Council of the

European Union


Brussels, 7 March 2016
(OR. en)
PUBLIC
    6704/16

LIMITE

JAI 177
DAPIX 29
ENFOPOL 53
COMIX 173
ENFOCUSTOM 31

CRIMORG 11
SCHENGEN 5
VISA 54
SIRIS 32
COPEN 65
ASIM 21

FRONT 105
NOTE
From:
Presidency
To:
Working Party on Information Exchange and Data Protection (DAPIX)
No. prev. doc.:
ST 7779/1/15 REV 1
Subject:
Manual on Law Enforcement Information Exchange

DOCUMENT PARTIALLY ACCESSIBLE TO THE PUBLIC (15.09.2016)

1.  Introduction
The Manual on Law Enforcement Information Exchange aims at complementing the handbook on
cross-border cooperation (10505/4/09 REV4 ENFOPOL 157 ENFOCUSTOM 55 CRIMORG 90
COMIX 465). Both content and structure of the manual and the national fact sheets have been
endorsed by DAPIX in the framework of the Information Management Strategy (IMS) for EU
internal security in view of supporting, streamlining and facilitating cross-border information
exchange.
It was agreed to update the manual twice a year, as necessary in the light of new legislation,
practical experience, or changes to the contact details of the authorities concerned. The current
version is the first version of 2016 and the modifications mainly regard contact details in the
national fact sheets.

6704/16

GB/jg
1

DGD 1C
LIMITE
EN

Conseil UE

2. Purpose of the manual
The manual is primarily intended as a tool for police officers working in the area of International
Liaison and in particular for so-called ‘SPOC’ operators. Accordingly, it should be as user-
friendly and comprehensive as possible.
The manual aims to inform and facilitate practical day-to-day cooperation between different
Member States' authorities involved in police information exchange at both national and
international level, to serve training purposes and ensure that better informed decisions will be
made when it comes to seeking and exchanging information across borders.
The manual contains an overview of all EU systems, legal bases and instruments of information
exchange available to the law enforcement authorities of the Member States. This way, the user is
fully informed of the available options when it comes to deciding how to seek or provide
information across borders.
Finally, national fact sheets setting out relevant contact details and information available for cross-
border exchange complete the manual. By regularly up-dating these sheets, Member States will
have complied with the many notification obligations under the different instruments. These
national sheets should make it easier to manage and to find the necessary information.
The manual incorporates these national fact sheets as well as the essential practical information on
Council Framework Decision 2006/960/JHA ('Swedish Framework Decision' - SFD) and replaces
the former SFD guidelines (9512/10 CRIMORG 90 ENFOPOL 125 ENFOCUSTOM 36
COMIX 346).

6704/16

GB/jg
2

DGD 1C
LIMITE
EN

3.  Content of the manual
The manual is divided into three parts, which are drafted so as to be consulted separately from each
other, depending on the reader's intention.
The first part of the manual consists of checklists providing a pragmatic overview of options for
information exchange and related practical aspects. These checklists help guide the user towards the
appropriate contact point for the exchange of information based on lists of available systems and
methods within the following key operational contexts:
–
prevention and investigation of criminal offences (and illegal immigration)
–
combating terrorism
–
maintaining public order and security
Secondly, a general description presents both the national bodies involved in information exchange
and the instruments for information exchange. The manual makes reference to the central role of
Council Framework Decision 2006/960/JHA ('Swedish Framework Decision') and Council
Decision 2008/615/JHA ('Prüm Decision') within the wider sphere of EU information exchange.
However, the handbook is not limited to these instruments.
Finally, the manual is completed by a compilation consisting of national fact sheets for each
Member State, containing practical details on contact points relevant for the cross-border
exchange of information.
4.  Way forward
The drafting of the proposed manual was included as an action point in the 3rd Action List of the
Information Management Strategy and the current draft of the manual was drawn up during the
Irish, Cypriot, Greek, Italian and Latvian Presidencies.
A subgroup from within the DAPIX delegations was convened under the Irish Presidency in 2013
to commence drafting based on feedback received from Member States, particularly during the
Infopolex Seminar in Budapest in March 2013.
The Presidency submits the draft manual to delegations and invites them to approve this draft.

6704/16

GB/jg
3

DGD 1C
LIMITE
EN

ANNEX

© queidea - Fotolia.com

6704/16

GB/jg
4
ANNEX
DGD 1C
LIMITE
EN

INTRODUCTION

6704/16

GB/jg
8
ANNEX
DGD 1C
LIMITE
EN

Purpose of this Manual
Cross-border police cooperation within the European Union relies heavily on information exchange.
This manual aims at facilitating day-to-day cooperation in this respect. Its main target audience is
the national SPOC, the Single Point of Contact responsible for managing the information flow
between the different units and designated contact points both at national and international level.
The law enforcement co-operation landscape in Europe is characterised by an increase in and
speeding up of information exchange. On the one hand, it is supported by constantly developing
information and communication technologies. On the other hand, there is a plethora of databases
available, both national and international.
This manual aims to meet the need to find the appropriate contact or database in a specific
operational context. It briefly sets out the relevant legislation without, however, losing sight of its
main purpose: to facilitate cross-border information exchange.
Structure of the manual
The manual is divided into three parts:
PART I  - ‘Operational Context’ - contains a series of tables or ‘checklists’ that match the
information contained in PART II and PART III with either the relevant legal basis or the contact
point information. These checklists are divided into three main thematic areas:
•
preventing and combating crime (and illegal immigration) - Checklist A
•
fighting terrorist offences  - Checklist B
•
maintaining public order  - Checklist C
The purpose of these checklists is to guide the reader from the point chosen as a suitable channel or
method of communication in a specific operational context to the source of contact information or
any appropriate legislation, rules and regulations and best practice manuals.

6704/16

GB/jg
9
ANNEX
DGD 1C
LIMITE
EN

PART II - ‘General Information’ - sets out the law enforcement landscape with regard to the
various communication methods and channels available to EU police forces. This second part is
further broken down into three areas which cover:
•
Communication Channels (i.e. bodies involved in the exchange of law enforcement
information)
•
Information Systems and Databases used in cross-border data exchange
•
Legislation - the legislative context and rules and guidelines relating to the main
communication methods and systems
PART III - 'National Fact Sheets’ - contains national fact sheets with detailed information on
contact points relevant for all aspects of cross-border exchange of information referenced
throughout the document. It is the responsibility of the Member States to notify the General
Secretariat of the Council promptly of any changes. By regularly updating the national fact sheets in
the addendum to the manual, Member States will have complied with the many notification
obligations under the different instruments. This should make it easier to manage and find this
information in the future.

6704/16

GB/jg
10
ANNEX
DGD 1C
LIMITE
EN

PART I - Operational Context

6704/16

GB/jg
11
ANNEX
DGD 1C
LIMITE
EN

CHECKLIST A: INFORMATION EXCHANGE FOR THE PURPOSE OF PREVENTION & INVESTIGATION OF CRIMINAL
OFFENCES
Information system
National access point
Legal basis
Handbook
Schengen Information System / SIS II SIRENE
The Schengen acquis as referred to in
Revised version of the
Article 1(2) of Council Decision
updated Catalogue of
(Supplementary Information
1999/435/EC of 20 May 1999
recommendations for the
Request at the National Entry
OJ L 239/1, 22.9.2000
correct application of the
Bureau)
Council Decision 2007/533/JHA,
Schengen acquis and best
OJ L 205/63, 7.8.2007
practices,
13039/11 SCHEVAL 126
Regulation (EC) No 1986/2006
SIRIS 79 COMIX 484
OJ L 381/1, 28.12.2006
Commission Implementing
Regulation (EC) 1987/2006
Decision (EU) 2015/219 of 29
OJ L 381/4, 28.12.2006
January 2015 replacing the
Annex to Implementing
Decision 2013/115/EU on the
Sirene Manual and other
implementing measures for the
second generation Schengen
Information System (SIS II)
(notified under document
C(2015) 326)

6704/16

GB/jg
12
ANNEX
DGD 1C
LIMITE
EN

Europol /
ENU
Council Decision 2009/371/JHA

OJ L 121/37, 15.5.2009
Europol Information System - EIS

Index system
Council Decision 2009/936/JHA
OJL 325/14, 11.12.2009
Analysis Work Files - AWF
Council Decision 2009/968/JHA of
30 November 2009 adopting the rules on
the confidentiality of Europol
information
OJ L 332/17, 17.12.2009
Interpol / I-24/7
NCB
INTERPOL’s Rules on the Processing of
Data  [III/IRPD/GA/2011(2014)]
(National Central Bureau)
Rules on the Control of Information and
Access to INTERPOL’s Files
[II.E/RCIA/GA/2004(2009)]

DNA / PRÜM automated searching of  National Contact Point
Council Decision 2008/615/JHA,

designated national databases
Articles 3 and 4 OJ L 210/1, 6.8.2008
1st step: automated searching
2nd step: supply of further
National legislation

personal data and other
information
Council Framework Decision
2006/960/JHA (SFD)
OJ L 386/89, 29.12.2006,
Corrigendum OJ L 75/26, 15.3.2007

6704/16

GB/jg
13
ANNEX
DGD 1C
LIMITE
EN

Fingerprints / PRÜM automated
National Contact Point
Council Decision 2008/615/JHA,

searching of national AFIS
1st step: automated searching
Article 9
OJ L 210/1, 6.8.2008
2nd step: supply of further
National legislation

personal data and other
Council Framework Decision
information
2006/960/JHA (SFD)
Vehicle Registration Data /
National Contact Point
Council Decision 2008/615/JHA,

PRÜM automated searching of VRD
for incoming requests
Article 12,
databases
OJ L 210/1, 6.8.2008,
for outgoing requests
as above

Visa Information System / VIS
National Central Access points
Council Decision 2004/512/EC

OJ L 213/5, 15.6.2004
Council Decision 2008/633/JHA
OJ L 218/126, 13.8.2008
Declarations concerning Member States'
designated authorities and central access
point(s) for access to Visa Information
System data for consultation in
accordance with Article 3(2) and (3)
respectively of Council Decision
2008/633/JHA  OJ C 236/1, 14.8.2013

6704/16

GB/jg
14
ANNEX
DGD 1C
LIMITE
EN

Eurodac
National competent authorities
Regulation (EU) No 603/2013 of the

European Parliament and of the Council
of 26 June 2013 on the establishment of
'Eurodac' for the comparison of
fingerprints for the effective application
of Regulation (EU) No 604/2013
establishing the criteria and mechanisms
for determining the Member State
responsible for examining an application
for international protection lodged in one
of the Member States by a third-country
national or a stateless person and on
requests for the comparison with Eurodac
data by Member States' law enforcement
authorities and Europol for law
enforcement purposes, and amending
Regulation (EU) No 1077/2011
establishing a European Agency for the
operational management of large-scale IT
systems in the area of freedom, security
and justice (recast)
OJ L 180/1, 29.06.2013
Regulation (EU) No 604/2013 of the
European Parliament and of the Council
of 26 June 2013 establishing the criteria
and mechanisms for determining the
Member State responsible for examining
an application for international protection
lodged in one of the Member States by a
third-country national or a stateless
person
OJ L 180/31, 29.6.2013

6704/16

GB/jg
15
ANNEX
DGD 1C
LIMITE
EN

CIS - Customs Information System
National access points
Council Decision 2009/917/JHA on the

use of information technology for
customs purposes
OJ L 323/20, 10.12.2009
European Criminal Records
National Central Authority
Council Decision 2009/316//JHA
ECRIS - Non-binding Manual for
Information System / ECRIS

OJ L 93/33, 7.4.2009
Practitioners
available in e-format at
CIRCABC
https://circabc.europa.eu
Camden Assets Recovery Inter-
Asset Recovery Office (ARO)
Council Decision (2007/845/JHA) of 6
Manual of Best Practices in
Agency Network (CARIN)
December 2007 concerning cooperation
the fight against financial
between Asset Recovery Offices of the
crime: A collection of good
Member States in the field of tracing and  examples of well-developed
identification of proceeds from, or other
systems in the Member States
property related to crime
to fight financial crime
OJ L 332/103, 18.12.2007

9741/13 JAI 393 COSI 59
CRIMORG 75 ENFOPOL 144
GENVAL 37
FIU.NET
Financial Intelligence Units
Council Decision (2000/642/JHA) of 17
Manual of Best Practices in
(FIU)
October 2000 concerning arrangements
the fight against financial
between financial intelligence units of the  crime: A collection of good
Member States in respect of exchanging
examples of well-developed
information
systems in the Member States
OJ L 271/4, 24.1.2000
to fight financial crime
9741/13 JAI 393 COSI 59
CRIMORG 75 ENFOPOL 144
GENVAL 37

6704/16

GB/jg
16
ANNEX
DGD 1C
LIMITE
EN

CHECKLIST B: INFORMATION EXCHANGE FOR THE PURPOSE OF COMBATING TERRORIST OFFENCES
Information system
National Access point
Legal basis
Handbook
Schengen Information System / SIS II SIRENE
The Schengen acquis as referred to in
Revised version of the
Article 1(2) of Council Decision
updated Catalogue of
(Supplementary Information
1999/435/EC of 20 May 1999
recommendations for the
Request at the National Entry
OJ L 239/1, 22.9.2000
correct application of the
Schengen acquis and best
Bureau)
Council Decision 2007/533/JHA,
OJ L 205/63, 7.8.2007
practices,
13039/11 SCHEVAL 126
Regulation (EC) No 1986/2006
SIRIS 79 COMIX 484
OJ L 381/1, 28.12.2006
Commission Implementing
Regulation (EC) 1987/2006
Decision (EU) 2015/219 of
OJ L 381/4, 28.12.2006
29 January 2015 replacing
the Annex to Implementing
Decision 2013/115/EU on
the Sirene Manual and
other implementing
measures for the second
generation Schengen
Information System (SIS II)
(notified under document
C(2015) 326)
Europol /
ENU
Council Decision 2009/371/JHA

OJ L 121/37, 15.5.2009
Europol Information System - EIS

Index system
Council Decision 2009/936/JHA
OJL 325/14, 11.12.2009

6704/16

GB/jg
17
ANNEX
DGD 1C
LIMITE
EN

Analysis Work Files - AWF
Council Decision 2009/968/JHA of
30 November 2009 adopting the rules on
the confidentiality of Europol
information
OJ L 332/17, 17.12.2009
Interpol / I-24/7
NCB
Interpol's Rules on the Processing of Data
[III/IRPD/GA/2011(2014)]
(National Central Bureau)
Rules on the Control of Information and
Access to Interpol’s Files
[II.E/RCIA/GA/2004(2009)]

