
COMMISSION IMPLEMENTING REGULATION (EU) 2019/1715 of 30 September 2019 laying down rules for the functioning of the information management system for official controls and its system components ... (Text with EEA relevance) 

THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Council Directive 2000/29/EC of 8 May 2000 on protective measures against the introduction into the community of organisms harmful to plants or plant products and against their spread within the Community, and in particular Article 13(1) thereof,
Having regard to Regulation (EC) No 178/2002 of the European Parliament and of the Council of 28 January 2002 laying down the general principles and requirements of food law, establishing the European Food Safety Authority and laying down procedures in matters of food safety, and in particular Article 51 thereof,
Having regard to Regulation (EU) 2016/429 of the European Parliament of the Council of 9 March 2016 on transmissible animal diseases and amending and repealing certain acts in the area of animal health (‘Animal Health Law’), and in particular point (c) of the first paragraph of Article 23 thereof,
Having regard to Regulation (EU) 2016/2031 of the European Parliament of the Council of 26 October 2016 on protective measures against pests of plants, amending Regulations (EU) No 228/2013, (EU) No 652/2014 and (EU) No 1143/2014 of the European Parliament and of the Council and repealing Council Directives 69/464/EEC, 74/647/EEC, 93/85/EEC, 98/57/EC, 2000/29/EC, 2006/91/EC and 2007/33/EC, and in particular points (a), (b) and (c) of the first paragraph of Article 104 thereof,
Having regard to Regulation (EU) 2017/625 of the European Parliament and of the Council of 15 March 2017 on official controls and other official activities performed to ensure the application of food and feed law, rules on animal health and welfare, plant health and plant protection products, amending Regulations (EC) No 999/2001, (EC) No 396/2005, (EC) No 1069/2009, (EC) No 1107/2009, (EU) No 1151/2012, (EU) No 652/2014, (EU) 2016/429 and (EU) 2016/2031 of the European Parliament and of the Council, Council Regulations (EC) No 1/2005 and (EC) No 1099/2009 and Council Directives 98/58/EC, 1999/74/EC, 2007/43/EC, 2008/119/EC and 2008/120/EC, and repealing Regulations (EC) No 854/2004 and (EC) No 882/2004 of the European Parliament and of the Council, Council Directives 89/608/EEC, 89/662/EEC, 90/425/EEC, 91/496/EEC, 96/23/EC, 96/93/EC and 97/78/EC and Council Decision 92/438/EEC (‘Official Controls Regulation’), in particular point (a) of the first paragraph of Article 58, points (a), (b) and (c) of the first subparagraph of Article 75(2), point (f) of the first paragraph of Article 90, points (a) and (b) of the first subparagraph of Article 102(6), Article 103(6) and points (a) to (g) of the first paragraph of Article 134 thereof,
Whereas:

(1) Regulation (EU) 2017/625 establishes, inter alia, rules for the Member States’ performance of official controls and other official activities on animals and goods entering the Union in order to ensure the correct application of the Union agri-food chain legislation.

(2) It requires the Commission, in collaboration with Member States, to set up and manage a computerised information management system for official controls (IMSOC) to manage, handle and automatically exchange data, information and documents in relation to official controls. The IMSOC should integrate and upgrade as necessary certain information systems managed by the Commission and act as an interoperability schema connecting them and, in certain cases, also existing national systems of the Member States and information systems of third countries and international organisations (‘other systems’).

(3) The information systems managed by the Commission and to be integrated in IMSOC include the Rapid alert system for food and feed (RASFF) for notifying direct or indirect risk to human health deriving from food, food contact material or feed, as established by Regulation (EC) No 178/2002 and broadened by Regulation (EC) No 183/2005 of the European Parliament and of the Council, the system for notifying and reporting information on animal diseases (ADIS), to be established pursuant to Regulation (EU) 2016/429, the system for notifying and reporting the presence of pests in plants and plant products (EUROPHYT), to be established pursuant to Regulation (EU) 2016/2031, the technical tools for administrative assistance and cooperation (AAC) and the TRACES system referred to in Regulation (EU) 2017/625.

(4) The information systems managed by the Commission were established at different times and have since been modified on legal and operational grounds. Therefore, in order to upgrade and integrate them as required by Regulation (EU) 2017/625, it is appropriate to gather in the same act all provisions relating to the functioning of the IMSOC and its system components, and establish rules for the exchange of data, information and documents with other systems on the basis of the powers conferred on the Commission by Regulations (EC) No 178/2002, (EU) 2016/429, (EU) 2016/2031 and (EU) 2017/625 and repeal the existing implementing acts.

(5) Regulation (EU) 2017/625 provides that the Member States and the Commission should process personal data through the IMSOC and any of its components only for the purposes of official controls and other official activities performed for the verification of compliance with relevant Union rules in the areas referred to in Article 1(2) of that Regulation, including the operators’ past records as regards compliance with those rules.

(6) Official controls and other official activities are to be carried out on operators for the whole duration of their activities and in certain cases such as animal welfare checks or official controls on products with long shelf life, e.g. canned food or food contact materials, on the same animals and goods at different points in time. Therefore, in order to be able to properly track operators’ past records, it is appropriate to establish a maximum storage period of personal data of 10 years, which should allow traceability in case of foodborne outbreaks, animal diseases outbreaks, animal welfare checks and plant pest outbreaks.

(7) In order to implement measures that adhere to the ‘data protection by design’ principle laid down in Regulation (EU) 2016/679 of the European Parliament and of the Council and Regulation (EU) 2018/1725 of the European Parliament and of the Council, the IMSOC components should be given a limited capacity to insert unstructured information. This capacity should be used only where such information is necessary and cannot be provided efficiently in a structured manner. Moreover, even in the absence of explicit references to them, personal data protection principles are embedded in each provision of this Regulation, in particular as regards the identification of data controllers, storage periods of personal data, access to personal data, transmission and transfer of personal data and data security.

(8) A multi-level governance of the IMSOC by the Commission, in collaboration with the Member States, is necessary to ensure that the development of general solutions applicable to the IMSOC are steered uniformly and that system components are developed and used in a coherent way, so as to limit administrative burden and the establishing of different procedures where this is not strictly necessary.

(9) To this end, it is appropriate to establish a network of members, including the Commission and, where appropriate, EU agencies, for each IMSOC system component, and for the Commission to establish governance structures to gather ongoing feedback from Member States on planned changes and new features to steer the development of the IMSOC and its components.

(10) Although each IMSOC component has its own specificities, this Regulation should establish general principles which all components need to comply with, regarding ownership and responsibility for data, information and documents and exchanges with other systems. It should also establish the Commission’s obligations and rights as regards the IMSOC and personal data protection provisions in Regulation (EU) 2016/679, Directive (EU) 2016/680 of the European Parliament and of the Council and Regulation (EU) 2018/1725.

(11) As Regulation (EU) 2017/625 provides that the IMSOC is to integrate the RASFF, this Regulation should lay down implementing measures for the efficient operation of the RASFF within the IMSOC on the basis of the conditions and procedures applicable to the transmission of notifications, as currently established by Commission Regulation (EU) No 16/2011, including the definition of the different types of notification classified according to risks.

(12) Since the provisions on administrative assistance and cooperation of Title IV of Regulation (EC) No 882/2004 of the European Parliament and of the Council and the implementing measures in Commission Implementing Decision (EU) 2015/1918 establishing the Administrative Assistance and Cooperation System (the AAC system) are now included in Title IV of Regulation (EU) 2017/625, this Regulation should lay down operational rules and a standard format for the exchange of information on instances of cross-border non-compliance within the IMSOC in accordance with the power conferred on the Commission by Regulation (EU) 2017/625.

(13) Given the complex nature of certain cases of non-compliance where risks may not be immediately identified and in order to ensure swift and appropriate coordination between different competent authorities through the correct procedure, this Regulation should include rules for the clear distinction between non-compliances generating risks and other non-compliances, in order to streamline and facilitate the choice between the RASFF or AAC procedure accordingly.

(14) Moreover, this Regulation should also harmonise, as far as possible, the type of information exchanged through the RASFF or AAC procedures to allow a swift change of procedure in case factual evidence demonstrates the presence or absence of a risk.

(15) At the Ministerial Conference on 26 September 2017, following an incident of fipronil contamination, the Commission and the Member States agreed on concrete measures and coordinated action to step up the fight against food fraud. They identified bridging the gap between the RASFF and the AAC system by means of a combined platform as one measure to ensure that information is exchanged as efficiently as possible. To this end, this Regulation should establish a common computerised tool (iRASFF) to be integrated in the IMSOC that brings together the RASFF and the AAC system, for the exchange of information required by Regulation (EC) No 178/2002 and Regulation (EU) 2017/625.

(16) To ensure the correct and efficient functioning of iRASFF, the Member States’ contact points of the RASFF and AAC networks should be represented in an entity called single contact point. The latter should consist of persons managing both networks, whether or not physically located in the same administrative unit, relay information to the appropriate competent authority within the country and routinely be the first contact point for the Commission.

(17) Moreover, considering the occurrence of criminal activities along the food and feed chain and the concurring relevance of those activities for competent authorities and police or judicial bodies, the European Union Agency for Law Enforcement Cooperation (Europol) should take part in the food fraud network, and where relevant, inform the European Union’s Judicial Cooperation Unit (Eurojust).

