EPPO-LEX

The legal research library on the European Public Prosecutor's Office

Art. 44 EPPO Regulation

Relevant iRoP and other annotations

list

= EPPO-Regulation

list

= Relevant iRoP and other annotations

Article 44     |     Case management system

Article 71  |  Procedure in case of unavailability of the Case Management System

Where these rules refer to any action being undertaken by or through the Case Management System, and the Case Management System is not functioning properly, or technically unavailable, those actions shall be undertaken in a suitable manner capable of creating a permanent and reviewable record. Once the Case Management System is available again, any actions undertaken shall be updated within the system accordingly.

quill

See also Article 2 of College Decision 009/2020 concerning the processing of personal data

eye

Overview of CMS and EPPO case file:

1. The EPPO shall establish a case management system, which shall be held and managed in accordance with the rules established in this Regulation and in the internal rules of procedure of the EPPO.

2. The purpose of the case management system shall be to:

(a) support the management of investigations and prosecutions conducted by the EPPO, in particular by managing internal information workflows and by supporting investigative work in cross-border cases;

(b) ensure secure access to information on investigations and prosecutions at the Central Office and by the European Delegated Prosecutors;

(c) allow for the cross-referencing of information and the extraction of data for operational analysis and statistical purposes;

(d) facilitate monitoring to ensure that the processing of operational personal data is lawful and complies with the relevant provisions of this Regulation.

Article 46  |  Directing of the investigations

(…)

4. The instructions shall be entered in the Case Management System which shall automatically notify the concerned European Delegated Prosecutor.

(…)

3. The case management system may be linked to the secure telecommunications connection referred to in Article 9 of Council Decision 2008/976/JHA ¹).

¹) Council Decision 2008/976/JHA of 16 December 2008 on the European Judicial Network (OJ L 348, 24.12.2008, p. 130).

4. The case management system shall contain:

(a) a register of information obtained by the EPPO in accordance with Article 24, including any decisions in relation to that information,

Article 38  |  Registration of information

– as amended by College Decision 026/2022 effective 30 August 2022

1. All information received by the EPPO in accordance with Article 24 of the Regulation, as well as acquired by the EPPO ex officio which refers to any criminal conduct in respect of which the EPPO may exercise its competence shall be registered in the register kept in accordance with Article 44(4)(a) of the Regulation (hereinafter the Register).

2. The registration shall include the date, time and place of receipt of the information, and the person opening the registration file. It shall further include the following details:

a) the source of the information, including the identity and contact details of the organisation or person who has provided it, unless applicable rules regarding the protection of informers and whistle-blowers are applicable and provide otherwise;

b) the format of the information, including reference to any document or other item, which cannot be stored in original in the Case Management System;

c) whether the file is opened with a view to initiating or evoking an investigation;

3. The registration should also contain, to the extent available:

a) the possible legal qualification of the reported criminal conduct, including if it was committed by an organised group;

b) a short description of the reported criminal conduct, including the date when it was committed;

c) the amount and nature of the estimated damage;

d) the Member State(s) where the focus of the criminal activity is, respectively where the bulk of the offenses, if several, was committed;

e) other Member States that may be involved;

f) the names of the potential suspects and any other involved persons in line with Article 24(4) of the Regulation, their date and place of birth, identification numbers, habitual residence and / or nationality, their occupation, suspected membership of a criminal organisation;

g) whether privileges or immunities may apply;

h) the potential victims (other than the European Union);

i) the place where the main financial damage has occurred;

j) inextricably linked offences;

k) any other additional information, if deemed appropriate by the inserter.

4. To the extent possible, the document containing the information and all the items attached to it shall be converted in an electronically storable format within the Case Management System.

5. Based on the content of paragraph 3(d) above, the Case Management System shall notify the appropriate European Prosecutor(s). Additionally, where the assessment of paragraph 3(g) is positive, the Case Management System shall notify the European Chief Prosecutor.

6. Where the information contains special categories of personal data as defined in Article 55 of the Regulation, these may be only processed if the requirements set out in Article 55 of the Regulation are met. The special categories of personal data shall be marked as such in the Case Management System, and the grounds for their storage noted. The Case Management System shall notify the Data Protection Officer of any such registration.

7. In deviation from paragraph 1, information reported by private parties that manifestly does not refer to a criminal conduct in respect of which the EPPO may exercise its competence shall be referred by a European Delegated Prosecutor or a European Prosecutor to the competent national authorities without undue delay, in line with Article 24(8) of the Regulation or returned to the reporting party and / or deleted. An appropriate log shall be kept. In case of referral, the private parties shall be informed thereof by a European Delegated Prosecutor or a European Prosecutor, in accordance with applicable national law.

quill

See also Article 17 of College Decision 009/2020 concerning the processing of personal data

(b) an index of all case files;

(c) all information from the case files stored electronically in the case management system in accordance with Article 45(3).

The index shall not contain any operational personal data other than data needed to identify cases or establish cross-links between different case files.

Article 41  |  Decision to initiate an investigation or to evoke a case

– as amended by Council Decision 085/2021

1. Where, following the verification, the EPPO decides to exercise its competence by initiating an investigation or evoking a case, a case file shall be opened and it shall be assigned an identification number in the index of the case files (hereinafter the Index). A permanent link to the related registration under Article 38(1) above shall be automatically created by the Case Management System.

2. The corresponding reference in the Index shall contain, to the extent available:

a) As regards suspected or accused persons in the criminal proceedings of the EPPO or persons convicted following the criminal proceedings of the EPPO,

i. surname, maiden name, given names and any alias or assumed names;

ii. date and place of birth;

iii. nationality;

iv. sex;

v. place of residence, profession and whereabouts of the person concerned,

vi. social security numbers, ID-codes, driving licences, identification documents, passport data, customs and tax identification numbers;

vii. description of the alleged offences, including the date on which they were committed;

viii. category of the offences, including the existence of inextricably linked offences;

ix. the amount of the estimated damages;

x. suspected membership of a criminal organisation;

xi. details of accounts held with banks and other financial institutions;

xii. telephone numbers, SIM-card numbers, email addresses, IP addresses, and account and user names used on online platforms;

xiii. vehicle registration data;

xiv. identifiable assets owned or utilised by the person, such as crypto-assets and real estate.

xv. information whether potential privileges or immunities may apply.

b) as regards natural persons who reported or are victims of offences that fall within the competence of the EPPO,

i. surname, maiden name, given names and any alias or assumed names;

ii. date and place of birth;

iii. nationality;

iv. sex;

v. place of residence, profession and whereabouts of the person concerned;

vi. ID-codes, identification documents, and passport data;

vii. description and nature of the offences involving or reported by the person concerned, the date on which the offences were committed and the criminal category of the offences.

c) as regards contacts or associates of one of the persons referred to in point (a) above,

i. surname, maiden name, given names and any alias or assumed names;

ii. date and place of birth;

iii. nationality;

iv. sex;

v. place of residence, profession and whereabouts of the person concerned;

vi. ID-codes, identification documents, and passport data.

The categories of personal data referred to above under points (a)(x)-(xv) shall be entered in the Index only to the extent practicable, taking into account the operational interest and available resources. The reference in the Index shall be maintained up to date during the investigation of a  case file. The Case Management System shall periodically notify the European Prosecutor and the European Delegated Prosecutor concerned if certain categories of information are not entered in the Index.

(…)

Article 62  |  Cross checking of information

1. Information entered in the Index shall automatically be crosschecked against the Register, the Index and all information from the case files stored electronically in the Case Management System.

2. In case of a hit, the handling European Delegated Prosecutor and the supervising European Prosecutor of the underlying cases shall be notified.

3. If access to one of the linked cases was temporarily restricted to certain users in accordance with Article 61(3), only the handling European Delegated Prosecutor and the supervising European Prosecutor of the respective case shall be notified.

4. The application of paragraphs 1 to 3 above shall also be permissible for information inserted into or added to the Register and information from the case files stored electronically in the Case Management System not in the Index.

quill

See also Art. 49(3) EPPO-Reg and Commission Delegated Regulation (EU) 2020/2153

5. For the processing of operational personal data, the EPPO may only establish automated data files other than case files in accordance with this Regulation and with the internal rules of procedure of the EPPO. Details on such other automated data files shall be notified to the European Data Protection Supervisor.

Article 65  |  Establishment of automated data files other than case files for the processing of operational personal data

1. Where required for the fulfilment of its tasks, the EPPO may process operational personal data other than in case files, in line with Article 44(5) of the Regulation.

2. Where such processing is necessary, the procedure for the notification of the European Data Protection Supervisor, as well as the procedure for the actual processing of operational personal data and the respectively applicable safeguards, shall be dealt with in the implementing rules adopted under Article 64 above.

quill

See also Article 19 of College Decision 009/2020 concerning the processing of personal data

Recital 47 of the EPPO Regulation

(47) The work of the EPPO should, in principle, be carried out in electronic form. A case management system should be established, owned and managed by the EPPO. The information in the case management system should include information received about possible offences that fall under the EPPO’s competence, as well as information from the case files, also when those have been closed. The EPPO should, when establishing the case management system, ensure that the system allows the EPPO to operate as a single office, where the case files administered by European Delegated Prosecutors are available to the Central Office for the exercise of its decision-making, monitoring and direction, and supervision tasks.

