The Schengen Information System (SIS II) was established by Regulation (EC) No 1987/2006 of the European Parliament and of the Council (2) and by Council Decision 2007/533/JHA (3). Regulation (EC) No 1987/2006 and Decision 2007/533/JHA provide that the Commission is to be responsible, during a transitional period, for the operational management of the central system of SIS II (Central SIS II). After that transitional period, a Management Authority is to be responsible for the operational management of Central SIS II and certain aspects of the communication infrastructure.
(2)
The Visa Information System (VIS) was established by Council Decision 2004/512/EC (4). Regulation (EC) No 767/2008 of the European Parliament and of the Council (5) provides that the Commission is to be responsible, during a transitional period, for the operational management of the VIS. After that transitional period, a Management Authority is to be responsible for the operational management of the central VIS and of the national interfaces and for certain aspects of the communication infrastructure.
(3)
Eurodac was established by Council Regulation (EC) No 2725/2000 (6). Council Regulation (EC) No 407/2002 (7) laid down necessary implementing rules. Those legal acts were repealed and replaced by Regulation (EU) No 603/2013 of the European Parliament and of the Council (8) with effect from 20 July 2015.
(4)
The European Agency for the operational management of large-scale IT (information technology) systems in the area of freedom, security and justice, commonly referred to as eu-LISA, was established by Regulation (EU) No 1077/2011 of the European Parliament and of the Council (9) in order to ensure the operational management of SIS, the VIS and Eurodac and of certain aspects of their communication infrastructures and potentially that of other large-scale IT systems in the area of freedom, security and justice, subject to the adoption of separate Union legal acts. Regulation (EU) No 1077/2011 was amended by Regulation (EU) No 603/2013 in order to reflect the changes introduced to Eurodac.
(5)
Since the Management Authority required legal, administrative and financial autonomy, it was established in the form of a regulatory agency (the ‘Agency’) with legal personality. As was agreed, the seat of the Agency was established in Tallinn, Estonia. However, since the tasks relating to the technical development and the preparation for the operational management of SIS II and the VIS were already being carried out in Strasbourg, France, and a backup site for those systems had been installed in Sankt Johann im Pongau, Austria, in line also with the locations of SIS II and the VIS as established under the relevant Union legal acts, this should continue to be the case. Those two sites should also continue to be the locations, respectively, where the tasks relating to operational management of Eurodac are carried out and where a backup site for Eurodac is established. Those two sites should also be the locations, respectively, for the technical development and operational management of other large-scale IT systems in the area of freedom, security and justice and for a backup site capable of ensuring the operation of a large-scale IT system in the event of failure of that large-scale IT system. In order to maximise the possible use of the backup site, that site could also be used to operate systems simultaneously provided that it remains capable of ensuring their operation in the event of failure of one or more of the systems. Due to the high-security, high-availability and mission-critical nature of the systems, if the hosting capacity of the existing technical sites becomes insufficient, it should be possible for the Agency’s Management Board (the Management Board), where justified on the basis of an independent impact assessment and cost-benefit analysis, to propose the establishment of a second separate technical site either in Strasbourg or in Sankt Johann im Pongau or in both locations, as required, in order to host the systems. The Management Board should consult the Commission and take its views into account before notifying the European Parliament and the Council (the ‘budgetary authority’) of its intention to implement any project related to property.
(6)
Since taking up its responsibilities on 1 December 2012, the Agency took over the tasks conferred on the Management Authority in relation to the VIS by Regulation (EC) No 767/2008 and Council Decision 2008/633/JHA (10). In April 2013, the Agency also took over the tasks conferred on the Management Authority in relation to SIS II by Regulation (EC) No 1987/2006 and Decision 2007/533/JHA after SIS II went live and, in June 2013, it took over the tasks conferred on the Commission in relation to Eurodac in accordance with Regulations (EC) No 2725/2000 and (EC) No 407/2002.
(7)
The first evaluation of the Agency’s work, based on an independent external evaluation and carried out in the period 2015-2016 concluded that the Agency effectively ensures the operational management of the large-scale IT systems and other tasks entrusted to it but also that a number of changes to Regulation (EU) No 1077/2011 are necessary such as the transfer to the Agency of the communication infrastructure tasks retained by the Commission. Building on that external evaluation, the Commission took into account policy, legal and factual developments and proposed, in particular in its report of 29 June 2017 on the functioning of the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA) (the evaluation report), that the mandate of the Agency be extended to carry out the tasks deriving from the adoption by the co-legislators of legislative proposals entrusting new systems to the Agency and the tasks referred to in the Commission’s Communication of 6 April 2016 entitled ‘Stronger and Smarter Information Systems for Borders and Security’, in the High-Level Expert Group on Information Systems and Interoperability’s final report of 11 May 2017 and in the Commission’s Communication of 16 May 2017 entitled ‘Seventh progress report towards an effective and genuine Security Union’, subject to the adoption of the relevant Union legal acts, where required. In particular, the Agency should be tasked with the development of solutions regarding interoperability defined in the Communication of 6 April 2016 as the ability of information systems to exchange data and to enable the sharing of information.
Where relevant, any actions carried out with regard to interoperability should be guided by the Commission’s Communication of 23 March 2017 entitled ‘European Interoperability Framework — Implementation Strategy’. Annex 2 of that Communication provides the general guidelines, recommendations and best practices for achieving interoperability or for, at least, creating the environment to achieve better interoperability when designing, implementing and managing European public services.
(8)
The evaluation report also concluded that the Agency’s mandate should be extended to enable it to provide Member States with advice with regard to the connection of national systems to the central systems of the large-scale IT systems it manages (the ‘systems’) and with ad hoc assistance and support, where requested, and to provide the Commission services with assistance and support on technical issues related to new systems.
(9)
The Agency should be entrusted with the preparation, development and operational management of the Entry/Exit System (EES), established by Regulation (EU) 2017/2226 of the European Parliament and of the Council (11).
(10)
The Agency should also be entrusted with the operational management of DubliNet, a separate secure electronic transmission channel set up under Article 18 of Commission Regulation (EC) No 1560/2003 (12), which Member States’ competent asylum authorities should use for the exchange of information on applicants for international protection.
(11)
The Agency should further be entrusted with the preparation, development and operational management of the European Travel Information and Authorisation System (ETIAS), established by Regulation (EU) 2018/1240 of the European Parliament and of the Council (13).
(12)
The core function of the Agency should continue to be the fulfilment of the operational management tasks for SIS II, the VIS, Eurodac, the EES, DubliNet, ETIAS and, if so decided, other large-scale IT systems in the area of freedom, security and justice. The Agency should also be responsible for technical measures required as a result of the non-normative tasks with which it is entrusted. Those responsibilities should be without prejudice to the normative tasks reserved for the Commission alone or for the Commission assisted by a Committee in the respective Union legal acts governing the systems.
(13)
The Agency should be able to implement technical solutions in order to comply with the availability requirements laid down in the Union legal acts governing the systems, while fully respecting the specific provisions of those acts with regard to the technical architecture of the respective systems. Where those technical solutions require a duplication of a system or a duplication of components of a system, an independent impact assessment and cost-benefit analysis should be carried out and a decision should be taken by the Management Board following the consultation of the Commission. That impact assessment should also include an examination of the hosting capacity needs of the existing technical sites related to the development of such technical solutions and the possible risks related to the current operational set up.
(14)
It is no longer justified for the Commission to retain certain tasks related to the communication infrastructure of the systems and those tasks should therefore be transferred to the Agency in order to improve the coherence of the management of the communication infrastructure. However, for those systems that use EuroDomain, a secured communication infrastructure provided by TESTA-ng (Trans-European Services for Telematics between Administrations-new generation) and set up as part of the ISA Programme that was established by Decision No 922/2009/EC of the European Parliament and of the Council (14) and continued as part of the ISA2 Programme that was established by Decision (EU) 2015/2240 of the European Parliament and of the Council (15), the tasks in relation to the implementation of the budget, acquisition and renewal and contractual matters should be retained by the Commission.