(18) This Regulation should also establish common rules for the contact points of iRASFF and for the Commission’s coordinating role in verifying notifications and helping to identify recurrent hazards and operators reported in them.

(19) Moreover, as Regulation (EC) No 178/2002 requires public authorities to inform the public of risks to human health, inter alia, and third countries of certain notifications, this Regulation should lay down rules to inform the public and third countries, balancing the need to inform with that not to harm business operators.

(20) Regulation (EU) 2016/429 lays down rules on animal diseases that are transmissible to animals or humans, including requirements for disease notification and reporting. It requires the Commission to set up and manage a computerised information system for the operation of the mechanisms and tools for those requirements (ADIS) that should be integrated into the IMSOC.

(21) As Regulation (EU) 2016/429 becomes applicable as of 21 April 2021, this Regulation should lay down deferred rules for the establishment of the network for the functioning of ADIS.

(22) Regulation (EU) 2016/2031 lays down measures to prevent the entry or spread of plant pests in EU territory, including notification requirements for pest presence and phytosanitary measures taken. It requires the Commission to establish an electronic system through which the Member States are to submit notifications and which should be connected to, and compatible with, the IMSOC.

(23) For that purpose, that Regulation empowers the Commission to lay down specific rules on notifications, in particular on the items to be included, a form and how to fill it in and deadlines for the submission of particular items.

(24) The EUROPHYT-Interceptions web-based notification system is a system developed by the Commission with the Member States, for notifying interception of consignments of plants and plant products from other Member States or third countries that may present an imminent danger of introducing or spreading pests. The procedure and standard form to be used for notifying interception of such consignments from a third country are laid down in Commission Directive 94/3/EC.

(25) A parallel web-based notification system, EUROPHYT-Outbreaks, was developed with a view to helping Member States to notify official confirmation of the presence of pests on their territory, and measures taken to eradicate or prevent the spread of the pest, whether or not regulated at EU level as harmful. Commission Implementing Decision 2014/917/EU sets out the information to be included in such notifications and the deadline for submitting them. It also requires the notifying Member State to provide updates as soon as possible if it receives new relevant information or takes new relevant measures.

(26) To allow the Member States to notify interceptions and outbreaks as required by Regulation (EU) 2016/2031, this Regulation should lay down rules on notifying interceptions and outbreaks following procedures similar to those used for interceptions under Directive 94/3/EC and outbreaks under Implementing Decision 2014/917/EU.

(27) Because the notifications submitted to EUROPHYT-Interceptions are similar to the data and information on imports of and intra-Union trade in animals and products of animal origin submitted to the TRACES system, the functionalities of EUROPHYT-Interception for commodities intercepted at the border and within the Union should be provided within TRACES rather than within EUROPHYT.

(28) Regulation (EU) 2017/625 also provides that the IMSOC should allow the production, handling and transmission of common health entry documents (CHEDs) and official certificates, and empowers the Commission to lay down rules on the format of the CHEDs, instruction for their presentation and use, and rules for the issuance of electronic certificates and for the use of electronic signatures.

(29) To establish an adequate level of security of electronic means of identification and electronic certification, digitalise and harmonise the certification process, the issuance of electronic official certificates and CHEDs should meet the standards for electronic signatures, electronic seals and electronic timestamps in their different levels of identity assurance set by Regulation (EU) No 910/2014 of the European Parliament and of the Council and Commission Implementing Decision (EU) 2015/1506 adopted pursuant to that Regulation, and use, as a basis, the existing provisions on electronic phytosanitary certification in Commission Implementing Decision (EU) 2018/1553.

(30) However, as Regulation (EU) 2016/2031 provides that electronic phytosanitary certificates for the introduction into the Union territory of plants, plant products and other objects are to be accepted only where they are provided through, or in electronic exchange with the IMSOC, this Regulation should establish rules for the issuance of such certificates in line with those provisions.

(31) Moreover, to maintain continuity with the current operational practice, the entries of the common veterinary entry document (CVED) for products established by Commission Regulation (EC) No 136/2004, the CVED for animals established by Commission Regulation (EC) No 282/2004 and the common entry document established by Commission Regulation (EC) No 669/2009 should serve as a basis to establish in this Regulation the entries for the CHEDs for the respective categories of animals and goods.

(32) For consignments of plants, plant products and other objects introduced from third countries for which a phytosanitary certificate is required, this Regulation should also lay down a template for a CHED with entries that are relevant for plants, plant products and other objects, as referred to in Article 47(1)(c) to (f) of Regulation (EU) 2017/625 and Commission Implementing Regulation (EU) 2019/66. Moreover, those entries should be aligned with the items to be included in the EUROPHYT-Interceptions notifications.

