Skip to content Skip to sidebar Skip to footer

Review of the EU legislation for 07/05/2025

Council Directive (EU) 2025/872

This Directive amends the existing EU rules on administrative cooperation in taxation, specifically Directive 2011/16/EU. Its core function is to establish a framework for the automatic exchange of information necessary for the new global minimum level of taxation for multinational groups, commonly known as the Pillar Two rules (introduced by Directive (EU) 2022/2523). The act mandates the use of a standard template for reporting this minimum tax information and sets out how tax authorities in different Member States will share it.
The Directive’s main provisions involve inserting new rules into Directive 2011/16/EU. A key addition is a new Article 8ae, dedicated to the filing format and automatic exchange of Top-up tax information returns. This article specifies who must use the standard template (primarily multinational groups), how the information is disseminated among Member States (e.g., which parts go to which type of Member State), and sets deadlines for this exchange. Another new article, Article 9a, establishes procedures for collaboration between Member States for correcting exchanged information and handling missing data. The Directive also adds a comprehensive new Annex VII to Directive 2011/16/EU, providing the detailed standard template for the Top-up tax information return, designed to align with international standards. Furthermore, the act updates various existing provisions in Directive 2011/16/EU, including definitions, statistics rules, use of information, the standard electronic format, data retention periods, rules on Tax Identification Number (TIN) validation, and penalties, to incorporate the new exchange mechanism. It also amends Article 8(3a) of Directive 2011/16/EU to align with recent changes regarding the mandatory automatic exchange of financial account information, specifically expanding the scope of data exchanged to include details like self-certification validity and controlling person roles.
The most practically significant provisions are the new Article 8ae, which mandates the automatic exchange and details dissemination rules, and the new Annex VII, containing the mandatory standard template for Top-up tax information. Article 9a is important for operational effectiveness, outlining procedures for correcting errors and dealing with missing information. The updates to Article 8(3a) are relevant for the exchange of financial account information, broadening the data points to be shared in that context.

Commission Implementing Regulation on European Digital Identity Wallets Security Breaches

This Implementing Regulation lays down precise rules for how EU Member States must respond to security breaches or compromises affecting the new European Digital Identity Wallets, their validation mechanisms, or underlying electronic identification schemes. The aim is to provide a harmonised approach for Member States to assess the severity of incidents using common criteria and take swift, coordinated actions, such as suspending or withdrawing affected wallet solutions and ensuring relevant parties are informed.
Structurally, the Regulation consists of 11 Articles and one Annex. Article 1 defines its subject matter, while Article 2 provides definitions for terms like ‘wallet solution’, ‘wallet user’, ‘wallet-relying party’, and ‘wallet unit attestation’. Article 3 establishes the process for determining a security breach or compromise, requiring Member States to use criteria listed in Annex I for their assessment and communicate with other Member States and the Commission. Articles 4 and 5 detail procedures for suspending a wallet solution, including mandatory information to affected users and relying parties. Articles 6 and 7 cover the process and notifications for re-establishing a wallet solution. Articles 8 and 9 specify conditions and steps for withdrawing a solution, particularly if a breach persists for three months, and the related information obligations. Article 10 mandates the use of specific IT systems like CIRAS for official communications. This Regulation implements provisions of the updated eIDAS Regulation (Regulation (EU) No 910/2014 as amended by Regulation (EU) 2024/1183).
From a practical standpoint, Article 3, linked with Annex I, is crucial as it sets the common criteria for assessing the severity of a breach, considering factors like the number of individuals affected, the type of data compromised (especially personal data), and service disruption. Articles 4 and 8 outline the potential actions (suspension or withdrawal). Most critically for individuals and businesses, Articles 5 and 9 mandate that Member States must inform affected wallet users and registered wallet-relying parties without undue delay about suspensions and withdrawals, providing details about the breach, its potential impact, and recommended actions.

Commission Implementing Regulation on Registration of Wallet-Relying Parties

This Implementing Regulation sets out the detailed rules for the registration of ‘wallet-relying parties’ – the public and private entities that intend to use the European Digital Identity Wallets. It mandates that each EU Member State must establish and maintain a public national register of these entities. The objective is to enhance trust and transparency within the wallet ecosystem by making information about relying parties easily accessible and ensuring a harmonised registration process across the Union.
The Regulation is structured into 11 Articles and supported by 5 Annexes providing technical requirements. Article 1 defines the subject matter: the registration of wallet-relying parties. Article 2 provides definitions. Article 3 is central, obliging Member States to set up national registers, detailing the information they must contain (Annex I), requiring the appointment of registrars, and ensuring public online access via human-readable interfaces and a single common API (Annex II). Article 4 requires Member States to publish national registration policies. Article 5 sets obligations for relying parties to provide accurate information (Annex I). Article 6 details the registration process, including electronic application, verification (using sources in Annex III), and cancellation. Article 7 deals with mandatory Wallet-Relying Party Access Certificates for authentication, requiring harmonised policies (Annex IV). Article 8 covers optional Wallet-Relying Party Registration Certificates, which, if issued, must describe intended use and data requests (Annex V), and notes how this information is used to inform users if excessive data is requested. Article 9 outlines rules for suspending or cancelling registration, including mandatory actions upon request and discretionary actions based on grounds like non-compliance, requiring proportionality. Article 10 mandates record-keeping for 10 years. Article 11 sets the application date (24 December 2026).
The most significant provisions include Article 3, which establishes the mandatory national registers and their public accessibility, including via a common API (Annex II). Article 5 and Annex I are critical as they define the detailed information relying parties must provide, including planned data requests. Article 7 and Annex IV govern the mandatory Wallet-Relying Party Access Certificates required for secure interaction. Article 8 and Annex V introduce optional Registration Certificates and the mechanism to inform users about data requests and flag potentially excessive ones. Article 9 provides the necessary framework for removing non-compliant relying parties from the register.

