- Latest available (Revised)
- Original (As adopted by EU)
Regulation (EU) 2018/1862 of the European Parliament and of the CouncilShow full title
Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU
You are here:
- Regulations originating from the EU
- 2018 No. 1862
- CHAPTER XVIII
What Version
Advanced Features
- Show Geographical Extent(e.g. England, Wales, Scotland and Northern Ireland)
- Show Timeline of Changes
More Resources
Revised version PDFs
- Revised 11/06/20190.64 MB
Legislation originating from the EU
When the UK left the EU, legislation.gov.uk published EU legislation that had been published by the EU up to IP completion day (31 December 2020 11.00 p.m.). On legislation.gov.uk, these items of legislation are kept up-to-date with any amendments made by the UK since then.
This item of legislation originated from the EU
Legislation.gov.uk publishes the UK version. EUR-Lex publishes the EU version. The EU Exit Web Archive holds a snapshot of EUR-Lex’s version from IP completion day (31 December 2020 11.00 p.m.).
Changes over time for: CHAPTER XVIII
Changes to legislation:
There are outstanding changes not yet made to Regulation (EU) 2018/1862 of the European Parliament and of the Council. Any changes that have already been made to the legislation appear in the content and are referenced with annotations.
Changes to Legislation
Revised legislation carried on this site may not be fully up to date. Changes and effects are recorded by our editorial team in lists which can be found in the ‘Changes to Legislation’ area. Where those effects have yet to be applied to the text of the legislation by the editorial team they are also listed alongside the legislation in the affected provisions. Use the ‘more’ link to open the changes and effects relevant to the provision you are viewing.
Changes and effects yet to be applied to Chapter XVIII:
- Regulation revoked in part by S.I. 2019/742, reg. 119(2)(h) (as inserted) by S.I. 2020/1408 reg. 35(b)
CHAPTER XVIII U.K. Final provisions
Article 74U.K.Monitoring and statistics
1.eu-LISA shall ensure that procedures are in place to monitor the functioning of SIS against objectives relating to output, cost-effectiveness, security and quality of service.
2.For the purposes of technical maintenance, reporting, data quality reporting and statistics, eu-LISA shall have access to the necessary information relating to the processing operations performed in Central SIS.
3.eu-LISA shall produce daily, monthly and annual statistics showing the number of records per category of alerts, both for each Member State and in aggregate. eu-LISA shall also provide annual reports on the number of hits per category of alert, how many times SIS was searched and how many times SIS was accessed for the purpose of entering, updating or deleting an alert, both for each Member State and in aggregate. The statistics produced shall not contain any personal data. The annual statistical report shall be published.
4.Member States, Europol, Eurojust and the European Border and Coast Guard Agency shall provide eu-LISA and the Commission with the information necessary to draft the reports referred to in paragraphs 3, 6, 8 and 9.
5.This information shall include separate statistics on the number of searches carried out by, or on behalf of, the services in the Member States responsible for issuing vehicle registration certificates and the services in the Member States responsible for issuing registration certificates or ensuring traffic management for boats, including boat engines; and aircraft, including aircraft engines; and firearms. The statistics shall also show the number of hits per category of alert.
6.eu-LISA shall provide the European Parliament, the Council, the Member States, the Commission, Europol, Eurojust, the European Border and Coast Guard Agency and the European Data Protection Supervisor with any statistical reports that it produces.
In order to monitor the implementation of Union legal acts, including for the purposes of Regulation (EU) No 1053/2013, the Commission may request that eu-LISA provide additional specific statistical reports, either on a regular or ad hoc basis, on the performance of SIS, the use of SIS and on the exchange of supplementary information.
The European Border and Coast Guard Agency may request that eu-LISA provide additional specific statistical reports for the purpose of carrying out risk analyses and vulnerability assessments as referred to in Articles 11 and 13 of Regulation (EU) 2016/1624, either on a regular or ad hoc basis.