DNA / PRÜM automated searching of  National Contact Point
Council Decision 2008/615/JHA,

designated national databases
1st step: automated searching
Articles 3 and 4 OJ L 210/1, 6.8.2008
2nd step: supply of further

personal data and other
National legislation
information
Council Framework Decision
2006/960/JHA (SFD)
OJ L 386/89, 29.12.2006,
Corrigendum OJ L 75/26, 15.3.2007
Fingerprints / PRÜM automated
National Contact Point
Council Decision 2008/615/JHA,

searching of national AFIS
1st step: automated searching
Article 9
OJ L 210/1, 6.8.2008
2nd step: supply of further

personal data and other
National legislation
information
Council Framework Decision
2006/960/JHA (SFD)

6704/16

GB/jg
18
ANNEX
DGD 1C
LIMITE
EN

Vehicle Registration Data /
National Contact Point
Council Decision 2008/615/JHA,

PRÜM automated searching of VRD
Article 12,
databases
for incoming requests
OJ L 210/1, 6.8.2008,
for outgoing requests
as above

DNA / PRÜM automated searching of  National Contact Point
Council Decision 2008/615/JHA,
Implementation Guide - DNA
designated national databases
Articles 3 and 4 OJ L 210/1, 6.8.2008
Data Exchange
1st step: automated searching
7148/15 DAPIX 40
CRIMORG 25 ENFOPOL 61
PRÜM network for the supply of
Prüm National Contact Point for  Council Decision 2008/615/JHA,

personal data and specified
counter-terrorism
Article 16
information for the prevention of
OJ L 210/1, 6.8.2008
terrorist offences
Visa Information System / VIS
National Central Access points
Council Decision 2004/512/EC

OJ L 213/5, 15.6.2004
Council Decision 2008/633/JHA
OJ L 218/126, 13.8.2008
Declarations concerning Member States'
designated authorities and central access
point(s) for access to Visa Information
System data for consultation in
accordance with Article 3(2) and (3)
respectively of Council Decision
2008/633/JHA
OJ C 236/1, 14.8.2013

6704/16

GB/jg
19
ANNEX
DGD 1C
LIMITE
EN

OJ L 180/31, 29.6.2013
European Criminal Records
National Central Authority
Council Decision 2009/316//JHA
ECRIS - Non-binding Manual for
Practitioners
Information System / ECRIS
OJ L 93/33, 7.4.2009

available in e-format at
CIRCABC
https://circabc.europa.eu
Camden Assets Recovery Inter-
Asset Recovery Office (ARO)
Council Decision (2007/845/JHA) of 6

Agency Network (CARIN)
December 2007 concerning cooperation
between Asset Recovery Offices of the
Member States in the field of tracing and
identification of proceeds from, or other
property related to crime
OJ L 332/103, 18.12.2007
FIU.NET
Financial Intelligence Units
Council Decision (2000/642/JHA) of 17

(FIU)
October 2000 concerning arrangements
between financial intelligence units of the
Member States in respect of exchanging
information
OJ L 271/4, 24.1.2000

6704/16

GB/jg
21
ANNEX
DGD 1C
LIMITE
EN

CHECKLIST C: INFORMATION EXCHANGE FOR THE PURPOSE OF MAINTAINING PUBLIC ORDER AND SECURITY
Information system
National Access Point
Legal basis

Network of permanent contact points National Contact Points
Joint Action (97/339/JHA) of 26 May

concerning public order
1997 adopted by the Council on the basis
of Article K.3 of the Treaty on European
Union with regard to cooperation on law
and order and security, Article 3(b)
OJ L 147/1, 05.06.1997
PRÜM network for the supply of non- Prüm National Contact Point
Council Decision 2008/615/JHA,

personal and personal data for the
Article 15
/ Major events
OJ L 210/1, 6.8.2008
prevention of criminal offences and in
maintaining public order and security
National legislation
for major events with a cross-border
dimension

6704/16

GB/jg
22
ANNEX
DGD 1C
LIMITE
EN

National Football Info Points network National Football Info Points /
Council Decision (2002/348/JHA) of 25
Council Recommendation
April 2002 concerning security in
(2007/C 314/07) of 6
December 2007 concerning a
NFIP
connection with football matches with an
international dimension
Handbook for police and
OJ L 121/1, 8.5.2002
security authorities concerning
cooperation at major events
Council Decision (2007/412/JHA) of 12 with an international
June 2007 amending Decision
dimension
2002/348/JHA concerning security in
OJ C 314/4, 22.12.2007
connection with football matches with an
international dimension
Council Resolution 2006/C
OJ L 155/76, 15.6.2007
322/01 of 4 December 2006
concerning an updated
handbook with
recommendations for
international police
cooperation and measures to
prevent and control violence
and disturbances in connection
with football matches with an
international dimension, in
which at least one Member
State is involved (EU 2006/ C
322/01)
OJ C 322/1, 29.12.2006
Network for the protection of public
National access points
Council Decision 2009/796/JHA
Manual of the European
figures
of 4 June 2009 amending Decision
Network for the Protection of
2002/956/JHA setting up a European
Public Figures
Network for the Protection of Public
10478/13 ENFOPOL 173
Figures
OJ L 283/62, 30.10.2009

6704/16

GB/jg
23
ANNEX
DGD 1C
LIMITE
EN

Police and Customs Cooperation
PCCC
Bilateral agreements

Centres

6704/16

GB/jg
24
ANNEX
DGD 1C
LIMITE
EN

PART II - GENERAL INFORMATION

6704/16

GB/jg
25
ANNEX
DGD 1C
LIMITE
EN

link to page 26
1.
CHANNELS OF CONTACT1

1.1.  SPOC - Single Point of Contact
Numerous National Contact Points
Member States, as a requested as well as a requesting State, are coping with the increasing cross-
border information flow by improving the efficiency of operational structures and networks - at
both the national and European level.  Many of the EU legal instruments on cross-border law
enforcement cooperation call for the establishment of specific competent authorities / bodies /
bureaux or national contact points (NCP). Police, customs or other competent authorities authorised
by national law must exchange information with each other through these designated National
Contact Points (NCPs) which, within a given Member State, can be in different departments of the
police force or even different ministries. In order to provide an overview, lists of specific national
contact points for information exchange at EU level in the area of law enforcement related data
exchange are set out in Part III of this document and are regularly issued and updated by the GSC.
Principle of Availability - SFD
Exchange of law enforcement information and intelligence of cross-border relevance should comply
with the conditions which derive from the 'principle of availability' implemented by the 'Swedish
Framework Decision' (SFD). This means that:
•
a law enforcement officer in one Member State who needs information in order to carry
out his duties can obtain it from another Member State and that
•
the law enforcement authorities in the Member State that holds this information will
make it available for the declared purpose, taking account of the needs of investigations
pending in that Member State, and that
•
once police information is available in a Member State, it shall be shared across borders
under the same conditions which govern information sharing at national level, meaning
that the rules applied in a cross border case are not stricter than those applying to data
exchanges at national level ('principle of equivalent access').

1
National bodies involved in the exchange of law enforcement information.

6704/16

GB/jg
26
ANNEX
DGD 1C
LIMITE
EN

link to page 27 link to page 27
Single Point of Contact (SPOC)
The combination of the strict requirements of the Swedish Framework Decision and the existence of
different national strategies to manage the various information exchange initiatives requires a more
simple and uniform approach at the Member State level in order to ensure that all requests for
information between law enforcement agencies in the EU are dealt with effectively and efficiently.
The Council Conclusions on the European Information Exchange Model (EIXM)2, adopted in June
2013, recognised the potential of a single point of contact for information exchange within each
Member State to help streamline the process in an increasingly complex legal and operational
landscape.
The policy of effecting as much information exchange as possible through a single point of contact
has been implemented by nearly all Member States although the understanding of what defines a
SPOC seems to vary among the Member States. The SPOC guidelines3 indicate how SPOCs can be
structured to maximise the use of resources, avoid overlaps and make cooperation with other
Member States more efficient, expedient and transparent.
From these guidelines, Member States should select the solution appropriate for their situation in
view of the common and agreed aim of enhancing international cooperation, and consider
appropriate ways of informing other Member States about the solution selected with a view to the
exchange of best practices.
The SPOC ideally:
•
has access to the broadest range of relevant national, European and international law
enforcement databases in order to expeditiously manage direct information exchange between
the national competent authorities;
•
houses the national SIRENE, Europol and Interpol units;

2
Council Conclusions following the Commission Communication on the European
Information Exchange Model (EIXM), 9811/13 JAI 400 DAPIX 82 CRIMORG 76
ENFOCUSTOM 88 ENFOPOL 146, adopted on 6 June 2013.
3
'Draft Guidelines for a Single Point of Contact (SPOC) for international law enforcement
information exchange', 10492/14 DAPIX 75 ENFOPOL 157 and 10492/14 DAPIX 75
ENFOPOL 157 ADD 1 REV 1, adopted by the Council on 6 June 2014.

6704/16

GB/jg
27
ANNEX
DGD 1C
LIMITE
EN

•
houses the contact point for liaison officers, the contact points designated pursuant to the SFD
and the 'Prüm Decisions', and, if any, the contact points for regional and bilateral offices;
•
is set up in a secure working environment and sufficiently and adequately staffed, including
interpretation or translation capacities, to operate on a 24/7 basis. As far as possible, all staff
should be trained and equipped/mandated to deal with all kinds of tasks within the SPOC.
Where this is not possible, it should be ensured that all tasks can be dealt with through on-call
duty officers 24/7;
•
is a multi-agency organisation, composed of staff coming from/belonging to different services
and/or Ministries including criminal police, border guards, customs and judicial authorities.

6704/16

GB/jg
28
ANNEX
DGD 1C
LIMITE
EN

Typical Structure of a National SPOC (Single Point of Contact) office
The Central Unit for Police Operational Cooperation,
Platform for information exchange

The S.C.C.O.Pol is an inter-ministerial structure, composed of 67 policemen, gendarmes and
customs officers. The magistrates of the Office of International Cooperation on Criminal Matters
(B.E.P.I.) of the Ministry of Justice also operate, in the same premises, a basic service to validate
French requests for the issue of European arrest warrants and registration in the national wanted
persons file of requests for arrest and foreign red notices.
To ensure the necessary transversal nature of the three channels of cooperation, a central contact
point (C.C.P.) was designated at the S.C.C.O.Pol in August 2004. His/her main function is to assist
the French law enforcement services in choosing the best police cooperation tool depending on the
nature and complexity of the ongoing investigation. He/she checks the legality of the request,
performs the first cross-checks and redirects it towards the most appropriate channel of
cooperation considering the investigators' request. Only requests in relation to a Schengen alert are
within the exclusive competence of the S.I.R.E.N.E. France.
As the result of a successful pooling of resources, the S.C.C.O.Pol handles, on a 24-hour basis,
nearly 350 000 messages per year, on a single secure platform, with limited staff.
The multi-channel jurisdiction of the S.C.C.O.Pol allows it to ensure French representation within
European groups (SIS / VIS, SIS / SIRENE, heads of ENU) or Interpol groups (meeting of Interpol
contact officers, notices group), and to bring a relevant operational point of view to the DRI unit
responsible in France for monitoring the governance bodies of Interpol and Europol.

6704/16

GB/jg
29
ANNEX
DGD 1C
LIMITE
EN

link to page 30 link to page 30 link to page 30 link to page 30
1.2.  SIRENE bureaux
In each Member State, permanent SIRENE (Supplementary Information Request at the National Entry)
Bureaux are established as part of the Schengen acquis4 as the designated authority with central
responsibility for the national section of the Schengen Information System (SIS II). They are the
point of contact for SIRENE bureaux of other contracting parties and the liaison with national
authorities and agencies. On a 24/7 basis, the bureaux exchange data in relation to SIS II alerts5, an
alert being a set of data enabling authorities to identify persons or objects with a view to taking
appropriate action.
'Supplementary information' is defined as information not stored in SIS II, but connected to SIS II
alerts, which is to be exchanged:
(i)   in order to allow Member States to consult or inform each other when entering an alert;
(ii)   following a hit in order to allow the appropriate action to be taken;
(iii)  when the required action cannot be taken;
(iv)  when dealing with the quality of SIS II data;
(v)  when dealing with the compatibility and priority of alerts;
(vi)  when dealing with rights of access.
Information is to be exchanged in accordance with the provisions of the SIRENE Manual6 and
using the Communication Infrastructure. 7

4
See the Convention Implementing the Schengen Agreement, OJ L 239, 22.9.2000.
5
See Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use
of the second generation Schengen Information System (SIS II), OJ, L 205/63, 7.8.2007.
6
Commission Implementing Decision of 26 February 2013 on the Sirene Manual and other
implementing measures for the second generation Schengen Information System (SIS II)
(notified under document C(2013) 1043), OJ 71/1, 14.3.2013.
7
Due to the closure of the SISnet mail network, SIRENE Bureaux may now use the sTESTA
mail service. Other information exchanges may take place over the sTESTA network, SIENA
or I-24/7 communication channels.

6704/16

GB/jg
30
ANNEX
DGD 1C
LIMITE
EN

link to page 31
SIRENE bureaux facilitate co-operation on police matters and may also have a role in information
exchange outside the scope of SIS II pursuant to provisions previously covered by Articles 39 and
46 of the CISA which have been replaced by the 'Swedish Framework Decision'. According to
Article 12 (1) of the 'Swedish Framework Decision' the provisions of Article 39(1), (2) and (3) and
of Article 46 of the Convention Implementing the Schengen Agreement (CISA), in so far as they
relate to exchange of information and intelligence for the purpose of conducting investigations or
criminal intelligence operations as provided for by the Framework Decision, are replaced by the
provisions of the Framework Decision.
1.3.  EUROPOL National Unit (ENU)
Each MS has a designated Europol National Unit (ENU) which is the liaison body between Europol
and the competent national authorities. The ENUs' seconded liaison officers (LO) to Europol should
ensure a live 24/7 link between the Europol headquarters in The Hague and the ENUs in the 28
Member States. Europol also hosts LOs from 10 non-EU countries and organisations. The network
is supported by secure communication channels provided by Europol.
Europol8 supports the law enforcement authorities of the Member States in preventing and
combating organised crime, serious international crime and terrorism involving two or more
Member States. In order to collect, store, process and analyse personal data and exchange
information and intelligence, Europol is dependent on data input from Member States. The Council
Decision establishing Europol lays down their different information tasks and the rules on the use of
data and exchange of data with third parties on the basis of a robust data protection and security
regime.
1.4.  INTERPOL National Central Bureaux (NCB)
The National Central Bureaux (NCB) at the national police headquarters play a central role
concerning the processing of data in the Interpol Information System provided by their countries.
They are entitled to directly access the system, which includes:
•
the recording, updating and deletion of data directly in the organisation's police databases as
well as the creation of links between data;

8
Council Decision 2009/371/JHA of 6 April 2009 establishing the European Police Office
(Europol), OJ L 121/37, 15.5.2009. A new legal basis for Europol is under negotiation.

6704/16

GB/jg
31
ANNEX
DGD 1C
LIMITE
EN

link to page 32 link to page 32
•
direct consultation of these databases;
•
the use of Interpol's notices and circulars for the transmission of requests for cooperation and
international alerts.
NCBs can rapidly search and cross-check data with 24/7 direct access to databases containing information
on suspected terrorists, wanted persons, fingerprints, DNA profiles, lost or stolen travel documents,
stolen motor vehicles, stolen works of art, etc.
As far as possible, NCBs should allow the criminal investigation authorities of their countries
involved in international police cooperation to have access to the Interpol Information System.
NCBs control the level of access which other authorised users of their countries have to Interpol
services and can request to be informed of enquiries made to their national databases by other
countries.
1.5. Prüm National Contact Points
The 'Prüm Decisions'9 opened up a new cross-border dimension of crime fighting by providing for
mutual cross-border online access to designated national DNA databases, automated fingerprint
identification systems (AFIS) and vehicle registration databases (VRD). In order to supply data, a
specific National Contact Point (NCP) is designated for each type of data exchange in each
participating Member State10. Data protection and tailor-made data security provisions take
particular account of the specific nature of online access to these databases. The supply of personal
data requires an adequate level of data protection and security, mutually tested and agreed upon by
the Member States before launching data exchange.

9
Council Decision 2008/615/JHA of 23 June 2008 on the stepping up of cross-border
cooperation, particularly in combating terrorism and cross-border crime, OJ L 210/1,
6.8.2008; Council Decision 2008/616/JHA of 23 June 2008 on the implementation of
Decision 2008/615/JHA on the stepping up of cross-border cooperation, particularly in
combating terrorism and cross-border crime, OJ L 210/12, 6.8.2008.
10
5010/15 JAI 1 DAPIX 1 ENFOPOL 1 CRIMORG 1.

6704/16

GB/jg
32
ANNEX
DGD 1C
LIMITE
EN

1.5.1.  Prüm NCP – DNA and Fingerprints
In the case of DNA and fingerprint data, the automated comparison of biometric reference data is
based on a hit/no hit system. Reference data do not allow the data subject to be immediately
identified.  In the event of a hit, the NCP of the searching Member State may therefore request
additional specific personal data. The supply of such supplementary data has to be requested
through mutual assistance procedures, including those adopted pursuant to the 'Swedish Framework
Decision', and is governed by the national law, including the legal assistance rules, of the requested
Member State.
1.5.1.1.  Best Practice Guidelines for fingerprint searches
When utilising the Prüm automated fingerprints search facility, a requesting Member State should
follow the recommendations set out in the document Good Practices for consulting Member States'
databases (14885/1/08 REV1). It acknowledges the limited search capacities of dactyloscopic
databases and recommends that the following practices be promoted at operational level:
•
Whether or not to consult Member States' fingerprint databases, and the order in which such
searches are carried out and repeated, are investigative decisions taken on a case-by-case basis
and should not be systematically predetermined.
•
Other Member States’ fingerprint databases should in principle not be searched until the
requesting State's own fingerprint database(s) have been searched.
•
Whether to search one or more Member States' databases should take account especially of:
–
the seriousness of the case;
–
and/or existing lines of investigation, in particular information pointing in
the direction of a Member State or group of Member States;
–
and/or the specific requirements of the investigation.
•
General searches should only be undertaken where the good practice in points 1 to 3 has been
exhausted.

6704/16

GB/jg
33
ANNEX
DGD 1C
LIMITE
EN

Examples of automated data exchange under the Prüm Council Decisions
In 2011, genetic material was entered in the Czech national DNA database during the investigation
of a murder. The investigation was being conducted against a suspect who had fled abroad. The
genetic material was obtained from a cigarette butt in an ashtray in the apartment where the crime
was committed. By searching the Austrian DNA database in 2014, it was found that the same
profile had been processed in Austria. Further personal data was exchanged by the SPOCs of both
countries via police cooperation. Afterwards, the criminal justice department in Austria was
contacted and asked to surrender the suspect for criminal prosecution to the Czech Republic via
legal assistance in criminal matters.
In 2005, a DNA profile was entered in the Czech national DNA database during the investigation of
a robbery. A suspect was identified in 2014 after searching the Austrian DNA database. The
Austrian side was asked to supply a current photograph and other personal data via the SPOCs.
1.5.2. Prüm NCP - Vehicle Registration Data (VRD)
With regard to VRD, searches may be conducted with a full chassis number in one or all
participating Member States, or with a full registration number in one specific Member State.
Information will be exchanged by NCPs designated both for incoming and outgoing requests.
Member States give each other online access to national VRD for
(a) data relating to owners or operators, and
(b) data relating to vehicles.
Member States use a version of the European Vehicle and Driving Licence Information System
(EUCARIS) software application especially designed for Prüm purposes to conduct such searches.
VRD searches differ from DNA and fingerprint searches in that they return both personal and
reference data in the event of a hit. As with other automated searches it is understood that the
supply of personal data is subject to the appropriate level of data protection being applied by the
receiving Member States.

6704/16

GB/jg
34
ANNEX
DGD 1C
LIMITE
EN

1.5.3. Prüm NCP for the prevention of terrorism
On request or on their own initiative, designated NCPs may exchange information on persons
suspected of committing terrorist offences. The data shall comprise the surname, first names, date
and place of birth of the suspect and a description of the circumstances giving rise to the belief that
the data subject will commit criminal offences linked to terrorist activities.
The supplying Member State may, in compliance with national law, impose conditions on the use
made of such data and information by the receiving Member State, which is bound by any such
conditions.
1.5.4. Prüm NCP for major events
Member States hosting major events with an international dimension have to ensure the security of
the event both from a public order perspective and a counter-terrorism perspective. Depending on
the nature of the event (political, sporting, social, cultural or other), one perspective may be more
relevant than the other. However, both aspects need to be considered although possibly dealt with
by different authorities. Special attention is directed at the phenomenon of travelling violent
offenders (TVO), in particular with regard to international football matches.
For the purposes of preventing criminal offences and maintaining public order and security in
connection with major events and similar mass gatherings (of a political, sporting, social, cultural or
other nature), disasters and serious accidents with a cross-border impact, designated NCPs supply
each other, on request or on their own initiative, with
•
non-personal data, or
•
personal data, if any final convictions or other circumstances give reason to believe that
the data subjects will commit criminal offences at the events or pose a threat to public
order and security.
Personal data may be processed only for the above-mentioned purposes and for the specified events
for which they were supplied. The data supplied must be deleted without delay once these purposes
have been achieved, in any case after not more than one year. Information is supplied in compliance
with the supplying Member State's national law.

6704/16

GB/jg
35
ANNEX
DGD 1C
LIMITE
EN

link to page 36 link to page 36
1.5.4.1.  Handbook for cooperation on major events with an international dimension11
This handbook contains guidelines and suggestions for law enforcement authorities tasked with
ensuring public security at major events such as the Olympic Games or other major sporting events,
social events or high-level political meetings.
The Handbook, which is constantly amended and adjusted in accordance with the development of
best practices, contains guidance on information management and event management as well as on
event-related and strategic evaluation. Annexed standard forms concern:
•
requests for liaison officers;
•
risk analysis on potential demonstrators and other groupings;
•
exchange of information regarding individuals or groups posing a terrorist threat;
•
a list of reference documents;
•
a table containing permanent national contact points concerning public order.
1.6.  National (Police) Football Information Point (NFIP)12
Further to the Prüm NCP for major events and with particular regard to international football
matches, a National Football Information Point (NFIP) in each Member State is tasked with
exchanging relevant information and developing cross-border police cooperation. Tactical, strategic
and operational information can be used by the NFIP itself or is forwarded to the relevant
authorities or police services.
Contacts between the police services of the different countries involved in an event are coordinated
and, if necessary, organised by the NFIP. The CIV-based website for NFIPs (www.nfip.eu)
disseminates information and advice on available legal and other options concerning safety and
security in connection with football matches.

11  Council Recommendation 2007/C 314/02 of 6 December 2007 concerning a Handbook for
police and security authorities concerning cooperation at major events with an international
dimension, OJ C 314/4, 22.12.2007).
12  Council Decision 2002/348/JHA of 25 April 2002 concerning security in connection with
football matches with an international dimension, OJ L 121/1 8.5.2002.

6704/16

GB/jg
36
ANNEX
DGD 1C
LIMITE
EN

link to page 37 link to page 37

The NFIP coordinates the processing of information on high-risk supporters with a view to
preparing and taking the appropriate measures to maintain law and order when a football event
takes place. Such information includes, in particular, details of individuals actually or potentially
posing a threat to law and order and security. Information should be exchanged on the forms13
contained in the appendix to the Football Handbook.
1.6.1. The Football Handbook14
The Football Handbook is annexed to Council Resolution 2006/C 322/01 and provides examples of
how the police should cooperate at international level in order to prevent and control violence and
disturbances in connection with football matches. The content consists in particular of
recommendations concerning:
•
information management by police forces;
•
the organisation of cooperation between police forces;
•
a checklist for media policy and communication strategy (police/authorities).
1.7.  Police and Customs Cooperation Centres (PCCC)
PCCCs are established on the basis of bi- or multilateral agreements in accordance with
Article 39(4) of the Convention implementing the Schengen Agreement (CISA). In these
agreements, the contracting parties define the basis for their cross-border cooperation, including the
tasks, legal framework, and procedures for establishing and operating the centres. PCCCs bring
together staff from neighbouring countries and are closely linked to national bodies dealing with
international cooperation (NCPs, Interpol NCB, ENU, SIRENE Bureaux).

13  Council Decision 2007/412/JHA of 12 June 2007 amending Decision 2002/348/JHA
concerning security in connection with football matches with an international dimension, OJ
L 155/76, 15.6.2007.
14  Council Resolution 2006/C 322/01 of 4 December 2006 concerning an updated handbook
with recommendations for international police cooperation and measures to prevent and
control violence and disturbances in connection with football matches with an international
dimension, in which at least one Member State is involved, OJ C 322/1, 29.12.2006.

6704/16

GB/jg
37
ANNEX
DGD 1C
LIMITE
EN

PCCCs provide advice and non-operational support to the national operational police, customs and
other agencies in the border region where they are located. PCCC staff are tasked to rapidly provide
information requested in accordance with Council Decision 2006/960/JHA ('Swedish Framework
Decision').
Information exchange via PCCCs relates mainly to petty and moderately serious crime, illegal
migration flows and public order problems. Such information may include identification of drivers
or verification of the appropriateness and authenticity of ID and travel documents.
The contracting parties may jointly decide to transform a PCCC into a regional operational
coordination centre at the service of all the agencies concerned, in particular in the case of regional
incidents (natural catastrophes) or major events (Olympic Games, Football World Cup, etc.).
If a PCCC receives information within the national central unit's remit, that information must be
forwarded immediately to the SPOC/central unit. Should a PCCC receive information of obvious
interest for Europol, it may forward this information to the ENU located within the SPOC which
will relay it to Europol itself.

6704/16

GB/jg
38
ANNEX
DGD 1C
LIMITE
EN

Example of Information exchange through a PCCC
EPICC ('Euregio Police Information and Cooperation Centre') is the short name of PCCC Heerlen.
It was created ad hoc (no specific legal instrument) in 2005 at the initiative of 'NeBeDeAgPol', an
association of police chiefs in the Euregio Meuse-Rhine, situated in the border region between the
Netherlands, Belgium, and Germany - one of the most densely populated border areas in the European
Union.
In this PCCC, around thirty Belgian, German and Dutch police officers work together on one platform.
These agents have on-site access to most of the content of their respective country’s databases. This enables
them to provide - within a very short time  - accurate, complete and reliable answers to police requests for
information concerning BE, DE or NL. The information exchange between the three delegations of EPICC is
made via the Europol application 'SIENA'.
EPICC collects and analyses available police information in the border region in order to detect, describe
and follow border security problems (new phenomena or modi operandi, groups of criminals acting in the
border region, events or persons requiring particular attention, etc.).
Thanks to its special expertise and mixed composition, PCCC Heerlen can provide efficient support during
the preparation and execution of cross-border operations, investigations or surveillance measures.
1.8.  Liaison Officers
According to Article 47 of the Convention implementing the Schengen Agreement (CISA),
Member States 'may conclude bilateral agreements providing for the secondment, for a specified or
unspecified period, of liaison officers from one [Member] State to the police authorities of another
[Member] State'. The role of liaison officers is to establish and maintain direct contacts to further
and accelerate cooperation for the purpose of combating crime, particularly by providing assistance.
Liaison officers are not empowered to execute any police measures autonomously. They guarantee
fast and effective cooperation, based on personal contact and mutual trust, by:
•
facilitating and expediting the collection and exchange of information;

6704/16

GB/jg
39
ANNEX
DGD 1C
LIMITE
EN

link to page 40
•
executing requests for mutual police and judicial assistance in criminal matters;
•
organising and ensuring cross-border operations.
Liaison officers may be posted to other Member States, third countries or EU agencies or
international organisations. The Compendium15  on law enforcement liaison officers, updated
annually by the General Secretariat of the Council, explains the work and tasks of the liaison
officers and contains lists of liaison officers including contact details.
Based on past and on-going experiences in different host countries and with a view to achieving
greater pooling of Member States' activities vis-à vis third countries in terms of both the work of the
liaison officers and technical cooperation, some good practices have been identified, which are set
out in the Compendium. It is suggested that the Member States' liaison officers and their relevant
authorities apply these whenever appropriate.
Typical Examples of Information Exchange between Liaison Officers
•
Liaison Officers may be tasked with ensuring contact in order to establish direct cooperation
in specific cases such as drug related-crimes.
•
Liaison Officers can provide specific information on national rules and legislation regarding
international police cooperation or judicial assistance in criminal matters.
•
Liaison Officers, in some cases, maintain up-to-date lists of responsible authorities within
their Member State.
•
Liaison Officers have also been tasked in some MS with handling requests for cooperation
under Article 17 of the Prüm Decision (Joint Operations). For example, the Danish LO at
Europol was asked by the Czech Republic to forward a request to Denmark to assign 4 Danish
police officers to assist with a case involving both MS.

15  'Update of the Compendium on law enforcement liaison officers (2014)', 11996/14
ENFOPOL 221 JAIEX 55 COMIX 384.

6704/16

GB/jg
40
ANNEX
DGD 1C
LIMITE
EN

link to page 41 link to page 41 link to page 41
1.9.  Asset Recovery Offices (ARO) of the Member States
Financial crime covers a wide array of activities such as counterfeiting, corruption and fraud
(e.g. credit card fraud, mortgage, medical or securities fraud, bribery or embezzlement, money
laundering, identity theft and tax evasion). Improved cooperation is achieved through closer cross-
border collaboration between Asset Recovery Offices (ARO), Financial Intelligence Units (FIU)
and police and customs authorities.16
Following the adoption of Council Decision 2007/845/JHA of 6 December 2007 concerning
cooperation between Asset Recovery Offices of the Member States in the field of tracing and
identification of proceeds from, or other property related to, crime17, all Member States have since
established and designated asset recovery offices (AROs). These specialised units have evolved into
a close-knit network of specialists who can directly exchange information on matters pertaining to
the recovery of assets via the SIENA system. Under the auspices of the EU Commission and
Europol, the ARO Network facilitates cooperation between AROs of the Member States and the
strategic discussion and exchange of best practices. The Europol Criminal Assets Bureau (ECAB)
acts as a focal point for asset recovery within the EU.
The provisions laid down in Directive 2014/42/EU of the European Parliament and of the Council
of 3 April 2014 on the freezing and confiscation of instrumentalities and proceeds of crime in the
European Union18 will further enhance the effectiveness of cooperation between the asset recovery
offices within the European Union. Member States are called upon to transpose the Directive by
4 October 2016.

16  Manual of best practices in the fight against financial crime: A collection of good examples of
well-developed systems in the Member States to fight financial crime, 9741/13 JAI 393 COSI
59 CRIMORG 75 ENFOPOL 144.
17  Council Decision 2007/845/JHA of 6 December 2007 concerning cooperation between Asset
Recovery Offices of the Member States in the field of tracing and identification of proceeds
from, or other property related to, crime, OJ L 332/103, 18.12.2007.
18  Directive 2014/42/EU of the European Parliament and of the Council of 3 April 2014 on the
freezing and confiscation of instrumentalities and proceeds of crime in the European Union,
OJ L 127/39, 29.4.2014.

6704/16

GB/jg
41
ANNEX
DGD 1C
LIMITE
EN

link to page 42
The Camden Assets Recovery Inter-Agency Network (CARIN), established in 2004 to support
the cross-border identification, freezing, seizure and confiscation of property related to crime,
enhances the mutual exchange of information regarding different national approaches extending
beyond the EU.
As of 2015, the CARIN Network includes practitioners from 53 jurisdictions and 9 international
organisations which serve as contact points for the purpose of rapid cross-border exchange of
information, on request or spontaneously. National AROs cooperate among themselves or with
other authorities facilitating the tracing and identification of proceeds of crime. While all Member
States have established an ARO, major differences exist between the Member States in terms of
organisational setup, resources and activities.
Information exchanged may be used according to the data protection provisions of the receiving
Member States and is subject to the same data protection rules as if it had been collected in the
receiving Member State. Spontaneous information exchange in line with this Decision, applying the
procedures and time limits provided for in the Swedish Framework Decision, is to be promoted.
1.10. Money Laundering - Cooperation between Financial Intelligence Units (FIU)19
Relevant information on any fact which might be an indication of money laundering should be
collected, analysed and investigated by the national Financial Intelligence Units (FIUs). FIUs
analyse financial transactions on a case by case basis, following suspicious transaction reports.
FIUs serve as national contact points for the cross-border exchange of information. As with Asset
Recovery Agencies, they vary considerably between the Member States as to their organisational
setup, functions and resources. They are placed either under judicial authorities or within police
bodies or created as a 'hybrid', combining police and prosecutor competencies. This diversity may
sometimes lead to obstacles in international cooperation.
However, Member States should ensure where possible that FIUs are used to exchange any
available information related to money laundering and the natural or legal persons involved.

19
See Council Decision 2000/642/JHA of 17 October 2000 concerning arrangements between
financial intelligence units of the Member States in respect of exchanging information, OJ L
271/4, 24.1.2000.

6704/16

GB/jg
42
ANNEX
DGD 1C
LIMITE
EN

link to page 43
Member State requests for information to be exchanged via FIUs are subject to a number of rules
regarding the use of FIU information.
All 28 FIUs are connected to the FIU.NET, which is a decentralised computer network for the
exchange of information between FIUs. It has developed over recent years from a secure basic tool
for structured bilateral information exchange to a secure multifunctional tool for multilateral
information exchange, with case management features as well as semi-automated standardisation of
processes. In FIU.NET, each new feature and automated process is optional, with no strings
attached. The individual FIUs can decide which of the possibilities and features offered by
FIU.NET to use; they just use the features they feel comfortable with and exclude the ones they do
not need or want to use.
1.11. Naples II Convention20
Member States assist one another in the framework of the Naples II Convention in order to prevent
and detect infringements of national customs provisions and prosecute and punish infringements of
Community and national customs provisions. With regard to criminal investigations, the
Convention lays down procedures under which customs administrations may act jointly and
exchange data, spontaneously or on request, concerning illicit trafficking activities.
Requests are submitted in writing in an official language of the Member State of the requested
authority or in a language acceptable to that authority. A form sets out the standard for
communication of information. The authorities concerned communicate all information which may
assist in preventing, detecting and prosecuting infringements. They exchange personal data, i.e. all
information relating to a natural person who is identified or identifiable.
In order to provide the assistance required, the requested authority or the competent authority which
it has addressed shall proceed as though it were acting on its own account or at the request of
another authority in its own Member State.

20  Council Act of 18 December 1997 drawing up, on the basis of Article K.3 of the Treaty on
European Union, the Convention on mutual assistance and cooperation between customs
administrations, OJ C24/1, 23.01.1998.

6704/16

GB/jg
43
ANNEX
DGD 1C
LIMITE
EN

link to page 44
1.12. Choosing the channel – Commonly used criteria
In a Member State, the SPOC21 carries out a crucial role in determining the most appropriate and
relevant channel by gathering all requests (both incoming and outgoing) dealt with by the unit. In
the interests of efficiency, national authorities allow investigators considerable autonomy in
choosing the channel deemed most appropriate for investigation. The most commonly-used
communication channels are as follows:
•
SIRENE via the contact points of each Schengen State for SIS
•
EUROPOL via the Europol National Units / Europol Liaison Officers
•
INTERPOL via the National Central Bureaux at the National Police Headquarters
•
Liaison Officers
•
Mutual Assistance channels used between customs authorities (Naples II)
•
Bilateral channels based on cooperation agreements at national, regional and local level
(PCCCs)
The general rules provide that a request is sent through one channel only. However, in exceptional
cases, a request may be sent through different channels at the same time. In such cases this should
be clearly indicated to all parties in an appropriate manner. Similarly, a change of channel must be
communicated to all parties, along with the reason for the change.
In order to avoid thematic overlaps or situations where a request is unnecessarily sent more than
once through different channels, the relevant desk officer (SIS, Europol, Interpol, bilateral liaison
officer) in the requesting State may determine the most appropriate route for a request for
information on the basis of the following criteria:
•
geographical criteria, i.e. nationality/residence/origin of person or object concerned is
known and the request concerns the communication of details (address, phone number,
fingerprints, DNA, registration, etc.)
•
thematic criteria, i.e. organised crime, serious crime, terrorism;
confidentiality/sensitivity; channel used for previous related request

21  See SPOC Guidelines, 10492/14 DAPIX 75 ENFOPOL 157 and 10492/14 DAPIX 75
ENFOPOL 157 ADD 1 REV 1).

6704/16

GB/jg
44
ANNEX
DGD 1C
LIMITE
EN

•
technical criteria; i.e. the need for secure IT channels
•
urgency criteria, i.e. an immediate risk to a person's physical integrity, immediate loss
of evidence, request for urgent cross-border operations or surveillance

6704/16

GB/jg
45
ANNEX
DGD 1C
LIMITE
EN

link to page 46 link to page 46
2.
INFORMATION SYSTEMS
2.1.  The Schengen Information System – Second Generation (SIS II)22
On 9 April 2013, a second generation Schengen Information System ('SIS II') came into operation
in 24 EU Member States as well as in the four non-EU countries that are associated with Schengen
cooperation: Norway, Iceland, Switzerland and Liechtenstein. It supports operational cooperation
between police authorities and judicial authorities in criminal matters. As SIS is both a police
cooperation and border control system, designated police officers, border guards, customs officers,
and visa and judicial authorities throughout the Schengen area may consult the SIS. 23
SIS II data can be searched (subject to strict data protection rules) 24/7 via access points in SIRENE
bureaux, at border control points, within national territory and in consulates abroad. The database
registers data on both persons and objects and allows the exchange of data for the purposes of
crime prevention and combating irregular immigration. Through SIS online searches, the examining
officer rapidly establishes, on a 'hit/no hit'-basis, whether a person being checked is mentioned in
the database or not.
Data are referred to as alerts, an alert being a set of data enabling authorities to identify persons or
objects with a view to taking appropriate action:

Alerts on persons, targeting both EU citizens and non-EU citizens. These facilitate

measures such as:
–
arrest for surrender purposes on the basis of either the European Arrest Warrant or
agreements concluded between the EU and third countries, or for extradition purposes;
–
search for the whereabouts of missing persons;
–
summons to appear before a court of justice in the context of a penal procedure or of the
execution of a sentence involving deprivation of liberty;

22  See Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use
of the second generation Schengen Information System (SIS II), OJ, L 205/63, 7.8.2007.
23  A list of the national competent authorities which have the right to access alerts is published
annually in the Official Journal of the European Union.

6704/16

GB/jg
46
ANNEX
DGD 1C
LIMITE
EN

link to page 47
–
discreet watch and specific checks with a view to repression of penal offences,
prevention of threats to public security or prevention of threats to national security;
–
refusal of entry into the Schengen territory for nationals or aliens as a result of an
administrative or judicial decision or on grounds of threat to public order or to national
safety and security, or on grounds of non-observance of national regulations for entry
and abode of foreigners.
SIS II alerts on objects are entered for discreet or specific checks, for the purpose of seizure, use as
evidence in criminal proceedings or surveillance. These alerts can relate to:
–
vehicles, boats aircrafts, containers
–
firearms
–
stolen documents
–
banknotes
–
stolen property such as art objects, boats, ships.
Specifically authorised Europol staff have the right, within the scope of their mandate, to access and
search directly data entered into SIS II and may request further information from the Member State
concerned.
The national members of Eurojust and their assistants have the right, within the scope of their
mandate, to access and search data entered into SIS II.
2.2.  EIS – The Europol Information System24
The Europol Information System (EIS) is a centralised system hosted by Europol which allows
Member States and Europol’s Cooperation Partners to store, share and cross-check data related to
suspects, convicts or ‘potential future criminals’ involved in crimes falling within Europol’s
mandate (serious crime, organised crime or terrorism). It allows storage of the entire range of data
and evidence related to those crimes/persons e.g. persons with aliases, companies, telephone
numbers, email addresses, vehicles, firearms, DNA, photo, fingerprints, bombs etc.

24
See Council Decision 2009/371/JHA of 6 April 2009 establishing the European Police
Office (Europol), Articles 11 to 13, OJ L 121/37, 15.5.2009.

6704/16

GB/jg
47
ANNEX
DGD 1C
LIMITE
EN

The EIS is de facto a reference system which helps to identify whether or not information searched
for is available in one of the EU Member States, from Cooperation Partners or at Europol. It is
directly available in all Member States and to duly authorised Europol staff. Its Hit/No Hit version
can be extended to designated competent authorities in Member States. Details on the use of the EIS
are set out in Article 13 of the Europol Council Decision. The different categories of data of the EIS
are specified in Article 12. The rules on the use of data and on the time limits for the storage and
deletion of data are provided by Articles 19 and 20 respectively.
The vast majority of data in the Europol Information System (EIS) is entered by means of
automated data loading systems. Data loaders enable semi-automated insertion of mass data from
the national system to the EIS. The data collection approach by Member States has changed, with
the focus on transmitting data shifting to entities that can be cross-matched such as persons, cars,
telephone numbers and firearms.
The EIS, which allows the sharing of highly sensitive information, has a robust security system.
Security is ensured, for instance, by the specific handling codes. They indicate what can be done
with the given information and who has access to it. The handling codes are designed to protect the
information source and ensure the security of the information as well as its safe and appropriate
processing, in accordance with the wishes of the owner of the information and in accordance with
the national law of the MS. The EIS is accredited for the processing of data up to and including EU
RESTRICTED.

6704/16

GB/jg
48
ANNEX
DGD 1C
LIMITE
EN

2.3.  SIENA - Europol’s Secure Information Exchange Network Application
SIENA is Europol's secure communication system used by Member States, Europol and its
cooperation partners to exchange operational and strategic crime-related information and
intelligence. SIENA is a messaging system, including a case management system with specific
types of messages to support the secure exchange of personal operational data, including data
exchange in accordance with the 'Swedish Framework Decision'.
In the design and functioning of SIENA high emphasis was placed on security, data protection and
confidentiality. All necessary measures have been taken to enable the secure exchange of EU
RESTRICTED information. Data exchange viaSIENA has clear data processing responsibilities.
For each SIENA message sent out, the confidentiality level, handling codes and reliability of the
source and information must be indicated.
The SIENA user interface is multilingual, enabling the SIENA operators to work in their own
national language(s). In addition, SIENA operators can perform searches and create statistical
reports on the data exchanged via SIENA.
SIENA supports bilateral data exchange and allows Member States to exchange data outside of the
Europol mandate. However, when addressing one of Europol’s cooperation partners in the data
exchange, Member States will be notified via SIENA that this exchange should only take place if it
concerns crimes within Europol’s mandate. Europol will only handle the information for
operational data processing purposes if Europol has been included as an addressee in the data
exchange. For auditing purposes, all data exchanged via SIENA is available to the Europol Data
Protection Officer and the national supervisory bodies.
As from May 2014, SIENA supports the structured data exchange based upon the Universal
Message Format (UMF). The exchange of all UMF entities is supported by SIENA but currently
only the data of the UMF entity PERSON is visible in the SIENA message itself – all other UMF
entities are visible in the attachment(s).
SIENA aims to become interoperable with Europol other systems such as the Europol Information
System (EIS), the Europol Analysis System (EAS), the Unified Search System (USE).

6704/16

GB/jg
49
ANNEX
DGD 1C
LIMITE
EN

A growing number of Member States is showing interest in connecting their national case
management system (CMS) to SIENA. The simplified SIENA web service implementation enables
Member States to register all in- and outgoing SIENA messages automatically in their national
CMS. The enhanced SIENA web service implementation also allows the SIENA operator to
exchange SIENA messages directly from their national CMS.
At the end of 2014, SIENA included 4 663 users from the Member States (ENU, LB and national
designated competent authorities (DCA)), Operational Third Parties (NCP, LB and DCA), Strategic
Third Parties (NCP and LB) and Europol. More than 500 DCAs are connected to SIENA. Based on
the 2014 SIENA statistical figures, around 50 500 SIENA messages are exchanged each month
2.4.  I-24/7 - Interpol's global police communications system
The I-24/7 global network for the exchange of police information connects the Interpol General
Secretariat in Lyon, France, the National Central Bureaux (NCB) in 190 countries and regional offices.
The Interpol Information System enables direct message communication between NCBs. All
Interpol databases (except the database of child sexual exploitation images) are accessible in real
time via the I-24/7 global police communications system. The I-24/7 system also enables Member
countries to access one another's national databases using a business-to- business (B2B) connection.
Member countries manage and maintain their own national criminal data and control its submission, access by
other countries and the destruction of data in accordance with their national laws. They also have the
option to make it accessible to the international law enforcement community through I-24/7.
2.4.1 Interpol: DNA Gateway
The Interpol DNA database includes an international DNA database, an international search request
form for bilateral exchange and a means for secure standardised electronic transfer. No nominal
data are kept that link a DNA profile to any individual. The DNA Gateway is compatible with Prüm
automated data exchange.
Member countries can access the database and, upon request, access can be extended beyond the
member countries’ National Central Bureaux to forensic centres and laboratories. Police in member
countries can submit a DNA profile from offenders, crime scenes, missing persons and unidentified
bodies.

6704/16

GB/jg
50
ANNEX
DGD 1C
LIMITE
EN

link to page 51

2.4.2 Interpol Fingerprint Database
Authorised users in member countries can view, submit and cross-check records via an automatic
fingerprint identification system (AFIS). Records are saved and exchanged in the format defined by
the National Institute of Standards and Technology (NIST). The Guidelines concerning Fingerprints
Transmission and the Guidelines concerning transmission of Fingerprint Crime Scene Marks assist
Member Countries in improving the quality and quantity of fingerprint records submitted to the
Interpol AFIS.
2.4.3 Interpol Stolen and Lost Travel Documents database
Interpol’s Stolen and Lost Travel Documents database holds information on more than 45 million
travel documents reported lost or stolen by 166 countries. This database enables Interpol NCBs and
other authorised law enforcement bodies (such as immigration and border control officers) to
ascertain the validity of a suspect travel document. For the purpose of preventing and combating
serious and organised crime, Member States' competent law enforcement authorities exchange
passport data with Interpol.25
2.4.4 Firearms Reference Table
The INTERPOL Firearms Reference Table allows investigators to properly identify a firearm used
in a crime (its make, model, calibre, etc.). It contains more than 250 000 firearms references and
57 000 high-quality images. The INTERPOL Ballistic Information Network is a platform for the
large-scale international sharing and comparison of ballistics data, and has more than 150 000
records.
The Interpol Illicit Firearms Records and Tracing Management System (iARMS) is an information
technology application which facilitates information exchange and cooperation between law
enforcement agencies on firearms-related crime.

25 Council Common Position 2005/69/JHA on exchanging certain data with Interpol, OJ L
27/61, 27.1.2005.

6704/16

GB/jg
51
ANNEX
DGD 1C
LIMITE
EN

link to page 52 link to page 52
2.5.  ECRIS26
The IT-based European Criminal Records Information System (ECRIS) 27 provides the electronic
means for conviction information to be exchanged between Member States in a standardised format.
ECRIS is used to notify MS about convictions of their nationals and to send requests for conviction
information for the purpose of criminal proceedings and other purposes, such as administrative or
employment purposes. It is also possible to make requests for third-country nationals, if there is
reason to believe that the Member State requested holds information on that person.
ECRIS requests have to be replied to within 10 working days, if the request is for either criminal
proceedings or employment purposes, and within 20 working days if the request has originated
from an individual for his own information.
ECRIS is not designed to establish any centralised criminal record database and is based on a
decentralised IT architecture whereby all criminal records are solely stored in databases operated by
Member States. The data is exchanged electronically between the designated Central Authorities of
the Member States.
The information is to be transmitted by Member States in accordance with agreed rules and
standardised formats, and must be as complete as possible so as to allow the receiving Member
State to process the information properly and identify the person. Messages are sent in the official
languages of the Member States concerned or in another language accepted by both Member States.
A Non-Binding Manual for Practitioners setting out the procedures for information exchange and
coordinating their action for the development and operation of ECRIS is published by the Council
General Secretariat and is available in electronic format on the website of the Council and at the
European Commission-hosted website CIRCABC at https://circabc.europa.eu. Requests for access
to the manual should be sent to the Council Secretariat. Requests for access to the restricted Interest
Group 'ECRIS Business and Technical Support' should be sent to the European Commission.

26  Council Framework Decision 2009/315/JHA of 26 February 2009 on the organisation and
content of the exchange of information extracted from the criminal record between Member
States, OJ L 93/23, 7.4.2009.
27  Council Decision 2009/316/JHA on the establishment of the European Criminal Records
Information System (ECRIS) in application of Article 11 of Council Framework Decision
2009/315/JHA, OJ L 93/33, 7.4.2009.

6704/16

GB/jg
52
ANNEX
DGD 1C
LIMITE
EN

link to page 53 link to page 53 link to page 53 link to page 53
2.6.  Visa Information System (VIS)28
The Visa Information System (VIS) is principally an immigration control system. It is a tool used to
facilitate cooperation at the border control level through electronic verification and exchange of visa
data between Member States at EU external borders. As such, it targets foreign nationals.
Member States' designated authorities (i.e. consular posts, border checkpoints, police and
immigration authorities)29 and Europol30, within the framework of its tasks, are allowed to consult
the VIS31 for the purposes of the prevention, detection and investigation of:
•
terrorist offences, i.e. those offences under national law which correspond or are
equivalent to the offences in Articles 1 to 4 of Council Framework Decision
2002/475/JHA of 13 June on combating terrorism, and of
•
serious criminal offences, i.e. the forms of crime which correspond or are equivalent to
those referred to in Article 2(2) of Framework Decision 2002/584/JHA ('European
Arrest Warrant').
In accordance with the SFD, information contained in the VIS can be provided to UK and IE by the
competent authorities of the Member States whose designated authorities have access to the VIS, and
information held in the national visa registers of UK and IE can be transmitted to the competent law
enforcement authorities of the other Member States.

28  Council Decision of 8 June 2004 establishing the Visa Information System (VIS)
(2004/512/EC), OJ L 213/5, 15.6.2004.
29  Declarations concerning Member States' designated authorities and central access point(s) for
access to Visa Information System data for consultation in accordance with Article 3(2) and
(3) respectively of Council Decisions 2008/633/JHA , OJ C 236/1, 14.8.2013.
30  Council Decision 2008/633/JHA concerning access for consultation of the Visa Information
System (VIS) by designated authorities of Member States and by Europol for the purposes of
the prevention, detection and investigation of terrorist offences and other serious criminal
offences, OJ L 218/129, 13.8.2008; Council Decision fixing the date of effect of Decision
2008/633/JHA concerning access for consultation of the Visa Information System (VIS) by
designated authorities of Member States and by Europol for the purposes of the prevention,
detection and investigation of terrorist offences and of other serious criminal offences
(2013/392/EU), OJ L 198/45, 23.7.2013.
31  On 16 April 2015, the European Court of Justice annulled Council Decision 2013/392/EU of
22 July 2013 fixing the date of effect of Decision 2008/633/JHA concerning access for
consultation of the Visa Information System (VIS) by designated authorities of Member
States and by Europol for the purposes of the prevention, detection and investigation of
terrorist offences and other serious criminal offences. However, the Court declared that the
effects of Decision 2013/392 were to be maintained until the entry into force of a new act
intended to replace it.

6704/16

GB/jg
53
ANNEX
DGD 1C
LIMITE
EN

link to page 54 link to page 54
The VIS is based on a centralised architecture and a common platform with SIS II. VIS data is
processed in two steps. In the first step, data comprises alphanumeric data and photographs. In the
second step, biometric data and scanned documents are processed and entered in the VIS. The VIS
includes data on visa applications, photographs, fingerprints, related decisions of visa authorities
and links between related applications. The VIS uses a biometric matching system to ensure reliable
fingerprint comparisons for the purpose of either:
•
verification, i.e. a check whether fingerprints scanned at the border crossing point
correspond to those associated with the biometric record attached to the visa, or
•
identification, i.e. a comparison of the fingerprints taken at the border crossing post with
the contents of the entire database.
Technically speaking, the VIS consists of three levels, namely the central, national and local level,
the latter including consular posts, border crossing points, and immigration and police authorities.
VIS and SIS II share the same technical platform so that access to the data by the officers of both
systems will be reciprocal, i.e. VIS officers can access data in the SIS II and vice versa.
2.7. Eurodac3233
The European Automated Fingerprint Identification System (Eurodac) originally assists in
determining the Member State responsible for examining applications for asylum lodged in one of
the Member States, and otherwise in facilitating the application of the Dublin Convention. Access
to Eurodac for the purposes of preventing, detecting or investigating terrorist offences or other
serious criminal offences is given only in well-defined cases.

32
Council Regulation (EC) No 2725/2000 of 11 December 2000 concerning the establishment
of 'Eurodac' for the comparison of fingerprints for the effective application of the Dublin
Convention, OJ L 316/1, 15.12.2000.
33
Regulation (EU) No 603/2013 of the European Parliament and of the Council of 26 June 2013
on the establishment of 'Eurodac' for the comparison of fingerprints for the effective
application of Regulation (EU) No 604/2013 establishing the criteria and mechanisms for
determining the Member State responsible for examining an application for international
protection lodged in one of the Member States by a third-country national or a stateless person
and on requests for the comparison with Eurodac data by Member States' law enforcement
authorities and Europol for law enforcement purposes, and amending Regulation (EU) No
1077/2011 establishing a European Agency for the operational management of large-scale IT
systems in the area of freedom, security and justice (recast).

6704/16

GB/jg
54
ANNEX
DGD 1C
LIMITE
EN

link to page 55

The Eurodac Regulation 603/2013 lays down rules on the transmission of fingerprint data to the
Central Unit, the recording of this data and other relevant data in the relevant central database,
storage of the data, its comparison with other fingerprint data, transmission of the results of this
comparison and the blocking and erasure of recorded data.
The Eurodac system architecture consists of (a) a computerised central fingerprint database
('Central System') composed of a Central Unit and a Business Continuity Plan and System, and (b) a
communication infrastructure between the Central System and Member States that provides an
encrypted virtual network dedicated to Eurodac data ('Communication Infrastructure').
Each Member State has a single National Access Point.
The Agency established by Regulation (EU) 1077/201134 ('eu-LISA') is responsible for the
operational management of Eurodac, and shall ensure, in cooperation with the Member States, that
at all times the best available and most secure technology and techniques, subject to a cost-benefit
analysis, are used for the Central System.
Any Member State may transmit fingerprints to the Central Unit with a view to checking whether
an alien of at least 14 years of age found illegally present in its territory has already lodged an
application for asylum in another Member State. The Central Unit compares these fingerprints with
fingerprint data transmitted by other Member States and already stored in the central database. The
Unit informs the Member State that has transmitted the data as to whether there is a 'hit', i.e. the
result of the comparison between fingerprints recorded and transmitted. This Member State checks
the result and proceeds to the final identification in cooperation with the Member States concerned.
Member States have to ensure the lawfulness, accuracy and security of Eurodac data. Any person
who, or Member State which, has suffered damage as a result of non-compliance with Eurodac
provisions is entitled to receive compensation from the Member State responsible for the damage
suffered.

34   Regulation (EU) No 1077/2011 of the European Parliament and of the Council of 25
October 2011 establishing a European Agency for the operational management of
large-scale IT systems in the area of freedom, security and justice, OJ L 286/1,
1.11.2011.

6704/16

GB/jg
55
ANNEX
DGD 1C
LIMITE
EN

Regulation (EU) No 603/2013 provides for access to Eurodac data by Member States' designated
authorities and by Europol for law enforcement purposes. According to the Regulation, designated
authorities may submit a reasoned electronic request for the comparison of fingerprint data with the
data stored in the Central System only if comparisons with the following databases did not lead to
the establishment of the identity of the data subject:
–
National fingerprint databases.
–
The automated fingerprinting identification systems (AFIS) of all other Member States under
Decision 2008/615/JHA ('Prüm Decisions') where comparisons are technically available,
unless there are reasonable grounds to believe that a comparison with such systems would not
lead to the establishment of the identity of the data subject. Such reasonable grounds shall be
included in the reasoned electronic request for comparison with Eurodac data sent by the
designated authority to the verifying authority.
–
The Visa Information System (VIS), provided that the conditions for such a comparison laid
down in Decision 2008/633/JHA are met.
The following cumulative conditions must also be met:
a)  The comparison is necessary for the purpose of the prevention, detection or investigation of
terrorist offences or of other serious criminal offences, which means that there is an
overriding public security concern which makes the searching of the database proportionate.
b)  The comparison is necessary in a specific case (i.e. systematic comparisons shall not be
carried out).
c)  There are reasonable grounds to consider that the comparison will substantially contribute to
the prevention, detection or investigation of any of the criminal offences in question. Such
reasonable grounds exist in particular where there is a substantiated suspicion that the suspect,
perpetrator or victim of a terrorist offence or other serious criminal offence falls in a category
covered by this Regulation.

6704/16

GB/jg
56
ANNEX
DGD 1C
LIMITE
EN

link to page 57 link to page 57 link to page 57
2.8.  CIS – Customs Information System35
The Customs Information System complements the Naples II Convention36. The system aims at
enhancing Member States' customs administration through rapid information exchange with a view
to preventing, investigating and prosecuting serious violations of national and Community law. The
CIS also establishes a customs file identification database (FIDE) to assist customs investigations.
The CIS, managed by the Commission, is a centralised information system accessible via terminals
in each Member State and at the Commission, Europol and Eurojust. National customs, taxation,
agricultural, public health and police authorities, Europol and Eurojust may access CIS data. Only
the authorities designated by the Member States 37and the Commission have direct access to the
data contained in the CIS. In order to enhance complementarity, Europol and Eurojust have read-
only access to the CIS and to FIDE.
The CIS comprises personal data with reference to commodities, means of transport, business,
persons and goods and cash retained, seized or confiscated. Personal data may only be copied from
CIS to other data-processing systems for risk management or operational analyses, which only the
analysts designated by the Member States may access.
FIDE enables national authorities responsible for conducting customs investigations, when they
open an investigation file, to identify other authorities that may have investigated a given person or
business.

35
Council Decisions 2009/917/JHA of 30 November 2009 on the use of information
technology for customs purposes, OJ L 323/20, 10.12.2009.
36
Convention drawn up on the basis of Article K.3 of the Treaty on European Union, on
mutual assistance and cooperation between customs administrations, OJ C 24/2, 23.1.1998.
37  Implementation of Article 7(2) and Article 8(3) of Council Decision 2009/917/JHA of 30
November 2009 on the use of information technology for customs purposes - updated lists of
competent authorities, 13394/11 ENFOCUSTOM 85.

6704/16

GB/jg
57
ANNEX
DGD 1C
LIMITE
EN

link to page 58
2.9.  False and Authentic Documents Online - FADO38
A computerised image archiving system comprising false and authentic documents and based on
internet technology enables fast and secure information exchange between the General Secretariat
of the Council of the European Union and document checkers in all Member States, as well as in
Iceland, Norway and in Switzerland. The system enables an on-screen comparison between the
original and a false or forged document. Primarily, it contains documents of the Member States as
well as documents of third countries from where there are regular immigration flows to the Member
States. The database established by FADO includes the following data:
•
images of genuine documents
•
information on security techniques (security features)
•
images of typical false and forged documents
•
information on forgery techniques, and
•
statistics on detected false and falsified documents and identity fraud
The system uses special data lines between the General Secretariat of the Council and the central
services located in the Member States. Within each Member State, the system is read through a
secure internet connection from a central service. A Member State may use the system internally on
its own territory, which means connecting different stations at its various border control posts or
other competent authorities. However, there is no direct link between a workstation, other than the
national central service, and the central point in the General Secretariat.
FADO is currently available in 22 official languages of the European Union. Documents are
introduced by document experts in any of the languages and the standardised descriptions are
translated automatically. Accordingly, documents are immediately available in all supported
languages. Additional free text information contained is translated subsequently by specialised
linguists in the General Secretariat of the Council.

38  Joint Action (98/700/JHA) of 3 December 1998 adopted by the Council on the basis of Article
K.3 of the Treaty on European Union concerning the setting up of a European Image
Archiving System (FADO), OJ L 333/4, 9.12.1998.

6704/16

GB/jg
58
ANNEX
DGD 1C
LIMITE
EN

link to page 59
2.10. Public Register of Authentic Travel and Identity Documents Online - PRADO
While access to FADO is restricted to document checkers and for governmental use, the Council of
the European Union Public Register of Authentic Travel and Identity Documents Online (PRADO)
contains a subset of FADO information made available to the general public. The website39 is
published in the official languages of the EU by the General Secretariat of the Council of the
European Union for transparency reasons and provides an important service to many users in
Europe, especially to non-governmental organisations with a need or legal obligation to check
identities.
The website contains technical descriptions, including information on security features, of authentic
identity and travel documents. The information is selected and provided by document experts in the
Member States, Iceland, Norway and Switzerland.
In PRADO, users can also find links to websites with information on invalid document numbers
provided by some Member States as well as third countries and other useful information related to
identity and document checking and fraud.

39
http://www.prado.consilium.europa.eu/

6704/16

GB/jg
59
ANNEX
DGD 1C
LIMITE
EN

2.11. Summary Overview of Information Systems used for EU Information Exchange
IT Systems &
Legal basis
Purpose
Data Subjects
Data sharing
Databases
Second
Council Decision 2007/533/JHA of 12 June
•  Internal security
•  EU citizens
• VIS
Generation
2007 on the establishment, operation and use of  •  Border control
•  Third-country nationals
• Europol
Schengen
the second generation Schengen Information
•  Judicial cooperation

• Eurojust
Information
System (SIS II)
•  Investigation of crime
• Interpol
System -

OJ L 205/63, 7.8.2007
SIS II
Regulation (EC) No 1987/2006 of the European  •  Refusing entry or stay
•  Third-country nationals not

Parliament and of the Council of 20 December
enjoying rights of free movement
2006 on the establishment, operation and use of  •  Asylum, immigration and
equivalent to those of EU citizens
the second generation Schengen Information
return policies

System (SIS II)
OJ L 381/4, 23.12.2006
Europol
Council Decision 2009/371/JHA of 6 April  • Serious crime
• EU citizens
• SIS II
2009 establishing the European Police
• Immigration
• Third-country nationals
EIS
Office (Europol), Articles 11 to 13
• Internal security
• Counterterrorism
OJ L 121/37, 15.5.2009
Interpol
Interpol Constitution

• EU citizens
• SIS II
• Third-country nationals
• Europol
I-24/7

• VIS

6704/16

GB/jg
60
ANNEX
DGD 1C
LIMITE
EN

Interpol
Council Common Position 2005/69/JHA on
• International and organised
• EU citizens

exchanging certain data with Interpol
crime
• Third-country nationals
Lost/Stolen
• Internal security

Travel
OJ L 27/61, 27.1.2005

Documents
(LSTD)

ECRIS
Council Decision 2009/316/JHA on the
Criminal proceedings
• EU citizens

establishment of the European Criminal Records
• Third-country nationals

Information System (ECRIS) in application of

Article 11 of Framework Decision
2009/315/JHA
OJ L 93/33, 7.4.2009
VIS
Council Decision of 8 June 2004
• Serious crime
• Third-country nationals
• SIS II
• Internal security
• Europol
establishing the Visa Information System

• Counterterrorism
• Interpol
(VIS) (2004/512/EC),

OJ L 213/5,15.6.2004
Council Decision 2008/633/JHA concerning
access for consultation of the Visa
Information System (VIS) by designated
authorities of Member States and by
Europol for the purposes of the prevention,
detection and investigation of terrorist
offences and other serious criminal
offences,
OJ L 218/129, 13.8.2008

6704/16

GB/jg
61
ANNEX
DGD 1C
LIMITE
EN

Council Decision fixing the date of effect of
Decision 2008/633/JHA concerning access
for consultation of the Visa Information
System (VIS) by designated authorities of
Member States and by Europol for the
purposes of the prevention, detection and
investigation of terrorist offences and of
other serious criminal offences,
(2013/392/EU),
OJ L 198/45, 23.7.2013

6704/16

GB/jg
62
ANNEX
DGD 1C
LIMITE
EN

Eurodac
Regulation (EU) No 603/2013 of the
• Immigration
• Third-country nationals
Europol
European Parliament and of the Council of  • Serious crime

26 June 2013 on the establishment of
• Internal security
'Eurodac' for the comparison of fingerprints  • Counterterrorism
for the effective application of Regulation

(EU) No 604/2013 establishing the criteria
and mechanisms for determining the
Member State responsible for examining an
application for international protection
lodged in one of the Member States by a
third-country national or a stateless person
and on requests for the comparison with
Eurodac data by Member States' law
enforcement authorities and Europol for law
enforcement purposes, and amending
Regulation (EU) No 1077/2011 establishing
a European Agency for the operational
management of large-scale IT systems in
the area of freedom, security and justice
(recast)
OJ L 180/1, 29.06.2013
Regulation (EU) No 604/2013 of the
European Parliament and of the Council of
26 June 2013 establishing the criteria and
mechanisms for determining the Member
State responsible for examining an
application for international protection
lodged in one of the Member States by a
third-country national or a stateless person
OJ L 180/31, 29.6.2013

6704/16

GB/jg
63
ANNEX
DGD 1C
LIMITE
EN

CIS -
Council Decision 2009/917/JHA of 30
• Fight against illicit trafficking  • European citizens
Europol
November 2009 on the use of information
• Third-country nationals
technology for customs purposes
OJ L 323/20, 10.12.2009
FADO
Joint Action (98/700/JHA) of 3 December
• Fight against false documents  • European citizens

1998 adopted by the Council on the basis of  • Immigration policy
• Third-country nationals

Article K.3 of the Treaty on European
• Police cooperation
Union concerning the setting up of a

European Image Archiving System (FADO)

OJ L 333/4, 9.12.1998

6704/16

GB/jg
64
ANNEX
DGD 1C
LIMITE
EN

link to page 65 link to page 65 link to page 65
3.
LEGISLATION – THE LEGAL CONTEXT, RULES AND GUIDELINES
RELATED TO THE MAIN COMMUNICATION METHODS AND SYSTEMS
3.1.  The 'Swedish Framework Decision' (SFD)40
As a development of the Schengen Acquis, Council Framework Decision 2006/960/JHA ('Swedish
Framework Decision' - SFD) sets out, in particular, the rules regarding time limits and standard
forms for cross-border information exchange41, on prior request or spontaneously, between the
designated competent law enforcement authorities of the Member States for the purpose of:
•
preventing, detecting and investigating offences or criminal activities which correspond to or
are equivalent to those referred to in the European arrest warrant42, or
•
preventing an immediate and serious threat to public security.
The designated authorities are obliged to reply within at most eight hours in urgent cases, as long as
the requested information or intelligence is directly accessible to law enforcement authorities.
Information may not be provided if:
•
national security is at stake,
•
current investigations may be jeopardised,
•
the request pertains to an offence punishable by a term of imprisonment of one year or less
under the law of the requested Member State,
•
the competent judicial authority withholds access to the information.
The terms 'information and/or intelligence' cover the following two categories:
–
any type of information or data which is held by law enforcement authorities
–
any type of information or data which is held by public authorities or by private entities and
which is available to law enforcement authorities without the taking of coercive measures

40
Council Framework Decision 2006/960/JHA of 18 December 2006 on simplifying the
exchange of information and intelligence between law enforcement authorities of the
Member States of the European Union, OJ L 386/89, 29.12.2006, corrected by
Corrigendum, OJ L 75/26, 15.3.2007.
41
See infra Figure 1.
42
See 8216/2/08 REV2 Final version of the European handbook on how to issue a European
Arrest Warrant. Article 2 of Council Framework Decision 2002/584/JHA on the European
Arrest Warrant sets out the scope of the EAW.

6704/16

GB/jg
65
ANNEX
DGD 1C
LIMITE
EN

link to page 66
The content of these categories depends on national legislation. The type of information available
from each Member State is set out in the national sheets attached to this manual.
Data is to be shared with Europol insofar as the information or intelligence exchanged refers to an
offence or criminal activity within the Europol mandate. Information and intelligence will be
processed in accordance with the relevant Europol handling codes. SIENA, (Europol's Secure
Information Exchange Network Application) supports the exchange of information in accordance
with the 'Swedish Framework Decision'.
Member States ensure that conditions for cross-border information exchange are not stricter than
those applicable for an internal case. The competent law enforcement authorities are, in particular,
not obliged to ask for judicial agreement or authorisation prior to cross-border information
exchange, if the information sought is available at national level without such agreement or
authorisation. If, however, judicial authorisation is required, the judicial authority shall, when
issuing its decision, is required to apply the same rules in the cross-border case as in a purely
internal case. Information requiring judicial authorisation is indicated in the national fact sheets.
Since the standard request form has been found too cumbersome by practitioners, a non-compulsory
request form for information and intelligence43 has been developed. When it is not feasible to use
this simplified form, the use of a different form or unstructured free-text is preferred.
However, these requests shall in all cases comply with the requirements of Article 5 of the Swedish
Framework Decision, and contain at least the following mandatory items:
•
administrative information, i.e. requesting Member State, requesting authority, date,
reference number(s), requested Member State(s)
•
whether urgency is requested, and, if so, what the reasons are
•
description of the requested information or intelligence
•
identity/identities (as far as known) of person(s) or object(s) who are the main subject(s)
of the criminal investigation or criminal intelligence operation underlying the request
for information or intelligence (e.g. description of the offence(s), circumstances in
which the offence(s) was (were) committed etc.)
•
purpose for which the information and intelligence is sought

43
See infra Figure 2.

6704/16

GB/jg
66
ANNEX
DGD 1C
LIMITE
EN

•
connection between the purpose and the person who is the subject of the information
and intelligence
•
reasons for believing that the information or intelligence is in the requested Member
State
•
any restrictions on the use of information contained in the request ('handling codes')
The requesting Member State may choose between any of the existing channels for international
law enforcement communication (SIRENE, EUROPOL, INTERPOL, bilateral contact points). The
replying Member State normally uses the same channel as used for the request. If, however, the
requested Member State replies, for legitimate reasons, through another channel, the requesting
authority is informed of this change. The language used for the request and supply of information
shall be the one applicable for the channel used.
An overview of the bilateral or other agreements maintained is annexed to this manual.

6704/16

GB/jg
67
ANNEX
DGD 1C
LIMITE
EN

Figure 1

6704/16

GB/jg
68
ANNEX
DGD 1C
LIMITE
EN

6704/16

GB/jg
69
ANNEX
DGD 1C
LIMITE
EN

6704/16

GB/jg
70
ANNEX
DGD 1C
LIMITE
EN

6704/16

GB/jg
71
ANNEX
DGD 1C
LIMITE
EN

6704/16

GB/jg
72
ANNEX
DGD 1C
LIMITE
EN

Figure 2
REQUEST FOR INFORMATION AND INTELLIGENCE
Under Council Framework Decision 2006/960/JHA
I – Administrative Information
Requesting Member State

Requesting authority  (name,  address,

telephone, fax. e-mail):
Details of the handling agent (optional):

Date and time of this request:

Reference number of this request:

Previous reference numbers

Requested Member State(s):

Channel
ENU/Europol Liaison Officer
For information
For execution
Interpol NCB
For information
For execution
SIRENE
For information
For execution
Liaison Officer
For information
For execution
Other (please specify):
For information
For execution

II - Urgency
Urgency requested
   Yes               No
Reasons for urgency (e.g.: suspects are being held in custody, the case has to go to court before a specific date):
Application of Article
Offence falls under Article 2(2) Framework Decision
Yes
  No
2002/584/JHA on the European Arrest Warrant

III – Purpose
Type of crime(s) or criminal activity/activities being investigated
Description of:
-  circumstances in which the offence(s) was (were) committed (e.g.: the time, place and degree of
participation in the offence(s) by the person who is the subject of the request for information or
intelligence)
-  reasons for believing that the information or intelligence is in the requested Member State,
-  connection between the purpose for which the information or intelligence is requested and the person
who is the subject of the information or intelligence
  request to use the information as evidence if possible under national legislation  (optional)

6704/16

GB/jg
73
ANNEX
DGD 1C
LIMITE
EN

IV – Type of information
Identity/identities (as far as known) of the person(s) or object(s)
Person
Object(s)
Family name:
Weapon serial number:
Name at birth:
Document number:
First name:
Other identification number or name:
Date of Birth
Vehicle registration number:
Place of Birth
Vehicle serial number (VIN):
Gender:  male
female
unknown
Type of documents:
Nationality:
Contact details of company (tel. number, e-mail, address,
Additional Information:
www…):
Additional Information:
Information or intel igence requested
Person
Vehicle
Others
  verification of identity
  completion of identification data
  identification of company
  screening in databases
  identification of  owner
  screening of company in databases
  finding the address/place
  identification of driver
  screening of documents in
of stay
  screening in databases
databases
  identification of phone/fax number
  identification of owner of the
e-mail address
  screening of address
  screening of weapons
  weapons trading route
Others:

V - Handling Codes
Restrictions on the use of information contained in this request for purposes other than those for which it has
been supplied or to prevent an immediate and serious threat to public security
for police purposes only, not for use in judicial proceedings
contact the information provider prior to any use



6704/16

GB/jg
74
ANNEX
DGD 1C
LIMITE
EN

link to page 75
3.2.  Schengen - SIS II and non-SIS II data exchange
The Schengen Agreement signed on 14 June 1985 was supplemented in 1990 by the Convention
implementing the Schengen Agreement (CISA) which created the Schengen Area through the
complete abolition of border controls between Schengen states, common rules on visas, and police
and judicial cooperation. The CISA establishes a general requirement for police co-operation and
entitles police authorities to exchange information within the limits of their respective national legal
system.
With the entry into force of the Amsterdam Treaty in 1999, cooperation measures hitherto in the
Schengen framework were integrated into the European Union legal framework and Schengen-
related matters are now dealt with by the legislative bodies of the EU. The Schengen Protocol
annexed to the Amsterdam Treaty laid down detailed arrangements for this integration process.
Legislation
Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the
second generation Schengen Information System (SIS II), OJ, L 205/63, 7.8.2007.
Key Provisions
The Schengen Information System (SIS) is both a police cooperation and border control system and
supports operational cooperation between police authorities and judicial authorities in criminal
matters. Designated police officers, border guards, customs officers, and visa and judicial
authorities throughout the Schengen area may consult the SIS.44 On 9 April 2013 a second
generation Schengen Information System ('SIS II') came into operation in 24 EU Member States as
well as in the four non-EU countries which are associated with Schengen cooperation: Norway,
Iceland, Switzerland and Liechtenstein.
SIS II data can be searched online (subject to strict data protection rules) 24/7 via SIRENE bureaux,
at border control points, inside national territory and abroad in consulates. Data are referred to as
alerts, an alert being a set of data enabling authorities to identify persons, i.e. European citizens and
non-EU citizens, or objects with a view to taking appropriate action for the purposes of combating
crime and irregular immigration.

44  A list of the national competent authorities which have the right to access alerts is published
annually in the Official Journal of the European Union.

6704/16

GB/jg
75
ANNEX
DGD 1C
LIMITE
EN

link to page 76

Specifically authorised staff of Europol have the right, within the scope of its mandate, directly to
access and search data entered into SIS II and may request further information from the Member
State concerned.
The national members of Eurojust and their assistants have the right, within the scope of their
mandate, to access and search data entered into SIS II.
According to Article 47 of CISA, liaison officers seconded to police authorities in other Schengen
States or third countries are responsible for exchanging information pursuant to:
•
Article 39(1), (2) and (3) in compliance with national law for the purpose of preventing
and detecting criminal offences;
•
Article 46, even on their own initiative, for the purpose of preventing offences against
or threats to public order and security.
It should be noted that the provisions of Article 39(1), (2) and (3) and Article 46, insofar as they
relate to the exchange of information and intelligence with regard to serious crime, are replaced by
those of Council Framework Decision 2006/960/JHA, the 'Swedish Framework Decision'.
However, the provisions of Article 39(1), (2) and (3) and Article 46 remain applicable with regard
to offences punishable by a term of imprisonment of less than 12 months.
3.3. Europol
Legislation
Council Decision of 6 April 2009 establishing the European Police Office (Europol)
(2009/371/JHA), OJ L 121/37, 15.5.200945.

45
A draft Regulation on Europol is currently under negotiation.

6704/16

GB/jg
76
ANNEX
DGD 1C
LIMITE
EN

link to page 77 link to page 77
Key provisions
The objective of Europol is to support and strengthen action by the Member States' competent
authorities responsible for preventing and combating criminal offences, and their mutual
cooperation in preventing and combating organised crime, terrorism and other forms of serious
crime affecting two or more Member States. To that end, Europol collects, stores, processes,
analyses and exchanges information and intelligence.
Each Member State designates a national unit (ENU) functioning as the liaison body between
Europol and the competent authorities in the Member States. The ENUs carry out tasks related to
the sharing of relevant information and intelligence. Each national unit seconds at least one liaison
officer constituting the national liaison bureau at Europol and representing the interests of the
national unit. Liaison officers are tasked with information sharing between, on the one hand, the
national unit and Europol, and, on the other hand, bilaterally between other national units. These
bilateral exchanges can cover crimes beyond the Europol mandate.
The national unit is responsible for communication with the Europol Information System (EIS) used
to process the data required for the performance of Europol's tasks. The national unit, liaison
officers and duly authorised Europol staff have the right to input data into the systems and retrieve
data from them.
3.4.  Interpol
Legislation
Interpol Constitution46
Rules governing the processing of information47
Rules on the control of information and access to Interpol's files

46
http://www.interpol.int/en/About-INTERPOL/Legal-materials/The-Constitution
47
http://www.interpol.int/en/About-INTERPOL/Legal-materials/Fundamental-texts

6704/16

GB/jg
77
ANNEX
DGD 1C
LIMITE
EN

link to page 78 link to page 78 link to page 78
Key provisions
The mission of Interpol is to facilitate international police cooperation with a view to preventing
and fighting crime through enhanced cooperation and innovation on police and security matters.
Action is taken within the limits of existing laws in the Member States and in the spirit of the
Universal Declaration of Human Rights. Each of the 190 Member States maintains a National
Central Bureau (NCB) staffed by its own highly trained law enforcement officials.
The Interpol Constitution is an international agreement that confirms, as members, the governments
of all those countries that participated in its adoption in 1956 and lays down the application
procedure for countries that were not members in 1956 to join Interpol.
As the main legal document, the Constitution outlines Interpol's aims and objectives. It establishes
the mandate of the organisation to ensure the widest possible cooperation between all criminal
police authorities and to suppress ordinary law crimes.
In addition to the Constitution, a number of fundamental texts make up Interpol's legal framework.
Several levels of control have been put in place in order to ensure compliance with the rules. These
relate to controls by National Central Bureaux (NCB), by the General Secretariat and by the
independent monitoring body known as the Commission for the Control of Interpol's Files.
3.5.  Liaison officers
Legislation
Convention implementing the Schengen Agreement of 19 June 1990 (CISA) 48,  Article 47
Council Decision 2003/170/JHA of 27 February 2003 on the common use of liaison officers posted
abroad by the law enforcement agencies of the Member States49,
Council Decision 2006/560/JHA of 24 July 2006 amending Decision 2003/170/JHA on the
common use of liaison officers posted abroad by the law enforcement agencies of the Member
States50

48  Convention implementing the Schengen Agreement of 19 June 1990 (CISA), OJ L 239/19,
22.9.2000.
49
Council Decision 2003/170/JHA of 27 February 2003, OJ L 67/27, 12.3.2003.
50
Council Decision 2006/560/JHA of 24 July 2006, OJ L 219/31, 10.8.2006.

6704/16

GB/jg
78
ANNEX
DGD 1C
LIMITE
EN

link to page 79 link to page 79
Council Decision of 6 April 2009 establishing the European Police Office (Europol)
(2009/371/JHA), OJ L 121/37, 15.5.2009
Council Decision 2008/615JHA on the stepping up of cross-border cooperation, particularly in
combating terrorism and cross-border crime, OJ L 210/1, 6.8.2008
Bilateral Agreements
Key Provisions
Article 47 of the CISA provides that Member States 'may conclude bilateral agreements providing
for the secondment, for a specified or unspecified period, of liaison officers from one [Member]
State to the police authorities of another [Member] State'. Liaison officers are not empowered to
execute any police measures autonomously and Article 47 specifies that such secondments are
'intended to further and accelerate cooperation, particularly by providing assistance:
a)  in the form of the exchange of information for the purposes of combating crime by means of
both prevention and law enforcement
b)  in executing requests for mutual police and judicial assistance in criminal matters
c)  with the tasks carried and by the authorities responsible for external border surveillance.'
More information about such secondments can be found in the 'Football Handbook'51 and in the
Council Recommendation of 6 December 2007 concerning a Handbook for police and security
authorities concerning cooperation at major events with an international dimension52.
The CISA provision that national liaison officers may also represent the interests of one or more
other Member States has been further developed by the Council Decision on the common use of
liaison officers posted abroad by the law enforcement agencies of the Member States (amended in
2006). Provision has also been made for the improvement of cooperation between liaison officers of
different Member States in their place of secondment. In various fora, it has been stressed that this
cooperation should be encouraged.

51  Council Resolution concerning an updated handbook with recommendations for international
police cooperation and measures to prevent and control violence and disturbances in
connection with football matches with an international dimension, in which at least one
Member State is involved, OJ C 165/1, 24.6.2010.
52  OJ C 314/4, 22.12.2007.

6704/16

GB/jg
79
ANNEX
DGD 1C
LIMITE
EN

In accordance with the current Europol Decision, each Member State designates a national unit
(ENU) which functions as the liaison body between Europol and the Member States' competent
authorities responsible for preventing and combating criminal offences. The ENUs carry out tasks
related to the sharing of relevant information and intelligence. Each national unit seconds at least
one liaison officer constituting the national liaison bureau at Europol and representing the interests
of the national unit. Liaison officers are tasked with information sharing between, on the one hand,
the national unit and Europol, and, on the other hand, bilaterally between other national units. These
bilateral exchanges can cover crimes beyond the Europol mandate.
Council Decision 2008/615JHA ('Prüm Decision') provides in Article 17 and 18 for the secondment
of national officers for the purpose of maintaining public order and security and preventing criminal
offences.
3.6. Prüm Data Exchange
Legislation
•
Council Decision 615/2008/JHA of 23 June 2008 on the stepping up of cross-border
cooperation, particularly in combating terrorism and cross-border crime
•
Council Decision 2008/616/JHA of 23 June 2008 on the implementation of Decision
2008/615/JHA on the stepping up of cross-border cooperation, particularly in combating
terrorism and cross-border crime. (OJ L 210, 6.8.2008)
Key Provisions
Member States reciprocally grant cross-border online access to reference data of designated national
DNA analysis files and automated dactyloscopic identification systems (AFIS) as well as to vehicle
registration data (VRD) (see Chapter 2 of Council Decision 2008/615/JHA).
Specific NCPs must be designated in each Member State. Data protection and data security
provisions must be adequately accounted for in national legislation. The automated comparison of
anonymous biometric profiles is based on a hit/no hit system, except in the case of VRD where
owner/holder data searched for is automatically returned.

6704/16

GB/jg
80
ANNEX
DGD 1C
LIMITE
EN

link to page 81

In the event of a biometric match, the NCP of the searching Member State receives, in an automated
process, the reference data with which a match has been found.
Additional specific personal data and further information relating to the reference data may then be
requested through mutual assistance procedures, including those adopted pursuant to the 'Swedish
Framework Decision'.
The supply of such supplementary data is governed by the national law, including the legal
assistance rules, of the requested Member State. It is understood that the supply of personal data
requires an adequate level of data protection on the part of the receiving Member States.53
For the prevention of criminal offences and in the interests of maintaining public order and security
for major events with a cross-border dimension, Member States may, both on request and on their
own initiative, supply each other with non-personal as well as personal data. To that end, specific
national contact points (NCP) are designated (see Chapter 3 of Council Decision /008/615/JHA).
For the prevention of terrorist offences, Member States may supply each other with personal data
under certain circumstances. To that end, specific national contact points are designated (see
Chapter 4 of Council Decision 2008/615/JHA).
3.7.  Visa Information System (VIS)
Legislation
Council Decision of 8 June 2004 establishing the Visa Information System (VIS) (2004/512/EC),
OJ L 213/5, 15.6.2004
Council Decision 2013/392/JHA fixing the date of effect of Decision 2008/633/JHA concerning
access for consultation of the Visa Information System (VIS) by designated authorities of Member
States and by Europol for the purposes of the prevention, detection and investigation of terrorist
offences and of other serious criminal offences

53
Council Decision 2008/615/JHA complies with the level of protection designed for the processing of
personal data in the Council of Europe Convention of 28 January 1981 for the Protection of
Individuals with regard to Automatic Processing of Personal Data, the Additional Protocol of 8
November 2001 to the Convention and the principles of Recommendation No R (87) 15 of the Council
of Europe Regulating the Use of Personal Data in the Police Sector.

6704/16

GB/jg
81
ANNEX
DGD 1C
LIMITE
EN

OJ 2013 L 198, p. 45
Key Provisions
VIS is a system which enables competent national authorities to enter and update visa data and to
consult these data electronically. It is based on a centralised architecture and consists of a central
information system, the Central Visa Information System (CS-VIS), a national interface in each
Member State (NI-VIS), and the communication infrastructure between CS-VIS and NI-VIS.
On 16 April 2015, the European Court of Justice annulled Council Decision 2013/392/EU of 22
July 2013 fixing the date of effect of Decision 2008/633/JHA concerning access for consultation of
the Visa Information System (VIS) by designated authorities of Member States and by Europol for
the purposes of the prevention, detection and investigation of terrorist offences and other serious
criminal offences. However, the Court declared that the effects of Decision 2013/392 were to be
maintained until the entry into force of a new act intended to replace it.
3.8. Eurodac
Legislation
The European Automated Fingerprint Identification System (Eurodac) is a computer system
originally to facilitate the effective application of the Dublin Convention. The Dublin Convention,
signed on 15 June 1990, was replaced by Council Regulation (EC) No 343/2003 of 18 February
2003 establishing the criteria and mechanisms for determining the Member State responsible for
examining an asylum application lodged in one of the Member States by a third-country national.
Subsequent to changes made to the Regulations concerning Eurodac, they were recast by
Regulation No 603/2013 of the European Parliament and of the Council of 26 June 2013 on the
establishment of 'Eurodac' for the comparison of fingerprints for the effective application of
Regulation (EU) No 604/2013 establishing the criteria and mechanisms for determining the
Member State responsible for examining an application for international protection lodged in one of
the Member States by a third-country national or a stateless person and on requests for the
comparison with Eurodac data by Member States' law enforcement authorities and Europol for law
enforcement purposes, and amending Regulation (EU) No 1077/2011 establishing a European
Agency for the operational management of large-scale IT systems in the area of freedom, security
and justice (recast) (OJ L 180/1, 29.6.2013).

6704/16

GB/jg
82
ANNEX
DGD 1C
LIMITE
EN

link to page 83 link to page 83
Key Provisions
Regulation No 603/2013 sets out the purpose of Eurdodac and defines the conditions for access by
designated national law enforcement authorities and by Europol to Eurodac data for the purposes of
the prevention, detection or investigation of terrorist offences54 or of other serious criminal
offences55.
3.9. Naples II
Legislation
Council Act of 18 December 1997 drawing up, on the basis of Article K.3 of the Treaty on
European Union, the Convention on mutual assistance and cooperation between customs
administrations, published in OJ C 24/1 23.1.1998
Key Provisions
Member States mutually assist one another in order to prevent and detect infringements of national
customs provisions and prosecute and punish infringements of Community and national customs
provisions. In the framework of criminal investigations, the Naples II Convention lays down
procedures under which customs administrations may act jointly and exchange data, spontaneously
or on request, concerning illicit trafficking activities.
Requests are submitted in writing in an official language of the Member State of the requested
authority or in a language accepted by that authority. A form sets out the standard for
communication of information. The authorities concerned communicate all information which may
assist in preventing, detecting and prosecuting infringements. They exchange personal data,
meaning all information relating to a natural person who is identified or identifiable.
In order to provide the assistance required, the requested authority or the competent authority which
it has addressed proceeds as though it were acting on its own account or at the request of another
authority in its own Member State.

54
Council Framework Decision 2002/475/JHA of 13 June 2002 on combating terrorism (OJ L
164/3, 22.6.2002).
55
Council Framework Decision 2002/584/JHA of 13 June 2002 on the European arrest
warrant and the surrender procedures between Member States (OJ l 190/1, 18.7.2002).

6704/16

GB/jg
83
ANNEX
DGD 1C
LIMITE
EN

link to page 84 link to page 84 link to page 84

3.9.1 Customs Information System - CIS 56
The Customs Information System complements the Naples II Convention57. The centralised
information system is managed by the Commission and aims at enhancing Member States' customs
administration through rapid information exchange with a view to preventing, investigating and
prosecuting serious violations of national and Community law. CIS also establishes a customs file
identification database (FIDE) to assist customs investigations.
The Authorities designated by the Member States58 have direct access to the data contained in the
CIS. In order to enhance complementarity with Europol and Eurojust, both bodies are granted read-
only access to CIS and to FIDE.
CIS comprises personal data with reference to commodities, means of transport, business, persons
and goods and cash retained, seized or confiscated. Personal data may only be copied from CIS to
other data-processing systems for risk management or operational analyses, which only the analysts
designated by the Member States may access.
FIDE enables national authorities responsible for conducting customs investigations, when they
open an investigation file, to identify other authorities that may have investigated a given person or
business.

56
Council Decisions 2009/917/JHA of 30 November 2009 on the use of information
technology for customs purposes, OJ L 323/20, 10.12.2009.
57
Convention drawn up on the basis of Article K.3 of the Treaty on European Union, on
mutual assistance and cooperation between customs administrations, OJ C 24/2, 23.1.1998.
58
Implementation of Article 7(2) and Article 8(3) of Council Decision 2009/917/JHA of 30
November 2009 on the use of information technology for customs purposes - updated lists of
competent authorities, 13394/11 ENFOCUSTOM 85.

6704/16

GB/jg
84
ANNEX
DGD 1C
LIMITE
EN

link to page 85 link to page 85

3.10. National Asset Recovery Offices (ARO) and CARIN
Legislation
Council Decision 2007/845/JHA of 6 December 2007 concerning cooperation between Asset
Recovery Offices of the Member States in the field of tracing and identification of proceeds from,
or other property related to, crime, OJ L 332/103, 18.12.2007
The Camden Assets Recovery Inter-Agency Network (CARIN) was established at The Hague on
22-23 September 2004 by Austria, Belgium, Germany, Ireland, Netherlands and the
United Kingdom.
Key Provisions
Following the adoption of Council Decision 2007/845/JHA59, all Member States have since
established and designated asset recovery offices (AROs). They can directly exchange information
on matters pertaining to the recovery of assets via the SIENA system. Under the auspices of the EU
Commission and Europol, the ARO Network facilitates cooperation between AROs of the Member
States and strategic discussion and exchange of best practices. The Europol Criminal Assets Bureau
(ECAB) acts as a focal point for asset recovery within the EU.
The provisions laid down in Directive 2014/42/EU of the European Parliament and of the Council
of 3 April 2014 on the freezing and confiscation of instrumentalities and proceeds of crime in the
European Union60 will further enhance the effectiveness of cooperation between the asset recovery
offices within the European Union. Member States are called upon to transpose the Directive by
4 October 2016.

59  Council Decision 2007/845/JHA of 6 December 2007 concerning cooperation between Asset
Recovery Offices of the Member States in the field of tracing and identification of proceeds
from, or other property related to, crime, OJ L 332/103, 18.12.2007.
60  Directive 2014/42/EU of the European Parliament and of the Council of 3 April 2014 on the
freezing and confiscation of instrumentalities and proceeds of crime in the European Union,
OJ L 127/39, 29.4.2014.

6704/16

GB/jg
85
ANNEX
DGD 1C
LIMITE
EN

The Camden Assets Recovery Inter-Agency Network (CARIN), established in 2004 to support the
cross-border identification, freezing, seizure and confiscation of property related to crime, enhances
the mutual exchange of information regarding different national approaches extending beyond the
EU.
As of 2015, the CARIN Network includes practitioners from 53 jurisdictions and 9 international
organisations which serve as contact points for the purpose of rapid cross-border exchange of
information, on request or spontaneously. National AROs cooperate among themselves or with
other authorities facilitating the tracing and identification of proceeds of crime. While all Member
States have established an ARO, major differences exist between the Member States in terms of
organisational setup, resources and activities.
Information exchanged may be used according to the data protection provisions of the receiving
Member States and is subject to the same data protection rules as if it had been collected in the
receiving Member State. Spontaneous information exchange in line with this Decision, applying the
procedures and time limits provided for in the Swedish Framework Decision, is to be promoted.
3.11. Financial Intelligence Units (FIU)
Legislation
Council Decision 2000/642/JHA of 17 October 2000 concerning arrangements between financial
intelligence units of the Member States in respect of exchanging information
OJ L 271/4, 24.1.2000
Key Provisions
A request must specify how the information sought will be used and - a key feature of the Decision
- the replying FIU is required to provide all relevant information, including financial information
and law enforcement data. However, a FIU may refuse to divulge information if this were to impede
an ongoing criminal investigation or be clearly disproportionate to the legitimate interests of the
subject concerned or otherwise not be in accordance with fundamental principles of national law.

6704/16

GB/jg
86
ANNEX
DGD 1C
LIMITE
EN

FIUs are to undertake all necessary measures, including security measures, to ensure that
information submitted cannot be accessed by any other authorities, agencies or departments. The
Member States shall provide for, and agree upon, appropriate and protected channels of
communication between FIUs.
FIU.NET is a decentralised computer network for the exchange of information between FIUs.
FIU.NET, originally intended to strengthen the position of the FIUs, has developed over recent
years from a secure basic tool for structured bilateral information exchange to a secure
multifunctional tool for multilateral information exchange, with case management features as well
as semi-automated standardisation of processes. In FIU.NET, each new feature and automated
process is optional, with no strings attached. The individual FIUs can decide which of the
possibilities and features offered by FIU.NET to use; they just use the features they feel comfortable
with and exclude the ones they do not need or want to use.
3.12. EU/US Terrorist Financing Tracking Programme (TFTP) Agreement
In the aftermath of 9/11, the EU and the US decided to work closely together and concluded the
Agreement on the processing and transfer of Financial Messaging Data from the European Union to
the United States for the purposes of the Terrorist Financing Tracking Programme (EU-US TFTP
Agreement). Pursuant to the Agreement, the US Treasury Department also makes TFTP
information available to law enforcement, public security or counter terrorism authorities of the
Member States concerned and, if appropriate, to Europol and Eurojust.
The TFTP is equipped with robust control measures to ensure that safeguards, including those on
personal data protection, are respected. Data are processed exclusively for the purpose of
preventing, investigating, detecting or prosecuting terrorism or its financing.
The benefit from TFTP data for Member States, Europol and Eurojust is limited by the fact that
TFTP cross border payment analysis is exclusively based on FIN (Financial Institution Transfer)
messages, a SWIFT message type by which financial information is transferred from one financial
institution to another. Other payment methods are not considered. However, the TFTP is the only
mechanism which enables, within a very short time period, the mapping and profiling of
transactions that are suspected of being related to terrorism or the financing of terrorism for the
purposes of enhancing internal security.

6704/16

GB/jg
87
ANNEX
DGD 1C
LIMITE
EN

Owing to greater awareness of the reciprocity clauses in this Agreement, EU authorities are
increasingly applying that mechanism so as to benefit from data exchange with the US. It should be
noted, in this context, that all requests from EU authorities for searches in the TFTP must meet the
requirements of Article 10 of the Agreement.
(Although the Agreement does not provide for Member States to proceed through Europol, it would
be useful, in order to improve the EU's response to terrorism and its financing, for Member States to
at least inform Europol in a systematic and timely manner of their direct requests under Article 10.
To support Member States in channelling requests for TFTP searches, Europol has set up a single
point of contact (SPOC) and with its Analysis Work File (AWF) environment and well established
cooperation with the Treasury, it is well placed to handle Member State requests effectively.)
3.13. Exchange of information on criminal records (ECRIS)
Legislation
Council Framework Decision 2009/315/JHA of 26 February 2009 on the organisation and content
of the exchange of information extracted from the criminal record between Member States, OJ L
93, 7.4.2009, p.23.  This Framework Decision repeals Council Decision 2005/876/JHA of 21
November 2005 on the exchange of information extracted from the criminal record, OJ L 322/33,
9.12.2005, p. 33.
Council Decision 2009/316/JHA on the establishment of the European Criminal Records
Information System (ECRIS) in application of Article 11 of Framework Decision 2009/315/JHA is
based on the principles established by Framework Decision 2009/315/JHA and applies and
supplements those principles from a technical standpoint.

6704/16

GB/jg
88
ANNEX
DGD 1C
LIMITE
EN

Key Provisions
Council Framework Decision 2009/315/JHA requires a convicting Member State to transmit, as
soon as possible, any convictions entered in their criminal register to the Member State(s) of that
person’s nationality as well as any alterations or deletions made to that conviction. The Member
State of nationality is obliged to store the information for the purposes of retransmission and any
alteration or deletion made in the convicting Member State entails an identical alteration or deletion
in the criminal register of that person’s nationality. When conviction information is requested for
the purposes of criminal proceedings from the Member State of the person’s nationality, the
requested Member State is required to transmit information on convictions stored in the criminal
register. If information is requested for purposes other than criminal proceedings, the requested
Member State replies in accordance with national law.
Council Decision 2009/316/JHA defines the ways in which a Member State is to transmit such
information. The Council Decision lays down the framework for a computerised system of
exchange of information extracted from criminal records. The Central Authorities of each Member
State use the special request and reply forms annexed to the Framework Decision though the
electronic route described in the legislation.

6704/16

GB/jg
89
ANNEX
DGD 1C
LIMITE
EN

link to page 90
Telecommunication Data Retention
Legislation
Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the
retention of data generated or processed in connection with the provision of publicly available
electronic communications services of public communication networks and amending Directive
2002/58/EC61.
Key Provisions
The Directive applies to providers of electronic communication services. The Directive states that
providers should retain traffic data and location data as well as the related data necessary to identify
the subscriber or user, in order to communicate those data to the competent national authorities on
their request. For the purpose of the investigation, detection and prosecution of serious crime,
Member States oblige the providers of electronic communications services or of public
communication networks to retain the categories of data necessary to identify:
•
the source of a communication
•
the destination of a communication
•
the date, time and duration of a communication
•
the type of communication,
•
users' communication equipment or what purports to be their equipment
•
the location of mobile communication equipment.
No data revealing the content of the communication may be retained.

61
The judgment of the Court of Justice of the European Union of 8 April 2014 declared the
Directive invalid.

6704/16

GB/jg
90
ANNEX
DGD 1C
LIMITE
EN

3.14. Road safety related traffic offences
Legislation
Directive (EU) 2015/413 of the European Parliament and of the Council of 11 March 2015
facilitating cross-border exchange of information on road-safety-related traffic offences, OJ L 68/9
Key Provisions
Member States grant each other online access to their national Vehicle Registration Data (VRD)
with a view to enforcing sanctions for certain road safety related offences committed with a vehicle
which is registered in a Member State other than the Member State where the offence took place.
The Member State of the offence uses the data obtained in order to establish who is personally
liable for the traffic offence. The information exchange applies to:
•
speeding
•
non-use of a seatbelt
•
failing to stop at a red traffic light
•
drink-driving
•
driving under the influence of drugs
•
failing to wear a safety helmet
•
use of a forbidden lane
•
illegally using a mobile telephone or any other communication device while
driving.
Using the specific EUCARIS software application, Member States reciprocally allow their
designated National Contact Points (NCP) access to VRD, with the power to conduct automated
searches on
a) data relating to vehicles and
b) data relating to the owner or holder of the vehicle.

6704/16

GB/jg
91
ANNEX
DGD 1C
LIMITE
EN

PART III - NATIONAL FACT SHEETS

DELETED FROM THIS POINT UNTIL THE END OF THE DOCUMENT (page 391)

6704/16

GB/jg
92
ANNEX
DGD 1C
LIMITE
EN

Document Outline