Article 4 Systems and controls

  1. (1)

    The code of conduct shall include provisions ensuring that the systems and controls referred to in Article 15(2)(d) of Regulation (EU) 2016/1011 include, among other things, the following elements:

    1. (a)

      pre-contribution checks to identify any suspicious input data, including checks in the form of a review of the data by a second person;

    2. (b)

      post-contribution checks to confirm that the input data has been contributed in accordance with the requirements of the code of conduct and to identify any suspicious input data;

    3. (c)

      monitoring of the transfer of input data to the administrator in accordance with the applicable policies.

  2. (2)

    The code of conduct may permit a contributor to use an automated system for the contribution of input data, in which natural persons are not able to modify the contribution of input data, only if the code of conduct makes such permission subject to the following conditions:

    1. (a)

      the contributor is able to monitor the proper functioning of the automated system on a continuous basis; and

    2. (b)

      the contributor checks the automated system following any update or change to its software, before new input data is contributed.

    In such a case, the code of conduct does not need to require the contributor to establish the checks referred to in paragraph 1.

  3. (3)

    The code of conduct shall define the procedures that a contributor must have in place to address any errors in the contributed input data.

  4. (4)

    The code of conduct shall require a contributor to review the systems and controls established by it concerning the contribution of input data on a regular basis and, in any event, at least annually.