LegalizeRegulation (EU) 2021/1134 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EC) No 767/2008, (EC) No 810/2009, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1860, (EU) 2018/1861, (EU) 2019/817 and (EU) 2019/1896 of the European Parliament and of the Council and repealing Council Decisions 2004/512/EC and 2008/633/JHA, for the purpose of reforming the Visa Information System
Article 1
Amendments to Regulation (EC) No 767/2008
Regulation (EC) No 767/2008 is amended as follows:
(1) the title is replaced by the following: “ Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of information between Member States on short-stay visas, long-stay visas and residence permits (VIS Regulation) ”;
(2) Article 1 is amended as follows: (a) the first paragraph is replaced by the following: “This Regulation establishes the Visa Information System (VIS) and defines the purpose and functionalities of and the responsibilities for the system. It sets up the conditions and procedures for the exchange of data between Member States on applications for short-stay visas and on the decisions taken in relation thereto, including the decision whether to annul, revoke or extend the visa, to facilitate the examination of such applications and related decisions.”; (b) the following paragraph is inserted after the first paragraph: “This Regulation also lays down procedures for the exchange of information between Member States on long-stay visas and residence permits, including on certain decisions on long-stay visas and residence permits.”;
(3) Article 2 is replaced by the following: “Article 2 Purpose of the VIS
The purpose of the VIS is to improve the implementation of the common visa policy for short stays, consular cooperation and consultation between visa authorities by facilitating the exchange of data between Member States on applications and on the decisions relating thereto, in order to:
(a) facilitate the visa application procedure; (b) prevent the bypassing of the criteria for the determination of the Member State responsible for examining the visa application; (c) facilitate the fight against fraud; (d) facilitate checks at external border crossing points and within the territory of the Member States; (e) assist in the identification and return of any person who does not or no longer fulfils the conditions for entry to, stay or residence on the territory of the Member States; (f) assist in the identification of persons in specific circumstances as referred to in Article 22p; (g) facilitate the application of Regulation (EU) No 604/2013 of the European Parliament and of the Council (1) and of Directive 2013/32/EU of the European Parliament and of the Council (2); (h) contribute to the prevention, detection and investigation of terrorist offences or other serious criminal offences; (i) contribute to the prevention of threats to the internal security of any of the Member States; (j) contribute to the correct identification of persons; (k) support the objectives of the Schengen Information System (SIS) related to the alerts in respect of third-country nationals subject to a refusal of entry, persons wanted for arrest or for surrender or extradition purposes, missing persons or vulnerable persons, persons sought to assist with a judicial procedure and persons for discreet checks, inquiry checks or specific checks.
As regards long-stay visas and residence permits, the VIS shall have the purpose of facilitating the exchange of data between Member States on the applications and decisions related thereto, in order to:
(a) support a high level of security in all Member States by contributing to the assessment of whether the applicant for or holder of a long-stay visa or a residence permit is considered to pose a threat to public policy, internal security or public health; (b) facilitate checks at external border crossing points and within the territory of the Member States; (c) assist in the identification and return of any person who does not or no longer fulfils the conditions for entry to, stay or residence on the territory of the Member States; (d) contribute to the prevention, detection and investigation of terrorist offences or other serious criminal offences; (e) contribute to the correct identification of persons; (f) assist in the identification of persons in specific circumstances as referred to in Article 22p; (g) facilitate the application of Regulation (EU) No 604/2013 and of Directive 2013/32/EU; (h) support the objectives of the SIS related to alerts in respect of third-country nationals subject to a refusal of entry, persons wanted for arrest, for surrender or extradition purposes, missing persons or vulnerable persons, persons sought to assist with a judicial procedure and persons for discreet checks, inquiry checks or specific checks.