[F17. For the purpose of Article 15(4) and of paragraphs 3, 4 and 6 of this Article, eu-LISA shall store data referred to in Article 15(4) and in paragraph 3 of this Article which shall not allow for the identification of individuals in the central repository for reporting and statistics referred to in Article 39 of Regulation (EU) 2019/818.
eu-LISA shall allow the Commission and the bodies referred to in paragraph 6 of this Article to obtain bespoke reports and statistics. Upon request, eu-LISA shall grant access to the central repository for reporting and statistics in accordance with Article 39 of Regulation (EU) 2019/818 to Member States, the Commission, Europol, and the European Border and Coast Guard Agency.]
8.Two years after the date of application of this Regulation pursuant to the first subparagraph of Article 79(5) and every two years thereafter, eu-LISA shall submit to the European Parliament and to the Council a report on the technical functioning of Central SIS and of the Communication Infrastructure, including their security, on the AFIS and on the bilateral and multilateral exchange of supplementary information between Member States. This report shall also contain, once the technology is in use, an evaluation of the use of facial images to identify persons.
9.Three years after the date of application of this Regulation pursuant to the first subparagraph of Article 79(5) and every four years thereafter, the Commission shall carry out an overall evaluation of Central SIS and the bilateral and multilateral exchange of supplementary information between Member States. That overall evaluation shall include an examination of results achieved against objectives, and an assessment of the continuing validity of the underlying rationale, the application of this Regulation in respect of Central SIS, the security of Central SIS and any implications for future operations. The evaluation report shall also include an assessment of the AFIS and the SIS information campaigns carried out by the Commission in accordance with Article 19.
The Commission shall transmit the evaluation report to the European Parliament and to the Council.
10.The Commission shall adopt implementing acts to lay down detailed rules on the operation of the central repository referred to in paragraph 7 of this Article and the data protection and security rules applicable to that repository. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 76(2).
Textual Amendments
F1 Substituted by Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816.
Article 75U.K.Exercise of the delegation
1.The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.
2.The power to adopt delegated acts referred to in Article 38(3) and Article 43(4) shall be conferred on the Commission for an indeterminate period of time from 27 December 2018.
3.The delegation of power referred to in Article 38(3) and Article 43(4) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.
4.Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making.
5.As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.
6.A delegated act adopted pursuant to Article 38(3) or Article 43(4) shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of two months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by two months at the initiative of the European Parliament or of the Council.
Article 76U.K.Committee procedure
1.The Commission shall be assisted by a committee. That committee shall be a committee within the meaning of Regulation (EU) No 182/2011.
2.Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.
Article 77U.K.Amendments to Decision 2007/533/JHA
Decision 2007/533/JHA is amended as follows:
(1)
Article 6 is replaced by the following:
‘Article 6National Systems
1.Each Member State shall be responsible for setting up, operating, maintaining and further developing its N.SIS II and connecting it to NI-SIS.
2.Each Member State shall be responsible for ensuring the uninterrupted availability of SIS II data to end-users.’;
(2)
Article 11 is replaced by the following:
‘Article 11Confidentiality — Member States
1.Each Member State shall apply its rules of professional secrecy or other equivalent duties of confidentiality to all persons and bodies required to work with SIS II data and supplementary information, in accordance with its national legislation. This obligation shall also apply after those people leave office or employment or after the termination of the activities of those bodies.
2.Where a Member State cooperates with external contractors in any SIS II-related tasks, it shall closely monitor the activities of the contractor to ensure compliance with all provisions of this Decision, in particular on security, confidentiality and data protection.
3.The operational management of N.SIS II or of any technical copies shall not be entrusted to private companies or private organisations.’;
(3)
Article 15 is amended as follows:
(a)
the following paragraph is inserted:
‘3a.The Management Authority shall develop and maintain a mechanism and procedures for carrying out quality checks on the data in CS-SIS. It shall provide regular reports to the Member States in this regard.
The Management Authority shall provide a regular report to the Commission covering the issues encountered and the Member States concerned.
The Commission shall provide the European Parliament and the Council with a regular report on data quality issues that are encountered.’;
(b)
paragraph 8 is replaced by the following:
‘8.The operational management of Central SIS II shall consist of all the tasks necessary to keep Central SIS II functioning 24 hours a day, 7 days a week in accordance with this Decision, in particular the maintenance work and technical developments necessary for the smooth running of the system. Those tasks shall also include the coordination, management and support of testing activities for Central SIS II and the N.SIS II that ensure that Central SIS II and the N.SIS II operate in accordance with the requirements for technical compliance set out in Article 9.’;
(4)
in Article 17, the following paragraphs are added:
‘3.Where the Management Authority cooperates with external contractors in any SIS II-related tasks, it shall closely monitor the activities of the contractor to ensure compliance with all provisions of this Decision, in particular on security, confidentiality and data protection.
