Text size:

Criminal Records Database Act

Content

Criminal Records Database Act - content
Issuer:Riigikogu
Type:act
In force from:18.10.2024
In force until: In force
Translation published:18.10.2024

Criminal Records Database Act1

Passed 17.02.2011
RT I, 21.03.2011, 3
Entry into force 01.01.2012

Amended by the following legal instruments (show)

PassedPublishedEntry into force
08.12.2011RT I, 29.12.2011, 101.01.2012
30.05.2012RT I, 15.06.2012, 201.06.2013
13.06.2012RT I, 06.07.2012, 101.04.2013, in part 16.07.2012
28.02.2013RT I, 20.03.2013, 101.04.2013
14.03.2013RT I, 26.03.2013, 201.04.2013
13.06.2013RT I, 27.06.2013, 215.07.2013, in part 28.06.2013 and 01.10.2013
21.11.2013RT I, 13.12.2013, 523.12.2013
29.01.2014RT I, 18.02.2014, 101.08.2014
19.02.2014RT I, 13.03.2014, 401.07.2014
11.06.2014RT I, 21.06.2014, 801.01.2015
19.06.2014RT I, 29.06.2014, 10901.07.2014, the titles of ministers substituted on the basis of subsection 4 of § 107³ of the Government of the Republic Act.
19.11.2014RT I, 04.12.2014, 301.01.2015
19.11.2014RT I, 05.12.2014, 101.01.2015
11.06.2015RT I, 30.06.2015, 401.09.2015, on the basis of subsection 2 of § 107⁴ of the Government of the Republic Act the words 'Ministry of Agriculture' have been replaced with the words 'Ministry of Rural Affairs' in the appropriate case form.
09.12.2015RT I, 30.12.2015, 118.01.2016
15.11.2017RT I, 28.11.2017, 201.01.2018
22.11.2017RT I, 05.12.2017, 115.12.2017, in part 01.01.2018
13.06.2018RT I, 29.06.2018, 301.07.2018
20.02.2019RT I, 13.03.2019, 215.03.2019
12.11.2020RT I, 21.11.2020, 101.01.2021
11.05.2021RT I, 22.05.2021, 101.06.2021
23.02.2022RT I, 12.03.2022, 215.03.2022
13.04.2022RT I, 05.05.2022, 201.06.2022
11.05.2022RT I, 27.05.2022, 201.07.2022
19.07.2022RT I, 06.08.2022, 401.10.2022
26.10.2022RT I, 08.11.2022, 109.11.2022
09.11.2022RT I, 23.11.2022, 201.01.2023
23.11.2022RT I, 16.12.2022, 301.01.2023
14.12.2022RT I, 06.01.2023, 101.04.2023
22.02.2023RT I, 14.03.2023, 2115.03.2023
25.09.2024RT I, 08.10.2024, 118.10.2024

Chapter 1 General Provisions 

§ 1.  Criminal records database

  The criminal records database (hereinafter database) is a database belonging to the state information system which holds information concerning punished persons and their punishments.

§ 2.  Maintenance of criminal records database

 (1) The database is maintained as an electronic database belonging to the e-file proceedings information system (hereinafter e-file system).

 (2) The archives of the database (hereinafter archives) are maintained with the database.

 (3) The forms for submitting information to the database and procedure for issue of notices from the database shall be established by a regulation of the minister in charge of the policy sector.
[RT I, 27.06.2013, 2 – entry into force 15.07.2013]

 (4) The statutes of the database shall be established by a regulation of the Government of the Republic.

 (5) The provisions of the Administrative Procedure Act apply to administrative proceedings prescribed in this Act, taking account of the specifications provided for in this Act.

§ 3.  Purpose of maintenance of database

  The purpose of maintenance of the database is to:
 1) provide reliable information concerning punishments of persons;
 2) notify a person of the information concerning the person entered in the database;
 3) exchange information concerning punishments of persons with foreign states.

§ 4.  Controller and processor of database

  The controller of the database is the Ministry of Justice and the processor of the database is the Centre of Registers and Information Systems (hereinafter Centre).

§ 5.  Legal effect of information in database

 (1) The information concerning punishments of persons entered in the database has legal effect for ascertaining the punishment record of the person and recurrence of criminal offences or misdemeanours committed by the person until deletion of the information.

 (2) Information deleted from the database and entered in the archives has legal effect:
 1) in the proceedings provided for in the Acts specified in clause 4 of subsection 1 of § 20 of this Act and for verifying the circumstances specified in clause 5 of subsection 1 of § 20 of this Act for ascertaining the punishment record of the person and recurrence of criminal offences committed by the person;
 2) in the case specified in clause 9 of subsection 1 of § 20 of this Act upon making a decision on employment of a person in a position or service involving minors in the cases provided by law;
 3) in the case specified in clause 10 of subsection 1 of § 20 of this Act upon making a decision on employment of a person in police service and appointment of a person to office of an official of the Police and Border Guard Board and entry into an employment contract with the employee, if such position is not a position of a police officer but performance of the duties in that position requires access to the database which data controller is the Ministry of Internal Affairs or the Police and Border Guard Board, the information specified in clauses 51 and 52 of subsection 1 of § 35 of the Public Information Act or special categories of personal data of the officials and employees of the Police and Border Guard Board;
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]
 31) [Repealed – RT I, 27.05.2022, 2 – entry into force 01.07.2022]
 32) in the case specified in clause 10 of subsection 1 of § 20 of this Act, upon appointment of a person to a position at the Financial Intelligence Unit or upon entry into an employment contract with them;
[RT I, 12.03.2022, 2 – entry into force 15.03.2022]
 4) in the case specified in clause 10 of subsection 1 of § 20 of this Act upon making a decision on employment of a person in prosecutors' service and verification of whether the person in prosecutors' service complies with the requirements of the law;
 5) in the case specified in clause 10 of subsection 1 of § 20 of this Act upon employment of a person in prison service or in prison, and upon verification of compliance of a person beginning to study in the area of specialisation of a prison officer or a person in prison service, working at a prison or studying in the area of specialisation of a prison officer, with the requirements of the law;
 51) in the cases specified in clause 10 of subsection 1 of § 20 of this Act upon employment of a person in the service of an administrative agency specified in the Public Service Act upon verification of compliance with the requirements specified in clause 2 of § 15 of the Public Service Act;
[RT I, 06.07.2012, 1 – entry into force 01.04.2013]
 52) in the case specified in clause 10 of subsection 1 of § 20 of this Act, upon hiring persons to employment or service in the Defence Forces or upon evaluation of the eligibility of persons in active service, officials or employees for the Defence Forces or upon checking the conformity with the requirements specified in clauses 6, 8 and 9 of subsection 1 of § 413 of the Estonian Defence Forces Organisation Act in deciding on the grant of authorisation to persons relating to the provision of service to the Defence Forces for entry into restricted military areas of the Defence Forces;
[RT I, 18.02.2014, 1 – entry into force 01.08.2014]
 53) for conduct of a background check provided for in clause 17 of subsection 1 of § 20 of this Act;
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]
 6) upon conducting the proceedings provided for in the Acts specified in clause 11 of subsection 1 of § 20 of this Act;
 61) upon conducting the proceedings provided for in the Acts specified in clause 13 of subsection 1 of § 20 of this Act;
[RT I, 22.05.2021, 1 – entry into force 01.06.2021]
 7) for conduct of a background check provided for in the Act specified in clause 16 of subsection 1 of § 20 of this Act;
[RT I, 29.06.2018, 3 – entry into force 01.07.2018]
 8) in the cases specified in clauses 12 and 16 of subsection 1 of § 20 of this Act upon verification of compliance with the requirements of the Estonian Defence League Act or the Weapons Act.
[RT I, 14.03.2023, 21 – entry into force 15.03.2023]

§ 6.  Content of database

  Information concerning punishments of persons shall be entered in the database on the basis of the following court decisions and decisions of the following officials:
 1) a conviction in a criminal matter which has entered into force;
 2) a decision of an extra-judicial body or a court judgment on the imposition of punishment in a misdemeanour matter which has entered into force, except a decision of an extra-judicial body in caution procedure;
 3) a court ruling ordering coercive psychiatric treatment of a person;
 4) [Repealed – RT I, 05.12.2017, 1 – entry into force 01.01.2018]
 5) a judgment, decision, ruling or order of a court or extra-judicial body which is based on a decision or judgment specified in clauses 1–4 of this section and which contains information specified in § 12 of this Act;
 6) a resolution of the President of the Republic on the review of an appeal for pardon of a convicted offender;
 7) a foreign conviction in a criminal matter against an Estonian citizen or an alien who holds a residence permit or right of residence in Estonia which has entered into force, if information concerning his or her punishment has been communicated by a foreign state or if an Estonian court has recognised the judgment of conviction.

§ 7.  Accessibility of database data

 (1) The data entered in the database are public, except in the cases provided by law.

 (2) The database data are processed only under the conditions and pursuant to the procedure provided by law.

§ 8.  Language of database

 (1) The language of the database is Estonian.

 (2) Documents which are not in Estonian shall be submitted to the processor of the database together with a translation into Estonian.

 (3) In the cases provided for in the European Union legislation, information may be also submitted to the database in another language.

Chapter 2 Maintenance of Criminal Records Database  

§ 9.  Structure of database

  The database shall consist of valid and archived data specified in § 12 of this Act.
[RT I, 27.06.2013, 2 – entry into force 15.07.2013]

§ 10.  Database log

  [RT I, 27.06.2013, 2 – entry into force 15.07.2013]

 (1) The registry log contains data concerning the entries and queries made to the database.

 (2) The following data shall be entered in the database log:
 1) the code of the agency submitting an entry or query;
 2) the name of the agency submitting an entry or query;
 3) the name and personal identification code of the person submitting an entry or query, in the absence of a personal identification code, the date of birth;
 4) the date of making an entry or query;
 5) the explanations or notes concerning an entry or query;
 6) a notation concerning the annulment of an entry or query;
 7) the name of the representative of the processor of the database which verified an entry or query.
[RT I, 27.06.2013, 2 – entry into force 15.07.2013]

§ 11.  Registry card

  [Repealed – RT I, 27.06.2013, 2 – entry into force 15.07.2013]

§ 12.  Data subject to entry in criminal records database

  [RT I, 27.06.2013, 2 – entry into force 15.07.2013]

 (1) Personal data of a natural person are the following:
 1) given name and surname;
 2) personal identification code or date of birth;
 3) sex;
 4) citizenship;
 5) residential address;
 6) place of birth;
 7) former name and personal identification code of the person;
 8) name of the person's parent, if submitted to the database by a foreign state.

 (2) If any personal data have changed, new personal data and the date of making the change shall be indicated in the database.

 (3) In the case of a foreigner or a person without a personal identification code, the following shall be entered in the database:
 1) his or her date and place of birth;
 2) the name and number of his or her identity document.

 (4) Information concerning the punishments of a natural person is the following:
 1) the name of the court which made a judgment, decision or ruling in the criminal or misdemeanour matter, the name of the extra-judicial body which made a decision in the misdemeanour matter, the date of making the judgment, decision or ruling and the number of the criminal or misdemeanour matter;
 11) the date of commission of an offence;
 2) the provision of the Penal Code or another Act which provides for the offence of the commission of which the person was convicted;
 3) the type and term or category of the punishment imposed on the person for the criminal offence or misdemeanour;
 4) the date on which the judgment, decision or ruling enters into force;
 5) the time the person spent in provisional custody before the making of the court judgment;
 6) substitution, aggregating of punishments, or basis for and date of waiver of enforcement of a punishment;
 7) the date of payment of the amount of pecuniary punishment or a fine;
 8) the date on which community service is performed;
 9) the date of the end of an imprisonment or detention;
 10) the basis for imposition and the date of the end of the probationary period;
 11) the basis for and the date of release from punishment on parole and the unserved part of the punishment;
 12) the date of initiation and termination of administration of coercive psychiatric treatment to a person;
 13) the date of initiation and termination of administration of addiction treatment of drug addicts or complex treatment of sex offenders to a person;
 14) [Repealed – RT I, 05.12.2017, 1 – entry into force 01.01.2018]
 15) the date of entry into force of a resolution of the President of the Republic granting a pardon to the person.

 (5) The data concerning a legal person is the following:
 1) name;
 2) the address of its registered office;
 3) registry code or, in the case of a foreign legal person without a registration number, the number or letter combination considered equal to a registration number.

 (6) Information concerning the punishments of a legal person is the following:
 1) the name of the court which made a judgment, decision or ruling in the criminal or misdemeanour matter, the name of the extra-judicial body which made a decision in the misdemeanour matter, the date of making the judgment, decision or ruling and the number of the criminal or misdemeanour matter;
 11) the date of commission of an offence;
 2) the provision of the Penal Code or another Act which provides for the offence of the commission of which the person was convicted;
 3) the type and term or category of the punishment imposed on the person for the criminal offence or misdemeanour;
 4) the date on which the judgment, decision or ruling enters into force;
 5) substitution, aggregating of punishments, or basis for and date of waiver of enforcement of a punishment;
 6) the date of payment of the amount of pecuniary punishment or a fine;
 7) the date of enforcement of the judgment for compulsory dissolution.
[RT I, 27.06.2013, 2 – entry into force 15.07.2013]

§ 13.  Obligation to notify database

 (1) A court, an extra-judicial body which made a decision or the Office of the President of the Republic shall submit the data specified in § 12 of this Act to the processor of the database within five working days as of the entry into force of a decision, judgment or ruling specified in § 6 of this Act.

 (2) An enforcement agent, house of detention, prison or court, or a body conducting extra-judicial proceedings which has made a decision or supervised the execution of the decision shall submit the data concerning a person specified in § 12 of this Act to the processor of the database within five working days after the person has fully paid the fine imposed as punishment or the pecuniary punishment, performed the community service, served the detention or been released from prison or the administration of addiction treatment of drug addicts or complex treatment of sex offenders has been terminated with regard to the person. Within the same term, the processor of the database shall be informed of the expiry of the limitation period for the execution of a judgment or decision pursuant to § 82 of the Penal Code.
[RT I, 15.06.2012, 2 – entry into force 01.06.2013]

 (3) The agency having submitted the data is responsible for the correctness of the data submitted.

 (4) The agency or the official specified in subsections 1 or 2 of this section shall submit the data specified in § 12 of this Act to the processor of the database electronically through the e-file system. The Office of the President of the Republic may submit the data specified in § 12 of this Act to the processor of the database electronically through the e-file system.

§ 14.  Interbase cross-usage of data

  The processor of the database is permitted to make electronic queries and obtain information from other state or local government databases in order to perform the functions assigned thereto by law.

Chapter 3 Release of Database Data  

§ 15.  Right to obtain data from database

 (1) Everyone has the right to obtain data from the database concerning himself or herself or any legal person. When data of another person are request, the legal basis or objective of requesting the data has to be confirmed in the query.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

 (2) Data shall be released from the database on the basis of a query setting out the following:
 1) the person concerning whom the data are requested;
 11) confirmation of the legal basis or objective of requesting the data, if the data of another person are requested;
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]
 2) the name and personal identification code of the applicant, in the absence of a personal identification code the date of birth;
 3) if the data are requested on behalf of a legal person, the name and the registry code of the legal person shall be also indicated or, in the case of a foreign legal person without a registration number, the number or letter combination considered equal to a registration number;
 4) the address or e-mail address of the applicant;
 5) the name and number of the identity document of the applicant.
 6) the signature in the case of paper applications, the digital signature in the case of an application submitted by e-mail.
[RT I, 27.06.2013, 2 – entry into force 15.07.2013]

 (3) Registry data regarding a minor, data from the archives of the database and data obtained from another member state of the European Union shall be issued under the conditions and pursuant to the procedures provided for in this Act.

§ 16.  Prohibition on demand of data

 (1) It is prohibited to demand data concerning a person which are contained in the database or the archives of the database from that person.

 (2) A person has the right to authorise another person to make a query to the database concerning the person.

§ 17.  Notice from database

 (1) Notices from the database shall set out the addressee and date of the notice.

 (2) Notices from the database shall be issued on paper or electronically.

 (3) Notices from the database are issued electronically through the e-file system. If the data are requested on paper or by e-mail, the data are released within two working days after the date of receipt of the request.

 (4) Notices from the database issued on paper shall be certified by the seal of the database and the signature of the authorised representative of the processor of the database.

 (5) Notices from the database sent by e-mail shall be signed digitally by the authorised representative of the processor of the database.

 (6) Data concerning queries submitted with regard to persons entered in the database and concerning issue of notices from the database shall be stored in the database for two years.

§ 18.  Release of data

 (1) Database data are released as notices from the database which are the following:
 1) an extract from the database;
 2) a notice setting out that the person has not been entered in the database;
 3) a notice setting out that the person has no punishments in force, if the data concerning the person in the database only contains the data of the archives of the database.
[RT I, 27.06.2013, 2 – entry into force 15.07.2013]

 (2) The data specified in clauses 4–8 of subsection 1, clause 2 of subsection 3 and clauses 12–14 of subsection 4 of § 12 of this Act shall not be indicated in an extract from the database concerning natural persons.
[RT I, 27.06.2013, 2 – entry into force 15.07.2013]

 (3) No information concerning punishments imposed for misdemeanours shall be indicated in an extract from the database concerning natural persons if the person was imposed a fine as a punishment which amount is less than 50 fine units, except in the case the natural person has repeatedly committed misdemeanours or if a supplementary punishment has been imposed in addition to the fine.

 (4) Where persons make enquiries about themselves or where the person making an enquiry to the database is the person specified in subsection 1 of § 19 of this Act or where the person making enquiries to archives of a database is the person specified in subsection 1 of § 20 of this Act, all the data specified in § 12 of this Act are indicated in an extract from the database. An extract of the enquiry provided for in clause 9 of subsection 1 of § 20 of this Act is issued in accordance with the procedure provided for in subsection 21 of the same section.
[RT I, 06.08.2022, 4 – entry into force 01.10.2022]

 (5) An extract submitted on the basis of a query of a person shall, at the request of the person, contain also the data specified in subsection 2 of § 10 of this Act concerning the date of the query and the person having made the query concerning the person.

 (6) A printout of data certified pursuant to the procedure provided for in subsection 4 of § 17 of this Act is deemed to be an extract from the database on paper.

§ 19.  Right to obtain data concerning minors from database

 (1) The following persons have the right to receive data specified in subsections 1–4 of § 12 of this Act concerning minors:
 1) a legal representative of a minor concerning the minor represented;
 2) a court for the purposes of hearing a matter subject to proceedings;
 3) an investigative body and a prosecutor's office relating to a criminal matter subject to proceedings;
[RT I, 27.06.2013, 2 – entry into force 15.07.2013]
 4) an extra-judicial body for the adjudication of a misdemeanour matter which is being processed;
 5) a governmental authority for the purposes of performance of the functions provided by an Act or legislation passed on the basis of an Act;
 6) the Office of the President of the Republic for the performance of functions provided by law;
 7) the registration department of the Tartu County court for the purposes of making lawful database entries;
[RT I, 21.06.2014, 8 – entry into force 01.01.2015]
 8) an employer for the purposes of verification of the conformity of a person with the requirements provided by law upon hiring the person;
 9) a foreign agency on the basis of the legislation of the European Union or an international agreement;
 10) a notary for the purpose of verification of the data concerning a person applying for a notarial act;
 11) a probation officer for the performance of the functions prescribed to him or her by law.

 (2) Database data shall be released on the basis of a query setting out the data specified in subsection 2 of § 15 of this Act and a reference to the legal grounds for receipt of the data.

 (3) If a judgment of conviction passed on an accused who is a minor is disclosed under the conditions and pursuant to the procedure provided for in the Code of Criminal Procedure, data shall be released from the database concerning this pursuant to the procedure provided for in § 18 of this Act.

§ 20.  Right to obtain data from archives of database

 (1) The following persons have the right to obtain data from the archives of the database:
 1) any person as regards the data concerning the person;
 2) a legal representative of a minor concerning the minor represented;
 3) an investigative body for conducting pre-trial proceedings in a criminal matter;
 4) the Government of the Republic, the Ministry of Internal Affairs, the police authorities and the Estonian Internal Security Service, for the purposes of conducting the proceedings provided in the Citizenship Act, Aliens Act, Obligation to Leave and Prohibition on Entry Act and Grant of International Protection to Aliens Act.
 5) a security authority for ascertaining the circumstances specified in clause 8 of subsection 1 and clauses 4, 5, 7, 8, 10 and 15 of subsection 2 of § 32 of the State Secrets and Classified Information of Foreign States Act;
 6) the Estonian Internal Security Service for the purpose of collection of information and surveillance agencies for the purpose of collection of information concerning prevention and combat of criminal offences;
 7) a prosecutor's office for the purpose of conducting criminal proceedings and planning of surveillance activities;
 8) a prison service for verification whether a person commencing studies in the area of specialisation of a prison officer or a person studying in the area of specialisation of a prison officer complies with the requirements of the law and for the purpose of assessing the criminogenic risks of a prisoner or probationer;
[RT I, 05.12.2017, 1 – entry into force 15.12.2017]
 9) a person who allows working with a child, the issuer of the relevant activity licence and the child's legal representative for the purposes of the Child Protection Act for checking the compliance of a person working with a child or a person who is a candidate for the respective position with the requirements provided by the Act;
[RT I, 06.08.2022, 4 – entry into force 01.10.2022]
 10) an employer upon hiring a person to employment or service in the cases specified in clauses 3–52 of subsection 2 of § 5 of this Act for the purposes of verification of the conformity of a person with the requirements provided by law;
[RT I, 18.02.2014, 1 – entry into force 01.08.2014]
 11) the Estonian Agricultural databases and Information Board and a foundation of the state specified in the European Union Common Agricultural Policy Implementation Act for the purposes of implementation of the measures specified in subsection 1 § of 2 of the same Act and exercise of state supervision based on the above specified Act;
[RT I, 23.11.2022, 2 – entry into force 01.01.2023]
 12) for verification of compliance of applicants for membership in and members of the Estonian Defence League with the requirements of the Estonian Defence League Act or the Weapons Act;
[RT I, 14.03.2023, 21 – entry into force 15.03.2023]
 13) the Ministry of Rural Affairs and the Estonian Agricultural databases and Information Board for the purposes of implementation of the measures specified in subsection 1 of § 2 of the Fisheries Market Organisation Act and exercise of state supervision;
[RT I, 05.12.2014, 1 – entry into force 01.01.2015]
 14) the Ministry of Education and Research for implementation of the deterrent mechanisms provided for in the Recognition of Foreign Professional Qualifications Act;
[RT I, 30.12.2015, 1 – entry into force 18.01.2016]
 15) the Financial Intelligence Unit for the performance of the tasks provided for in the Money Laundering and Terrorist Financing Prevention Act;
[RT I, 21.11.2020, 1 – entry into force 01.01.2021]
 16) the Police and Border Guard Board for the performance of background checks provided in the Weapons Act and for the verification of compliance with the requirements of the Weapons Act;
[RT I, 14.03.2023, 21 – entry into force 15.03.2023]
 17) the Police and Border Guard Board for conduct of background checks provided for in § 759 of the Police and Border Guard Act, in §§ 361 and 432 of the Rescue Act and in § 72 of the Rescue Service Act;
[RT I, 16.12.2022, 3 – entry into force 01.01.2023]
 18) the Social Insurance Board for provision of an assessment of a person endangering an adult victim of domestic violence for the purposes of the Victim Support Act who is in danger, for assistance of an adult victim of domestic violence who is in danger and for management risks endangering their life and health.
[RT I, 06.01.2023, 1 – entry into force 01.04.2023]

 (2) Data shall be released from the archives of the database on the basis of a query setting out the data specified in subsection 2 of § 15 of this Act and a reference to the legal grounds for receipt of the data.

 (21) In the case specified in clause 9 of subsection 1 of this section, the response to the enquiry is displayed as a positive or negative result of both valid and archived penalty data.
[RT I, 06.08.2022, 4 – entry into force 01.10.2022]

 (3) In the case specified in clause 14 of subsection 1 of this section, release of data from the archives of the database shall be done between the database and the Estonian Education Information System through the exchange layer X-Road.
[RT I, 30.12.2015, 1 – entry into force 18.01.2016]

§ 21.  Release of data from database and archives of database for research and statistical work

 (1) Data shall be issued from the database and archives of the database for the purposes of research or statistical work in compliance with the terms and conditions provided for in § 6 of the Personal Data Protection Act.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

 (2) In order to receive data from the database for the purposes specified in subsection 1 of this section, a written application setting out the following shall be submitted to the processor of the database:
 1) the objective of the work and the nature of the data intended to be used;
 2) the data requested by the person from the database;
 3) the purpose and legal basis for requesting the data;
 4) the name and address of the applicant;
 5) the signature of the applicant;

 (3) If a prior permission of the Data Protection Inspectorate is required according to § 6 of the Personal Data Protection Act, it shall be appended to the request submitted to the database.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

§ 22.  Issue of notice from database to foreign states

 (1) Notices from the database may be issued to foreign states in the cases and pursuant to procedure provided by the legislation of the European Union or an international agreement.

 (2) An application of a foreign state submitted to the database concerning receipt of notices from the database and annexes thereto shall be submitted in the Estonian language or in another language in the cases provided by the legislation of the European Union or an international agreement.

§ 23.  Procedure for payment for release of data from database or archives of database

 (1) Making of electronic data queries from the database and archives of the database is subject to a fee. The minister in charge of the policy sector shall establish by a regulation the rates of fees of up to 4 euros payable for one query.

 (2) A person is exempted from payment of an electronic query fee in the case of a query about the person themselves and the person who authorised them, the persons specified in subsection 1 of § 19 of this Act and clauses 3–11 and 13 of subsection 1 of § 20 of this Act, contracting authorities for the purposes of § 5 of the Public Procurement Act in the case of checking grounds for exclusion provided in § 95 of the Public Procurement Act, and providers of vital services in the case of carrying out background checks provided in § 411 of the Emergency Act.
[RT I, 08.10.2024, 1 – entry into force 18.10.2024]

 (3) Upon issue of notices from the issued on paper, a state fee shall be paid according to the rates provided for in the State Fees Act.

 (4) Persons have the right to receive information concerning their own data in the database and the archives of the database and legal representatives of minors concerning the data of the minors represented in the form of notices from the database on paper once a year free of charge. A state fee shall be paid for subsequent queries.

 (5) A state fee shall be refunded if the processor of the database decides to refuse to release the data.

 (6) The persons specified in clauses 2–11 of subsection 1 of § 19 of this Act are exempt from payment of state fees for the release of data from the criminal records database and the persons specified in clauses 3–11 and 13 of subsection 1 of § 20 of this Act for release of data from archives of the criminal records database.
[RT I, 05.12.2014, 1 – entry into force 01.01.2015]

Chapter 4 Deletion of Information Concerning Punishment from Database  

§ 24.  Terms for deletion of information concerning punishment from database

 (1) Information concerning punishment shall be deleted from the database and transferred to the archives if:
 1) one year has passed since the payment of a fine, service of detention, fulfilment of community service imposed for a misdemeanour or deprivation of driving privileges imposed as a principal punishment;
 2) two years have passed since the payment of a fine or service of detention imposed for a misdemeanour provided for in the Taxation Act or another Act concerning a tax;
 3) two years have passed since the termination of coercive psychiatric treatment;
 4) two years have passed since the termination of administration of addiction treatment;
 5) three years have passed since the enforcement of a pecuniary punishment judgment imposed for a criminal offence;
 6) three years have passed since the end of the probationary period determined upon release on parole or conditional release from a pecuniary punishment;
 7) three years have passed since the performance of community service;
 8) five years have passed since an imprisonment of less than five years was served;
 9) ten years have passed since an imprisonment of five to twenty years was served;
 10) fifteen years have passed since an imprisonment of more than twenty years was served;
 11) the limitation period for the execution of a judgment has expired pursuant to § 82 of the Penal Code;
 12) the person has died;
 13) the legal person is dissolved.

 (2) If the offence was committed while the person was a minor, information concerning his or her punishment shall be deleted and transferred to the archives if:
 1) one year has passed since the payment of a fine, service of detention, fulfilment of community service imposed for a misdemeanour or deprivation of driving privileges imposed as a principal punishment;
 2) one year has passed since the termination of coercive psychiatric treatment;
[RT I, 05.12.2017, 1 – entry into force 01.01.2018]
 3) one year has passed since the termination of administration of addiction treatment;
 4) two years have passed since the enforcement of a pecuniary punishment or a judgment for compulsory dissolution imposed for a criminal offence;
 5) two years have passed since the end of the probationary period determined upon release on parole or conditional release from a pecuniary punishment;
 6) two years have passed since the performance of community service;
 7) three years have passed since an imprisonment of more than twenty years was served;
 8) five years have passed since an imprisonment of five to ten years was served;
 9) the limitation period for the execution of a judgment has expired pursuant to § 82 of the Penal Code;
 10) the person has died.

 (3) A supplementary punishment shall be deleted from the database after service of the supplementary punishment.

 (4) Upon waiver of enforcement of a punishment, the information concerning the punishment shall be deleted from the database after submission of the information pursuant to the procedure specified in subsection 1 of § 13 of this Act.

 (5) The processor of the database shall be notified of a person's death by the vital statistics office and of dissolution of a legal person by the processor of the commercial register.

 (6) When information concerning punishment is deleted and transferred to archives, the information concerning punishment shall include the date of transfer of the data to the achieves. The information concerning punishments imposed for misdemeanours shall be preserved in the archives for ten years, the information concerning punishments imposed for criminal offences shall be preserved in the archives for 50 years as of the date of transfer to the achieves.
[RT I, 27.06.2013, 2 – entry into force 01.10.2013]

§ 25.  Running of term for deletion of information concerning punishment

 (1) A term for deletion of the information concerning punishment from the database commences to run:
 1) as of termination of the service of a principal or supplementary punishment;
 2) as of the entry into force of a resolution granting a pardon.

 (2) If a person is sentenced to life imprisonment, information concerning the punishment of the person shall not be deleted except in the case the person is released from life imprisonment or the person has died. In the case a person is released from life imprisonment, the term for the deletion of the information concerning the punishment shall be calculated on the basis of the punishment actually served. If a person has been released on parole, the term for deletion of the information concerning the punishment commences to run as of the termination of parole.

 (3) If a convicted person has been sentenced to serve the punishment before expiry of the period of probation, the information concerning the punishment of the person shall be deleted upon expiry of the term for deletion calculated pursuant to the general procedure as of the date of release from the service of the punishment.

 (4) If a person has been released from the service of a punishment before expiry of the term of the punishment or if the punishment has been substituted by another type of punishment, the term for the deletion of the information concerning the punishment shall be calculated on the basis of the punishment actually served.

 (5) [Repealed – RT I, 27.06.2013, 2 – entry into force 01.10.2013]

 (6) [Repealed – RT I, 27.06.2013, 2 – entry into force 01.10.2013]

§ 26.  Term for deletion of information concerning punishment on basis of resolution of President of Republic on grant of pardon

 (1) If a person is released from the service of a punishment on the basis of a resolution of the President of the Republic on the grant of a pardon to the person, the term for the deletion of the information concerning the punishment shall be calculated on the basis of the punishment actually served until the resolution on grant of pardon.

 (2) Upon mitigation of a punishment on the basis of a resolution of the President of the Republic on the grant of a pardon, the term for the deletion of the information concerning the punishment shall be calculated on the basis of the punishment actually served.

§ 27.  Deletion of information concerning punishment of person convicted by foreign court

  Information concerning the punishment of a citizen or permanent resident of Estonia, an alien who holds a residence permit in Estonia or has permanent right of residence in Estonia or a legal person registered in Estonia who has been convicted by a foreign court shall be deleted from the criminal records database within the terms specified in subsection 1 of § 24 of this Act, unless otherwise provided by the legislation of the European Union or an international agreement.

§ 28.  Termination of disclosure of personal data

  After deletion of the information concerning the punishment of a person from the database, the name of the person is replaced with initials or characters in disclosed court decisions or other disclosed decisions of officials which constituted the basis for the entry in the database. The name of the person is not replaced where the person has been convicted for any offences provided for in §§ 89–93, 95–114 or 1181, subsection 2 of § 133, subsection 2 of § 134, § 135, 141 or 142, clause 2 of subsection 143, clause 1 of subsection 2 of § 1431, § 1432, §§ 145–146, 175–179, 184, 185, 187, 231–238, 255, 256, 268, 394, 403–405, 414, 415 or 418 of the of the Penal Code.
[RT I, 06.08.2022, 4 – entry into force 01.10.2022]

Chapter 5 European Criminal Records Information System  
[RT I, 08.11.2022, 1 - entry into force 09.11.2022]

§ 29.  Exchange of information concerning punishments with member states of European Union

 (1) The Centre of Registers and Information Systems is the central authority of Estonia for exchange of information between member states.
[RT I, 27.06.2013, 2 – entry into force 15.07.2013]

 (2) The Centre of Registers and Information Systems shall communicate the information concerning a judgment of conviction made against a citizen of a member state of the European Union in a criminal matter to the member state of nationality of the convicted offender or to the member state where the permanent residence of the person is. Information concerning a court judgment and later amendments thereto shall be communicated immediately.
[RT I, 27.06.2013, 2 – entry into force 15.07.2013]

 (21) The Centre of Registers and Information Systems sends to the European Criminal Records Information System (ECRIS-TCN), which applies to third-country nationals, data on convictions made in criminal cases with respect to the following persons:
 1) persons who are not citizens of any Member States of the European Union;
 2) stateless persons;
 3) persons whose nationality is not known.
[RT I, 08.11.2022, 1 – entry into force 09.11.2022]

 (22) Information concerning convictions and later amendments in the data are communicated immediately. Upon expiry of the period for deleting criminal records provided for in § 24 of this Act, the data are deleted from the European Criminal Records Information System applicable to third-country nationals.
[RT I, 08.11.2022, 1 – entry into force 09.11.2022]

 (23) The Centre of Registers and Information Systems sends to the European Criminal Records Information System applicable to third-country nationals referred to in subsection 21 of this section the data and fingerprint data provided for in Regulation (EU) 2019/816 of the European Parliament and of the Council establishing a central system for the identification of Member States holding information on convictions of third-country nationals and stateless persons to supplement the European Criminal Records Information System (ECRIS-TCN) and amending Regulation (EU) 2018/1726 (OJ L 135, 22.05.2019, pp 1–26). The transmission of fingerprints of a convicted person collected in the course of criminal proceedings is carried out using the data stored in the national fingerprint register and in the database of the automated biometric identification system.
[RT I, 08.11.2022, 1 – entry into force 09.11.2022]

 (24) In accordance with Regulation (EU) 2019/818 of the European Parliament and of the Council establishing a framework for the interoperability of EU information systems in the field of police and judicial cooperation, asylum and migration, and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (OJ L 135, 22.05.2019, pp 85–137), the Centre of Registers and Information Systems transmits the fingerprints of the person referred to in subsection 21 of this section to the common repository of personal data. Information concerning a court judgment and later amendments thereto are communicated immediately. Upon expiry of the period for deleting the penalty data provided for in § 24 of this Act, the data are deleted from the common repository of personal data.
[RT I, 08.11.2022, 1 – entry into force 09.11.2022]

 (25) The Centre of Registers and Information Systems transmits to the common repository of personal data established by Regulation (EU) 2019/818 of the European Parliament and of the Council the data specified in subsections 1 and 3 of § 12 of this Act and the fingerprints specified in subsection 23 of this section. Information concerning a court judgment and later amendments thereto are communicated immediately. Upon expiry of the period for deleting the penalty data provided for in § 24 of this Act, the data are deleted from the common repository of personal data.
[RT I, 08.11.2022, 1 – entry into force 09.11.2022]

 (3) Exchange of information with the Member States of the European Union takes place through the European Criminal Records Information System.
[RT I, 08.11.2022, 1 – entry into force 09.11.2022]

§ 30.  Inquiries to databases of other Member States and response to inquiries from other Member States, Eurojust, Europol and European Public Prosecutor's Office

  [RT I, 08.11.2022, 1 – entry into force 09.11.2022]

 (1) The Centre of Registers and Information Systems has the right to submit a query to a central authority of another member state concerning the information entered in the criminal records, if the information is requested by:
[RT I, 27.06.2013, 2 – entry into force 15.07.2013]
 1) any person as regards the data concerning the person;
 2) a legal representative of a minor concerning the minor represented;
 3) a court for the purposes of hearing a matter subject to proceedings;
 4) an investigative body relating to a criminal matter subject to proceedings;
 5) an extra-judicial body for the adjudication of a misdemeanour matter which is being processed;
 6) a governmental authority for the purposes of performance of the functions provided by an Act or legislation passed on the basis of an Act;
 7) the Office of the President of the Republic for the performance of functions provided by law;
 8) the registration department of the Tartu County court for the purposes of making lawful database entries;
[RT I, 21.06.2014, 8 – entry into force 01.01.2015]
 9) an employer for the purposes of verification of the conformity of a person with the requirements provided by law upon hiring the person;
 10) a notary for the purposes of verification of the data concerning a person applying for a notarial act;
 11) a probation officer for the performance of functions prescribed to him or her by law;
 12) a prosecutor’s office related to a criminal case subject to proceedings;
[RT I, 08.11.2022, 1 – entry into force 09.11.2022]

 (11) The Centre of Registers and Information Systems has the right to submit an inquiry on the basis provided for in subsection 1 of this section to the European Criminal Records Information System applicable to third country nationals for the purpose of determining any previous punishments of a person and the Member State keeping the criminal records.
[RT I, 08.11.2022, 1 – entry into force 09.11.2022]

 (2) In the case of an inquiry by a central authority of another Member State, Eurojust, Europol and the European the Centre of Registers and Information Systems sends a copy of the judgement of conviction and the information specified in subsection in § 32 of this Act, where responding to the query is in compliance with this Act.
[RT I, 08.11.2022, 1 – entry into force 09.11.2022]

 (3) Upon making a query to a central authority of another member state, the Centre of Registers and Information Systems shall communicate the query within three working days as of the receipt thereof, except in the case it contains deficiencies which hinder the communication of the query. In such case the request shall be returned to the person having sent it for elimination of deficiencies.
[RT I, 27.06.2013, 2 – entry into force 15.07.2013]

 (4) The form provided in Annex to the Council Framework Decision 2009/315/JHA of 26 February 2009 on the organisation and content of the exchange of information extracted from the criminal record between Member States (OJ L 93, 7.04.2009, p. 23-32) shall be used for making the requests and replying to the requests.

 (5) Upon receipt of a query, the Estonian central authority is obligated to respond to it within ten working days. If the query is based on a wish of a person to obtain information from the database concerning that person, the central authority is obligated to respond to it within 20 working days.

§ 31.  Restrictions on use of personal data

 (1) Upon transmission of information concerning punishments to another member state, the central authority may establish as a condition that they are used for the purpose of criminal proceedings only.

 (2) If a convicting member state establishes as a condition for transmission of data that they are used for the purpose of criminal proceedings only, release of data to that member state is not permitted for any other purposes.

 (3) The data obtained based on a request from another member state in the framework of criminal proceedings may be only used for the purpose of the criminal proceedings on which the request was based. The data obtained by a request made on any other grounds may be only used for purpose on which the request was based and to the extent determined by the member state having transmitted the data.

 (4) The data obtained from another member state based on a request may be used for purposes other than the one on which the request was based if this is necessary to prevent endangering of public order or security.

 (5) Data entered in the European Criminal Records Information System applicable to citizens of third countries concerning a person specified in subsection 21 of § 29 of this Act are not transmitted to a third country, an international organisation or a private person, except in the cases provided for in subsections 30 and 321.
[RT I, 08.11.2022, 1 – entry into force 09.11.2022]

§ 32.  Submission of data to another Member State, Eurojust, Europol and European Public Prosecutor's Office [RT I, 08.11.2022, 1 – entry into force 09.11.2022]

 (1) Upon receipt of an inquiry, the central authority transmits to the central authority of another Member State, Eurojust, Europol and the European Public Prosecutor's Office the following data:
[RT I, 08.11.2022, 1 – entry into force 09.11.2022]

 (2) Where it is an inquiry concerning a person specified in subsection 21 of § 29 of this Act, in addition to the data specified in subsection 1 of this section, the central authority of another Member State is provided, where necessary, with the fingerprint data of the person stored in the national fingerprint register and in the database of the automated biometric identification system.
[RT I, 08.11.2022, 1 – entry into force 09.11.2022]

§ 321.  Submission of information to Eurojust

  Where Eurojust submits a request for information on the existence of criminal records for transmitting information to a third country or an international organisation as provided for in Regulation (EU) 2019/816 of the European Parliament and of the Council, the request is assessed and the Ministry of Justice decides whether to grant consent.
[RT I, 08.11.2022, 1 – entry into force 09.11.2022]

Chapter 6 Administrative Supervision over Processing of Information Concerning Punishment  
[RT I, 13.03.2014, 4 - entry into force 01.07.2014]

§ 33.  Administrative supervision

  [RT I, 13.03.2014, 4 – entry into force 01.07.2014]

 (1) Administrative supervision over compliance with the requirements provided for in this Act and legislation established on the basis thereof shall be exercised by the Data Protection Inspectorate (hereinafter Inspectorate) pursuant to the Personal Data Protection Act.
[RT I, 13.03.2014, 4 – entry into force 01.07.2014]

 (2) If a person finds that the rights of the person are violated or his or her freedoms are restricted in the course of processing of information concerning punishment, the person has the right to address the controller or processor of the database, inspectorate or a court.
[RT I, 27.06.2013, 2 – entry into force 15.07.2013]

§ 34.  Correction of inaccurate data and notification of correction

 (1) Inaccurate data shall be closed and corrected by the processor of the database on the basis of an application of the person who submits the data, on the basis of a precept of the controller of the database or inspectorate or a court ruling.

 (2) The processor of the database is required to give immediate notice of a correction of data to the persons concerned.

 (3) The Inspectorate is required to verify the correction of inaccurate data.

 (4) The processor has the right to close and correct, on own initiative, incorrect data by verifying, if necessary, the accuracy of the data with the person who submitted the data. The processor shall not notify the persons concerned in the case of correcting data on own initiative.
[RT I, 27.06.2013, 2 – entry into force 15.07.2013]

Chapter 7 Implementation of Act  

§ 35.  Exceptions to running of term for deletion of information concerning punishment

  [Repealed – RT I, 27.06.2013, 2 – entry into force 01.10.2013]

§ 351.  Consideration of interruption of term for deletion of information concerning punishment

 (1) As of 1 October 2013, the term for deletion of information concerning punishment provided for in the criminal records database shall be deemed expired upon consideration of valid information concerning punishment and recurrence of offence in the proceeding of an offence upon expiry of the term provided for in § 24 of this Act, without regard to interruption of term for deletion of information concerning punishment.

 (2) If the final judgment of conviction was made before 1 October 2013, the punishment in force and recurrence of the offence are considered according to the Act in force during the proceeding of the offence.
[RT I, 27.06.2013, 2 – entry into force 01.10.2013]

§ 36.  Criminal offences committed prior to the entry into force of Penal Code

  [Repealed – RT I, 28.11.2017, 2 – entry into force 01.01.2018]

§ 37.  Implementing provisions related to transfer of criminal records database

 (1) The functions, rights, obligations, state assets and records management related to the maintenance of the criminal records database shall be transferred to the Centre of Registers and Information Systems administered by the Ministry of Justice as of 1 January 2012. The activities related to transfer of the criminal records database from the area of government of the Ministry of Internal Affairs into the area of government of the Ministry of Justice shall be organised by the Government of the Republic or a minister authorised by the Government of the Republic.

 (2) A notice concerning transfer of the criminal records database from the area of government of the Ministry of Internal Affairs to the area of government of the Ministry of Justice and a proposal to enter into an employment contract with the Centre of Registers and Information Systems on the terms and conditions proposed shall be submitted to an official of the criminal records database office of the Police and Border Guard Board in writing at the latest on 15 November 2011.

 (3) The following rights acquired by the official of the criminal records database office of the Police and Border Guard Board who leaves from the position of an official to the position subject to contract of employment in the Centre of Registers and Information Systems shall be preserved during the time of employment in the respective position:
 1) he or she shall continue to receive his or her former remuneration if the remuneration at the new position is smaller than the former salary;
 2) an official who has at least three years of service by the time of release from service shall be entitled to receive one day of additional holiday for the third and each subsequent year, but not more than a total of 10 calendar days. If additional holiday is prescribed for officials in the collective agreement of an institution, the additional holiday granted based on this section shall not be added to the additional holiday granted based on the collective agreement;
 3) write off of a study loan is granted pursuant to the procedure provided for in the Study Allowances and Study Loans Act;
 4) the time till 1 January 2018 worked under an employment contract shall be included in the length of service upon increase of the pension on the basis of the Public Service Act.
[RT I, 26.03.2013, 2 – entry into force 01.04.2013]

 (4) An official notifies the manager of the Centre of Registers and Information Systems about his or her consent to enter into an employment contract during the term determined by the latter which may not be shorter than two weeks after the date of receipt of the notice specified in subsection 2 of this section. If the official fails to notify of his or her consent within the specified term, the official shall be deemed to have opposed.

 (5) Former officials who grant their consent for entry into an employment contract on time shall not be paid the compensation specified in subsection 1 of § 131 of the Public Service Act upon release from service.

§ 371.  Entry of information concerning punishment upon transfer of criminal records database

 (1) No such information shall be entered in the criminal records database for the processing of which there is no legal basis.

 (2) The information concerning the following criminal punishments shall be entered in the archives of the database:
 1) a punishment imposed before 1 January 1992, with the exception of an imprisonment for a term of more than ten years and life imprisonment;
 2) ten to twenty years’ imprisonment in the case of which more than ten years have passed from the date of enforcement thereof, if the person has not committed a new criminal offence during this time;
 3) an imprisonment for a term imposed from 1 January 1992 until 31 December 2000 in the case of which the term for deletion of the information concerning the punishment provided for in § 24 of this Act has expired after the date of the enforcement thereof, if the person has not committed a new criminal offence during this time.

 (3) Information concerning punishment for a misdemeanour which was entered in the database before 1 January 2010 shall be entered in the archives of the database.
[RT I, 27.06.2013, 2 – entry into force 15.07.2013]

§ 372.  Checking of correctness of information in criminal records database after transfer of criminal records database

 (1) No information concerning punishment shall be entered in the criminal records database and information concerning punishment shall be deleted from the criminal records database if all the information provided for in subsections 4 and 6 of § 12 of this Act or a part thereof are missing and if the processor of the criminal records database cannot find, through reasonable efforts, the decision which was the basis for the punishment. If the date of commission of an offence is missing, the processor of the database shall indicate the date of making the decision as the date of commission of the offence.

 (2) If the processor of the database is unable to establish information concerning the service of a sentence through reasonable efforts and the limitation period for execution of the judgment provided for in § 82 of the Penal Code has expired, the processor of the database may deem that the term for enforcement of the punishment has expired and delete the information from the database pursuant to the provisions of this Act.
[RT I, 27.06.2013, 2 – entry into force 15.07.2013]

§ 373.  Entry of data in archives of database

  The data provided for in §§ 371 and 372 of this Act shall be transferred to the archives of the database by 15 July 2013.
[RT I, 27.06.2013, 2 – entry into force 28.06.2013]

§ 374.  Deletion of data concerning sanctions applied to minors

  The data concerning application of sanctions to persons younger than eighteen years of age shall be deleted from the criminal records database by 1 July 2018.
[RT I, 05.12.2017, 1 – entry into force 01.01.2018]

§ 38.  Amendment of Republic of Estonia Child Protection Act

[Omitted from this text.]

§ 39.  Amendment to State Fees Act

[Omitted from this text.]

§ 40.  Repeal of Act

[Omitted from this text.]

§ 41.  Entry into force of Act

 (1) This Act enters into force on 1 January 2012.

 (2) § 37 of this Act enters into force on 15 November 2011.


1Council Framework Decision 2009/315/JHA on the organisation and content of the exchange of information extracted from criminal records between Member States (OJ L 93, 07.04.2009, pp 23–32);Directive (EU) 2019/884 of the European Parliament and of the Council amending Council Framework Decision 2009/315/JHA as regards the exchange of information on third-country nationals and the European Criminal Records Information System (ECRIS), and replacing Council Decision 2009/316/JHA (OJ L 151, 07.06.2019, pp 143–150); Directive 2022/2557/EC of the European Parliament and of the Council on the resilience of critical entities and repealing Council Directive 2008/114/EC (OJ L 333, 27.12.2022, pp 164–198). [RT I, 08.10.2024, 1 – entry into force 18.10.2024]

https://www.riigiteataja.ee/otsingu_soovitused.json