Commission Implementing Regulation (EU) 2025/847

This Implementing Regulation is a targeted legal instrument specifically designed to correct linguistic errors in the French and Swedish language versions of Commission Implementing Regulation (EU) 2018/2066, which governs the monitoring and reporting of greenhouse gas emissions under the EU Emissions Trading System (ETS). The regulation addresses specific inaccuracies that were unintentionally introduced into these language versions by a previous amending act, Implementing Regulation (EU) 2024/2493.
The structure of the Regulation is concise. The preamble explains the context and the need for corrections, identifying the precise errors in the French and Swedish texts of Implementing Regulation (EU) 2018/2066 and stating that these errors were introduced by Implementing Regulation (EU) 2024/2493. Article 1 is the core legal provision, formally directing the necessary corrections to the French and Swedish language versions of Implementing Regulation (EU) 2018/2066. Article 2 sets the date when this correction Regulation enters into force. Article 1 itself does not introduce new substantive monitoring or reporting rules, but

Review of each of legal acts published today:

Council Directive (EU) 2025/872 of 14 April 2025 amending Directive 2011/16/EU on administrative cooperation in the field of taxation

This Directive, Council Directive (EU) 2025/872, significantly amends the existing EU rules on administrative cooperation in taxation, specifically Council Directive 2011/16/EU (DAC). Its primary purpose is to establish the framework for the automatic exchange of information related to the new global minimum level of taxation for multinational enterprise groups and large-scale domestic groups, as introduced by Council Directive (EU) 2022/2523 (often referred to as the Pillar Two Directive). It mandates the use of a standard template for reporting this information and sets out how tax authorities in different Member States will share it. The Directive also incorporates recent updates concerning the automatic exchange of financial account information.

The structure of this amending Directive is straightforward. It consists of several articles that introduce specific changes to Directive 2011/16/EU. The main provisions include the insertion of a new Article 8ae dedicated entirely to the filing format and automatic exchange of Top-up tax information returns. This new article details who must use the standard template (MNE groups primarily), how the information is disseminated among Member States (e.g., which parts of the return go to which type of Member State), and sets deadlines for this exchange. Another new article, Article 9a, establishes procedures for collaboration between Member States regarding corrections to the exchanged information and handling cases where expected information is missing. The Directive also adds a comprehensive new Annex VII to Directive 2011/16/EU, which contains the detailed standard template for the Top-up tax information return, aligned with international standards. Furthermore, it updates various existing provisions in Directive 2011/16/EU, such as definitions, rules on statistics, use of information, standard electronic format, data retention, TIN validation, and penalties, to encompass the new exchange mechanism. It also amends Article 8(3a) of Directive 2011/16/EU to align with recent changes regarding the mandatory automatic exchange of financial account information, expanding the scope of data exchanged to include details like self-certification validity and controlling person roles. Compared to the previous version of Directive 2011/16/EU, the most significant change is the wholesale addition of the framework necessary to operationalize the information reporting and exchange requirements stemming from the global minimum tax rules.

For practical use, several provisions are particularly important. The core of the Directive lies in the new Article 8ae, which mandates the automatic exchange of the Top-up tax information return and specifies the dissemination rules, ensuring that relevant tax authorities receive the information needed to assess compliance with the Pillar Two rules. The requirement for MNE groups to use the standard template provided in the new Annex VII is crucial for ensuring consistency and comparability of information across jurisdictions. The procedures outlined in the new Article 9a for addressing errors and missing information are vital for the smooth functioning of the exchange system and for ensuring that tax authorities receive accurate and complete data. The Directive also sets out specific timelines for the first reporting fiscal year and the initial exchange of information under the new rules, which is critical for businesses and tax administrations to prepare. Finally, the update to Article 8(3a) is important for financial institutions and tax authorities involved in the exchange of financial account information, as it expands the data points to be exchanged.

Commission Implementing Regulation (EU) 2025/847 of 6 May 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards reactions to security breaches of European Digital Identity Wallets

This Regulation lays down the specific rules for how EU Member States must react to security breaches or compromises affecting the new European Digital Identity Wallets, the associated validation mechanisms, or the underlying electronic identification schemes. It provides a harmonised framework to ensure that when such incidents occur, Member States can assess their severity based on common criteria and take swift, coordinated action. This includes measures like suspending or ultimately withdrawing affected wallet solutions and ensuring that relevant parties are informed.

The Regulation is structured into 11 Articles and includes one Annex. Article 1 defines the subject matter, while Article 2 provides essential definitions for terms like ‘wallet solution’, ‘wallet user’, ‘wallet-relying party’, and ‘wallet unit attestation’. Article 3 sets out the process for establishing a security breach or compromise, requiring Member States to use the detailed criteria listed in Annex I for their assessment. It also mandates communication between Member States and the Commission regarding potential breaches. Articles 4 and 5 detail the procedures and information requirements when a wallet solution is suspended, including the obligation to inform affected users and relying parties promptly. Articles 6 and 7 cover the process and notification requirements for re-establishing a wallet solution once a breach is remedied. Articles 8 and 9 specify the conditions and steps for the withdrawal of a wallet solution, particularly if a breach is not fixed within three months, and the corresponding information obligations. Article 10 mandates the use of specific information systems like CIRAS for official communications between Member States and the Commission. This Regulation implements provisions of the updated eIDAS Regulation (Regulation (EU) No 910/2014 as amended by Regulation (EU) 2024/1183), providing the necessary operational details for handling security incidents related to the European Digital Identity Wallets, which is a new element of the updated framework.

For users and relying parties, the most important provisions are those that directly impact them in case of a security issue. Article 3, together with Annex I, is key as it defines the criteria used by Member States to determine if a breach is serious enough to affect the reliability of a wallet solution. These criteria consider factors like the number of people affected, the type of data compromised (especially personal data), and the duration of service disruption. Articles 4 and 8 are crucial as they outline the potential consequences of a breach: temporary suspension of the wallet solution’s provision and use, or permanent withdrawal if the issue is severe or not fixed in time. Most importantly for awareness, Articles 5 and 9 oblige Member States to inform affected wallet users and registered wallet-relying parties without undue delay about suspensions and withdrawals. This information must include details about the breach, its potential impact on users and relying parties, and any measures taken or recommended, ensuring transparency and enabling users and businesses to react appropriately.

Commission Implementing Regulation (EU) 2025/848 of 6 May 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards the registration of wallet-relying parties

This Commission Implementing Regulation lays down the specific rules for the registration of ‘wallet-relying parties’ within the European Digital Identity Framework established by the amended eIDAS Regulation. It mandates that each EU Member State must set up and maintain a public national register of these entities – both public and private service providers – that intend to use the European Digital Identity Wallets. The regulation aims to build trust and transparency in the wallet ecosystem by making information about these relying parties easily accessible and ensuring a harmonised registration process across the Union.

The Regulation is structured into 11 Articles and supported by 5 Annexes providing technical details and specific requirements.
* **Article 1** defines the subject matter and scope: the registration of wallet-relying parties.
* **Article 2** provides essential definitions for terms used throughout the text, such as ‘wallet-relying party’, ‘wallet unit’, ‘registrar’, and different types of certificates.
* **Article 3** mandates Member States to establish national registers, specifies the information they must contain (detailed in Annex I), requires the designation of registrars, and ensures public availability of the information online via both human-readable interfaces and a single common API (with technical requirements in Annex II).
* **Article 4** requires Member States to lay down and publish national registration policies, outlining procedures, required documentation, verification methods, and redress mechanisms.
* **Article 5** sets out the obligations for wallet-relying parties to provide accurate and up-to-date information (as listed in Annex I) to the national registers.
* **Article 6** details the registration processes, requiring registrars to establish easy-to-use electronic processes, verify applications without undue delay, and conduct verifications, including entitlements based on sources listed in Annex III. It also covers the cancellation process.
* **Article 7** deals with Wallet-Relying Party Access Certificates, which are mandatory for relying parties to authenticate themselves to wallet units. It requires Member States to authorise certificate providers and implement harmonised certificate policies and practice statements according to Annex IV.
* **Article 8** addresses Wallet-Relying Party Registration Certificates, which Member States *may* authorise. If issued, these certificates must describe the relying party’s intended use and the data they intend to request, including a general access policy to inform users if excessive data is requested, in line with Annex V requirements.
* **Article 9** outlines the rules for suspending or cancelling a registration, including mandatory suspension/cancellation upon request from a supervisory body or the relying party itself, and discretionary action by the registrar based on specified grounds, requiring a proportionality assessment. It also mandates the revocation of associated certificates upon suspension or cancellation.
* **Article 10** requires registrars to keep records of registered information and changes for 10 years.
* **Article 11** sets the entry into force and application date (24 December 2026).
* **Annexes I to V** provide detailed lists of required information, technical specifications for APIs and electronic signatures/seals, sources for verification of entitlements, and comprehensive requirements for the policies, practices, and content of Wallet-Relying Party Access and Registration Certificates.

This Regulation implements new provisions introduced by the recent amendment to the eIDAS Regulation (Regulation (EU) 2024/1183), specifically concerning the registration of parties relying on the new European Digital Identity Wallets. It establishes a new framework element rather than amending a previous implementing regulation on this specific topic.

For anyone involved with the European Digital Identity Wallets, several provisions are particularly important:
* **The requirement for national registers (Article 3):** This is the foundation, ensuring a central, public source of information about who is using the wallets.
* **Public availability and the common API (Article 3(4), (5), Annex II):** This ensures transparency and allows wallet providers and users to easily verify the status and registered details of a relying party, crucial for interoperability and trust.
* **Information required from relying parties (Article 5, Annex I):** Relying parties must provide detailed information, including a list and description of the data they intend to request from users and their specific entitlements (e.g., service provider, qualified trust service provider). This transparency is key for user control.
* **Wallet-Relying Party Access Certificates (Article 7, Annex IV):** These are mandatory for relying parties to authenticate themselves, ensuring secure interaction with wallets based on harmonised EU standards.
* **Wallet-Relying Party Registration Certificates (Article 8, Annex V) and the general access policy:** If a Member State opts to issue these, they provide users with clear information about the relying party’s registered data requests. Crucially, wallet providers must use this information to warn users if a relying party asks for more data than they are registered to request (Article 8(2)(d)), offering a vital layer of user protection against oversharing.
* **Suspension and cancellation rules (Article 9):** These provisions allow for the removal of relying parties from the register if they fail to comply with the rules or act inappropriately, protecting users and maintaining the integrity of the ecosystem.

Commission Implementing Regulation (EU) 2025/842 of 6 May 2025 correcting certain language versions of Implementing Regulation (EU) 2018/2066 on the monitoring and reporting of greenhouse gas emissions pursuant to Directive 2003/87/EC of the European Parliament and of the Council

This Commission Implementing Regulation is a targeted legal instrument designed to fix specific linguistic errors in another key piece of EU law, Implementing Regulation (EU) 2018/2066. The latter regulation is fundamental for the EU Emissions Trading System (ETS), detailing how companies must monitor and report their greenhouse gas emissions. This new Regulation specifically corrects inaccuracies that appeared in the French and Swedish language versions of the monitoring and reporting rules, errors that were inadvertently introduced by a previous amending regulation (Implementing Regulation (EU) 2024/2493).

The structure of this Regulation is concise. It begins with a preamble explaining the background and the necessity of the corrections, identifying the precise errors in the French and Swedish texts of Implementing Regulation (EU) 2018/2066 and noting that these errors were introduced by Implementing Regulation (EU) 2024/2493. The core legal provision is Article 1, which formally mandates the corrections to the French and Swedish language versions. Article 2 sets the date when the Regulation enters into force. The main provision, Article 1, does not introduce new substantive rules but rather rectifies existing ones in specific language versions to ensure they accurately reflect the intended legal requirements for monitoring and reporting under the EU ETS.

For those operating under the EU ETS and using the French or Swedish language versions of Implementing Regulation (EU) 2018/2066, the most important provision is Article 1. This article ensures the accuracy of critical technical details. Specifically, it corrects the definition of the ‘latest flight plan’ in the French version (Annex IIIa, section 1, point 8), the minimum frequency required for flue gas analyses in the Swedish version (Annex VII, table, entry for ‘Flue gas’), and the specified measurement units for reporting in the Swedish version (Annex X, section 1, point 8(a)). These corrections are vital for ensuring that operators and authorities using these language versions apply the monitoring and reporting rules correctly and consistently with the other language versions.

Commission Implementing Regulation (EU) 2025/849 of 6 May 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards the submission of information to the Commission and to the Cooperation Group for the list of certified European Digital Identity Wallets

This Commission Implementing Regulation lays down the specific rules for how EU Member States must submit information about their certified European Digital Identity Wallets. Its main goal is to enable the European Commission to establish and maintain a public, machine-readable list of these certified wallets. By standardising the format and procedure for this submission, the regulation aims to ensure transparency and trust in the new EU digital identity framework.

The regulation is structured into several articles and an Annex. It begins by defining key terms specific to the European Digital Identity Wallet ecosystem, such as ‘wallet solution’, ‘wallet provider’, and ‘critical assets’. The core provisions are found in Article 3 and the Annex. Article 3 mandates Member States to submit the required information to both the Commission and the European Digital Identity Cooperation Group via a secure electronic channel provided by the Commission. It also requires this information to be submitted at least in English and obliges Member States to update the information whenever changes occur, including changes to a wallet’s certification status. This regulation implements the requirements set out in the updated main EU law on electronic identification and trust services (Regulation (EU) No 910/2014) concerning the list of certified wallets, providing the necessary practical details for Member States to fulfil this obligation.

