Commission Delegated Regulation (EU) 2026/326 of 3 December 2025 amending Delegated Regulation (EU) 2023/332 supplementing Regulation (EU) 2019/818 of the European Parliament and of the Council as regards determining cases where identity data are considered as same or similar for the purpose of the multiple identity detection

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (1), and in particular Article 28(5) thereof,

Whereas:

(1) Regulation (EU) 2019/818, together with Regulation (EU) 2019/817 of the European Parliament and of the Council (2), establishes a framework to ensure interoperability between the EU information systems in the field of borders, visa, police and judicial cooperation, asylum and migration.

(2) That framework includes a number of interoperability components, including a multiple-identity detector. The multiple-identity detector creates and stores links between data in the different EU information systems in order to detect multiple identities, with the dual purpose of facilitating identity checks for bona fide travellers and combating identity fraud. The creation and storage of such links is critical to ensuring the correct identification of individuals whose data are stored in the different EU information systems.

(3) The multiple-identity detection process results in the creation of automated white and yellow links. A white link indicates that the identity data of the linked files are the same or similar whereas a yellow link indicates that the identity data of the linked files cannot be considered to be similar and that manual verification of the different identities should be carried out.

(4) In order to enable the multiple-identity detector to create links, Commission Delegated Regulation (EU) 2023/332 (3) lays down the procedures to determine the cases in which identity data concerning a person stored across several systems are considered the same or similar for the purpose of multiple-identity detection.

(5) Regulation (EU) 2019/818 applies in relation to ‘Eurodac’ only from the date the recast of Regulation (EU) No 603/2013 of the European Parliament and of the Council (4) becomes applicable. Therefore, following the adoption of Regulation (EU) 2024/1358 of the European Parliament and of the Council (5), establishing ‘Eurodac’, it is necessary to adapt Delegated Regulation (EU) 2023/332 to list identity data of ‘Eurodac’ that will be compared in the multiple-identity detection process in order to determine whether the identity data are considered the same or similar.

(6) Delegated Regulation (EU) 2023/332 should therefore be amended accordingly.

(7) Given that Regulation(EU) 2019/818 builds upon the Schengen acquis, in accordance with Article 4 of Protocol No 22 on the Position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark notified the implementation of Regulation (EU) 2019/818 in its national law. It is therefore bound by this Regulation.

(8) This Regulation does not constitute a development of the provisions of the Schengen acquis in which Ireland takes part in accordance with Council Decision 2002/192/EC (6). Ireland is therefore not taking part in the adoption of this Regulation and is not bound by it or subject to its application.

(9) As regards Iceland and Norway, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (7), which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC (8).

(10) As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (9), which fall within the area referred to in Article 1, point A of Decision 1999/437/EC, read in conjunction with Article 3 of Council Decision 2008/146/EC (10).

(11) As regards Liechtenstein, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (11) which fall within the area referred to in Article 1, point A of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU (12).

(12) As regards Cyprus, this Regulation constitutes an act building upon, or otherwise relating to, the Schengen acquis within the meaning of Article 3(1) of the 2003 Act of Accession.

(13) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (13) and delivered an opinion on 27 May 2025,

HAS ADOPTED THIS REGULATION:

Article 1

In Article 1 of Delegated Regulation (EU) 2023/332, point (1), the following point (i) is inserted:

‘(i) surname(s) and forename(s), name(s) at birth and previously used names and any aliases; nationality(ies); date of birth; place of birth and sex; as referred to in Article 17(1), points (c) to (f) and (h), Article 19(1) points (c) to (f) and (h), 21(1), points (c) to (f) and (h), Article 22(2), points (c) to (f) and (h), Article 23(2), points (c) to (f) and (h), Article 26(2), points (c) to (f) and (h) of Regulation (EU) 2024/1358 of the European Parliament and of the Council(*1).

(*1)  Regulation (EU) 2024/1358 of the European Parliament and of the Council of 14 May 2024 on the establishment of “Eurodac” for the comparison of biometric data in order to effectively apply Regulations (EU) 2024/1351 and (EU) 2024/1350 of the European Parliament and of the Council and Council Directive 2001/55/EC and to identify illegally staying third-country nationals and stateless persons and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, amending Regulations (EU) 2018/1240 and (EU) 2019/818 of the European Parliament and of the Council and repealing Regulation (EU) No 603/2013 of the European Parliament and of the Council (OJ L, 2024/1358, 22.5.2024, ELI: http://data.europa.eu/eli/reg/2024/1358/oj).’."

Article 2

Annexes I and II to Delegated Regulation (EU) 2023/332 are amended in accordance with the Annex to this Regulation.

Article 3

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.

Done at Brussels, 3 December 2025.

For the Commission The President Ursula VON DER LEYEN

(1) OJ L 135, 22.5.2019, p. 85, ELI: http://data.europa.eu/eli/reg/2019/818/oj.

(2) Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27, ELI: http://data.europa.eu/eli/reg/2019/817/oj).

(3) Commission Delegated Regulation (EU) 2023/332 of 11 July 2022 supplementing Regulation (EU) 2019/818 of the European Parliament and of the Council as regards determining cases where identity data are considered as same or similar for the purpose of the multiple identity detection (OJ L 47, 15.2.2023, p. 6, ELI: http://data.europa.eu/eli/reg_del/2023/332/oj).

(4) Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person and on requests for the comparison with Eurodac data by Member States' law enforcement authorities and Europol for law enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (OJ L 180, 29.6.2013, p. 1, ELI: http://data.europa.eu/eli/reg/2013/603/oj).

(5) Regulation (EU) 2024/1358 of the European Parliament and of the Council of 14 May 2024 on the establishment of ‘Eurodac’ for the comparison of biometric data in order to effectively apply Regulations (EU) 2024/1351 and (EU) 2024/1350 of the European Parliament and of the Council and Council Directive 2001/55/EC and to identify illegally staying third-country nationals and stateless persons and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, amending Regulations (EU) 2018/1240 and (EU) 2019/818 of the European Parliament and of the Council and repealing Regulation (EU) No 603/2013 of the European Parliament and of the Council (OJ L, 2024/1358, 22.5.2024, ELI: http://data.europa.eu/eli/reg/2024/1358/oj).

(6) Council Decision 2002/192/EC of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen acquis (OJ L 64, 7.3.2002, p. 20, ELI: http://data.europa.eu/eli/dec/2002/192/oj).

(7) OJ L 176, 10.7.1999, p. 36, ELI: http://data.europa.eu/eli/agree_internation/1999/439(1)/oj.

(8) Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (OJ L 176, 10.7.1999, p. 31, ELI: http://data.europa.eu/eli/dec/1999/437/oj).

(9) OJ L 53, 27.2.2008, p. 52, ELI: http://data.europa.eu/eli/agree_internation/2008/178(1)/oj.

(10) Council Decision 2008/146/EC of 28 January 2008 on the conclusion, on behalf of the European Community, of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (OJ L 53, 27.2.2008, p. 1, ELI: http://data.europa.eu/eli/dec/2008/146/oj).

(11) OJ L 160, 18.6.2011, p. 21, ELI: http://data.europa.eu/eli/prot/2011/350/oj.

(12) Council Decision 2011/350/EU of 7 March 2011 on the conclusion, on behalf of the European Union, of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis, relating to the abolition of checks at internal borders and movement of persons (OJ L 160, 18.6.2011, p. 19, ELI: http://data.europa.eu/eli/dec/2011/350/oj).

(13) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj).