Ref. Ares(2023)1355086 - 23/02/2023

Explanation of infringement procedures launched by the European Commission for breaches of
European Union law


1.       Principles

Each Member State is responsible for the transposition, application and implementation of European
Union law in its internal legal system. Only national courts can, where appropriate, order a Member
State to compensate individuals for infringements of European Union law attributable to it. They have
the power to issue orders to administrative bodies and annul a national decision. Therefore, by using the
means of redress available at national level (national administrative or judicial authorities) you should,
as a rule, be able to assert your rights more directly and more personally than infringement procedures
brought by the Commission could.

The European Commission is entrusted with the task of overseeing the application, implementation and
enforcement of European Union law. Where a Member State fails to comply with European Union law,
the Commission may initiate infringement procedures and if necessary, refer the case to the Court of
Justice. It is up to the Commission to decide whether or not to act, and how to act, in response to a
complaint concerning a breach of European Union law.

A breach of European Union law means the failure, either by action or omission, of a Member State to
fulfil its obligations under the Treaties. Any breach of European Union law by an authority of a
Member State, irrespective of the level of the authority involved (at central, regional or local level) is
attributable to the Member State to which that authority belongs.

Anyone may lodge a complaint with the Commission free of charge against any Member State about
any measure (law, regulation or administrative action) or the absence of such measure or practice which
they consider incompatible with European Union law. You do not have to demonstrate a formal interest
in bringing proceedings nor do you have to prove that you are principally and directly concerned by the
infringement complained of. A complaint about a breach of European Union law has to relate to an
infringement of European Union law by a Member State. It cannot therefore concern a private dispute.

2          Handling of your complaint by the Commission's services

After examining the facts and in the light of the rules and priorities established by the Commission for
opening and pursuing infringement procedures1, the Commission services will decide whether further
action should be taken on your complaint.

It may be necessary to gather further information to determine the factual and legal situation of your
case. If necessary, you will be asked to supply further information. Should the Commission contact the
authorities of the Member State against which you have made your complaint, it will not disclose your
identity unless you have given your express permission to do so (see below point 3).

If the Commission considers that there may be an infringement of European Union law which warrants
the opening of an infringement procedure, it addresses a "letter of formal notice" to the Member State
concerned, requesting it to submit its observations by a specified date.

In the light of the reply or absence of a reply from the Member State concerned, the Commission may
decide to address a "reasoned opinion" to the Member State, calling on the Member State to comply
with European Union law within a specified period.

The purpose of those formal contacts is to determine whether there is indeed an infringement of
European Union law and, if so, to resolve the case at this stage without having to take it to the Court of
Justice. The Commission may decide whether or not to pursue the infringement procedures any further.



1
    Communication from the Commission - EU law: Better results through better application (C(2016)8600 final).

                                                            1

If the Commission brings the case before the Court of Justice of the European Union, it may take
several years for the Court of Justice to hand down its judgment. Judgments of the Court of Justice
differ from those of national courts. The Court of Justice delivers a judgment stating whether there has
been an infringement of European Union law. The Court of Justice cannot annul a national provision
which is incompatible with European Union law, nor force a national administration to respond to the
request of an individual, nor order the Member State to pay damages to an individual adversely affected
by an infringement of European Union law.

It is up to a Member State against which the Court of Justice has handed down its judgment to take
whatever measures are necessary to comply with it, particularly to resolve the dispute which gave rise
to the proceedings. If the Member State does not comply, the Commission may again bring the matter
before the Court of Justice seeking to have financial sanctions imposed on the Member State until the
latter puts an end to the infringement.

Following the examination of your complaint, the Commission may also decide not to open formal
infringement procedures, even if it considers that a breach of EU law has occurred.2

3.         Administrative procedures for the handling of your complaint

After receiving your complaint, the Commission will:

      a. register your complaint (by assigning to it an official reference number, which should be quoted
         in any further correspondence) and acknowledge its receipt within 15 working days;

      b. perform a preliminary assessment of your complaint within two months from its registration
         and inform you of its results;

      c. assess your complaint with a view to arriving at a decision to issue a formal notice or to close
         the case within not more than one year. Where that time limit is exceeded, the Commission will
         inform you in writing of the status of the file;

      d. where appropriate, propose to transfer it to the most suitable problem-solving mechanism;

      e. inform you about progress on your complaint;

      f.   not disclose your identity to the authorities of the Member State concerned, unless you have
           explicitly chosen non-confidential treatment of your complaint.

