15. Annesso alla raccomandazione della Commissione, del 15 dicembre 2015 che adotta il manuale pratico per l’attuazione e la gestione del sistema europeo di sorveglianza delle frontiere (manuale EUROSUR)

1 Introduction

This handbook provides general, technical and operational guidelines as well as recommendations and best practice for implementing and managing the European Border Surveillance System (EUROSUR) established by Regulation (EU) No 1052/2013.[1]

This handbook is for the Member States, the European Agency for Management of Operational Cooperation at the External Borders of the Member States of the European Union (‘the Agency’) and the other EU bodies, offices and agencies involved in EUROSUR.

This handbook does not create any legally binding obligations upon Member States, the Agency or other EU bodies, offices or agencies, nor does it establish new rights and duties for national authorities who are responsible for border surveillance or any other bodies to whom the handbook might be relevant. Only Regulation (EU) No 1052/2013, on which this handbook is based, or other legislation it refers to,[2] can produce legally binding effects and can be invoked before a national court or tribunal.

This handbook is reviewed on a regular basis, in light of experience and lessons learned through implementing Regulation (EU) No 1052/2013.

2 General guidelines

2.1 Objectives and framework of EUROSUR[3]

EUROSUR is a multi-purpose system used for detecting, preventing and combating illegal immigration and cross-border crime at the external borders, thereby contributing to the further development of the Schengen acquis. It aims to contribute to protect and save the lives of migrants attempting to cross the external borders.

To achieve these objectives, EUROSUR provides a common framework for information exchange and cooperation among all authorities with responsibility for the surveillance of the external land and sea borders.[4] EUROSUR follows an intelligence and risk analysis driven approach, allowing national and European authorities to better understand what is happening at the external borders and enabling them to react faster to new routes and methods used for illegal immigration and cross-border crime. Key elements of this include near-real time information exchange, regular intelligence sharing and close cooperation among authorities at national and European level.

The EUROSUR framework consists of several components[5] which interrelate as follows:

At national level, authorities cooperate via national coordination centres for border surveillance and exchange information via national situational pictures. At European level, the national coordination centres exchange information with each other and the Agency via the EUROSUR communication network, with unlimited access to the European situational picture and the common pre-frontier intelligence picture.

The Agency also cooperates with other EU bodies, offices and agencies (e.g. European External Action Service, Europol, Eurojust, Fundamental Rights Agency) in order to make best use of the information, capabilities and systems available. For example, the Agency coordinates the common application of surveillance tools in cooperation with the European Maritime Safety Agency and the EU Satellite Centre to supply the national coordination centres and itself with surveillance information on the external borders and on the pre-frontier area.

EUROSUR allows Member States to react faster to incidents and to critical situations occurring at the external borders. To help with this, the external land and sea borders are divided into ‘border sections’, each of which is given an impact level. This approach allows hotspots at the external borders to be identified, with a standardised reaction at national level and support from the Agency if required.

To achieve EUROSUR’s objectives, Member States also exchange information and work with neighbouring third countries based on agreements and through specific regional networks based on those agreements.

When exchanging information and cooperating in the framework of EUROSUR, Member States and the Agency must comply with requirements to protect fundamental rights, in particular the non-refoulement principle and the protection of personal data.

2.2 Scope[6]

 

2.3 Definitions for the purposes of this handbook[10]

1) ‘Monitoring’ means observing a situation or geographical area.

2) ‘Detection’ means becoming aware of an object of interest’s presence and location.

3) ‘Identification’ means establishing the unique identity or specific characteristics of the object of interest.

4) ‘Tracking’ means determining the past, current and future locations of an object of interest.

5) ‘Prevention’ means activities that hinder or prevent an action from taking place.

6) ‘Interception measures’means measures taken to prevent the object of interest from proceeding further.

7) ‘National authorities’means all authorities with responsibility for surveillance of the external land and sea borders in accordance with national law and, if applicable, with responsibility for border checks and air border surveillance.

8) ‘National border surveillance system’ means a single structure or a combination of surveillance and monitoring systems which brings together surveillance activities at the external borders of a Member State, under the coordination of the national coordination centre in accordance with national law, and supports the exchange of information between all national authorities with responsibility for external border surveillance.

9) ‘Own assets’means the mobile or stationary equipment and human resources at the disposal of a Member State or the Agency used to monitor and patrol the external borders.

10) ‘Status of assets’means the level of readiness and the availability of the asset.

11) ‘Event’means either an incident (a situation relating to illegal immigration, a cross-border crime or a risk to the lives of migrants) or a crisis situation (for instance in a neighbouring third country) or any other situation which has a significant impact on border security.

12) ‘Unauthorised border crossings’refers to any act of crossing the border at or outside border crossing points which is not in compliance with the rules for crossing the external borders set out in the Schengen Borders Code.

13) ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.

14) ‘Processing of personal data’ means any handling which is performed upon personal data, whether by automatic means or not, including collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmitting, disseminating or otherwise making the data available, alignment or combination, blocking, erasure or destruction.

15) ‘Neighbouring third country’ means a third country which has either a land or sea border or a common sea basin with a Member State.

2.4 Protection of fundamental rights and measures contributing to saving migrants’lives[11]

1. National authorities comply with international and European instruments on fundamental rights,[12] and in particular the EU asylum acquis and international refugee law. They respect the human dignity of persons involved in illegal immigration and cross-border crime and must not discriminate on the grounds of sex, race, social condition or ethnic origin, language, religion or belief, political or any other opinion, disability, age or sexual orientation. Any measures taken while carrying out their duties must be proportionate to the objectives pursued by such measures.

2. When collecting information during border surveillance activities, the right to private life and the protection of personal data of any persons must be respected, in accordance with national and EU legislation.

3. The authorities observe their obligation to render assistance to any vessel or person in distress at sea and, during a sea surveillance operation, ensure that their participating units comply with that obligation, in accordance with international law and respecting fundamental rights. In the context of operational cooperation coordinated by the Agency, they adhere to the rules established by Regulation (EU) No 656/2014[13]

4. Whenever persons are in need of medical assistance, including pregnant women or injured, sick or dehydrated people, the coordination centre responsible (Maritime Rescue Coordination Centre, local, regional or national coordination centre, depending on the situation) must ensure that the necessary measures, such as requesting medical support, are taken without delay. The safety of the crew and the people in question is of paramount concern and all measures must be conducted in a way that ensures such safety, at all times.

5. Border guards and staff from all relevant national authorities are trained in how to identify and approach children and vulnerable people[14] and assist those people in accessing the appropriate protection or assistance measures.[15] Staff is provided with information on national referral mechanisms[16] and on how to preserve evidence of crimes at the border for possible future legal proceedings.

6. National authorities ensure, in full compliance with the principle of non-refoulement, that people seeking international protection are identified, receive adequate assistance, are informed appropriately about their rights and how to access relevant procedures (including the possibility of requesting asylum), and are promptly referred to the national authorities responsible for receiving their asylum requests.

7. In order to contribute to ensuring the protection and saving the lives of migrants at sea, there need to be in place national communication channels and workflows between the National Coordination Centre (NCC) and the Maritime Rescue Coordination Centre (MRCC) to ensure the timely exchange of information. This information exchange should take place taking full account of the fact that the MRCC is exclusively responsible for coordinating any operation relating to a search and rescue (SAR) incident, acting under specific SAR international legal instruments.[17] This information exchange could include:

a) Information about the status and position of patrolling assets (important to both centres for assessing their reaction capability).

b) Risk analysis products shared by the NCC with the MRCC, since migratory flows can lead to potentially high risks for lives at sea.

c) The MRCC and NCC may share with each other their satellite and terrestrial communication and tracking capacities, incl. ones which are available via the Agency.

d) Informing the MRCC about incidents that do not initially require, but might later on need, SAR actions so that they are ready to respond in case conditions worsen and SAR action is required. Similarly, the NCC should be informed about any SAR incidents involving migrants.

e) The NCC may assist the MRCC in selecting the disembarkation point, if one is needed (the decision on this during SAR operations must be made by the MRCC). This may be of relevance to allow further arrangements (such as local administrative and hosting reception capacity at disembarkation) to be made.

Best practice: The MRCC and NCC conclude a formal agreement on information exchange in accordance with data protection rules, thereby ensuring smooth cooperation. This may cover, for example, the deployment of liaison officers, the list of products and reports to be exchanged, possible access to each other’s IT systems (on a need-to-know basis and in line with national data protection rules) and regular meetings between the staff from the two centres at both management and working level.

Patrol assets used for border surveillance operations should be equipped for SAR operations.

8. When cooperating with a neighbouring third country, Member States comply with their obligations under EU and international law, in particular with the principle of non-refoulement and data protection rules. They must not share any information which could be used by the third country to identify persons or groups of persons whose request for access to international protection is under examination or who are at serious risk of being subjected to torture, inhuman and degrading treatment or punishment, or any other violation of fundamental rights.

Best practice: The NCC draws up a standard operating procedure for sharing information with third countries. This procedure should include checking that information is not shared when the NCC knows or is supposed to know that it will be or most likely might be used by the third country to violate fundamental rights. An electronic log could be kept with the date, the name of the third country and the type of information shared.

3 Operational guidelines

3.1 National Coordination Centre[18]

3.1.1 Functions and tasks

 

NCC staff needs to have sufficient foreign language skills to be able to work with neighbouring and other NCCs. The NCC needs to have enough qualified internal or external translation capacity to ensure the timely exchange of information.

When a Member State hosts an operational activity coordinated by the Agency (e.g. a joint operation), it may use the infrastructure provided by the NCC or subordinated centres.

3.1.2 National authorities responsible for border surveillance[22]

In order to coordinate their activities, representatives from the national authorities with responsibility for the surveillance of the external land and sea borders work together in the NCC on a permanent basis.

The NCC may also provide information on the surveillance of air borders and on checks at border crossing points if Member States decide it. In this case, it is recommended that representatives from the national authorities responsible for border checks and air border surveillance also work in the NCC.

The NCC may include liaison officers from other national authorities or other relevant bodies, as needed.

3.1.3 Cooperation with other national authorities[23]

Depending on the national division of responsibilities and without prejudice to any obligations under the legislation governing their activities, the NCC exchanges information and cooperates on a regular basis, through the appropriate channels, with the following national authorities:

a) Coastguard

b) Police/gendarmerie

c) Customs authorities[24]

d) National guard

e) Armed forces

f) Maritime rescue coordination centre (MRCC)

g) Migration authorities

h) Asylum authorities

The NCC may exchange information and cooperate, through the appropriate channels, with other national authorities, including:

a) Maritime authority

b) Fishery control authority

c) Liaison officers posted abroad

d) Veterinary/phyto-sanitary services

e) Prosecutor’s office

f) Consular department of the Ministry for Foreign Affairs, embassies and consulates

g) SIRENE Office

h) Authorities responsible for preventing nuclear proliferation

i) Transport authorities

j) Civil protection services

k) Environmental protection services

l) Intelligence services

m) Authorities responsible for referral mechanisms for victims of trafficking in human beings and for protection systems for other vulnerable groups, such as children.

n) Health authorities

3.1.4 Management of resources and personnel[25]

The NCC supports the effective management of resources and personnel by national authorities with responsibility for external border surveillance. In so doing, the NCC supports the planning and implementation of border surveillance activities, including by:

a) Establishing and updating an overview of all available assets belonging to national authorities responsible for border surveillance, including the assets’level of readiness, type and use in the operational layer of the NSP.

b) Coordinating that assets available at national level are distributed to the border sections corresponding to the impact levels allocated to those sections.

This may include reallocating assets provided by one national authority from one border section to another one, or allocating additional assets provided by another national authority to reinforce the surveillance measures taken at a given border section.

To do this, the NCC ensures that the necessary workflows and arrangements are in place to allow for assets to be reallocated quickly, with the agreement of the relevant national authorities.

c) Contribute to national capacity building for border surveillance and, if applicable, border checks, by working closely with the relevant national authorities. This may include identifying gaps and needs relating to:

– information collected from different systems, sensors, patrols and other sources;

– skills and tools for analysing information;

– stationary and mobile assets;

– appropriate personnel availability and profiles;

– training, including training for NCC staff.

d) Support the planning, implementation and adaptation of operations at local, regional and national level as well as at EU level in cooperation with the Agency. This may include issues such as communication, procurement of interoperable equipment and a national border control strategy.

3.1.5 National situational picture[26]

The NCC creates and maintains the NSP by processing and evaluating situational information, managing the national intelligence process and developing analytical products in line with the provisions of Chapter 3.2 of this handbook. The NCC shares information regularly with the relevant national authorities via the NSP.

3.1.6 Planning and implementation of national surveillance activities[27]

The NCC supports the planning and implementation of national surveillance activities by monitoring surveillance activities at local, regional, national and EU levels, and provides suggestions on adjusting practices based on experience.

3.1.7 National border surveillance system[28]

Each Member State with external land and sea borders creates and maintains a national border surveillance system, consisting of a single structure or a combination of national surveillance and monitoring systems. Surveillance activities at each external border section correspond to the impact level allocated to it (see Chapter 3.3.6.), using stationary and mobile equipment and patrols.

The NCC coordinates the national border surveillance system in accordance with national law by monitoring the system’s functioning, including the impact levels allocated and the operational procedures, and provides input into developing the system and procedures.

The NCC has direct and real-time access to the relevant parts of the national border surveillance system, including sub-systems set up at local/regional level and surveillance systems managed by other national authorities. If the NCC receives information on a border section from two or more national surveillance systems, it combines this information.

3.1.8 Effect measurement[29]

The NCC supports the regular measuring of the effects of national border surveillance activities, by collecting and analysing information and producing an overview of events and response activities carried out, including their effectiveness and the resources and personnel used.

3.1.9 Cooperation with other NCCs[30]

Within EUROSUR, the NCC is the single point of contact for exchanging information and cooperating with other NCCs and with the Agency.

3.1.10 Operating hours[31]

The NCC operates twenty-four hours a day and seven days a week, ensuring the presence of at least a duty officer/shift commander.

3.1.11 Notification of NCC establishment and monitoring[32]

Each Member State must notify the European Commission that its NCC has been established. The Commission regularly provides Member States and the Agency with a technical report on the establishment and development of the NCCs.

The NCC regularly informs the Agency of relevant developments regarding its activities and structures. This may include information on additional responsibilities, functions and tasks given to the NCC, additional authorities who cooperate with the NCC, technical upgrades or any other relevant information.

3.1.12 Allocation of tasks to other national authorities[33]

Member States may charge regional, local, functional or other authorities with ensuring situational awareness and reaction capability in their respective areas of competence on condition that:

1) they are in a position to take operational decisions;

2) the tasks allocated support the effective and efficient management of resources and personnel, support the planning and implementation of national border surveillance activities or help coordinate the national border surveillance system; and

3) this decision does not affect the NCC’s ability to cooperate and exchange information with other NCCs and the Agency.

In pre-defined cases, the NCC may authorise regional, local, functional or other authorities to communicate and exchange information with regional authorities or the NCC in another Member State or the responsible authorities in a third country, as long as they regularly inform the NCC about their communication and information exchange.

When coordinating border surveillance activities with functional and other authorities, the NCC ensures that the responsibilities and autonomy (e.g. command and control functions) of each of these authorities are fully respected.

3.1.13 Internal rules of procedure

The authority responsible for the NCC has internal rules of procedure, detailing the process to follow for exchanging information and working with relevant national authorities. These rules also cover the handling, storing, transmission, processing and deleting of personal data and non-classified sensitive and classified information.

3.1.14 Interagency cooperation at national level

Each Member State determines the split in responsibilities among its national authorities that are responsible for external border surveillance. National authorities must respect each other’s areas of responsibility and refrain from taking any actions which might directly or indirectly impact on other authorities fulfilling their tasks.

While there is no single model for interagency cooperation, improved cooperation, in particular between civilian and military authorities, allows for more effective and cost-efficient use of information, capabilities and systems available at national level.

Depending on the scope of the cooperation and the responsibilities of the relevant authorities as set out in national law, this cooperation may consist of:

a) Information sharing: National authorities share information derived from their individual systems as well as from the events, operational and analysis layer of the NSP. National authorities may also share information derived from their surveillance infrastructure (e.g. radar stations, monitoring of VHF frequencies) at local level, preferably in near-real time.

b) Cooperation: National authorities may share selected surveillance infrastructure (including establishment and maintenance e.g. of radar stations), provide controlled access to each other’s systems and databases (on a need-to-know basis), carry out joint risk analysis, and coordinate their patrolling activities. National authorities should use the NCC as far as possible for this.

c) Assistance: One national authority (e.g. military authority) may provide assistance to another (e.g. border guard) in carrying out border surveillance tasks. Responsibility and authority to carry out the task remain with the original body. The relevant national authorities must inform the NCC about the scope, duration and other relevant information of the assistance measure.

d) Integration: In the best case scenario, a single national system and/or a single national centre are used by different national authorities to carry out different surveillance functions (e.g. border control, fishery control, search and rescue). Another possibility is that national law makes one national authority responsible for carrying out several surveillance tasks.

Various forms of cooperation can be envisaged:

– Personnel from one national authority provide operational, analytical, technical and administrative information and support to another national authority;

– Surveillance and communication infrastructure is shared to improve overall situational awareness;

– Use of equipment (e.g. assets for patrolling) is coordinated to improve overall reaction capability;

– Standard operating procedures for information exchange and cooperation are in place;

– Training is provided to personnel in other authorities, leading to better mutual understanding and knowledge transfer.

Agreements between the relevant national authorities should clarify the scope of and arrangements for the cooperation as well as the legal, operational and financial obligations of each partner. Preference should be given to using or adapting existing agreements before concluding new agreements.

3.1.15 Contact list

The NCC creates and maintains a contact list of the national authorities with which it works and exchanges information.

3.2 Situational awareness

3.2.1 Relationship between situational pictures and their layers[34]

The national situational picture (NSP) maintained by the NCC provides situational awareness at national level, while the European situational picture (ESP) and common pre-frontier intelligence picture (CPIP) maintained by the Agency provides situational awareness at the European level. The relationship between these pictures and their place in the EUROSUR framework can be described as follows:

1) NSP

NCCs are responsible for creating and maintaining the NSP in each Member State. This is the sum of all information provided by that Member State to EUROSUR and thus reflects the origin of data, information and intelligence contained in them. The NSP can be created using technical platforms that are able to handle the information exchange required, enabling the Member State to supply relevant information in near-real time to the European situational picture and common pre-frontier intelligence picture.

2) Relationship between ESP and CPIP

The ESP sets out the overall picture of the situation at the external borders, based on information provided by the NCCs and the Agency. It includes information from the NSPs and the common application of surveillance tools. The CPIP relates to information and intelligence on the areas beyond the external borders. Emphasis is placed on the provision of services, including predictive analytical services, covering maritime areas and third countries of origin and transit. The two pictures are combined and thereby provide geographical continuity. Both pictures are shared among the Member States and available to the Agency.

3) Relationship between the NSP and the ESP/CPIP

The content of the NSP and the ESP/CPIP may partially overlap, as parts of the NSPs made available to the Agency and other Member States are also inherent elements in the ESP/CPIP. The relevant provisions of Regulation (EU) No 1052/2013 (e.g. limitations on sharing personal data)[35] apply to all information from the NSPs that becomes part of the ESP/CPIP.

All information contained in the NSP that is not made available to the Agency is handled in line with the provisions regulating the NSPs. These provisions also apply to exchanges of information between two or more neighbouring Member States, as long as of the exchanges do not involve the Agency. The provisions regulating the ESP/CPIP apply automatically whenever the Agency is involved.

The information exchange between these three pictures follows their three common layers.

1) The events layer consists of

– incidents on unauthorised border crossings, including information available to the NCC on incidents relating to a risk to the lives of migrants, and on cross-border crime;

– information on crisis situations;

– information on unidentified and suspect vehicles, vessels and other craft and persons present at, along or in the proximity of the external borders, and

– any other event which may have a significant impact on external border control.

2) The operational layer consists of information on own assets and other operational and environmental information.

3) The analysis layer consists of general information, analytical reports, intelligence, imagery, geo data and different types of maps.

3.2.2 Ownership and assurance of information and service oriented approach

In principle, information is owned by the node which provided the information (the relevant NCC or the Agency). Ownership can be transferred to another NCC or the Agency, based on mutual agreement. This transfer can take place on case-by-case basis or may be agreed for a particular group or category of information, for example if the information is transferred through an automated link between EUROSUR and other software. The Member State requesting ownership of information is responsible for providing reasons for the request.

The NCCs are responsible for providing as full, accurate and timely a picture as possible. Both the NCCs and the Agency are responsible for ensuring the availability, confidentiality and integrity of the information that has been exchanged. They do this by strictly following the security rules, the rules for protecting classified and personal data and by respecting the ownership rights when further processing information.

The owners of the information are responsible for validating it before publishing it in the EUROSUR communication network (ECN). Efforts must be made to avoid any duplication of information, through appropriate procedures and consistent validation processes. Special attention should be paid to ensuring that information that is manually uploaded does not duplicate information that is already in the system from semi-automated and automated sources (other connected systems). Procedures are drawn up at both Agency and Member State level to minimise this risk.

The Agency takes a service-oriented approach based on internationally agreed standards in delivering information and services to EUROSUR.

3.2.3 Communities of interest[36]

Communities of interest are formed by EUROSUR users that pursue common objectives, requirements or interests. These users can form geographic groups or groups based on subject. For example, a geographic community of interest could focus on a particular area/type of border or on having a common border with a particular third country. A thematic community could focus on further developing the analysis layer or another particular EUROSUR service, or on participating in a joint operation.

These communities are not formally established, but help improve organisation and, in particular, increase cooperation and synergies in service delivery and information exchange, and consequently improve reaction capability. Information exchange and cooperation within these groups is either regulated by NSP or ESP/CPIP provisions, depending on whether the Agency participates.

As they are cross-dimensional, communities of interest may reach beyond the scope of EUROSUR, and separate provisions (e.g. general mandate of the Agency) apply to the parts not covered by EUROSUR. For example, if a group of Member States participating in a joint operation forms a community of interest, part of the information collected and processed by the Agency as part of that operation may be out of scope for EUROSUR (information on return proceedings, asylum, etc).

3.2.4 Sources of information[37]

 

3.2.5 Events layer[38]

For land and sea border surveillance Member States must report all events as set out in the following chapters, regardless of the impact level of the given event.

If a Member State decides to report incidents at border crossing points or incidents relating to air border surveillance, it should:

– declare the scope of this reporting to the Agency; and

– fully adhere to the declared scope when reporting.

Issues related to border checks and air border surveillance are relevant for developing full situational awareness. Member States should therefore continue to provide information on these once they have started and stop doing so only in exceptional and duly justified cases. If they stop reporting, Member States must declare the cessation of reporting to the Agency.

3.2.5.1 Form of NSP events layer

The sub-layers of the events layer are not to be understood as physically separated, but as information sets relating to different subjects, which can be displayed in various ways, with the objective of improving situational awareness and reaction capability in the most effective way. The way events are collected in the NSP should allow the easy transfer of all events to the ESP without delay, e.g. by semi-automated/automated interface transfer or swift manual insertion of those events to the ESP.

3.2.5.2 Sub-layer on unauthorised border crossings

All incidents relating to unauthorised border crossings detected at the external borders of the Member State must be reported in the NSP, regardless the number of people involved, their nationality, or the impact level of the incident. It is best practice to also include incidents related to border checks and air border surveillance to achieve full situational awareness.

3.2.5.3 Sub-layer on cross-border crime

This sub-layer refers to any incidents relating to serious crime with a cross-border dimension that take place at, along, or in the proximity of the external borders.

3.2.5.4 Sub-layer on crisis situations

This sub-layer covers natural or man-made disasters, accidents, humanitarian or political crises or any other serious situations occurring at, along, or in the proximity of the external borders that may have a significant impact on border control. Significant impact, in this context, is to be understood as affecting conditions at the border to such an extent that additional measures or special intervention need to be taken, including the need for reinforcements and urgent decision-making and response.

3.2.5.5 Sub-layer on other events

This sub-layer contains information on unidentified and suspect vehicles, vessels and other craft and persons present at, along, or in the proximity of the external borders of the relevant Member State, and any other event which may have a significant impact on the control of the external borders.

3.2.5.6 NSP events layer elements to be shared with the ESP

All events reported in the NSP must also be made available in the ESP. The NCC must ensure that they are uploaded and forwarded to the ESP without delay.

3.2.5.7 Border sections assignment

All events are assigned to a border section.

3.2.5.8 Impact level for incidents

When maintaining their respective NSPs, NCCs allocate an impact level, based on a national assessment, to all events it reports. The Agency cannot change the incident impact levels that the NCCs have allocated.

3.2.5.9 Events layer of the ESP/CPIP

The ESP and the CPIP are available to all Member States participating in EUROSUR. The Agency must give the NCC, via the ECN, unlimited access to both pictures.

The contents of the CPIP mirrors the structure presented in the ESP, which means the information covers the same thematic areas. Together, the CPIP and the ESP provide geographic continuity. There may be incidents which are detected in the area covered by the CPIP and intercepted in the area covered by the ESP.

All events taking place in the operational area of a joint operation, pilot project or rapid intervention coordinated by the Agency must be reported in the ESP/CPIP, including those that took place in the operational area but not as part of the joint operation itself. European patrols network operational areas and any other operational activities that involve the Agency fall into this category.

3.2.5.10 Reporting process and quality assurance

Member States and the Agency must ensure that reporting is of an appropriate quality and that there is no duplication of reporting (e.g. of incidents) in the EUROSUR framework. To do this, Member States introduce a validation mechanism, which makes the NCC responsible for the final validation of data provided to the ESP/CPIP. The NCC must also ensure that no personal data other than those concerning ship identification numbers is uploaded to the ESP/CPIP.

The national Frontex point of contact (NFPOC) informs the NCC in advance about any operations planned that will take place on its territory.

3.2.6 Operational layer[39]

3.2.6.1 NSP

The operational layer consists of:

– a sub-layer on own assets and operational areas; and

– a sub-layer on environmental information (see chapter 3.2.6.5).

The sub-layer on own assets and operational areas contains information on national assets and personnel, as defined and maintained nationally.

Information on own assets and operational areas is collected in national systems of Member States. This may include, for example, a visualisation of the areas of responsibility of subordinate structures on a geo-referenced map, the position and itinerary of patrols, the distribution and type of assets, real-time images provided by video cameras, the area covered by cameras and the position and coordinates of patrol vessels on rivers and the sea. Direct communication between the NCC and patrol assets via specific terminals (e.g. Trans-European Trunked Radio/TETRA) considerably improves reaction capability.

Information on military assets assisting a law enforcement mission may be restricted on a need-to-know basis at the request of the national authority responsible for such assets.

Interlinking information provided in the operational layer (e.g. on patrol assets and weather conditions) with information from the events layer considerably improves situational awareness and reaction capability.

The situational picture of neighbouring external border sections contained in the operational layer may be shared between the Member States involved and may also be shared with the Agency on a voluntary basis.

3.2.6.2 ESP/CPIP

This layer consists of:

– a sub-layer on own assets;

– a sub-layer on operations; and

– a sub-layer on environmental information (see chapter 3.2.6.5).

The sub-layers on own assets and on operations contain information provided by the Member States and by the Agency, where the assets participate in the Agency’s joint operations or are at the disposal of the Agency. The following information is required for all assets taking part in operational activities coordinated by the Agency:

– type of asset

– name of asset (brand/model/call sign)

– description (detailed asset type indication)

– owner — referring to Member State (standard description, including the three-letter country code (ISO 3166-1 alpha-3 standard) of the deploying Member State authority)

– location (last deployment base)

– name of the operation

Furthermore information is included about the assets’status and position (e.g. an asset participating in a joint operation sends the information on its position through the Frontex positioning system), mission statement and involved actors, deployment and patrolling schedules, operational areas, periodic situational reports, statistical information, focal and coordination points and about other operational activities coordinated by the Agency, such as the European patrols network (EPN).

Best practice is that the NCCs host activities coordinated by the Agency, including the International Coordination Centre (ICC). Where the ICC is separate from the NCC, proper communication channels and procedures must be put in place for information exchange between them on activities coordinated by the Agency.

3.2.6.3 European patrols network (EPN)

All EPN Member States use the EUROSUR framework for sharing EPN information. EPN Member States use their NCC and the ECN to

– report all incidents relating to illegal immigration and cross-border crime encountered in EPN areas to the events layer of the ESP/CPIP. Standard mission reports, videos and images can be attached to provide details of the incident, if available;

– provide information on EPN common patrols to the operational layer of the ESP/CPIP, including information on observers (such as liaison officers) on-board patrolling assets;

– verify and update the EPN areas[40] in the operational layer of the ESP/CPIP; and

– update information on key elements (e.g. EPN patrolling schedules and monthly information on patrols carried out in EPN areas, changes in EPN structures).

Information relating to day-to-day cooperation among EPN Member States needs to be clearly marked in the operational layer of the ESP/CPIP.

3.2.6.4 Roles and responsibilities

Information about operations, pilot projects and rapid interventions coordinated by the Agency should be provided as follows:

– The Agency will insert information on the operational area for joint operations.

– The host Member State will provide information on the assets participating in joint operations, but this may also be provided by the Agency upon agreement with the host Member State.

– The Frontex positioning system provides the position, time, status and type of assets participating in joint operations, pilot projects and rapid interventions or which are at the disposal of the Agency. If the assets participating in the joint operation are not connected to the Frontex positioning system, the NCC of the Member State hosting the joint operation must provide a frequent update of the number, position and status of the assets deployed.

The Agency may also share via the operational layer of the ESP/CPIP other information about operations, pilot projects and rapid interventions coordinated by the Agency, such as:

– daily/weekly situational reports for each specific joint operation;

– tailored information for media purposes.

3.2.6.5 Sub-layer on environmental information

This sub-layer gives access to information on terrain and weather conditions. The Agency provides via the operational layer of the ESP/CPIP weather observations, weather forecasts, oceanographic information and drifting model services, which may be also used for the NSP.

3.2.7 Analysis layer[41]

The analysis layers of the ESP/CPIP and NSP are interlinked, as they may be based on the same situational and intelligence data. The two tables below contain the product and service types that are the same in the analysis layer of both the NSP and the ESP/CPIP.

Analysis layer products are, by default, not delivered on demand but provided based on specific internal NCC or Agency taskings.

 

3.2.7.1 Step 1: management of the analysis layer

This overarching task aims to manage the analysis layer and the associated intelligence cycle. It is achieved through identifying or improving tasks, procedures and policies.

3.2.7.2 Step 2: intelligence collection

The Agency collects information and intelligence based on agreed requirements, focusing on a target, pattern or trend. Collection involves gathering information from multiple sources in different formats, initially mostly from outside EUROSUR (joint operations, liaison officer and risk analysis networks, EU agencies, missions and delegations, or UN agencies, funds and programmes). This gradually changes, depending on the quantity and quality of NCC intelligence contributions to EUROSUR. This step captures the types of information and intelligence required to generate the ESP/CPIP analysis layer:

– Imagery and geo-data: spatially referenced information like topographic maps, transport infrastructure, nautical charts, restricted areas, thematic maps and digital elevation models, including reference imagery for key illegal immigration areas and locations identified by analysis and intelligence.

– Strategic key information: covering long-term reviews, emerging trends and changes in combating illegal immigration and cross-border crime, possible mitigation and prevention measures and likely avenues for changes to policies, programmes and legislation.

– Operational information: Tactical and operational information such as sensor data, vessel detection and tracking, radar imagery, patrol assets, incident reports, satellite imagery, operational intelligence and surveillance information (signals intelligence, human intelligence).

– Knowledge base data: The knowledge base will contain a formalised description of terms and methods such as the categorisation of vessel types, descriptions of typical scenarios, and sensor descriptions. It will provide a means for manual and semi-automatic collection, organisation, and retrieval of knowledge.

3.2.7.3 Step 3: intelligence evaluation

This step consists of two tasks:

– Evaluation: assessment of the reliability of the source and credibility of the information;

– Validation: assessment of incoming filtered data against standardised criteria (including legal checks), to improve data quality.

3.2.7.4 Step 4: intelligence collation

Collation involves the sifting out of spurious, non-relevant, and incorrect information. It requires arranging the remaining information, allowing the identification of any relationships between apparently disconnected elements. It includes two tasks:

– Filtering: suppressing information that is not essential to immediate information requirements;

– Fusion: merging evaluated and validated information into a single, coherent deliverable.

3.2.7.5 Step 5: analysis and interpretation

The analytical step converts information into an interpreted product that provides the most precise and valid forward-looking inference possible.

– Tactical/operational intelligence contributes directly to an immediate objective and is focused on, for example, specific criminal activities with the goal of neutralising them

– Strategic intelligence deals with existing patterns or emerging trends of illegal immigration and cross-border crime activities. Its goal is achieved through synthesising and analysing data collected over a period of time in order to produce informed judgments about issues such as facilitation capabilities, vulnerabilities, trends and patterns. It allows for conclusions and forecasts to be produced which will assist in developing appropriate countermeasures.

– Imagery analysis is a key information-, target– and strategic intelligence-generating activity, based on satellite imagery exploitation. It detects and analyses changes, and allows for correlation/fusion with other sources (open source, geospatial, strategic development information and third party sources), analytical reports and other supporting materials.

Analyses are tailored to customer needs to effectively assist the decision-making process.

3.2.7.6 Step 6: generation and visualisation of services and products, and Step 7: dissemination

In these steps, the outputs of the analysis and interpretation step are corrected, condensed, organised, and modified, prior to the publication of documents and display of objects and maps. The final phase is the upload of all new and updated analysis layer products to the NSP or the ESP/CPIP. Once products are able to be seen in the ESP/CPIP, they are considered to have been disseminated.

3.2.8 Common application of surveillance tools[42]

3.2.8.1 The Agency’s role

The Agency coordinates the common application of surveillance tools at European level by providing centralised services to Member States and the Agency. As coordinator, the Agency must be the single point of entry/exit for the acquisition, fusion and delivery of these services.

3.2.8.2 Service activation

Services are activated based on the requirements for maintaining the ESP and the CPIP, a request from the NCC a request from the Agency’s units (e.g. to support joint operations).