4.The operational management of CS-SIS shall not be entrusted to private companies or private organisations.’;
(5)
in Article 21, the following paragraph is added:
‘Where a person or an object is sought under an alert related to a terrorist offence, the case shall be considered adequate, relevant and important enough to warrant an alert in SIS II. For public or national security reasons, Member States may exceptionally refrain from entering an alert when it is likely to obstruct official or legal inquiries, investigations or procedures.’;
(6)
Article 22 is replaced by the following:
‘Article 22Specific rules for entering, verification or search with photographs and fingerprints
1.Photographs and fingerprints shall only be entered following a special quality check to ascertain whether they fulfil minimum data quality standards. The specification of the special quality check shall be established in accordance with the procedure referred to in Article 67.
2.Where photographs and fingerprint data are available in an alert in SIS II, such photographs and fingerprint data shall be used to confirm the identity of a person who has been located as a result of an alphanumeric search made in SIS II.
3.Fingerprint data may be searched in all cases to identify a person. However, fingerprint data shall be searched to identify a person where the identity of the person cannot be ascertained by other means. For that purpose, the Central SIS II shall contain an Automated Fingerprint Identification System (AFIS).
4.Fingerprint data in SIS II in relation to alerts entered in accordance with Articles 26, 32 and 36 may also be searched using complete or incomplete sets of fingerprints discovered at the scenes of serious crimes or terrorist offences under investigation, where it can be established to a high degree of probability that those sets of prints belong to a perpetrator of the offence and provided that the search is carried out simultaneously in the Member State's relevant national fingerprints databases.’;
(7)
Article 41 is replaced by the following:
‘Article 41Access to data in SIS II by Europol
1.The European Union Agency for Law Enforcement Cooperation (Europol), established by Regulation (EU) 2016/794 of the European Parliament and of the Council(1), shall, where necessary to fulfil its mandate, have the right to access and search data in SIS II. Europol may also exchange and further request supplementary information in accordance with the provisions of the SIRENE Manual.
2.Where a search by Europol reveals the existence of an alert in SIS II, Europol shall inform the issuing Member State through the exchange of supplementary information by means of the Communication Infrastructure and in accordance with the provisions set out in the SIRENE Manual. Until Europol is able to use the functionalities intended for the exchange of supplementary information, it shall inform issuing Member States through the channels defined by Regulation (EU) 2016/794.
3.Europol may process the supplementary information that has been provided to it by Member States for the purposes of comparing it with its databases and operational analysis projects, aimed at identifying connections or other relevant links and for the strategic, thematic or operational analyses referred to in points (a), (b) and (c) of Article 18(2) of Regulation (EU) 2016/794. Any processing by Europol of supplementary information for the purpose of this Article shall be carried out in accordance with that Regulation.
4.Europol's use of information obtained from a search in SIS II or from the processing of supplementary information shall be subject to the consent of the issuing Member State. If the Member State allows the use of such information, its handling by Europol shall be governed by Regulation (EU) 2016/794. Europol shall only communicate such information to third countries and third bodies with the consent of the issuing Member State and in full compliance with Union law on data protection.
5.Europol shall:
(a)without prejudice to paragraphs 4 and 6, not connect parts of SIS II nor transfer the data contained in it to which it has access to any system for data collection and processing operated by or at Europol, nor download or otherwise copy any part of SIS II;
(b)notwithstanding Article 31(1) of Regulation (EU) 2016/794, delete supplementary information containing personal data at the latest one year after the related alert has been deleted. By way of derogation, where Europol has information in its databases or operational analysis projects on a case to which the supplementary information is related, in order for Europol to perform its tasks, Europol may exceptionally continue to store the supplementary information when necessary. Europol shall inform the issuing and the executing Member State of the continued storage of such supplementary information and present a justification for it;
(c)limit access to data in SIS II, including supplementary information, to specifically authorised staff of Europol who require access to such data for the performance of their tasks;
(d)adopt and apply measures to ensure security, confidentiality and self-monitoring in accordance with Articles 10, 11 and 13;
(e)ensure that its staff who are authorised to process SIS II data receive appropriate training and information in accordance with Article 14; and
(f)without prejudice to Regulation (EU) 2016/794, allow the European Data Protection Supervisor to monitor and review the activities of Europol in the exercise of its right to access and search data in SIS II and in the exchange and processing of supplementary information.