Full-text search

Access to information by the EPPO  |  Article 43
Access to the case management system  |  Article 46
Administrative Director Status, appointment  |  Article 18
Administrative Director Responsiilities  |  Article 19
Administrative personal data  |  Article 48
Annual Reports of the EPPO  |  Article 7
Appointment and dismissal – Administrative Director  |  Article 18
Appointment and dismissal – European Delegated Prosecutors  |  Article 17
Appointment and dismissal – Deputy European Chief Prosecutors  |  Article 15
Appointment and dismissal – European Chief Prosecutors  |  Article 14
Appointment and dismissal – European Prosecutors  |  Article 16
Authorized access to operational personal data within the EPPO  |  Article 76
Automated individual decision-making, including profiling (data protection)  |  Article 56
Basic principles of the activities of the EPPO  |  Article 5
Budget  |  Article 91
Case files of the EPPO  |  Article 45
Case management system  |  Article 44
College  |  Article 9
Communication and modalities for exercising the rights of the data subject  |  Article 57
Communication of a personal data breach to the data subject  |  Article 75
Conducting the investigation  |  Article 28
Confidentiality and professional secrecy  |  Article 108
Cooperation between the EDPS and national supervisory authorities  |  Article 87
Cross-border investigations  |  Article 31
Data protection by design and by default (data protection)  |  Article 67
Data protection impact assessment  |  Article 71
Data Protection Officer of the EPPO – Designation of the data protection officer  |  Article 77
Data Protection Officer of the EPPO – Position of the data protection officer  |  Article 78
Data Protection Officer of the EPPO – Tasks of the data protection officer  |  Article 79
Definitions  |  Article 2
Delegated Commision Acts  |  Article 115
Deputy European Chief Prosecutors – Status and functions  |  Article 11
Deputy European Chief Prosecutors – Appointment and dismissal  |  Article 15
Dismissal of the case  |  Article 39
Disposition of confiscated assets  |  Article 38
Distinction between different categories of data subjects  |  Article 51
Distinction between personal data and verification of quality of personal data  |  Article 52
Enforcement of assigned measures  |  Article 32
Entry into force of the Regulation  |  Article 120
Establishment of the EPPO  |  Article 3
Establishment of the budget  |  Article 92
European Chief Prosecutor – Status and functions  |  Article 11
European Chief Prosecutor – Conditions of employment  |  Article 14
European Chief Prosecutor – Conditions of employment  |  Article 96(1)
European Data Protection Supervisor – Cooperation with the EDPS  |  Article 70
European Data Protection Supervisor – Prior consultation of the EDPS  |  Article 72
European Data Protection Supervisor – Notification of a personal data breach to the EDPS  |  Article 74
European Delegated Prosecutors – Status and functions  |  Article 13
European Delegated Prosecutors – Appointment and dismissal  |  Article 17
European Delegated Prosecutors – Conditions of employment  |  Article 96(6)
European Ombudsman  |  Article 112
European Prosecutors – Status and functions  |  Article 12
European Prosecutors – Appointment and dismissal  |  Article 16
European Prosecutors – Conditions of employment  |  Article 96(1)
Evidence  |  Article 37
Exercise of rights by the data subject and verification by the European Data Protection Supervisor  |  Article 62
Exercise of the competence of the EPPO  |  Article 25
Financial actors  |  Article 90
Financial rules  |  Article 95
Staff provisions – general principles  |  Article 96
General regime of liability  |  Article 113
Implementation of the budget  |  Article 93
Implementing rules and programme documents  |  Article 114
Independence and accountability  |  Article 6
Information to be made available or given to the data subject  |  Article 58
Initiation of investigations and allocation of competences within the EPPO  |  Article 26
Internal rules of procedure of the EPPO  |  Article 21
Joint controllers (data protection)  |  Article 64
Judicial review  |  Article 42
Language arrangements  |  Article 107
Legal status and operating conditions  |  Article 106
Lifting priviliges or immunities  |  Article 29
Limitations of the right of access (data protection)  |  Article 60
Logging in respect of automated processing (data protection)  |  Article 69
Material competence of the EPPO  |  Article 22
Notifications by Member States  |  Article 117
Obligations of the EPPO (data protection)  |  Article 63
OLAF and the Court of Auditors  |  Article 110
Permanent Chambers  |  Article 10
Pre-trial arrest and cross-border surrender  |  Article 33
Presentation of accounts and discharge  |  Article 94
Principles relating to processing of personal data  |  Article 47
Processing of operational personal data  |  Article 49
Processing of spedial categories of operational personal data  |  Article 55
Processing under the authority of the controller or processor  |  Article 66
Processor (data protection)  |  Article 65
Professional secrecy of the EDPS  |  Article 86
Prosecution before national Courts  |  Article 36
Provisional administrative arrangements of the EPPO  |  Article 20
Records of categories of processing activities (data protection)  |  Article 68
Referrals and transfers of proceedings to the national authorities  |  Article 34
Relations of the EPPO with its partners – Common provisions  |  Article 99
Relations of the EPPO with its partners – Eurojust  |  Article 100
Relations of the EPPO with its partners – Europol  |  Article 102
Relations of the EPPO with its partners – Non-participating Member States  |  Article 105
Relations of the EPPO with its partners – OLAF  |  Article 101
Relations of the EPPO with its partners – Institutions, bodies, offices and agencies of the Union  |  Article 103
Relations of the EPPO with its partners – Third countries and international organisation  |  Article 104
Reporting, registration and verification of information  |  Article 24
Review clause  |  Article 119
Review of the rules on data protection  |  Article 118
Right of evocation  |  Article 27
Right to judicial review against the EDPS  |  Article 89
Right to lodge a compliant with the EDPS  |  Article 88
Right to rectification or erasure of operational personal data and restriction of data processing  |  Article 61
Rights of access by the data subject  |  Article 59
Rules on investigation measures and other measures  |  Article 30
Rules on protection of sensitive non-classified and classified information  |  Article 111
Scope of the rights of the suspects and accused persons  |  Article 41
Seconded experts and other staff  |  Article 98
Security of processing of operational personal data  |  Article 73
Simplified prosecution procedures  |  Article 40
Specific processing conditions (data protection)  |  Article 53
Structure of the EPPO  |  Article 8
Subject matter  |  Article 1
Supervision by the European Data Protection Supervisor  |  Article 85
Tasks of the EPPO  |  Article 4
Temporary agents and contract agents  |  Article 98
Termination of the investigation  |  Article 35
Territorial and personal competence of the EPPO  |  Article 23
Time-limits for the storage of operational personal data  |  Article 50
Transfers of operational personal data – General principles for transfers of operational personal data  |  Article 80
Transfers of operational personal data – Transfers on the basis of an adequacy decision  |  Article 81
Transfers of operational personal data – Transfers subject to appropriate safeguards  |  Article 82
Transfers of operational personal data – Derogations for specific situations  |  Article 83
Transfers of operational personal data – Transfers to recipients established in third countries  |  Article 84
Transmission of operational personal data to institutions, bodes, offices and agencies of the Union  |  Article 54
Transparency  |  Article 109
Urgency procedure in case of Delegated Commission Acts  |  Article 116

