
CHAPTER I
Article 1 
This Regulation shall apply to the following electronic systems:

((a)) the Customs Decisions system developed through the UCC Customs Decisions project referred to in the Annex to Implementing Decision (EU) 2016/578;
((b)) the Uniform User Management and Digital Signature system developed through the Direct trader access to the European Information Systems (Uniform User Management & Digital Signature) project referred to in the Annex to Implementing Decision (EU) 2016/578.
Article 2 
For the purpose of this Regulation, the following definitions shall apply:

((1)) ‘common component’ means a component of the electronic systems developed at Union level, which is available for all Member States;
((2)) ‘national component’ means a component of the electronic systems developed at national level, which is available in the Member State that created such a component.
Article 3 
The Commission and the Member States shall designate contact points for each of the electronic systems for the purposes of exchanging information to ensure a coordinated development, operation and maintenance of those electronic systems. They shall communicate the details of those contact points to each other.
The Commission and the Member States shall inform each other immediately of any changes to the details of those contact points.
CHAPTER II
Article 4 

1. The Customs Decisions system (CDS) shall enable communication between the Commission, Member States, economic operators and persons other than economic operators for the purposes of submitting and processing applications and decisions referred to in Article 5(1), as well as the management of decisions related to the authorisations, namely, amendments, revocations, annulments and suspensions.
2. The CDS shall consist of the following common components:
(a) an EU trader portal;
(b) a central customs decisions management system (‘central CDMS’);
(c) customer reference services.
3. Member States may create the following national components:
(a) a national trader portal;
(b) a national customs decisions management system (‘national CDMS’).
Article 5 

1. The CDS shall be used for the purposes of submitting and processing applications for the following authorisations, as well as the management of decisions related to the applications or authorisations:
(a) authorisation for the simplification of the determination of amounts being part of the customs value of the goods, as referred to in Article 73 of the Code;
(b) authorisation for the provision of a comprehensive guarantee, including possible reduction or waiver, as referred to in Article 95 of the Code;
(c) authorisation of deferment of the payment of the duty payable, as far as the permission is not granted in relation to a single operation, as referred to in Article 110 of the Code;
(d) authorisation for the operation of temporary storage facilities, as referred to in Article 148 of the Code;
(e) authorisation to establish regular shipping services, as referred to in Article 120 of Delegated Regulation (EU) 2015/2446;
(f) authorisation for the status of authorised issuer, as referred to in Article 128 of Delegated Regulation (EU) 2015/2446;
(g) authorisation for the regular use of a simplified declaration, as referred to in Article 166(2) of the Code;
(h) authorisation for centralised clearance, as referred to in Article 179 of the Code;
(i) authorisation to lodge a customs declaration through an entry of data in the declarant's records, including for the export procedure, as referred to in Article 182 of the Code;
(j) authorisation for self-assessment, as referred to in Article 185 of the Code;
(k) authorisation for the status of an authorised weigher of bananas, as referred to in Article 155 of Delegated Regulation (EU) 2015/2446;
(l) authorisation for the use of the inward processing procedure, as referred to in Article 211(1)(a) of the Code;
(m) authorisation for the use of the outward processing procedure, as referred to in Article 211(1)(a) of the Code;
(n) authorisation for the use of the end-use procedure, as referred to in Article 211(1)(a) of the Code;
(o) authorisation for the use of the temporary admission procedure, as referred to in Article 211(1)(a) of the Code;
(p) authorisation for the operation of storage facilities for customs warehousing of goods, as referred to in Article 211(1)(b) of the Code;
(q) authorisation for the status of an authorised consignee for TIR operation, as referred to in Article 230 of the Code;
(r) authorisation for the status of an authorised consignor for Union transit, as referred to in Article 233(4)(a) of the Code;
(s) authorisation for the status of an authorised consignee for Union transit, as referred to in Article 233(4)(b) of the Code;
(t) authorisation to use of seals of a special type, as referred to in Article 233(4)(c) of the Code;
(u) authorisation to use a transit declaration with a reduced dataset, as referred to in Article 233(4)(d) of the Code;
(v) authorisation for the use of an electronic transport document as a customs declaration, as referred to in Article 233(4)(e) of the Code.
2. The common components of the CDS shall be used with respect to applications and authorisations referred to in paragraph 1, as well as the management of decisions related to those applications and authorisations where those authorisations or decisions may have an impact in more than one Member State.
3. A Member State may decide that the common components of the CDS may be used with respect to applications and authorisations referred to in paragraph 1, as well as the management of decisions related to those applications and authorisations where those authorisations or decisions have an impact only in that Member State.
4. The CDS shall not be used with respect to applications, authorisations or decisions other than those listed to in paragraph 1.
Article 6 