(15)
The Agency should be able to entrust tasks relating to the delivery, setting up, maintenance and monitoring of the communication infrastructure to external private-sector entities or bodies in accordance with Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council (16). The Agency should have sufficient budgetary and staff resources at its disposal in order to limit as much as possible the need to outsource its tasks and duties to external private-sector entities or bodies.
(16)
The Agency should continue to perform tasks relating to training on the technical use of SIS II, the VIS and Eurodac and other systems entrusted to it in the future.
(17)
In order to contribute to evidence-based Union migration and security policy-making and to the monitoring of the proper functioning of the systems, the Agency should compile and publish statistics and produce statistical reports and make them available to relevant actors in accordance with the Union legal acts governing the systems, for example in order to monitor the implementation of Council Regulation (EU) No 1053/2013 (17) and for the purposes of carrying out risk analysis and vulnerability assessment in accordance with Regulation (EU) 2016/1624 of the European Parliament and of the Council (18).
(18)
It should be possible to make the Agency responsible for the preparation, development and operational management of additional large-scale IT systems pursuant to Articles 67 to 89 of the Treaty on the Functioning of the European Union (TFEU). Possible examples of such systems could be the centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons to supplement and support the European Criminal Records Information System (ECRIS-TCN system) or the computerised system for cross-border communication in civil and criminal proceedings (e-CODEX). However, the Agency should be entrusted with such systems only by means of subsequent and separate Union legal acts, preceded by an impact assessment.
(19)
The mandate of the Agency with regard to research should be extended in order to increase its ability to be more proactive in suggesting relevant and necessary technical changes to the systems. The Agency should not only be able to monitor research activities relevant to the operational management of the systems but also be able to contribute to the implementation of relevant parts of the European Union Framework Programme for Research and Innovation, where the Commission delegates the relevant powers to the Agency. At least once a year, the Agency should provide information on such monitoring to the European Parliament, to the Council and, where the processing of personal data is concerned, to the European Data Protection Supervisor.
(20)
It should be possible for the Commission to entrust the Agency with responsibility for carrying out pilot projects of an experimental nature designed to test the feasibility of an action and its usefulness, which may be implemented without a basic act in accordance with Regulation (EU, Euratom) 2018/1046. In addition, it should be possible for the Commission to entrust the Agency with budget implementation tasks for proofs of concept funded under the instrument for financial support for external borders and visa established by Regulation (EU) No 515/2014 of the European Parliament and of the Council (19) in accordance with Regulation (EU, Euratom) 2018/1046, after informing the European Parliament. It should also be possible for the Agency to plan and implement testing activities on matters strictly covered by this Regulation and the Union legal acts governing the development, establishment, operation and use of the systems, such as testing virtualisation concepts. When tasked with carrying out a pilot project, the Agency should pay particular attention to the European Union Information Management Strategy.
(21)
The Agency should, as regards the connection of national systems to the central systems provided for in the Union legal acts governing the systems, provide advice to Member States at their request.
(22)
The Agency should also provide ad hoc support to Member States at their request, subject to the procedure set out in this Regulation, where required by extraordinary security or migratory challenges or needs. In particular, a Member State should be able to request and rely on operational and technical reinforcement where that Member State faces specific and disproportionate migratory challenges at particular areas of its external borders characterised by large inward migratory flows. Such reinforcement should be provided in hotspot areas by migration management support teams composed of experts from relevant Union agencies. Where the support of the Agency is required in this context with regard to issues related to the systems, the Member State concerned should transmit a request for support to the Commission, which, following its assessment that such support is effectively justified, should transmit the request for support without delay to the Agency. The Agency should, inform the Management Board of such requests. The Commission should also monitor whether the Agency provides a timely response to the request for ad hoc support. The Agency’s annual activity report should report in detail on the actions the Agency has carried out to provide ad hoc support to Member States and on the costs incurred in that respect.
(23)
The Agency should also support the Commission services on technical issues related to existing or new systems, where requested, in particular for the preparation of new proposals on large-scale IT systems to be entrusted to the Agency.