3.2.8.3 Service delivery

2) Fusion of services

Under the EUROSUR Fusion Services framework, the Agency acquires, combines and displays basic and combined services from different surveillance tools and other sources in the ESP/CPIP customised to meet the needs of the end user. Whenever necessary, services may be enriched by providing appropriate risk analysis.

Examples: – incident detection time service; – maritime models, such as drifting models (allowing for the calculation of probable locations of vessels, based on the last position and sea conditions);

– anomaly detection (allowing the detection of suspicious or atypical behaviour by vessels); – vessel traffic service, including combining vessel positions acquired via the automatic identification system (AIS) and satellite AIS with data on vessel positions recorded by terrestrial and satellite radars.

The illustration below shows a combination of different and separated services provided by internal and external suppliers into one single, combined service.

3) List of services

The Agency will provide services either on a regular basis or on an ad hoc basis, depending on needs. The Agency makes available to NCCs a list of services, which contains information and details of each of the services provided on a standard basis. If a need is identified, a new service, not previously included in the list, may be provided.

4) Service process

The Agency uses a service delivery process cycle that begins when a request is made and ends when the service is activated. The process includes all the steps to ensure:

– the necessary assessment and validation of the service request against a set of predefined criteria;

– appropriate workflows for delivering standard services and designing and developing new services; and

– delivery of the service to the user.

5) Validation criteria

The Agency assesses and validates each service request before the service is provided. It may either agree to deliver the service or refuse the request for technical, financial or operational reasons. If it refuses the request, the Agency informs the relevant NCC and provides an explanation for the refusal.

3.2.9 Personal data policy[43]

3.2.9.1 NSP[44]

Member States process personal data in the NSP in accordance with their national provisions. Every Member State which processes any personal data in their NSP is responsible, in particular, for the security of this data, appropriate training of staff and compliance with national data protection rules and requirements.

Member States make sure that, upon expiry of the data retention period set under national law, personal data is deleted or anonymised according to national law. Whenever the NSP includes personal data, processing of such data should be logged to provide an audit trail.

3.2.9.2 ESP and CPIP[45]

The NCC must ensure that no personal data other than data relating to ship identification numbers is uploaded to the ESP/CPIP. To avoid the risk of unintentionally uploading personal data to the ESP/CPIP, Member States should create a validation mechanism at NCC level to check that no personal data is included in information forwarded to the ESP/CPIP when it leaves the NSP. This validation mechanism may consist of:

– avoiding using cut and paste from national databases, if these include personal data;

– reading inserted text, especially free text fields, a final time before sending, while paying specific attention as to whether personal data have been inserted;

– requiring users to pay attention to the content of documents that they attach to artefacts, and to the content of stand-alone documents, because these could include personal data.

Mechanisms in the EUROSUR communication network (ECN) should ensure that data stored in the NSP which is tagged as personal data by the information owner (e.g. the NCC) is not shared with any other NCC except for personal data allowed in the ESP/CPIP.

If the Agency encounters personal data other than data relating to ship identification numbers in the ESP/CPIP, it must notify the owner/originator of the data (e.g. the NCC) and request the removal of that data. The owner of the data must delete it from the ESP/CPIP.

The Agency cooperates with the European Data Protection Supervisor (EDPS) on this issue.

3.2.9.3 Bilateral exchange between neighbouring Member States[46]

If neighbouring Member States use the ECN for the bilateral exchange of information, personal data must be excluded. This does not prevent Member States from bilaterally exchanging personal data through specific communication lines in accordance with national and EU data protection rules.

3.3 Reaction capability[47]

3.3.1 Definition and components

Reaction capability means the ability to perform actions aimed at countering illegal cross-border activities at, along, or in the proximity of the external borders, including the means and time to react appropriately. At the same time it is one of the key factors contributing to protecting and saving migrants’lives. National authorities with responsibility for external border surveillance need to be able to re-allocate resources, such as staff, equipment and assets to quickly react to any changes at sea and land external borders and, if applicable, at border crossing points.

Reaction capability has two components:

– Physical reaction capability is the availability of sufficient human and technical resources (such as trained personnel, systems and assets), which allows for an appropriate reaction to sudden threats or illegal activities.

Recommendation: monitor external border sections with stationary and mobile equipment that at least meet the requirements for low impact level sections.

– Procedural reaction capability refers to the existence of processes and procedures enabling authorities to plan, initiate and conduct operations to counter threats or illegal cross-border activities efficiently and rapidly.

Recommendation: for all external border sections, even for those with consistently low impact levels, a procedure or mechanism for activating additional resources is in place, in case of sudden threats or a sudden increase in the impact level.

3.3.2 Reaction capability planning

The NCCs organise and carry out simulations of possible scenarios and evaluate the appropriate reaction measures. This will allow them to

– define, structure and coordinate the relevant reaction measures by the national authorities responsible for border surveillance at the different external border sections and support measures provided by other national authorities;

– assess the overall reaction capability and identify any need to further improvement.

Recommendation: Plans should be drafted on coping with sudden mass influxes of third country nationals.

Reaction capability planning can be divided into measures done at local, regional, national and international level. As far as possible, the NCC should be used as a coordination and information exchange body. If a Member State already has such plans, it checks whether they meet the requirements of this handbook and, if necessary, adjust them accordingly.

Best practice: Reaction capability planning can cover for each border section:

– description of the external border section (terrain, geopolitical, environmental) and risk analysis overview;

– resources available in national authorities responsible for border surveillance and in supporting authorities (human and technical resources, their location, quantity, response time, communication channels);

– authorities in neighbouring Member State(s) external border sections and their resources;

– authorities in neighbouring third countries’border sections and their resources;

– rules of engagement on jointly agreed reaction to different scenarios;

– provisions regarding the mechanisms to protect fundamental rights, including international protection and the protection of vulnerable groups in case of mass arrivals;

The reaction capability needs to be adaptable to changing situations.

Recommendation: Reaction capability should be planned separately for low, medium and high impact levels allocated to the external border sections, including a description of measures to be taken if the impact level allocated to an external border sections changes. The plans should also include the deployment of national rapid intervention teams and the Agency’s support activities and resources.

3.3.3 Delegation of tasks to regional and local levels[48]

Member States may delegate some of the NCC’s responsibilities to regional, local, functional or other authorities that are in a position to take operational decisions ensuring reaction capability in their respective areas of responsibility. This allocation of tasks must not affect the NCC’s role as the single point of contact for cooperating and exchanging information with other NCCs and the Agency.3.3.4 Border sections

Each Member State must divide its external land and sea borders into border sections and notify the Agency of these.[49] They must also notify the Agency of any changes in this regard.

The area covered by a border section corresponds to the area of responsibility for a local or regional centre, ensuring the efficient management of personnel and resources.

At the Agency’s request, Member States provide the Agency with the information from the:

– border sections and border crossing points;

– border sections’characterisation;

– border sections’thresholds.

The Agency must assign a unique identifier to all newly created border sections and then include them on the EUROSUR border sections list.3.3.5 Border sections’impact levels

When assessing the EUROSUR impact levels, the three components of risk (threat, vulnerability and impact) must be taken into account, using the CIRAM model for risk analysis developed by the Agency:

1) the threat must be assessed in terms of impact and likelihood;

2) the vulnerability to the threat: level and efficiency of response to the threat;

3) the impact: should the threat occur.

Table: Risk components (CIRAM)

3.3.5.1 The Agency’s impact level assessment

The Agency must assess EUROSUR impact levels on a regular basis.

The Agency will evaluate variables describing the threats following the CIRAM model. Sets of variables are assessed to identify the level of threat for each border section, focusing on the key developments affecting the threat level. The main factors are:

1. Statistical trends which describe the numerical trends related to illegal land and sea border crossings, taking into account the historical baseline compared to the current situation.

2. Geopolitical and natural push factors that facilitate cross-border criminal activities or motivate would-be migrants to leave their country of origin/transit. Countries of origin and transit should be differentiated.

3. Factors affecting cross-border crime and the movement of migrants in countries of origin and transit along the route towards Member States.

4. Facilitation analysis, including assessing activities and characteristics of facilitation networks along transit routes and within the most recent departure countries.

The main factors to be taken into consideration while assessing the vulnerability level are:

1. the assessment of pull factors for the countries of destination and countries of transit;

2. the capacity of border control authorities / border permeability;

3. EU and national policies in the field of migration and law enforcement;

4. the capacity of the authorities to fight criminal networks.

CIRAM impact factors will also be assessed, including:

1. humanitarian needs and fundamental right issues;

2. issues impacting on public security and border control.

3.3.5.2 Changes to border sections’impact levels

The impact level of any border section can be updated at any time. A request to update an impact level can come from the relevant Member State(s), which is transmitted via the NCC, or from the Agency. As a general rule, the impact level is updated when the Member States and the Agency agree to do so.

The Agency reviews and revises the impact levels regularly and also on an ad hoc basis.

3.3.5.3 Deadlines

NCCs and the Agency have a deadline for initial responses to requests for impact level changes. Tacit approval is given in those cases where no response has been received from the NCC or the Agency by this deadline. When this happens, the impact levels recommended by the NCC or the Agency will be allocated and included in the ESP. In such cases, the impact levels are allocated with a caveat clearly indicating the tacit nature of the approval.

If the initial response to the request for change is negative, then a bilateral agreement is sought, until the expiry of a second deadline. If, following these discussions, agreement cannot be reached on allocating an impact level to a specific border section, then the Agency’s recommended impact levels will be allocated and included in the ESP. In such cases, the impact levels are allocated with a caveat clearly indicating the dissenting position.

These deadlines have been introduced to ensure that changes to the impact levels are made within a reasonable and harmonised timeframe, ensuring the standardised allocation of impact levels.

3.3.6 Reactions depending on impact levels[50]

Member States are primarily responsible for ensuring an appropriate reaction to the situation at the external borders. They must make sure that the border surveillance activities carried out at the external border sections are appropriate to the impact levels allocated. If there are rapid and/or unexpected changes to the situation, Member States must ensure an appropriate reaction.

3.3.6.1 Roles of coordination centres

Member States may, depending on their internal division of responsibilities, structure their national border surveillance activities as follows:

The local coordination centre (LCC) responsible for a land or sea border section carries out the following tasks:

– providing guidance at local level;

– carrying out detailed planning and implementation of operations;

– collecting and processing information needed to implement operations;

– organising regular surveillance on the basis of risk analysis;

– ensuring that sufficient personnel and resources are being kept at the border section in readiness for tracking, identification and interception;

– choosing the actions to take in close-to-real time to execute the operation;

– requesting support from the regional/national coordination centre;

– ensuring that the patrol or the LCC pass on information about all incidents in the external border section to the NCC in near-real time;

– ensuring that information on all search and rescue incidents at the external border section is communicated by the patrol directly and as a matter of priority to the Maritime Rescue Coordination Centre (MRCC) and to the emergency services;

– if a medium or high impact level has been attributed to a border section, the LCC provides the NCC and the RCC with a weekly report on the measures taken.

Best practice:

Direct and secure communication lines between the LCC and the patrols operating in the border section are established.

The LCC has sufficient resources and personnel at its disposal to ensure regular surveillance on the basis of risk analysis. Additional resources and personnel have been identified that can be made available if the impact level for a border section is raised to medium or high.

The regional coordination centre (RCC) or other functional coordination centre covers one type of border section (e.g. land or sea), several border sections in one geographical area or a specific task in all border sections (e.g. customs control, search and rescue). They carry out the following tasks:

– providing guidance at regional/functional level;

– monitoring the planning and implementation of operations;

– collecting and processing information needed to plan operations;

– ensuring that appropriate surveillance measures are being taken at each border section and notifying the NCC on measures taken and the results of these;

– redistributing resources and personnel (e.g. between border sections);

– requesting support from the NCC;

– ensuring that the patrol or the LCC pass on information on all incidents at the external border section in a timely manner to the relevant national authority’s command and control centre (if available), and to the ICC wherever applicable, by putting in place an appropriate reporting mechanism;

– summarizing and analysing for the NCC the information received from the LCCs;

– if a medium impact level has been allocated to a border section, ensuring that the relevant LCC receives appropriate additional resources and personnel within two weeks.

Best practice: Workflows to swiftly redistribute resources and personnel between border sections are set out, including the workflow needed if the RCC or functional coordination centre needs to request assistance from the NCC.

The national coordination centre (NCC), which is responsible for all border sections, carries out the following tasks:

– providing guidance at national level;

– agreeing working and liaison arrangements with relevant national authorities, where appropriate;

– supporting the overall planning of national operations and monitoring their efficient implementation;

– processing information and risk analysis needed to support the planning of operations;

– coordinating support given at national level (e.g. from different national authorities);

– ensuring that the NCC forwards information on all incidents occurring at the external borders to the Agency no later than four hours after having received it from the LCC;

– if a high impact level has been allocated to a border section, the NCC

– ensures that the relevant LCC receives appropriate additional resources and personnel within three weeks;

– requests support from the Agency; the Agency replies (positively or negatively) to a request for support from the NCC within five working days, identifying timelines and the scale of potential support;

– regularly informs the Agency of the measures taken (preferably on a daily basis) and provides the Agency every month with a summary report about the measures taken.[51] The Agency will use these reports in their regular border section assessment.

Best practice:

Direct and secure communication lines between NCC and RCCs/functional coordination centres/LCCs and other relevant national authorities are established.

Rules for workflow, exchanging classified and unclassified information and day-to-day cooperation between the NCC and RCCs/LCCs are set out.

The NCC has an overview of resources and personnel deployed in each border section and an overview of additional resources and personnel available at national level, which could be provided to border sections with a high impact level.

Where different impact levels have been allocated to neighbouring external border sections, the Member State(s) involved may determine potentially critical areas within the border section and dedicate additional resources for border surveillance to this area.

3.3.6.2 Low impact level

For border sections with a low impact level, the Member State must keep sufficient resources in the border area. At regional and local level, reserve resources must be identified and used on request.

3.3.6.3 Medium impact level

If a medium impact level has been allocated to an external border section, the Member State must, in addition to the activities described above, increase the level of surveillance by implementing additional measures. Member States must use risk analysis and available surveillance tools as inputs to their activities. The NCC must be notified if any such surveillance measures are taken. The NCC may grant support, either on request or on its own initiative, to reinforce resources at that border section.

Best practice: At strategic level, the NCC provides situation monitoring, risk analysis and input into the management of resources and personnel, including planning of reserves.

At operational and tactical level, the RCC and LCC implement the additional surveillance measures and carry out intensified border control activities, especially in areas identified as critical within the border section.

3.3.6.4. High impact level

If a high impact level is allocated to an external border section, the Member State must ensure that stronger surveillance measures are taken at national level.

Best practice: The NCC:

– designates an officer responsible for monitoring and managing the situation at the respective external border section;

– is provided with reinforcements in order manage the increased need for information exchange, risk analysis and cooperation at national level and with neighbouring countries;

– launches, if needed, the emergency task force consisting of all involved authorities;

– manages the involvement of other national authorities;

– assesses the situation and, if needed, request support from the Agency.

– The local/regional level:

– deploys additional resources under the coordination of the leading national authority;

– keeps the NCC informed about any measures taken and their impact.

The Agency has separate procedures to provide the support listed above. If justified, the Agency has the right to refuse requests for support on a case-by-case basis.

3.3.7 Cooperation with neighbouring countries

Where a medium or high impact level is allocated to an external border section adjacent to another Member State or of a country with which it has agreements or regional networks, the NCC contacts the neighbouring country and coordinates the necessary cross-border measures. Member States must also make efforts to strengthen cooperation with third countries with whom they share a border to which a high or medium impact level has been allocated.

Coordination among neighbouring countries must be based on relevant bilateral agreements that comply with norms and standards equivalent to those set by EU and international law. If possible, the NCC should make other NCCs aware of the existence of such agreements, so that other Member States can ask the NCC to facilitate information exchange with this third country, in case of operational need. Potential ways to strengthen coordination between neighbouring countries include:

– agreeing on a common language and terminology;

– setting up information exchange mechanisms;

– exchanging situational pictures of border sections of neighbouring Member States;

– carrying out joint activities on a regular basis — e.g. common patrolling and joint operations of Member States;

– setting up common procedures to help work together in specific scenarios.

3.3.8 Evaluation

In its risk analysis reports, the Agency shall, together with the relevant Member State(s), evaluate the allocation of impact levels and the measures taken as a result at national and EU level. Reaction time is an appropriate measure for assessing reaction capability. At the tactical level, this is the time needed to process an alert, move assets to the hot spot, and prepare to counter the border violation, starting at the moment of detection, and ending when all assets are in place and all operational preparations have been completed.

4 Technical guidelines

4.1 EUROSUR communication network[52]

4.1.1 Roles and responsibilities

The EUROSUR communication network (ECN) has been set up as a network of nodes exchanging information. A node is a complete set of hardware and software delivered by the Agency to NCCs, enabling each NCC to share information with other NCCs and with the Agency and access the information services the Agency provides. The ECN is maintained and supported by the EUROSUR Technical Management Services (EMTS).

The NCC must supply, maintain and support a link to the internet that serves to connect the node to the ECN. The minimum connection speed required is 10 Mbps. More bandwidth may be required, depending on the type of use and the number of concurrent ECN users in the Member State.