1. The authentication and access verification of economic operators and persons other than economic operators for the purposes of access to the common components of the CDS shall be effected using the Uniform User Management and Digital Signatures (UUM&DS) system referred to in Article 14.
2. The authentication and access verification of Member States' officials for the purposes of access to the common components of the CDS shall be effected using the network services provided by the Commission.
3. The authentication and access verification of Commission's staff for the purposes of access to the common components of the CDS shall be effected using the UUM&DS system or the network services provided by the Commission.
Article 7 

1. The EU trader portal shall be an entry point to the CDS for economic operators and persons other than economic operators.
2. The EU trader portal shall interoperate with the central CDMS as well as with national CDMS where created by Member States.
3. The EU trader portal shall be used for applications and authorisations referred to in Article 5(1), as well as the management of decisions related to those applications and authorisations where those authorisations or decisions may have an impact in more than one Member State.
4. A Member State may decide that the EU trader portal may be used for applications and authorisations referred to in Article 5(1), as well as the management of decisions related to those applications and authorisations where those authorisations or decisions have an impact only in that Member State.Where a Member State takes a decision to use the EU trader portal for authorisations or decisions that have an impact only in that Member State, it shall inform the Commission thereof.
Article 8 

1. The central CDMS shall be used by the customs authorities of the Member States for processing of the applications and authorisations referred to in Article 5(1), as well as the management of decisions related to those applications and authorisations by enabling Member States to verify whether the conditions for the acceptance of the applications and for taking the decisions are fulfilled.
2. The central CDMS shall interoperate with the EU trader portal, the customer reference services and with the national CDMS, where created by the Member States.
Article 9 
A customs authority of a Member State shall use the central CDMS when it needs to consult a customs authority of another Member State before taking a decision regarding the applications or authorisations referred to in Article 5(1).
Article 10 
The customer reference services shall be used for the central storage of data relating to the authorisations referred to in Article 5(1), as well as decisions related to those authorisations, and shall enable the consultation, replication and validation of those authorisations by other electronic systems established for the purposes of Article 16 of the Code.
Article 11 

1. The national trader portal, where created, shall be an additional entry point to the CDS for economic operators and persons other than economic operators.
2. With respect to applications and authorisations referred to in Article 5(1), as well as the management of decisions related to those applications and authorisations where those authorisations or decisions may have an impact in more than one Member State, economic operators and persons other than economic operators may choose to use the national trader portal, where created, or the EU trader portal.
3. The national trader portal shall interoperate with the national CDMS, where created.
4. Where a Member State creates a national trader portal, it shall inform the Commission thereof.
Article 12 

1. A national CDMS, where created, shall be used by the customs authority of the Member State which created it for processing the applications and authorisations referred to in Article 5(1), as well as the management of decisions related to those applications and authorisations by verifying whether the conditions for the acceptance of the applications and for taking the decisions are fulfilled.
2. The national CDMS shall interoperate with the central CDMS for the purposes of consultation between the customs authorities as referred to in Article 9.
Article 13 

1. The data relating to authorisations referred to in Article 5(1) where those authorisations were issued as of 1 May 2016 or granted according to Article 346 of Commission Implementing Regulation (EU) 2015/2447 and may have an impact in more than one Member State, shall be migrated and stored in the CDS if such authorisations are valid on the date of migration. The migration shall take place by 1 May 2019 at the latest.A Member State may decide to apply the first subparagraph also to authorisations referred to in Article 5(1) that have an impact only in that Member State.
2. The customs authorities shall ensure that the data to be migrated in accordance with paragraph 1 comply with the data requirements laid down in Annex A to Delegated Regulation (EU) 2015/2446 and Annex A to Commission Implementing Regulation (EU) 2015/2447. For that purpose, they may request the necessary information from the holder of the authorisation.
CHAPTER III
Article 14 

1. The Uniform User Management and Digital Signature (UUM&DS) system shall enable the communication between the Commission and the Member States' identity and access management systems referred to in Article 18 for the purposes of providing secure authorised access to the electronic systems to economic operators and persons other than the economic operators and Commission's staff.
2. The UUM&DS system shall consist of the following common components:
(a) an access management system;
(b) an administration management system;
3. A Member State shall create an identity and access management system as a national component of the UUM&DS system.
Article 15 
The UUM&DS system shall be used to ensure the authentication and access verification of:

