This Regulation lays down the rules concerning the infrastructure and specific processes and procedures of the CBAM registry.
資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex
Commission Implementing Regulation (EU) 2024/3210 of 18 December 2024 laying down rules for the application of Regulation (EU) 2023/956 of the European Parliament and of the Council as regards the CBAM registry
For the purposes of this Regulation, the following definitions shall apply:
(1)
‘national component’ means a component of the electronic systems developed at national level, which is available in the Member State that created it;
(2)
‘trans-European system’ means a collection of collaborating systems with responsibilities distributed across the national administrations and the Commission, and developed in cooperation with the Commission;
(3)
‘applicant’ means an importer, or indirect customs representative, who applies for the status of authorised CBAM declarant.
1. The CBAM registry shall be a standardised and secure electronic database containing data elements of CBAM accounts, CBAM declarations, of applications with a view to obtain the status of CBAM declarants, of the registration of operators, of the verification reports issued by accredited verifiers, and providing access, case handling and confidentiality.
2. The CBAM registry shall enable communication, notification, registration, checks and information exchanges between the Commission, the competent authorities, customs authorities and authorised CBAM declarants, applicants, persons for whom the status of authorised CBAM declarants was revoked, and operators.
3. The CBAM registry shall allow for the analytical tasks inherent in CBAM risk-analysis functions that the Commission shall perform.
4. The Commission shall be the system owner of the CBAM registry.
1. The CBAM registry shall consist of the following components:
(a)
the CBAM Declarants Portal (CBAM DP);
(b)
the CBAM National Competent Authorities Portal (CBAM NCA);
(c)
the CBAM European Commission Portal (CBAM COM);
(d)
the CBAM Operators Portal (CBAM Operator).
2. The competent authority of the Member State of establishment of the authorised CBAM declarant, and the competent authority in charge of a person other than an authorised CBAM declarant introducing goods into the customs territory of the Union in the cases pursuant to Article 26(2) of the Regulation (EU) 2023/956, shall communicate the decisions on penalties to the Commission via the CBAM registry.
1. The CBAM registry shall be interoperable with the following systems:
(a)
the Uniform User Management and Digital Signature (UUM&DS) system for users’ registration and access management referred to in Article 16 of Implementing Regulation (EU) 2023/1070 for the Member States, the Commission, the authorised CBAM declarants, the applicants and persons holding a revoked authorisation;
(b)
the Economic Operator Registration and Identification (EORI) system referred to in Article 30 of Implementing Regulation (EU) 2023/1070 enabling that the EORI data laid out in Annex I to this Regulation is cross-checked;
(c)
the Surveillance system, developed through the UCC Surveillance 3 (SURV3) referred to in Article 99 of Implementing Regulation (EU) 2023/1070;
(d)
the Integrated Tariff of the European Union (TARIC) referred to in Regulation (EEC) No 2658/87;
(e)
the Customs Risk Management System as referred to in Article 36 of Implementing Regulation (EU) 2015/2447 and as referred to in Article 69 of the Implementing Regulation (EU) 2023/1070.
2. The CBAM registry shall allow digital cooperation via the EU Single Window Environment for Customs referred to in Article 3 Regulation (EU) 2022/2399.
The Commission and competent authorities shall designate contact points for each of the components and systems referred to in Articles 4 and 5 for exchanging information to ensure a coordinated development, operation, and maintenance of those components. The competent authorities may use existing contact points.
The Commission and Member States shall communicate the details of the contact points to each other and shall inform each other immediately of any changes to those details.
The Commission shall propose the terms of collaboration, service level agreements and a security plan, which shall be subject to the agreement with the competent authorities. The Commission shall operate the CBAM registry in compliance with the terms of collaboration.
1. The authentication and access verification of the authorised CBAM declarants, applicants, and persons for whom the status of authorised CBAM declarants was revoked, for the purposes of access to the components of the CBAM registry, shall be performed using the UUM&DS system.
2. The Commission shall provide the authentication services allowing the users of the CBAM registry to securely access the registry.
3. The Commission shall use UUM&DS to authorise and grant access to the CBAM registry to its staff.
4. The competent authority of a Member State shall use UUM&DS to authorise and grant access to the CBAM registry to its staff, to authorised CBAM declarants, to applicants, and to persons for whom the status of authorised CBAM declarant was revoked, that are established in that Member State.
5. The competent authority of a Member State may use an identification and access management system set up in that Member State (national Customs eIDAS system) to provide the necessary credentials to access the CBAM registry.
6. The applicant, the authorised CBAM declarant, or persons for whom the status of authorised CBAM declarants was revoked, may delegate access to the CBAM registry to persons acting on their behalf. Delegators shall remain responsible for performing their obligations laid down in Regulation (EU) 2023/956.
1. The CBAM Declarants Portal shall be the unique entry point to the CBAM registry for authorised CBAM declarants and for applicants. The portal shall be available on the internet.
