Regulation (EU) 2022/850 of the European Parliament and of the Council of 30 May 2022 on a computerised system for the cross-border electronic exchange of data in the area of judicial cooperation in civil and criminal matters (e-CODEX system), and amending Regulation (EU) 2018/1726 (Text with EEA relevance)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 81(2) and Article 82(1) thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Economic and Social Committee (1),

Acting in accordance with the ordinary legislative procedure (2),

Whereas:

(1) Ensuring the effective access of citizens and businesses to justice and facilitating judicial cooperation in civil, including commercial, and criminal matters between the Member States are among the main objectives of the Union’s area of freedom, security and justice enshrined in Part three, Title V of the Treaty on the Functioning of the European Union (TFEU).

(2) It is sometimes difficult to access justice systems for a number of reasons such as formalistic and expensive legal procedures, long procedural delays and high costs of using court systems.

(3) It is thus important that appropriate channels are developed to ensure that justice systems can efficiently cooperate in a digital way. Therefore, it is essential to establish, at Union level, an information technology system that allows for the swift, direct, interoperable, sustainable, reliable and secure cross-border electronic exchange of case-related data, while always respecting the right to protection of personal data. Such a system should contribute to improving access to justice and transparency by enabling citizens and businesses to exchange documents and evidence in digital form with judicial or other competent authorities, when provided for by national or Union law. That system should increase citizens’ trust in the Union and mutual trust between Member States’ judicial and other competent authorities.

(4) Digitalisation of proceedings in civil and criminal matters should be encouraged with the aim of strengthening the rule of law and fundamental rights guarantees in the Union, particularly by facilitating access to justice.

(5) This Regulation concerns the cross-border electronic exchange of data in the area of judicial cooperation in civil and criminal matters. Judicial cooperation in civil and criminal matters and the respective competences of judicial or other competent authorities should be understood in accordance with Union legal acts and the case law of the Court of Justice of the European Union.

(6) Tools which have not replaced or required costly modifications to the existing back-end systems established in the Member States have previously been developed for the cross-border electronic exchange of case-related data. The e-Justice Communication via Online Data Exchange (e-CODEX) system is the main such tool developed to date.

(7) The e-CODEX system is a tool specifically designed to facilitate the cross-border electronic exchange of data in the area of judicial cooperation in civil and criminal matters. In the context of increased digitalisation of proceedings in civil and criminal matters, the aim of the e-CODEX system is to improve the efficiency of cross-border communication between competent authorities and to facilitate citizens’ and businesses’ access to justice. Until the handover of the e-CODEX system to the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), established by Regulation (EU) 2018/1726 of the European Parliament and of the Council (3), the e-CODEX system will be managed by a consortium of Member States and organisations with funding from Union programmes (the ‘entity managing the e-CODEX system’).

(8) The e-CODEX system provides an interoperable solution for the justice sector to connect the IT systems of the competent national authorities, such as the judiciary, or other organisations. The e-CODEX system should therefore be viewed as the preferred solution for an interoperable, secure and decentralised communication network between national IT systems in the area of judicial cooperation in civil and criminal matters.

(9) For the purposes of this Regulation, the electronic exchange of data includes any content transmissible in electronic form by means of the e-CODEX system, such as text or sound, visual or audiovisual recordings, in the form of either structured or unstructured data, files or metadata.

(10) This Regulation does not provide for the mandatory use of the e-CODEX system. At the same time, nothing in this Regulation should prevent Member States from developing and maintaining pilot use cases.

(11) The e-CODEX system consists of two software elements: a gateway for the exchange of messages with other gateways; and a connector, which provides a number of functionalities related to the exchange of messages between national IT systems. Currently, the gateway is based on a building block of the Connecting Europe Facility maintained by the Commission known as ‘eDelivery’, while the management of the connector is carried out by the entity managing the e-CODEX system. The connector provides functions such as verification of electronic signatures via a security library and proof of delivery. In addition, the entity managing the e-CODEX system has developed data schemas for digital forms to be used in the specific civil and criminal procedures for which it has piloted the e-CODEX system.

(12) Given the importance of the e-CODEX system for cross-border exchanges in the area of judicial cooperation in the Union, the e-CODEX system should be established by means of a sustainable Union legal framework that provides for rules regarding its functioning and development. Such a legal framework should ensure the protection of fundamental rights as provided for in the Charter of Fundamental Rights of the European Union, especially those enshrined in Title VI thereof, and in particular in Article 47 on the right to an effective remedy and to a fair trial. It should in no way undermine the protection of procedural rights which are essential for the protection of those fundamental rights. It should also clearly set out and frame the components of the e-CODEX system in order to guarantee its technical sustainability and security. The e-CODEX system should establish the IT components of an e-CODEX access point, which should consist of a gateway for the purposes of secure communication with other identified gateways and a connector for the purpose of supporting the exchange of messages. The e-CODEX system should also include digital procedural standards to support the use of e-CODEX access points for legal procedures provided for by Union legal acts adopted in the area of judicial cooperation in civil and criminal matters and to enable the exchange of information between the e-CODEX access points.

