Access to the Visa Information System (VIS) by the national authorities and Europol
This Decision complements the VIS Regulation by establishing a legal base that enables the designated Member State authorities and Europol to access the Visa Information System (VIS). The purpose of granting access is to allow them to prevent and detect criminal offences, particularly terrorist offences, more effectively.
Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences.
The designated national authorities responsible for the prevention, detection or investigation of terrorist or other serious criminal offences and Europol officials are authorised to access VIS data.
Access by the national authorities
The operating units within the designated national authorities may access VIS data through central access points assigned by Member States. Access to the data is applied for on a case-by-case basis with reasoned written or electronic requests. The requests are verified and processed by the central access points prior to querying the VIS. They transfer the data obtained from the query to the operation units. Only in urgent cases may the requests be submitted in written, electronic or oral form, with the verifications carried out ex-post.
The authorities designated by Member States are authorised to consult the VIS within the limits of their powers, provided that:
- it is necessary for the purpose of investigating, preventing or detecting serious criminal offences;
- it is necessary due to a specific case;
- there are reasonable grounds for believing that the consultation will contribute to the prevention, detection or investigation of a serious criminal offence.
VIS data, which may be used for the search, are limited to:
- surname, surname at birth, first names, sex and date, place and country of birth;
- current nationality and nationality at birth of the visa applicant;
- type and number of the travel document, the authority that issued it and the date of issue and expiry;
- main destination and duration of the intended stay;
- purpose of travel, and intended date of arrival and departure;
- intended border of first entry or transit route;
- type of visa and number of the visa sticker;
- details of the person that has either issued an invitation for the visa applicant or is liable for the applicant’s subsistence costs during his/her stay.
If the search with any of the above data is successful, the authorities may in addition access other data. This includes any other data on the visa application, photographs and any supplementary information added onto the application when the visa was issued, refused, annulled, revoked or extended.
Access by Europol
Access to the VIS for consultation by Europol takes place within the limits of that organisation’s mandate.
The officials of a specialist unit designated by Europol act as the central access point authorised to consult the VIS.
Processing of information obtained by Europol via the VIS is subject to the consent of the Member State that entered the data in question.
Protection of personal data
Personal data are processed by:
- the national authorities as provided by national law, with a level of protection comparable to that granted by the Council of Europe Convention of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data;
- Europol by virtue of the Europol Convention and the rules adopted for its implementation, under the supervision of the independent joint supervisory body.
Only in urgent cases, and for the purpose of preventing and detecting terrorist and other serious offences, may personal data be transferred to third-countries or to international organisations. However, in such cases, the consent of the Member State that entered the data into the VIS must be obtained.
Member States are responsible for adopting security measures to guarantee data security during transmission and retrieval. Similarly, they must take measures that provide for administrative and criminal penalties if the use of VIS data contravenes with this Decision.
VIS data may be kept in national files only in individual cases and only for the duration necessitated by that particular case.
Each Member State and Europol must keep records of all data processing operations so that checks can be made to ensure that operations are lawful. These records must be deleted one year after the expiry of the retention period referred to in Regulation (EC) No 767/2008.
Each Member State and Europol is to set up and maintain, at their expense, the technical infrastructure necessary to implement this Decision. They are also to bear the costs of accessing the VIS.
Monitoring and evaluation
Two years after the VIS starts operating, and every two years thereafter, the Management Authority referred to in Regulation (EC) No 767/2008 will submit to the European Parliament, the Council and the Commission a report on the technical aspects of its operations. Pending the Management Authority becoming operational, the Commission will be responsible for the task.
Three years after the VIS starts operating, and every four years thereafter, the Commission will produce an overall evaluation of the system.
The VIS, which allows Member States to exchange visa data, was established by Council Decision 2004/512/EC of 8 June 2004. It not only contributes to the implementation of the common visa policy, but also to the Union’s internal security and especially to the fight against terrorism.
On 7 March 2005, the Council adopted conclusions stating that the authorities of the Member States responsible for internal security should be guaranteed access to the VIS “in order to achieve fully the aim of improving internal security and the fight against terrorism”.
This Decision follows from these conclusions. It builds on the bridging clause contained in Article 3 of Regulation (EC) No 767/2008 on the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) by establishing the legal basis for the national authorities’ and Europol’s access to the VIS.
Entry into force
Deadline for transposition in the Member States
Council Decision 2008/633/JHA
OJ L 218 of 13.8.2008