You are referred to the following Commission documents which explain the Commission's general
approach to the management of correspondence and complaints:
 Code of good administrative behaviour for staff of the European Commission in their relations with
   the public, available on the EUR-Lex website (http://eur-lex.europa.eu) under its publication
   reference, Official Journal L 267, 20.10.2000, p. 63.
 Administrative procedures for the handling of relations with the complainant regarding the
   application of European Union law, Annex to the Commission Communication "EU law: Better
   results through better application", accessible on the EUR-Lex website (http://eur-lex.europa.eu)
   under the reference C/2016/8600 and published in the Official Journal OJ C 18, 19.1.2017, p. 10–20.
 Action 20 of the Communication: 'Long term action plan for better implementation and enforcement
   of single market rules', accessible on the EUR-Lex website (http://eur-lex.europa.eu) under the
   reference COM/2020/94 final.
 Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on
   the protection of natural persons with regard to the processing of personal data by the Union
   institutions, bodies, offices and agencies and on the free movement of such data, and repealing
   Regulation (EC) No 45/2001 and Decision No 1247/2002/EC, available on the EUR-Lex website
   (http://eur-lex.europa.eu) under its publication reference, Official Journal L 295, 21.11.2018, p. 39.

2
    Communication from the Commission - EU law: Better results through better application (C(2016)8600 final).

                                                            2

Specific privacy statement


                              Handling complaints about the application of EU law

The processing of personal data by the European Commission is subject to the provisions of Regulation
(EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of
natural persons with regard to the processing of personal data by the Union institutions, bodies, offices
and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and
Decision No 1247/2002/EC.1

This privacy statement explains the reason for the processing of your personal data, the way the
European Commission collects, handles and ensures protection of all personal data provided, how that
information is used and what rights you have in relation to your personal data. It also specifies the
contact details of the responsible Data Controller with whom you may exercise your rights, the Data
Protection Officer and the European Data Protection Supervisor.

1. The process of handling complaints

Any person or body may file with the Commission a complaint about the application of EU law by a
Member State. The Commission will examine the complaint and decide whether or not further action
should be taken. For instance, the Commission may enter into an informal dialogue with the authorities
of the concerned Member States on issues related to potential non-compliance with EU law and/or may
decide to launch a formal infringement procedure against the respective Member State.

2. Identity of the data controller

The controller of the processing operation is the unit responsible for implementation and enforcement
of EU law in the Secretariat-General of the European Commission.

3. Purpose

The purpose of collecting and handling complaints, including personal data/information contained
therein, is to enable the Commission to learn about potential infringements of European Union law and
thus carry out its task under Article 17 of the Treaty on European Union to ensure that Member States
apply the provisions of the Treaty and the measures taken under it.

The Commission handles complaints about the application of EU law by Member States in a consistent
way and in line with its Communication ‘EU law: Better results through better application’, accessible
on the EUR-Lex website (http://eur-lex.europa.eu) under the reference C/2016/8600 and published in
the Official Journal OJ C 18, 19.1.2017, p. 10–20 and Action 20 of the Communication ‘Long term
action plan for better implementation and enforcement of single market rules’, accessible on the EUR-
Lex website (http://eur-lex.europa.eu) under the reference COM/2020/94 final.

Your personal data will not be used for an automated decision-making including profiling.

4. Grounds for lawful processing

Personal data are processed for the performance of a task carried out in the public interest in accordance
with Article 5(1)(a) of Regulation 2018/1725. The corresponding Union law for the processing of
personal data based on Article 5(1)(a) are Articles 4(3) and 17 of the Treaty on European Union (TEU),
and Articles 258, 260 and 291 of the Treaty on the functioning of the European Union (TFEU).

The processing of non-mandatory personal data of the complainant, as well as any possible disclosure
of the complainant’s personal data to the Member State concerned by the respective complaint (at the

1   OJ L 295, 21.11.2018, p. 39.
                                                         1

phase of EU Pilot or formal infringement procedure), is based on the consent of the complainant in
accordance with Article 5(1)(d) of Regulation 2018/1725.

5. Information collected

To give effect to the complainants’ administrative guarantees and ensure their proper information, the
Commission requires to be provided with the surname, first name, address and e-mail address (for the
online complaint form) of the complainant (natural person or legal entity2), as well as their agreement or
the lack of their agreement to disclose their identity to the national authorities against which the
complaint is lodged. Furthermore, to allow the Commission to examine the complaint, the following
additional information must be supplied: the national authority complained about, the national
measure(s) which the complainant considers to be in breach of EU law, previous action taken to solve
the problem.

The information collected by the Commission may also include the complainant’s title, their telephone
and fax numbers, email address, website, and (where applicable) the name of their representative and
the details thereof (name, title, address, telephone and fax number, e-mail address, website). The full
text of the complaint, including any other documents provided by the complainant, may contain other
personal data of a very diverse nature.

No special categories of personal data under Article 10 of Regulation (EU) 2018/1725 are required for
the purpose of handling a complaint.

6. Storage and security

The personal information collected and all other relevant information are stored on the European
Commission servers in the Data Centre in Luxembourg. The server operates under the Commission's
decisions and provisions on security established by the Security Directorate for this kind of server and
service, namely Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of
communication and information systems in the European Commission.

In order to protect the personal data being processed, the European Commission has put in place a
number of technical and organisational measures. Technical measures include appropriate actions to
address online security, risk of data loss, alteration of data or unauthorised access, taking into
consideration the risk presented by both the processing itself and the nature of the personal data being
processed. Organisational measures include restricting access to the personal data solely to authorised
persons with a legitimate need to know for the purposes of this processing operation.