2. The CBAM Declarants Portal shall be used for the following actions:
(a)
applications for the status of authorised CBAM declarant and for the revocation of that status;
(b)
submissions of the CBAM declarations;
(c)
notifications and communication related to CBAM obligations, including CBAM declaration management.
3. Access to the CBAM Declarants Portal shall be managed in accordance with Article 8.
1. The CBAM Operators Portal shall be the unique entry point to the CBAM registry for operators. The portal shall be accessible from the internet.
2. The CBAM Operators Portal shall be used by operators in accordance with Article 10 of Regulation (EU) 2023/956 for the following actions:
(a)
registering the information on that operator and on its installations;
(b)
registering the information on the goods produced by an installation;
(c)
registering the emission data and verification reports;
(d)
receiving notifications and communication related to their registration and use of information in the CBAM registry.
3. An operator shall submit a request to the Commission to be assigned a profile to obtain access the CBAM Operators Portal. That request shall be accompanied by supporting documents demonstrating the operator’s legal registration or proof of activity in the third country of establishment, including name, address, contact information, and national corporate or activity registration number. That request shall be accompanied by evidence demonstrating that the person submitting the request is authorised to act on behalf of the operator and by documents proving that person’s identity. Where the supporting documents are sufficient to attest to the accuracy of the information contained therein, the Commission shall assign the requested profile to the requesting operator.
4. The operator shall use the EU Access central service operated by the Commission to request the access the CBAM registry.
1. The CBAM National Competent Authorities Portal shall be the unique entry point to the CBAM registry for the competent authorities. The portal shall be accessible from the internet.
2. The CBAM National Competent Authorities Portal shall be used to carry out the tasks laid down in Regulation (EU) 2023/956, which shall include notifications and communication.
3. The CBAM registry shall allow the transfer of necessary data to and from the registry to allow the competent authorities to fulfil their obligations.
4. Access to the CBAM Competent Authorities Portal shall be managed in accordance with Article 8.
1. The CBAM European Commission Portal shall be the unique entry point to the CBAM registry for the Commission.
2. The CBAM European Commission Portal shall be used by the Commission to perform the tasks laid down in Regulation (EU) 2023/956.
3. Access to the CBAM European Commission Portal shall be managed in accordance with Article 8.
Member States shall set up a new UUM&DS identity and access management system or use their own existing customs UUM&DS for the following functions:
(a)
secure registration and storage of identification data of authorised CBAM declarants, applicants and other persons having access to the CBAM registry;
(b)
secure exchange of signed and encrypted identification data of authorised CBAM declarants, applicants and other persons having access to the CBAM registry.
1. The CBAM registry’s components shall be developed, tested, deployed and managed by the Commission, and may be tested by Member States.
2. The Commission shall design and maintain the common specifications of the interfaces listed in Articles 4, 5 and 11 in close cooperation with Member States.
3. Where appropriate, the Commission shall define common technical specifications in close cooperation with, and subject to review by, the competent authorities, with a view to deploying them in due time. The Commission and Member States shall collaborate with CBAM declarants, applicants and other stakeholders.
4. In collaboration with the competent authorities, the Commission shall conduct testing and validation of the interoperability between the CBAM registry and the systems as referred to in Article 5 to ensure that data is cross-checked accurately, efficiently and confidentially.
1. The Commission shall perform the maintenance of the CBAM registry.
2. The Commission shall update the components of the CBAM registry to correct malfunctions, and may add new functionalities or alter existing ones.
3. The Commission shall inform the competent authorities, the authorised CBAM declarants and the operators in advance of changes and updates to the components of the CBAM registry.
1. In the event of a temporary failure of the CBAM registry, CBAM declarants and applicants shall submit the information required to comply with their obligations in relation to CBAM obligations under Regulation (EU) 2023/956 by the means specified in the CBAM business continuity plan.
2. The Commission shall inform the competent authorities about any major unavailability of the CBAM registry which will impact the availability levels defined in the Service Level Agreements referred to in Article 7.
3. The Commission shall inform the authorised CBAM declarants and operators on requirements, major updates and long-lasting unavailability of the CBAM registry in accordance with the CBAM business continuity plan.
1. The Commission shall support the competent authorities in the use and functioning of the components of the CBAM registry by providing training and communication material.
2. The competent authorities shall provide the national service desk support to authorised CBAM declarants and applicants.
The personal data registered in the CBAM registry, and the components of electronic systems developed at national level, shall be processed by the competent authorities and the Commission for the following purposes:
(a)
authentication purposes and access management;
(b)
application processing and management;
(c)
submission and management of CBAM declarations;
(d)
monitoring, checks and review of CBAM declarations;
(e)
operator and verifier management;
(f)
CBAM certificates management;
(g)
communication and notifications;
(h)
for ensuring compliance;
(i)
functioning of the IT infrastructure, including interoperability with national systems and trans-European decentralised systems under this Regulation;
(j)
statistics and review of the functioning of Regulation (EU) 2023/956;
(k)
risk analysis and circumvention monitoring;
(l)
verification that the importation of goods and the re-export of goods, in the cases provided for in Article 2(2) of Regulation (EU) 2023/956 is performed by an authorised CBAM declarant.