(33) As the CHEDs should be used by operators to give prior notification of arrival of consignment to competent authorities and by those authorities to record the outcome of official controls and the decision on the consignment, the CHEDs should be divided in three parts: one to be filled in by the person responsible for the consignment; one by the competent authority taking a decision on the consignment and one to be filled in by the competent authority performing follow-up actions on the consignment. This Regulation should set out instructions for completing each part of the CHED, including language requirements.

(34) Decision No 70/2008/EC of the European Parliament and of the Council requires the Commission and the Member States to set up secure, integrated, interoperable and accessible electronic customs systems to provide single window services for the seamless flow of data between economic operators and customs authorities, between customs authorities and the Commission, and between customs authorities and other administrations or agencies. Since these objectives are similar to those of Regulation (EU) 2017/625, this Regulation should provide for similar cooperation arrangements between authorities dealing with animals and goods entering the Union and operating in TRACES.

(35) In order to ensure the consistent collection of information and avoid the pollution of Member States and Commission databases, data exchanges between TRACES and the national systems of the Member States should use reference data provided by the Commission in TRACES.

(36) To this end, Member States should provide the Commission with information necessary for the functioning of TRACES such as the lists of border control posts and control points designated in accordance with Regulation (EU) 2017/625, the lists of control units designated for the purpose of TRACES, the lists of food business establishments approved in accordance with Regulation (EC) No 852/2004 of the European Parliament and of the Council and the lists of establishments, plants and operators handling animal by-products or derived products, approved or registered in accordance with Regulation (EC) No 1069/2009 of the European Parliament and of the Council.

(37) The provisions of Directive 94/3/EC, Regulation (EU) No 16/2011, and Implementing Decisions 2014/917/EU, (EU) 2015/1918 and (EU) 2018/1553 have been reviewed and are now incorporated in this Regulation. For the sake of clarity and consistency those acts should be repealed with effect from the date of application of Regulation (EU) 2017/625.

(38) Commission Decisions 92/486/EEC, 2003/24/EC, 2003/623/EC, 2004/292/EC, 2004/675/EC and 2005/123/EC, adopted in relation to the TRACES system pursuant to Council Directive 90/425/EEC and Council Decision 92/438/EEC, have become obsolete. For the sake of clarity and consistency, those Decisions should also be repealed with effect from the date of application of Regulation (EU) 2017/625.

(39) This Regulation has been discussed with the European Food Safety Authority and the European Data Protection Supervisor.

(40) The measures provided for in this Regulation are in accordance with the opinion of the Standing Committee on Plants, Animals, Food and Feed,
HAS ADOPTED THIS REGULATION:

CHAPTER 1 Subject matter, scope and definitions 

Subject matter and scope
Article 1 

1. This Regulation lays down:
(a) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
(b) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
(c) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
(d) rules for the computerised handling and exchange of information, data and documents in the appropriate computerised information management system necessary for the performance of the official controls provided for in Regulation (EU) 2017/625, as regards:
((i)) ... the common health entry document (CHED) referred to in Article 56 of Regulation (EU) 2017/625, including its electronic equivalent, and the instructions for its presentation and use;
((ii)) uniform arrangements for cooperation between customs authorities, competent authorities and other authorities, as referred to in Article 75 of Regulation (EU) 2017/625;
((iii)) the issuance of electronic certificates and the use of electronic signatures for the official certificates referred to in Article 87 of Regulation (EU) 2017/625;
((iv)) ...
((v)) specifications of the technical tools and procedures for communication between liaison bodies designated in accordance with Article 103(1) of Regulation (EU) 2017/625;
((vi)) the proper functioning of the appropriate computerised information management system referred to in Chapter IV of Title VI of Regulation (EU) 2017/625.
Definitions
Article 2 
For the purposes of this Regulation, the following definitions shall apply:

((1)) ‘component’ means an electronic system integrated in the appropriate computerised information management system;
((2)) ‘network’ means a group of members having access to a specific component;
((3)) ‘network member’ means a ... competent authority, ... a third country’s competent authority or an international organisation that has access to at least one component;
((4)) ‘contact point’ means the contact point designated by the network member to represent it;
((5)) ‘... national system’ means a computerised information system owned and set up before the date of entry into force of Regulation (EU) 2017/625 by an appropriate authority for the purpose of managing, handling and exchanging data, information and documents on official controls, and capable of electronically exchanging data with the relevant component;
((6)) ‘international organisation’ means any of the internationally recognised bodies listed in point (g) of Article 121 of Regulation (EU) 2017/625, or similar intergovernmental organisations;
((7)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((8)) ‘risk’ means any direct or indirect risk to human health in connection with food, food contact material or feed in accordance with Article 50 of Regulation (EC) No 178/2002 or a serious risk to animal health or to the environment in connection with feed, including feed for animals not kept for food production, in accordance with Article 29 of Regulation (EC) No 183/2005;
((9)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((10)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((11)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((12)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((13)) ‘single contact point’ means a contact point composed of the contact points for systems for the notification of food and feed risks in each constituent territory of Great Britain, whether or not physically located in the same administrative unit;
((14)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((15)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((16)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((17)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((18)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((19)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((20)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((21)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((22)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((23)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((24)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((25)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((26)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((27)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((28)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((29)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((30)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((31)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((32)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((33)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((34)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((35)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((36)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((37)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
((38)) ‘electronic signature’ means an electronic signature as defined in point (10) of Article 3 of Regulation (EU) No 910/2014;
((39)) ‘advanced electronic signature’ means an electronic signature complying with the technical specifications laid down in the Annex to Implementing Decision (EU) 2015/1506;
((40)) ‘qualified electronic signature’ means an electronic signature as defined in point (12) of Article 3 of Regulation (EU) No 910/2014;
((41)) ‘advanced electronic seal’ means an electronic seal complying with the technical specifications laid down in the Annex to Implementing Decision (EU) 2015/1506;
((42)) ‘qualified electronic seal’ means an electronic seal as defined in point (27) of Article 3 of Regulation (EU) No 910/2014;
((43)) ‘qualified electronic time stamp’ means an electronic time stamp as defined in point (34) of Article 3 of Regulation (EU) No 910/2014;
((44)) ‘control point’ means a control point as referred to in point (a) of Article 53(1) of Regulation (EU) 2017/625;
((45)) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CHAPTER 2 General principles and data protection 

IMSOC components
Article 3 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Components, networks and contact points
Article 4 

1. Each component shall have a network of which the appropriate authority shall be part.
2. Network members shall each designate at least one contact point and communicate that designation and its contact details to the appropriate authority contact point. They shall inform the appropriate authority contact point immediately of any changes in this respect.
3. The appropriate authority contact point shall maintain and keep up to date a list of contact points and make it available to all network members.
4. The appropriate authority shall establish a governance structure to steer the development of, identify priorities for and monitor the correct implementation of the appropriate computerised information management system. The governance structure shall be composed of:
(a) an operations management board ..., to discuss, at least once a year, priorities for and the development of each component;
(b) sub-groups within the operations management board that regularly discuss priorities for and the development of specific functionalities of each component.
Ownership and responsibilities for data, information and documents
Article 5 

1. Each network member shall own and be responsible for the data, information and documents its contact point or users acting under its responsibility have inserted or produced in the relevant component.
2. Each signatory, competent authority to which a signatory belongs or competent authority creating an electronic seal shall own and be responsible for the part of the documents it signs or seals ....
3. Where more than one signatory signs a document ..., each signatory shall own and be responsible for the part of the document that it signs.
Links between components
Article 6 

1. Links between components shall be aimed at:
(a) complementing data, information or documents in one or more components by data, information or documents already present in another component; and
(b) providing relevant and up-to-date information to each network member for the performance of its tasks in accordance with the rules set for each component in this Regulation; and
(c) supporting and operating the procedures for
((i)) determining and modifying the frequency rates of identity checks and physical checks to be performed on consignments of categories of animals and goods referred to in points (a), (b) and (c) of Article 47(1) of Regulation (EU) 2017/625;
((ii)) applying the frequency of identity checks and physical checks to be performed on consignments of categories of animals or goods referred to in points (d), (e) and (f) of that Article;
((iii)) the coordinated performance by competent authorities of the intensified official controls in case of suspicions of non-compliance referred to in Article 65(6) of that Regulation.
2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Electronic data exchange between components and other electronic systems
Article 7 

1. Data exchanges between the appropriate computerised information management system and other electronic systems... shall:
(a) be based on international standards that are relevant for the component and use XML, CMS or PDF formats;
(b) use the specific data dictionaries and business rules provided for in the relevant component.
2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3. The appropriate authority shall draw-up a service-level agreement governing the maintenance of the electronic data exchange between the relevant component and other electronic systems, ....
Obligations and rights of the appropriate authority
Article 8 

1. The  appropriate authority  shall ensure the functioning, maintenance, support and any necessary updating or development of the software and the IT infrastructure of the components.
2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Conditions for the granting of partial access to the appropriate computerised information management system to third countries and international organisations
Article 9 

1. On receipt of a duly justified application, the appropriate authority, may grant the competent authority of a third country or an international organisation partial access to the functionalities of one or more components and to specific data, information and documents inserted or produced therein, provided the applicant demonstrates, in respect of the component(s) in question, that it meets the following requirements:
(a) it has the legal and operational capacity to provide, without undue delay, the assistance necessary to allow the good functioning of the component to which partial access is requested;
(b) it has designated a contact point for that purpose;
2. The partial access referred to in paragraph 1 shall not include access to personal data processed in the component(s) to which the partial access is granted.
3. By way of derogation from paragraph 2, partial access may include access to personal data where the conditions for lawful transfers of personal data established by Regulations (EU) 2016/679 and (EU) 2018/1725 are fulfilled by the applicant third country or international organisation.
Personal data processing
Article 10 

