
Article 1 

1. This Regulation establishes a central database (hereinafter ‘the exclusion database’) as referred to in Article 95 of Regulation (EC, Euratom) No 1605/2002 (hereinafter ‘the Financial Regulation’).
2. Data contained in the exclusion database may be used only for the purposes of applying Articles 93 to 96 and 114 of the Financial Regulation and Articles 133 to 134b of Regulation (EC, Euratom) No 2342/2002 as well as Articles 96 to 99 and 110 of Regulation (EC) No 215/2008.
3. OLAF may use the data for its investigations pursuant to Regulation (EC) No 1073/1999 and Council Regulation (Euratom) No 1074/1999 as well as for its intelligence and fraud prevention activities, including risk analyses.
Article 2 
For the purpose of this Regulation, the following definitions shall apply:

1.. ‘institutions’ mean European Parliament, Council, Commission, Court of Justice, Court of Auditors, European Economic and Social Committee, Committee of the Regions, Ombudsman, European Data-Protection Supervisor, executive agencies and bodies referred to in Article 185(1) of the Financial Regulation;
2.. ‘implementing authority or body’ means authorities of the Member States and third countries, international organisations and other bodies participating in the implementation of the budget in accordance with Articles 53 and 54 of the Financial Regulation, with the exception of executive agencies and bodies referred to in Article 185(1) of that Regulation. Member States may assign tasks provided for in this Regulation to other national public authorities, which shall be assimilated to implementing authorities or bodies.
3.. ‘third parties’ mean candidates, tenderers, contractors, suppliers, service providers and their respective subcontractors, as well as grant applicants, grant beneficiaries, including beneficiaries of direct aid, contractors of grant beneficiaries and entities receiving financial support from a beneficiary of a Community grant pursuant to Article 120 of the Financial Regulation.
Article 3 
Exclusion warnings shall contain the following data:

((a)) information identifying third parties, which are in one of the situations referred to in Article 93(1), 94, 96(1)(b) and 96(2)(a) of the Financial Regulation;
((b)) information concerning persons with powers of representation, decision-making or control over legal entities, when those persons have found themselves in one of the situations referred to in Article 93(1), 94, 96(1)(b) and 96(2)(a) of the Financial Regulation;
((c)) the grounds for exclusion of third parties referred to in point (a) or persons referred to in point (b) and, where appropriate, the type of conviction and the duration of the period of exclusion.
Article 4 

1. The Commission’s accounting officer or his subordinate staff to whom certain tasks are delegated in application of Article 62 of the Financial Regulation (hereinafter ‘the accounting officer of the Commission’) shall ensure the administration of the exclusion database and make appropriate technical arrangements.The accounting officer of the Commission shall enter, modify or remove exclusion warnings pursuant to requests by the institutions.
2. The accounting officer of the Commission shall adopt implementing measures concerning technical aspects and define associated supporting procedures, including in the field of security.He shall notify those measures to the Commission services and the executive agencies and, where appropriate, the contact points of the other institutions designated in accordance with Article 6(1) or the liaison points designated in accordance with Article 7(2).
Article 5 

1. Institutions, other than the Commission and executive agencies, shall have direct access to the data contained in the exclusion database via the accounting system provided by the Commission (ABAC) or through contact points.
2. Implementing authorities or bodies managing funds under shared management and national public-sector bodies of Member States managing funds under centralised indirect management shall have access to data contained in the exclusion database through liaison points.
3. Implementing authorities or bodies managing funds under centralised indirect, decentralised or joint management shall have access to the data contained in the exclusion database through liaison points when they certify to the Commission service responsible that they apply the adequate data protection measures as laid down in agreements concluded pursuant to the second subparagraph of Article 134a(4) of Regulation (EC, Euratom) No 2342/2002.However, the implementing authorities or bodies shall not be given access to the exclusion database in either of the following cases:
(a) the Commission service responsible has not received the certification referred to in the first subparagraph;
(b) the Commission service responsible is in possession of evidence that the implementing authorities or bodies do not apply adequate data protection measures;
(c) the Commission service responsible considers that the access would be inappropriate in the cases of limited level of decentralisation comprising ex ante control by the Commission.Where access to the data contained in the exclusion database is denied, the Commission service responsible shall take appropriate measures in order to ensure at least the same level of protection of the Communities’ financial interests. In the framework of those measures, before the award of a grant or a contract, the Commission service responsible shall verify that the third party concerned is not subject to an exclusion warning.
4. Access to data contained in the exclusion database by Commission services and executive agencies is laid down in Commission Decision 2008/969/EC, Euratom.
Article 6 

