Commission Delegated Regulation (EU) 2021/2222 of 30 September 2021 supplementing Regulation (EU) 2019/818 of the European Parliament and of the Council with detailed rules on the operation of the central repository for reporting and statistics

Article 1

Definitions

For the purposes of this Regulation, the following definitions apply:

(1) ‘statistical data’ means the data, which is anonymised and used solely for the purpose of producing statistical reports pursuant to Regulation (EC) No 767/2008 of the European Parliament and of the Council (¹), Regulations (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1860, (EU) 2018/1861, (EU) 2018/1862, (EU) 2019/816, and Regulations (EU) 2024/982 (²), (EU) 2024/1358 (³), (EU) 2025/12 (⁴) and (EU) 2025/13 (⁵) of the European Parliament and of the Council;

(2) ‘(statistical) reports’ means an organised collection of statistical data, produced by the central repository in an automated manner according to a set of pre-established rules and stored in the central repository;

(3) ‘customisable reports’ means statistical reports that are extracted on the basis of statistical data contained in the central repository in accordance with specific rules determined ad hoc by a user and stored in the central repository;

(4) ‘critical identity data’ means any of the following data or a combination thereof, from which individuals can be identified: (a) name, first name, surname, family name, given names, alias of any person whose data may be stored in any EU information system; (b) number of travel document; (c) address (street name, house number); (d) telephone, IP address; (e) email addresses; (f) biometric data.

Article 2

Information to be contained in the central repository

The central repository shall enable the duly authorised staff of the competent authorities referred to in Article 39(2) of Regulation (EU) 2019/818 to obtain the following:

(a) reports pursuant to Article 74 of Regulation (EU) 2018/1862, containing the following statistics on records kept in the Schengen Information System: (i) daily, monthly and annual statistics showing the number of records per category of alerts, both for each Member State and in aggregate, pursuant to Article 74(3) of that Regulation; (ii) annual reports on the number of hits per category of alert, how many times the Schengen Information System was searched and how many times it was accessed for the purpose of entering, updating or deleting an alert, both for each Member State and in aggregate, pursuant to Article 74(3) of that Regulation; (iii) at the request of the Commission, additional specific statistical reports, either on a regular or ad hoc basis, on the performance and the use of the Schengen Information System and on the exchange of supplementary information, pursuant to Article 74(6), second subparagraph of that Regulation; (iv) At the request of the European Border and Coast Guard Agency, additional specific statistical reports, either on a regular or ad hoc basis, for the purpose of carrying out risk analyses and vulnerability assessments, pursuant to Article 74(6), third subparagraph of that Regulation; (v) reports and statistics for the purposes of technical maintenance, reporting, data quality reporting and statistics pursuant to Article 74(2) of that Regulation; (vi) data quality reports in accordance with pursuant to Article 15(4) of that Regulation.

(b) reports pursuant to Article 32 of Regulation (EU) 2019/816, containing the following statistics on the records kept in the European Criminal Records Information System for third-country nationals (ECRIS-TCN) and the ECRIS reference implementation: (i) customisable reports and statistics relating to the recording, storage and exchange of information extracted from criminal records through the European Criminal Records Information System for third-country nationals; (ii) reports and statistics for the purposes of technical maintenance, data quality reporting and statistics pursuant to Article 32(3) of that Regulation.

(c) reports pursuant to Article 12 of Regulation (EU) 2024/1358, containing the following statistics: (i) monthly statistics on the work of Eurodac as referred in Article 12(1) of Regulation (EU) 2024/1358; (ii) monthly statistical data for persons referred to in Article 12(1) of Regulation (EU) 2024/1358 broken down by Member State. The statistical data for persons as referred to in Article 12(1), point (i) of Regulation (EU) 2024/1358, shall, where possible, be broken down by year of birth and sex; (iii) monthly cross-system statistics from Eurodac, VIS, ETIAS and the EES specified in the implementing acts referred in Article 12(3) of Regulation (EU) 2024/1358; (iv) regular statistics on specific aspects related to the application of Regulation (EU) 2024/1358.

(d) reports pursuant to Article 39 of Regulation (EU) 2025/13, containing the following statistics: (i) quarterly statistics on the functioning of the router and on compliance of air carriers with the obligations set out in Regulation (EU) 2025/13; (ii) statistical information necessary for the reporting referred to in Article 44 of Regulation (EU) 2025/13 and for generating statistics in accordance with Article 39(5) and (6) of that Regulation; (iii) regular statistics for ensuring the monitoring by eu-LISA of the development and the functioning of the router in accordance with Article 39(9) of Regulation (EU) 2025/13.

(e) customisable reports and statistics pursuant to Article 72(4) of Regulation (EU) 2024/982.

Article 3

Data repository and reporting tool

Article 4

Data extraction

The central repository shall obtain, from the EU information systems, read-only copies of the data referred to in Article 39(2) and Article 62(1), (2) and (3) of Regulation (EU) 2019/818, in order to produce the statistics and reports referred to in Articles 39 and 62 of that Regulation. The data shall be obtained on a regular basis and at least daily, by means of one-way extraction.

Article 5

Data anonymisation tool

Article 6

Access

Access to the central repository shall be logged. The information logged shall contain at least:

(a) a timestamp;

(b) authority;

(c) type of the report concerned.

Any conflicting roles within the central repository shall be identified and access shall be granted in accordance with the following principles:

(a) ‘need-to-know’;

(b) least privilege access;

(c) segregation of duties.

Article 7

Data processor

For the purpose of anonymising personal data pursuant to Article 5, eu-LISA shall be the data processor within the meaning of Article 3, point (12) of Regulation (EU) 2018/1725.

Article 8

Other data protection and security aspects

Article 9

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.