
CHAPTER I
Article 1 
This Regulation lays down rules applicable to the notification, through information systems, of information and documents (hereinafter documents) as required to meet communication obligations by the Member States to the Commission, pursuant to:

— Regulation (EC) No 247/2006 and its implementing rules,
— Regulation (EC) No 1405/2006 and its implementing rules,
— Regulation (EC) No 1234/2007 and its implementing rules,
— Regulation (EC) No 3/2008 and its implementing rules,
— Regulation (EC) No 73/2009 and its implementing rules,
Article 2 
For the purposes of this Regulation:

((a)) ‘notification obligation’ means the obligation to submit documents from the Member States to the Commission, provided for in the Community legislation referred to in Article 1;
((b)) ‘competent authorities’ means the authorities or bodies designated by the Member States as responsible for fulfilling the notification obligation;
((c)) ‘authority responsible for the information systems’ means the authority, department, body or person that is responsible in the Commission for validating and using the system and is identified as such in that system;
((d)) ‘metadata’ means the data describing the context, contents and structure of documents and their management over time.
CHAPTER II
Article 3 
To fulfil the notification obligation, documents shall be notified to the Commission by means of the information systems made available to the competent authorities, hereinafter referred to as ‘information systems’, as from the date that the corresponding notification obligation provides for the obligation to use those systems in accordance with this Regulation.
Article 4 

1. Granting access rights and certifying the identity of those authorised to access the information systems (hereinafter users) shall be the responsibility of the competent authorities of the Member States.
2. As regards access to the systems, each Member State shall:
(a) designate a single liaison body responsible for:
((i)) validating, for each system, the access rights granted and updated by the competent authorities and the certified identity of the users authorised to have an access to the systems;
((ii)) notifying the Commission of the competent authorities and users authorised to access the systems;
(b) inform the Commission of the identity and contact details of the liaison body it has designated.After access rights have been validated, they shall be activated by the authority responsible for the information systems.
Article 5 

1. The documents shall be set up and notified in accordance with the procedures established by the information systems, using models or methods made available to users through those information systems, under the responsibility of the competent authority of the Member State and in accordance with the access rights granted by the authorities in question. Those models and methods shall be amended and made available after an information has been given to the users of the related system.
2. In cases of force majeure or exceptional circumstances, and in particular of malfunctioning of the information system or a lack of a lasting connection, the Member State may submit the documents to the Commission in hard copy or by other appropriate electronic means. Such submission of hard copies or by other electronic means shall require motivated prior notice sent to the Commission in due time before the notification deadline.
Article 6 
The authenticity of a document notified or held using an information system in conformity with this Regulation is recognised if the person who sent the document is duly identified and if the document has been set up and notified in compliance with this Regulation.
CHAPTER III
Article 7 
Information systems shall protect the integrity of the documents notified and held.
In particular, they shall offer the following guarantees:

((a)) they shall allow each user to be unequivocally identified and shall incorporate effective control measures of access rights in order to protect against illegal, malicious or unauthorised access, deletion, alteration or movement of documents, files, metadata and stages of the procedure;
((b)) they shall be equipped with physical protection systems against intrusions and environmental incidents and software protection against cyber attacks;
((c)) they shall prevent, by various means, any unauthorised changes and incorporate integrity mechanisms to check if a document has been altered over time;
((d)) they shall keep an audit trail for each essential stage of the procedure;
((e)) they shall safeguard stored data in an environment which is secure in both physical and software terms, in accordance with point (b);
((f)) they shall provide reliable format conversion and migration procedures in order to guarantee that documents are legible and accessible throughout the entire storage period required;
((g)) they shall have sufficiently detailed and up-to-date functional and technical documentation on the operation and characteristics of the system, that documentation being accessible at all times to the organisational entities responsible for the functional and/or technical specifications.
Article 8 
The provisions of this Regulation shall apply without prejudice to Regulations (EC) No 45/2001 and (EC) No 1049/2001, Directives 95/46/EC and 2002/58/EC and the provisions adopted pursuant to them.
CHAPTER IV
Article 9 
This Regulation shall enter into force on the seventh day following its publication in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in all Member States.Done at Brussels, 31 August 2009.
For the Commission
Mariann FISCHER BOEL
Member of the Commission