1. Each institution, other than the Commission and the executive agencies, shall designate a contact point responsible as regards all issues related to the exclusion database and communicate the names of the persons in charge to the accounting officer of the Commission.
2. Contact points may provide access to the information contained in the exclusion database to authorised users, who shall be staff members of the institutions, for whom access to that database is indispensable for a proper exercise of their tasks. Each contact point shall keep a register of authorised users and give the Commission access to it upon request.Authorised users may proceed to active online consultation of the exclusion database.
3. The institution shall provide for adequate security measures to prevent the information from being read or copied by unauthorised persons.
Article 7 

1. Liaison points shall be responsible for relations with the Commission as regards all issues related to the exclusion database.
2. Each Member State shall designate one liaison point for the funds it implements by shared management pursuant to Article 53(b) and the funds implemented by centralised indirect management by its national public-sector bodies pursuant to Article 54(2)(c) of the Financial Regulation. Exceptionally and for duly justified reasons, the Commission may approve more than one liaison point per Member State.
3. Each third country implementing funds by decentralised management pursuant to Article 53(b) of the Financial Regulation shall designate a liaison point at the request of the Commission service responsible.Each implementing body implementing funds by joint management pursuant to Article 53(c) or by centralised indirect management pursuant to points (b), (c) or (d) of Article 54(2) of that Regulation, with the exception of national public-sector bodies, shall designate a liaison point at the request of the Commission service responsible.However, the Commission service responsible shall not request designation of a liaison point where such a liaison point already exists.When the Commission service responsible withdraws access of a liaison point to the exclusion database, it shall inform the accounting officer of the Commission accordingly.
4. Each Member State and each authority or body referred to in paragraph 3 shall communicate the names of the persons in charge of their respective liaison point to the accounting officer of the Commission. The accounting officer of the Commission shall publish the list of third countries and implementing bodies disposing of liaison points on the Commission’s internal Internet site.
5. Liaison points shall provide the implementing authorities or bodies with access to the information contained in the exclusion database.Implementing authorities and bodies may designate authorised users among their staff members. The number of such authorised users shall be limited to persons for whom access to that database is indispensable for a proper exercise of their tasks. Each implementing authority or body shall keep a register of authorised users and give the Commission access to it upon request.For the purpose of award of contracts connected with implementation of the budget or the European Development Fund, authorised users may proceed to active online consultation of the exclusion database. Where an online consultation is not possible, the authorised user may receive downloaded data. In the latter case, the data shall be updated at least on a monthly basis.
6. The authority or body having designated the liaison point or the authorised users shall provide for adequate security measures to prevent the information from being read or copied by unauthorised persons.
Article 8 