For anyone needing to understand what information will be available on the list of certified wallets or how Member States report this, the most important provisions are Article 3 and the Annex. Article 3 is vital as it sets out the obligation for Member States to submit the information, specifies the secure electronic channel to be used, and requires the submission to be at least in English, ensuring broad accessibility. The Annex is equally crucial as it details the precise content of the information that Member States must submit. This includes comprehensive descriptions of the wallet solution itself, the electronic identification scheme under which it operates (covering aspects like responsible authorities, supervisory and liability regimes, and enrolment processes), and the mandatory certification documents and reports. This detailed specification ensures that the information provided is consistent and comprehensive across all Member States.

Commission Implementing Regulation (EU) 2025/846 of 6 May 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards cross-border identity matching of natural persons

Okay, here is the description of Commission Implementing Regulation (EU) 2025/846 based on the text you provided.

This regulation sets out the specific technical and procedural rules for how public sector bodies across the European Union must perform cross-border identity matching of natural persons. It applies when individuals use either a European Digital Identity Wallet or a notified electronic identification means from another Member State to access online services. The goal is to ensure that when a user from one EU country accesses a public service online in another, their identity can be reliably and consistently matched against existing records held by the service provider. This is a crucial step for enabling seamless cross-border digital interactions within the internal market.

The regulation is structured into a Preamble, which explains the legal basis and the reasoning behind the rules (Recitals 1-18), and six Articles laying down the specific legal obligations. The core provisions are found in Articles 2 to 5. This act implements Article 11a(3) of the updated eIDAS Regulation (Regulation (EU) No 910/2014, as amended by Regulation (EU) 2024/1183), often referred to as eIDAS 2.0. Compared to the previous framework under the original eIDAS, this regulation introduces specific rules tailored for the new European Digital Identity Wallets, defining the data sets to be used for matching with these wallets, alongside updated rules for matching with traditional notified electronic identification means. It builds upon and references other implementing acts related to eIDAS, such as those defining minimum data sets and person identification data for wallets.

For journalists covering this topic, the most important provisions are likely:

* **Article 2 (General requirements):** This article is fundamental as it dictates *how* identity matching must be performed by public sector bodies. It specifies the exact data sets to be used – mandatory person identification data from Implementing Regulation (EU) 2024/2977 for Wallets, and mandatory attributes from Implementing Regulation (EU) 2015/1501 for notified electronic identification means. It also clarifies how a successful match is determined, requiring an unequivocal link to a single natural person or resulting in a new, equivalent registration. Importantly, it requires handling minor orthographic variations (like spaces or hyphens) to avoid unnecessary matching failures.
* **Article 3 & 4 (Successful and Unsuccessful Matching):** These articles detail the user experience. Article 3 requires informing the user upon a successful match and offering options to reuse the completed matching process in the future (e.g., by storing an association). Article 4 mandates that if a match is unsuccessful, the user must be informed, given clear reasons, and presented with alternative options or complementary processes to complete the identification or access the service. This ensures transparency and user control.
* **Article 5 (Logging):** This provision requires relying parties to keep logs of the identity matching process, including the data used and the outcome, for a minimum of 6 and a maximum of 12 months. This is crucial for security, accountability, and handling potential user complaints or disputes.
* **Article 6 (Entry into force):** While entering into force soon after publication, the regulation’s rules will only *apply* from 24 December 2026. This gives Member States and service providers time to implement the necessary systems and procedures.

Commission Implementing Regulation (EU) 2025/835 of 5 May 2025 imposing a definitive countervailing duty on imports of biodiesel originating in Argentina following an expiry review pursuant to Article 18 of Regulation (EU) 2016/1037 of the European Parliament and of the Council

This Commission Implementing Regulation imposes definitive countervailing duties on imports of biodiesel originating in Argentina following an expiry review. The review found that subsidisation of the Argentinian biodiesel industry is likely to continue if measures lapse, and that while current imports under undertakings did not cause injury during the review period, injury would likely recur if the measures and undertakings were removed. Consequently, the existing countervailing duties are maintained to protect the Union industry.

The act is structured into several sections detailed in the recitals, followed by the operative articles. The recitals cover the procedural aspects of the expiry review, define the product under review and like product, analyse the likelihood of continuation of subsidisation, assess injury to the Union industry, examine the causal link between subsidised imports and injury, evaluate the likelihood of recurrence of injury, and consider the Union interest. The main provisions in the recitals detail the investigation’s findings regarding specific Argentinian subsidy schemes, particularly government support through the provision of soybeans for less than adequate remuneration and income/price support, provincial tax exemptions, and other schemes. It also analyses the economic situation of the Union industry and the impact of imports from Argentina and other countries. The operative articles formally impose the definitive countervailing duty, list the specific duty rates for named companies and a residual rate for all others, and set out the conditions for applying these rates, including requirements for commercial invoices and the continuation of existing undertakings. Changes compared to previous versions are noted within the recitals, such as the replacement of the 2006 Biofuels Law by the 2021 Biofuels Law in Argentina, changes in Argentinian export tax rates and policies, and the impact of new trade defence measures by other countries or the EU itself (e.g., on Chinese biodiesel).

For those involved in importing or trading biodiesel from Argentina, the most important provisions are found in Article 1 and Article 2. Article 1 imposes the definitive countervailing duty and lists the specific duty rates applicable to named Argentinian exporting producers, as well as a higher residual rate for all other imports. These rates range from 25.0% to 33.4%. Article 1(3) sets out the crucial condition for applying the individual, lower duty rates: the presentation of a valid commercial invoice containing a specific declaration signed by an official of the exporting company. Without this specific invoice and declaration, the higher ‘all other imports’ duty rate will apply. Article 2 is also vital as it confirms that imports from companies whose undertakings were accepted by the Commission (listed in Implementing Decision (EU) 2019/245) remain exempt from the duty, provided they comply with the undertaking conditions, including specific invoice and certificate requirements detailed in Annexes 1 and 2. This means that for companies under the undertaking, the duty rates in Article 1 do not apply as long as they adhere to the undertaking terms. Article 3 specifies the invoice requirements for companies under undertaking for transactions that are *not* exempted from the duty. Finally, recital (441) highlights the possibility of initiating an anti-circumvention investigation if exports by companies with lower individual rates increase significantly, potentially leading to the removal of individual rates and the imposition of the country-wide duty.

Commission Implementing Regulation (EU) 2025/839 of 5 May 2025 granting a Union authorisation for the biocidal product family Oxivir Excel BPF in accordance with Regulation (EU) No 528/2012 of the European Parliament and of the Council

Here is a description of the provisions of Commission Implementing Regulation (EU) 2025/839:

This European Union regulation grants a Union authorisation for a family of biocidal products known as ‘Oxivir Excel BPF’. This authorisation permits these products, which contain hydrogen peroxide as the active substance, to be placed on the market and used across all EU Member States. The products are intended for use as disinfectants and algaecides in various settings, including healthcare and food/feed areas. The authorisation is valid for a period of ten years, from 26 May 2025 until 30 April 2035.

