Legalize
← Current text · History

Commission Implementing Regulation (EU) 2025/2447 of 4 December 2025 laying down the rules for the application of Regulation (EU) 2018/1727 of the European Parliament and of the Council, as regards the technical specifications, measures and other requirements for the establishment and use of the decentralised IT system for secure processing and communication of information

Current text a fecha 2026-04-15

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) 2018/1727 of the European Parliament and of the Council of 14 November 2018 on the European Agency for Criminal Justice Cooperation (Eurojust) and replacing and repealing Council Decision 2002/187/JHA (1), and in particular Article 22a(3) and Article 22b(1), points (a), (b), (c) and (d), thereof,

Whereas:

(1) Regulation (EU) 2018/1727 sets out the framework for Eurojust’s new digital internal infrastructure and the establishment of a decentralised secure digital communication system between the competent national authorities of the Member States and Eurojust.

(2) The secure digital communication is to be carried out through the decentralised IT system. To establish the decentralised IT system, it is necessary to set out technical specifications defining the methods of communication and communication protocols, technical measures ensuring minimum information security standards and security and minimum availability objectives for the implementation of that system.

(3) In accordance with Article 22a(1)of Regulation (EU) 2018/1727, the decentralised IT system is to be comprised of IT systems of the Member States and Eurojust, and interoperable e-CODEX access points through which those IT systems are interconnected. The technical specifications and other requirements of the decentralised IT system set out in this Regulation should take that framework into account.

(4) The access points of the decentralised IT system should be based on authorised e-CODEX access points as defined in Article 3(3) of Regulation (EU) 2022/850 of the European Parliament and of the Council (2).

(5) The decentralised IT system is implemented within a larger e-CODEX-based decentralised IT system referred to as the Justice Digital Exchange System (JUDEX). Therefore, it is necessary to ensure an effective exchange of information concerning horizontal developments.

(6) In accordance with Article 22a(4) of Regulation (EU) 2018/1727, Member States and Eurojust may choose to use the reference implementation software developed by the Commission as their back-end system instead of a national IT system. In order to ensure interoperability, both national IT systems and the reference implementation software should be subject to the same technical specifications and requirements.

(7) Data relating to terrorist offences and serious organised crime should be transmitted in a structured manner to improve the quality and relevance of the information, as well as to ensure that the information can be more efficiently integrated into Eurojust’s case management system and better cross-checked against information already stored in that system. For fingerprint data and photographs, which may be transmitted to Eurojust for the purpose of identifying individuals subject to criminal proceedings related to terrorism offences, the format and technical standards for the transmission should be defined.

(8) Eurojust facilitates and supports the issuance and execution of judicial cooperation requests, including requests and decisions based on instruments that give effect to the principle of mutual recognition. National competent authorities should be able to seek assistance and coordination from Eurojust through the decentralised IT system.

(9) In order to ensure efficiency and consistency, it is important that the technical specifications to be established under Regulation (EU) 2018/1727 are compatible with the technical specifications established under Regulations (EU) 2023/2844 (3), (EU) 2023/1543 (4) and (EU) 2024/3011 (5) of the European Parliament and of the Council as well as with future digitalisation measures relevant to Eurojust’s mandate to support national competent authorities.

(10) Any other communication between Eurojust and the competent national authorities, such as communication of information on the results of the processing of information, including the existence of links with cases already stored in the case management system in accordance with Article 22 of Regulation (EU) 2018/1727 when Eurojust is acting on own initiative, or of information transmitted to Eurojust for the purpose of preserving, analysing and storing evidence related to genocide, crimes against humanity, war crimes and related criminal offences in accordance with Article 4(1), point (j) of that Regulation, should also be enabled through the decentralised IT system.

(11) To ensure that this Regulation takes into account the operational needs of Eurojust, Eurojust has been consulted in accordance with Article 22a(3) of Regulation (EU) 2018/1727.