1. All requests for registration, rectification, updating or removal of exclusion warnings shall be addressed to the accounting officer of the Commission.Only institutions may submit such requests. For that purpose, the Commission services and executive agencies responsible shall use the templates set out in the Annex to Decision 2008/969/EC, Euratom and the contact points of other institutions shall use the templates set out in Annex I to this Regulation.
2. In each request for registration of an exclusion warning, the Commission service or the executive agency responsible shall certify that the information communicated was established and transmitted in accordance with Regulation (EC) No 45/2001 and indicate a warning contact person assuming the responsibilities laid down in Article 12 of this Regulation.When requesting the registration of an exclusion warning, the contact points shall certify that the information communicated was established and transmitted in accordance with Regulation (EC) No 45/2001. The contact points shall assume the responsibilities of a warning contact person.
3. Any institution shall request provisional registration of an exclusion warning pending a decision on the duration of the exclusion.
4. The Commission service responsible or another institution that has requested registration of an exclusion warning shall be responsible for requesting rectification, updating or removal of that warning.
Article 9 

1. The liaison points shall communicate information received from implementing authorities or bodies on exclusion situations referred to in Article 93(1)(e) of the Financial Regulation to the accounting officer of the Commission who shall forward this information to the Commission service responsible for the programme, action or legislation and identified by the authorities or bodies. They shall also transmit the certification of the implementing authority or body that the information communicated by them was established and transmitted in accordance with the principles set out in Directive 95/46/EC.For that purpose, the liaison points shall use the template set out in Annex II to this Regulation.
2. Upon receipt of information referred to in paragraph 1, the Commission service responsible shall request the accounting officer of the Commission to enter an exclusion warning into the exclusion database for the duration determined by the implementing authority or body up to the maximum duration laid down in Article 93(3) of the Financial Regulation.Where no duration is determined, the Commission service responsible shall request a provisional registration in accordance with Article 10(2), pending a decision by the Commission. The Commission service responsible shall refer the case as soon as possible to the Commission for decision.
3. The implementing authority or body shall be responsible for the data communicated. It shall, without delay, inform the Commission service responsible, through the liaison point, whenever information transmitted needs to be rectified, updated or removed.For that purpose, the implementing authorities or bodies and the liaison points shall use the template set out in Annex II.Upon receipt of updated information, the Commission service responsible shall request the accounting officer of the Commission to rectify, update or remove the exclusion warning concerned.
Article 10 

1. Warnings concerning exclusions pursuant to points (b), (c), (e) and (f) of Article 93(1) of the Financial Regulation shall be registered for the period determined by the requesting institution and specified in the request.
2. An exclusion warning based on a request submitted in accordance with Article 8(3) shall be registered provisionally for a period of three months. The provisional registration may be renewed once upon request.However, the provisional registration of an exclusion warning based on requests referred to in the second subparagraph of Article 9(2), may be, in exceptional cases, renewed for an additional period of three months.
3. Warnings concerning exclusions pursuant to points (a) or (d) of Article 93(1) of the Financial Regulation shall be registered for the period of five years.
4. Warnings concerning exclusions from the award of a contract or grant in a given procedure pursuant to Article 94(a) and (b) of the Financial Regulation shall be registered for a period of six months.
Article 11 
Exclusion warnings shall be removed automatically after expiry of the duration set out in Article 10.
The institution which requested the registration, shall request the removal of an exclusion warning before the expiry of the duration, where the third party is no longer in an exclusion situation, in particular for the cases mentioned in paragraph 3 of Article 10 or for manifest errors discovered after the registration of the exclusion.
Article 12 

1. The warning contact person referred to in Article 8(2) of this Regulation shall provide, in writing or by electronic means, all relevant information available to such an extent as to enable the requesting institution to take exclusion decisions pursuant to Article 93(1) of the Financial Regulation or to enable the implementing authority or body to take it into account for the award of contracts connected with implementation of the budget.
2. Where certificates or evidence obtained by an institution are not consistent with registered exclusion warnings, the institution concerned shall immediately inform the warning contact person. The warning contact person and where appropriate the liaison point concerned shall take appropriate action.
3. Where certificates or evidence obtained by an implementing authority or body are not consistent with registered exclusion warnings, the authority or body shall transmit the information, through its liaison point, to the warning contact person. The warning contact person and where appropriate the liaison point concerned shall take appropriate action.
4. The accounting officer of the Commission and the contact points of the other institutions shall regularly exchange best practices.Issues related to the exclusion database shall be discussed in the framework of meetings between the implementing authority or body and the Commission service responsible.
Article 13 