7. Who has access to your information?

Access to the processed personal data is provided to the European Commission staff responsible for
carrying out this processing operation and to authorised staff according to the ‘need to know’ principle.
Such staff abide by statutory, and when required, additional confidentiality agreements.

Within the Commission, access to the personal information collected is granted only through a user ID
and password to a defined population of users in the Secretariat-General and other Commission
departments dealing with complaints and infringements. If the Commission enters into an exchange
with the concerned Member State and you have not consented to disclose your identity, the personal
data collected will not be available to the Member State authorities concerned. If you have given your
consent to the disclosure of your identity, access by the Member States to the personal information
collected will be limited to a defined population of users in the national administrations, and only
through a user ID and password. The Member States are data controllers for their processing of your
personal data and are bound by the provisions of Regulation (EU) 2016/679 of the European Parliament
and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of


2 Regulation (EU) 2018/1725 concerns the data protection of individuals. It does not apply to information concerning legal
entities unless this information relates to an identified or identifiable natural person.
                                                                2

personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data
Protection Regulation)3.

The information collected is not accessible to the public. Some infringement-related information is
published on the Europa webpage, but this information does not contain any personal data. The
Commission sometimes receives a large number of complaints on the same subject against the same
Member State (so-called multiple complaints). In such cases, the Commission may decide to
communicate with the complainants through publications on the Europa webpage. This communication
does not contain any personal data.

The personal information we collect will not be given to any third party (apart from the Member State
in case you consented to the disclosure of your identity), except:
      to the extent and for the purpose we may be required to do so by law; and
      for the purpose of dispatching letters of the European Commission by registered mail via a
         postal service provider (see corresponding notification ‘DPR-EC-00884 Traitement du
         courrier’ of the European Commission’s Office for Infrastructure and Logistics in Brussels).

8. How long is the information kept?

The European Commission only keeps your personal data for the time necessary to fulfil the purpose of
collection or further processing. Personal data/information allowing a complainant to be identified will
be erased 10 years after the closure of the file, if there is no follow-up given by the Commission to the
respective complaint. When the complaint led to an informal dialogue between the Commission and the
concerned Member State, which is not followed by a formal infringement procedure, personal
data/information allowing a complainant to be identified will be erased by the European Commission
10 years after the closure of the informal dialogue.

In cases where the Commission launches on the basis of a complaint a formal infringement procedure,
personal data and documents submitted by the complainant will be kept without any time limit, for
administrative, procedural and archiving purposes.

9. What are your rights and how can you exercise them?

You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU)
2018/1725, in particular the right to access your personal data and to rectify them in case your personal
data are inaccurate or incomplete. Under certain conditions, you have the right to erase your personal
data, to restrict the processing of your personal data, and the right to data portability. You have the right
to object to the processing of your personal data, which is lawfully carried out pursuant to Article
5(1)(a), on grounds relating to your particular situation.

If you have consented to the processing of certain parts of your personal data, you can withdraw your
consent at any time by notifying the Data Controller. The withdrawal will not affect the lawfulness of
the processing carried out before you have withdrawn the consent.

You have no direct access to the information stored. Anyone who wishes to exercise his/her rights as
data subjects should write an email to sg-plaintes@ec.europa.eu giving full details of their request or, in
case of conflict, to the European Commission’s Data Protection Officer. If necessary, you can also
address the European Data Protection Supervisor. Their contact information is given below.

10. Contact information

If you have any question or concern concerning the processing of your personal data or a request
thereon, please contact the data controller, either by email to sg-plaintes@ec.europa.eu or by letter to
the Secretariat-General (unit responsible for implementation and enforcement of EU law), European
Commission, B 1049 Brussels.

3
    OJ L 119, 4.5.2016, p. 1.

                                                         3

You can also contact the European Commission’s Data Protection Officer, e-mail address: data-
protection-officer@ec.europa.eu, with regard to issues related to the processing of your personal data
under Regulation (EU) 2018/1725.

11. Remedies with regard to the processing of personal data

Complaints related to the processing of personal data by the European Commission can also be
addressed to the European Data Protection Supervisor at the following address: Rue Wiertz 60 (MO
63), 1047 Brussels, Belgium, e-mail address: edps@edps.europa.eu. The European Data Protection
Supervisor is responsible for monitoring and ensuring the application of the provisions of Regulation
(EU) 2018/17254 and any other EU act relating to the protection of the fundamental rights and freedoms
of natural persons with regard to the processing of personal data by an EU institution or body.

12. Where to find more detailed information?

The Commission’s Data Protection Officer publishes the register of all operations processing personal
data. You can access the register on the following link : http://ec.europa.eu/dpo-register.

This specific processing operation has been included in the Data Protection Officer’s public register
with the following Record reference: DPR-EC-00082.




4 Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union
institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001
and Decision No 1247/2002/EC, OJ L 295, 21.11.2018, p. 39.

                                                                 4