1. Personal data shall be processed in each component for the purpose of performing official controls and other official activities. In particular, personal data shall belong to one of the following categories:
(a) contact points, operators, importers, exporters, transporters and laboratory technicians when personal data is required by ... law;
(b) users of each component.
2. In processing personal data pursuant to this Regulation, the appropriate authority and the competent authority shall comply with Regulation (EU) 2016/679 legislation which, immediately before IP completion day, implemented Directive (EU) 2016/680.
Data controllers and joint controllership
Article 11 

1. The appropriate authority and the competent authorities ... shall be joint controllers of data processing operations in each of the components.
2. The appropriate authority shall be responsible for:
(a) determining and implementing the technical means to enable data subjects to exercise their rights, ...;
(b) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
(c) determining the categories of its staff and external providers to whom access to the components may be granted;
(d) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
(e) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3. The competent authorities ... shall be responsible for:
(a) ensuring that data subject’s rights are exercised in compliance with Regulation (EU) 2016/679 and this Regulation;
(b) ensuring the security and confidentiality of personal data pursuant to Section 2 of Chapter IV of Regulation (EU) 2016/679;
(c) designating the staff that are to have access to each component;
(d) ensuring that staff accessing each component are adequately trained to perform their tasks in accordance with Regulation (EU) 2016/679 ....
4. The competent authorities ... may designate different joint controllers ... for the purpose of fulfilling one or more of the obligations referred to in paragraph 3.
CHAPTER 3 Components, networks and contact points 
 SECTION 1 iRASFF 

Liaison bodies responsible for the exchange of certain types of information
Article 12 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Single contact point
Article 13 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Duties of the members of the alert and cooperation network
Article 14 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Information exchanged in iRASFF
Article 15 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Non-compliance notifications
Article 16 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Alert notifications
Article 17 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Information notifications
Article 18 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
News notifications
Article 19 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Border rejection notifications
Article 20 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Food fraud notifications
Article 21 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Follow-up notifications
Article 22 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Access to iRASFF notifications
Article 23 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Verification and publication of notifications
Article 24 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Notification withdrawal and amendments
Article 25 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Closure of a notification and storage period of personal data
Article 26 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Exchange of information with third countries
Article 27 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contingency arrangements for iRASFF
Article 28 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SECTION 2 ADIS 

ADIS network
Article 29 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SECTION 3 EUROPHYT 

EUROPHYT network
Article 30 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Access to EUROPHYT outbreak and interception notifications
Article 31 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Submission of EUROPHYT outbreak notifications to the EUROPHYT outbreak network
Article 32 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Use of TRACES for the submission of EUROPHYT interception notifications to the EUROPHYT interception network
Article 33 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Storage period of personal data for EUROPHYT outbreak notifications
Article 34 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SECTION 4 TRACES 

TRACES network
Article 35 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Access to data, information and documents in TRACES
Article 36 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Exchanges between TRACES and other electronic systems
Article 37 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cooperation between authorities in Member States in relation to consignments entering the Union
Article 38 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Issuance of electronic official certificates and use of electronic signatures
Article 39 

1. Electronic official certificates for consignments of animals and goods entering Great Britain shall meet all of the following requirements:
(a) they shall be issued in one of the following systems:
((i)) ...
((ii)) a ... national system;
((iii)) ...
((iv)) a third country or an international organisation’s electronic certification system that is capable of exchanging data with a ... national system;
(b) they shall be signed by an authorised officer with an advanced or qualified electronic signature;
(c) they shall bear the advanced or qualified electronic seal of the issuing competent authority, or the advanced or qualified electronic signature of its legal representative;
(d) they shall use a qualified electronic time stamp.
2. Where electronic official certificates are issued in accordance with point (a)(iv) of paragraph 1, a national system shall acknowledge the exchange of data through the advanced or qualified electronic seal of the issuing third country’s competent authority, or the advanced or qualified electronic signature of its legal representative.In such cases, the signature of the authorised officer referred to in point (b) of paragraph 1 is not required.
3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Format of the CHED and instructions for its presentation and use
Article 40 