(24)
It should be possible for a group of Member States to entrust the Agency with the development, management or hosting of a common IT component in order to assist them with the implementation of technical aspects of obligations deriving from Union legal acts regarding decentralised IT systems in the area of freedom, security and justice. This should be without prejudice to the obligations of those Member States under the applicable Union legal acts, in particular with regard to the architecture of those systems. This should require prior approval by the Commission, be subject to a positive decision of the Management Board, be reflected in a delegation agreement between the Member States concerned and the Agency and be financed fully by the Member States concerned. The Agency should inform the European Parliament and the Council of the approved delegation agreement and of any modifications thereto. Other Member States should be able to participate in such common IT solutions provided that this possibility is provided for in the delegation agreement and that the necessary amendments are made thereto. This task should not adversely affect the Agency’s operational management of the systems.
(25)
Entrusting the Agency with the operational management of large-scale IT systems in the area of freedom, security and justice should not affect the specific rules applicable to those systems. In particular, the specific rules governing the purpose, access rights, security measures and further data protection requirements for each such system are fully applicable.
(26)
In order to monitor effectively the functioning of the Agency, the Member States and the Commission should be represented on the Management Board. The Management Board should be entrusted with the necessary functions, in particular to adopt the annual work programme, to carry out its functions relating to the Agency’s budget, to adopt the financial rules applicable to the Agency and to establish procedures for taking decisions relating to the operational tasks of the Agency by the Executive Director. The Management Board should carry out those tasks in an efficient and transparent way. Following the organisation of an appropriate selection procedure by the Commission, and following a hearing of the proposed candidates in the competent committee or committees of the European Parliament, the Management Board should also appoint an Executive Director.
(27)
Considering that the number of large-scale IT systems entrusted to the Agency will have increased significantly by 2020 and that the tasks of the Agency are being considerably enhanced, there will be a corresponding large increase in staff of the Agency up until 2020. A position of Deputy Executive Director of the Agency should therefore be created, taking also into account the fact that the tasks relating to the development and operational management of the systems will require increased and dedicated oversight and that the headquarters and technical sites of the Agency are spread over three Member States. The Management Board should appoint the Deputy Executive Director.
(28)
The Agency should be governed and operated taking into account the principles of the Common approach on Union decentralised agencies adopted on 19 July 2012 by the European Parliament, the Council and the Commission.
(29)
As regards SIS II, the European Union Agency for Law Enforcement Cooperation (Europol) and the European Judicial Cooperation Unit (Eurojust), which both have the right to access and directly search data entered in SIS II pursuant to Decision 2007/533/JHA, should have observer status at the meetings of the Management Board when a question in relation to the application of that Decision is on the agenda. The European Border and Coast Guard Agency, which has the right to access and search SIS II pursuant to Regulation (EU) 2016/1624, should have observer status at the meetings of the Management Board when a question in relation to the application of that Regulation is on the agenda. Europol, Eurojust and the European Border and Coast Guard Agency should each be able to appoint a representative to the SIS II Advisory Group established under this Regulation.
(30)
As regards the VIS, Europol should have observer status at the meetings of the Management Board, when a question in relation to the application of Decision 2008/633/JHA is on the agenda. Europol should be able to appoint a representative to the VIS Advisory Group established under this Regulation.
(31)
As regards Eurodac, Europol should have observer status at the meetings of the Management Board, when a question in relation with the application of Regulation (EU) No 603/2013 is on the agenda. Europol should be able to appoint a representative to the Eurodac Advisory Group established under this Regulation.
(32)
As regards the EES, Europol should have observer status at the meetings of the Management Board when a question concerning Regulation (EU) 2017/2226 is on the agenda.
(33)
As regards ETIAS, Europol should have observer status at the meetings of the Management Board when a question concerning Regulation (EU) 2018/1240 is on the agenda. The European Border and Coast Guard Agency should also have observer status at the meetings of the Management Board when a question concerning ETIAS in relation with the application of that Regulation is on the agenda. Europol and the European Border and Coast Guard Agency should be able to appoint a representative to the EES-ETIAS Advisory Group established under this Regulation.
(34)
Member States should have voting rights on the Management Board concerning a large-scale IT system, where they are bound under Union law by any Union legal act governing the development, establishment, operation and use of that particular system. Denmark should also have voting rights in relation to a large-scale IT system if it decides, under Article 4 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union (TEU) and to the TFEU, to implement the Union legal act governing the development, establishment, operation and use of that particular system in its national law.
