CHAPTER VIIFINAL PROVISIONS

Article 35Independence

1.

F1The ID issuer, the provider of the data repository and providers of anti-tampering devices as well as, where applicable, their subcontractors shall be independent and exercise their functions impartially.

2.

For the purposes of paragraph 1, the following criteria shall be used to assess independence:

(a)

independence from the tobacco industry in terms of legal form, organisation and decision making. In particular it shall be assessed whether the undertaking or the group of undertakings is not under the direct or indirect control of the tobacco industry, including a minority shareholding;

(b)

independence from the tobacco industry in financial terms, which will be presumed if, before assuming their functions the undertaking or the group of undertakings concerned generates less than 10 % of its annual worldwide turnover, excluding VAT and any other indirect taxes, from goods and services supplied to the tobacco sector over the past two calendar years, as may be determined on the basis of the most recent approved accounts. For each subsequent calendar year, the annual worldwide turnover, excluding VAT and any other indirect taxes, from goods and services supplied to the tobacco sector shall not exceed 20 %;

(c)

absence of conflicts of interests with the tobacco industry of the persons responsible for the management of the undertaking or the group of undertakings, including members of the board of directors or any other form of governing body. In particular, they:

  1. (1)

    shall not have participated in company structures of the tobacco industry for the last five years;

  2. (2)

    shall act independently from any pecuniary or non-pecuniary interest linked to the tobacco industry, including possession of stocks, participation in private pension programmes or interest held by their partners, spouses or direct relatives in the ascending or descending line.

3.

Where F2the ID issuer, the provider of the data repository and providers of anti-tampering devices have recourse to sub-contractors, they shall remain responsible for ensuring compliance by those subcontractors with the independence criteria set out in paragraph 2.

F34.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5.

Any change in circumstances related to the criteria referred to in paragraph 2, capable of affecting the independence of F4the ID issuer, the provider of the data repository and providers of anti-tampering devices (including, where applicable, their subcontractors), that subsist for two consecutive calendar years, shall be communicated without delay to F5HMRC.

F66.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

7.

F7The ID issuer, the provider of the data repository and providers of anti-tampering devices shall inform without delay F8HMRC about any occurrences of threats or other attempts at exercising undue influence that may actually or potentially undermine their independence.

8.

Public authorities or undertakings governed by public law along with their subcontractors shall be presumed independent from the tobacco industry.

F99.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Article 36Security and interoperability of communications and data

1.

All electronic communication provided for under this Regulation shall be carried out using secure means. Applicable security protocols and connectivity rules shall be based on non-proprietary open standards. They shall be established by:

(a)

the ID issuer for communications between the ID issuer and the economic operators registering with the ID issuer or requesting unique identifiers;

F10(b)

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

(c)

the provider of the F11data repository for communications between the F11data repository and the router and:

  1. i.

    the ID F12issuer; F13and

  2. ii.

    F14...

  3. iii.

    economic operators using the router F15....

2.

F16The provider of the data repository shall be responsible for the security and integrity of hosted data. Data portability shall be secured in accordance with the common data dictionary set out in Article 28.

3.

For all transfers of data, the sending party is responsible for the completeness of transferred data. In order for the sending party to discharge this obligation, the receiving party shall acknowledge the receipt of transferred data including a checksum value of actual transmitted data or any alternative mechanism allowing for validating the integrity of transmission, in particular its completeness.

F17Article 37Transitional provision

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

F18Article 38Entry into force

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .