法律人 LawPlayer logo

資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex

Regulation

Commission Implementing Regulation (EU) 2024/3210 of 18 December 2024 laying down rules for the application of Regulation (EU) 2023/956 of the European Parliament and of the Council as regards the CBAM registry

CELEX
Implementing Regulation (EU) 2024/3210
Date of document
Articles
25
Source
EUR-Lex
Article 1Subject matter

This Regulation lays down the rules concerning the infrastructure and specific processes and procedures of the CBAM registry.

Article 2Definitions

For the purposes of this Regulation, the following definitions shall apply:

(1)

‘national component’ means a component of the electronic systems developed at national level, which is available in the Member State that created it;

(2)

‘trans-European system’ means a collection of collaborating systems with responsibilities distributed across the national administrations and the Commission, and developed in cooperation with the Commission;

(3)

‘applicant’ means an importer, or indirect customs representative, who applies for the status of authorised CBAM declarant.

Article 3Functions of the CBAM registry

1.   The CBAM registry shall be a standardised and secure electronic database containing data elements of CBAM accounts, CBAM declarations, of applications with a view to obtain the status of CBAM declarants, of the registration of operators, of the verification reports issued by accredited verifiers, and providing access, case handling and confidentiality.

2.   The CBAM registry shall enable communication, notification, registration, checks and information exchanges between the Commission, the competent authorities, customs authorities and authorised CBAM declarants, applicants, persons for whom the status of authorised CBAM declarants was revoked, and operators.

3.   The CBAM registry shall allow for the analytical tasks inherent in CBAM risk-analysis functions that the Commission shall perform.

4.   The Commission shall be the system owner of the CBAM registry.

Article 4Structure of the CBAM registry

1.   The CBAM registry shall consist of the following components:

(a)

the CBAM Declarants Portal (CBAM DP);

(b)

the CBAM National Competent Authorities Portal (CBAM NCA);

(c)

the CBAM European Commission Portal (CBAM COM);

(d)

the CBAM Operators Portal (CBAM Operator).

2.   The competent authority of the Member State of establishment of the authorised CBAM declarant, and the competent authority in charge of a person other than an authorised CBAM declarant introducing goods into the customs territory of the Union in the cases pursuant to Article 26(2) of the Regulation (EU) 2023/956, shall communicate the decisions on penalties to the Commission via the CBAM registry.

Article 5Interoperability with customs systems

1.   The CBAM registry shall be interoperable with the following systems:

(a)

the Uniform User Management and Digital Signature (UUM&DS) system for users’ registration and access management referred to in Article 16 of Implementing Regulation (EU) 2023/1070 for the Member States, the Commission, the authorised CBAM declarants, the applicants and persons holding a revoked authorisation;

(b)

the Economic Operator Registration and Identification (EORI) system referred to in Article 30 of Implementing Regulation (EU) 2023/1070 enabling that the EORI data laid out in Annex I to this Regulation is cross-checked;

(c)

the Surveillance system, developed through the UCC Surveillance 3 (SURV3) referred to in Article 99 of Implementing Regulation (EU) 2023/1070;

(d)

the Integrated Tariff of the European Union (TARIC) referred to in Regulation (EEC) No 2658/87;

(e)

the Customs Risk Management System as referred to in Article 36 of Implementing Regulation (EU) 2015/2447 and as referred to in Article 69 of the Implementing Regulation (EU) 2023/1070.

2.   The CBAM registry shall allow digital cooperation via the EU Single Window Environment for Customs referred to in Article 3 Regulation (EU) 2022/2399.

Article 6Contact points for the electronic systems

The Commission and competent authorities shall designate contact points for each of the components and systems referred to in Articles 4 and 5 for exchanging information to ensure a coordinated development, operation, and maintenance of those components. The competent authorities may use existing contact points.

The Commission and Member States shall communicate the details of the contact points to each other and shall inform each other immediately of any changes to those details.

Article 7Terms of collaboration in the CBAM registry

The Commission shall propose the terms of collaboration, service level agreements and a security plan, which shall be subject to the agreement with the competent authorities. The Commission shall operate the CBAM registry in compliance with the terms of collaboration.