The structure of this regulation is straightforward. The main body formally grants the authorisation and specifies its duration, referring to the detailed conditions set out in the Annex. The Annex, which constitutes the bulk of the text, is the Summary of the Biocidal Product Characteristics (SPC). The SPC is organised into levels, starting with general information about the entire product family and then breaking down into ‘Meta SPCs’ for different product formulations: a concentrate, a ready-to-use liquid, and ready-to-use wipes. Each Meta SPC details the specific composition, hazard information, and, crucially, the authorised uses and instructions. This regulation grants a new authorisation under the existing framework of the EU Biocidal Products Regulation (Regulation (EU) No 528/2012) and does not describe amendments or changes to previous authorisations.

For anyone planning to use these products, the most important provisions are found within the detailed use descriptions and general directions for use in the Annex’s Meta SPC sections. These specify exactly where and how each product formulation can be applied, covering methods like mopping, wiping, soaking, dipping, and foaming on hard surfaces in healthcare, food/feed, and general areas. Key details for users include the required dilution rates for the concentrate product (ranging from 1.5% to 5% depending on the target organism and use area), the application rates, the necessary contact time for disinfection (consistently 5 minutes across all listed uses), and the categories of permitted users (professional, and for some ready-to-use products, the general public). The regulation also outlines essential safety measures, such as mandatory personal protective equipment (PPE) when handling the concentrate, and provides first aid and disposal instructions. It’s also clarified that while these products may be used on medical device surfaces, their authorisation as medical devices falls under separate legislation (Regulation (EU) 2017/745) and is not covered by this biocidal authorisation.

Commission Implementing Regulation (EU) 2025/845 of 5 May 2025 approving the active substance elemental iron as a low-risk active substance in accordance with Regulation (EC) No 1107/2009 of the European Parliament and of the Council, and amending Commission Implementing Regulation (EU) No 540/2011

Here is a description of the provisions of Commission Implementing Regulation (EU) 2025/845:

This regulation formally approves the active substance elemental iron for use in plant protection products across the European Union. Crucially, it designates elemental iron as a ‘low-risk’ active substance, reflecting a positive assessment of its properties and potential impact. This approval is subject to specific conditions and purity requirements detailed within the regulation.

The structure of the regulation includes a preamble outlining the procedural steps leading to the decision, followed by three articles and two annexes. Article 1 grants the approval for elemental iron under the conditions specified in Annex I. Article 2 amends Commission Implementing Regulation (EU) No 540/2011, which lists approved active substances, by incorporating the details of the elemental iron approval into that list. Article 3 sets the date when the regulation enters into force. The main change introduced is the addition of elemental iron to the EU’s list of approved active substances with the low-risk designation.

For stakeholders involved in the plant protection sector, the most important provisions are contained within Annex I. This annex precisely defines the approved substance (elemental iron, CAS No 7439-89-6), sets a minimum purity standard of ≥ 989 g/kg, and establishes strict maximum limits for specific toxicologically concerning impurities such as Arsenic, Mercury, and Lead. It also specifies the approval period, which runs from 26 May 2025 until 26 May 2040. Furthermore, it mandates that the conclusions of the scientific review report, particularly its appendices, must be taken into account when authorising specific plant protection products containing elemental iron, and highlights that appropriate risk mitigation measures may be required as conditions of use.

Commission Implementing Regulation (EU) 2025/864 of 30 April 2025 operating deduction from the Atlantic salmon fishing quota allocated to Finland in 2025 on account of overfishing in 2024

Good morning. Let’s look at this new piece of EU legislation.

This Commission Implementing Regulation concerns a specific action taken under the EU’s Common Fisheries Policy. In essence, it formally reduces the amount of Atlantic salmon that Finland is allowed to catch in the Baltic Sea during 2025. This reduction is a penalty imposed because Finland exceeded its permitted fishing opportunities for this stock in 2024. The overfishing occurred through fishing activities that the Commission determined were not compliant with the rules for scientific research fisheries.

The Regulation is structured clearly. It starts by citing the legal basis that empowers the Commission to take such action, primarily the EU’s fisheries control regulation (Regulation (EC) No 1224/2009), which mandates deductions for overfishing. The core of the act is found in the “Whereas” clauses, which provide a detailed narrative. They explain the relevant fishing quotas allocated to Finland for 2023, 2024, and 2025, highlighting that the 2024 quota for this specific salmon stock was mainly for unavoidable by-catches, with very limited exceptions, including for compliant scientific investigations. The Regulation then meticulously recounts the exchanges between the Commission and Finland regarding a planned Finnish research fishery in 2024, the negative scientific advice from the EU’s Scientific, Technical and Economic Committee for Fisheries (STECF) on the scale and justification of this research, Finland’s decision to proceed despite warnings, and the final reported catches from this activity. The Commission’s analysis concludes that this fishing did not meet the legal requirements for scientific research and therefore constituted unauthorised directed fishing, leading to overfishing of the permitted quota for such activity (which was zero in the areas concerned). The operative part of the Regulation, Article 1, formally states that the 2025 quota is reduced, and the Annex provides the precise details of this deduction. This act doesn’t amend previous regulations directly but applies the consequences foreseen by existing rules (like the Control Regulation and the 2024 Fishing Opportunities Regulation) based on Finland’s actions in 2024.

For anyone needing to understand the practical impact of this Regulation, the most important provisions are Article 1 and the Annex. Article 1 is the core legal instruction, stating that Finland’s 2025 quota for Atlantic salmon in the specified Baltic Sea areas is reduced. The Annex is crucial because it provides the exact figure of the deduction: 3,162 individuals. This means Finland’s total allowable catch for this salmon stock in 2025, as initially set by the 2025 fishing opportunities regulation, is now 3,162 individuals lower. The detailed explanation in the “Whereas” clauses is also highly important as it clarifies *why* this deduction is being made – specifically, that fishing carried out in 2024 under the guise of scientific research was deemed non-compliant with EU rules and therefore counted as illegal directed fishing, triggering the overfishing penalty mechanism.

Commission Implementing Regulation (EU) 2025/834 of 5 May 2025 granting a Union authorisation for the single biocidal product Chlorine in accordance with Regulation (EU) No 528/2012 of the European Parliament and of the Council

Here is a description of the provisions of Commission Implementing Regulation (EU) 2025/834:

1. **Essence of the Act:**
This regulation grants a Union-wide authorisation for the biocidal product named ‘Chlorine’, allowing it to be made available on the market and used across the European Union. The product is authorised for professional use in disinfecting and controlling algae in public swimming pools (Product Type 2) and for disinfecting drinking water at water suppliers and their distribution systems (Product Type 5). The authorisation is valid for a specific period and comes with detailed conditions for its safe and effective use.