Article 2a
Architecture
The VIS shall be based on a centralised architecture and shall consist of:
(a) the common identity repository (CIR) established by Article 17(1) of Regulation (EU) 2019/817; (b) a central information system (the ‘VIS Central System’); (c) national uniform interfaces (NUIs) in each Member State, based on common technical specifications and identical for all Member States, enabling the VIS Central System to connect to the national infrastructures in Member States; (d) a communication infrastructure between the VIS Central System and the NUIs; (e) a secure communication channel between the VIS Central System and the Central System of the Entry/Exit System (EES); (f) a secure communication infrastructure between the VIS Central System and: (i) the central infrastructures of the European search portal (ESP) established by Article 6 of Regulation (EU) 2019/817; (ii) the shared biometric matching service established by Article 12 of Regulation (EU) 2019/817; (iii) the CIR; and (iv) the multiple-identity detector established by Article 25 of Regulation (EU) 2019/817; (g) a mechanism for consultation with regard to applications and the exchange of information between visa authorities (VISMail); (h) a carrier gateway; (i) a secure web service enabling communication between the VIS Central System on the one hand and the carrier gateway and international systems (Interpol databases) on the other hand; (j) a repository of data for the purposes of reporting and statistics. The VIS Central System, the NUIs, the web service, the carrier gateway and the VIS communication infrastructure shall share and re-use as much as technically possible the hardware and software components of, respectively, the EES Central System, the EES national uniform interfaces, the ETIAS carrier gateway, the EES web service and the EES communication infrastructure.
There shall be at least two NUIs as referred to in point (c) of paragraph 1 for each Member State, which shall provide the physical connection between Member States and the physical network of the VIS. The connection through the communication infrastructure referred to in point (d) of paragraph 1 shall be encrypted. The NUIs shall be located at Member State premises. The NUIs shall be used exclusively for purposes established by Union legislative acts.
The VIS Central System shall perform technical supervision and administration functions and have a backup VIS Central System, capable of ensuring all functionalities of the VIS Central System in the event of failure of that system. The VIS Central System shall be located in Strasbourg (France) and the backup VIS Central System shall be located in Sankt Johann im Pongau (Austria).
The communication infrastructure shall support and contribute to ensuring the uninterrupted availability of the VIS. It shall include redundancies for the connections between the VIS Central System and the backup VIS Central System and redundancies for the connections between each NUI on the one hand and the VIS Central System and the backup VIS Central System on the other hand. The communication infrastructure shall provide an encrypted virtual private network dedicated to VIS data and to communication among Member States and between Member States and eu-LISA.
eu-LISA shall implement technical solutions to ensure the uninterrupted availability of the VIS either through the simultaneous operation of the VIS Central System and the backup VIS Central System, provided that the backup VIS Central System remains capable of ensuring the operation of the VIS in the event of a failure of the VIS Central System, or through duplication of the system or its components.
(4) Article 3 is deleted;
(5) Article 4 is amended as follows: (a) points (3), (4) and (5) are replaced by the following: “3. ‘visa authorities’ means the authorities in each Member State which are responsible for examining and for taking decisions on visa applications or for taking decisions on whether to annul, revoke or extend visas, including the central visa authorities and the authorities responsible for issuing visas at the border; 3a. ‘designated authority’ means an authority designated by a Member State pursuant to Article 22l(1) as responsible for the prevention, detection or investigation of terrorist offences or other serious criminal offences; 3b. ‘VIS designated authority’ means an authority designated by a Member State pursuant to Article 9d(1) as responsible for the manual verification and follow-up action with regard to hits referred to in that paragraph; 3c. ‘ETIAS Central Unit’ means the unit established within the European Border and Coast Guard Agency pursuant to Article 7 of Regulation (EU) 2018/1240 of the European Parliament and of the Council (3);
‘application form’ means the harmonised application form for a Schengen Visa set out in Annex I to Regulation (EC) No 810/2009;
‘applicant’ means a person who has lodged an application for a visa, long-stay visa or residence permit;
(b) points (12), (13) and (14) are replaced by the following: “12. ‘VIS data’ means all data stored in the VIS Central System and in the CIR in accordance with Articles 9 to 14 and 22a to 22f;
‘identity data’ means the data referred to in point (4)(a) and (aa) of Article 9 and point (d) of Article 22a(1);
‘fingerprint data’ means the VIS data relating to fingerprints;
‘facial image’ means digital image of the face;
‘hit’ means the existence of a correspondence established by an automated comparison of the personal data recorded in an application file of the VIS with the specific risk indicators referred to in Article 9j or with the personal data present in a record, file or alert registered in the VIS, in another EU information system as referred to in Article 9a or 22b (EU information systems), in Europol data or in Interpol databases queried by the VIS;
‘Europol data’ means personal data processed by Europol for the purpose referred to in point (a) of Article 18(2) of Regulation (EU) 2016/794 of the European Parliament and of the Council (4);
‘residence permit’ means a residence permit issued by a Member State in accordance with the uniform format laid down by Council Regulation (EC) No 1030/2002 (5) and a document as referred to in point (16)(b) of Article 2 of Regulation (EU) 2016/399;
‘long-stay visa’ means an authorisation issued by a Member State as provided for in Article 18 of the Schengen Convention;
‘supervisory authorities’ means the supervisory authority referred to in Article 51(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council (6) and the supervisory authority referred to in Article 41 of Directive (EU) 2016/680 of the European Parliament and of the Council (7);
‘law enforcement’ means the prevention, detection or investigation of terrorist offences or other serious criminal offences;
‘terrorist offence’ means any of the offences under national law referred to in Articles 3 to 14 of Directive (EU) 2017/541 of the European Parliament and of the Council (8) or, for the Member States which are not bound by that Directive, the offences under national law equivalent to one of those offences;
‘serious criminal offence’ means an offence which corresponds or is equivalent to one of the offences referred to in Article 2(2) of Council Framework Decision 2002/584/JHA (9), if it is punishable under national law by a custodial sentence or a detention order for a maximum period of at least three years.