Chapter I … Subject Matter and definitions

Article 1 … Subject Matter

Article 2 … Definitions

Chapter II … Establishment, tasks and basic principles of the EPPO

Article 3 … Establishment

Article 4 … Tasks

Article 5 … Basic principles of the activities

Article 6 … Independence and accountability

Article 7 … Reporting

Chapter III … Status, structure and organisation of the EPPO

Section 1 … Status and structure of the EPPO

Article 8 … Structure of the EPPO

Article 9 … The College

Article 10 … The Permanent Chambers

Article 11 … The European Chief Prosecutor and the Deputy European Chief Prosecutors

Article 12 … The European Prosecutors

Article 13 … The European Delegated Prosecutors

Section 2 … Appointment and dismissal of the members of the EPPO

Article 14 … Appointment and dismissal of the European Chief Prosecutor

Article 15 … Appointment and dismissal of the Deputy European Chief Prosecutors

Article 16 … Appointment and dismissal of the European Prosecutors

Article 17 … Appointment and dismissal of the European Delegated Prosecutors

Article 18 … Status of the Administrative Director

Article 19 … Responsibilities of the Administrative Director

Article 20 … Provisional administrative arrangements of the EPPO

Section 3 … Internal rules of procedure of the EPPO

Article 21 … Internal rules of procedure of the EPPO

Chapter IV … Competence and exercise of the competence of the EPPO

Section 1 … Competence of the EPPO

Article 22 … Material competence of the EPPO

Article 23 … Territorial and personal competence of the EPPO

Section 2 … Exercise of the competence of the EPPO

Article 24 … Reporting, registration and verification of information

Article 25 … Exercise of the competence of the EPPO

Chapter V … Rules of procedure on investigations, investigation measures, prosecution and alternatives to prosecution

Section 1 … Rules on investigations

Article 26 … Initiation of investigations and allocation of competences within the EPPO

Article 27 … Right of evocation

Article 28 … Conducting the investigation

Article 29 … Lifting priviliges or immunities

Section 2 … Rules on investigation measures and other measures

Article 30  … Investigation measures and other measures

Article 31  … Cross-boder investigations

Article 32  … Enforcement of assigned measures

Article 33  … Pre-trial arrest and cross-border surrender

Section 3 … Rules on prosecution

Article 34  … Referrals and transfers of proceedings to the national authorities

Article 35  … Termination of the investigation 

Article 36  … Prosecution before national Courts

Article 37  … Evidence

Article 38  … Disposition of confiscated assets

Section 4 … Rules on alternatives to prosecution

Article 39  … Dismissal of the case

Section 5 … Rules on simplified procedures

Article 40  … Simplified prosecution procedures

Chapter VI … Procedural safeguards

Article 41 … Scope of the rights of the suspects and accused persons

Article 42 … Judicial review

Chapter VII … Processing of information

Article 43 … Access to information by the EPPO

Article 44 … Case management system

Article 45 … Case files of the EPPO

Article 46 … Access to the case management system

Chapter VIII … Data protection

[Section 1 … Principles]

Article 47 … Principles relating to processing of personal data

Article 48 … Administrative personal data

Article 49 … Processing of operational personal data

Article 50 … Time-limits for the storage of operational personal data

Article 51 … Distinction between different categories of data subjects

Article 52 … Distinction between personal data and verification of quality of personal data

