Legal provisions of COM(2020)72 - State of play of preparations for the full implementation of the new legal bases for the Schengen Information System (SIS) - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2020)72 - State of play of preparations for the full implementation of the new legal bases for the Schengen Information System (SIS). |
|---|---|
| document | COM(2020)72  |
| date | February 28, 2020 |
Brussels, 28.2.2020
COM(2020) 72 final
REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL
on the state of play of preparations for the full implementation of the new legal bases for the Schengen Information System (SIS) in accordance with Article 66(4) of Regulation (EU) 2018/1861 and Article 79(4) of Regulation (EU) 2018/1862
1.INTRODUCTION
On 28 November 2018, the European Parliament and the Council adopted three new Regulations on the establishment, operation and use of the Schengen Information System (SIS) 1 . The new SIS regulations widen the scope of application and functionalities of SIS in the following areas:
·new categories of alerts and more possibilities afforded by existing categories of alerts;
·extension of categories of data in SIS alerts;
·new technical possibilities;
·new biometric capabilities;
·wider access to SIS alerts at national and European level.
The new provisions need to be implemented in different phases. The following milestones for implementation are defined in the regulations:
1)implementation phase I (to be ready for entry into operation by end 2019): Europol and members of the teams deployed by the European Border and Coast Guard Agency 2 are allowed to access all categories of alerts in SIS;
2)implementation phase II (to be ready for entry into operation by end 2020): all Member States are able to use the Automated Fingerprint Identification System (AFIS) for searches on the basis of fingerprints in SIS;
3)implementation phase III (to be ready for entry into operation by end 2021): full implementation of all provisions of the new SIS regulations.
In that respect, the new regulations lay down that, no later than 28 December 2021, the Commission is to adopt a decision setting the date in which the operations of SIS pursuant to the new regulations start. In order to achieve this objective, it is necessary that by that time:
·all the necessary implementing acts have been adopted;
·Member States have notified the Commission that they have made the necessary technical and legal arrangements; and
·eu-LISA has notified the Commission about the successful completion of all testing activities.
Article 66(4) of Regulation (EU) 2018/1861 and Article 79(4) of Regulation (EU) 2018/1862 call on the Commission to submit on an annual basis a report to the European Parliament and the Council on the state of play of preparations for the full implementation of the new SIS regulations.
This first status report describes the preparatory work done by the Commission, agencies and Member States from 1 January 2019 until 30 September 2019. It is based on information provided by Member States and agencies through questionnaires and results achieved in meetings and workshops.
2.STATE OF PLAY OF PREPARATIONS FOR IMPLEMENTATION OF THE NEW SIS REGULATIONS
2.1.Stakeholders
Different stakeholders need to work closely together in order to achieve full implementation of the new SIS regulations by the end of 2021.
The Commission is responsible for monitoring the implementation process, ensuring correct and harmonised implementation of the legal provisions, and for adopting the necessary implementing and delegated acts.
eu-LISA is responsible for developing Central SIS and the Communication Infrastructure, including preparing technical specifications, testing and putting the new SIS into operation by the required deadlines.
Member States are responsible for developing their national systems in line with the developments within Central SIS, and for completing all necessary legal and procedural preparations for the processing of SIS data and supplementary information, in line with the new SIS regulations.
The European Border and Coast Guard Agency, Europol and Eurojust are responsible for ensuring that all preparations are done to allow their authorised users to access SIS data in accordance with the new SIS regulations.
2.2.Commission
2.2.1.Coordination of activities and involvement of stakeholders
The Commission has set up in January 2019 a network of experts from Member States’ competent authorities and EU agencies, to coordinate the activities and assist the Commission in several tasks:
·within the context of the Expert Group on Information Systems for Borders and Security 3 , a SIS Subgroup and SIRENE 4 Subgroup have been set up; the tasks of the SIS Subgroup are to provide the Commission with expert advice on technical options to achieve correct implementation of the new provisions and functionalities of SIS, and to prepare delegated acts; the task of the SIRENE Subgroup is to provide the Commission with expert advice on the required modifications in SIRENE procedures;
·a Committee 5 (“SIS-SIRENE Police” and “SIS-SIRENE Borders”), has been set up to assist the Commission in the preparations of the necessary implementing acts; the Committee is the main decision body to endorse recommendations made by experts in the SIS and SIRENE Subgroups or in technical meetings led by eu-LISA.