(6) Articles 5 and 6 are replaced by the following: “Article 5 Categories of data
Only the following categories of data shall be recorded in the VIS:
(a) alphanumeric data: (i) on the visa applicant and on visas requested, issued, refused, annulled, revoked or extended referred to in points (1) to (4) of Article 9 and in Articles 10 to 14; (ii) on the applicant for a long-stay visa or a residence permit and on long-stay visas and residence permits requested, issued, refused, withdrawn, revoked, annulled, extended or renewed as referred to in Article 22a and Articles 22c to 22f; (iii) regarding the hits referred to in Articles 9a and 22b and the reasoned opinions referred to in Articles 9e, 9g and 22b; (b) facial images as referred to in point (5) of Article 9 and in point (j) of Article 22a(1); (c) fingerprint data as referred to in point (6) of Article 9and in point (k) of Article 22a(1); (ca) scans of the biographic data page of the travel document referred to in point (7) of Article 9 and in point (h) of Article 22a(1); (d) links to other applications as referred to in Article 8(3) and (4) and Article 22a(4). 1a. The CIR shall contain the data referred to in points (4)(a) to (ca) and points (5) and (6) of Article 9 and in points (d) to (g), (j) and (k) of Article 22a(1). The remaining VIS data shall be stored in the VIS Central System. 1b. Verification and identification in the VIS by means of a facial image shall be possible only against facial images recorded in the VIS with an indication that the facial image was taken live upon submission of the application, in accordance with point (5) of Article 9 and point (j) of Article 22a(1).
Without prejudice to the recording of data processing operations pursuant to Article 34, the messages transmitted by the VISMail in accordance with Article 16, Article 24(2) and Article 25(2) shall not be recorded in the VIS.
Article 5a
List of recognised travel documents
The list of travel documents which entitle the holder to cross the external borders and which may be endorsed with a visa, as set out in Decision No 1105/2011/EU of the European Parliament and of the Council (10), shall be integrated in the VIS.
The VIS shall provide the functionality for the centralised management of the list of recognised travel documents and of the notification of the recognition or non-recognition of the listed travel documents pursuant to Article 4 of Decision No 1105/2011/EU.
The Commission shall adopt implementing acts to lay down detailed rules on managing the functionality referred to in paragraph 2 of this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 49(2).
Article 6
Access for entering, amending, erasing and consulting data
Access to the VIS for entering, amending or erasing the data referred to in Article 5(1) shall be reserved exclusively to the duly authorised staff of the visa authorities and to the authorities competent to collect or decide on an application for a long-stay visa or residence permit in accordance with Article 22a to 22f. The number of duly authorised members of staff shall be limited by the actual needs of their service.
Access to the VIS to consult the data shall be reserved exclusively for the duly authorised staff of the national authorities of each Member State and of the Union bodies which are competent for the purposes of Articles 15 to 22, Articles 22g to 22m and Article 45e of this Regulation, as well as for the purposes laid down in Articles 20 and 21 of Regulation (EU) 2019/817.
Reading this document does not replace reading the official text published in the Official Journal of the European Union. We assume no responsibility for any inaccuracies arising from the conversion of the original to this format.