(35)
Member States should appoint a member to the Advisory Group of a large-scale IT system if they are bound under Union law by any Union legal act governing the development, establishment, operation and use of that particular system. Denmark should, in addition, appoint a member to the Advisory Group of a large-scale IT system if it decides, under Article 4 of Protocol No 22, to implement the Union legal act governing the development, establishment, operation and use of that particular system in its national law. Advisory Groups should cooperate with each other when necessary.
(36)
In order to guarantee its full autonomy and independence and to enable it to properly fulfil the objectives and to perform the tasks assigned to it by this Regulation, the Agency should be granted an adequate and autonomous budget with revenue from the general budget of the Union. The financing of the Agency should be subject to an agreement between the European Parliament and the Council as set out in point 31 of the Interinstitutional Agreement of 2 December 2013 between the European Parliament, the Council and the Commission on budgetary discipline, on cooperation in budgetary matters and sound financial management (20). The Union budgetary and discharge procedures should apply. The auditing of accounts and of the legality and regularity of the underlying transactions should be undertaken by the Court of Auditors.
(37)
For the purpose of fulfilling its mission and to the extent required for the accomplishment of its tasks, the Agency should be allowed to cooperate with Union institutions, bodies, offices and agencies, in particular those established in the area of freedom, security and justice, in matters covered by this Regulation and the Union legal acts governing the development, establishment, operation and use of the systems in the framework of working arrangements concluded in accordance with Union law and policy and within the framework of their respective competences. Where so provided by a Union legal act, the Agency should also be allowed to cooperate with international organisations and other relevant entities and should be able to conclude working arrangements for that purpose. Those working arrangements should receive the Commission’s prior approval and be authorised by the Management Board. The Agency should also consult and follow up on the recommendations of the European Union Agency for Network and Information Security (ENISA), established by Regulation (EU) No 526/2013 of the European Parliament and of the Council (21), regarding network and information security, where appropriate.
(38)
When ensuring the development and the operational management of the systems, the Agency should follow European and international standards, taking into account the highest professional requirements, in particular the European Union Information Management Strategy.
(39)
Regulation (EU) 2018/1725 of the European Parliament and of the Council (22) should apply to the processing of personal data by the Agency, without prejudice to the provisions on data protection laid down in the Union legal acts governing the development, establishment, operation and use of the systems, which should be consistent with Regulation (EU) 2018/1725. In order to maintain security and to prevent processing in infringement of Regulation (EU) 2018/1725 and of the Union legal acts governing the systems, the Agency should evaluate the risks inherent in the processing and implement measures to mitigate those risks, such as encryption. Those measures should ensure an appropriate level of security, including confidentiality, taking into account the state of the art and the costs of implementation in relation to the risks and the nature of the personal data to be protected. In assessing data security risk, consideration should be given to the risks that are presented by personal data processing, such as accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed which may in particular lead to physical, material or non-material damage. The European Data Protection Supervisor should be able to obtain from the Agency access to all information necessary for his or her enquiries. In accordance with Regulation (EC) No 45/2001 of the European Parliament and of the Council (23), the Commission consulted the European Data Protection Supervisor, who delivered an opinion on 10 October 2017.
(40)
In order to ensure the transparent operation of the Agency, Regulation (EC) No 1049/2001 of the European Parliament and of the Council (24) should apply to the Agency. The Agency should be as transparent as possible with regard to its activities, without jeopardising the attainment of the objective of its operations. It should make public information on all of its activities. It should likewise ensure that the public and any interested party are promptly given information with regard to its work.
(41)
The activities of the Agency should be subject to the scrutiny of the European Ombudsman in accordance with Article 228 TFEU.
(42)
Regulation (EU, Euratom) No 883/2013 of the European Parliament and of the Council (25) should apply to the Agency, which should accede to the Interinstitutional Agreement of 25 May 1999 between the European Parliament, the Council of the European Union and the Commission of the European Communities concerning internal investigations by the European Anti-Fraud Office (OLAF) (26).