(13) Given that semantic interoperability, as one of the layers of interoperability, should be a contributing factor to achieving this Regulation’s objective of setting up a standardised and meaningful interaction between two or more parties, particular consideration should be given to the EU e-Justice Core Vocabulary, which is an asset for reusable semantical terms and definitions used to ensure data consistency and data quality over time and across use cases.

(14) Since it is necessary to ensure the long-term sustainability of the e-CODEX system and its governance, while respecting the principle of the independence of the judiciary, an appropriate entity for the management of the e-CODEX system should be designated. The independence of the judiciary, in the context of the governance of the e-CODEX system within that entity, should be ensured.

(15) The most appropriate entity for the management of the e-CODEX system is an agency, since its governance structure would allow Member States to be involved in the management of the e-CODEX system by participating in the agency’s management board, programme management board and advisory group. eu-LISA has relevant experience in managing large-scale IT systems. eu-LISA should therefore be entrusted with the management of the e-CODEX system. It is also necessary to adjust the existing governance structure of eu-LISA by adapting the responsibilities of its Management Board and by establishing an e-CODEX Advisory Group. Regulation (EU) 2018/1726 should therefore be amended accordingly. A specific e-CODEX Programme Management Board should also be established, taking into account gender balance. The e-CODEX Programme Management Board should advise eu-LISA’s Management Board on the prioritisation of activities, including on developing digital procedural standards, new features and new software versions.

(16) In accordance with Article 19 of Regulation (EU) 2018/1726, the functions of eu-LISA’s Management Board are, inter alia, to ensure that all of eu-LISA’s decisions and actions which affect large-scale IT systems in the area of freedom, security and justice respect the principle of independence of the judiciary. eu-LISA’s governance structure and financing scheme further guarantee that that principle is respected. It is also important to involve the legal professions, other experts and relevant stakeholders in the governance of the e-CODEX system through the e-CODEX Advisory Group and the e-CODEX Programme Management Board. The detailed arrangements and conditions as regards the involvement of the legal professions, other experts and relevant stakeholders should allow them to participate effectively and be consulted effectively, namely by ensuring their feedback is duly considered.

(17) Given eu-LISA’s priority tasks of developing and managing the Entry/Exit System (EES), the European Travel Information and Authorisation System (ETIAS), the centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN), the revised Schengen Information System (SIS), the Visa Information System (VIS) and Eurodac, as well as the strategic task of establishing a framework for interoperability between EU information systems, eu-LISA should take over the responsibility for the e-CODEX system between 1 July 2023 and 31 December 2023.

(18) e-CODEX correspondents should be entitled to request and receive technical support under this Regulation and should support the operation of the e-CODEX system among Member States. The service level requirements for the activities to be carried out by eu-LISA should address the matter of the number of e-CODEX correspondents in Member States and in the Commission, in proportion to the number of the e-CODEX access points authorised by the Member States or by the Commission and to the number of the digital procedural standards which they apply.

(19) The e-CODEX system can be used in cross-border civil and criminal matters. It should be possible to use the e-CODEX system and the components of the e-CODEX system for other purposes outside of the scope of judicial cooperation under national or Union law as long as such use does not impair the use of the e-CODEX system. This Regulation only applies to the cross-border exchange of data between connected systems via authorised e-CODEX access points, in accordance with the corresponding digital procedural standards.

(20) eu-LISA should be responsible for the components of the e-CODEX system, except for the management of the gateway, since it is currently provided by the Commission on a cross-sectoral basis within eDelivery. eu-LISA should take over full responsibility for the management of the connector and the digital procedural standards from the entity managing the e-CODEX system. Given that the gateway and the connector are integral components of the e-CODEX system, eu-LISA should ensure that the connector is compatible with the latest version of the gateway. To that end, the Commission should include eu-LISA in the preparatory work undertaken before eu-LISA takes over responsibility for the e-CODEX system and in the relevant governance body of eDelivery as from the entry into force of this Regulation.

(21) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council (4). The implementing acts adopted in that framework should establish: the minimum technical specifications and standards, including for security and methods for integrity and authenticity verification, underpinning the components of the e-CODEX system; the service level requirements for the activities carried out by eu-LISA and other necessary technical specifications for those activities, including the number of e-CODEX correspondents for the authorised e-CODEX access points, in proportion to the number of authorised e-CODEX access points and to the number of digital procedural standards which they apply; and the specific arrangements for the handover and takeover of the e-CODEX system. Implementing acts should also be able to establish digital procedural standards to support the use of the e-CODEX system in the procedures in the area of judicial cooperation in civil and criminal matters.

