Kommisjonens gjennomføringsforordning (EU) 2024/3210 av 18. desember 2024 om fastsettelse av regler for gjennomføring av europaparlaments- og rådsforordning (EU) 2023/956 med hensyn til CBAM-registeret
EUs karbongrensejusteringsmekanisme (karbontoll) (CBAM): opprettelse av CBAM-registeret
Kommisjonsforordning publisert i EU-tidende 30.12.2024
Tidligere
- Utkast til forordning lagt fram av Kommisjonen 31.10.2024 med tilbakemeldingsfrist 28.11.2024
Bakgrunn
(fra kommisjonsforordningen)
(1) Regulation (EU) 2023/956 requires the Commission to establish, at Union level, a standardised and secure electronic database for CBAM certificates management, CBAM declarations, applications to become authorised CBAM declarants, a registration of operators and of installations in third countries (‘operators’), and for providing access, case handling while ensuring the confidentiality of information. The Commission already gained experience in setting up a registry for CBAM purposes when it implemented the CBAM Transitional Registry under the Commission Implementing Regulation (EU) 2023/1773 (2).
(2) In accordance with Regulation (EU) 2023/956, the Commission is to adopt implementing rules for the functioning of the CBAM registry.
(3) The CBAM registry should be the system for the filing and management of the CBAM declarations, including checks, indicative assessments, and review procedures. The CBAM registry should contain data on authorised CBAM declarants, applicants filing a request to be granted the status of authorised CBAM declarant (‘applicants’), operators, and accredited CBAM verifiers. The information about the operators shall be contained in a separate section of the CBAM registry. The CBAM registry should also include the IT infrastructure required to allow for the analytical tasks inherent in CBAM risk-analysis functions that the Commission is to perform.
(4) To ensure an accurate assessment of the reporting obligations, to provide customs authorities with access to CBAM data for the purposes of the verification of CBAM formalities during customs clearance, and to support the risk analysis and circumvention monitoring, including investigation in accordance with Articles 15, 19 and 27 of Regulation (EU) 2023/956, the CBAM registry should be interoperable with existing customs systems and should in particular exchange the data gathered by means of surveillance in accordance with Article 56(5) of Regulation (EU) No 952/2013 of the European Parliament and of the Council (3). The CBAM registry should therefore use standardised data exchanges with existing customs systems.
(5) In order to ensure an effective and uniform reporting system, technical arrangements for the functioning of the CBAM registry should be laid down. Such arrangements include arrangements for the development of the CBAM registry, interfaces, data protection, updating of data, limitation of data processing, system ownership and security, as well as testing and deployment, maintenance and potential modifications. Such arrangements should be compatible with the principle of data protection by design and by default, provided for in Article 27 of Regulation (EU) 2018/1725 of the European Parliament and of the Council (4) and Article 25 of Regulation (EU) 2016/679 of the European Parliament and of the Council (5), as well as with security of processing provided for in Article 33 of Regulation (EU) 2018/1725 and Article 32 of Regulation (EU) 2016/679.
(6) In order to secure the access to the CBAM registry, the Uniform User Management and Digital Signature (UUM&DS) system, as referred to in Article 16 of Commission Implementing Regulation (EU) 2023/1070 (6), should be used for managing the authentication and access verification process for applicants, authorised CBAM declarants, as well as the representatives of the competent authorities. For technical purposes, the applicants to become authorised CBAM declarants, the authorised CBAM declarants, or the persons for whom the status of authorised CBAM declarants was revoked, should be allowed to delegate access to a person acting on their behalf while at the same time remaining responsible for the performance of the obligations laid down in Regulation (EU) 2023/956.
(7) For the purpose of identifying applicants and authorised CBAM declarants with their Economic Operator Registration and Identification (EORI) numbers, the CBAM registry should be interoperable and exchange relevant data with the EORI system, as referred to in Article 30 of Implementing Regulation (EU) 2023/1070. That interoperability should also ensure an accurate assessment of the CBAM obligations and support the performance of risk analysis, review, and circumvention monitoring.