2. **Structure, Main Provisions, and Changes:**
The regulation starts with recitals explaining the background, including the application process under the EU Biocidal Products Regulation (Regulation (EU) No 528/2012), the evaluation by national authorities and the European Chemicals Agency (ECHA), and ECHA’s positive opinion. It highlights a specific request from Germany to adjust the authorisation conditions for the drinking water use within its territory, based on national drinking water legislation. The core legal provisions are in Article 1, which formally grants the Union authorisation to the applicant, CGV Chlorgas Vertriebs GmbH, specifies the authorisation number (EU-0028952-0000), and sets the validity period from 26 May 2025 until 30 April 2035. Article 1 also explicitly incorporates the specific adjustments requested by Germany for the drinking water use within its territory. Article 2 states the regulation’s entry into force date. The Annex contains the legally binding Summary of Product Characteristics (SPC), detailing the product’s composition, hazards, authorised uses, application methods, rates, risk mitigation measures, and other essential information. This is a new Union authorisation implementing a decision under the Biocidal Products Regulation, rather than amending a previous act.

3. **Most Important Provisions for Use:**
For anyone involved in using or supplying this product, the most important part is the Summary of Product Characteristics (SPC) found in the Annex. This document is the definitive guide to the product’s authorised uses. It specifies the exact target organisms (bacteria, viruses, green algae), the permitted locations for use (public swimming pools, drinking water systems), and crucial details on how the product must be applied, including specific methods (closed automated dosing systems), required concentrations (e.g., maintenance and shock treatment rates for pools, primary disinfection rates for drinking water), and contact times. Critically, the SPC lists mandatory risk mitigation measures, such as technical requirements for handling the chlorine gas, ensuring no bathers are present during shock treatments, and restrictions on discharging treated water. It also provides essential safety information like hazard statements, precautionary statements, first aid instructions, and requirements for safe storage and disposal. A key point is the specific adjustment for Germany concerning the disinfection of drinking water, which mandates compliance with particular national technical rules and concentration limits derived from German law (TrinkwV) and related standards.

Commission Implementing Regulation (EU) 2025/808 of 5 May 2025 amending Implementing Regulation (EU) 2015/408 as regards the deletion of gamma-cyhalothrin, ipconazole and oxamyl from the list of active substances to be considered as candidates for substitution

Here is a description of the provisions of Commission Implementing Regulation (EU) 2025/808:

1. **Essence of the Act:**
This Regulation is a targeted amendment to existing EU law on plant protection products. Its main purpose is to update a specific list of active substances. It removes three substances – gamma-cyhalothrin, ipconazole, and oxamyl – from the list of substances considered candidates for substitution in plant protection products within the European Union. This update is necessary because these substances are no longer approved for use in the EU market.

2. **Structure, Main Provisions, and Changes:**
The Regulation is structured concisely. It begins with a preamble (“Whereas” clauses) explaining the background and legal basis, referencing Regulation (EC) No 1107/2009 and the original Implementing Regulation (EU) 2015/408. It notes that the approvals for the three substances have expired or been withdrawn, making their inclusion in the list of candidates for substitution obsolete. The core of the Regulation lies in its two articles. Article 1 mandates the amendment to the Annex of Implementing Regulation (EU) 2015/408 as detailed in the Annex of this new Regulation. Article 2 specifies the entry into force date. The Annex to this Regulation is the operational part, explicitly stating that the entries for gamma-cyhalothrin, ipconazole, and oxamyl are to be deleted from the Annex of Implementing Regulation (EU) 2015/408. The main change compared to the previous version (Implementing Regulation (EU) 2015/408) is precisely this deletion of these three specific substances from its list.

3. **Most Important Provisions for Use:**
For practical purposes, the most significant provision is the instruction in the Annex, implemented via Article 1, to remove gamma-cyhalothrin, ipconazole, and oxamyl from the list of candidates for substitution in the Annex of Implementing Regulation (EU) 2015/408. This means that these three substances are no longer subject to the specific requirements and scrutiny applied to substances identified as candidates for substitution under EU law. Their removal from this list reflects their status as substances no longer approved for use in plant protection products within the EU, simplifying the regulatory landscape by removing them from a list relevant only to approved substances.

Commission Implementing Regulation (EU) 2025/831 of 5 May 2025 granting a Union authorisation for the biocidal product family AWPF Calcium Hypochlorite BPF in accordance with Regulation (EU) No 528/2012 of the European Parliament and of the Council

This Regulation grants a Union authorisation for a family of biocidal products known as ‘AWPF Calcium Hypochlorite BPF’. These products, which release active chlorine from calcium hypochlorite, are intended for use as disinfectants and algaecides in various applications, including swimming pools, spas, and drinking water systems. The authorisation is granted under the framework of the EU Biocidal Products Regulation and is valid across all Member States, albeit with specific conditions and limitations detailed within the accompanying annexes.

The structure of this Regulation is straightforward. Article 1 is the core provision, formally granting the Union authorisation, assigning an authorisation number (EU-0027464-0000), identifying the authorisation holder (Innovative Water Care Europe SAS), and setting the validity period from 26 May 2025 to 30 April 2035. It explicitly states that the authorisation is subject to the terms and conditions in Annex I and the Summary of Biocidal Product Characteristics (SPC) in Annex II. Article 1 also highlights specific adjustments applicable only within Germany for certain drinking water uses. Annex I sets out a post-authorisation condition requiring the authorisation holder to conduct a long-term storage stability test for a specific product type (Meta SPC 4) and submit the results to the European Chemicals Agency (ECHA) by 26 May 2027. Annex II contains the detailed SPC, which is organised into three levels: the overall product family composition, four “Meta SPCs” describing groups of products with similar characteristics (Meta SPCs 1, 2, and 3 for granules and tablets used in product types 2, 4, and 5, and Meta SPC 4 for non-oxidising tablets in product type 2), and finally, a list of individual trade names covered by each Meta SPC. As this is the initial Union authorisation for this specific product family, it does not represent changes compared to previous Union authorisations for this family, but rather establishes the conditions for its first placement on the EU market under the Union authorisation procedure.

