(fra kommisjonsbeslutningen)

(1) Regulation (EU) 2023/969 established a collaboration platform to support the functioning of joint investigation teams (‘the JITs collaboration platform’, or ‘the platform’). The Regulation also laid down rules on the division of responsibilities between the JITs collaboration platform users, the conditions under which those users may be granted access to the platform, as well as specific provisions on data protection necessary to supplement the existing data protection arrangements.

(2) Before the JITs collaboration platform is developed, it is necessary to adopt a number of measures for its technical implementation and, in particular, on the platform’s functionalities required for the coordination and management of a JIT and for secure communications, specifications of the connection between the centralised information system and the relevant IT tools that support the functioning of JITs and are managed by the JITs Network Secretariat, security aspects, logs, information and statistics, as well as performance and availability requirements.

(3) Based on those measures, the European Union Agency for the Operational Management of Large-Scale IT systems in the Area of Freedom, Security and Justice (eu-LISA), which is responsible for the design and development of the platform, should then be able to design the physical architecture of the JITs collaboration platform, including its technical specifications.

(4) To ensure the confidentiality and security of investigations, the platform should consist of isolated JIT collaboration spaces, each of them representing one individual JIT. The platform should not allow any interactions between these individual JIT collaboration spaces.

(5) Access to the functionalities of the platform should be determined through user profiles assigned to all individual JITs collaboration platform users.

(6) Once eu-LISA has received the respective JIT agreement, including any appendices, it should initiate the process of creating the new JIT collaboration space for that JIT, and grant access to the future JIT collaboration space to the Member State administrator or administrators, and the EPPO administrator or administrators. Afterwards, each Member State administrator or each EPPO administrator should be able to create the relevant JIT collaboration space.

(7) To ensure appropriate management of the JIT collaboration spaces, each JIT collaboration space should allow for the designation of one or several Member State administrator or administrators, and EPPO administrator or administrators, each representing one or more Member States, who should have equal rights as regards managing the rights of the JITs collaboration platform users.

(8) Within the rules set out in the JIT agreement, the Member State administrator or administrators, the EPPO administrator or administrators, or the JITs Network Secretariat administrator or administrators, may change the user profiles of the individual JITs collaboration platform users, or grant or remove their access to the relevant JIT collaboration space.

(9) eu-LISA, in consultation with the JITs CP Advisory Group, should set out the business and technical specifications of the centralised information system’s and communication software’s functionalities, as well as of the connection between the centralised information system and the relevant IT tools that support the functioning of JITs and are managed by the JITs Network Secretariat.

(10) The ‘evidence traceability’ functionality should allow keeping track of all evidence exchanged through the JITs collaboration platform, including its access and processing. Enabling or disabling the ‘evidence traceability’ functionality should not affect the technical logs provided for in Article 25 of Regulation (EU) 2023/969 and Article 9 of this Decision.

(11) Since the platform should ensure a high level of security, eu-LISA should take all necessary technical and organisational measures to quickly and effectively handle any suspicious activity and security incidents.

(12) The platform should contain a centralised log repository, accessible only to eu-LISA, to securely store and monitor infrastructure and technical logs.

(13) To ensure that the use of the platform is monitored, it should automatically produce daily statistics. The statistics should not contain any personal data or make it possible to identify individual JITs collaboration platform users or the data they exchange.

(14) To ensure the platform’s reliability, the availability ratio of the centralised information system and the communication software should be at least 97,6 %, calculated over a calendar year.

(15) To get the necessary assistance, the JITs collaboration platform users should be able, via the centralised information system, to submit technical support requests to eu-LISA, and business support requests to the JITs Network Secretariat.

(16) In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark did not take part in the adoption of Regulation (EU) 2023/969 and is not bound by it or subject to its application. Denmark is therefore not bound by this Decision or subject to its application.

(17) Ireland is bound by Regulation (EU) 2023/969 and is therefore taking part in the adoption of this Decision.

(18) The European Data Protection Supervisor delivered an opinion on 17 March 2025.

(19) The measures provided for in this Decision are in accordance with the opinion of the Joint Investigation Teams Collaboration Platform Committee,