Commission Implementing Decision (EU) 2020/2165 of 9 December 2020 on laying down... (32020D2165)
EU - Rechtsakte: 19 Area of freedom, security and justice

COMMISSION IMPLEMENTING DECISION (EU) 2020/2165

of 9 December 2020

on laying down rules for the application of Regulation (EU) 2018/1861 of the European Parliament and of the Council as regards the minimum data quality standards and technical specifications for entering photographs and dactyloscopic data in the Schengen Information System (SIS) in the field of border checks and return

(notified under document C(2020) 8599)

THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006 (1), and in particular Article 32(4) thereof,
Whereas:
(1) The Schengen Information System (‘SIS’) in the field of border checks and return contains alerts on persons for the purposes of refusing entry and stay on the territory of the Member States or of verifying compliance with a return decision, thereby reinforcing the Union’s migration policy and contributing to a high level of security within the area of freedom, security and justice.
(2) Pursuant to Article 20(2) of Regulation (EU) 2018/1861 and Article 4(1) of Regulation (EU) 2018/1860 of the European Parliament and of the Council (2), the categories of data that may be entered in an alert in SIS include photographs, facial images and dactyloscopic data (the latter including fingerprints as well as palm prints). Pursuant to Article 22(1) of Regulation (EU) 2018/1861 and Article 4(2) of Regulation (EU) 2018/1860, such data should be entered into SIS, if available.
(3) Article 32(1) of Regulation (EU) 2018/1861, which also applies to the operation of SIS in the field of return pursuant to Article 19 of Regulation (EU) 2018/1860, stipulates that photographs, facial images and dactyloscopic data entered in an alert in SIS are subject to a quality check in order to ascertain that they meet minimum data quality standards and technical specifications.
(4) It is necessary to lay down implementing measures specifying the minimum data quality standards and technical specifications for entering and storing such data in SIS.
(5) The specifications should only set the level of quality required for entering and storing photographs in SIS to be used to confirm the identity of a person in accordance with Article 33(1) of that Regulation. The level of quality required for entering and storing photographs and facial images in SIS to be used to identify a person pursuant to Article 33(4) should be laid down at a later stage, when the conditions laid down in that Article have been fulfilled.
(6) eu-LISA should, in consultation with the SIS II Advisory Group, develop and document the technical details of the standards and specifications laid down in this Decision, in the SIS Interface Control Document and Detailed Technical Specifications. Member States, the European Union Agency for Law Enforcement Cooperation (‘Europol’) and the European Border and Coast Guard Agency should develop their systems in compliance with the specifications set out in these documents.
(7) In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark did not take part in the adoption of Regulation (EU) 2018/1861 and is not bound by it or subject to its application. However, given that Regulation (EU) 2018/1861 builds upon the Schengen
acquis
, Denmark, in accordance with Article 4 of that Protocol, notified on 26 April 2019 its decision to implement Regulation (EU) 2018/1861 in its national law. Denmark is therefore bound under international law to implement this Decision.
(8) This Decision constitutes a development of the provisions of the Schengen
acquis
in which Ireland does not take part, in accordance with Council Decision 2002/192/EC (3); Ireland is therefore not taking part in the adoption of this Decision and is not bound by it or subject to its application.
(9) This Decision constitutes a development of the provisions of the Schengen
acquis
in which the United Kingdom does not take part, in accordance with Council Decision 2000/365/EC (4); the United Kingdom is therefore not bound by it or subject to its application.
(10) As regards Iceland and Norway, this Decision constitutes a development of provisions of the Schengen
acquis
within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters’ association with the implementation, application and development of the Schengen
acquis
 (5), which fall within the area referred to in Article 1, point (G) of Council Decision 1999/437/EC (6).
(11) As regards Switzerland, this Decision constitutes a development of the provisions of the Schengen
acquis
within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen
acquis
 (7), which fall within the area referred to in Article 1, point (G), of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/146/EC (8).
(12) As regards Liechtenstein, this Decision constitutes a development of the provisions of the Schengen
acquis
within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen
acquis
 (9), which fall within the area referred to in Article 1, point (G), of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU (10).
(13) As regards Bulgaria and Romania, this Decision constitutes an act building upon, or otherwise relating to, the Schengen
acquis
within the meaning of Article 4(2) of the 2005 Act of Accession and should be read in conjunction with Council Decisions 2010/365/EU (11) and (EU) 2018/934 (12).
(14) As regards Croatia, this Decision constitutes an act building upon, or otherwise relating to, the Schengen
acquis
within the meaning of Article 4(2) of the 2011 Act of Accession and should be read in conjunction with Council Decision (EU) 2017/733 (13).
(15) Concerning Cyprus, this Decision constitutes an act building upon, or otherwise relating to, the Schengen
acquis
within the meaning of Article 3(2) of the 2003 Act of Accession.
(16) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (14) and delivered an opinion on 26 August 2020.
(17) The measures provided for in this Decision are in accordance with the opinion of the SIS-SIRENE Borders Committee,
HAS ADOPTED THIS DECISION:

Article 1

The entry and storage of photographs and dactyloscopic data in SIS as referred to in Article 32 of Regulation (EU) 2018/1861 shall comply with minimum data quality standards and technical specifications set out in the Annex to this Decision.

Article 2

This Decision is addressed to:
(1) the Kingdom of Belgium, the Republic of Bulgaria, the Republic of Croatia, the Republic of Cyprus, the Czech Republic, the Kingdom of Denmark, the Federal Republic of Germany, the Republic of Estonia, the Hellenic Republic, the Kingdom of Spain, the French Republic, the Italian Republic, the Republic of Latvia, the Republic of Lithuania, the Grand Duchy of Luxembourg, Hungary, the Republic of Malta, the Kingdom of the Netherlands, the Republic of Austria, the Republic of Poland, the Portuguese Republic, Romania, the Republic of Slovenia, the Slovak Republic, the Republic of Finland, the Kingdom of Sweden;
(2) the European Union Agency for Law Enforcement Cooperation and the European Border and Coast Guard Agency.
Done at Brussels, 9 December 2020.
For the Commission
Ylva JOHANSSON
Member of the Commission
(1)  
OJ L 312, 7.12.2018, p. 14
.
(2)  Regulation (EU) 2018/1860 of the European Parliament and of the Council of 28 November 2018 on the use of the Schengen Information System for the return of illegally staying third-country nationals (
OJ L 312, 7.12.2018, p. 1
).
(3)  Council Decision 2002/192/EC of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen
acquis
(
OJ L 64, 7.3.2002, p. 20
).
(4)  Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen
acquis
(
OJ L 131, 1.6.2000, p. 43
).
(5)  
OJ L 176, 10.7.1999, p. 36
.
(6)  Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen
acquis
(
OJ L 176, 10.7.1999, p. 31
).
(7)  
OJ L 53, 27.2.2008, p. 52
.
(8)  Council Decision 2008/146/EC of 28 January 2008 on the conclusion, on behalf of the European Community, of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen
acquis
(
OJ L 53, 27.2.2008, p. 1
).
(9)  
OJ L 160, 18.6.2011, p. 21
.
(10)  Council Decision 2011/350/EU of 7 March 2011 on the conclusion, on behalf of the European Union, of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen
acquis
, relating to the abolition of checks at internal borders and movement of persons (
OJ L 160, 18.6.2011, p. 19
).
(11)  Council Decision 2010/365/EU of 29 June 2010 on the application of the provisions of the Schengen
acquis
relating to the Schengen Information System in the Republic of Bulgaria and Romania (
OJ L 166, 1.7.2010, p. 17
).
(12)  Council Decision (EU) 2018/934 of 25 June 2018 on the putting into effect of the remaining provisions of the Schengen
acquis
relating to the Schengen Information System in the Republic of Bulgaria and Romania (
OJ L 165, 2.7.2018, p. 37
).
(13)  Council Decision (EU) 2017/733 of 25 April 2017 on the application of the provisions of the Schengen
acquis
relating to the Schengen Information System in the Republic of Croatia (
OJ L 108, 26.4.2017, p. 31
).
(14)  Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (
OJ L 295, 21.11.2018, p. 39
).

ANNEX

MINIMUM DATA QUALITY STANDARDS AND TECHNICAL SPECIFICATIONS FOR THE USE OF PHOTOGRAPHS AND DACTYLOSCOPIC DATA IN SIS.

1.   

Dactyloscopic data

1.1.   

Categories of dactyloscopic data used in SIS

The following categories of dactyloscopic data may be used in SIS:
(a) flat fingerprints, including flat thumb slaps and flat four-finger slaps;
(b) rolled fingerprints;
(c) palm prints.

1.2.   

Permitted dactyloscopic data formats

Member States may transmit to Central SIS:
(a) data captured using live-scan devices at the national level that are capable of capturing and segmenting up to ten individual fingerprints; rolled, flat or both;
(b) ‘inked’ fingerprints and palm prints; rolled, flat or both, which are digitally scanned at the relevant quality and resolution.
The Automated Fingerprint Identification System of Central SIS (CS-SIS AFIS), as defined in Article 33(2) of Regulation (EU) 2018/1861, must be compatible and interoperable with the dactyloscopic data formats mentioned under points (a) and (b).

1.3.   

Minimum data quality standards and technical specifications

1.3.1.   File and compression format (‘dactyloscopic container’)

The input format for the transmission of dactyloscopic data (‘dactyloscopic container’) to SIS must be compliant with the SIS NISTstandard based on the ANSI/NIST (1) binary format.
A ‘SIS NIST checker’ will be established at the level of the technical support function of Central SIS (CS-SIS) to check compliance of the transmitted dactyloscopic container with the defined SIS NIST standard.
Dactyloscopic containers that do not comply with the defined SIS NIST standard will be rejected by CS-SIS AFIS and will not be stored in Central SIS. If a non-compliant file is rejected by CS-SIS AFIS, CS-SIS will send an error message to the Member State that has transmitted the data.

1.3.2.   Image format and resolution

Fingerprint and palm print images referred to in points (a), (b) and (c) of Section 1.1 must be of a nominal resolution of either 1 000 ppi or of 500 ppi with 256 grey levels in order to be processed by CS-SIS. 500 ppi images must be entered using the WSQ format while 1 000 ppi images must be in JPEG2000 (JP2) format.

1.3.3.   Quality thresholds for the storage and use of fingerprints and palm prints images in CS-SIS AFIS

Dactyloscopic images must comply with the quality thresholds laid down in the SIS Interface Control Document and Detailed Technical Specifications in order to be stored and used in CS-SIS AFIS.
Member States are recommended to check the compliance with the quality thresholds of the dactyloscopic images before transmitting them to CS-SIS.
Compliant dactyloscopic containers that contain dactyloscopic images on fingerprints or palm prints below the quality thresholds will not be stored in CS-SIS AFIS and will not be used for biometric searches. Dactyloscopic containers that contain dactyloscopic images rejected by CS-SIS AFIS may only be used to confirm the identity of a person in accordance with Article 33(1) of Regulation (EU) 2018/1861. CS-SIS will send an error message to the Member State that has transmitted the data when a file has been rejected by CS-SIS AFIS due to the low quality of the images.

1.4.   

Biometric searches

CS-SIS AFIS will provide a biometric search functionality for all types of dactyloscopic images satisfying the quality requirements established in Section 1.3.3.
The performance requirements and biometric accuracy for the different categories of biometric searches in CS-SIS AFIS are laid down in the SIS Interface Control Document and Detailed Technical Specifications.

2.   

Photographs

A minimum resolution of 480 × 600 pixels with 24 bits of colour depth must be used when entering photographs in SIS.
(1)  American National Standard for Information Systems / National Institute of Standards and Technology.
Markierungen
Leseansicht