1. The appropriate authority shall publish on a website the format of the CHED and instructions for its presentation and use. The CHED shall be used by the operator and the competent authorities in accordance with Article 56(3) of Regulation (EU) 2017/625 in one of the following formats, depending on the category of the consignment established in Article 47(1) of that Regulation:
(a) a CHED-A ..., for consignments of animals that are:
((i)) referred to in point (a) of Article 47(1) of Regulation (EU) 2017/625; or
((ii)) subject at their entry into the Union to measures provided for in points (e) or (f) of Article 47(1) of Regulation (EU) 2017/625;
(b) a CHED-P ..., for consignments of products that are:
((i)) referred to in point (b) of Article 47(1) of Regulation (EU) 2017/625; or
((ii)) subject at their entry into the Union to measures provided for in points (d), (e) or (f) of Article 47(1) of Regulation (EU) 2017/625;
(c) a CHED-PP ..., for consignments of:
((i)) plants, plant products and other objects referred to in point (c) of Article 47(1) of Regulation (EU) 2017/625; or
((ii)) plants, plant products and other objects subject at their entry into the Union to one of the measures or conditions provided for in points (d), (e) or (f) of Article 47(1) of Regulation (EU) 2017/625; or
((iii)) specific plants, plant products and other objects of a particular origin or provenance for which a minimum level of official controls is necessary to respond to recognised uniform hazards and risks to plant health as provided for in Implementing Regulation (EU) 2019/66;
(d) a CHED-D ..., for consignments of feed and food of non-animal origin subject at their entry into the Union to any of the measures or conditions provided for in points (d), (e) or (f) of Article 47(1) of Regulation (EU) 2017/625.
2. The CHED referred to in paragraph 1 shall be:
(a) drawn up in English and one of the official languages of the country of destination and may also be in Welsh;
(b) duly completed ... by:
((i)) the operator responsible for the consignment, as regards the information on the details of the consignment, ...;
((ii)) the competent authority at a border control post or control point, as regards the information on the decision taken on the consignment, ...;
((iii)) the competent authority at the border control post of exit, as regards the information on the follow-up measures taken on the consignment after a decision has been taken.
3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Use of an electronic CHED
Article 41 

1. An operator or a competent authority may use a CHED in an electronic format, provided that this is by means of a national system, and that the CHED meets all of the following requirements:
(a) it is signed by the operator responsible for the consignment with the operator's electronic signature;
(b) it is signed by the certifying officer at border control posts or control points with the certifying officer's advanced or qualified electronic signature;
(c) it bears the advanced or qualified electronic seal of the issuing competent authority;
2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3. The required steps referred to in paragraph 1 shall each be timestamped with a qualified electronic time stamp.
Periods of storage of electronic certificates and CHEDs and personal data therefrom
Article 42 

1.. For the purpose of maintaining the integrity of certificates and CHEDs issued in accordance with Article 39 and Article 41 respectively, relevant data concerning electronic signatures, electronic seals, timestamps and electronic exchanges shall be stored by a national system for at least 3 years.
2.. Personal data from the certificates and CHEDs referred to in paragraph 1 shall be stored by a national system for no more than 10 years.
3.. ...
List of control units
Article 43 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
List of border control posts and control points
Article 44 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
List of establishments
Article 45 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contingency arrangements for TRACES and Member States’ national systems in the event of unplanned or planned unavailability
Article 46 
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CHAPTER 4 Final provisions 

Repeals
Article 47 

1. Directive 94/3/EC, Decisions 92/486/EEC, 2003/24/EC, 2003/623/EC, 2004/292/EC, 2004/675/EC and 2005/123/EC, Regulation (EU) No 16/2011, and Implementing Decisions 2014/917/EU, (EU) 2015/1918 and (EU) 2018/1553 are repealed as from 14 December 2019.
2. References to those repealed acts shall be construed as references to this Regulation and shall be read in accordance with the correlation table in Annex III.
Entry into force and application
Article 48 
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
It shall apply from 14 December 2019, except for Section 2 of Chapter 3, which shall apply from 21 April 2021.
...
ANNEX I
Content of notifications referred to in Article 32
1. General information 

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2. Single authority and persons responsible 
 2.1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
 2.2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3. Location of presence of the pest 
 3.1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
 3.2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4. Reason for notification, pest status of area and Member State concerned 
 4.1. Enter one of the following: 

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
 4.2. Pest status of the area in which the pest has been found, after official confirmation — enter, with an explanatory note, one or more of the following: 

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
 4.3. Pest status in the Member State concerned before the official confirmation of the presence, or suspected presence, of the pest — enter with an explanatory note, one or more of the following: 

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
 4.4. Pest status in the Member State concerned after the official confirmation of the presence of the pest — enter, with an explanatory note, one or more of the following: 

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5. Finding, sampling, testing and confirmation of the pest 

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

6. Information on the infested area and the severity and source of the outbreak 

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

7. Official phytosanitary measures 

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8. Pest risk assessment 

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

ANNEX II
Common health entry documents (CHEDs)
PART 1 CHED entries and explanatory notes 
General 

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

PART 2 Common health entry document (CHED) templates 
 Section A CHED-A 
(for animals referred to in point (a) of Article 47(1) of Regulation (EU) 2017/625) 