(8) For the purpose of retrieving the information on Customs Import Declarations for the goods listed in Annex I to Regulation (EU) 2023/956 and the information regarding those goods, and in order to conduct checks of the CBAM declarations and compliance with CBAM obligations for the purpose of risk analysis, review and circumvention monitoring referred to Articles 15, 19 and 27 of Regulation (EU) 2023/956, the CBAM registry should be interconnected with the Surveillance system, developed through the UCC Surveillance 3 (SURV3), as referred to in Article 99 of Implementing Regulation (EU) 2023/1070. That information should include the cases referred to in Article 2(2) of Regulation (EU) 2023/956.
(9) For the purpose of verifying that goods are only imported by an authorised CBAM declarant, and for verifying that the obligations were fulfilled for the goods or processed products referred to in Article 2(2) of Regulation (EU) 2023/956, the CBAM registry should be interconnected with the EU Single Window Environment, established in accordance with Article 3 of Regulation (EU) 2022/2399 of the European Parliament and of the Council (7).
(10) For checking and reporting purposes, together with risk analysis and circumvention monitoring, and reviews, in accordance with Articles 15, 19 and 27 of Regulation (EU) 2023/956, the national customs systems should provide the required information on imports and re-exports, as referred to in Commission Implementing Decision (EU) 2023/2879 (8). Where the national customs systems cannot provide the information through an automatic exchange the CBAM registry should enable the communication of the information directly in the CBAM registry. That information should include information on the import of goods listed in Annex I to Regulation (EU) 2023/956, the information on goods placed under inward processing, information on the release for free circulation of processed products with CBAM goods as input, and the information regarding the goods or processed products referred to in Article 2(2) of Regulation (EU) 2023/956.
(11) For identifying imported goods listed in Annex I to Regulation (EU) 2023/956 the classification of those goods in the Combined Nomenclature (‘CN’) set out in Council Regulation (EEC) No 2658/87 (9) should be used.
(12) For the purpose of exchanging risk information and risk analysis results between customs and the competent authorities and the Commission the CBAM registry should be interconnected with the Customs Risk Management System (CRMS2) as referred to in Article 36 of Commission Implementing Regulation (EU) 2015/2447 (10) and Article 69 of Implementing Regulation (EU) 2023/1070.
(13) In order to ensure the continuity of the system at all times, it is important to provide for alternative solutions to be implemented in the event of a temporary failure of the CBAM registry. To that effect, the Commission should lay down a CBAM business continuity plan.
(14) The competent authorities and the Commission process personal data registered on the CBAM Registry in line with their tasks as specified in Regulation (EU) 2023/956 and as such, for the management of the CBAM registry, of the declarations and of the CBAM certificates, they act as data controllers in the meaning of Article 26 of the Regulation (EU) 2016/679 and Article 28 of the Regulation (EU) 2018/1725. Personal data should be kept in a form which permits the identification of data subjects for no longer than necessary for the purposes for which personal data are processed. In this regard, the data retention period for the CBAM registry shall be limited to 7 years from the registration in the CBAM registry to enable the analysis of the functioning of CBAM and in particular the analysis of the conclusions drawn from the review of the CBAM declarations.
(15) This Regulation concerns the provision of a public service to facilitate cross-border access and management of CBAM regulated information and will abide by the requirements of the Interoperable Europe Act Regulation (EU) 2024/903 of the European Parliament and of the Council (11).
(16) IT development and procurement strategy choices will be subject to pre-approval by the European Commission Information Technology and Cybersecurity Board.
(17) In order to allow for its timely application, this Regulation should enter into force on the day following that of its publication in the Official Journal of the European Union.
(18) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 and delivered an opinion on 27 November 2024.
(19) The measures provided for in this Regulation are in accordance with the opinion of the CBAM Committee,