For those involved in the production, distribution, or use of these products, the most important provisions are primarily found within Annex II, the Summary of Biocidal Product Characteristics. This annex specifies the authorised product types (PT 2, PT 4, PT 5) and details the permitted uses for each Meta SPC, including disinfection of swimming pools and spas for both professional and non-professional users, disinfection of equipment and pipework in drinking water systems for professional users, and disinfection of drinking water for human consumption in public distribution systems and portable devices for professional and industrial users. The SPC provides crucial information on application methods, rates, and frequencies for each specific use. Furthermore, it outlines essential risk mitigation measures, such as required personal protective equipment (PPE) for professional users, safe handling instructions, first aid information, emergency procedures, and instructions for safe disposal and storage conditions. A particularly important aspect for market operators is the specific adjustment for Germany detailed within Meta SPCs 1, 2, and 3 for drinking water uses (uses 4 and 5). This adjustment, based on Germany’s national drinking water legislation (TrinkwV), means that these specific uses are either not authorised in Germany or are subject to stricter national requirements regarding application rates, concentrations, technical rules for dosing, minimum contact time, and the purity of the active substance releaser.

Commission Implementing Regulation (EU) 2025/833 of 5 May 2025 renewing the approval of the active substance lenacil in accordance with Regulation (EC) No 1107/2009 of the European Parliament and of the Council, and amending Commission Implementing Regulations (EU) No 540/2011 and (EU) 2015/408

This Regulation, Commission Implementing Regulation (EU) 2025/833, concerns the active substance lenacil, which is used in plant protection products. Its primary purpose is to renew the approval of lenacil for use within the European Union market under the framework of Regulation (EC) No 1107/2009. The Regulation sets out the new period of approval and specific conditions that must be met for its use. It also updates other related EU legislation concerning approved substances and candidates for substitution.

The structure of the Regulation begins with a series of recitals explaining the background and legal basis for the decision, including the previous approval status, the renewal application process, the assessment by Member States and the European Food Safety Authority (EFSA), and the findings of that assessment. The operative part consists of four articles. Article 1 formally renews the approval of lenacil subject to the conditions detailed in Annex I. Article 2 mandates amendments to Commission Implementing Regulation (EU) No 540/2011, which lists approved active substances, as specified in Annex II. Article 3 requires the deletion of lenacil from the list of candidates for substitution established by Commission Implementing Regulation (EU) 2015/408. Article 4 sets the entry into force and application dates. Annex I provides the specific details of the renewed approval, including the substance identification, purity, new approval dates, and specific provisions. Annex II details the exact changes to Implementing Regulation (EU) No 540/2011, essentially moving lenacil from Part A to Part B of the Annex with its updated approval details. Compared to previous versions, the key changes are the extension of the approval period, the introduction of new specific conditions and requirements for confirmatory data, and the removal of lenacil from the list of candidates for substitution.

For those involved with plant protection products containing lenacil, the most important provisions are the renewal of the approval itself, which allows these products to potentially remain on the market subject to national authorisations, and the new approval period, which runs from 1 July 2025 until 30 June 2040. Crucially, the approval is subject to specific conditions, including the implementation of appropriate risk mitigation measures. Furthermore, the Regulation requires the applicant to submit confirmatory information by 25 March 2027 concerning rotational crop field trials, including analysis for metabolites, and potentially a livestock exposure assessment. This means that while the substance is approved, further data is needed to confirm certain aspects of its safety profile, and national authorities must pay particular attention to these areas when authorising products. The removal of lenacil from the list of candidates for substitution is also significant, as it changes its regulatory status compared to substances on that list.

Agreement between the European Union and Bosnia and Herzegovina on the cooperation between the European Union Agency for Criminal Justice Cooperation (Eurojust) and the authorities of Bosnia and Herzegovina competent for judicial cooperation in criminal matters

Here is a description of the Agreement between the European Union and Bosnia and Herzegovina on the cooperation between Eurojust and the authorities of Bosnia and Herzegovina competent for judicial cooperation in criminal matters.

This Agreement establishes a legal framework for enhanced judicial cooperation in criminal matters between the European Union Agency for Criminal Justice Cooperation (Eurojust) and the relevant authorities in Bosnia and Herzegovina. Its primary objective is to improve the investigation and prosecution of serious crime, particularly organised crime and terrorism, through closer collaboration. A key aspect is the secure and regulated exchange of personal data between Eurojust and Bosnia and Herzegovina, ensuring respect for fundamental rights and data protection principles.

The Agreement is structured into five Chapters and includes three Annexes. Chapter I sets out the objectives, scope, and definitions, establishing the foundation for cooperation. It details mechanisms such as designating contact points, the secondment of a Liaison Prosecutor from Bosnia and Herzegovina to Eurojust, the possibility of Eurojust posting a Liaison Magistrate to Bosnia and Herzegovina, participation in operational and strategic meetings, and Eurojust’s role in assisting Joint Investigation Teams (JITs). Chapter II is extensive and focuses entirely on information exchange and data protection, laying down detailed rules for the processing and transfer of personal data, including specific principles, conditions for sensitive data, rules for onward transfers, data subject rights (access, rectification, erasure), breach notification procedures, storage limits, logging, and security measures. Chapter III briefly addresses the confidentiality of information, referring to a separate working arrangement. Chapter IV deals with liability and compensation for damages. Chapter V contains final provisions regarding expenses, the governing working arrangement (which replaces previous ones), relation to other international instruments, notification procedures, entry into force, amendments, review, evaluation, dispute settlement, and termination. Annex I lists the forms of serious crime covered, Annex II lists the competent authorities in Bosnia and Herzegovina, and Annex III lists the EU bodies with which Eurojust can share data.

Among the most important provisions for practical implementation are those establishing the direct cooperation channels and the robust data protection framework. Article 5 mandates Bosnia and Herzegovina to second a Liaison Prosecutor to Eurojust, providing a dedicated point of contact and expertise within the agency. Article 7 highlights Eurojust’s role in assisting the establishment and operation of Joint Investigation Teams (JITs) between Bosnia and Herzegovina and EU Member States. Article 8 allows for a reciprocal arrangement with Eurojust potentially posting a Liaison Magistrate to Bosnia and Herzegovina. Crucially, Chapter II provides a comprehensive set of rules governing the exchange of personal data, which is essential for effective judicial cooperation. Articles 9 and 10 define the legitimate purposes and general principles for data processing, ensuring lawfulness and fairness. Article 11 imposes strict conditions for handling sensitive data categories. Article 13 is vital as it regulates the onward transfer of data received under the Agreement, requiring prior authorisation under specific conditions to maintain control over the data flow. Articles 14, 15, 16, and 17 establish clear rights for data subjects regarding access, correction, and notification in case of breaches. Finally, Articles 21 and 22 underpin the data protection regime by requiring independent supervisory oversight and guaranteeing the right to an effective judicial remedy and compensation.

