COMMISSION IMPLEMENTING DECISION (EU) 2023/221

of 1 February 2023

laying down and developing the universal message format (UMF) standard pursuant to Regulation (EU) 2019/818 of the European Parliament and of the Council

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (1), and in particular Article 38(3) thereof,

Whereas:

(1) Regulation (EU) 2019/818, together with Regulation (EU) 2019/817 of the European Parliament and of the Council (2) establishes a framework to ensure interoperability between the EU information systems in the field of borders, visa, police and judicial cooperation, asylum and migration.

(2) Those Regulations provide for a universal message format (UMF) to serve as a standard for structured, cross-border information exchange between information systems, authorities or organisations in the field of Justice and Home Affairs.

(3) It is necessary to lay down specific UMF rules for the development of Eurodac, ECRIS-TCN, the European search portal (ESP), the common identity repository (CIR) and the multiple-identity detector (MID) as provided for in Regulation (EU) 2019/818, and to have a specific provision for labelling data fields for the systems that are in the scope of interoperability.

(4) Given that Regulation (EU) 2019/818 builds upon the Schengen

acquis

, in accordance with Article 4 of Protocol No 22 on the Position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark notified the implementation of Regulation (EU) 2019/818 in its national law. It is therefore bound by this Decision.

(5) This Decision constitutes a development of the provisions of the Schengen

acquis

in which Ireland does not take part (3); Ireland is therefore not taking part in the adoption of this Decision and is not bound by it or subject to its application.

(6) As regards Iceland and Norway, this Decision constitutes a development of the provisions of the Schengen

acquis

within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen

acquis

(4) which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC (5).

(7) As regards Switzerland, this Decision constitutes a development of the provisions of the Schengen

acquis

within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen

acquis

(6), which fall within the area referred to in Article 1, point A of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/146/EC (7).

(8) As regards Liechtenstein, this Decision constitutes a development of the provisions of the Schengen

acquis

within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen

acquis

(8) which fall within the area referred to in Article 1, point A of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU (9).

(9) As regards Cyprus, Bulgaria and Romania, this Decision constitutes an act building upon, or otherwise relating to, the Schengen

acquis

within, respectively, the meaning of Article 3(1) of the 2003 Act of Accession and Article 4(1) of the 2005 Act of Accession.

(10) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (10) and delivered an opinion on 2 August 2022.

(11) The measures provided for in this Decision are in accordance with the opinion of the Committee established by Article 70(1) of Regulation (EU) 2019/818,

HAS ADOPTED THIS DECISION:

Article 1

Definition

For the purposes of this Decision,

(1) ‘information system’ means a central or national data processing systems and any of the following interoperability components: the European search portal (ESP), the common identity repository (CIR) and the multiple-identity detector (MID).

Article 2

Universal message format (UMF) standard

1. The universal message format (UMF) standard for cross-border information exchange between authorities or organisations in the field of Justice and Home Affairs shall be as set out in Annex I.

2. The UMF standard shall be used, if appropriate, in the development by the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA) or by any other Union agency for new information exchange models and information systems in the area of Justice and Home Affairs.

3. The elements set out in Annex II, derived from the universal message format (UMF) standard, shall be used in the development of the Eurodac, the European Criminal Records Information System for third-country nationals (ECRIS-TCN), and the following interoperability components: the ESP, the CIR and the MID.

Article 3

Use of UMF

1. The UMF standard may be used for information exchange between information systems, authorities or organisations in the field of Justice and Home Affairs.

2. The UMF standard shall be used to describe information exchanged between information systems in the field of Justice and Home Affairs without prejudice to the specific provisions related to the interoperability components laid down in Articles 4 and 5.

3. The UMF standard shall not be mandatory for the description of data elements stored in an information system or database.

Article 4

Use of the UMF standard for the development of the ESP

The UMF standard shall be used to describe and label the identity, travel document and biometric data queried and received via the ESP.

Article 5

Use of the UMF standard for the development of the CIR and the MID

The UMF standard shall be used to describe and label the identity, travel document and biometric data used for the information exchanged with the CIR and the MID referred to in Articles 20 and 22 of Regulation (EU) 2019/818.

Article 6

Entry into force

This Decision shall enter into force on the twentieth day following that of its publication in the

Official Journal of the European Union

Done at Brussels, 1 February 2023.

For the Commission

The President

Ursula VON DER LEYEN

(1)

OJ L 135, 22.5.2019, p. 85

(2) Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (

OJ L 135, 22.5.2019, p. 27

(3) This Decision falls outside the scope of measures provided for in Council Decision 2002/192/EC of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen

acquis

(

OJ L 64, 7.3.2002, p. 20

(4)

OJ L 176, 10.7.1999, p. 36

(5) Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen

acquis

(

OJ L 176, 10.7.1999, p. 31

(6)

OJ L 53, 27.2.2008, p. 52

(7) Council Decision 2008/146/EC of 28 January 2008 on the conclusion, on behalf of the European Community, of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen

acquis

(

OJ L 53, 27.2.2008, p. 1

(8)

OJ L 160, 18.6.2011, p. 21

(9) Council Decision 2011/350/EU of 7 March 2011 on the conclusion, on behalf of the European Union, of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen

acquis

, relating to the abolition of checks at internal borders and movement of persons (

OJ L 160, 18.6.2011, p. 19

(10) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (

OJ L 295, 21.11.2018, p. 39

ANNEX I

The Universal Message Format (UMF) standard consists of the following documents delivered as a result of the UMF Project financed by the European Commission.

(1) ‘UMF3.1_BusinessDescription.’,

(2) ‘UMF XML Schema Overview 3.1’,

(3) ‘UMF V3.1 Schema&TestSamples’.