((a)) economic operators and persons other than economic operators for the purposes of having access to the common components of the CDS;
((b)) the Commission's staff for the purposes of having access to the common components of the CDS and for the purposes of maintenance and management of the UUM&DS system.
Article 16 
The Commission shall set up the access management system to validate the access requests submitted by the economic operators and persons other than economic operators within the UUM&DS system by interoperating with the Member States' identity and access management systems referred to in Article 18.
Article 17 
The Commission shall set up the administration management system to manage the authentication and authorisation rules for validating the identification data of economic operators and persons other than economic operators for the purposes of allowing access to the electronic systems.
Article 18 
The Member States shall set-up an identity and access management system to ensure:

((a)) a secure registration and storage of identification data of economic operators and persons other than economic operators;
((b)) a secure exchange of signed and encrypted identification data of economic operators and persons other than economic operators.
CHAPTER IV
Article 19 

1. The common components shall be developed, tested, deployed and managed by the Commission. The national components shall be developed, tested, deployed and managed by the Member States.
2. The Member States shall ensure that the national components are interoperable with the common components.
Article 20 

1. The Commission shall perform the maintenance of the common components and the Member States shall perform the maintenance of their national components.
2. The Commission and the Member States shall ensure uninterrupted operation of the electronic systems.
3. The Commission may change the common components of the electronic systems to correct malfunctions, to add new functionalities or alter existing ones.
4. The Commission shall inform the Member States of changes and updates to the common components.
5. Member States shall inform the Commission of changes and updates to the national components that may have repercussions on the functioning of the common components.
6. The Commission and Member States shall make the information on the changes and updates to the electronic systems pursuant to paragraphs 4 and 5 publicly available.
Article 21 

1. In case of a temporary failure of the electronic systems as referred to in Article 6(3)(b) of the Code, economic operators and persons other than economic operators shall submit the information to fulfil the formalities concerned by the means determined by the Member States, including means other than electronic data processing techniques.
2. The customs authorities shall make sure the information submitted in accordance with paragraph 1 is made available in the respective electronic systems within 7 days of the respective electronic systems becoming available again.
3. The Commission and the Member States shall inform each other of the unavailability of the electronic systems resulting from a temporary failure.
Article 22 
The Commission shall support the Member States on the use and functioning of the common components of the electronic systems by providing the appropriate training material.
CHAPTER V
Article 23 

1. The personal data registered in the electronic systems shall be processed for the purposes of implementing the customs legislation having regard to the specific objectives of each of the electronic systems as set out in Article 4(1) and Article 14(1), respectively.
2. The national supervisory authorities in the field of personal data protection and the European Data Protection Supervisor shall cooperate to ensure coordinated supervision of the processing of personal data registered in the electronic systems.
Article 24 
Member States shall ensure that the data registered at national level corresponds to the data registered in the common components and is kept up to date.
Article 25 

1. The data registered in the common components of the electronic systems by a Member State may be accessed or processed by that Member State. It may also be accessed and processed by another Member State where it is involved in the processing of an application or the management of a decision to which the data relates, including by way of a consultation in accordance with Article 9.
2. The data registered in the common components of the electronic systems by an economic operator or a person other than an economic operator may be accessed or processed by that economic operator or that person. It may also be accessed and processed by a Member State involved in the processing of an application or the management of a decision to which the data relates, including by way of a consultation in accordance with Article 9.
Article 26 

1. The Commission shall be the system owner of the common components.
2. The Member States shall be the system owners of the national components.
Article 27 

1. The Commission shall ensure the security of the common components. The Member States shall ensure the security of the national components.For those purposes, the Commission and Member States shall take, at least, the necessary measures to:
(a) prevent any unauthorised person from having access to installations used for the processing of data;
(b) prevent the entry of data and any consultation, modification or deletion of data by unauthorised persons;
(c) detect any of the activities referred to in points (a) and (b);
2. The Commission and the Member States shall inform each other of any activities that might result in a breach or a suspected breach of the security of the electronic systems.
CHAPTER VI
Article 28 
The Commission and the Member States shall conduct assessments of the components they are responsible for and shall in particular analyse the security and integrity of the components and the confidentiality of data processed within those components.
The Commission and the Member States shall inform each other of the assessment results.
Article 29 
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in all Member States.Done at Brussels, 14 November 2017.
For the Commission
The President
Jean-Claude JUNCKER