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
 Section B CHED-P 
(for products referred to in point (b) of Article 47(1) of Regulation (EU) 2017/625) 

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
 
                           Section C
                         
                           CHED-PP
                         

                           (for plants, plant products and other objects referred to point (c) of Article 47(1) of Regulation (EU) 2017/625)
                         






 
                           Section D
                         
                           CHED-D
                         

                           (for feed and food of non-animal origin referred to in point (d) of Article 47(1) of Regulation (EU) 2017/625)
                         









ANNEX III
Correlation table referred to in Article 47(2)
1. Directive 94/3/EC 


Directive 94/3/EC This Regulation
Article 1 Point (33) of Article 2
Article 2(1) and (2) Article 33(1)
Article 3 Article 33(2)
Article 4 _
Article 5 Point (34) of Article 2
Article 6 Point 10 of Annex I
Article 7 _
Article 8 _

2. Regulation (EU) No 16/2011 


Regulation (EU) No 16/2011 This Regulation
Point (1) of Article 1 Point (2) of Article 2
Point (2) of Article 1 Point (3) of Article 2
Point (3) of Article 1 Point (4) of Article 2
Point (4) of Article 1 Point (15) of Article 2
Point (5) of Article 1 Point (16) of Article 2
Point (5)(a) of Article 1 Point (17) of Article 2
Point (5)(b) of Article 1 Point (18) of Article 2
Point (6) of Article 1 Point (20) of Article 2
Point (7) of Article 1 Point (22) of Article 2
Point (8) of Article 1 Point (23) of Article 2
Point (9) of Article 1 _
Article 2(1) Article 14(1)
Article 2(2) Article 4(2)
Article 2(3) Article 4(3)
Article 2(4) Article 14(2)
Article 2(5) Article 13
Article 2(6) Article 14(3)
Article 3(1) Article 17(1) and (2)
Article 3(2) Article 17(3)
Article 3(3) Article 17(4)
Article 4(1) Article 18(1) and (2)
Article 4(2) Article 18(3)
Article 5(1) Article 20(1) and (2)
Article 5(2) Article 20(3)
Article 6(1) Article 22(1)
Article 6(2) Article 22(2)
Article 6(3) Article 22(3)
Article 6(4) Article 22(4)
Article 6(5) Article 22(5)
Article 7(1) Article 15(1)
Article 7(2) Article 15(2)
Article 7(3) Article 15(3)
Article 7(4) Article 15(4)
Article 7(5) -
Points (a) to (f) of the first paragraph of Article 8 Points (a) to (f) of Article 24(1)
Second paragraph of Article 8 -
Article 9(1) Article 25(1)(b)
Article 9(2) Article 25(2) and (3)
Article 10(1) and (2) Article 27(1)
 
Point (a) of Article 11 Article 24(3)
Point (b) of Article 11 Article 24(4)
Article 12 _

3. Implementing Decision 2014/917/EU 


Implementing Decision 2014/917/EU This Regulation
Article 1(1) and (2) _
Article 2(1) and (3) Article 32(1)
Article 2(2) and (4) Article 32(3)
 
Article 2(5) Article 32(4)
Article 3 _
Annex Annex I

4. Implementing Decision (EU) 2015/1918 


Implementing Decision (EU) 2015/1918 This Regulation
Article 1 _
Article 2 _
 
 
Article 3(1) _
Article 3(2) _
Article 3(3) _
Article 3(4) _
Article 4 Article 12
Article 5 _
Article 6 Article 26(1)
Point (a) of Article 7 Article 8(1)
Point (b) of Article 7 Article 8(2)
Point (c) of Article 7 _
Point (d) of Article 7 Article 15(1)
Article 8(1) Article 15(1)
Point (a) of Article 8(2) Article 16(1)(a)
Point (b) of Article 8(2) Article 16(1)(b)
Point (c) of Article 8(2) Article 16(1)(c)
Point (d) of Article 8(2) Article 16(1)(d)
Point (e) of Article 8(2) _
Point (f) of Article 8(2) _
Point (g) of Article 8(2) Article 16(1)(f)
Article 9(1) Article 10(1)
Article 9(2) -
Article 10(1) Article 10(2)
Article 10(2) and (3) Article 11(1)
Article 10(4) Article 11(3)
Article 10(5) Article 11(2)
Article 11 Article 26(2)
Article 12 Article 11(2)(b) and (3)(b)
Article 13 _
Article 14 _

5. Implementing Decision (EU) 2018/1553 


Implementing Decision (EU) 2018/1553 This Regulation
Article 1 _
Article 2(1) Article 39(1), (3) and (4)
Article 2(2) Article 39(2)
Article 2(3) _
Article 3 _
