Responsible AI Platform
🇳🇱 Nederlands

Annex X AI Act

Union legislation on large-scale IT systems in the area of freedom, security and justice

Official text

Union legislative acts on large-scale IT systems in the area of Freedom, Security and Justice 1.   Schengen Information System

(a) Regulation (EU) 2018/1860 of the European Parliament and of the Council of 28 November 2018 on the use of the Schengen Information System for the return of illegally staying third-country nationals (OJ L 312, 7.12.2018, p. 1).

(b) Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006 (OJ L 312, 7.12.2018, p. 14).

(c) Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU (OJ L 312, 7.12.2018, p. 56).

2.   Visa Information System

(a) Regulation (EU) 2021/1133 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EU) No 603/2013, (EU) 2016/794, (EU) 2018/1862, (EU) 2019/816 and (EU) 2019/818 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the Visa Information System (OJ L 248, 13.7.2021, p. 1).

(b) Regulation (EU) 2021/1134 of the European Parliament and of the Council of 7 July 2021 amending Regulations (EC) No 767/2008, (EC) No 810/2009, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1860, (EU) 2018/1861, (EU) 2019/817 and (EU) 2019/1896 of the European Parliament and of the Council and repealing Council Decisions 2004/512/EC and 2008/633/JHA, for the purpose of reforming the Visa Information System (OJ L 248, 13.7.2021, p. 11).

3.   Eurodac Regulation (EU) 2024/1358 of the European Parliament and of the Council of 14 May 2024 on the establishment of ‘Eurodac’ for the comparison of biometric data in order to effectively apply Regulations (EU) 2024/1315 and (EU) 2024/1350 of the European Parliament and of the Council and Council Directive 2001/55/EC and to identify illegally staying third-country nationals and stateless persons and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, amending Regulations (EU) 2018/1240 and (EU) 2019/818 of the European Parliament and of the Council and repealing Regulation (EU) No 603/2013 of the European Parliament and of the Council (OJ L, 2024/1358, 22.5.2024, ELI: http://data.europa.eu/eli/reg/2024/1358/oj). 4.   Entry/Exit System Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011 (OJ L 327, 9.12.2017, p. 20). 5.   European Travel Information and Authorisation System

(a) Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).

(b) Regulation (EU) 2018/1241 of the European Parliament and of the Council of 12 September 2018 amending Regulation (EU) 2016/794 for the purpose of establishing a European Travel Information and Authorisation System (ETIAS) (OJ L 236, 19.9.2018, p. 72).

6.   European Criminal Records Information System on third-country nationals and stateless persons Regulation (EU) 2019/816 of the European Parliament and of the Council of 17 April 2019 establishing a centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN) to supplement the European Criminal Records Information System and amending Regulation (EU) 2018/1726 (OJ L 135, 22.5.2019, p. 1). 7.   Interoperability

(a) Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27).

(b) Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (OJ L 135, 22.5.2019, p. 85).

Source: EUR-Lex, Regulation (EU) 2024/1689 — text reproduced verbatim.

📬 AI Act Weekly

Get the most important AI Act developments in your inbox every week.

Subscribe

Frequently asked questions

What does Annex X of the AI Act contain?

Annex X contains a list of EU legislation on large-scale IT systems in the area of freedom, security and justice, including the Schengen Information System (SIS), Visa Information System (VIS), Eurodac, Entry/Exit System (EES), and ETIAS.

Why does the AI Act reference these IT systems?

These large-scale IT systems process sensitive data in the context of border control, migration and law enforcement. The AI Act references them to ensure AI components in these systems meet appropriate requirements.

Which systems are listed in Annex X?

Seven categories: (1) Schengen Information System (SIS), (2) Visa Information System (VIS), (3) Eurodac, (4) Entry/Exit System (EES), (5) European Travel Information and Authorisation System (ETIAS), (6) ECRIS-TCN, and (7) interoperability framework.

Is the Schengen Information System (SIS) an AI system?

SIS itself is not an AI system, but if AI components are integrated into SIS (e.g. for biometric matching), these fall under AI Act rules. Annex X references the underlying legislation governing these systems.

What is the relationship between Annex X and Annex III?

Annex III, point 7 classifies AI systems for migration, asylum and border control as high-risk. Annex X specifies the EU legislation for the large-scale IT systems in which such AI may be integrated.

Does Eurodac fall under the AI Act?

Eurodac itself is a biometric database, not an AI system. But AI components integrated into Eurodac (e.g. for biometric comparison) do fall under the AI Act, and Annex X references the relevant Eurodac regulation.

Is Annex X relevant for private organisations?

Annex X is primarily relevant for EU institutions, national authorities and agencies managing these large-scale IT systems. However, private organisations developing AI components for these systems must also comply with the AI Act.

How many regulations are listed in Annex X?

Annex X references more than 15 EU regulations and directives, grouped into 7 categories of large-scale IT systems in the area of freedom, security and justice.