Details of the obligations for the Agency and Member States receiving the node are set out in the Memorandum of Understanding regulating the operational use of the ECN, its technical management and the security baseline to be implemented. The Agency continues to own the ECN hardware and software and is responsible for its maintenance and further development.

The Agency supports users of the nodes through node IT administrators and the EUROSUR technical point of contact in each NCC. The ECN is operational 24/7, with the exception of any maintenance periods.

4.1.2 Application management

The EUROSUR application and services are developed and maintained by the Agency in line with the Memorandum of Understanding. Changes in the application are made following the change management process described in Chapter 4.4. The Agency plans releases and their contents and communicates details of these to all the nodes in advance of release. All nodes are informed about progress on deployment and results. Each application and system within the node and in the ECN must be compliant, as applicable, with the standards set by:

– the Open Geospatial Consortium;

– the Open Web Application Security Project;

– the Open Source Security Testing Methodology Manual.

4.1.3 EUROSUR Technical Management Services

The ETMS are located at the Agency’s headquarters. The Agency is responsible for delivering these services to the NCCs. The Agency’s main responsibilities in this area are:

1. administering the ECN and system maintenance;

2. developing the ECN’s hardware and software, following the change processes described in Chapter 4.4;

3. expanding the ECN into new locations;

4. ensuring the security of the ECN;

5. supporting NCC personnel (the technical point of contact and the IT administrator) and all users at the Agency.

Member States’NCCs can access the ETMS 24/7.

The ETMS are:

1) Infrastructure and application(s)

– Support and troubleshooting: Helping to resolve ICT incidents and problems that may appear in the ECN and supplying the NCCs with information and advice on EUROSUR applications and infrastructure.

– User and role management: Assisting the node IT administrators in the creation, modification and deletion of user accounts, and the assigning of EUROSUR roles to user accounts.

– Monitoring: Monitoring system status and system functioning in the IT infrastructure and between the nodes.

– Updates: Installing the latest software updates to assure that any vulnerabilities or bugs are addressed with the new versions.

– Backup: Checking daily backup status in the ETMS infrastructure and the EUROSUR nodes.

2) Security

– Firewalls: Event monitoring, troubleshooting, creation, modification and deletion of firewall rules for the whole ECN — with the exception of the firewalls deployed by NCCs.

– Intrusion prevention system: Event monitoring, signature and software updates.

– Virtual private network: Monitoring, troubleshooting, creation, modification and deletion of site-to-site VPNs between the EUROSUR nodes, and between the EUROSUR nodes and the ETMS infrastructure.

– Public key infrastructure: Issuing, revoking and renewing digital certificates, and providing support to the NCC IT administrators when installing the EUROSUR nodes.

– Security audits: Conducting periodic security audits (code audit and penetration tests) following the predefined procedures.

– Documentation: Creating and updating existing security documentation.

3) Other services

– Documentation: Creating and updating technical documentation.

– Training materials: Creating and updating training materials and user manuals.

– Technical training: Providing technical training for technical personnel in the NCCs and the Agency.

– Operational training: Providing operational training for operational personnel in the NCCs and the Agency.

4.1.4 Node IT administrator and corresponding tasks

A Node ICT administrator is responsible in the NCC for providing technical support for the Agency’s node, based on the tasks described by the Agency (e.g. creating user accounts), and for carrying out specific technical actions as instructed by the Agency (e.g. restarting services, rebooting equipment) At least one, and preferably two, node ICT administrators are required in each NCC, carrying out the following tasks:

(1) installing certificates received from the Agency;

(2) maintaining the access point to the internet used for the ECN;

(3) managing user access accounts;

(4) managing EUROSUR domain email accounts;

(5) supporting ETMS in tasks that cannot be performed remotely;

(6) requesting support from ETMS for issues that cannot be handled locally;

(7) monitoring the functioning of the national ECN node;

(8) notifying the Agency of dysfunctions and technical incidents;

(9) analysing any technical incidents relating to the ICT system that they have detected or that are the responsibility of the Member State (e.g. a network device in the Member State network is not functioning, making the ECN inaccessible to some users);[53]

(10) reporting issues to the Agency that require the Agency’s intervention, or informing the Agency of any issues affecting the link to the internet;

(11) reporting any security issues encountered on the ECN to the NCC informatics security officer and reporting any security issues on the national system connected to the ECN if these may affect the security of the ECN.

4.1.5 Implementation of technical changes

Any change to the ECN or underlying infrastructure that potentially impacts on the ECN or other party’s network or on the connections in place, must go through a change management process involving the other party as a stakeholder. Information must be provided in writing to the other party with sufficient advance notice. The change management process must be followed as set out in the Memorandum of Understanding, the ECN security operating procedures and the Agency’s internal procedures, in order to maintain a consistent level of security and accreditation.

Every change to the technical environment of the ECN that will affect the availability of the system must be announced beforehand by the Agency (e.g. for changes in the node) or by Member States (e.g. for changes in the internet infrastructure used to establish the VPN links between nodes, or changes in the interconnections). Changes requiring modifications to the other party’s system must be announced with sufficient advance notice, taking into account the impact of the change to the other party’s system and the estimated time required to study, design and implement these changes.

4.1.6 User manuals

The Agency, via the ETMS, creates, updates and distributes user manuals for the user applications and services available in the ECN. All user manuals must be updated to reflect new developments.

4.2 Training

All EUROSUR users (NCC and Agency staff) must receive adequate training to perform the tasks assigned to them in the EUROSUR framework and thereby ensure the functioning of EUROSUR. The training categories below take into account the different needs of users. The identification and prioritisation of the training needs is an ongoing collaborative process between the Agency and the NCCs. Training needs are compiled in the annual EUROSUR training plan, maintained by the Agency. The organisation of training activities is triggered either by this training plan or on request from users.

 

4.3 Security policy and security management[54]

4.3.1 Security objectives

The ECN allows the secure handling, storing, transmission and processing of EU classified information (EUCI) up to the level of RESTREINT UE/EU RESTRICTED.

4.3.1.1 Information types

The Agency and the NCCs must ensure that EUCI is appropriately classified, is clearly identified as classified information, and retains its classification level for only as long as necessary. The ECN contains the following types of information:

– classified information: this includes information on assets and all information classified as RESTREINT UE/EU RESTRICTED by the owner;

– sensitive non-classified information: all information which is not classified must be considered as sensitive non-classified;

– personal data relating to ship identification numbers and data tagged by the owner in the NSP as personal data.

Information owners are responsible and accountable for attributing, updating and downgrading classification levels on information. The artefact related to own asset is marked in the ECN as RESTREINT UE/EU RESTRICTED, even if it was not marked as such by the originator. Users cannot declassify these artefacts. The originator of the document must provide prior written consent to downgrade or declassify any other EUCI or to modify or remove any of the markings.

4.3.1.2 Protection of sensitive non-classified and EU RESTRICTED information

The Agency must protect sensitive non-classified and EU classified information in accordance with Article 11(d) of Regulation (EC) No 2007/2004, which requires the Agency to apply the Commission’s security rules.[55] All non-classified information handled as part of EUROSUR must be considered ‘sensitive non-classified’. In the ECN, this information must be marked, whenever technically possible, as ‘LIMITED’.

If NCCs share classified information bearing a national security classification marking with the ECN, the Agency must protect that information in accordance with the requirements applicable to EUCI at the equivalent level, as set out in the table of equivalence of security classifications. NCCs must exchange, process and store non-classified sensitive and classified information in the ECN in accordance with national rules and the security operating procedures set out in the ECN’s security accreditation.

4.3.1.3 Personnel security clearance

The criteria for determining whether an individual may be authorised to have access to EUCI take into account his trustworthiness, reliability and loyalty.

4.3.1.4 Granting access to EU classified information — principles

An individual will only be granted access to classified information after:

– s/he has a need to know the information;

– s/he has been briefed on the security rules and procedures for protecting EUCI and has acknowledged his/her responsibilities with regard to protecting such information; and

– if national laws and regulations require, s/he has been authorised to access classified information at the relevant level.

4.3.1.5 User access control

Access to the ECN and the ECN application is managed based on the following security principles:

– permissions to access the ECN and the ECN application must be granted based upon individual identification and authentication;

– user access permissions must be restricted based on a ‘need-to-know’;

– allocation and use of privileged accounts must be minimised;

– ICT systems must be configured to technically enforce this policy;

– user permissions must be reviewed on a regular basis, following a formal review process.

Users will be given access to the ECN following a security process composed at least of inputting and checking a logon name and password, in line with the Agency’s standards. This rule also applies to interconnected systems, except for an interconnection through the EUROSUR node integration interface, where national authentication applies.

The Agency and the Member States manage their users by creating, modifying, blocking and deleting their accounts and granting them appropriate access permissions to the ECN to carry out their tasks. To do this, they implement an ECN user management policy to guarantee that the relevant person with responsibility in this area carefully considers the creation of accounts and their associated permissions, based on the user having at least a security clearance or equivalent national authorisation at the ‘RESTREINT UE/EU RESTRICTED’ level or national equivalent, and on the ‘need-to-know’ principle. This person carries out an annual review of the ECN’s users and their permissions. As a result of that review, s/he makes any changes required to the status of the accounts and their permissions.

Detailed rules and requirements are set out in the accreditation documentation.

4.3.2 Physical security measures

EUCI that is classified as RESTREINT UE/EU RESTRICTED may be handled in ‘Administrative Areas’. The Agency and the NCCs must establish that an area meets the requirements before it can be designated as an Administrative Area. This means that:

– a visibly defined perimeter is drawn up, allowing individuals and, where possible, vehicles to be checked;

– unescorted access is granted only to individuals who are duly authorised by the competent authority; and

– all other individuals are escorted at all times or be subject to equivalent controls.

4.3.3 Protection of information handled in communication and information systems

4.3.3.1 Accreditation of the ECN

The ECN and interconnected communication and information systems must undergo an accreditation process as described in the Memorandum of Understanding, signed between the Member States and the Agency. The accreditation process verifies that all appropriate security measures have been implemented and that the EUCI and the communication and information system have been sufficiently protected. The accreditation statement identifies the maximum classification level of the information that may be handled in a particular communication and information system and the relevant terms and conditions. The accreditation process is managed by the Agency which is the Accreditation Authority, with the support of the Member States and in line with the European Commission’s guidelines on the security accreditation of IT systems.

Changes to the system will be made bearing in mind the need to keep the highest possible level of security. This will be done by assessing the risks associated with these changes, identifying and implementing appropriate mitigating measures, and testing the effectiveness of these mitigating measures on a regular basis. Major changes to the ECN may lead to the ECN needing to be fully re-accredited, depending on the result of the risk assessment to measure the impact of the changes on security.

4.3.3.2 Connection of other systems to the network

The ECN may be connected to other systems, as long as the conditions in Article 6 and Annexes 1 and 5 of the Memorandum of Understanding are fulfilled. Accreditation requirements in these cases are set out in the Memorandum of Understanding.

4.3.4 Security roles and responsibilities

4.3.4.1 Security roles within the Agency

 

4.3.4.2 Security roles in the Member States

Each Member State will appoint a person to the following roles:

– Person responsible for the organisation of the NCC and physical security measures in the NCC (e.g. Head of NCC). The person assigned to this role must ensure that:

-physical security measures are in place to protect equipment connected to the ECN and to make sure that only authorised people in the NCC can access this, including (where applicable) people in decentralised offices and all other systems used in the NCC that are connected with the ECN;

– o all policies and procedures set out in national standards, national rules and in the Memorandum of Understanding — necessary to protect classified and sensitive non-classified information stored and handled in the ECN or extracted and processed outside it — are implemented in the NCC and applied by the NCC staff (e.g. marking of information or documents, handling of classified documents, overseeing the application of a procedure to assign the right level of permissions to ECN users and review them periodically);

– procedures are put in place, in line with national rules for accreditation (or equivalent procedure), for systems that connect to the ECN; this will require liaison with all relevant national authorities in the Member State.

– The National Coordination Centre’s Informatics Security Officer (NCC ISO).

The NCC ISO monitors security aspects of networks connected to the ECN and investigates all reported incidents. If necessary, the NCC ISO will be supported by the Agency’s ICT unit, with the Agency’s ICT Security Officer acting as a contact point.

In addition, each Member State must task one of these people with informing the Agency of security incidents that may affect the Agency’s ECN node or ECN Technical Management Services and with informing any other Member State(s) affected of any security incidents that may affect their ECN node.

4.3.4.3 Other roles — in both the Agency and Member States

The Information Owner: The Information Owner is responsible for EUCI and other information that is added to, processed in and produced by technical systems.

Users: All users are responsible for applying policies and procedures and for ensuring that their actions do not adversely affect the security of the system that they are using.

4.3.5 Control mechanisms and reporting procedures if there is a security breach

Any behaviour by any component of the ECN or an interconnected system that could suggest that a security incident has occurred or is occurring in the ECN or could be affecting the ECN must immediately be reported to and analysed by the NCC ISO. If his/her analysis confirms that the risk is high, s/he must immediately report the incident to the Agency, in line with the rules and processes set out in the accreditation documentation.

4.4 Change management[56]

4.4.1 General objectives and rules

The Agency will provide assistance to further develop and implement the EUROSUR framework within the scope and in line with the provisions of Regulation (EU) No 1052/2013. Improvements and adjustments to this framework are based on the Agency’s change management policy which:

– provides the overarching framework for further development of EUROSUR;

– sets out the methodology to follow for launching and consulting on changes;

– allows changes to be processed in a structured way;

– sets out the types of changes;

– identifies the decision-making process and the people and organisations responsible for this;

– provides information on technical tools to be used for submitting requests and obtaining feedback;

– ensures a secure system development lifecycle and consistency with ECN security accreditation;

– ensures that the approach to change focuses on end users and their needs.

Any changes must comply with Regulation (EU) No 1052/2013 and be processed in line with EUROSUR governance structures. The Agency’s Senior Business Owner for EUROSUR has decision-making powers. S/He is responsible for the entirety of the Agency’s business processes and is ultimately accountable for delivery of the Agency’s products and services. The Senior Business Owner is:

– advised by the EUROSUR Expert Group (EEG);

– supported by the Agency’s internal coordination mechanisms;[57]

– assisted by the EUROSUR Change Advisory Board.

If any strategic decisions on the development of EUROSUR are required, the Agency’s Management Board may be asked to provide its advice. The Senior Business Owner may delegate some of his/her decision-making powers to other entities within the Agency, in particular to the EUROSUR Change Advisory Board, whose chairman reports to and is supervised by the Senior Business Owner.

4.4.2 Change types

A change within the EUROSUR framework is, within the limits and requirements of Regulation (EU) No 1052/2013, to be understood as the addition, modification or removal of any component of the system, affecting its performance. The change can be initiated by an individual Member State or a group of Member States, via their NCC(s) or by the Agency.

– Major changes (changes that have a high impact on internal workflow, or involve a high number of stakeholders, high level of complexity, interruption of current workflow, or are of strategic or tactical value) must be processed using the change management structure and internal coordination mechanisms. They require approval by the Senior Business Owner.

– Minor/normal changes (changes that have a low impact on ongoing processes and product/service delivery, low level of complexity, or are of a technical nature) do not require senior management involvement and should be processed by the Change Advisory Board accordingly. They might require additional consultation, using internal coordination mechanisms.

– Non-standard changes (changes that are out of scope of the standardised procedures) must be assessed by the Change Advisory Board and processed as minor or major changes, depending on their impact and complexity. They might require additional consultation using internal coordination mechanisms.

– Quick patches/fixes (mostly IT related) or standard changes (changes following standardised model procedures that have been communicated to all stakeholders) do not require a reaction from governance structures and are dealt with by the relevant units in the Agency.

Urgent change requests, relating to emergency issues, are processed using a separate procedure. Every change within the EUROSUR framework, except quick patches/fixes or standard changes, requires the submission of a change request in line with the requirements set by the Agency to facilitate the process.

4.4.3 Change process initiation by Member States

Member States can launch improvements to the EUROSUR framework through:

– the EUROSUR Expert Group; or

– the EUROSUR change register and the feedback system developed based on EUROSUR Technical Management Services’feedback tool.

The EUROSUR Expert Group acts as an advisory body to the Senior Business Owner by providing opinions and recommendations from end users. In this capacity it may:

– consider and advise on changes;

– draw up change proposals;

– evaluate changes submitted (including costs/benefit analysis).

The EUROSUR Expert Group or the Agency may decide to create specific sub-groups or task forces to prepare particular change requests.

The EUROSUR change register and feedback system is an internet-based technical tool to:

– register all change requests and monitor their processing;

– consult/examine the change concept before the change request is submitted;

– report problems and failures in the EUROSUR framework that require the change process to be launched;

– submit ideas to improve the EUROSUR framework;

– share and obtain news and participate in forums related to the operation of the EUROSUR framework;

– seek feedback and receive input from other end users.

The Agency monitors the EUROSUR change register and feedback system to process change requests made to the EUROSUR Change Advisory Board, using the Agency’s internal coordination mechanisms, or to the EUROSUR Expert Group to obtain advice before the Agency makes a final decision.

4.4.4 The role of EUROSUR Change Advisory Board

The EUROSUR Change Advisory Board is a consultative and decision-making forum managed by the Agency, which carries out the following tasks:

– monitoring and making use of the EUROSUR change register and feedback system;

– collecting and logging all business or technical change requests from internal and external stakeholders, keeping track of change request process;

– assessing, prioritising and validating each change request;

– adjusting the status of the change request if necessary (e.g. from minor to standard);

– making decisions on and proposing timelines for implementing changes;

– bringing requests requiring additional advice or permission to the relevant management structures, including internal coordination mechanisms set up for this purpose;

– submitting major change requests to the Senior Business Owner for a final decision and consulting on other change requests if required;

– escalating issues to the EUROSUR Expert Group if its advice is needed;

– carrying out further consultation within the Agency if needed as a result of the proposed change’s impact or complexity;

– communicating decisions and preparing an explanation if a change request is denied.

4.4.5 Rules applied to change requests

Change requests may be accepted or refused for technical, financial, legal or operational reasons. They may be also returned to the initiator asking for further reasons for the change, or the provision of additional information, including use cases, costs and impact analysis, before a final decision is made. If the change request is refused, the Agency provides the initiator with an explanation for the refusal.

The NCC is the Agency’s single point of contact for processing change requests. If the proposed change has been drawn up by the EUROSUR Expert Group, it is monitored through the EUROSUR change register and feedback system. NCC findings may also trigger the initiation of a change request on behalf of Member States.

4.5 Business continuity management[58]

ISO standard 22301:2012 defines business continuity as the capability of an organisation to continue delivering products or services at acceptable predefined levels following a disruptive incident. This standard defines business continuity management as a holistic management process that:

– identifies potential threats to an organisation and the impacts on business operations that those threats, if realised, might cause; and

– provides a framework for building organisational resilience, capable of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.

As the ECN is a distributed system with a node in each Member State and the Agency, continuity of service must be ensured both at national and European level.

Risks and issues threatening the smooth running of the different components of the EUROSUR framework must be identified and assessed, and NCCs and the Agency must be prepared to react appropriately if these risks materialise. NCCs and the Agency must prevent or at least minimise the potential impact of a threat or a risk which endangers the flow of information in the ECN and has an impact on the creation, maintenance and distribution of the NSP, ESP and the CPIP.

– The Agency is responsible for examining the risks and threats to which the ECN as a whole could be exposed and ensures its stability and good functioning.

– NCCs are responsible for ensuring the efficient use of their EUROSUR node, entering their data in the ECN, and supplying the facilities required to enable their ECN node to function properly and ensure the necessary security measures have been implemented to protect the ECN node. NCCs must guarantee connectivity to NCC networks and their national systems to enable data to be used and transferred around the ECN.

These obligations must be met through developing business continuity plans within the Agency and each NCC, as described in the Memorandum of Understanding and based on the following five key steps:

4.5.1 Impact analysis

The purpose of this step is to identify the key processes and functions within the system and the impact if they become unavailable for operations.

The analysis covers functions and services provided by the Agency, the ECN and by the NCCs, categorising them as:

– Critical functions — cannot be interrupted for more than one hour. Unavailability of these functions needs to be addressed immediately, as they have a high impact on the functioning of the entire EUROSUR framework.

– Essential functions — an interruption of maximum one day is tolerable. However, these should be restored as soon as possible and, ideally, be unavailable for no longer than a couple of hours.

– Necessary functions — functions that are important for the proper functioning of the EUROSUR framework and crucial for NCC performance in the longer term. These can be interrupted for up to a week without affecting key deliverables; however they should be restored as soon as possible.

A business risk analysis for the ECN has been carried out as part of the accreditation process.

4.5.2 Risk management

The purpose of this step is to identify, analyse, control and monitor risks. Risks must be assessed with regard to the likelihood they might materialise and the consequences if they materialise. Typical risks include:

– loss of key assets (head office, equipment or infrastructure);

– loss of key staff (including their unavailability);

– loss of subsidiary external services (e.g. external contractual providers, loss of electricity, water and other utilities).

4.5.3 Development of a business continuity strategy and plan

The purpose of a business continuity strategy is to define the criteria for risk acceptance and the measures to mitigate unacceptable risks. All critical, essential and necessary functions must have an identified recovery time. The business continuity plan describes the procedures that guide organisations to respond, recover, resume, and restore functioning to a predefined level of operation following disruption. These plans typically include details relating to:

– the plan’s purpose, scope and users

– reference documents

– assumptions

– roles and responsibilities

– key contacts

– plan activation and deactivation

– communication

– incident response

– order of recovery for activities

– recovery plans for activities

– disaster recovery plan

– required resources

– restoring and resuming activities

These plans should be integrated in the overall business continuity plan for Member States and the Agency.

4.5.4 Communication in case of disruption

If the ECN’s business continuity is disrupted, the NCC and the Agency notify each other of the incident and the possible impact, using the communication channels set out in the Memorandum of Understanding. The notification should include a description of the disruption, its impact on the ECN and whether the NCC or Agency has activated its business continuity plan. If the disruption may have a broader impact, all Member States must also be informed about the incident and its potential impact.

If a Member State or the Agency carry out tests that might have a potential impact on the overall functioning of the ECN, they inform each other in advance of the tests and their estimated effects and duration.

4.5.5 Maintenance of business continuity management

These processes and plans must be regularly maintained, adjusted and improved, to ensure that they are suitable for the current situation. This includes regular testing and exercising, taking corrective actions, and amending and auditing the processes and plans.

4.6 Communication

4.6.1 General objectives

To achieve EUROSUR’s objectives, effective communication covers the following areas:

– information exchange on EUROSUR content (NSP, ESP and CPIP);

– communication between NCCs and with the Agency, as part of day-to-day work (contacts between operators etc.);

– addressing any technical or business issues (such as bugs, IT incidents, access requests, etc.), including in cases where business continuity is at stake (see Chapter 4.5).

Effective communication means that the information provided through EUROSUR is of clearer and better quality and so supports an improved reaction capability.

4.6.2 Day-to-day communication

Day-to-day communication takes place:

– at European level — between the NCCs and with the Agency;

– at national level — effective communication channels must be established between all authorities with responsibility for border surveillance, including in authorities within the chain of command for effective decision-making and providing reaction capabilities;

– inside the Agency — among the various units involved in creating the ESP/CPIP.

Day-to-day communication may take place via:

– the ECN and dedicated applications, including the EUROSUR application and videoconferencing facilities;

– telephone and email, using the contact lists (see Chapters 3.1.15 and 4.6.4);

– other platforms (e.g. Frontex One Stop Shop document repository, etc.)

Each Member State is available 24/7 via its NCC.

4.6.3 The Agency’s central point of contact

The Agency has a central point of contact located in the unit responsible for current information exchange and maintaining situational awareness. This unit is the central reference point coordinating, at Agency level, all incoming and outgoing operational information in a timely and reliable manner.

This unit provides a holistic approach for NCCs and internal Agency units by monitoring and processing incoming and outgoing operational information to maintain the ESP/CPIP and increase the reaction capabilities in Member States, e.g. by coordinating the delivery of services relating to the common application of surveillance tools and facilitating communication on rapid operational responses, when needed.

As the operational gateway to the Agency, through operational communication and information management, this point of contact provides capability for:

– situation monitoring;

– situation awareness and support;

– service delivery of EUROSUR Fusion Services;

– coordination and facilitation of joint operational activities, acting as the operational link between the responsible project team at Agency level and participating actors in the field;

– emergency and crisis management;

– liaison with NCCs;

– liaison with internal Agency units.

4.6.4 Contact list

The Agency is responsible for maintaining the contact list for NCCs, which includes:

– the NCC’s place in Member State structures (name of authority, etc.);

– the name and title/rank of the Head of the NCC;

– the NCC’s address and service hours (office hours/duty hours);

– the NCC’s email address — monitored 24/7;

– telephone number(s) for the NCC — monitored 24/7;

– the list of authorities represented in the NCC and service hours for each authority.

The NCCs must inform the Agency, without delay, of any changes to these details.

The contact details list includes the Agency’s contacts for:

– operational/information exchange matters;

– service requests relating to the common use of surveillance tools;

– access management;

– technical helpdesk.

4.6.5 Communication related to day-to-day operational matters

The NCC which first receives information within EUROSUR’s scope is responsible for entering it into the EUROSUR application and sharing it with relevant partners without delay.

Close-to-real time (immediate) reporting has to be provided from the field to the NCC. Reporting at national level should take place using predefined templates, so that there is a unified approach to reporting. Plans should be made in advance to ensure immediate reporting in emergencies. In emergencies, NCCs may notify other NCCs/the Agency of the ongoing situation via other means of contact such as telephone, videoconferencing, etc., using the contact details provided in the contact list.

Best practice: In monthly video-conferences between the Heads of the NCCs and the Agency operational issues are discussed.

4.6.6 Official meetings

Heads of the NCCs, representatives from relevant national authorities and the Agency meet regularly within a user-driven EUROSUR Expert Group.

The EUROSUR expert group, involving internal and external stakeholders, ensures exchange of experiences gained at practical level and improves coordination between internal and external stakeholders. The group’s purpose is also to ensure exchanges on practical issues related to the EUROSUR framework. The group prepares and advises on technical and business issues related to the EUROSUR framework.

Technical and business oriented sub-groups may be created to support the EUROSUR expert group on an ad hoc or temporary basis.

Examples: analysis layer user group, ECN accreditation expert group, etc.

4.6.7 EUROSUR and public relations

The information included in EUROSUR should be subject to the highest possible transparency measures. However, in order not to jeopardise the outcome of ongoing operational activities/investigations, discretion must be applied as to what information is released to the public. This should be considered on a case-by-case basis by the relevant authorities.

Only the authorities who upload information to EUROSUR are authorised to discuss the details of specific incidents with the press.

If the Agency is involved in operational activities, it retains its right to use information on the outcome of these activities.

Interviews about EUROSUR should be given by the personnel dealing with and knowledgeable about the matter.

4.6.8 Language of communication

The working language of communication in EUROSUR is English. Member States ensure that all communication provided at national level is appropriately translated and clear.

5 Interagency and external cooperation principles

5.1 Agency cooperation with other EU institutions, bodies, agencies and international organisations[59]

This chapter provides guidelines for efficient information exchange and cooperation between the Agency and other EU institutions, bodies, offices, agencies and international organisations. The details of how this should be carried out are described in specific documents (e.g. working arrangements).

5.1.1 Partner organisations

The Agency coordinates and exchanges information, using secure communication lines where possible and necessary, with EU institutions, bodies, offices, agencies and international organisations, in order to make best use of the available information, capabilities and systems. The relevant stakeholders are grouped into:

– EU institutions, bodies, offices and agencies (‘EU partner organisations’); and

– international organisations and bodies (‘non-EU partner organisations’).

When working with these partner organisations, the Agency must ensure that their mandate, legal framework and autonomy are fully respected.

5.1.2 Scope

The Agency exchanges information with EU and non-EU partner organisations for the following purposes:

1) Provision of relevant data on illegal immigration and cross-border crime to be included in the ESP/CPIP. Europol is the main partner in this area. The Agency may also work with other partner organisations, such as Interpol, MAOC-N, Commission services, eu-LISA, Eurojust, EEAS and others. The information collected in the ESP/CPIP is shared with partner organisations on a need-to-know basis and to the extent required to carry out their own mandate. Data to support and maintain the ESP/CPIP provided by Commission services, the EEAS, the FRA, the EASO (e.g. on managing migration flows, or country of origin information) and from non-EU partner organisations will be processed and combined with information from other sources, validated and then made available to Member States’NCCs by the Agency via the ESP/CPIP. If the Agency receives relevant information from two or more partner organisations, it merges this information and validates it before publishing it in the ESP/CPIP.

2) Contributions to the common application of surveillance tools are provided by EMSA, EFCA, SATCEN and other relevant partner organisations, as described in Chapter 3.2.8. For the acquisition of satellite imagery and the use of satellite-derived data in day-to-day operations, the Agency makes best use of the Copernicus programme.[60]

5.1.3 Legal framework

The cooperation of the Agency with third parties as referred to in Article 18 of Regulation (EU) No 1052/2013 is laid down in working arrangements and other relevant regulatory documents (e.g. service level agreements, Memorandum of Understanding) signed between the Agency and EU/non-EU partner organisations, in accordance with Article 13 of Council Regulation (EC) No 2007/2004. This may include relevant existing cooperation instruments, or new ones if required. The rules of procedure used for information exchange will be set out in the working arrangements.

5.1.4 Communication channels

The Agency is the single point of contact for the exchange of information and cooperation with partner organisations. Since access to the ESP/CPIP is limited to the Agency and the NCCs, the Agency establishes dedicated communication channels with partner organisations.

Each partner organisation identifies the required communication infrastructure and a point of contact. Contact details (official and functional email address, mobile number and official address) for this point of contact are to be communicated to the Agency.

If the structure of the partner organisation requires more than one point of contact to be nominated, contact details and the split in responsibilities for these contact points must be communicated to the Agency.

The Agency creates and maintains a contact list for partner organisations with which it cooperates in EUROSUR.

5.1.5 Evaluation

The Agency and partner organisations analyse, develop and evaluate the outputs produced by working together in the framework of EUROSUR, with a view to identifying needs and gaps and proposing measures for improvement. These findings may trigger the Agency to initiate change process in line with the rules laid down in Chapter 4.4. The evaluation is carried out in accordance with the bilateral cooperation framework and whenever required by the operational situation. The cooperation between the Agency and partner organisations may be adapted in line with this evaluation and operational needs.

5.2 Cooperation of Member States with neighbouring third countries[61]

A well-structured and permanent exchange of information and cooperation by Member States with neighbouring third countries is key to preventing illegal immigration and cross-border crime and for contributing to the saving of migrants’lives. In order to be sustainable, this cooperation has to be reciprocal, based on mutual trust and beneficial both for the Member State(s) and third countries. It is essential that any such cooperation is carried out in full compliance with legislation on fundamental rights.

Member States can work with neighbouring third countries at international, multilateral and bilateral level.

5.2.1 International cooperation

Depending on the level of cooperation, international cooperation may include:

1) Exchange of information with and assistance from the Agency, in close coordination with the European External Action Service, Europol, Eurojust, Interpol and other relevant bodies.

2) The participation of third-country experts in programmes, projects, conferences, seminars and working groups set up by the Agency, the European Commission, Interpol, the United Nations and international organisations.

3) The deployment of liaison officers in EU Delegations[62] and in Member States’embassies and consulates.

4) Joint risk analysis and investigation activities with authorities in third countries.

5) Training for third-country authorities in border control activities, search and rescue, fundamental rights, etc.

6) Strengthening third countries’capacities through programmes co-financed by EU and international funds.

5.2.2 Multilateral and bilateral cooperation

Depending on the level of cooperation, multilateral and bilateral cooperation may include:

1) Liaison officer networks.

2) Regional networks, used for exchanging information via secure communication channels, exchanging liaison officers, training, strengthening surveillance capabilities and setting up coordination centres in third countries. If several Member States participate in a regional network, they must inform the Agency which of their NCCs is responsible for the exchange of information between the regional network and EUROSUR.

3) Joint operational activities (land, sea and air), including joint patrolling.

4) Training for third-country authorities in border control, search and rescue, fundamental rights, etc.

5) Strengthening capacities through donating assets and technical assistance to improve the border control capabilities of third countries.

Examples of regional networks are the Baltic Sea region border control cooperation (BSRBCC) network and the Seahorse Atlantic network.

5.2.3 Agreements

The cooperation described above takes place based on agreements and working arrangements or through regional networks established on the basis of those agreements. Before concluding any such agreement or working arrangement, the relevant Member State must notify the European Commission of the text or the relevant provisions. The Commission will verify that these provisions comply with the provisions of Article 20 of Regulation (EU) No 1052/2013. Member States must also notify the Commission of the texts of concluded agreements, and the Commission will provide the European Parliament, the European Council and the Agency with a general overview and assessment of those agreements.

Member States inform the Agency about current cooperation at operational level with third countries, as required by Article 2(2) of Regulation (EC) No 2007/2004. When concluding bilateral agreements with third countries, Member States may include provisions concerning the role and responsibilities of the Agency, after consulting the Agency about this.

If information to be exchanged with authorities in a third country belongs to an Member State or the Agency that is not part of the cooperation agreement or regional network, the NCC of the Member State wishing to share the information must send a written request to the information owner (Member State or the Agency), indicating the third country with whom the information will be shared and explaining the reasons for sharing such information. The information owner (Member State or the Agency) replies to the request in writing as soon as possible. Any refusal to share information must be explained. Tacit approval is not permitted – the information owner must respond positively or negatively.

6 Monitoring and evaluation[63]

The following measures are to be taken to monitor EUROSUR’s technical functioning:

– In its report due on 1 December 2015 and every two years thereafter, the Agency provide an overview of the implementation of the ECN, the ESP (including border sections and the allocation of impact levels) and the CPIP, and the common application of surveillance tools, describing the progress made and identifying any measures which still need to be taken to fully comply with the provisions of Regulation (EU) No 1052/2013.

– By 31 January 2016 and by the same date in each year from then on, each Member State provides an annual report on the set-up and running of its NCC and its NSP, describing the progress made during the previous year and identifying any measures which still need to be taken to fully comply with the provisions of Regulation (EU) No 1052/2013. The Commission will provide a summary in its overall evaluation of EUROSUR, due on 1 December 2016 and every four years thereafter.

The following measures are to be taken to monitor EUROSUR’s operational functioning:

– As of 2015, in the annual report referred to above, each Member State provides a description of the measures taken at national level (with emphasis on the NCC’s role) relating to those external border sections to which a medium or high impact level has been allocated.

– In its report due on 1 December 2015 and every two years thereafter, the Agency provides an overview of measures taken by Member States and by the Agency relating to those external border sections to which a medium or high impact level has been allocated. In this report, the Agency will work with the relevant Member State(s) to analyse and evaluate the measures taken at national and European level.

– In its overall evaluation due on 1 December 2016 and every four years thereafter, the Commission will assess how the EUROSUR Regulation has been applied in Member States and by the Agency.

The following measures are to be taken to monitor how fundamental rights, including the principle of non-refoulement, have been respected in the framework of EUROSUR:

– In compliance with Article 3(1) of Regulation (EC) No 2007/2004 and annexed to the Agency’s report due on 1 December 2015 and every two years thereafter, the Agency’s Fundamental Rights Officer may provide observations on the Agency’s compliance with legislation on fundamental rights. The Consultative Forum may make recommendations to the Agency on compliance with fundamental rights when implementing the EUROSUR Regulation. To do this, the Fundamental Rights Officer and the Consultative Forum, within their given mandates, have access to all information relating to the respect for fundamental rights for all the Agency’s activities within the framework of EUROSUR.

– In its overall evaluation due on 1 December 2016 and every four years thereafter, the Commission provides an assessment of the Agency and Member States’compliance with legislation on fundamental rights (including personal data protection and the non-refoulement principle) when implementing the EUROSUR Regulation.[64]

– In its overall evaluation due on 1 December 2016 and every four years thereafter, the Commission provides an overview of the agreements concluded between Member States and third countries for the purposes of the EUROSUR Regulation and an assessment of whether these agreements comply with the provisions of Article 20 of Regulation (EU) No 1052/2013.

7 Handbook review and closing remarks

The Commission may amend this handbook on the basis of contributions received from the Agency and the Member States.

The Agency and the Member States may, after consultation of the European Commission, agree on and classify internal documents (catalogues, terms of reference, etc) to further specify operational, technical or any other requirements required for the implementation and day-to-day use of EUROSUR. The Commission verifies that these documents comply with the provisions of Regulation (EU) No 1052/2013 and this handbook.

8 List of instruments

– Regulation (EU) No 1052/2013 of the European Parliament and of the Council of 22 October 2013 establishing the European Border Surveillance System (EUROSUR)

– Council Regulation (EC) No 2007/2004 of 26 October 2004 establishing a European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union

– Regulation (EU) No 656/2014 of the European Parliament and of the Council of 15 May 2014 establishing rules for the surveillance of the external sea borders in the context of operational cooperation coordinated by the European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union

– Regulation (EC) No 562/2006 of the European Parliament and of the Council of 15 March 2006 establishing a Community Code on the rules governing the movement of persons across borders (Schengen Borders Code)

– Commission Decision (EU, Euratom) 2015/444 of 13 March 2015 on the security rules for protecting EU classified information

– Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data

– Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data

– Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters

– Charter of Fundamental Rights of the European Union

– Convention for the Protection of Human Rights and Fundamental Freedoms

– Convention on the Status of Refugees (1951) and its Protocol (1967)

– 1979 International Convention on Maritime Search and Rescue and other International

9.List of Abbreviations

 

13. Decisione (PESC) 2015/778 del Consiglio, del 18 maggio 2015, relativa a un’operazione militare dell’Unione europea nel Mediterraneo centromeridionale (EUNAVFOR MED)

THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on European Union, and in particular Articles 42(4) and 43(2) thereof,

Having regard to the proposal from the High Representative of the Union for Foreign Affairs and Security Policy,

Whereas:

1. On 20 April 2015, the Council confirmed a strong commitment to act in order to prevent human tragedies resulting from the smuggling of people across the Mediterranean.

2. On 23 April 2015, the European Council expressed its indignation about the situation in the Mediterranean and underlined that the Union will mobilise all efforts at its disposal to prevent further loss of life at sea and to tackle the root causes of this human emergency, in cooperation with the countries of origin and transit, and that the immediate priority is to prevent more people from dying at sea. The European Council committed to strengthening the Union’s presence at sea, to preventing illegal migration flows and to reinforcing internal solidarity and responsibility.

3. The European Council of 23 April 2015 also committed to fighting the traffickers in accordance with international law, by undertaking systematic efforts to identify, capture and destroy vessels before they are used by traffickers, and invited the High Representative of the Union for Foreign Affairs and Security Policy (HR) to start preparations for a possible Common Security and Defence Policy (CSDP) operation to this effect.

4. On 11 May 2015, the HR informed the UN Security Council about the crisis of migrants in the Mediterranean and the ongoing preparation for a possible Union naval operation, in the framework of the Union’s Common Security and Defence Policy. In this regard, she expressed the need for the Union to work with the support of the UN Security Council.

5. On 18 May 2015, the Council approved the crisis management concept for a CSDP operation to disrupt the business model of smugglers in the Southern Central Mediterranean.

6. The Union CSDP operation will be conducted in accordance with international law, in particular with the relevant provisions of the 1982 United Nations Convention on the Law of the Sea (UNCLOS), the 2000 Protocols against the Smuggling of Migrants by Land, Sea and Air (the Protocol against the Smuggling of Migrants) and to Prevent, Suppress and Punish Trafficking in Persons, especially Women and Children, supplementing the United Nations Convention against Transnational Organized Crime, the 1974 International Convention for the Safety of Life at Sea (SOLAS), the 1979 International Convention on Maritime Search and Rescue (SAR), the 1976 Convention for the Protection of the Marine Environment and the Coastal Region of the Mediterranean (Barcelona Convention), the 1951 Geneva Convention relating to the Status of Refugees and the principle of non-refoulement and international human rights law. The UNCLOS, SOLAS and SAR Conventions include the obligation to assist persons in distress at sea and to deliver survivors to a place of safety, and to that end the vessels assigned to EUNAVFOR MED will be ready and equipped to perform the related duties under the coordination of the competent Rescue Coordination Centre.

7. On the high seas, in accordance with relevant domestic and international law, States may interdict vessels suspected of smuggling migrants, where there is flag State authorisation to board and search the vessel or where the vessel is without nationality, and may take appropriate measures against the vessels, persons and cargo. 19.5.2015 L 122/31 Official Journal of the European Union EN

8. Measures may also be taken in the territorial or internal waters, territory or airspace of a State against vessels suspected of involvement in human smuggling or trafficking, with the consent of that State or pursuant to a UN Security Council Resolution, or both.

9. A State may take appropriate measures against persons present on its territory whom it suspects of smuggling or trafficking humans with a view to their possible arrest and prosecution, in accordance with international law and its domestic law.

10. The Political and Security Committee (PSC) should exercise, under the responsibility of the Council and of the HR, political control over the Union crisis management operation, provide it with strategic direction and take the relevant decisions in accordance with the third paragraph of Article 38 of the Treaty on European Union (TEU).

11. Pursuant to Article 41(2) TEU, and in accordance with Council Decision (CFSP) 2015/528[1], the operational expenditure arising from this Decision, which has military or defence implications, is to be borne by the Member States.

12. In accordance with Article 5 of Protocol No 22 on the position of Denmark annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark does not participate in the elaboration and implementation of decisions and actions of the Union which have defence implications. Consequently, Denmark is not participating in the adoption of this Decision, is neither bound by it nor subject to its application, and does not participate in the financing of this operation,

HAS ADOPTED THIS DECISION:

Article 1

Mission

1. The Union shall conduct a military crisis management operation contributing to the disruption of the business model of human smuggling and trafficking networks in the Southern Central Mediterranean (EUNAVFOR MED), achieved by undertaking systematic efforts to identify, capture and dispose of vessels and assets used or suspected of being used by smugglers or traffickers, in accordance with applicable international law, including UNCLOS and any UN Security Council Resolution.

2. The area of operation shall be defined, before the launching of EUNAVFOR MED, in the relevant planning documents to be approved by the Council.

Article 2

Mandate

1. EUNAVFOR MED shall operate in accordance with the political, strategic and politico-military objectives set out in the Crisis Management Concept approved by the Council on 18 May 2015.

2. EUNAVFOR MED shall be conducted in sequential phases, and in accordance with the requirements of international law. EUNAVFOR MED shall:

(a) in a first phase, support the detection and monitoring of migration networks through information gathering and patrolling on the high seas in accordance with international law;

(b) in a second phase,

(i) conduct boarding, search, seizure and diversion on the high seas of vessels suspected of being used for human smuggling or trafficking, under the conditions provided for by applicable international law, including UNCLOS and the Protocol against the Smuggling of Migrants;

(ii) in accordance with any applicable UN Security Council Resolution or consent by the coastal State concerned, conduct boarding, search, seizure and diversion, on the high seas or in the territorial and internal waters of that State, of vessels suspected of being used for human smuggling or trafficking, under the conditions set out in that Resolution or consent; 19.5.2015 L 122/32 Official Journal of the European Union EN (1)Council Decision (CFSP) 2015/528 of 27 March 2015 establishing a mechanism to administer the financing of the common costs of European Union operations having military or defence implications (Athena) and repealing Decision 2011/871/CFSP (OJ L 84, 28.3.2015, p. 39).

(c) in a third phase, in accordance with any applicable UN Security Council Resolution or consent by the coastal State concerned, take all necessary measures against a vessel and related assets, including through disposing of them or rendering them inoperable, which are suspected of being used for human smuggling or trafficking, in the territory of that State, under the conditions set out in that Resolution or consent.

3. The Council shall assess whether the conditions for transition beyond the first phase have been met, taking into account any applicable UN Security Council Resolution and consent by the coastal States concerned.

4. EUNAVFOR MED may collect, in accordance with applicable law, personal data concerning persons taken on board ships participating in EUNAVFOR MED related to characteristics likely to assist in their identification, including fingerprints, as well as the following particulars, with the exclusion of other personal data: surname, maiden name, given names and any alias or assumed name; date and place of birth, nationality, sex; place of residence, profession and whereabouts; driving licenses, identification documents and passport data. It may transmit such data and data related to the vessels and equipment used by such persons to the relevant law enforcement authorities of Member States and/or to competent Union bodies.

Article 3

Appointment of the EU Operation Commander

Rear Admiral Enrico Credendino is hereby appointed EU Operation Commander of EUNAVFOR MED.

Article 4

Designation of the EU Operation Headquarters

The Operation Headquarters of EUNAVFOR MED shall be located in Rome, Italy.

Article 5

Planning and launch of the operation

The Decision to launch EUNAVFOR MED shall be adopted by the Council, upon the recommendation of the Operation Commander of EUNAVFOR MED following approval of the Operation Plan and of the Rules of Engagement necessary for the execution of the mandate.

Article 6

Political control and strategic direction

1. Under the responsibility of the Council and of the HR, the PSC shall exercise the political control and strategic direction of EUNAVFOR MED. The Council hereby authorises the PSC to take the relevant decisions in accordance with Article 38 TEU. This authorisation shall include the powers to amend the planning documents, including the Operations Plan, the Chain of Command and the Rules of Engagement. It shall also include the powers to take decisions on the appointment of the EU Operation Commander and the EU Force Commander. The powers of decision with respect to the objectives and termination of the EU military operation shall remain vested in the Council. Subject to Article 2(3) of this Decision, the PSC shall have the power to decide when to make the transition between the different phases of the operation.

2. The PSC shall report to the Council at regular intervals. 3.The Chairman of the EU Military Committee (EUMC) shall, at regular intervals, report to the PSC on the conduct of EUNAVFOR MED. The PSC may invite the EU Operation Commander or the EU Force Commander to its meetings, as appropriate.

Article 7

Military direction

1. The EUMC shall monitor the proper execution of EUNAVFOR MED conducted under the responsibility of the EU Operation Commander.

2. The EU Operation Commander shall, at regular intervals, report to the EUMC. The EUMC may invite the EU Operation Commander or the EU Force Commander to its meetings, as appropriate.

3. The Chairman of the EUMC shall act as the primary point of contact with the EU Operation Commander.

Article 8

Consistency of the Union’s response and coordination

1. The HR shall ensure the implementation of this Decision and its consistency with the Union’s external action as a whole, including the Union’s development programmes and its humanitarian assistance.

2. The HR, assisted by the European External Action Service (EEAS), shall act as the primary point of contact with the United Nations, the authorities of the countries in the region, and other international and bilateral actors, including NATO, the African Union and the League of Arab States.

3. EUNAVFOR MED shall cooperate with the relevant Member State authorities and shall establish a coordination mechanism, and as appropriate, conclude arrangements with other Union agencies and bodies, in particular FRONTEX, EUROPOL, EUROJUST, European Asylum Support Office and relevant CSDP missions.

Article 9

Participation by third States

1. Without prejudice to the Union’s decision-making autonomy or to the single institutional framework, and in accordance with the relevant guidelines of the European Council, third States may be invited to participate in the operation.

2. The Council hereby authorises the PSC to invite third States to offer contributions and to take the relevant decisions on acceptance of the proposed contributions, upon the recommendation of the EU Operations Commander and the EUMC.

3. Detailed arrangements for the participation by third States shall be the subject of agreements concluded pursuant to Article 37 TEU and in accordance with the procedure laid down in Article 218 of the Treaty on the Functioning of the European Union (TFEU). Where the Union and a third State have concluded an agreement establishing a framework for the latter’s participation in crisis management missions of the Union, the provisions of such an agreement shall apply in the context of EUNAVFOR MED.

4. Third States making significant military contributions to EUNAVFOR MED shall have the same rights and obligations in terms of day-to-day management of the operation as Member States taking part in the operation.

5. The Council hereby authorises the PSC to take relevant decisions on the setting-up of a Committee of Contributors, should third States provide significant military contributions.

Article 10

Status of Union-led personnel

The status of Union-led units and personnel shall be defined where necessary in accordance with international law.

Article 11

Financial arrangements

1.The common costs of the EU military operation shall be administered in accordance with Decision (CFSP) 2015/528. 2.The financial reference amount for the common costs of EUNAVFOR MED shall be EUR 11,82 million. The percentage of the reference amount referred to in Article 25(1) of Decision (CFSP) 2015/528 shall be 70 % in commitments and 40 % for payments.

Article 12

Release of information

1. The HR shall be authorised to release to the third States associated with this Decision, as appropriate and in accordance with the needs of EUNAVFOR MED, EU classified information generated for the purposes of the operation, in accordance with Council Decision 2013/488/EU (1), as follows:

(a) up to the level provided in the applicable Security of Information Agreements concluded between the Union and the third State concerned; or

(b) up to the ‘CONFIDENTIEL UE/EU CONFIDENTIAL’ level in other cases.

2. The HR shall also be authorised to release to the UN, in accordance with the operational needs of EUNAVFOR MED, EU classified information up to ‘RESTREINT UE/EU RESTRICTED’ level which are generated for the purposes of EUNAVFOR MED, in accordance with Decision 2013/488/EU. Arrangements between the HR and the competent authorities of the United Nations shall be drawn up for this purpose.

3. The HR shall be authorised to release to the third States associated with this Decision any EU non-classified documents connected with the deliberations of the Council relating to the operation and covered by the obligation of professional secrecy pursuant to Article 6(1) of the Council’s Rules of Procedure[2].

4. The HR may delegate such authorisations, as well as the ability to conclude the arrangements referred to in this Article, to EEAS officials, to the EU Operation Commander or to the EU Force Commander in accordance with section VII of Annex VI to Decision 2013/488/EU.

Article 13

Entry into force and termination

This Decision shall enter into force on the date of its adoption.

EUNAVFOR MED shall end no later than 12 months after having reached Full Operational Capability (FOC).

This Decision shall be repealed as from the date of closure of the EU Operation Headquarters in accordance with the plans approved for the termination of EUNAVFOR MED, and without prejudice to the procedures regarding the audit and presentation of the accounts of EUNAVFOR MED laid down in Decision (CFSP) 2015/528.

Done at Brussels, 18 May 2015.

14. Decisione (PESC) 2015/972 del Consiglio, del 22 giugno 2015, relativa all’avvio dell’operazione militare dell’Unione europea nel Mediterraneo centromeridionale (EUNAVFOR MED)

THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on European Union, and in particular Articles 42(4) and 43(2) thereof,

Having regard to Council Decision (CFSP) 2015/778 of 18 May 2015 on a European Union military operation in the southern Central Mediterranean (EUNAVFOR MED)[1], and in particular Article 5 thereof,

Having regard to the proposal from the High Representative of the Union for Foreign Affairs and Security Policy,

Whereas:

On 18 May 2015, the Council adopted Decision (CFSP) 2015/778.

1. Following the recommendation of the Operation Commander, EUNAVFOR MED should be launched on 22 June 2015.

2. In accordance with Article 5 of Protocol No 22 on the position of Denmark annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark does not participate in the elaboration and implementation of decisions and actions of the Union which have defence implications. Consequently, Denmark is not participating in the adoption of this Decision, is neither bound by it nor subject to its application, and does not participate in the financing of this operation,

HAS ADOPTED THIS DECISION:

Article 1

The Operation Plan and the Rules of Engagement concerning the European Union military operation in the southern Central Mediterranean (EUNAVFOR MED) are hereby approved.

Article 2

1. EUNAVFOR MED shall be launched on 22 June 2015.

2. In accordance with Article 2(3) of Decision (CFSP) 2015/778, the Council shall assess whether the conditions for transition beyond the first phase of the operation have been met, taking into account any applicable UN Security Council Resolution and consent by the coastal states concerned. Subject to such assessment by the Council, and in accordance with Article 6(1) of Decision (CFSP) 2015/778, the Political and Security Committee shall have the power to decide when to make the transition between the different phases of the operation.

Article 3

This Decision shall enter into force on the date of its adoption.

Done at Luxembourg, 22 June 2015.

12. Regolamento n. 656/2014 del Parlamento europeo e del Consiglio, del 15 maggio 2014, recante norme per la sorveglianza delle frontiere marittime esterne nel contesto della cooperazione operativa coordinata dall’Agenzia europea per la gestione della cooperazione operativa alle frontiere esterne degli Stati membri dell’Unione europea

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular point (d) of Article 77(2) thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Acting in accordance with the ordinary legislative procedure[1],

Whereas:

1. The objective of Union policy in the field of the Union external borders is to ensure the efficient monitoring of the crossing of external borders including through border surveillance, while contributing to ensuring the protection and saving of lives. The purpose of border surveillance is to prevent unauthorised border crossings, to counter cross-border criminality and to apprehend or take other measures against those persons who have crossed the border in an irregular manner. Border surveillance should be effective in preventing and discouraging persons from circumventing the checks at border crossing points. To this end, border surveillance is not limited to the detection of attempts at unauthorised border crossings but equally extends to steps such as intercepting vessels suspected of trying to gain entry to the Union without submitting to border checks, as well as arrangements intended to address situations such as search and rescue that may arise during a border surveillance operation at sea and arrangements intended to bring such an operation to a successful conclusion.

2. The policies of the Union in border management, asylum and immigration and their implementation should be governed by the principle of solidarity and fair sharing of responsibility between the Member States pursuant to Article 80 of the Treaty on the Functioning of the European Union (TFEU). Wherever necessary, Union acts adopted in the framework of those policies are to contain appropriate measures to give effect to that principle and promote burden-sharing including through the transfer, on a voluntary basis, of beneficiaries of international protection.

3. The scope of application of this Regulation should be limited to border surveillance operations carried out by Member States at their external sea borders in the context of operational cooperation coordinated by the European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union (‘the Agency’) established by Council Regulation (EC) No 2007/2004[2]. Investigative and punitive measures are governed by national criminal law and the existing instruments of mutual legal assistance in the field of judicial cooperation in criminal matters in the Union.

4. The Agency is responsible for the coordination of operational cooperation between Member States in the field of management of the external borders, including as regards border surveillance. The Agency is also responsible for assisting Member States in circumstances requiring increased technical assistance at the external borders, taking into account the fact that some situations may involve humanitarian emergencies and rescue at sea. Specific rules with regard to border surveillance activities carried out by maritime, land and aerial units of one Member State at the sea border of other Member States or on the high seas in the context of operational cooperation coordinated by the Agency are necessary to further strengthen such cooperation.

5. Cooperation with neighbouring third countries is crucial to prevent unauthorised border crossings, to counter cross-border criminality and to avoid loss of life at sea. In accordance with Regulation (EC) No 2007/2004 and insofar as full respect for the fundamental rights of migrants is ensured, the Agency may cooperate with the competent authorities of third countries, in particular as regards risk analysis and training, and should facilitate operational cooperation between Member States and third countries. When cooperation with third countries takes place on the territory or the territorial sea of those countries, the Member States and the Agency should comply with norms and standards at least equivalent to those set by Union law.

6. The European Border Surveillance System (Eurosur) established by Regulation (EU) No 1052/2013 of the European Parliament and of the Council[3] aims to strengthen the information exchange and operational cooperation between Member States and with the Agency. That is to ensure that the situational awareness and reaction capability of Member States improves considerably, also with the support of the Agency, for the purposes of detecting, preventing and combating illegal immigration and cross-border crime and contributing to ensuring the protection and saving the lives of migrants at their external borders. When coordinating border surveillance operations, the Agency should provide Member States with information and analysis concerning those operations in accordance with that Regulation.

7. This Regulation replaces Council Decision 2010/252/EU[4] which was annulled by the Court of Justice of the European Union (‘the Court’) by its judgment of 5 September 2012 in Case C-355/10. In that judgment, the Court maintained the effects of Decision 2010/252/EU until the entry into force of new rules. Therefore, as of the day of entry into force of this Regulation, that Decision ceases to produce effects.

8. During border surveillance operations at sea, Member States should respect their respective obligations under international law, in particular the United Nations Convention on the Law of the Sea, the International Convention for the Safety of Life at Sea, the International Convention on Maritime Search and Rescue, the United Nations Convention against Transnational Organized Crime and its Protocol against the Smuggling of Migrants by Land, Sea and Air, the United Nations Convention relating to the Status of Refugees, the European Convention for the Protection of Human Rights and Fundamental Freedoms, the International Covenant on Civil and Political Rights, the United Nations Convention against Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment, the United Nations Convention on the Rights of the Child and other relevant international instruments.

9. When coordinating border surveillance operations at sea, the Agency should fulfil its tasks in full compliance with relevant Union law, including the Charter of Fundamental Rights of the European Union (‘the Charter’), and relevant international law, in particular that referred to in recital 8.

10. In accordance with Regulation (EC) No 562/2006 of the European Parliament and of the Council[5] and general principles of Union law, any measure taken in the course of a surveillance operation should be proportionate to the objectives pursued, non-discriminatory and should fully respect human dignity, fundamental rights and the rights of refugees and asylum seekers, including the principle of non-refoulement. Member States and the Agency are bound by the provisions of the asylum acquis, and in particular of Directive 2013/32/EU of the European Parliament and of the Council[6] with regard to applications for international protection made in the territory, including at the border, in the territorial waters or in the transit zones of Member States.

11. The application of this Regulation should be without prejudice to Directive 2011/36/EU of the European Parliament and the Council[7], in particular as regards assistance to be given to victims of trafficking in human beings.

12. This Regulation should be applied in full compliance with the principle of non-refoulement as defined in the Charter and as interpreted by the case-law of the Court and of the European Court of Human Rights. In accordance with that principle, no person should be disembarked in, forced to enter, conducted to or otherwise handed over to the authorities of a country where, inter alia, there is a serious risk that he or she would be subjected to the death penalty, torture, persecution or other inhuman or degrading treatment or punishment, or where his or her life or freedom would be threatened on account of his or her race, religion, nationality, sexual orientation, membership of a particular social group or political opinion, or from which there is a serious risk of an expulsion, removal or extradition to another country in contravention of the principle of non-refoulement.

13. The possible existence of an arrangement between a Member State and a third country does not absolve Member States from their obligations under Union and international law, in particular as regards compliance with the principle of non-refoulement, whenever they are aware or ought to be aware that systemic deficiencies in the asylum procedure and in the reception conditions of asylum seekers in that third country amount to substantial grounds for believing that the asylum seeker would face a serious risk of being subjected to inhuman or degrading treatment or where they are aware or ought to be aware that that third country engages in practices in contravention of the principle of non-refoulement.

14. During a border surveillance operation at sea, a situation may occur where it will be necessary to render assistance to persons found in distress. In accordance with international law, every State must require the master of a vessel flying its flag, in so far as he can do so without serious danger to the vessel, the crew or the passengers, to render assistance without delay to any person found at sea in danger of being lost and to proceed with all possible speed to the rescue of persons in distress. Such assistance should be provided regardless of the nationality or status of the persons to be assisted or of the circumstances in which they are found. The shipmaster and crew should not face criminal penalties for the sole reason of having rescued persons in distress at sea and brought them to a place of safety.

15. The obligation to render assistance to persons found in distress should be fulfilled by Member States in accordance with the applicable provisions of international instruments governing search and rescue situations and in accordance with requirements concerning the protection of fundamental rights. This Regulation should not affect the responsibilities of search and rescue authorities, including for ensuring that coordination and cooperation is conducted in such a way that the persons rescued can be delivered to a place of safety.

16. When the operational area of a sea operation includes the search and rescue region of a third country, the establishment of communication channels with the search and rescue authorities of that third country should be sought when planning a sea operation, thereby ensuring that those authorities will be able to respond to search and rescue cases developing within their search and rescue region.

17. Pursuant to Regulation (EC) No 2007/2004, border surveillance operations coordinated by the Agency are conducted in accordance with an operational plan. Accordingly, as regards sea operations, the operational plan should include specific information on the application of the relevant jurisdiction and legislation in the geographical area where the joint operation, pilot project or rapid intervention takes place, including references to Union and international law regarding interception, rescue at sea and disembarkation. The operational plan should be established in accordance with the provisions of this Regulation governing interception, rescue at sea and disembarkation in the context of border surveillance operations at sea coordinated by the Agency and having regard to the particular circumstances of the operation concerned. The operational plan should include procedures ensuring that persons with international protection needs, victims of trafficking in human beings, unaccompanied minors and other vulnerable persons are identified and provided with appropriate assistance, including access to international protection.

18. The practice under Regulation (EC) No 2007/2004 is that for each sea operation, a coordination structure is established within the host Member State, composed of officers from the host Member State, guest officers and representatives of the Agency, including the Coordinating Officer of the Agency. This coordination structure, usually called International Coordination Centre, should be used as a channel for communication between the officers involved in the sea operation and the authorities concerned.

19. This Regulation respects the fundamental rights and observes the principles recognised by Articles 2 and 6 of the Treaty on European Union (TEU) and by the Charter, in particular respect for human dignity, the right to life, the prohibition of torture and of inhuman or degrading treatment or punishment, the prohibition of trafficking in human beings, the right to liberty and security, the right to the protection of personal data, the right to asylum and to protection against removal and expulsion, the principles of non-refoulement and non-discrimination, the right to an effective remedy and the rights of the child. This Regulation should be applied by Member States and the Agency in accordance with those rights and principles.

20. Since the objective of this Regulation, namely to adopt specific rules for the surveillance of the sea borders by border guards operating under the coordination of the Agency, cannot be sufficiently achieved by the Member States due to the differences in their laws and practices, but can rather, by reason of the multinational character of the operations, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 TEU. In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve that objective.

21. In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the TEU and to the TFEU, Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application. Given that this Regulation builds upon the Schengen acquis, Denmark shall, in accordance with Article 4 of that Protocol, decide within a period of six months after the Council has decided on this Regulation whether it will implement it in its national law.

22. As regards Iceland and Norway, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters’association with the implementation, application and development of the Schengen acquis [8] which fall within the area referred to in Article 1, point A, of Council Decision 1999/437/EC[9].

23. As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis[10] which fall within the area referred to in Article 1, point A, of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/146/EC[11].

24. As regards Liechtenstein, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis[12], which fall within the area referred to in Article 1, point A, of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU[13].

25. This Regulation constitutes a development of the provisions of the Schengen acquis in which the United Kingdom does not take part, in accordance with Council Decision 2000/365/EC[14]; the United Kingdom is therefore not taking part in its adoption and is not bound by it or subject to its application.

26. This Regulation constitutes a development of the provisions of the Schengen acquis in which Ireland does not take part, in accordance with Council Decision 2002/192/EC[15]; Ireland is therefore not taking part in its adoption and is not bound by it or subject to its application,

HAVE ADOPTED THIS REGULATION:

CHAPTER I

GENERAL PROVISIONS

Article 1

Scope

This Regulation shall apply to border surveillance operations carried out by Member States at their external sea borders in the context of operational cooperation coordinated by the European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union.

Article 2

Definitions

For the purposes of this Regulation the following definitions shall apply:

1. ‘Agency’ means the European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union established by Regulation (EC) No 2007/2004;

2. ‘sea operation’ means a joint operation, pilot project or rapid intervention carried out by Member States for the surveillance of their external sea borders under the coordination of the Agency;

3. ‘host Member State’ means a Member State in which a sea operation takes place or from which it is launched;

4. ‘participating Member State’ means a Member State which participates in a sea operation by providing technical equipment, border guards deployed as part of the European Border Guard Teams or other relevant staff but which is not a host Member State;

5. ‘participating unit’means a maritime, land or aerial unit under the responsibility of the host Member State or of a participating Member State that takes part in a sea operation;

6. ‘International Coordination Centre’ means the coordination structure established within the host Member State for the coordination of a sea operation;

7. ‘National Coordination Centre’ means the national coordination centre established for the purposes of the European Border Surveillance System (Eurosur) in accordance with Regulation (EU) No 1052/2013;

8. ‘operational plan’ means the operational plan referred to in Article 3a and Article 8e of Regulation (EC) No 2007/2004;

9. ‘vessel’means any type of water craft, including boats, dinghies, floating platforms, non-displacement craft and seaplanes, used or capable of being used at sea;

10. ‘stateless vessel’means a vessel without nationality or assimilated to a vessel without nationality when the vessel has not been granted by any State the right to fly its flag or when it sails under the flags of two or more States, using them according to convenience;

11. ‘Protocol against the Smuggling of Migrants’means the Protocol against the Smuggling of Migrants by Land, Sea and Air, supplementing the United Nations Convention against Transnational Organised Crime signed in Palermo, Italy in December 2000;

12. ‘place of safety’ means a location where rescue operations are considered to terminate and where the survivors’safety of life is not threatened, where their basic human needs can be met and from which transportation arrangements can be made for the survivors’next destination or final destination, taking into account the protection of their fundamental rights in compliance with the principle of non-refoulement;

13. ‘Rescue Coordination Centre’ means a unit responsible for promoting efficient organisation of search and rescue services and for coordinating the conduct of search and rescue operations within a search and rescue region as defined in the International Convention on Maritime Search and Rescue;

14. ‘contiguous zone’ means a zone contiguous to the territorial sea as defined in Article 33 of the United Nations Convention on the Law of the Sea, where formally proclaimed;

15. ‘coastal Member State’ means a Member State in whose territorial sea or contiguous zone an interception takes place.

CHAPTER II

GENERAL RULES

Article 3

Safety at sea

Measures taken for the purpose of a sea operation shall be conducted in a way that, in all instances, ensures the safety of the persons intercepted or rescued, the safety of the participating units or that of third parties.

Article 4

Protection of fundamental rights and the principle of non-refoulement

1. No person shall, in contravention of the principle of non-refoulement, be disembarked in, forced to enter, conducted to or otherwise handed over to the authorities of a country where, inter alia, there is a serious risk that he or she would be subjected to the death penalty, torture, persecution or other inhuman or degrading treatment or punishment, or where his or her life or freedom would be threatened on account of his or her race, religion, nationality, sexual orientation, membership of a particular social group or political opinion, or from which there is a serious risk of an expulsion, removal or extradition to another country in contravention of the principle of non-refoulement.

2. When considering the possibility of disembarkation in a third country, in the context of planning a sea operation, the host Member State, in coordination with participating Member States and the Agency, shall take into account the general situation in that third country.

The assessment of the general situation in a third country shall be based on information derived from a broad range of sources, which may include other Member States, Union bodies, offices and agencies, and relevant international organisations and it may take into account the existence of agreements and projects on migration and asylum carried out in accordance with Union law and through Union funds. That assessment shall be part of the operational plan, shall be provided to the participating units and shall be updated as necessary.

Intercepted or rescued persons shall not be disembarked, forced to enter, conducted to or otherwise handed over to the authorities of a third country when the host Member State or the participating Member States are aware or ought to be aware that that third country engages in practices as described in paragraph 1.

3. During a sea operation, before the intercepted or rescued persons are disembarked in, forced to enter, conducted to or otherwise handed over to the authorities of a third country and taking into account the assessment of the general situation in that third country in accordance with paragraph 2, the participating units shall, without prejudice to Article 3, use all means to identify the intercepted or rescued persons, assess their personal circumstances, inform them of their destination in a way that those persons understand or may reasonably be presumed to understand and give them an opportunity to express any reasons for believing that disembarkation in the proposed place would be in violation of the principle of non-refoulement.

For those purposes, further details shall be provided for in the operational plan including, when necessary, the availability of shore-based medical staff, interpreters, legal advisers and other relevant experts of the host and participating Member States. Each participating unit shall include at least one person with basic first aid training.

The report referred to in Article 13 shall, based on information that shall be provided by the host and participating Member States, include further details on cases of disembarkation in third countries and how each element of the procedures laid down in the first subparagraph of this paragraph was applied by the participating units to ensure compliance with the principle of non-refoulement.

4. Throughout a sea operation, the participating units shall address the special needs of children, including unaccompanied minors, victims of trafficking in human beings, persons in need of urgent medical assistance, disabled persons, persons in need of international protection and other persons in a particularly vulnerable situation.

5. Any exchange with third countries of personal data obtained during a sea operation for the purposes of this Regulation shall be strictly limited to what is absolutely necessary and shall be carried out in accordance with Directive 95/46/EC of the European Parliament and of the Council[16], Council Framework Decision 2008/977/JHA[17] and relevant national provisions on data protection.

The exchange with third countries of personal data regarding intercepted or rescued persons obtained during a sea operation shall be prohibited where there is a serious risk of contravention of the principle of non-refoulement.

6. Participating units shall, in the performance of their duties, fully respect human dignity.

7. This Article shall apply to all measures taken by Member States or the Agency in accordance with this Regulation.

8. Border guards and other staff participating in a sea operation shall be trained with regard to relevant provisions of fundamental rights, refugee law and the international legal regime of search and rescue in accordance with the second paragraph of Article 5 of Regulation (EC) No 2007/2004.

CHAPTER III

SPECIFIC RULES

Article 5

Detection

1. Upon detection, the participating units shall approach a vessel suspected of carrying persons circumventing or intending to circumvent checks at border crossing points or of being engaged in the smuggling of migrants by sea in order to observe its identity and nationality and, pending further measures, shall survey that vessel at a prudent distance taking all due precautions. The participating units shall collect and immediately report information about that vessel to the International Coordination Centre, including, where possible, information about the situation of persons on board, in particular whether there is an imminent risk to their lives or whether there are persons in urgent need of medical assistance. The International Coordination Centre shall transmit that information to the National Coordination Centre of the host Member State.

2. Where a vessel is about to enter or it has entered the territorial sea or the contiguous zone of a Member State that is not participating in the sea operation, the participating units shall collect and report information about that vessel to the International Coordination Centre, which shall transmit that information to the National Coordination Centre of the Member State concerned.

3. The participating units shall collect and report information about any vessel suspected of being engaged in illegal activities at sea, which are outside the scope of the sea operation, to the International Coordination Centre, which shall transmit that information to the National Coordination Centre of the Member State concerned.

Article 6

Interception in the territorial sea

1. In the territorial sea of the host Member State or a neighbouring participating Member State, that State shall authorise the participating units to take one or more of the following measures where there are reasonable grounds to suspect that a vessel may be carrying persons intending to circumvent checks at border crossing points or is engaged in the smuggling of migrants by sea:

(a) requesting information and documentation on ownership, registration and elements relating to the voyage of the vessel, and on the identity, nationality and other relevant data on persons on board, including whether there are persons in urgent need of medical assistance, and making persons on board aware that they may not be authorised to cross the border;

(b) stopping, boarding and searching the vessel, its cargo and persons on board, and questioning persons on board and informing them that persons directing the vessel may face penalties for facilitating the voyage.

2. If evidence confirming that suspicion is found, that host Member State or neighbouring participating Member State may authorise the participating units to take one or more of the following measures:

(a) seizing the vessel and apprehending persons on board;

(b) ordering the vessel to alter its course outside of or towards a destination other than the territorial sea or the contiguous zone, including escorting the vessel or steaming nearby until it is confirmed that the vessel is keeping to that given course;

(c) conducting the vessel or persons on board to the coastal Member State in accordance with the operational plan.

3. Any measure taken in accordance with paragraph 1 or 2 shall be proportionate and shall not exceed what is necessary to achieve the objectives of this Article.

4. For the purposes of paragraphs 1 and 2, the host Member State shall instruct the participating unit appropriately through the International Coordination Centre.

The participating unit shall inform the host Member State, through the International Coordination Centre, whenever the master of the vessel requests that a diplomatic agent or a consular officer of the flag State be notified.

5. Where there are reasonable grounds to suspect that a stateless vessel is carrying persons intending to circumvent the checks at border crossing points or is engaged in the smuggling of migrants by sea, the host Member State or the neighbouring participating Member State in whose territorial sea that stateless vessel is intercepted shall authorise one or more of the measures laid down in paragraph 1 and may authorise one or more of the measures laid down in paragraph 2. The host Member State shall instruct the participating unit appropriately through the International Coordination Centre.

6. Any operational activities in the territorial sea of a Member State that is not participating in the sea operation shall be conducted in accordance with the authorisation of that Member State. The host Member State shall instruct the participating unit through the International Coordination Centre based on the course of action authorised by that Member State.

Article 7

Interception on the high seas

1. On the high seas, where there are reasonable grounds to suspect that a vessel is engaged in the smuggling of migrants by sea, the participating units shall take one or more of the following measures, subject to the authorisation of the flag State, in accordance with the Protocol against the Smuggling of Migrants, and where relevant, national and international law:

(a) requesting information and documentation on ownership, registration and elements relating to the voyage of the vessel, and on the identity, nationality and other relevant data on persons on board, including whether there are persons in urgent need of medical assistance;

(b) stopping, boarding and searching the vessel, its cargo and persons on board, and questioning persons on board and informing them that persons directing the vessel may face penalties for facilitating the voyage.

2. If evidence confirming that suspicion is found, the participating units may take one or more of the following measures, subject to the authorisation of the flag State, in accordance with the Protocol against the Smuggling of Migrants, and where relevant, national and international law:

(a) seizing the vessel and apprehending persons on board;

(b) warning and ordering the vessel not to enter the territorial sea or the contiguous zone, and, where necessary, requesting the vessel to alter its course towards a destination other than the territorial sea or the contiguous zone;

(c) conducting the vessel or persons on board to a third country or otherwise handing over the vessel or persons on board to the authorities of a third country;

(d) conducting the vessel or persons on board to the host Member State or to a neighbouring participating Member State.

3. Any measure taken in accordance with paragraph 1 or 2 shall be proportionate and shall not exceed what is necessary to achieve the objectives of this Article.

4. For the purposes of paragraphs 1 and 2, the host Member State shall instruct the participating unit appropriately through the International Coordination Centre.

5. Where the vessel is flying the flag or displays the marks of registry of the host Member State or of a participating Member State, that Member State may, after confirming the nationality of the vessel, authorise one or more of the measures laid down in paragraphs 1 and 2. The host Member State shall then instruct the participating unit appropriately through the International Coordination Centre.

6. Where the vessel is flying the flag or displays the marks of registry of a Member State that is not participating in the sea operation or of a third country, the host Member State or a participating Member State, depending on whose participating unit has intercepted that vessel, shall notify the flag State, shall request confirmation of registry and, if nationality is confirmed, shall request that the flag State take action to suppress the use of its vessel for smuggling of migrants. If the flag State is unwilling or unable to do so either directly or with the assistance of the Member State to whom the participating unit belongs, that Member State shall request authorisation from the flag State to take any of the measures laid down in paragraphs 1 and 2. The host Member State or the participating Member State shall inform the International Coordination Centre of any communication with the flag State and of the intended actions or measures authorised by the flag State. The host Member State shall then instruct the participating unit appropriately through the International Coordination Centre.

7. Where, though flying a foreign flag or refusing to show its flag, there are reasonable grounds to suspect that the vessel is, in reality, of the same nationality as a participating unit, that participating unit shall verify the vessel’s right to fly its flag. To that end, it may approach the suspect vessel. If suspicion remains it shall proceed to a further examination on board the vessel, which shall be carried out with all possible consideration.

8. Where, though flying a foreign flag or refusing to show its flag, there are reasonable grounds to suspect that the vessel is, in reality, of the nationality of the host Member State or a participating Member State, the participating unit shall verify the vessel’s right to fly its flag.

9. Where, in the cases referred to in paragraph 7 or 8, the suspicions regarding the nationality of the vessel prove to be founded, that host Member State or that participating Member State may authorise one or more of the measures laid down in paragraphs 1 and 2. The host Member State shall then instruct the participating unit appropriately through the International Coordination Centre.

10. Pending or in the absence of authorisation of the flag State, the vessel shall be surveyed at a prudent distance. No other measures shall be taken without the express authorisation of the flag State, except those necessary to relieve imminent danger to the lives of persons or those measures which derive from relevant bilateral or multilateral agreements.

11. Where there are reasonable grounds to suspect that a stateless vessel is engaged in the smuggling of migrants by sea, the participating unit may board and search the vessel with a view to verifying its statelessness. If evidence confirming that suspicion is found, the participating unit shall inform the host Member State which may take, directly or with the assistance of the Member State to whom the participating unit belongs, further appropriate measures as laid down in paragraphs 1 and 2 in accordance with national and international law.

12. A Member State whose participating unit has taken any measure in accordance with paragraph 1 shall promptly inform the flag State of the outcome of that measure.

13. The national official representing the host Member State or a participating Member State at the International Coordination Centre shall be responsible for facilitating communications with the relevant authorities of that Member State in seeking authorisation to verify the right of a vessel to fly its flag or to take any of the measures laid down in paragraphs 1 and 2.

14. Where the grounds to suspect that a vessel is engaged in the smuggling of migrants on the high seas prove to be unfounded or where the participating unit does not have jurisdiction to act, but there remains a reasonable suspicion that the vessel is carrying persons intending to reach the border of a Member State and to circumvent checks at border crossing points, that vessel shall continue to be monitored. The International Coordination Centre shall communicate information about that vessel to the National Coordination Centre of the Member States towards which it is directed.

Article 8

Interception in the contiguous zone

1. In the contiguous zone of the host Member State or of a neighbouring participating Member State, the measures laid down in paragraphs 1 and 2 of Article 6 shall be taken in accordance with those paragraphs and with paragraphs 3 and 4 thereof. Any authorisation referred to in Article 6(1) and (2) may only be given for measures that are necessary to prevent the infringement of relevant laws and regulations within that Member State’s territory or territorial sea.

2. The measures laid down in Article 6(1) and (2) shall not be taken in the contiguous zone of a Member State that is not participating in the sea operation without the authorisation of that Member State. The International Coordination Centre shall be informed of any communication with that Member State and of the subsequent course of action authorised by that Member State. If that Member State does not give its authorisation and where there are reasonable grounds to suspect that the vessel is carrying persons intending to reach the border of a Member State, Article 7(14) shall apply.

3. Where a stateless vessel is transiting the contiguous zone, Article 7(11) shall apply.

Article 9

Search and rescue situations

1. Member States shall observe their obligation to render assistance to any vessel or person in distress at sea and, during a sea operation, they shall ensure that their participating units comply with that obligation, in accordance with international law and respect for fundamental rights. They shall do so regardless of the nationality or status of such a person or the circumstances in which that person is found.

2. For the purpose of dealing with search and rescue situations that may occur during a sea operation, the operational plan shall contain, in accordance with relevant international law, including that on search and rescue, at least the following provisions:

(a) When, in the course of a sea operation, the participating units have reason to believe that they are facing a phase of uncertainty, alert or distress as regards a vessel or any person on board, they shall promptly transmit all available information to the Rescue Coordination Centre responsible for the search and rescue region in which the situation occurs and they shall place themselves at the disposal of that Rescue Coordination Centre.

(b) The participating units shall inform the International Coordination Centre as soon as possible of any contact with the Rescue Coordination Centre and of the course of action taken by them.

(c) A vessel or the persons on board shall be considered to be in a phase of uncertainty in particular:

(i) when a person has been reported as missing or a vessel is overdue; or

(ii) when a person or a vessel has failed to make an expected position or safety report.

(d) A vessel or the persons on board shall be considered to be in a phase of alert in particular:

(i) when, following a phase of uncertainty, attempts to establish contact with a person or a vessel have failed and inquiries addressed to other appropriate sources have been unsuccessful; or

(ii) when information has been received indicating that the operating efficiency of a vessel is impaired, but not to the extent that a distress situation is likely.

(e) A vessel or the persons on board shall be considered to be in a phase of distress in particular:

(i) when positive information is received that a person or a vessel is in danger and in need of immediate assistance; or

(ii) when, following a phase of alert, further unsuccessful attempts to establish contact with a person or a vessel and more widespread unsuccessful inquiries point to the probability that a distress situation exists; or

(iii) when information is received which indicates that the operating efficiency of a vessel has been impaired to the extent that a distress situation is likely.

(f) Participating units shall, for the purpose of considering whether the vessel is in a phase of uncertainty, alert or distress, take into account and transmit all relevant information and observations to the responsible Rescue Coordination Centre including on:

(i) the existence of a request for assistance, although such a request shall not be the sole factor for determining the existence of a distress situation;

(ii) the seaworthiness of the vessel and the likelihood that the vessel will not reach its final destination;

(iii) the number of persons on board in relation to the type and condition of the vessel;

(iv) the availability of necessary supplies such as fuel, water and food to reach a shore;

(v) the presence of qualified crew and command of the vessel;

(vi) the availability and capability of safety, navigation and communication equipment

(vii) the presence of persons on board in urgent need of medical assistance;

(viii) the presence of deceased persons on board;

(ix) the presence of pregnant women or of children on board;

(x) the weather and sea conditions, including weather and marine forecasts.

(g) While awaiting instructions from the Rescue Coordination Centre, participating units shall take all appropriate measures to ensure the safety of the persons concerned.

(h) Where a vessel is considered to be in a situation of uncertainty, alert or distress but the persons on board refuse to accept assistance, the participating unit shall inform the responsible Rescue Coordination Centre and follow its instructions. The participating unit shall continue to fulfil a duty of care by surveying the vessel and by taking any measure necessary for the safety of the persons concerned, while avoiding to take any action that might aggravate the situation or increase the chances of injury or loss of life.

(i) Where the Rescue Coordination Centre of a third country responsible for the search and rescue region does not respond to the information transmitted by the participating unit, the latter shall contact the Rescue Coordination Centre of the host Member State unless that participating unit considers that another internationally recognised Rescue Coordination Centre is better able to assume coordination of the search and rescue situation.

The operational plan may contain details adapted to the circumstances of the sea operation concerned.

3. Where the search and rescue situation has been concluded, the participating unit shall, in consultation with the International Coordination Centre, resume the sea operation.

Article 10

Disembarkation

1. The operational plan shall contain, in accordance with international law and respect for fundamental rights, at least the following modalities for the disembarkation of the persons intercepted or rescued in a sea operation:

(a) in the case of interception in the territorial sea or the contiguous zone as laid down in Article 6(1), (2) or (6) or in Article 8(1) or (2), disembarkation shall take place in the coastal Member State, without prejudice to point (b) of Article 6(2);

(b) in the case of interception on the high seas as laid down in Article 7, disembarkation may take place in the third country from which the vessel is assumed to have departed. If that is not possible, disembarkation shall take place in the host Member State;

(c) in the case of search and rescue situations as laid down in Article 9 and without prejudice to the responsibility of the Rescue Coordination Centre, the host Member State and the participating Member States shall cooperate with the responsible Rescue Coordination Centre to identify a place of safety and, when the responsible Rescue Coordination Centre designates such a place of safety, they shall ensure that disembarkation of the rescued persons is carried out rapidly and effectively.

If it is not possible to arrange for the participating unit to be released of its obligation referred to in Article 9(1) as soon as reasonably practicable, taking into account the safety of the rescued persons and that of the participating unit itself, it shall be authorised to disembark the rescued persons in the host Member State.

Those modalities for disembarkation shall not have the effect of imposing obligations on Member States not participating in the sea operation unless they expressly provide authorisation for measures to be taken in their territorial sea or contiguous zone in accordance with Article 6(6) or Article 8(2).

The operational plan may contain details adapted to the circumstances of the sea operation concerned.

2. The participating units shall inform the International Coordination Centre of the presence of any persons within the meaning of Article 4, and the International Coordination Centre shall transmit that information to the competent national authorities of the country where disembarkation takes place.

The operational plan shall contain the contact details of those competent national authorities, which shall take appropriate follow-up measures.

Article 11

Amendment to Regulation (EC) No 2007/2004

In Articles 3a(1) and 8e(1) of Regulation (EC) No 2007/2004, at the end of point (j) respectively, the following sentence is added:

‘In that regard the operational plan shall be established in accordance with Regulation (EU) No 656/2014 of the European Parliament and of the Council[18].

Article 12

Solidarity mechanisms

1. A Member State faced with a situation of urgent and exceptional pressure at its external border shall be able to request:

(a) the deployment of European Border Guard Teams in accordance with Article 8a of Regulation (EC) No 2007/2004 to provide rapid operational assistance to that Member State;

(b) the Agency for technical and operational assistance in accordance with Article 8 of Regulation (EC) No 2007/2004 in order to obtain assistance on matters of coordination between Members States and/or the deployment of experts to support the competent national authorities;

(c) emergency assistance under Article 14 of Regulation (EU) No 515/2014 of the European Parliament and of the Council[19] to address urgent and specific needs in the event of an emergency situation.

2. A Member State subject to strong migratory pressure which places urgent demands on its reception facilities and asylum systems shall be able to request:

(a) the European Asylum Support Office for the deployment of an asylum support team in accordance with Article 13 of Regulation (EU) No 439/2010 of the European Parliament and of the Council[20] to provide expertise, such as in relation to interpreting services, information on countries of origin and knowledge of the handling and management of asylum cases;

(b) emergency assistance under Article 21 of Regulation (EU) No 516/2014 of the European Parliament and of the Council[21] to address urgent and specific needs in the event of an emergency situation.

Article 13

Report

1. The Agency shall submit a report to the European Parliament, the Council and the Commission on the practical application of this Regulation by 18 July 2015 and every year thereafter.

2. The report shall include a description of the procedures put in place by the Agency to apply this Regulation during sea operations and information on the application of this Regulation in practice, including detailed information on compliance with fundamental rights and the impact on those rights, and any incidents which may have taken place.

CHAPTER IV

FINAL PROVISIONS

Article 14

Effects of Decision 2010/252/EU

Decision 2010/252/EU ceases to produce effects from the date of entry into force of this Regulation.

Article 15

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.

Done at Brussels, 15 May 2014.