The VIS Regulation defines the purpose and functionalities of, as well as the responsibilities for, the Visa Information System (VIS). It provides the conditions and procedures for the exchange of visa data between the European Union (EU) countries and associated countries applying the common visa policy. Thus, the examination of applications for short stay visas and decisions on extending, revoking and annulling visas, as well as the checks on visas and the verifications and identifications of visa applicants and holders are facilitated.
Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) [See amending act(s)].
The purpose of the Visa Information System (VIS) is to improve the implementation of the common visa policy, consular cooperation and consultations between the central visa authorities by:
- facilitating the visa application procedure;
- preventing ‘visa shopping’;
- facilitating the fight against fraud;
- facilitating checks at external border crossing points and in the national territories;
- assisting in the identification of persons that do not meet the requirements for entering, staying or residing in the national territories;
- facilitating the application of the Dublin II Regulation for determining the EU country that is responsible for the examination of a non EU-country national’s asylum application and for examining said application;
- contributing to the prevention of threats to EU countries’ internal security.
In specific cases, the national authorities and Europol may request access to data entered into the VIS for the purpose of preventing, detecting and investigating terrorist and criminal offences. The procedures for consultations under such circumstances are laid down in Council Decision 2008/663/JHA. These consultations are carried out via central access points in the participating countries and by Europol, who verify the requests and ensure conformity with the above decision.
Only the following categories of data are recorded in the VIS:
- alphanumeric data * on the applicant and on the visas requested, issued, refused, annulled, revoked or extended;
- fingerprint data;
- links to previous visa applications and to the application files of persons travelling together.
Access to the VIS:
- for entering, amending or deleting data, is reserved exclusively to duly authorised staff of the visa authorities;
- for consulting data, is reserved exclusively to duly authorised staff of the visa authorities and authorities competent for checks at the external border crossing points, immigration checks and asylum, and is limited to the extent the data is required for the performance of their tasks.
The authorities with access to VIS must ensure that its use is limited to that which is necessary, appropriate and proportionate for carrying out their tasks. Furthermore, they must ensure that in using VIS, the visa applicants and holders are not discriminated against and that their human dignity and integrity are respected.
Entering of data by the visa authorities
Once an application is found admissible as set out in the Visa Code, the visa authority creates the application file by entering into the VIS a set of data listed in this regulation, such as the applicant’s personal and travel details provided in the application form, photograph and fingerprints.
Where a decision has been taken to issue a visa, the visa authority adds other relevant data, including the type of visa, the territory in which the visa holder is entitled to travel, the period of validity, the number of entries allowed in the territory and the duration of the authorised stay.
Additional data must also be entered if the visa authority representing another EU country discontinues the examination of an application as well as when a decision has been taken to refuse, annul or revoke a visa, or to extend the validity period of a visa.
Use of the data by the visa and other competent authorities
The competent visa authority may consult the VIS for the purpose of examining applications and decisions to issue, refuse, extend, annul or revoke a visa, or to shorten a visa’s validity period. It is authorised to carry out searches with some of the data included in the application form and the application file. If the search indicates that data on the applicant is recorded in the VIS, the visa authority will be given access to the application file and linked application files.
For prior consultation, the country responsible for examining the application must transmit any consultation requests with the application number to the VIS, indicating the country or countries to be consulted. The VIS will forward the request to the country concerned, which will, in turn, send the response to the VIS, which will then forward the response to the requesting country.
For statistical and reporting purposes, the visa authorities are authorised to consult data that does not allow for the identification of the applicant.
The authorities responsible for carrying out checks at external borders and within the national territories have access to search the VIS with the number of the visa sticker together with fingerprints. They may search the VIS for the purpose of verifying the identity of the person and/or the authenticity of the visa and/or whether the person meets the requirements for entering, staying in or residing within the national territories. If, based on this search, data on the visa holder is found in the VIS, the relevant authorities may consult certain data in the application file.
For identifying a person who may not or may no longer fulfil the required conditions, the competent authorities have access to search with fingerprint data. If that person’s fingerprints cannot be used or the search with the fingerprints fails, the relevant authorities may search the VIS with the name, sex, date and place of birth and/or information taken from the travel document. These may be used in combination with the nationality of the person.
Asylum authorities have access to search the VIS with fingerprint data, but solely for the purposes of determining the EU country responsible for the examination of an asylum application and of examining an asylum application. However, if the fingerprints of the asylum seeker cannot be used or the search fails, the authorities may carry out the search with the data set out above.
Each application file is stored in the VIS for a maximum of five years. Only the country responsible has the right to amend or delete data it has transmitted to the VIS.
Operation and responsibilities
After a transitional period, during which the Commission is in charge, the Management Authority will be responsible for the operational management of the Central VIS and the national interfaces. In addition, ensuring a communication infrastructure between these two, the Management Authority will be in charge of the supervision, security and the coordination of relations between the participating countries and the service provider. The Management Authority will also ensure that the VIS is operated in accordance with the VIS Regulation and that only duly authorised staff has access to data processed in the VIS.
The VIS is connected to the national system of each country via the country’s national interface. Participating countries designate a national authority that is connected to the national interfaces and that provides access to VIS by the relevant authorities.
Each country is responsible for:
- the development, organisation, management, operation and maintenance of its national system;
- ensuring the security of data before and during transmission to its national interface and, to this end, adopting a security plan;
- the management and arrangements for access by duly authorised staff of its competent national authorities to the VIS in accordance with this regulation;
- bearing the costs incurred by its national system.
Data in the VIS is not to be communicated to third countries or international organisations unless indispensable for attesting a third-country national’s identity in individual cases. The communication may be made when a set of conditions are met, with due respect to the rights of refugees and persons requesting international protection.
The responsible country provides the persons concerned with information on the identity and contact details of the controller responsible for the processing of the data, the purposes for which the data is processed within the VIS, the categories of the recipients of the data, the period of retention of the data and the right to access, correct and delete the data. In addition, the country must inform the persons concerned of its obligation to collect the data. Any person is entitled to receive information on how to bring an action or a complaint before the competent authorities or courts of the country concerned if he/she is refused the right of access to, or the right of correction or deletion of, data relating to him/her.
Each EU country must require a National Supervisory Authority, established in accordance with Directive 95/46/EC, to monitor the lawfulness of the processing of personal data by that country. The European Data Protection Supervisor will monitor the activities of the Management Authority.
Start of operations
The VIS will become operational once the technical implementation of the Central VIS, the national interfaces and the communication infrastructure have been completed and a comprehensive test of the VIS has been carried out. The countries must also have taken the required steps for the collection and transmission of data in a first region, followed by a gradual roll-out in other regions.
As a Schengen instrument, this regulation applies to EU countries with the exception of the United Kingdom and Ireland, which will not be bound by the regulation. Denmark has decided to implement the regulation. The regulation also applies to Iceland, Norway and Switzerland.
|Key terms used in the act|
|Act||Entry into force||Deadline for transposition in the Member States||Official Journal|
|Regulation (EC) No 767/2008||
OJ L 218 of 13.8.2008
|Amending act(s)||Entry into force||Deadline for transposition in the Member States||Official Journal|
|Regulation (EC) No 810/2009||
OJ L 243 of 15.9.2009