6.Europol shall only copy data from SIS II for technical purposes where such copying is necessary in order for duly authorised Europol staff to carry out a direct search. This Decision shall apply to such copies. The technical copy shall only be used for the purpose of storing SIS II data whilst those data are searched. Once the data have been searched they shall be deleted. Such uses shall not be considered to be unlawful downloading or copying of SIS II data. Europol shall not copy alert data or additional data issued by Member States or from CS-SIS II into other Europol systems.
7.For the purpose of verifying the lawfulness of data processing, self-monitoring and ensuring proper data security and integrity, Europol shall keep logs of every access to and search in SIS II in accordance with the provisions of Article 12. Such logs and documentation shall not be considered to be unlawful downloading or copying of part of SIS II.
8.Member States shall inform Europol through the exchange of supplementary information of any hit on alerts related to terrorist offences. Member States may exceptionally not inform Europol if doing so would jeopardise current investigations, the safety of an individual or be contrary to essential interests of the security of the issuing Member State.
9.Paragraph 8 shall apply from the date that Europol is able to receive supplementary information in accordance with paragraph 1.’;
(8)
the following Article is inserted:
‘Article 42aAccess to data in SIS II by the European Border and Coast Guard teams, teams of staff involved in return-related tasks, and members of the migration management support teams
1.In accordance with Article 40(8) of Regulation (EU) 2016/1624 of the European Parliament and of the Council(2), the members of the teams referred to in points (8) and (9) of Article 2 of that Regulation shall, within their mandate and provided that they are authorised to carry out checks in accordance with Article 40(1) of this Decision and have received the required training in accordance with Article 14 of this Decision, have the right to access and search data in SIS II insofar it is necessary for the performance of their task and as required by the operational plan for a specific operation. Access to data in SIS II shall not be extended to any other team members.
2.Members of the teams referred to in paragraph 1 shall exercise the right to access and search data in SIS II in accordance with paragraph 1 through a technical interface. The technical interface shall be set up and maintained by the European Border and Coast Guard Agency and shall allow direct connection to Central SIS II.
3.Where a search by a member of the teams referred to in paragraph 1 of this Article reveals the existence of an alert in SIS II, the issuing Member State shall be informed thereof. In accordance with Article 40 of Regulation (EU) 2016/1624, members of the teams shall only act in response to an alert in SIS II under instructions from and, as a general rule, in the presence of border guards or staff involved in return-related tasks of the host Member State in which they are operating. The host Member State may authorise members of the teams to act on its behalf.
4.For the purpose of verifying the lawfulness of data processing, self-monitoring and ensuring proper data security and integrity, the European Border and Coast Guard Agency shall keep logs of every access to and search in SIS II in accordance with the provisions of Article 12.
5.The European Border and Coast Guard Agency shall adopt and apply measures to ensure security, confidentiality and self-monitoring in accordance with Articles 10, 11 and 13 and shall ensure that the teams referred to in paragraph 1 of this Article apply those measures.
6.Nothing in this Article shall be interpreted as affecting the provisions of Regulation (EU) 2016/1624 concerning data protection or the European Border and Coast Guard Agency's liability for any unauthorised or incorrect processing of data by it.
7.Without prejudice to paragraph 2, no parts of SIS II shall be connected to any system for data collection and processing operated by the teams referred to in paragraph 1 or by the European Border and Coast Guard Agency, nor shall the data in SIS II to which those teams have access be transferred to such a system. No part of SIS II shall be downloaded or copied. The logging of access and searches shall not be considered to be unlawful downloading or copying of SIS II data.