The Commission participates actively in activities and technical meetings led by eu-LISA and ensures coordination of activities of different stakeholders through regular meetings of the SIS-SIRENE Committee.
2.2.2.Definition of requirements for technical developments
As a first step, the work of the Commission and Member States’ experts focused on preparing requirements for technical developments within the Central SIS in line with the new regulations.
The main work on defining the requirements related to the non-biometric part of SIS was completed in April 2019. Following endorsement by the SIS-SIRENE Committee, the agreed points were either sent to eu-LISA for further technical discussions with Member States and inclusion in technical specifications or incorporated into the draft of new implementing acts.
The new SIS regulations also require a significant development of the biometric capabilities of SIS. The Commission’s Joint Research Centre carried out three studies on the implementation of the new biometric capabilities in SIS, on finger-mark and palm-mark identification, on face identification and on DNA profiles. 6 The studies, which were finalised in June 2019, concluded that it is possible to use those technologies in SIS and made some recommendations. The Joint Research Center also continuously supports the Commission and eu-LISA during technical discussions with Member States.
2.2.3.Preparation of technical implementing measures
The Commission started drafting implementing measures, focusing primarily on technical rules on entering and processing alphanumeric data in SIS. At the end of the reporting period, broad agreement has been reached between Member States and Commission on the substance of those implementing measures. The Commission intends to initiate the adoption procedure in 2020. The Commission intends to update the existing implementing act on quality of biometric data 7 in the course of 2020 on the basis of the recommendations of the Joint Research Center and the outcome of technical discussions in this area led by eu-LISA.
2.2.4.Preparation of update of SIRENE Manual
The SIRENE Manual 8 is an implementing act that sets out the procedures for the exchange of supplementary information related to SIS alerts. Due to the different milestones for implementation laid down in the new regulations, the update of the SIRENE Manual needs to be completed in two phases:
·Phase I relates to updates necessary for the exchange of supplementary information between Member States and Europol; this review needs to be completed before Europol is technically connected to the SIRENE network (planned for 2020);
·Phase II relates to the complete update of the SIRENE Manual, including all new procedures required in view of the new regulations.
Concerning phase I, the Commission prepared a proposal for review of the current SIRENE Manual and submitted it for discussion to the Committee on 12 September 2019. The Commission intends to finalise the review in the course of 2020 before Europol will be technically connected to the SIRENE network.
With regard to the changes required under phase II, the Commission analysed together with the SIRENE Subgroup the requirements for new SIRENE procedures or for updates of existing procedures in several areas. Several meetings are planned outside the reporting period with the aim to reach a common agreement on the substance of the main provisions by the beginning of 2020. Once agreement on the substance has been reached, the following steps are to be made:
·inclusion of new or revised procedures in the revised SIRENE Manual and discussion and approval in the Committee (activity led by the Commission);
·update of technical specifications for the data exchange between SIRENE Bureaux (activity led by eu-LISA);
·update of national SIRENE workflow systems in line with the technical specifications for data exchange (activity led by Member States and Europol).
2.3.eu-LISA
2.3.1.Planning and budget
eu-LISA has planned a start of operations in two phases:
·Phase I: in December 2019, the first official release will be ready for deployment; this release will give Europol full access to SIS and allow the European Border and Coast Guard Agency to establish a technical connection to SIS;
·Phase II: in December 2021 the second official release with all changes related to the new regulations will be delivered and enter into operation; prior to this, eu-LISA plans to perform four sets of tests.
Article 5(3) of Regulation (EU) 2018/1861 has allocated an amount of EUR 31 098 000 to eu-LISA for carrying out the technical developments concerning Central SIS and the Communication Infrastructure, as well as related technical training activities. This status report does not yet contain a detailed overview of the costs incurred because the first reporting period is very short.
2.3.2.Coordination of activities
eu-LISA has decided to separate the technical discussions related to the implementation of new biometric capabilities within SIS from the discussions related to developments in the non-biometric part of SIS. The activities of eu-LISA and their contractors in relation to the technical developments in both areas are coordinated through a double Program Management Forum (PMF) structure (“AFIS PMF” dealing with biometrics, and “SIS Recast PMF” dealing with the non-biometric part). Participants in the PMF structure include the Commission, project managers of all Member States and agencies and the eu-LISA project team.
2.3.3.Preparation of technical specifications for the non-biometric part of Central SIS
eu-LISA started its main activities for the non-biometric part of SIS in May 2019, after the SIS Subgroup finalised the list of requirements and significant progress on technical implementing measures was reached in the SIS-SIRENE Committee. A first draft of the User Requirements Document was delivered to all stakeholders on 2 September 2019. A first version of the Interface Control Document / Detailed Technical Specification will be provided by eu-LISA in October 2019. The plan is to finalise the work on those specifications by the beginning of 2020.
eu-LISA has signed specific contracts for the development of Central SIS as part of the framework contract for the Maintenance in Working Order of SIS.
2.3.4.Preparation of technical specifications for the biometric part of Central SIS
The biometric component of Central SIS (“SIS AFIS”) has entered into operation in March 2018. The new SIS regulations require important modifications to the existing AFIS. In particular, biometric searches will be extended with new categories of dactyloscopic data (palm prints and latents). In addition, the new SIS regulations require Member States to be able to use the fingerprint search functionality in all operational circumstances.
eu-LISA has launched the “AFIS Phase 2 project” to further develop SIS AFIS according to those requirements. At first, the project focuses on the “Analysis and Design” aspects of the evolution, covering the preliminary work on project initiation, requirements, specification and preliminary design for SIS AFIS Phase 2. The User Requirements Document and Interface Control Document / Detailed Technical Specification will be finalised by the end of 2019. The second phase “Implementation” will start in the beginning of 2020.
2.4.Member States
2.4.1.Scope
This report only covers the Member States that are currently connected to SIS. It concerns all EU Member States except Ireland and Cyprus, and the four Schengen Associated Countries (30 States) 9 . It concerns also the United Kingdom under the provisions of the Withdrawal Agreement.
2.4.2.Budget
Article 5(4) of the Regulation (EU) 2018/1861 has allocated to Member States an additional global allocation of EUR 36 810 000 to be devoted to the quick and effective upgrade of the national systems concerned. A first amount of EUR 18 405 000 has been committed in 2019.
2.4.3.State of play of deployment of SIS AFIS (to be completed by end 2020)
The Commission requested Member States to report on the state of play of their preparations for the deployment of SIS AFIS during the Committee meeting of 13 June. All Member States replied. The status until the end of the reporting period (30 September 2019) is the following:
·19 Member States have already deployed the AFIS search functionality;
·3 Member States have planned to deploy the AFIS search functionality still in 2019;
·2 Member States have planned to deploy the AFIS search functionality in 2020;
·6 Member States did not give a detailed timeline for deployment in their reply to the questionnaire; the Commission will closely follow up the state of implementation of those Member States during the next reporting period (1 October 2019 – 30 September 2020).
2.4.4.Preparations for the full implementation of the new legal basis (to be completed in the course of 2021)
Preparations by Member States are crucial because the Commission can only set the date from which the new SIS starts operation after the Member States have notified the Commission that they have made the necessary technical and legal arrangements.
It has to be noted that the activities done by Member States are still at a preliminary stage as Member States may only fully start developing their national systems when the specifications for the developments within Central SIS are set and the technical documentation has been finalised (beginning of 2020).
The Commission has asked Member States to report through a questionnaire launched on 11 July 2019 on preparations done at national level. All Member States concerned responded. Member States were requested to provide input in the following areas:
·project planning and management;
·internal coordination;
·impact assessment in terms of budget, human resources, organisation and national legislation.
In terms of project planning, almost half of the Member States (14 respondents) have already started to define or have defined a project plan and related milestones; the other half (16 respondents) plans to do this by the end of 2019 – beginning of 2020. In addition, the majority of Member States (24 respondents) have established or will establish in the near future a specific project team and assigned a project manager; five Member States will manage the SIS implementation through existing departments or teams and one Member State has not clarified yet how it will manage the implementation internally. A large majority of the respondents (26) envisage to establish cooperation at national level between competent authorities.
In terms of impact assessment, the Member States are currently at different stages of preparation 10 :
budgetary impact assessment:
·18 Member States have completed the assessment in 2019;
·8 Member States will complete the assessment in 2020;
·2 Member States will start the assessment in 2020;
human resources needs assessment:
·9 Member States have completed the assessment in 2019;
·9 Member States will complete the assessment in 2020;
·5 Member States will start the assessment end 2019 – beginning 2020;
organisational needs assessment:
·7 Member States have completed the assessment in 2019;
·9 Members State will complete the assessment by 2020;
·10 Member State have reported that they will start the assessment end 2019 – beginning 2020;
assessment of impact on national legislation:
·9 Member States have completed the assessment in 2019;
·12 Member States will complete the assessment in 2020;
·1 Member State will complete the assessment in the beginning of 2021.