Article 8CBAM User Access Management

1.   The authentication and access verification of the authorised CBAM declarants, applicants, and persons for whom the status of authorised CBAM declarants was revoked, for the purposes of access to the components of the CBAM registry, shall be performed using the UUM&DS system.

2.   The Commission shall provide the authentication services allowing the users of the CBAM registry to securely access the registry.

3.   The Commission shall use UUM&DS to authorise and grant access to the CBAM registry to its staff.

4.   The competent authority of a Member State shall use UUM&DS to authorise and grant access to the CBAM registry to its staff, to authorised CBAM declarants, to applicants, and to persons for whom the status of authorised CBAM declarant was revoked, that are established in that Member State.

5.   The competent authority of a Member State may use an identification and access management system set up in that Member State (national Customs eIDAS system) to provide the necessary credentials to access the CBAM registry.

6.   The applicant, the authorised CBAM declarant, or persons for whom the status of authorised CBAM declarants was revoked, may delegate access to the CBAM registry to persons acting on their behalf. Delegators shall remain responsible for performing their obligations laid down in Regulation (EU) 2023/956.

Article 9CBAM Declarants Portal

1.   The CBAM Declarants Portal shall be the unique entry point to the CBAM registry for authorised CBAM declarants and for applicants. The portal shall be available on the internet.

2.   The CBAM Declarants Portal shall be used for the following actions:

(a)

applications for the status of authorised CBAM declarant and for the revocation of that status;

(b)

submissions of the CBAM declarations;

(c)

notifications and communication related to CBAM obligations, including CBAM declaration management.

3.   Access to the CBAM Declarants Portal shall be managed in accordance with Article 8.

Article 10CBAM Operators Portal

1.   The CBAM Operators Portal shall be the unique entry point to the CBAM registry for operators. The portal shall be accessible from the internet.

2.   The CBAM Operators Portal shall be used by operators in accordance with Article 10 of Regulation (EU) 2023/956 for the following actions:

(a)

registering the information on that operator and on its installations;

(b)

registering the information on the goods produced by an installation;

(c)

registering the emission data and verification reports;

(d)

receiving notifications and communication related to their registration and use of information in the CBAM registry.

3.   An operator shall submit a request to the Commission to be assigned a profile to obtain access the CBAM Operators Portal. That request shall be accompanied by supporting documents demonstrating the operator’s legal registration or proof of activity in the third country of establishment, including name, address, contact information, and national corporate or activity registration number. That request shall be accompanied by evidence demonstrating that the person submitting the request is authorised to act on behalf of the operator and by documents proving that person’s identity. Where the supporting documents are sufficient to attest to the accuracy of the information contained therein, the Commission shall assign the requested profile to the requesting operator.

4.   The operator shall use the EU Access central service operated by the Commission to request the access the CBAM registry.

Article 11CBAM National Competent Authorities Portal

1.   The CBAM National Competent Authorities Portal shall be the unique entry point to the CBAM registry for the competent authorities. The portal shall be accessible from the internet.

2.   The CBAM National Competent Authorities Portal shall be used to carry out the tasks laid down in Regulation (EU) 2023/956, which shall include notifications and communication.

3.   The CBAM registry shall allow the transfer of necessary data to and from the registry to allow the competent authorities to fulfil their obligations.

4.   Access to the CBAM Competent Authorities Portal shall be managed in accordance with Article 8.

Article 12CBAM European Commission Portal

1.   The CBAM European Commission Portal shall be the unique entry point to the CBAM registry for the Commission.

2.   The CBAM European Commission Portal shall be used by the Commission to perform the tasks laid down in Regulation (EU) 2023/956.

3.   Access to the CBAM European Commission Portal shall be managed in accordance with Article 8.

Article 13Member States’ identity and access management systems

Member States shall set up a new UUM&DS identity and access management system or use their own existing customs UUM&DS for the following functions:

(a)

secure registration and storage of identification data of authorised CBAM declarants, applicants and other persons having access to the CBAM registry;

(b)

secure exchange of signed and encrypted identification data of authorised CBAM declarants, applicants and other persons having access to the CBAM registry.