1. In the calls for tender and calls for proposals and, in the absence of calls, before awarding contracts or grants, the institutions and implementing authorities or bodies shall inform third parties of the data concerning them that may be included in the exclusion database and of the entities to whom the data may be communicated. Where third parties are legal entities the institutions and implementing authorities or bodies shall also inform the persons who have powers of representation, decision-making or control over these legal entities.
2. The institution requesting registration of an exclusion warning shall be responsible for relations with the natural or legal person whose data are introduced into the exclusion database (hereinafter ‘the data subject concerned’).The institution shall inform the data subject concerned of the request for activation, updating and removal of any exclusion warning directly concerning it and state the reasons thereof.The institution shall also respond to requests from data subjects concerned to rectify inaccurate or incomplete personal data and to any other requests or questions from those subjects.Requests or questions from data subjects concerned with regard to information provided by implementing authorities or bodies shall be treated by those authorities or bodies. The Commission service responsible shall refer such requests and questions to the liaison point concerned and inform the data subject concerned thereof.
3. Without prejudice to the information requirements set out in paragraph 2, a duly identified natural person may request information on whether data concerning him is registered in the exclusion database.The accounting officer of the Commission shall inform him in writing or by electronic means, whether the person is registered in the exclusion database. If the person is registered, the accounting officer of the Commission shall attach the data stored in the exclusion database concerning that person. He shall inform the institution that requested the warning thereof.
4. Without prejudice to the information requirements set out in paragraph 2, a duly empowered representative of a legal person, may request information on whether that legal person is registered in the exclusion database.The accounting officer of the Commission shall inform him in writing or by electronic means whether the legal person is registered in the exclusion database. If the person is registered, the accounting officer of the Commission shall attach the data stored in the exclusion database concerning that person. He shall inform the institution that requested the warning thereof.
5. Removed warnings shall be accessible for audit and investigation purposes only and shall not be visible for the users of the database.However, personal data contained in exclusion warnings referring to natural persons shall remain accessible to such purposes only for five years after the removal of the warning.
Article 14 

1. Information from implementing authorities or bodies shall exclusively concern judgments rendered after 1 January 2009.
2. Warnings registered pursuant to Article 95 of the Financial Regulation before the date of application of this Regulation and still active on that date shall constitute exclusion warnings and shall be directly inserted in the exclusion database.
3. Where a third party concerned was not informed of the registration of an exclusion warning referred to in paragraph 2, the Commission service or the institution that requested the registration shall inform the third party that its data were introduced into the exclusion database within one month from the date of application of this Regulation.
4. The Commission service responsible or other institution that requested registration of an exclusion warning referred to in paragraph 2 remain responsible for requesting modification or removal of that warning in accordance with this Regulation.
5. For exclusions decided by a Commission service or an executive agency pursuant to Article 93(1)(b) and (e) of the Financial Regulation before 1 May 2007, the duration of the exclusion period shall take into account the duration of criminal records under national law.For such exclusion, a maximum duration of four years from the date of notification of the judgment shall apply. If that period has elapsed, the Commission service or the executive agency responsible shall request removal of the warning.
Article 15 
This Regulation shall enter into force on the day of its publication in the Official Journal of the European Union.
It shall apply from 1 January 2009.
This Regulation shall be binding in its entirety and directly applicable in all Member States.Done at Brussels, 17 December 2008.
For the Commission
Dalia GRYBAUSKAITĖ
Member of the Commission
ANNEX I

The request has to be sent in conformity with the procedure for classified information pursuant to the rules set by the institution. It has to be sent in a single closed envelope.
European CommissionDirectorate-General BudgetAccounting Officer of the CommissionBRE2 13/505B-1049 BRUXELLES

ANNEX II
