1. The Member State of origin shall have access to data which it has transmitted and which are recorded in Eurodac in accordance with this Regulation.

Member States shall not conduct searches of the data transmitted by another Member State or receive such data with the exception of data resulting from the comparison referred to in Articles 27 and 28.

2. The authorities of Member States which, pursuant to paragraph 1 of this Article, have access to data recorded in Eurodac shall be those designated by each Member State for the purposes laid down in Article 1(1), points (a), (b), (c) and (j). That designation shall specify the exact unit responsible for carrying out tasks related to the application of this Regulation. Each Member State shall without delay communicate to the Commission and eu-LISAEuropean Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice a list of those units and any amendments thereto. eu-LISAEuropean Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice shall publish the consolidated list in the Official Journal of the European Union. Where there are amendments to that list, eu-LISAEuropean Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice shall publish once a year an updated consolidated list online.

3. Only the Member State of origin shall have the right to amend the data which it has transmitted to Eurodac by rectifying or supplementing such data, or to erase them, without prejudice to erasure carried out pursuant to Article 29.

4. Access for the purpose of consulting the Eurodac data stored in the CIRCommon Identity Repository shall be granted to the duly authorised staff of the national authorities of each Member State and to the duly authorised staff of the Union bodies competent for the purposes laid down in Articles 20 and 21 of Regulation (EU) 2019/818Interoperability (Police and Asylum) Regulation. That access shall be limited to the extent necessary for the performance of the tasks of those national authorities and Union bodies and for the achievement of those purposes and shall be proportionate to the objectives pursued.

5. If a Member State or eu-LISAEuropean Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice has evidence to suggest that data recorded in Eurodac are factually inaccurate, it shall, without prejudice to the notification of a personal data breach pursuant to Article 33 of Regulation (EU) 2016/679General Data Protection Regulation (GDPR), inform the Member State of origin thereof as soon as possible.

If a Member State has evidence to suggest that data were recorded in Eurodac in breach of this Regulation, it shall inform eu-LISAEuropean Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice, the Commission and the Member State of origin thereof as soon as possible. The Member State of origin shall check the data concerned and, if necessary, amend or erase them without delay.

6. eu-LISAEuropean Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice shall not transfer or make available data recorded in Eurodac to the authorities of any third country. That prohibition shall not apply to transfers of such data to third countries to which Regulation (EU) 2024/1351Asylum And Migration Management Regulation applies.

---

Correlation table

Regulation (EU) No 603/2013	This Regulation
Article 27(1) to (5)	Article 40(1), (2), (3), (5) and (6)
—	Article 40(4)