Amendments to the Customs Convention on the International Transport of goods under cover of TIR carnets (TIR Convention 1975)

Here is a description of the provisions of the provided text:

These amendments update the Customs Convention on the International Transport of Goods under Cover of TIR Carnets (TIR Convention 1975). The TIR Convention is a key international agreement that simplifies and secures international road transport by allowing goods to move across borders under customs seal with a single international guarantee. These specific changes introduce a formal process for resolving disputes within the TIR guarantee chain, clarify the relationship between the international organization and its national members, and extend the validity period for the approval certificates of road vehicles used for TIR transports.

The provided text outlines four specific amendments to the TIR Convention 1975, which enter into force on 1 June 2025. It does not present the full convention but only the modifications. The structure is a list of the points being amended:
1. **Explanatory Note 8.10 (e):** A new explanatory note is inserted. This provision establishes a procedure for parties involved in the guarantee chain (international organization, national associations, customs administrations) to handle disputes that could affect the guarantee system’s functioning. It requires parties to inform each other without delay, initiate negotiations, and allows any party to request assistance from the TIR Executive Board to facilitate settlement.
2. **Explanatory Note 0.6.2 bis-1:** This existing explanatory note is modified. It clarifies that the relationship between the international organization and its member associations regarding the guarantee system must be defined in written agreements. It also specifies that these agreements can be terminated with at least six months’ prior notice, unless authorizations under Article 6 are revoked earlier.
3. **Prolongation of the validity of the certificate of approval:** This amendment makes changes in two places (Annex 3, paragraph 4 and Annex 4, Model Certificate of Approval, page 4, paragraph 3). In both instances, the validity period for the certificate of approval of a road vehicle used for TIR transport is extended from two years to three years.
4. **Acceptance of the certificate of approval until the last date of validity:** A new paragraph 6 is added to Annex 4 (Model Certificate of Approval, page 4). This provision states that if a TIR transport begins on or before the final date of validity of the vehicle’s certificate of approval, the certificate will remain valid specifically for that transport until it is completed at the customs office of final destination.

For practical use, the most important provisions are likely the changes regarding the certificate of approval for road vehicles. Extending the validity from two to three years (point 3) reduces the frequency with which vehicles need to be inspected and certified, potentially lowering administrative burden and costs for transport operators. Furthermore, the new rule allowing the certificate to remain valid until the end of a transport that started before its expiry date (point 4) provides crucial flexibility and avoids potential issues for journeys that span across the certificate’s expiry date. The new dispute resolution mechanism (point 1) is also significant as it aims to ensure the stability and continuity of the TIR guarantee system, which is fundamental for the smooth operation of TIR transports.

: These amendments to the TIR Convention are relevant for all Contracting Parties, including Ukraine, and will impact international road transport operations involving Ukrainian carriers and territories.

Notice concerning the date of entry into force of the Voluntary Partnership Agreement between the European Union and the Republic of Côte d’Ivoire on forest law enforcement, governance and trade in timber and timber products to the European Union (FLEGT) [2025/865]

Thank you for providing this text. This document is a Notice published in the Official Journal of the European Union. Its sole purpose is to formally announce the date on which a specific international agreement has entered into force.

The text you have provided is not the agreement itself – the Voluntary Partnership Agreement (VPA) between the EU and Côte d’Ivoire on forest law enforcement, governance and trade (FLEGT). Instead, it is a short, administrative notice confirming that this VPA has become legally binding.

Therefore, this notice does not contain the substantive legal provisions of the VPA, such as its objectives, scope, licensing system, or governance mechanisms. It does not have a complex structure of chapters and articles like the agreement itself, nor does it detail any changes compared to previous versions (as it is a notice about a specific, single agreement).

As I am required to focus strictly on the text provided, I cannot describe the detailed provisions, structure, or changes of the VPA based on this notice. The most important information contained within this specific notice is the confirmation that the VPA entered into force on 1 May 2025, as stipulated in Article 31(1) of the Agreement itself.

Agreement between Canada and the European Union on the transfer and processing of passenger name record data

Okay, here is a description of the Agreement between Canada and the European Union on the transfer and processing of passenger name record data, based on the text provided.

This Agreement establishes the legal framework for air carriers operating flights between the European Union and Canada to transfer Passenger Name Record (PNR) data to Canada. Its primary objective is to allow Canada to use this data for the prevention, detection, investigation, and prosecution of terrorism and serious transnational crime. Crucially, the Agreement also lays down detailed safeguards and conditions to ensure that the processing of this personal data respects fundamental rights, particularly privacy and data protection.

The Agreement is structured into three main chapters and includes an Annex listing the specific PNR data elements covered. Chapter 1, “General Provisions,” defines the objective, key terms (like ‘PNR data’, ‘sensitive data’, ‘terrorist offence’, ‘serious transnational crime’), and sets out the purposes for which the data can be used. It also includes provisions on ensuring data provision by air carriers, deeming Canada’s processing adequate under EU law (Article 5), and outlining police and judicial cooperation mechanisms (Article 6). Chapter 2, “Safeguards Applicable to the Processing of PNR Data,” is the most extensive, detailing rules on non-discrimination, the handling of sensitive data, data security, oversight by independent authorities, transparency towards passengers, individuals’ rights to access and correct their data, limitations on automated processing, data retention periods and conditions for use, logging, and disclosure within and outside Canada. Chapter 3, “Implementing and Final Provisions,” covers aspects like application to data received before entry into force, cooperation, dispute resolution, review mechanisms, duration, territorial application, and entry into force procedures. This Agreement explicitly replaces the prior 2005 agreement between Canada and the European Community on the same subject.

For practical use, several provisions stand out as particularly important. The core purpose is strictly limited to preventing, detecting, investigating, or prosecuting terrorist offences and serious transnational crime (Article 3). The specific list of PNR data elements that can be transferred is defined in the Annex; Canada must delete any other data received (Article 4(3)). Sensitive data (racial/ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, health, sex life) is prohibited from processing and must be deleted upon receipt (Article 8). Data security and integrity measures are mandatory, including encryption and access limitations (Article 9). Independent oversight authorities must be in place with effective powers (Article 10). Passengers have rights to transparency, access to their data, correction, and administrative and judicial redress (Articles 11, 12, 13, 14). Automated processing is allowed but with strict conditions and cannot be the sole basis for decisions significantly affecting an individual (Article 15). Data retention is limited to five years, with identifying information masked after 30 days, and strict conditions for unmasking (Article 16). Disclosure of PNR data to other authorities, either within Canada or in non-EU countries, is subject to stringent conditions, including necessity, data minimisation, and equivalent protection standards (Articles 19, 20). The transfer method must be the “push method” by air carriers (Article 21), and the frequency of transfers is specified (Article 22).

Leave a comment

E-mail
Password
Confirm Password
Lexcovery
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.