Legal provisions of COM(2010)221 - Development of the second generation Schengen Information System (SIS II) - Progress Report July 2009 - December 2009 - Main contents

Please note

This page contains a limited version of this dossier in the EU Monitor.

dossier	COM(2010)221 - Development of the second generation Schengen Information System (SIS II) - Progress Report July 2009 - December 2009.
document	COM(2010)221
date	May 6, 2010

|
52010DC0221

Report from the Commission to the European Parliament and the Council on the development of the second generation Schengen Information System (SIS II) - Progress Report July 2009 - December 2009 /* COM/2010/0221 final */

EN

Brussels, 6.5.2010

COM(2010)221 final

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL

ON THE DEVELOPMENT OF THE SECOND GENERATION SCHENGEN INFORMATION SYSTEM (SIS II)

Progress Report

July 2009 - December 2009

TABLE OF CONTENTS

1. Introduction (...)3

2. Project Status (...)3

2.1. Progress during the period under review (...)3

2.1.1. Overview (...)3

2.2. Preparations for milestone testing (...)4

2.3. Preparations for an alternative technical solution (...)4

2.4. Preparations for entry into operation (...)4

2.5. Preparations for migration (...)5

2.5.1. Migration legal instruments (...)5

2.6. SIS II network (...)6

2.7. Operational management (...)6

2.8. Security and data protection (...)6

3. Management (...)7

3.1. Financial implications (...)7

3.2. Project management (...)8

3.2.1. Global Programme Management Board (GPMB) (...)8

3.2.2. SISVIS Committee (SIS II) (...)8

3.2.3. National planning and coordination (...)8

3.2.4. Council (...)8

3.2.5. European Parliament (...)9

4. Priorities for the next reporting period (...)9

5. Conclusions (...)9

1. Introduction

This progress report describes the work carried out in the second semester of 2009, concerning the development of the second generation Schengen Information System (SIS II) and the migration from SIS 1+ to SIS II. It is presented to the Council and the European Parliament in accordance with Article 18 of Council Regulation (EC) No 1104/2008 and of Council Decision 2008/839/JHA on migration from the Schengen Information System (SIS 1+) to the SIS II. This report also constitutes a test status report.

2. Project Status

2.1. Progress during the period under review

2.1.1. Overview

This period was dominated by implementing the orientations provided in the Conclusions of the Justice and Home Affairs Council of 4-5 June and 30 November 2009 respectively.

The Council concluded, on 4-5 June, that the development of SIS II would continue on the basis of the current SIS II project by the main development contractor, and that an alternative technical solution to achieve SIS II (named "SIS 1+RE") would be retained as the contingency plan for a period necessary to back the project. The Council also agreed to two project milestones specifying the technical aspects of conditions and exit criteria which would have to be met in order to continue with the current SIS II project. The aim of these milestones would be to prove the stability, reliability and performance of the central SIS II and the proper functioning of vital core functionalities, such as data consistency and reliable message transfer, after significant and important development phases of the SIS II project. The related tests would start as soon as the Commission and the Member States had declared their readiness and the technical support function in Strasbourg (C.SIS) had confirmed that the SIS 1+ test tools were qualified and ready.

The first milestone was scheduled to occur after the performance tests of the system, foreseen for the fourth quarter of 2009. However, the Council of 30 November concluded that the final deadline with regard to the accomplishment of the first milestone test would be 29 January 2010 at the latest. Subject to the outcome of the first milestone test, a two month period of reflection for the Council would commence on 30 January 2010, to assess the implications of the test.

The Commission, in close cooperation with the Member States, put in place the necessary elements to follow the direction set in the Council Conclusions. Accordingly work was directed along three major tracks:

· Preparations for milestone testing;

· Preparations for an alternative technical scenario;

· Preparations for entry into operation.

2.2. Preparations for milestone testing

Technical preparations were initiated for the first of the two milestone tests, with a view to verifying whether the system is based on solid foundations. The technical preparations aimed, in particular, to ensure that all prior conditions for carrying out this test had been met (conformity of national systems that would participate in the test, generation of test data, validation of test tools, adjustments to the settings of the central system and setting up the detailed test descriptions). By the end of 2009 eleven Member States had achieved a state of compliance and the SIS 1+ test tools were qualified and ready.

The Council in June also invited the Commission to ensure that the milestones would be part of the deliverables under the contract for the current SIS II project and to reach an understanding with its contractors that non-compliance with these milestones would constitute resolutive conditions with regard to the existing contracts. The respective contract amendment for the first milestone was signed between the parties on 13 October. This amendment notably incorporated a provision stating that the Commission would be entitled to terminate the contract, as of right, with immediate effect if the first milestone test for SIS II were deemed by the Council not to have been passed.

2.3. Preparations for an alternative technical solution

In order to prepare the ground for a possible switch to an alternative technical scenario for implementing the SIS II functionalities, should one of the milestones be judged to have failed, exploratory negotiations with the French authorities were commenced.

A key element of any delegation to France would concern the adoption of the legislative proposals to amend the migration instruments (proposal for a Regulation and a forthcoming proposal to incorporate aspects previously covered by the third pillar decision - see section 2.5.1.).

2.4. Preparations for entry into operation

The comprehensive architecture review performed by a specialist IT consultant between March and April 2009 led to a broad consensus amongst SIS II experts on the absence of major flaws in the SIS II architecture. However, in terms of design and implementation, a number of recommendations were made to improve certain aspects of the system, such as performance, software scalability and ease of maintenance. The business message architecture was identified as being over-engineered and capable of simplification. The analysis and repair period, highlighted in the previous report, identified a number of areas for improvement in the system.

In parallel to the preparations for the first milestone test, the Commission, Member States' experts and contractors worked together on assessing the technical requirements for ultimately delivering the software version which would be used in a 'live' system. This work was undertaken through studies, workshops, prototypes ("proofs of concept") and discussion in the Global Programme Management Board (GPMB) . The latter structure was established by the Commission to ensure enhanced management and coordination of the SIS II project and related activities, including ensuring consistency between the development of central and national systems.

The Commission, working with Member States and the main development contractor, commenced several initiatives, with a view to producing enhanced specifications for the system. Particular areas investigated in-depth were:

· Simplification of the way in which large volumes of data are 'dumped' (for example when a Member State might need to recreate a copy of the central database at national level)

· Simplification of the data-consistency processes;

· Re-structuring of the message format;

· Rationalisation of the functions for creation, updating and deletion of records at the point where they would be entered into the central system so that the processes take place in parallel and therefore in a more time-effective manner;

· Harmonisation of the processes and procedures for handling different versions of the system.

In December 2009, the main development contractor delivered four draft whitepapers on the final four items in the above-mentioned list. Further discussions with Member States on certain non-functional requirements would be needed before this work could be finalised.

Additionally, developments in the use of the SIS by Member States have led to a situation where the number of alerts within the system has increased significantly. From the 22 million alerts originally foreseen, the latest estimates predict 73 million alerts in the foreseeable future. Having carried out an additional survey on volumetrics between June and September there would be a need for the Commission to continue to work with Member States' experts on this important evolution of requirements which must be accommodated in any technical solution.

2.5. Preparations for migration

2.5.1. Migration legal instruments

The Council Regulation and Council Decision governing migration to from SIS 1+ to SIS II (the migration instruments) lay down the tasks and responsibilities of the Commission and the Member States for preparing this migration, including further development and testing of SIS II. As the legal instruments currently in force contain an expiry date set for 30 June 2010, the Commission has tabled proposals to amend them, chiefly with a view to extending the deadline for transferring data from SIS 1+ to SIS II.

Whilst negotiations continued on a legislative proposal for a Regulation , the proposal to amend the Council Decision under the former third pillar became obsolete upon the entry into force of the Lisbon Treaty. The Commission intends to introduce a proposal in the appropriate procedural form during 2010.

Together, these proposals also aim to formally set up a coordinating body of technical experts for further management of the overall development of SIS II, as requested by the JHA Council of 4-5 June 2009, and to provide legal flexibility for an alternative technical scenario, in line with the Council's approach of retaining a contingency plan for the project.

2.6. SIS II network

The SIS II project includes the provision of a wide area communications network, meeting the requirements of availability, security, geographical coverage and level of service, to enable the national and central systems to communicate.

The staff of the European Data Protection Supervisor (EDPS) conducted an inspection at the SOC (network operation centre) in Bratislava. The inspection showed that from an overall perspective the situation is satisfactory. EDPS is likely to present some recommendations to further improve security at the SOC as well as to ensure better compliance with data protection provisions, for instance by declaring the use of video monitoring systems.

A workshop has been held with Member States on additional security safeguards to the system. Member States will be further consulted on this matter by questionnaire in order to identify any key actions that need to be considered.

2.7. Operational management

The training of the staff recruited in Strasbourg to operate the system has almost been completed. The Biometric Matching System 'transition to operation' plan has started and the staff in Strasbourg are now practically ready to operate the Biometric Matching System.

Negotiations are under way in the preparatory bodies of the Council and in the Parliament on the legal proposals for setting up an agency for the long-term operational management of large-scale IT systems in the area of justice, freedom and security, including SIS II.

2.8. Security and data protection

In addition to the network security issue mentioned in section 2.6 above, bilateral meetings between EDPS staff and the Commission services continued to take place on a regular basis to discuss security and data protection issues related to SIS II. On 1 December 2009, EDPS staff made a fact-finding visit to the central SIS II site in Strasbourg. The visit focussed on physical security.

3. Management

3.1. Financial implications

By the end of the reporting period the total budgetary commitments made by the Commission on the SIS II project amounted to approximately € 81.6 million. The corresponding contracts include feasibility studies, the development of the central SIS II itself, support and quality assurance, the SIS II network, preparation for operational management in Strasbourg, security, biometrics preparations and communication.

Of this amount, around € 50.2 million had actually been paid at the end of December 2009. The main expenditure items were development (€ 24.3 million), the network (€ 14.6 million) and support and quality assurance (€ 6.3 million).

Budget execution |

| From 2002 to December 2009 | From July to December 2009 |

| Commitments | Payments | Commitments | Payments |

Development | 37,458,059 | 24,260,603 | 1,530,908 | 1,812,342 |

Support & quality assurance | 8,500,034 | 6,291,933 | 839,586 | 1,636,532 |

Network | 26,954,673 | 14,599,264 | 5,652,772 | 4,230,655 |

Operational management preparation | 6,083,613 | 3,818,929 | 1,136,768 | 1,336,466 |

Security | 869,275 | 143,909 | 0 | 24,889 |

Studies | 919,831 | 895,095 | 0 | 0 |

Others | 834,483 | 160,778 | 0 | 64,253 |

TOTAL: | 81,619,969 | 50,170,511 | 9,160,034 | 9,105,137 |

During the period covered by the present report:

· Approximately € 9.1 million was paid, primarily for the network (€ 4.2 million) and monthly recurring costs;

· About € 9.2 million had been committed (i.e. 34% of the total appropriations for SIS II activities provided in the 2009 General Budget had been committed at the end of the year). This lower-than-forecast figure represents the fact that the ordering of new services and products was postponed pending the resolution of technical problems encountered in the development and new Council orientations for the project;

· Penalties amounting to 390,000 Euro have been applied in connection with the failure of the 'OST' tests in December 2008.

3.2. Project management

3.2.1. Global Programme Management Board (GPMB)

In order to ensure optimal involvement of the Member States, as the project moved into a new phase, a global SIS II programme management approach was introduced in January 2009, as recognised by the Council on 26-27 February. The Council of 4-5 June invited the Commission to build upon the experience and lessons learned from this management structure and develop it further. These management changes have been consolidated in the legislative proposal for a Regulation to amend the migration instruments.

The GPMB met 22 times during the period covered by this report. This board has contributed in a positive way to programme management and has ensured increased Member States' involvement.

3.2.2. SISVIS Committee (SIS II)

The Commission is assisted in the development of SIS II by the SISVIS Committee. There were five meetings of the SISVIS Committee on SIS II matters in the period July – December 2009.

In addition to regular SISVIS Committee meetings, working groups of the Committee and workshops, involving Member States' experts, are organised to discuss detailed technical issues. These meetings generally focus on issues arising from specific project deliverables:

– The 'Test Advisory Group' (TAG), provides the SISVIS Committee with an opinion on issues related to the organisation, implementation and interpretation of tests. This group held 23 meetings in this reporting period;

– The 'Change Management Board' (CMB), provides advice on classification, qualification and the potential impact of correction of reported issues. This working group, which also reports to the SISVIS Committee, met five times during the reporting period;

– Three SIS II Migration Workshops have been held since the delivery of the conclusions of the Migration Group, to advise the SISVIS Committee and pursue activities on this critical topic.

3.2.3. National planning and coordination

A working group composed of the Member States' and users' national project managers (NPM) is organised within the framework of the SISVIS Committee. The purpose of these NPM meetings is to deal with detailed planning issues, risks and activities both at the central and national project levels. During this reporting period four NPM meetings have taken place.

3.2.4. Council

The Commission takes part in the meetings of the preparatory bodies of the Council responsible for the Schengen Information System and each Council of Ministers session where SIS II is included on the agenda. On these occasions, the Commission presented oral reports on the state of play of the SIS II project, the associated risks and the envisaged next steps.

3.2.5. European Parliament

All important developments in the SIS II file have been communicated by a letter from Vice-President Barrot to the Chairman of the LIBE Committee and the key rapporteurs. During the period of this report four such letters were sent.

Members of the European Parliament were debriefed by Vice-President Barrot in person each time deliberations on SIS II were held at the Council meetings. Two JHA Council meetings discussed SIS II during this period.

Moreover, the Commission appeared at all Plenary and Committee meetings, to directly address SIS II-related matters: a total of four meetings plus the meeting of the Vice President with the coordinators of the political groups of the LIBE Committee.

The Commission also attended the Parliamentary session and took due note of the resolution of the European Parliament of 22 October 2009 on progress of Schengen Information System II and Visa Information System. The Vice-President followed this up with a letter to the chairman of the LIBE Committee.

Finally, the Commission responded to four Parliamentary questions relating to SIS II.

4. Priorities for the next reporting period

· Milestone testing;

· Providing the Council with appropriate input to feed into the two month period of reflection, should the milestone tests lead to unsatisfactory results;

· Preparations for an alternative technical solution, should the Council invite the Commission to stop the current SIS II project;

· Preparations for entry into operation.

5. Conclusions

During this period work was focussed on activities to follow up the orientations provided by the Conclusions of the Justice and Home Affairs Council in June and November 2009 respectively.

The Commission agreed with other stakeholders that the milestone tests requested by the Council in June would provide an indication as to the stability, reliability and performance of the central system. The outcome of these tests would constitute an important element in discussions on the future direction of SIS II.

The Commission has worked in close partnership with the Member States to implement the above-mentioned conclusions and has kept the European Parliament informed of developments. In particular, the Commission has ensured that the legal, technical, organisational and contractual elements have been fully put in place to allow the main development contractor to run the first milestone test under positive conditions. In line with the orientations of the Council in June, the Commission integrated the first milestone into the main development contract.

The Council, at its meeting on 30 November, set 29 January 2010 as a deadline for the accomplishment of the first milestone test. A sufficient number of Member States were able to demonstrate their compliance for taking part in this test.

If the first milestone test proves unsuccessful, the Commission agreed that it would support the Council in its reflection process on the further direction of SIS II by providing, in written form, the necessary financial and budgetary information.

Exploratory negotiations with the French authorities were commenced for a possible decision by the Commission to discontinue the current SIS II project and proceed on the basis of an alternative technical scenario for implementing the SIS II functionalities, should one of the milestones be judged by the Council to have failed.

In addition, during the period covered by this report, the Commission organised the necessary work to allow extensive analysis, together with the experts of the Member States, of the technical specifications of SIS II, in order to be able to guide decisions for the future.

Annex I

SISVIS Committee (SIS II) and Working Group Meetings

a) Meetings held during the reporting period

JULY 2009 |

8, 13, 29 | SIS II Global Programme Management Board |

15 | Change Management Board / Migration Workshop |

14 | National Project Managers Meeting |

14 | SISVIS Committee (SIS II technical) |

2, 9, 16, 31 | Test Advisory Group |

AUGUST 2009 |

12, 19, 26 | SIS II Global Programme Management Board |

06, 20, 28 | Test Advisory Group |

26 | Change Management Board / Migration Workshop |

SEPTEMBER 2009 |

2, 9, 16, 22 | SIS II Global Programme Management Board |

15 | SISVIS Committee (SIS II technical) |

3, 10, 17, 24 | Test Advisory Group |

OCTOBER 2009 |

1 | Change Management Board |

20 | National Project Managers Meeting |

20 | SISVIS Committee (SIS II technical) |

27 | SIS VIS Committee (SIRENE) |

1, 8, 15, 22, 29 | Test Advisory Group |

6, 13, 21, 28 | SIS II Global Programme Management Board |

NOVEMBER 2009 |

3, 11, 18, 24 | SIS II Global Programme Management Board |

25 | National Project Managers Meeting |

25 | SISVIS Committee (SIS II technical) |

3 | Change Management Board / Migration Workshop |

5, 12, 19, 26 | Test Advisory Group |

DECEMBER 2009 |

1, 9, 15, | SIS II Global Programme Management Board |

16 | National Project Managers Meeting |

16 | SISVIS Committee (SIS II technical) |

10 | Migration Workshop / Change Management Board |

3, 10, 17 | Test Advisory Group |

b) Meetings scheduled for the forthcoming reporting period

JANUARY 2010 |

20 | National Project Managers Meeting |

20 | SISVIS Committee (SIS II technical) |

14 | Change Management Board/Migration Workshop |

6, 13, 20, 27 | SIS II Global Programme Management Board |

7, 14, 21, 28 | Test Advisory Group |

FEBRUARY 2010 |

3, 10, 17, 24 | SIS II Global Programme Management Board |

24 | National Project Managers Meeting |

18 | Change Management Board / Migration Workshop |

24 | SISVIS Committee (SIS II technical) |

20 | SISVIS Committee (SIRENE) |

4, 11, 18, 25 | Test Advisory Group |

MARCH 2010 |

3, 10, 17, 24, 31 | SIS II Global Programme Management Board |

24 | National Project Managers Meeting |

24 | SISVIS Committee (SIS II technical) |

18 | Migration Workshop / Change Management Board |

4, 11, 18, 25 | Test Advisory Group |

APRIL 2010 |

7, 14, 21, 28 | SIS II Global Programme Management Board |

24 | National Project Managers Meeting/ SISVIS Committee (SIS II technical) |

15 | Change Management Board / Migration Workshop |

8, 15, 22, 29 | Test Advisory Group |

MAY 2010 |

5, 12, 19, 26 | SIS II Global Programme Management Board |

26 | SISVIS Committee (SIS II technical) |

26 | National Project Managers Meeting |

7, 21, 28 | Test Advisory Group |

20 | Migration Workshop / Change Management Board |

JUNE 2010 |

2, 9, 16, 30 | SIS II Global Programme Management Board |

17 | Change Management Board / Migration Workshop |

23 | National Project Managers Meeting |

4, 11, 18, 25 | Test Advisory Group |

Proposal for a Council Regulation amending Regulation (EC) No 1104/2008 on migration from the Schengen information System (SIS 1+) to the second generation Schengen Information System (SIS II, 1st pillar, COM/2009/508 final).

See section 3.2.1

Council Regulation (EC) No 1104/2008 of 24 October 2008 on migration from the Schengen Information System (SIS 1+) to the second generation Schengen Information System (SIS II), OJ L 299, 8.11.2008, p. 1.

Council Decision 2008/839/JHA of 24 October 2008 on migration from the Schengen Information System (SIS 1+) to the second generation Schengen Information System (SIS II), OJ L 299, 8.11.2008, p. 43.

Proposal for a Council Regulation amending Regulation (EC) No 1104/2008 on migration from the Schengen information System (SIS 1+) to the second generation Schengen Information System (SIS II, 1st pillar, COM/2009/508 final).

--------------------------------------------------