Eu Legislation

Establishment of the Visa Information System (VIS) - stage 2



Proposal for a Regulation of the European Parliament and of the Council concerning the Visa Information System (VIS) and the exchange of data between the Member States on short stay visas [COM(2005) 835 final - Not published in the Official Journal].


The purpose of the VIS is to improve the administration of the common visa policy, consular cooperation and consultation between the central consular authorities by:

  • preventing threats to internal security in the Member States;
  • preventing the bypassing of the criteria established by the Dublin II Regulation ;
  • facilitating the fight against documentary fraud;
  • facilitating checks at external border checkpoints;
  • assisting in the return of illegal immigrants.

Only the following categories of data will be recorded in the VIS:

  • alphanumeric data on the applicant and on visas requested, issued, refused, annulled, revoked or extended;

Access to the VIS:

  • for entering, amending or deleting data, access will be reserved exclusively to duly authorised staff of the visa authorities;
  • for consulting data, access will be reserved exclusively to duly authorised staff of the authorities responsible for visas, checks at the external borders and those responsible for immigration and asylum, and will be limited to the extent the data is required for the performance of their tasks.

Each Member State will communicate to the Commission a list of the competent authorities whose staff are authorised to access, amend, delete or consult data in the VIS.

Access to data by the visa authorities

On receipt of an application, the visa authority will create the application file without delay by entering into the VIS a set of data including status information indicating that a visa has been requested, the authority with which the application has been lodged, name and nationality, and place and date of application.

If consultation between central authorities is required by any of the Member States, it will enter additional data, such as the main destination and duration of the intended stay, and the date of arrival and departure.

Where a decision has been taken to issue a visa, it will add other data, such as status information indicating that the visa has been issued, date and place of issuance, type of visa and number of the visa sticker.

Special data must also be entered if a decision has been taken to refuse to examine an application or grant or extend a visa, or to annul or revoke a visa.

Use of the data by the visa authorities

The competent visa authority will consult the VIS for the purposes of the examination of applications and decisions to refuse, extend, annul or revoke a visa. It is authorised to carry out searches using the application number, surname, surname at birth, first names, sex, date, place and country of birth, information on the travel document, name of the person issuing an invitation or liable to pay living costs during the stay, photographs, fingerprints and number of the visa sticker.

If the search using any of the data indicates that data on the applicant is recorded in the VIS, the visa authority will be given access to the application file.

The Member State responsible for examining the application will transmit the consultation request with the application number to the VIS, indicating the Member State or Member States to be consulted. They will send the response to the VIS, which will forward it to the requesting Member State.

The visa authorities will be authorised to consult, solely for statistical purposes, the status information, the competent authorities, the nationality of the applicant, the border of first entry, the date and place of the application or the decision concerning the visa, the type of visa requested or issued, the type of travel document, the grounds indicated for any decision concerning the visa or visa application, and the competent authority which refused any previous visa application.

The authorities responsible for carrying out checks at external borders will have access to search with the following data, solely for the purpose of verifying the identity of the person and/or the authenticity of the visa: type and number of travel document, the authority which issued it and the date of issuance, data on the travel document, photographs, fingerprints and visa sticker number.

The immigration authorities will have access to search with the above-mentioned data, solely for the purposes of the identification and return of illegal immigrants: type and number of travel document, the authority which issued the document and date of issuance, photographs and fingerprints. The asylum authorities will have access to the search with the same data solely for the purpose of determining the Member State responsible for examining an asylum application.

Operation and responsibilities

The Commission will be responsible for establishing and operating the Central Visa Information System and the communication infrastructure between the Central Visa Information System and the national interfaces.

The VIS will be connected to the national system of each Member State via the national interface in the Member State concerned.

Each Member State will be responsible for:

  • the development, organisation, management, operation and maintenance of its national system;
  • the management and arrangements for access of duly authorised staff of its competent national authority to the VIS in accordance with the Regulation;
  • bearing the costs incurred by its national system.

It will ensure that the data is processed lawfully.

The Commission will:

  • take the necessary measures to ensure the security of the Central Visa Information System and the communication infrastructure;
  • ensure that only duly authorised staff have access to data processed in the VIS.

The Member State responsible will ensure the security of the data before and during the transmission to its national interface. Each Member State will take the necessary measures, in particular to prevent:

  • any unauthorised person having access to national installations;
  • data being read, copied, modified or deleted by unauthorised persons.

The Commission will take equivalent measures regarding the operation of the VIS.

Any person who, or Member State which, has suffered damage as a result of an unlawful processing operation will be entitled to receive compensation from the Member State responsible for the damage suffered.

Each Member State and the Commission will keep records of all data processing operations within the VIS. These records may be used only for the data-protection monitoring of the admissibility of the data processing as well as to ensure data security. The records must be deleted after a period of one year after the retention period.

The Member States will lay down the rules on penalties applicable to infringements of this Regulation. The penalties provided for must be effective, proportionate and dissuasive.

Data protection

Each application file will be stored in the VIS for five years. Only the Member State responsible will have the right to amend or delete data which it has transmitted to the VIS.

The Member State responsible will provide the persons concerned with information on the identity of the controller responsible for the processing, the purposes for which the data will be processed within the VIS, the recipients of the data and the existence of the right of access to, and the right to rectify, the data.

Any person shall be entitled to:

  • obtain communication of the data relating to him recorded in the VIS and of the Member State which transmitted it to the VIS; such access to data may be granted only by a Member State;
  • request that data relating to him which is inaccurate be corrected or that data recorded unlawfully be deleted.

Each Member State must require a national supervisory authority established in accordance with Directive 95/46/EC to monitor the lawfulness of the processing of personal data. The European Data Protection Supervisor will monitor the activities of the Commission.

The Member States' authorities will cooperate actively to enforce the rights provided for by the Regulation.

In each Member State any person will have the right to bring an action or a complaint before the competent courts of that Member State if he is refused the right of access to, or the right of correction or deletion of, data relating to him.


The further development and establishment of the VIS requires the putting in place of a comprehensive legal framework. The objective of this proposal is to define the purpose and modus operandi of the VIS. It follows on from the Council Decision of 8 June 2004, which:

  • constitutes the required legal basis to allow for the inclusion in the budget of the European Communities of the necessary appropriations for the development of the VIS;
  • defines the architecture of the system; and
  • gives the Commission the mandate to develop the VIS at technical level.



Official Journal


COM(2005) 835


COD consultation/2004/0287


Commission Decision No 2006/752 of 3 November 2006 establishing the sites for the Visa Information System during the development phase [Official Journal L305 of 04.11.2006].

This Decision specifies that during the development of the system, the central unit of the VIS will be located in Strasbourg, France.

The backup unit will be located in Santkt Johann in Pongau, Austria.

Last updated: 12.10.2007