Article 14Development, testing, deployment and management of the CBAM registry

1.   The CBAM registry’s components shall be developed, tested, deployed and managed by the Commission, and may be tested by Member States.

2.   The Commission shall design and maintain the common specifications of the interfaces listed in Articles 4, 5 and 11 in close cooperation with Member States.

3.   Where appropriate, the Commission shall define common technical specifications in close cooperation with, and subject to review by, the competent authorities, with a view to deploying them in due time. The Commission and Member States shall collaborate with CBAM declarants, applicants and other stakeholders.

4.   In collaboration with the competent authorities, the Commission shall conduct testing and validation of the interoperability between the CBAM registry and the systems as referred to in Article 5 to ensure that data is cross-checked accurately, efficiently and confidentially.

Article 15Maintenance of the CBAM registry and changes thereto

1.   The Commission shall perform the maintenance of the CBAM registry.

2.   The Commission shall update the components of the CBAM registry to correct malfunctions, and may add new functionalities or alter existing ones.

3.   The Commission shall inform the competent authorities, the authorised CBAM declarants and the operators in advance of changes and updates to the components of the CBAM registry.

Article 16Temporary failure of the CBAM registry

1.   In the event of a temporary failure of the CBAM registry, CBAM declarants and applicants shall submit the information required to comply with their obligations in relation to CBAM obligations under Regulation (EU) 2023/956 by the means specified in the CBAM business continuity plan.

2.   The Commission shall inform the competent authorities about any major unavailability of the CBAM registry which will impact the availability levels defined in the Service Level Agreements referred to in Article 7.

3.   The Commission shall inform the authorised CBAM declarants and operators on requirements, major updates and long-lasting unavailability of the CBAM registry in accordance with the CBAM business continuity plan.

Article 17Training and support on the use and functioning of the CBAM registry

1.   The Commission shall support the competent authorities in the use and functioning of the components of the CBAM registry by providing training and communication material.

2.   The competent authorities shall provide the national service desk support to authorised CBAM declarants and applicants.

Article 18Personal data protection

The personal data registered in the CBAM registry, and the components of electronic systems developed at national level, shall be processed by the competent authorities and the Commission for the following purposes:

(a)

authentication purposes and access management;

(b)

application processing and management;

(c)

submission and management of CBAM declarations;

(d)

monitoring, checks and review of CBAM declarations;

(e)

operator and verifier management;

(f)

CBAM certificates management;

(g)

communication and notifications;

(h)

for ensuring compliance;

(i)

functioning of the IT infrastructure, including interoperability with national systems and trans-European decentralised systems under this Regulation;

(j)

statistics and review of the functioning of Regulation (EU) 2023/956;

(k)

risk analysis and circumvention monitoring;

(l)

verification that the importation of goods and the re-export of goods, in the cases provided for in Article 2(2) of Regulation (EU) 2023/956 is performed by an authorised CBAM declarant.

Article 19Specific role of the Commission and the competent authorities

1.   The Commission shall be the controller for:

(a)

the processing of personal data for the access management for the Commission Portal in accordance with Article 12 of this Regulation;

(b)

the processing of personal data registered in the CBAM Operators Portal;

(c)

the use, validation and retrieving of EORI or other data for the purpose of the risk analysis and circumvention monitoring as provided for in Articles 15, and 27 of Regulation (EU) 2023/956.

2.   The competent authority shall be the controller for:

(a)

the personal data processing to take decisions on the granting and revocation of authorisations of CBAM declarants in accordance with Regulation (EU) 2023/956;

(b)

the personal data processing to take decisions regarding penalties in accordance with Article 26 of Regulation (EU) 2023/956;

(c)

the processing of personal data for the access management of declarants established within their Member State in accordance with Articles 8, 11 and 13 of this Regulation;

(d)

the processing of personal data of accredited verifiers.

3.   The competent authority and the Commission shall be joint controllers for:

(a)

management of the CBAM registry;

(b)

the personal data processing for the management of CBAM declarations in accordance with Regulation (EU) 2023/956;

(c)

the personal data processing for the CBAM certificates management in accordance with Regulation (EU) 2023/956.