8.The European Border and Coast Guard Agency shall allow the European Data Protection Supervisor to monitor and review the activities of the teams referred to in this Article in the exercise of their right to access and search data in SIS II. This shall be without prejudice to the further provisions of Regulation (EU) 2018/1725 of the European Parliament and of the Council(3).’.
Article 78U.K.Repeal
Regulation (EC) No 1986/2006 and Decisions 2007/533/JHA and 2010/261/EU are repealed from the date of application of this Regulation as set out in the first subparagraph of Article 79(5).
References to the repealed Regulation (EC) No 1986/2006 and Decision 2007/533/JHA shall be construed as references to this Regulation and shall be read in accordance with the correlation tables in the Annex.
Article 79U.K.Entry into force, start of operation and application
1.This Regulation shall enter into force on the twentieth day following its publication in the Official Journal of the European Union.
2.No later than 28 December 2021 the Commission shall adopt a decision setting the date on which SIS operations start pursuant to this Regulation, after verification that the following conditions have been met:
(a)the implementing acts necessary for the application of this Regulation have been adopted;
(b)Member States have notified the Commission that they have made the necessary technical and legal arrangements to process SIS data and exchange supplementary information pursuant to this Regulation; and
(c)eu-LISA has notified the Commission of the successful completion of all testing activities with regard to CS-SIS and to the interaction between CS-SIS and N.SIS.
3.The Commission shall closely monitor the process of gradual fulfilment of the conditions set out in paragraph 2 and shall inform the European Parliament and the Council about the outcome of the verification referred to in that paragraph.
4.By 28 December 2019 and every year thereafter until the decision of the Commission referred to in paragraph 2 has been taken, the Commission shall submit a report to the European Parliament and to the Council on the state of play of preparations for the full implementation of this Regulation. That report shall contain also detailed information about the costs incurred and information as to any risks which may impact the overall costs.
5.This Regulation shall apply from the date determined in accordance with paragraph 2.
By way of derogation from the first subparagraph:
(a)Article 4(4), Article 5, Article 8(4), Article 9(1) and (5), Article 12(8), Article 15(7), Article 19, Article 20(4) and (5), Article 26(6), Article 32(9), Article 34(3), Article 36(6), Article 38(3) and (4), Article 42(5), Article 43(4), Article 54(5), Article 62(4), Article 63(6), Article 74(7) and (10), Article 75, Article 76, points (1) to (5) of Article 77, and paragraphs 3 and 4 of this Article shall apply from the date of entry into force of this Regulation;
(b)points (7) and (8) of Article 77 shall apply from 28 December 2019;
(c)point 6 of Article 77 shall apply from 28 December 2020.
6.The Commission decision referred to in paragraph 2 shall be published in the Official Journal of the European Union.
(1)
Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA (OJ L 135, 24.5.2016, p. 53).’;
(2)
Regulation (EU) 2016/1624 of the European Parliament and of the Council of 14 September 2016 on the European Border and Coast Guard and amending Regulation (EU) 2016/399 of the European Parliament and of the Council and repealing Regulation (EC) No 863/2007 of the European Parliament and of the Council, Council Regulation (EC) No 2007/2004 and Council Decision 2005/267/EC (OJ L 251, 16.9.2016, p. 1).
(3)
Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).’.
Options/Help
Print Options
PrintThe Whole Regulation
PrintThis Chapter only
Legislation is available in different versions:
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As adopted by EU): The original version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.
See additional information alongside the content
Geographical Extent: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Show Timeline of Changes: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Opening Options
Different options to open legislation in order to view more content on screen at once
More Resources
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the EU Official Journal
- lists of changes made by and/or affecting this legislation item
- all formats of all associated documents
- correction slips
- links to related legislation and further information resources
Timeline of Changes
This timeline shows the different versions taken from EUR-Lex before exit day and during the implementation period as well as any subsequent versions created after the implementation period as a result of changes made by UK legislation.
The dates for the EU versions are taken from the document dates on EUR-Lex and may not always coincide with when the changes came into force for the document.
For any versions created after the implementation period as a result of changes made by UK legislation the date will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. For further information see our guide to revised legislation on Understanding Legislation.
More Resources
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the print copy
- correction slips
Click 'View More' or select 'More Resources' tab for additional information including:
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- links to related legislation and further information resources
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.