Non Compliance Process

The Delegated Regulations on SRTI, (EU) No 886/2013, and SSTP, (EU) No 885/2013 introduce an obligation for Member States to establish a National Body which will be competent to perform compliance assessment. The Delegated Regulations for MMTIS, (EU) 2017/1926 and RTTI, (EU) 2022/670, establish an obligation for Member States to assess the compliance of the stakeholders to the requirements defined in the Delegated Regulations. In practice, the Member State will be represented by a National Body which will be competent to perform a compliance assessment.<br/>The compliance assessment performed for a stakeholder who has submitted a self-declaration may result in verdict "pass" or "fail". In practice, the "pass" verdict is given in a situation in which the results of the compliance assessment did not indicate non-compliance of the service or data covered by the assessment. <br/><br/>Based on the defined compliance assessment process, the identification of non-compliance based on random inspections might be the result of the:<br/><b>1. Theoretical assessment</b> (according to compliance assessment form)<br/>      - Check Self-declaration and accompanying documents for formal criteria <br/>      - Check National Access Point entry for data description<br/><br/><br/><b>2. Content assessment</b> (according to compliance assessment form)<br/>i. Check content of the provided information (self-declaration and accompanying documents) <br/>ii. Check data access on the National Access Point<br/>iii. Check data sets regarding the requirements<br/><br/>In its current form, the Delegated Regulations include no obligation to provide guidance regarding an individual data set or a service. <br/><br/>Handling non-compliance identified through random inspections and/or based on individual complaints for non-compliant data and/or services, could follow either a <b>positive</b> <b>approach</b> or a <b>stricter</b> one. <br/>Generally, the <b>positive approach should be</b> <b>preferred</b> in order to repair non-compliant data or services and further support avoiding non-compliance in the future. A positive approach would comprise: <br/><ul>
<li>supporting the providers in better <b>understanding</b> the requirements of the Delegated Regulations and providing appropriate data and services</li><li>providing <b>technical</b> <b>assistance</b> for appropriately managing and publishing data on the NAP</li><li>friendly <b>communication</b> between the NB or the NAP operators and the non-compliant providers</li><li><b>recognizing</b> and <b>rewarding</b> the timely response of providers to requests for corrections of data and services in order to become compliant</li><li>By social rewarding (e.g. publishing which data set(s) have received a positive assessment to the larger public. This can be done for example through a newsletter, LinkedIn-post or a label on the NAP).</li></ul>
On the other hand, a stricter approach could involve:<br/><ul>
<li><b>social blaming</b> including publicly announcing non-compliant providers</li><li><b>administrative sanctions</b> such as exclusion from NAP, potentially limited access to other data/services etc, probably associated with the impact or the repetitiveness of non-compliance</li><li><b>monetary penalties</b> increasing with the impact of non-compliance or in case of repetition</li></ul>
Although the positive approach is strongly recommended, it might be considered less effective. The final decision on how to handle non-compliance strongly depends on:<br/><ul>
<li>the <b>national legislation</b> governing the operation of the NB and the NAP in each Member State</li><li>the existing national <b>enforcement</b> and <b>penalty system</b> in each Member State</li><li>the general approach followed by the competent authorities in each Member State taking into account the local <b>cultural</b> and <b>social characteristics</b> (e.g. Is there a help and support culture? Is social blaming accepted?)</li></ul><p/>