(43)
Council Regulation (EU) 2017/1939 (27), concerning the establishment of the European Public Prosecutor’s Office, should apply to the Agency.
(44)
In order to ensure open and transparent employment conditions and equal treatment of staff, the Staff Regulations of Officials of the European Union (‘Staff Regulations of Officials’) and the Conditions of Employment of Other Servants of the European Union (‘Conditions of Employment of other Servants’), laid down in Council Regulation (EEC, Euratom, ECSC) No 259/68 (28) (together referred to as the ‘Staff Regulations’), should apply to the staff (including the Executive Director and the Deputy Executive Director of the Agency), including the rules of professional secrecy or other equivalent duties of confidentiality.
(45)
Since the Agency is a body set up by the Union within the meaning of Regulation (EU, Euratom) 2018/1046, the Agency should adopt its financial rules accordingly.
(46)
Commission Delegated Regulation (EU) No 1271/2013 (29) should apply to the Agency.
(47)
The Agency, as established by this Regulation, replaces and succeeds the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, as established by Regulation (EU) No 1077/2011. It should therefore be the legal successor in respect of all contracts concluded by, liabilities incumbent upon, and properties acquired by, the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice as established by Regulation (EU) No 1077/2011. This Regulation should not affect the legal force of agreements, working arrangements and memoranda of understanding concluded by the Agency as established by Regulation (EU) No 1077/2011, without prejudice to any amendments thereto as required by this Regulation.
(48)
To enable the Agency to continue to fulfil the tasks of the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, as established by Regulation (EU) No 1077/2011, to the best of its abilities, transitional measures should be laid down, in particular with regard to the Management Board, the Advisory Groups, the Executive Director and the internal rules adopted by the Management Board.
(49)
This Regulation aims to amend and expand the provisions of Regulation (EU) No 1077/2011. Since the amendments to be made by this Regulation are of a substantial number and nature, Regulation (EU) No 1077/2011 should, in the interests of clarity, be replaced in its entirety in relation to the Member States bound by this Regulation. The Agency, as established by this Regulation, should replace and assume the functions of the Agency, as established by Regulation (EU) No 1077/2011 and, as a consequence, that Regulation should be repealed.
(50)
Since the objectives of this Regulation, namely the establishment of an Agency at Union level responsible for the operational management and, where appropriate, the development of large-scale IT systems in the area of freedom, security and justice, cannot be sufficiently achieved by the Member States, but can rather, by reason of the scale and effects of the action, be better achieved at Union level, the Union may adopt measures in accordance with the principle of subsidiarity as set out in Article 5 TEU. In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary to achieve those objectives.
(51)
In accordance with Articles 1 and 2 of Protocol No 22, Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application. Given that this Regulation, insofar as it relates to SIS II, the VIS, the EES and ETIAS builds upon the Schengen acquis, Denmark shall, in accordance with Article 4 of that Protocol, decide within a period of six months after the Council has decided on this Regulation whether it will implement it in its national law. In accordance with Article 3 of the Agreement between the European Community and the Kingdom of Denmark on the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in Denmark or any other Member State of the European Union and ‘Eurodac’ for the comparison of fingerprints for the effective application of the Dublin Convention (30), Denmark is to notify the Commission whether it will implement the contents of this Regulation, insofar as it relates to Eurodac and DubliNet.
(52)
Insofar as its provisions relate to SIS II as governed by Decision 2007/533/JHA, the United Kingdom is taking part in this Regulation, in accordance with Article 5(1) of Protocol No 19 on the Schengen acquis integrated into the framework of the European Union, annexed to the TEU and to the TFEU, and Article 8(2) of Council Decision 2000/365/EC (31). Insofar as its provisions relate to SIS II as governed by Regulation (EC) No 1987/2006 and to the VIS, to the EES and to ETIAS, this Regulation constitutes a development of the provisions of the Schengen acquis in which the United Kingdom does not take part, in accordance with Decision 2000/365/EC; the United Kingdom requested, by its letter of 19 July 2018 to the President of the Council, to be authorised to take part in this Regulation, in accordance with Article 4 of Protocol No 19. By virtue of Article 1 of Council Decision (EU) 2018/1600 (32), the United Kingdom has been authorised to take part in this Regulation. Furthermore, insofar as its provisions relate to Eurodac and DubliNet, the United Kingdom notified its wish to take part in the adoption and application of this Regulation by its letter of 23 October 2017 to the President of the Council, in accordance with Article 3 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the TEU and to the TFEU. The United Kingdom therefore takes part in the adoption of this Regulation, is bound by it and subject to its application.