These documents are available on the https://circabc.europa.eu/ui/group/af638ba5-eb84-4476-87fb-9a76ad669d2e. This website is managed by the UMF Secretariat hosted within Directorate-General for Migration and Home Affairs of the European Commission. All updates of these documents are published on the same site.

ANNEX II

UMF taxonomy table of identity and travel document data elements in EES, VIS, ETIAS, ECRIS -TCN and interoperability components.

Label of data elements

UMF mapping

Description

FamilyName

PersonIdentity.PersonCoreName.FamilyName

The surname or last name of a person. Family name is usually shared by members of a family. It contains all the parts of the family name including prefixes.

FamilyNameAtBirth

PersonIdentity.PersonCoreName.BirthName

Surname, family name or last name of a person at birth

PreviousFamilyName

a1)	PersonIdentity.OtherName.Type LUT-value: PreviousName

a2)	PersonIdentity.OtherName.Description

Surname, family name or last name used in the past and legitimately changed.

PreviousFirstNames

a1)	PersonIdentity.OtherName.Type LUT-value: PreviousName

a2)	PersonIdentity.OtherName.Description

Previous names, e.g. when first names were legitimately changed.

OtherName

a1)	PersonIdentity.OtherName.Type LUT-value: NotAssignableName

a2)	PersonIdentity.OtherName.Description [Available with UMF 3.1]

Other name is a formal or unofficial name by which a person is known (alias(es), artistic name(s), usual name(s)).

FirstName

PersonIdentity.PersonCoreName.FirstName

The first name(s) of a person. All first names that are part of a person identity.

DateOfBirth

PersonIdentity.DateOfBirth

The date on which a person was born or was officially deemed to be born.

PlaceOfBirth

PersonIdentity.PlaceOfBirth

City, village or another locality where a person was born or deemed to be born.

CountryOfBirth

PersonIdentity.CountryOfBirth

Country of birth is the country where a person was born or officially deemed to be born

Gender

PersonIdentity.Gender

Gender is the sex of a person

FamilyNameOfFather

a1)	PersonIdentity.ParentOrGuardianName.Type LUT-value: Father

a2)	PersonIdentity.ParentOrGuardianName.FamilyName [Available with UMF 3.1]

Surname, last name of the first parent (the father) of a person

FirstNameOfFather

a1)	PersonIdentity.ParentOrGuardianName.Type LUT-value: Father

a2)	PersonIdentity.ParentOrGuardianName.FirstName [Available with UMF 3.1]

First name(s) of the first parent (the father) of a person

FamilyNameOfMother

a1)	PersonIdentity.ParentOrGuardianName.Type LUT-value: Mother

a2)	PersonIdentity.ParentOrGuardianName.FamilyName [Available with UMF 3.1]

Surname, last name of the second parent (the mother) of a person

FirstNameOfMother

a1)	PersonIdentity.ParentOrGuardianName.Type LUT-value: Mother

a2)	PersonIdentity.ParentOrGuardianName.FirstName [Available with UMF 3.1]

First name(s) of the second parent (the mother) of a person

Nationality

PersonIdentity.Nationality.Country

Country in which a person holds legal citizenship (or indication of a stateless condition).

NationalityAtBirth

a1)	PersonIdentity.Nationality.Country

a2)	PersonIdentity.Nationality.StartDate = DateOfBirth

Country or countries in which a person held legal citizenship at birth

DocumentType

Document.DocumentType

Type of the document

DocumentNumber

Document.NumberInformation.Number

Alphanumeric number, which has been assigned by the owner, bearer, user, publisher, distributor, issuer or manufacturer of the document.

IssuingCountry

Document.IssuingAuthority.NationalAffiliation

Country of the issuing authority of the document

IssuingAuthority

Document.IssuingAuthority.Department/Agency.Name

The name of the authority that issued the document

IssueDate

Document.IssueDate

Date when the document was issued

ValidUntil

Document.ValidUntil

Date until the document is valid

FullName

PersonIdentity.PersonCoreName.FullName

Full name is a complete name of a person. The attribute full name contains the complete name of a person. In addition to the content of first name, Family name and, in some systems, patronymic name, this can carry additional parts of a person’s name such as titles, middle names or suffixes like ‘the third’, ‘III’ or names which are neither a first (given) nor a family name

Biometric data elements present in EES and sBMS (shared Biometric Matching Service)
Label of data elements	Description
BiometricType	Indication of the biometric modality.
NISTFormat	The NIST format that was used to exchange the biometric sample.
NIST	The binary file of the biometric data.
MatchingScore	Result of the comparison, indicating the degree of similarity between the biometric samples (for fingerprints, the matching score is for the whole fingerprint set from the probe data). The higher the score, the higher the similarity.
MatchingInterval	This element indicates in which interval the matching score lies below, in-between and above the matching threshold and possible matching threshold.
Facial image
QualityValue	An indication of the quality of the biometric. The biometric quality scores of the facial images are based on an algorithm that follow the ISO/IEC 19794-5:2011 recommendations.
NotProvidedReason	Code table value indicating a reason why facial image was not provided.
Source	Code table value indicating the source of the facial image.
Fingerprint
QualityValue	An indication of the quality of the biometric. The biometric quality scores of the fingerprints are based on the NFIQ 2.0 (NIST Fingerprint Image Quality version 2.0).
NotProvidedReason	Code table value indicating the reason why fingerprints were not provided.
FingersPermutation	Indicator whether the verification should be performed with fingers permutation or not.
HandsPermutation	Indicator whether the search should be performed with hands permutation or not. Only applicable for identifications with fingerprints.