(22) The connector should be able to technically support all types of electronic seals and electronic signatures as provided for in Regulation (EU) No 910/2014 of the European Parliament and of the Council (5). The minimum technical specifications and standards established by the Commission should include security operating standards regarding the connector. The security requirements for the functioning of the connector should take into account standards for information security and existing Union legal acts, such as Regulations (EU) No 910/2014, (EU) No 2016/679 (6) and (EU) 2018/1725 (7) of the European Parliament and of the Council and Directive (EU) 2016/680 of the European Parliament and of the Council (8).

(23) The specific responsibilities of eu-LISA in relation to the management of the e-CODEX system should be laid down.

(24) The tasks of eu-LISA should include the addition of new features to the e-CODEX system, if needed. One such new feature should be a feature in the connector allowing for the retrieval of relevant statistical data regarding the number of technical messages sent and received through each authorised e-CODEX access point.

(25) At national level, it should be possible for Member States to authorise public authorities or legal persons, such as private companies and organisations representing legal practitioners, to operate e-CODEX access points. The Member States should maintain a list of such authorised e-CODEX access points and notify them to eu-LISA in order to enable them to interact with one another in the context of the relevant procedures. Entities operating authorised e-CODEX access points at national level are to comply with the data protection requirements and principles laid down in Regulation (EU) 2016/679. At Union level, it should be possible for the Commission to authorise Union institutions, bodies, offices or agencies to operate e-CODEX access points. The Commission should maintain a list of such authorised e-CODEX access points and notify them to eu-LISA in order to enable them to interact with one another in the context of the relevant procedures. Entities operating authorised e-CODEX access points at Union level are to comply with the data protection requirements and principles laid down in Regulation (EU) 2018/1725. While eu-LISA should ensure the management of the e-CODEX system, and having regard to the decentralised nature of the e-CODEX system, the responsibility for setting up and operating the authorised e-CODEX access points should lie exclusively with the entities operating the relevant authorised e-CODEX access points. An entity operating an authorised e-CODEX access point should bear the responsibility for any damage resulting from the operation of that authorised e-CODEX access point, in accordance with the applicable law. The Member States and the Commission should verify that entities operating authorised e-CODEX access points have the necessary technical equipment and human resources in order to guarantee that the e-CODEX system functions properly and in a reliable manner. Where those entities do not have the necessary technical equipment and human resources, their authorised e-CODEX access point should lose its authorisation.

(26) Member States should supervise the authorised e-CODEX access points for which they are responsible, in particular when they are operated by entities that are not public authorities. Member States should ensure that adequate data security measures are in place.

(27) Member States should inform the general public about the e-CODEX system by means of a set of large-scale communication channels, including websites and social media platforms.

(28) While it is for each Member State to determine the digital procedural standards which each e-CODEX access point it has authorised is entitled to apply, each Member State should nevertheless ensure that all the digital procedural standards adopted by means of implementing acts under this Regulation apply in their territory.

(29) A mechanism should be put in place to monitor the impact of instruments that enable the cross-border electronic exchange of data in the area of judicial cooperation in civil and criminal matters in the Union. The entities operating authorised e-CODEX access points should therefore be able to systematically collect and maintain comprehensive data on the use of the e-CODEX system. That should not only alleviate the work of the Member States in collecting the relevant data and ensure mutual accountability and transparency, but also significantly facilitate the ex-post monitoring by the Commission of the Union legal acts adopted in the area of judicial cooperation in civil and criminal matters. The information collected should only encompass aggregated data and should not constitute personal data.

(30) When providing technical support to e-CODEX correspondents in relation to the e-CODEX system, eu-LISA should act as a single point of contact, including for the purposes of the gateway.

(31) eu-LISA should maintain a high level of security when carrying out its tasks. When undertaking further technical evolutions of software or developing upgrades, eu-LISA should implement the principles of security by design and data protection by design and by default, in accordance with Regulation (EU) 2018/1725. An entity operating an authorised e-CODEX access point should bear the responsibility for the security and protection of the data transmitted via its authorised e-CODEX access point.

(32) Classified information, as defined in Article 2 of the Agreement between the Member States of the European Union, meeting within the Council, regarding the protection of classified information exchanged in the interests of the European Union (9), should not be transmitted via the e-CODEX system, unless the relevant conditions provided for in that Agreement, in other Union legal acts and in national law are fulfilled.