Article 53 … Specific processing conditions

Article 54 … Transmission of operational personal data to institutions, bodies, offices and agencies of the Union

Article 55 … Processing of spedial categories of operational personal data

Article 56 … Automated individual decision-making, including profiling

[Section 2 … Rights of the data subject]

Article 57 … Communication and modalities for exercising the rights of the data subject

Article 58 … Information to be made availiable or given to the data subject

Article 59 … Rights of access by the data subject

Article 60 … Limitations of the right of access

Article 61 … Right to rectification or erasure of operational personal data and restriction of data processing

Article 62 … Exercise of rights by the data subject and verification by the European Data Protection Supervisor

[Section 3 … Controller and processor]

Article 63 … Obligations of the EPPO

Article 64 … Joint controllers

Article 65 … Processor

Article 66 … Processing under the authority of the controller or processor

Article 67 … Data protection by design and by default

Article 68 … Records of categories of processing activities

Article 69 … Logging in respect of automated processing

Article 70 … Cooperation with the European Data Protection Supervisor

Article 71 … Data protection impact assessment

Article 72 … Prior consultation of the European Data Protection Supervisor

[Section 4 … Security of personal data]

Article 73 … Security of processing of operational personal data

Article 74 … Notification of a personal data breach to the European Data Protection Supervisor

Article 75 … Communication of a personal data breach to the data subject

Article 76 … Authorised access to operational personal data within the European Data Protection Supervisor

 [Section 5 … Data Protection Officer]

Article 77 … Designation of the Data Protection Officer

Article 78 … Position of the Data Protection Officer

Article 79 … Tasks of the data protection officer

[Section 6 … Transfers of personal data to third countries or international organisations]

Article 80 … General principles for transfers of operational personal data

Article 81 … Transfers on the basis of an adequacy decision

Article 82 … Transfers subject to appropriate safeguards

Article 83 … Derogations for specific situations

Article 84 … Transfers of operational personal data to recipients established in third countries

 [Section 7 … Tasks of the European Data Protection Supervisor]

Article 85 … Supervision by the European Data Protection Supervisor

Article 86 … Professional secrecy of the European Data Protection Supervisor

Article 87 …  Cooperation between the European Data Protection Supervisor and national supervisory authorities

Article 88 … Right to lodge a compliant with the European Data Protection Supervisor

Article 89 … Right to judicial review against the European Data Protection Supervisor

Chapter IX … Financial and staff provisions

Section 1 … Financial provisions

Article 90 … Financial actors

Article 91 … Budget

Article 92 … Establishment of the budget

Article 93 … Implementation of the budget

Article 94 … Presentation of accounts and discharge

Article 95 … Financial rules 

Section 2 … Staff provisions

Article 96 … General provisions

Article 97 … Temporary agents and contract agents

Article 98 … Seconded experts and other staff

Chapter X … Provisions on the relations of the EPPO with its partners

Article 99 … Common provisions

Article 100 … Relations with Eurojust

Article 101 … Relations with OLAF

Article 102 … Relations with Europol

Article 103 … Relations with other institutions, bodies, offices and agencies of the Union

Article 104 … Relations with third countries and international organisations

Article 105 … Relations with Member States of the European Union which do not participate in enhanced cooperation on the establishment of the EPPO

Chapter XI … General provisions

Article 106 … Legal status and operating conditions

Article 107 … Language arrangements

Article 108 … Confidentiality and professional secrecy

Article 109 … Transparency

Article 110 … OLAF and the Court of Auditors

Article 111 … Rules on protection of sensitive non-classified and  classified information

Article 112 … Administrative inquiries

Article 113 … General regime of liability

Article 114 … Implementing rules and programme documents

Article 115 … Exercise of delegation

Article 116 … Urgency procedure

Article 117 … Notifications

Article 118 … Review of the rules relating to the protection of natural persons with regard to the processing of personal data by the EPPO

Article 119 … Review clause

Article 120 … Entry into force

Annex