, in accordance with Article 7(1), (2) and (3) of this Decision.

2.

Before a JIT collaboration space is created, the eu-LISA technical administrator shall assign the ‘Member State administrator’ or the ‘EPPO administrator’ profile, and shall grant access to that future space, to the JIT space administrators designated in the respective JIT agreement. Once the JIT collaboration space has been created, the eu-LISA technical administrator shall no longer be involved in the management of access rights for that particular JIT collaboration space, except in the cases referred to in paragraph 5 of this Article and in Article 8(4).

3.

Once a JIT collaboration space has been created, the Member State administrator or administrators, and the EPPO administrator or administrators, may grant representatives of the JITs Network Secretariat access to that space by assigning them the ‘JITs Network Secretariat administrator’ profile.

4.

Only the Member State administrator or administrators, the EPPO administrator or administrators, or the JITs Network Secretariat administrator or administrators may assign the ‘Member States administrator’, ‘EPPO administrator’, ‘JITs Network Secretariat administrator’, ‘standard user’, ‘limited access user, including access to the communication software’, ‘limited access user, excluding access to the communication software’, ‘communication software user’ and ‘JITs Network Secretariat support’ profiles to the individual JITs collaboration platform users and may grant them access to the relevant JIT collaboration space.

5.

If none of the Member State administrators can access a JIT collaboration space that has been created, the eu-LISA technical administrator may grant access to that space to a new Member State administrator or administrators, provided that eu-LISA receives an amended JIT agreement.

6.

Each JIT collaboration space shall have at least one Member State administrator at any given moment of its operation.

7.

There may be several Member State administrators from the same Member State in each JIT collaboration space.

8.

Each JITs collaboration platform user assigned the ‘Member State administrator’ or the ‘EPPO administrator’ profile shall have equal rights as regards managing the rights of the JITs collaboration platform users to access the relevant JIT collaboration space.

Article 4 The centralised information system

1.

The centralised information system shall have the following functionalities, in particular:

  1. management of the JITs collaboration platform;

  2. management of the JIT collaboration space;

  3. management of the personal information and settings of the JITs collaboration platform users’;

  4. a JIT collaboration space dashboard;

  5. email and in-platform notifications;

  6. search;

  7. upload and download of operational data, individually or in batches;

  8. upload and download of non-operational data, individually or in batches;

  9. evidence traceability;

  10. management of files;

  11. calendar and management of tasks;

  12. an information board;

  13. JIT funding information referred to in Article 6(4);

  14. administrative reporting;

  15. machine translation of non-operational data;

  16. evaluation of a JIT;

  17. technical and business support;

  18. training courses and user manuals; and

  19. statistics.

2.

eu-LISA, in consultation with the Advisory Group referred to in Article 12 of Regulation (EU) 2023/969 (‘JITs CP Advisory Group’), shall set out the business and technical specifications of the functionalities referred to in paragraph 1, in accordance with the requirements set out in this Decision.

3.

The ‘management of the JITs collaboration platform’ functionality shall be available only to the ‘eu-LISA technical administrator’ profile.

4.

The ‘management of the JIT collaboration space’ functionality shall be available only to the ‘Member State administrator’, ‘EPPO administrator’ and ‘JITs Network Secretariat administrator’ profiles.

5.

The functionality of uploading and downloading operational data shall be available only to the ‘Member State administrator’, ‘EPPO administrator’ and ‘standard user’ profiles.

6.

The ‘evidence traceability’ functionality shall be available only to the ‘Member State administrator’, ‘EPPO administrator’ and ‘standard user’ profiles, except for the standard users who are not JIT members.

7.

All other functionalities of the centralised information system shall be available only to the ‘Member State administrator’, ‘EPPO administrator’, ‘JITs Network Secretariat administrator’, ‘standard user’, ‘limited access user, including access to the communication software’, ‘limited access user, excluding access to the communication software’ and ‘JITs Network Secretariat support’ profiles, except for the technical and business support functionality, as well as the notifications functionality, which shall also be available to the ‘communication software user’.

8.

The functionality of uploading and downloading operational data to and from the centralised information system shall enable the JITs collaboration platform users to transmit files in all formats and up to a set size limit, and to exchange harmful files under stringent security conditions and appropriate operating procedures. The technical specifications of the size limit shall be set by eu-LISA in consultation with the JITs CP Advisory Group, taking into account the needs of JIT members and the issue of evidence admissibility. The operating procedures for exchanging harmful files shall be set out by eu-LISA.

9.

In order to upload or download extraordinarily large volumes of operational data, the JITs collaboration platform users shall make use of a dedicated IT tool provided by eu-LISA. The technical specifications of that tool, as well as the size threshold above which the tool shall be used when uploading or downloading operational data, shall be set by eu-LISA in consultation with the JITs CP Advisory Group.

10.

When uploading operational data, each JITs collaboration platform user shall indicate one or more data recipients and set a deadline for downloading the data, which shall not exceed the period referred to in Article 21(1) of Regulation (EU) 2023/969. As soon as the process of downloading has been completed by all recipients or, at the latest, upon expiry of the deadline, the uploaded data shall be automatically and permanently erased from the centralised information system.

11.

The functionality of uploading and downloading non-operational data shall enable the JITs collaboration platform users to exchange files only in predefined formats and up to a set size limit. The technical specifications of these aspects shall be set out by eu-LISA in consultation with the JITs CP Advisory Group.

12.

It shall be optional for each JITs collaboration platform user to make use of the ‘evidence traceability’ functionality, which may be enabled only before the user’s first access to a given JIT collaboration space. The evidence traceability log shall contain only the data uploaded to or downloaded from a given JIT collaboration space by that user.

13.

The ‘machine translation of non-operational data’ functionality may be used in the context of the following functionalities:

  1. management of files;

  2. evaluation of a JIT; and

  3. technical and business support.

14.

If the ‘machine translation of non-operational data’ functionality uses artificial intelligence, eu-LISA shall inform the JITs collaboration platform users of the use of such technology and of the accuracy of the results.

15.

The ‘evaluation of a JIT’ functionality may be used even if the platform was not used in the operational phase of the JIT. It shall provide for two distinct processes, namely collaborative and user-by-user evaluations.

16.

Operational data transmitted from and to the centralised information system and stored therein shall not be backed up by the platform and shall be end-to-end encrypted in transit and at rest.

17.

Non-operational data transmitted from and to the centralised information system and stored therien shall be regularly backed up by the platform and shall be end-to-end encrypted in transit.

18.

For each JIT collaboration space, the centralised information system shall allow only the ‘Member State administrator’, ‘EPPO administrator’ and ‘standard user’ profiles to view the respective JIT agreement.

19.

With the exception of the languages of the Member States not bound by this Decision, the interface of the centralised information system shall be available in all official languages of the Union.

Article 5 Communication software

Article 6 The connection between the centralised information system and the relevant IT tools that support the functioning of JITs and are managed by the JITs Network Secretariat

Article 7 Transmission of JIT agreements to eu-LISA

Article 8 Security

Article 9 Logs

Article 10 Statistics and reporting information

Article 11 Performance and availability

Article 12 Support services

Article 13 Entry into force

ANNEX