(53)
Insofar as its provisions relate to SIS II as governed by Decision 2007/533/JHA, Ireland could, in principle, take part in this Regulation, in accordance with Article 5(1) of Protocol No 19 and Article 6(2) of Council Decision 2002/192/EC (33). Insofar as its provisions relate to SIS II as governed by Regulation (EC) No 1987/2006 and to the VIS, to the EES and to ETIAS, this Regulation constitutes a development of the provisions of the Schengen acquis in which Ireland does not take part, in accordance with Decision 2002/192/EC; Ireland has not requested to take part in the adoption of this Regulation, in accordance with Article 4 of Protocol No 19. Ireland is therefore not taking part in the adoption of this Regulation and is not bound by it or subject to its application to the extent that its measures develop provisions of the Schengen acquis as they relate to SIS II as governed by Regulation (EC) No 1987/2006, to the VIS, to the EES and to ETIAS. Furthermore, insofar as its provisions relate to Eurodac and DubliNet, in accordance with Articles 1 and 2 and Article 4a(1) of Protocol No 21, Ireland is not taking part in the adoption of this Regulation and is not bound by it or subject to its application. Since it is not possible, under these circumstances, to ensure that this Regulation is applicable in its entirety to Ireland, as required by Article 288 TFEU, Ireland is not taking part in the adoption of this Regulation and is not bound by it or subject to its application, without prejudice to its rights under Protocols No 19 and No 21.
(54)
As regards Iceland and Norway, this Regulation constitutes, insofar as it relates to SIS II and the VIS, to the EES and to ETIAS, a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis (34) which fall within the area referred to in Article 1, points A, B and G of Council Decision 1999/437/EC (35). As regards Eurodac and DubliNet, this Regulation constitutes a new measure within the meaning of the Agreement between the European Community and the Republic of Iceland and the Kingdom of Norway concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Iceland or Norway (36). Consequently, subject to their decision to implement it in their internal legal order, delegations of the Republic of Iceland and the Kingdom of Norway should participate in the Management Board of the Agency. In order to determine further detailed rules allowing for the participation of the Republic of Iceland and the Kingdom of Norway in the activities of the Agency, a further arrangement should be concluded between the Union and these States.
(55)
As regards Switzerland, this Regulation constitutes, insofar as it relates to SIS II and the VIS, to the EES and to ETIAS, a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation concerning the association of the Swiss Confederation with the implementation, application and development of the Schengen acquis (37) which fall within the area referred to in Article 1, points A, B and G of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/146/EC (38). As regards Eurodac and DubliNet, this Regulation constitutes a new measure related to Eurodac within the meaning of the Agreement between the European Community and the Swiss Confederation concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Switzerland (39). Consequently, subject to its decision to implement it in their internal legal order, the delegation of the Swiss Confederation should participate in the Management Board of the Agency. In order to determine further detailed rules allowing for the participation of the Swiss Confederation in the activities of the Agency, a further arrangement should be concluded between the Union and the Swiss Confederation.
(56)
As regards Liechtenstein, this Regulation constitutes, insofar as it relates to SIS II and the VIS, to the EES and to ETIAS, a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (40) which fall within the area referred to in Article 1, points A, B and G of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU (41).
As regards Eurodac and DubliNet, this Regulation constitutes a new measure within the meaning of the Protocol between the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Community and the Swiss Confederation concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Switzerland (42). Consequently, subject to its decision to implement it in its internal legal order, the delegation of the Principality of Liechtenstein should participate in the Management Board of the Agency. In order to determine further detailed rules allowing for the participation of the Principality of Liechtenstein in the activities of the Agency, a further arrangement should be concluded between the Union and the Principality of Liechtenstein,