1. The Commission shall be the controller for:
(a)
the processing of personal data for the access management for the Commission Portal in accordance with Article 12 of this Regulation;
(b)
the processing of personal data registered in the CBAM Operators Portal;
(c)
the use, validation and retrieving of EORI or other data for the purpose of the risk analysis and circumvention monitoring as provided for in Articles 15, and 27 of Regulation (EU) 2023/956.
2. The competent authority shall be the controller for:
(a)
the personal data processing to take decisions on the granting and revocation of authorisations of CBAM declarants in accordance with Regulation (EU) 2023/956;
(b)
the personal data processing to take decisions regarding penalties in accordance with Article 26 of Regulation (EU) 2023/956;
(c)
the processing of personal data for the access management of declarants established within their Member State in accordance with Articles 8, 11 and 13 of this Regulation;
(d)
the processing of personal data of accredited verifiers.
3. The competent authority and the Commission shall be joint controllers for:
(a)
management of the CBAM registry;
(b)
the personal data processing for the management of CBAM declarations in accordance with Regulation (EU) 2023/956;
(c)
the personal data processing for the CBAM certificates management in accordance with Regulation (EU) 2023/956.
Where a controller receives a data subject request that does not fall under its responsibility in accordance with Article 19, it shall forward that request promptly and at the latest within 3 working days from the receipt to the responsible controller.
1. All information held in the CBAM registry shall be considered confidential.
The authorised CBAM declarants and applicants may access their personal data registered in the CBAM registry after their registration in the registry.
2. The operators may access their personal data registered in the CBAM registry after their registration in the CBAM registry. In accordance with Article 10 of Regulation (EU) 2023/956, authorised CBAM declarants may access personal data registered by operators in the CBAM registry or otherwise process those data, where authorisation in that respect was granted by the operators.
3. The Commission and the competent authorities may access and otherwise process the personal data and other data from Customs Import Declarations for goods not listed in Annex I to Regulation (EU) 2023/956 in accordance with Articles 15, 19 and 27 of Regulation (EU) 2023/956.
The Commission and the competent authorities may access and otherwise process the data from the EORI system, in accordance with Articles 15, 19 and 27 of Regulation (EU) 2023/956.
1. The Commission shall implement appropriate technical and organisational measures for the system security following consultations with competent authorities.
2. The competent authorities shall implement appropriate organisational measures for the system security.
3. The technical measures and organisational measures referred to in paragraphs 1 and 2 of this Article shall be designed to:
(a)
ensure the security, integrity, confidentiality, availability and continuity of the personal data processed;
(b)
protect against any unauthorised or unlawful processing, alteration, loss, use, disclosure of, or access to any personal data in their possession;
(c)
restrict disclosure or access to personal data to anyone other than the intended recipients in accordance with this Regulation and Regulation (EU) 2023/956.
4. The Commission and the competent authorities shall notify each other and provide assistance in case of critical security incidents activating the CBAM business continuity plan when such incidents imply a personal data breach in the meaning of Article 4(12) of Regulation (EU) 2016/679 and Article 3(16) of the Regulation (EU) 2018/1725.
5. The Commission shall conduct regular assessments of the components of the CBAM registry and shall analyse the security and integrity of those components and the confidentiality of the data processed within those components.
1. When processing personal data for the purposes listed in Article 18, the competent authorities and the Commission shall retain the data only for the time necessary to achieve the purpose, and for a maximum of 7 years from the registering of the personal data in the CBAM registry.
2. Notwithstanding paragraph 1, where an appeal has been lodged or where court proceedings have begun involving data stored in the CBAM registry, those data shall be retained until the appeal procedure or court proceedings are terminated and shall only be used for the purpose of the appeal procedure or court proceedings.
This Regulation shall enter into force on the day following that of its publication in the Official Journal of the European Union .
It shall apply from 31 December 2024.
Schedules & Appendices
ANNEX
Economic Operators Registration and Identification (EORI) data
Table
Customer Identification
EORI country + EORI national number
EORI country
EORI start date
EORI expiry date
Customs Customer Information
EORI short name
EORI full name
EORI language
EORI establishment date
EORI person type
EORI economic activity
List of EORI establishment addresses
Establishment addresses
EORI address
EORI language
EORI name
Establishment in Union
Facility address
EORI address start date
EORI address end date
VAT or TIN numbers
‘VAT’ or ‘TIN’
EORI legal status
EORI legal status language
EORI legal status
EORI legal status begin date & end date
Contact list
Contact
EORI contact address
EORI contact language
EORI contact full name
EORI contact name
Publication agreement flag
Address fields description
Street and number
Postcode
City
Country code
List of communication details
Communication type
Cite this act
Commission Implementing Regulation (EU) 2024/3210 of 18 December 2024 laying down rules for the application of Regulation (EU) 2023/956 of the European Parliament and of the Council as regards the CBAM registry (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32024R3210
© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.
本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com