Legal provisions of COM(2005)600 - Access for consultation of the Visa Information System (VIS) by the authorities of Member States responsible for internal security and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
dossier | COM(2005)600 - Access for consultation of the Visa Information System (VIS) by the authorities of Member States responsible for internal ... |
---|---|
document | COM(2005)600 |
date | June 23, 2008 |
13.8.2008 | EN | Official Journal of the European Union | L 218/129 |
COUNCIL DECISION 2008/633/JHA
of 23 June 2008
concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences
THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on European Union, and in particular Article 30(1)(b) and Article 34(2)(c) thereof,
Having regard to the proposal from the Commission,
Having regard to the Opinion of the European Parliament,
Whereas:
(1) | Council Decision 2004/512/EC of 8 June 2004 establishing the Visa Information System (VIS) (1) established the VIS as a system for the exchange of visa data between Member States. The establishment of the VIS represents one of the key initiatives within the policies of the European Union aimed at establishing an area of freedom, security and justice. The VIS should have the purpose of improving the implementation of the common visa policy and should also contribute towards internal security and to combating terrorism under clearly defined and monitored circumstances. |
(2) | During its meeting of 7 March 2005 the Council adopted conclusions stating that ‘in order to achieve fully the aim of improving internal security and the fight against terrorism’, Member State authorities responsible for internal security should be guaranteed access to the VIS, ‘in the course of their duties in relation to the prevention, detection and investigation of criminal offences, including terrorist acts and threats’, ‘subject to strict compliance with the rules governing the protection of personal data’. |
(3) | It is essential in the fight against terrorism and other serious crimes for the relevant services to have the fullest and most up-to-date information in their respective fields. The Member States' competent national services need information if they are to perform their tasks. The information contained in the VIS may be necessary for the purposes of preventing and combating terrorism and serious crimes and should therefore be available, subject to the conditions set out in this Decision, for consultation by the designated authorities. |
(4) | Moreover, the European Council has stated that Europol has a key role with respect to cooperation between Member States' authorities in the field of cross-border crime investigation in supporting Union-wide crime prevention, analyses and investigation. Consequently, Europol should also have access to VIS data within the framework of its tasks and in accordance with the Convention of 26 July 1995 on the Establishment of a European Police Office (2). |
(5) | This Decision complements Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on 7 stay-visas (VIS Regulation) (3) insofar as it provides for a legal base under Title VI of the Treaty on European Union authorising access to the VIS for designated authorities and for Europol. |
(6) | It is necessary to designate the competent Member States' authorities as well as the central access points through which access is done and to keep a list of the operating units within the designated authorities that are authorised to access the VIS for the specific purposes of the prevention, detection and investigation of terrorist offences and other serious criminal offences as referred to in Council Framework Decision 2002/584/JHA of 13 June 2002 on the European arrest warrant and the surrender procedures between Member States (4). It is essential to ensure that the duly empowered staff with a right to access the VIS is limited to those who ‘have a need to know’ and possess appropriate knowledge about data security and data protection rules. |
(7) | Requests for access to the VIS should be made by the operating units within the designated authorities to the central access points. These central access points should then process the requests for access to the VIS following a verification whether all conditions for access are fulfilled. In an exceptional case of urgency the central access points should process the request immediately and only do the verification afterwards. |
(8) | For the purposes of protection of personal data, and in particular to exclude routine access, the processing of VIS data should only be on a case-by-case basis. Such a specific case exists in particular when the access for consultation is connected to a specific event or to a danger associated with serious crime, or to (a) specific person(s) in respect of whom there are serious grounds for believing that the person(s) will commit or has (have) committed terrorist offences or other serious criminal offences or that the person(s) has (have) a relevant connection with such (a) person(s). The designated authorities and Europol should thus only search data contained in the VIS when they have reasonable grounds to believe that such a search will provide information that will substantially assist them in preventing, detecting or investigating serious crime. |
(9) | Once the proposed Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters has entered into force it should apply to the personal data which are processed pursuant to this Decision. However, until the rules set out in that Framework Decision are applicable and in order to supplement them, adequate provisions have to be provided for to ensure the necessary data protection. Each Member State should ensure an adequate data protection level in its national law which at least corresponds to that resulting from the Council of Europe Convention of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data and the corresponding case law pursuant to Article 8 of the Convention for the Protection of Human Rights and Fundamental Freedoms and, for those Member States which have ratified it, the Additional Protocol of 8 November 2001 to that Convention, and should take into account Recommendation No R (87) 15 of 17 September 1987 of the Committee of Ministers of the Council of Europe Regulating the Use of Personal Data in the Police Sector. |
(10) | The effective monitoring of the application of this Decision should be evaluated at regular intervals. |
(11) | Since the objectives of this Decision, namely the creation of obligations and conditions for access for consultation of VIS data by Member States' designated authorities and by Europol, cannot be sufficiently achieved by the Member States and can, therefore, by reason of the scale and effects of the action, be better achieved at the level of the European Union, the Council may adopt measures in accordance with the principle of subsidiarity, referred to in Article 2 of the Treaty on European Union and defined in Article 5 of the Treaty establishing the European Community. In accordance with the principle of proportionality, as set out in that Article, this Decision does not go beyond what is necessary in order to achieve those objectives. |
(12) | In accordance with Article 47 of the Treaty on European Union, this Decision does not affect the competences of the European Community, in particular as exercised in Regulation (EC) No 767/2008 and in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (5). |
(13) | This Decision constitutes a development of provisions of the Schengen acquis in which the United Kingdom does not take part in accordance with Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis (6). The United Kingdom is therefore not taking part in its adoption and is not bound by it or subject to its application. |
(14) | This Decision constitutes a development of provisions of the Schengen acquis in which Ireland does not take part in accordance with Council Decision 2002/192/EC of 28 February 2002 concerning Ireland's request to take part in some of the provisions of the Schengen acquis (7). Ireland is therefore not taking part in its adoption and is not bound by it or subject to its application. |
(15) | However, in accordance with Council Framework Decision 2006/960/JHA of 18 December 2006 on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union (8), information contained in the VIS can be provided to the United Kingdom and Ireland by the competent authorities of the Member States whose designated authorities have access to the VIS pursuant to this Decision. Information held in the national visa registers of the United Kingdom and Ireland can be provided to the competent law enforcement authorities of the other Member States. Any form of direct access for central authorities of the United Kingdom and Ireland to the VIS would, under the present state of their participation in the Schengen acquis, require an agreement between the Community and those Member States, possibly to be supplemented by other rules specifying the conditions and procedures for such access. |
(16) | As regards Iceland and Norway, this Decision constitutes, with the exception of Article 7, a development of provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (9) which fall within the area referred to in Article 1, point B of Council Decision 1999/437/EC (10) on certain arrangements for the application of that Agreement. |
(17) | As regards Switzerland, this Decision constitutes, with the exception of Article 7, a development of the provisions of the Schengen acquis within the meaning of the Agreement signed by the European Union, the European Community and the Swiss Confederation concerning the association of the Swiss Confederation with the implementation, application and development of the Schengen acquis which fall within the area referred to in Article 1, point B of Decision 1999/437/EC read in conjunction with Article 4(1) of Council Decision 2004/849/EC (11). |
(18) | This Decision, save Article 6, constitutes an act building on the Schengen acquis or otherwise related to it within the meaning of Article 3(2) of the 2003 Act of Accession and Article 4(2) of the 2005 Act of Accession. |
(19) | This Decision respects the fundamental rights and observes the principles reflected in particular in the Charter of Fundamental Rights of the European Union, |
HAS DECIDED AS FOLLOWS:
Article 1
Subject matter and scope
This Decision lays down the conditions under which Member States' designated authorities and the European Police Office (Europol) may obtain access for consultation of the Visa Information System (VIS) for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences.
Article 2
Definitions
1. For the purposes of this Decision, the following definitions shall apply:
(a) | ‘Visa Information System (VIS)’ means the Visa Information System as established by Decision 2004/512/EC; |
(b) | ‘Europol’ means the European Police Office as established by the Convention of 26 July 1995 on the Establishment of a European Police Office (the Europol Convention); |
(c) | ‘terrorist offences’ means the offences under national law which correspond or are equivalent to the offences in Articles 1 to 4 of Council Framework Decision 2002/475/JHA of 13 June 2002 on combating terrorism (12); |
(d) | ‘serious criminal offences’ means the forms of crime which correspond or are equivalent to those referred to in Article 2(2) of Framework Decision 2002/584/JHA; |
(e) | ‘designated authorities’ means authorities which are responsible for the prevention, detection or investigation of terrorist offences or of other serious criminal offences and designated by the Member States pursuant to Article 3. |
2. The definitions in Regulation (EC) No 767/2008 shall also apply.
Article 3
Designated authorities and central access points
1. Member States shall designate the authorities referred to in Article 2(1)(e) which are authorised to access VIS data pursuant to this Decision.
2. Every Member State shall keep a list of the designated authorities. By 2 December 2008 every Member State shall notify in a declaration to the Commission and the General Secretariat of the Council their designated authorities and may at any time amend or replace its declaration by another declaration.
3. Every Member State shall designate the central access point(s) through which the access is done. Member States may designate more than one central access point to reflect their organisational and administrative structure in fulfilment of their constitutional or legal requirements. By 2 December 2008 every Member State shall notify in a declaration to the Commission and the General Secretariat of the Council their central access point(s) and may at any time amend or replace its declaration by another declaration.
4. The Commission shall publish the declarations referred to in paragraphs 2 and 3 in the Official Journal of the European Union.
5. At national level, each Member State shall keep a list of the operating units within the designated authorities that are authorised to access the VIS through the central access point(s).
6. Only duly empowered staff of the operational units as well as the central access point(s) shall be authorised to access the VIS in accordance with Article 4.
Article 4
Procedure for access to the VIS
1. Where the conditions of Article 5 are fulfilled the operating units referred to in Article 3(5) shall submit a reasoned written or electronic request to the central access points referred to in Article 3(3) to access the VIS. Upon receipt of a request for access the central access point(s) shall verify whether the conditions for access referred to in Article 5 are fulfilled. If all conditions for access are fulfilled, the duly authorised staff of the central access point(s) shall process the requests. The VIS data accessed shall be transmitted to the operating units referred to in Article 3(5) in such a way as not to compromise the security of the data.
2. In an exceptional case of urgency, the central access point(s) may receive written, electronic or oral requests. In such cases, the central access point(s) shall process the request immediately and only verify ex-post whether all the conditions of Article 5 are fulfilled, including whether an exceptional case of urgency existed. The ex-post verification shall take place without undue delay after the processing of the request.
Article 5
Conditions for access to VIS data by designated authorities of Member States
1. Access to the VIS for consultation by designated authorities shall take place within the scope of their powers and if the following conditions are met:
(a) | access for consultation must be necessary for the purpose of the prevention, detection or investigation of terrorist offences or other serious criminal offences; |
(b) | access for consultation must be necessary in a specific case; |
(c) | there are reasonable grounds to consider that consultation of VIS data will substantially contribute to the prevention, detection or investigation of any of the criminal offences in question. |
2. Consultation of the VIS shall be limited to searching with any of the following VIS data in the application file:
(a) | surname, surname at birth (former surname(s)); first name(s); sex; date, place and country of birth; |
(b) | current nationality and nationality at birth; |
(c) | type and number of the travel document, the authority which issued it and the date of issue and of expiry; |
(d) | main destination and duration of the intended stay; |
(e) | purpose of travel; |
(f) | intended date of arrival and departure; |
(g) | intended border of first entry or transit route; |
(h) | residence; |
(i) | fingerprints; |
(j) | type of visa and the number of the visa sticker; |
(k) | details of the person issuing an invitation and/or liable to pay the applicant's subsistence costs during the stay. |
3. Consultation of the VIS shall, in the event of a hit, give access to all of the data listed in paragraph 2 as well as to:
(a) | any other data taken from the application form; |
(b) | photographs; |
(c) | the data entered in respect of any visa issued, refused, annulled, revoked or extended. |
Article 6
Conditions for access to VIS data by designated authorities of a Member State in respect of which Regulation (EC) No 767/2008 has not yet been put into effect
1. Access to the VIS for consultation by designated authorities of a Member State in respect of which Regulation (EC) No 767/2008 has not yet been put into effect shall take place within the scope of their powers and
(a) | subject to the same conditions as referred to in Article 5(1); and |
(b) | by a duly motivated written or electronic request to a designated authority of a Member State to which Regulation (EC) No 767/2008 applies; that authority shall then request the national central access point(s) to consult the VIS. |
2. A Member State in respect of which Regulation (EC) No 767/2008 has not yet been put into effect shall make its visa information available to Member States to which Regulation (EC) No 767/2008 applies, on the basis of a duly reasoned written or electronic request, subject to compliance with the conditions laid down in Article 5(1).
3. Article 8(1) and (3) to (6), Article 9(1), Article 10(1) and (3), Article 12, Article 13(1) and (3) shall apply accordingly.
Article 7
Conditions for access to VIS data by Europol
1. Access to the VIS for consultation by Europol shall take place within the limits of its mandate and:
(a) | when necessary for the performance of its tasks pursuant to Article 3(1), point 2 of the Europol Convention and for the purposes of a specific analysis as referred to in Article 10 of the Europol Convention; or |
(b) | when necessary for the performance of its tasks pursuant to Article 3(1), point 2 of the Europol Convention and for an analysis of a general nature and of a strategic type, as referred to in Article 10 of the Europol Convention, provided that VIS data is rendered anonymous by Europol prior to such processing and retained in a form in which identification of the data subjects is no longer possible. |
2. Article 5(2) and (3) shall apply accordingly.
3. Europol shall designate a specialised unit for the purpose of this Decision with duly empowered Europol officials to act as the central access point to access the VIS for consultation.
4. Processing of information obtained by Europol from access to the VIS shall be subject to the consent of the Member State which has entered that data in the VIS. Such consent shall be obtained via the Europol national unit of that Member State.
Article 8
Protection of personal data
1. The processing of personal data consulted under this Decision shall be subject to the following rules and to the national law of the consulting Member State. With regard to the processing of personal data consulted under this Decision, each Member State shall ensure an adequate data protection level in its national law which at least corresponds to that resulting from the Council of Europe Convention of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data and, for those Member States which have ratified it, the Additional Protocol of 8 November 2001 to that Convention, and shall take into account Recommendation No R (87)15 of 17 September 1987 of the Committee of Ministers of the Council of Europe Regulating the Use of Personal Data in the Police Sector.
2. The processing of personal data by Europol pursuant to this Decision shall be in accordance with the Europol Convention and the rules adopted in implementation thereof and supervised by the independent joint supervisory body established by Article 24 of the Convention.
3. Personal data obtained pursuant to this Decision from the VIS shall only be processed for the purposes of the prevention, detection, investigation and prosecution of terrorist offences or other serious criminal offences.
4. Personal data obtained pursuant to this Decision from the VIS shall not be transferred or made available to a third country or to an international organisation. However, in an exceptional case of urgency such data may be transferred or made available to a third country or an international organisation, exclusively for the purposes of the prevention and detection of terrorist offences and of other serious criminal offences and under the conditions set out in Article 5(1) of this Decision, subject to the consent of the Member State having entered the data into the VIS and in accordance with the national law of the Member State transferring the data or making them available. In accordance with national law, Member States shall ensure that records are kept of such transfers and make them available to national data protection authorities on request. The transfer of data by the Member State that entered the data in the VIS according to Regulation (EC) No 767/2008 shall be subject to the national law of that Member State.
5. The competent body or bodies which, in accordance with national law, are charged with the supervision of the processing of personal data by the authorities designated under this Decision shall monitor the lawfulness of the processing of personal data pursuant to this Decision. The Member States shall ensure that these bodies have sufficient resources to fulfil the tasks entrusted to them under this Decision.
6. The bodies referred to in paragraph 5 shall ensure that at least every four years an audit of the processing of personal data pursuant to this Decision is carried out, where applicable according to international auditing standards.
7. Member States and Europol shall allow the competent body or bodies referred to in paragraphs 2 and 5 to obtain the necessary information to enable them to carry out their tasks in accordance with this Article.
8. Before being authorised to process data stored in the VIS, the staff of the authorities having a right to access the VIS shall receive appropriate training about data security and data protection rules and shall be informed of any relevant criminal offences and penalties.
Article 9
Data security
1. The Member State responsible shall ensure the security of the data during transmission to the designated authorities and when received by them.
2. Each Member State shall adopt the necessary security measures with respect to data to be retrieved from the VIS pursuant to this Decision and to be subsequently stored, in particular in order to:
(a) | physically protect data, including by making contingency plans for the protection of critical infrastructure; |
(b) | deny unauthorised persons access to national installations in which the Member State stores data (checks at entrance to the installation); |
(c) | prevent the unauthorised reading, copying, modification or removal of data media (data media control); |
(d) | prevent the unauthorised inspection, modification or deletion of stored personal data (storage control); |
(e) | prevent the unauthorised processing of data from the VIS (control of data processing); |
(f) | ensure that persons authorised to access the VIS have access only to the data covered by their access authorisation, by means of individual and unique user identities and confidential access modes only (data access control); |
(g) | ensure that all authorities with a right of access to the VIS create profiles describing the functions and responsibilities of persons who are authorised to access and search the data and make these profiles available to the national supervisory authorities referred to in Article 8(5) without delay upon their request (personnel profiles); |
(h) | ensure that it is possible to verify and establish to which bodies personal data may be transmitted using data communication equipment (communication control); |
(i) | ensure that it is possible to verify and establish what data has been retrieved from the VIS, when, by whom and for what purpose (control of data recording); |
(j) | prevent the unauthorised reading and copying of personal data during their transmission from the VIS, in particular by means of appropriate encryption techniques (transport control); |
(k) | monitor the effectiveness of the security measures referred to in this paragraph and take the necessary organisational measures related to internal monitoring to ensure compliance with this Decision (self-auditing). |
Article 10
Liability
1. Any person who, or Member State which, has suffered damage as a result of an unlawful processing operation or any act incompatible with this Decision shall be entitled to receive compensation from the Member State which is responsible for the damage suffered. That Member State shall be exempted from its liability, in whole or in part, if it proves that it is not responsible for the event giving rise to the damage.
2. If any failure of a Member State to comply with its obligations under this Decision causes damage to the VIS, that Member State shall be held liable for such damage, unless and insofar as another Member State failed to take reasonable measures to prevent the damage from occurring or to minimise its impact.
3. Claims for compensation against a Member State for the damage referred to in paragraphs 1 and 2 shall be governed by the provisions of national law of the defendant Member State.
Article 11
Self-monitoring
Member States shall ensure that each authority entitled to access VIS data takes the measures necessary to comply with this Decision and cooperates, where necessary, with the national body or bodies referred to in Article 8(5).
Article 12
Penalties
Member States shall take the necessary measures to ensure that any use of VIS data contrary to the provisions of this Decision is punishable by penalties, including administrative and/or criminal penalties, that are effective, proportionate and dissuasive.
Article 13
Keeping of VIS data in national files
1. Data retrieved from the VIS may be kept in national files only when necessary in an individual case in accordance with the purposes set out in this Decision and in accordance with the relevant legal provisions including those concerning data protection and for no longer than necessary in the individual case.
2. Paragraph 1 shall not prejudice the provisions of national law of a Member State concerning the entry by its designated authorities in their national files of data which that Member State entered in the VIS according to Regulation (EC) No 767/2008.
3. Any use of data which does not comply with paragraphs 1 and 2 shall be considered a misuse under the national law of each Member State.
Article 14
Right of access, correction and deletion
1. The right of persons to have access to data relating to them obtained from the VIS pursuant to this Decision shall be exercised in accordance with the law of the Member State in which they invoke that right.
2. If national law so provides, the national supervisory authority shall decide whether information is to be communicated and by what procedures.
3. A Member State other than that which has entered the data into the VIS according to Regulation (EC) No 767/2008 may communicate information concerning such data only if it first gives the Member State entering the data an opportunity to state its position.
4. Information shall not be communicated to the data subject if this is indispensable for the performance of a lawful task in connection with the data or for the protection of the rights and freedoms of third parties.
5. Any person has the right to have factually inaccurate data relating to him corrected or unlawfully stored data relating to him deleted. If the designated authorities receive such a request or if they have any other evidence to suggest that data processed in the VIS is inaccurate they shall immediately inform the visa authority of the Member State which has entered the data in the VIS, which shall check the data concerned and, if necessary, correct or delete it immediately, pursuant to Article 24 of Regulation (EC) No 767/2008.
6. The individual concerned shall be informed as soon as possible and in any event not later than 60 days from the date on which he applies for access or sooner if national law so provides.
7. The individual concerned shall be informed about the follow-up given to the exercise of his rights of correction and deletion as soon as possible and in any event not later than three months from the date on which he applies for correction or deletion or sooner if national law so provides.
8. In each Member State any person shall have the right to bring an action or a complaint before the competent authorities or courts of that Member State which refused the right of access to or the right of correction or deletion of data relating to him, provided for in this Article.
Article 15
Costs
Each Member State and Europol shall set up and maintain, at their expense, the technical infrastructure necessary to implement this Decision, and be responsible for bearing the costs resulting from access to the VIS for the purposes of this Decision.
Article 16
Keeping of records
1. Each Member State and Europol shall ensure that all data processing operations resulting from access to the VIS for consultation pursuant to this Decision are recorded for the purposes of checking whether the search is admissible or not, for the purpose of monitoring the lawfulness of data processing, for self-monitoring, ensuring the proper functioning of the system, data integrity and security.
Those records shall show:
(a) | the exact purpose of the access for consultation referred to in Article 5(1)(a), including the form of terrorist offence or other serious criminal offence concerned, and for Europol, the exact purpose of the access for consultation referred to in Article 7(1); |
(b) | the respective national file reference; |
(c) | the date and exact time of access; |
(d) | where applicable that use has been made of the procedure referred to in Article 4(2); |
(e) | the data used for consultation; |
(f) | the type of data consulted; |
(g) | according to national rules or the rules of the Europol Convention the identifying mark of the official who carried out the search and of the official who ordered the search or supply. |
2. Records containing personal data shall be used only for the data protection monitoring of the legality of data processing as well as to ensure data security. Only records containing data of a non-personal nature may be used for the monitoring and evaluation referred to in Article 17.
3. These records shall be protected by appropriate measures against unauthorised access and abuse and deleted after a period of one year after the retention period referred to in Article 23(1) of Regulation (EC) No 767/2008 has expired, unless they are required for monitoring procedures referred to in paragraph 2 of this Article which have already begun.
Article 17
Monitoring and evaluation
1. The Management Authority referred to in Regulation (EC) No 767/2008 shall ensure that systems are in place to monitor the functioning of the VIS pursuant to this Decision against objectives, in terms of output, cost-effectiveness, security and quality of service.
2. For the purpose of technical maintenance, the Management Authority shall have access to the necessary information relating to the processing operations performed in the VIS.
3. Two years after the VIS is brought into operation and every two years thereafter, the Management Authority shall submit a report to the European Parliament, the Council and the Commission on the technical functioning of the VIS pursuant to this Decision. That report shall include information on the performance of the VIS against quantitative indicators predefined by the Commission, and in particular on the need and use made of Article 4(2).
4. Three years after the VIS is brought into operation and every four years thereafter, the Commission shall produce an overall evaluation of the VIS pursuant to this Decision. This evaluation shall include an examination of the results achieved against objectives and an assessment of the continuing validity of the underlying rationale behind this Decision, the application of this Decision in respect of the VIS, the security of the VIS and any implications for future operations. The Commission shall transmit the evaluation reports to the European Parliament and the Council.
5. The Member States and Europol shall provide to the Management Authority and the Commission the information necessary to draft the reports referred to in paragraph 3 and 4. This information shall not jeopardise working methods nor include information that reveals sources, staff members or investigations of the designated authorities.
6. The Management Authority shall provide the Commission with the information necessary to produce the overall evaluations referred to in paragraph 4.
7. During the transitional period before the Management Authority takes up its responsibilities, the Commission shall be responsible for producing and submitting the reports referred to in paragraph 3.
Article 18
Entry into force and date of application
1. This Decision shall enter into force on the 20th day following its publication in the Official Journal of the European Union.
2. This Decision shall take effect from a date to be determined by the Council once the Commission has informed the Council that Regulation (EC) No 767/2008 has entered into force and is fully applicable.
The General Secretariat of the Council shall publish that date in the Official Journal of the European Union.