(12) In accordance with Article 4 of Protocol No 21 on the position of the United Kingdom and Ireland in respect to area of freedom, security and justice, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Ireland has notified, by letter of 9 September 2019, its wish to accept and be bound by Regulation (EU) 2018/1727. Commission Decision (EU) 2019/2006 (6) confirmed such participation. Regulation (EU) 2023/2131 of the European Parliament and of the Council (7) amended Regulation (EU) 2018/1727 to enable the establishment of secure digital communication channels between Eurojust and the competent national authorities and provides the legal basis for this Regulation. In circumstances where Ireland did not notify its wish to take part in the adoption and application of Regulation (EU) 2023/2131 and has not notified its wish to accept and be bound by that Regulation, Ireland, in accordance with Articles 1, 2 and Article 4a(1) of Protocol No 21, is not bound by Regulation (EU) 2023/2131 or subject to its application. Ireland is therefore not taking part in the adoption of this Regulation.

(13) In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark did not take part in the adoption of Regulation (EU) 2018/1727. Denmark is therefore not bound by this Regulation or subject to its application.

(14) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (8) and delivered an opinion on 21 October 2025.

(15) The measures provided for in this Regulation are in accordance with the opinion of the committee established by Article 22c of Regulation (EU) 2018/1727,

HAS ADOPTED THIS REGULATION:

Article 1

Technical specifications of the decentralised IT system

The technical specifications, measures and objectives of the decentralised IT system referred to in Article 22b(1), point (a), (b), (c) and (d), of Regulation (EU) 2018/1727 shall be as set out in Annex I to this Regulation.

Article 2

Digital procedural standards

The digital procedural standards applicable to the electronic communication through the decentralised IT system referred to in Article 22a(3) of Regulation (EU) 2018/1727 shall be as set out in Annex II to this Regulation.

Article 3

Technical specifications for the transmission of fingerprints and photographs

The technical specifications and the format for the transmission of fingerprints and photographs as referred to in Article 22a(3) of Regulation (EU) 2018/1727 shall be as set out in Annex III to this Regulation.

Article 4

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.

Done at Brussels, 4 December 2025.

For the Commission The President Ursula VON DER LEYEN

(1) OJ L 295, 21.11.2018, p. 138, ELI: http://data.europa.eu/eli/reg/2018/1727/oj.

(2) Regulation (EU) 2022/850 of the European Parliament and of the Council of 30 May 2022 on a computerised system for the cross-border electronic exchange of data in the area of judicial cooperation in civil and criminal matters (e-CODEX system), and amending Regulation (EU) 2018/1726 (OJ L 150, 1.6.2022, p. 1, ELI: http://data.europa.eu/eli/reg/2022/850/oj).

(3) Regulation (EU) 2023/2844 of the European Parliament and of the Council of 13 December 2023 on the digitalisation of judicial cooperation and access to justice in cross-border civil, commercial and criminal matters, and amending certain acts in the field of judicial cooperation (OJ L, 2023/2844, 27.12.2023, ELI: http://data.europa.eu/eli/reg/2023/2844/oj).

(4) Regulation (EU) 2023/1543 of the European Parliament and of the Council of 12 July 2023 on European Production Orders and European Preservation Orders for electronic evidence in criminal proceedings and for the execution of custodial sentences following criminal proceedings (OJ L 191, 28.7.2023, p. 118, ELI: http://data.europa.eu/eli/reg/2023/1543/oj).

(5) Regulation (EU) 2024/3011 of the European Parliament and of the Council of 27 November 2024 on the transfer of proceedings in criminal matters (OJ L, 2024/3011, 18.12.2024, ELI: http://data.europa.eu/eli/reg/2024/3011/oj).

(6) Commission Decision (EU) 2019/2006 of 29 November 2019 on the participation of Ireland in Regulation (EU) 2018/1727 of the European Parliament and of the Council on the European Union Agency for Criminal Justice Cooperation (Eurojust) (OJ L 310, 2.12.2019, p. 59, ELI: http://data.europa.eu/eli/dec/2019/2006/oj).

(7) Regulation (EU) 2023/2131 of the European Parliament and of the Council of 4 October 2023 amending Regulation (EU) 2018/1727 of the European Parliament and of the Council and Council Decision 2005/671/JHA, as regards digital information exchange in terrorism cases (OJ L, 2023/2131, 11.10.2023, ELI: http://data.europa.eu/eli/reg/2023/2131/oj).

(8) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj).