Commission Implementing Regulation (EU) 2021/2224 of 16 November 2021 laying down the details of the automated data quality control mechanisms and procedures, the common data quality indicators and the minimum quality standards for storage of data, pursuant to Article 37(4) of Regulation (EU) 2019/818 of the European Parliament and of the Council

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (1), and in particular Article 37(4) thereof,

Whereas:

(1) Regulation (EU) 2019/818, together with Regulation (EU) 2019/817 of the European Parliament and of the Council (2) establishes a framework to ensure interoperability between the EU information systems in the field of borders, visa, police and judicial cooperation, asylum and migration.

(2) In order to improve data quality and harmonise the quality requirements, it is necessary to lay down the details of the automated data quality control mechanisms and procedures, the common data quality indicators and the minimum quality standards for the data entered and stored in the underlying EU information systems, the shared biometric matching service and the common identity repository.

(3) Those measures should be implemented and assessed by the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA) taking into consideration the specific provisions laid down for each EU information system and the interoperability component. To perform these tasks, eu-LISA should be advised by experts from the Commission, the Member States and the Union agencies using the EU information systems and interoperability components.

(4) Data quality control mechanisms and procedures should determine the compliance of the input data with the blocking and soft rules applicable to the underlying EU information systems, the shared biometric matching service and the common identity repository. eu-LISA should be responsible for ensuring that the data quality rules remain appropriate for achieving the objectives of the EU information systems and the interoperability components.

(5) For each quality control indicator, eu-LISA should determine and assess the appropriateness of the minimum quality standard indispensible to store the data in the EU information systems and the interoperability components. Data quality standards should enable the automatic identification of apparently incorrect or inconsistent data submissions, so that the originating Member State is able to verify the data and carry out any necessary remedial action.

(6) The data cleaning and issue detection mechanisms should be established in order to regularly check the validity and compliance of the data stored in the underlying EU information systems and the interoperability components with the data quality standards.

(7) eu-LISA should ensure a central monitoring capacity for data quality and for producing reports on data quality on a regular basis to the Member States. These reports should be produced by the central repository for reporting and statistics in accordance with Article 39(1) of Regulation (EU) 2019/818 and the rules laid down in the Commission Delegated Regulation 2021/2222 (3).

(8) Given that Regulation (EU) 2019/818 builds upon the Schengen acquis, in accordance with Article 4 of Protocol No 22 on the Position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark notified the implementation of Regulation (EU) 2019/818 in its national law. It is therefore bound by this Regulation.

(9) This Regulation constitutes a development of the provisions of the Schengen acquis in which Ireland does not take part (4). Ireland is therefore not taking part in the adoption of this Regulation and is not bound by it or subject to its application.

(10) As regards Iceland and Norway, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (5), which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC (6).

(11) As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (7), which fall within the area referred to in Article 1, point A of Decision 1999/437/EC, read in conjunction with Article 3 of Council Decision 2008/146/EC (8).

(12) As regards Liechtenstein, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (9) which fall within the area referred to in Article 1, point A of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU (10).

(13) As regards Cyprus, Bulgaria and Romania and Croatia, this Regulation constitutes an act building upon, or otherwise relating to, the Schengen acquis within, respectively, the meaning of Article 3(1) of the 2003 Act of Accession, Article 4(1) of the 2005 Act of Accession and Article 4(1) of the 2011 Act of Accession.

(14) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (11) and delivered an opinion on 30 April 2021.

(15) The measures provided for in this Regulation are in accordance with the opinion of the Interoperability Committee,

HAS ADOPTED THIS REGULATION:

Article 1

Scope and subject matter

Article 2

Definitions

For the purposes of this Regulation, the following definitions apply:

(a) ‘input data’ means data, subject to data quality checks for the purpose of being stored in a EU information system or interoperability component referred to in Article 37(1) of Regulation (EU) 2019/818;

(b) ‘data cleaning mechanism’ means a mechanism carrying out checks in order to ensure the scheduled erasure of data stored in a EU information system or interoperability component in accordance with Union law;

(c) ‘issue detection mechanism’ means a mechanism carrying out checks in order to identify data that does not meet the data quality rules or standards;

(d) ‘blocking rules’ means rules or a set of rules that measure the degree to which input data is compliant with defined data requirements conditioning their storage or use or both. They also include data quality rules governing each EU information system that must be complied with before data can be entered in the system. Input data not complying with a blocking rule will be rejected from being entered and stored in the EU information system and interoperability component;

(e) ‘soft rules’ means rules or a set of rules that measure the degree to which the input data is compliant with the defined data requirements conditioning its relevance or optimal use or both. Soft rules shall not prevent the entry and storage of non-compliant input data. They also include data quality rules governing each EU information system that should be complied with before data can be entered in the system. Input data not complying with a soft rule shall be entered into the EU information system or interoperability component with a data quality issue flag, notification or warning message.

Article 3

Automated data quality control mechanisms and procedures

Article 4

Automated data quality control mechanisms for data entered and stored

Article 5

Procedures governing the data quality control indicators, standards and mechanisms

(a) eu-LISA shall implement the data quality standards for each data quality indicator in accordance with Section 2 of the Annex to this Regulation;

(b) values shall be assigned to the standards separately for each of the data quality indicators referred to in Article 3(6). For each indicator, the standards may assign different values depending on the category of data;

(c) when so required and after the issuance of the regular data quality reports in accordance with Article 6, eu-LISA shall assess the appropriateness of the values and the standards and amend them to the extent to which they are no longer appropriate;

(d) when so required and after the issuance of the regular data quality reports in accordance with Article 6, eu-LISA shall assess the appropriateness of the data quality control mechanisms allowing for the application of blocking and soft rules and amend them where relevant;

(e) with a view of amending the data quality standards and their values, and to taking any decision on the data quality control mechanisms pursuant to points (c) and (d) of this paragraph, eu-LISA shall consult the Advisory Groups for each of the EU information systems and interoperability components referred to in Article 37(1) of Regulation (EU) 2019/818.

Article 6

Reports on automated data quality control mechanisms and procedures and common data quality indicators pursuant to Article 37(3) of Regulation (EU) 2019/818

(b) completeness of application files (%);

(c) compliance of data with the ‘good quality’ classification (%);

(d) compliance of data with the ‘low quality’ classification (%);

(e) results of the data cleaning mechanism;

(f) results of the issue detection mechanism;

(g) data fields that cause frequent quality issues;

(h) top 10 issues list for each of the categories referred to in points (a) to (g);

(i) the Member States concerned by the top 10 quality issues.

Article 7

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.

Done at Brussels, 16 November 2021

For the Commission The President Ursula VON DER LEYEN

(1) OJ L 135, 22.5.2019, p. 85.

(2) Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27).