EPRIS 2026: What Changes in the Exchange of Police Records in the EU

Key data

European police forces will be able to consult in real time whether a person has criminal records in another EU country. Implementing Decision (EU) 2026/1065, published on 10 June 2026, develops Regulation (EU) 2024/982 and establishes the technical and operational rules that make this automated cross-border police cooperation possible through the EPRIS system.

Until now, the consultation of criminal records between EU countries depended on manual processes and bilateral channels that slowed down investigations. With this decision, the complete technical framework is established so that this consultation is automatic, standardized and with data protection guarantees.

What does this regulation establish?

Implementing Decision 2026/1065 develops in detail the technical and operational aspects of the EPRIS system. The specific elements it regulates are as follows:

The stated objective of the regulation is to streamline cross-border police cooperation, allowing faster identification of persons with records in other EU countries. The EPRIS system acts as a European index: it does not centralize data, but allows knowing which country has information about a person and facilitates automated access to that information.

Economic and operational impact

This regulation does not generate direct costs for private companies. Its impact is fundamentally operational and technological for public security administrations. The main vectors of impact are:

• Technological adaptation: The computer systems of each national security body must be integrated with EPRIS, complying with the data formats and search protocols established. This involves investment in software development or updating.
• Review of internal protocols: The operational procedures of security forces must be updated to incorporate the new access conditions and automated consultation flows.
• Data protection compliance: The data exchanged are sensitive personal data of a police nature. National supervisory authorities will monitor compliance, which requires implementing the technical and organizational guarantees provided for in the regulation.
• Staff training: Officers and technical managers must be familiar with the new search procedures and obligations arising from the processing of police data in a European environment.

From the perspective of operational effectiveness, the regulation represents a significant advance: the identification of persons with records in other EU countries, which previously required days or weeks through manual channels, can now be carried out automatically as part of an active investigation.

Who does it affect?

• Law enforcement and security forces of all EU Member States (in Spain: National Police, Civil Guard, and regional bodies with competence in the matter)
• Managers of police information systems responsible for technical integration with EPRIS
• National data protection authorities with competence in the police field, which assume supervisory functions
• International police cooperation units that currently manage information exchanges with other EU countries
• Data protection officers (DPO) of security bodies, who must review the guarantees applicable to the processing of sensitive police data

Practical example

A unit of the Spanish National Police investigates a suspect of Romanian origin arrested in Barcelona. Before the implementation of EPRIS, to find out if that person has records in Romania, the officer had to activate bilateral cooperation channels (Interpol, Europol or direct contact with Romanian police), a process that could take days.

With the EPRIS system fully operational and national systems adapted in accordance with this Implementing Decision, the Spanish unit can launch an automated search in the European index. The system returns whether Romania (or another Member State) has records on that person, and the officer can request access to that information following the procedures and data formats established in the regulation, with all applicable data protection guarantees.

This scenario requires that the computer systems of the National Police are integrated with EPRIS according to the technical standards set by this decision, and that the internal protocols for access and data processing are updated.

What should organizations do now?

1. Identify the impact on own computer systems: Technical managers of each security body must assess what adaptations their systems require to comply with the data formats and search procedures established by the regulation.
2. Review and update internal protocols for access to cross-border police information: Operational procedures must reflect the new conditions for accessing the EPRIS system and automated consultation flows.
3. Involve the DPO or data protection officer: The data exchanged are sensitive personal data of a police nature. It is necessary to review the technical and organizational guarantees implemented and ensure that they comply with the requirements of the regulation and with the supervision of the national supervisory authority.
4. Plan staff training: Officers and technicians who will use the EPRIS system must be familiar with search procedures, access conditions and data protection obligations.
5. Monitor the entry into force date: The decision does not specify a specific date of application. It is necessary to follow regulatory developments to learn about the adaptation deadlines required.

Official source

Consult the complete regulation in the official source

Disclaimer: This article is for informational purposes only and does not constitute legal advice. For specific decisions, consult a qualified professional. Source: https://eur-lex.europa.eu/./legal-content/AUTO/?uri=OJ:L_202601065