Article 20Responsibility of the controllers towards data subjects

Where a controller receives a data subject request that does not fall under its responsibility in accordance with Article 19, it shall forward that request promptly and at the latest within 3 working days from the receipt to the responsible controller.

Article 21Limitation of data access, data processing and confidentiality

1.   All information held in the CBAM registry shall be considered confidential.

The authorised CBAM declarants and applicants may access their personal data registered in the CBAM registry after their registration in the registry.

2.   The operators may access their personal data registered in the CBAM registry after their registration in the CBAM registry. In accordance with Article 10 of Regulation (EU) 2023/956, authorised CBAM declarants may access personal data registered by operators in the CBAM registry or otherwise process those data, where authorisation in that respect was granted by the operators.

3.   The Commission and the competent authorities may access and otherwise process the personal data and other data from Customs Import Declarations for goods not listed in Annex I to Regulation (EU) 2023/956 in accordance with Articles 15, 19 and 27 of Regulation (EU) 2023/956.

The Commission and the competent authorities may access and otherwise process the data from the EORI system, in accordance with Articles 15, 19 and 27 of Regulation (EU) 2023/956.

Article 22System security

1.   The Commission shall implement appropriate technical and organisational measures for the system security following consultations with competent authorities.

2.   The competent authorities shall implement appropriate organisational measures for the system security.

3.   The technical measures and organisational measures referred to in paragraphs 1 and 2 of this Article shall be designed to:

(a)

ensure the security, integrity, confidentiality, availability and continuity of the personal data processed;

(b)

protect against any unauthorised or unlawful processing, alteration, loss, use, disclosure of, or access to any personal data in their possession;

(c)

restrict disclosure or access to personal data to anyone other than the intended recipients in accordance with this Regulation and Regulation (EU) 2023/956.

4.   The Commission and the competent authorities shall notify each other and provide assistance in case of critical security incidents activating the CBAM business continuity plan when such incidents imply a personal data breach in the meaning of Article 4(12) of Regulation (EU) 2016/679 and Article 3(16) of the Regulation (EU) 2018/1725.

5.   The Commission shall conduct regular assessments of the components of the CBAM registry and shall analyse the security and integrity of those components and the confidentiality of the data processed within those components.

Article 23Data retention period

1.   When processing personal data for the purposes listed in Article 18, the competent authorities and the Commission shall retain the data only for the time necessary to achieve the purpose, and for a maximum of 7 years from the registering of the personal data in the CBAM registry.

2.   Notwithstanding paragraph 1, where an appeal has been lodged or where court proceedings have begun involving data stored in the CBAM registry, those data shall be retained until the appeal procedure or court proceedings are terminated and shall only be used for the purpose of the appeal procedure or court proceedings.

Article 24Entry into force and application

This Regulation shall enter into force on the day following that of its publication in the Official Journal of the European Union .

It shall apply from 31 December 2024.

Schedules & Appendices

ANNEXEconomic Operators Registration and Identification (EORI) data

ANNEX

Economic Operators Registration and Identification (EORI) data

Table

Customer Identification

EORI country + EORI national number

EORI country

EORI start date

EORI expiry date

Customs Customer Information

EORI short name

EORI full name

EORI language

EORI establishment date

EORI person type

EORI economic activity

List of EORI establishment addresses

Establishment addresses

EORI address

EORI language

EORI name

Establishment in Union

Facility address

EORI address start date

EORI address end date

VAT or TIN numbers

‘VAT’ or ‘TIN’

EORI legal status

EORI legal status language

EORI legal status

EORI legal status begin date & end date

Contact list

Contact

EORI contact address

EORI contact language

EORI contact full name

EORI contact name

Publication agreement flag

Address fields description

Street and number

Postcode

City

Country code

List of communication details

Communication type

25 articles

Cite this act

Commission Implementing Regulation (EU) 2024/3210 of 18 December 2024 laying down rules for the application of Regulation (EU) 2023/956 of the European Parliament and of the Council as regards the CBAM registry (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32024R3210

© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.

EU-EurLex-Reuse-2011-833

本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com