The Commission will continue to closely follow up the preparatory activities by Member States during the regular meetings of the SIS-SIRENE Committee.
2.5.Agencies
This part of the report focuses on preparations done by Europol and the European Border and Coast Guard Agency as the provisions impacting those agencies enter into application already by end 2019 (they are covered by the first implementation phase).
The changes impacting Eurojust are minimal and only apply as from end 2021. Therefore, the present status report does not include preparations by Eurojust.
2.5.1.Europol
Europol already is a user of SIS under the current SIS regulations. The new regulations include for Europol modifications in the following two areas:
·access to all categories of alerts in SIS, and
·connection to the SIRENE network.
The new provisions apply from the end of 2019.
During the first reporting period, Europol has upgraded its existing interface to access SIS alerts through a Unified Search Engine to be deployed as from December 2019. The implementation has been finalised and integration tests with eu-LISA are planned for the fourth quarter of 2019.
Europol aims to be ready for the connection to the SIRENE network by end 2020. The SIRENE function is planned to be established within the Front Office/Operational Centre at Europol which has 24/7 capabilities. Europol plans to integrate the SIRENE mail relay into its own message exchange system SIENA (Secure Information Exchange Network Application) to ensure data integrity and an efficient workflow.
Additionally, Europol carried out the following preparatory activities:
·during 2019, Europol’s internal procedures were adjusted to include the new capabilities which relate to the full access to SIS; during 2020, further updates will be done to include the connection to the SIRENE mail relay and supplementary information exchange;
·study visits to SIRENE offices aiming to collect best practices were done; and
·prior consultation of the European Data Protection Supervisor has started.
Europol’s budget for the extension of the access to all categories of SIS alerts is EUR 70 596.
2.5.2.European Border and Coast Guard Agency
Under the new SIS regulations, the members of the teams deployed by the European Border and Coast Guard Agency have as from end 2019 the right to access all categories of alerts in SIS. The members of those teams need to access SIS through a technical interface set up and maintained by the European Border and Coast Guard Agency.
For that purpose, the European Border and Coast Guard Agency has prepared and approved in 2019 a project consisting of the following parts:
·development of a system, composed of a technical interface located at the headquarters of the European Border and Coast Guard Agency, a web application and a mobile application for connection to the database;
·delivery of equipment;
·development of procedures and rules for using the system, including communication channels, rules and cooperation with the hosting Member States’ authorities; and
·end-users training.
The total duration of the project is estimated at 25 months, with the possibility of querying SIS after 19 months (by mid-2021). The last six months will be dedicated solely to the development of a mobile application.
In addition, the European Border and Coast Guard Agency has undertaken the following activities during the reporting period:
·Project Managers and Steering Committee have been appointed, Business Case has been prepared and approved by the Steering Committee on 18 September 2019;
·working level contact with eu-LISA has been established; and
·consultation with the Data Protection Officer has started.
The European Border and Coast Guard Agency has estimated for the full project a budget of EUR 3 489 200 and yearly recurring costs of EUR 212 000.
3.CONCLUSIONS
During the first reporting period (1 January – 30 September 2019), the different stakeholders have made significant progress to achieve implementation of the new SIS regulations in accordance with the defined milestones:
1)implementation phase I (end 2019): eu-LISA has made the necessary preparations to extend full access to SIS to Europol, and to allow the European Border and Coast Guard Agency to connect to SIS; Europol will have access to all alert categories in SIS as from end 2019; the European Border and Coast Guard Agency has provided funding and initiated a project allowing the members of its teams to get access to SIS in 2021;
2)implementation phase II (end 2020): at the end of the reporting period, 19 Member States have deployed the fingerprint search functionality; 11 Member States still need to deploy the functionality by the end of 2020;
3)implementation phase III (end 2021): during the reporting period, activities have been coordinated by the Commission and eu-LISA to prepare implementing measures and technical specifications required for full implementation of the new SIS regulations; the main preparatory work is planned to be finalised by the beginning of 2020, in order to give sufficient time to Member States to initiate their national implementation projects; Member States have started preparatory activities at national level to be ready for entry into operation by the end of 2021.
The implementation of the new SIS regulations is closely connected to the implementation of interoperability of information systems for borders and security. The Commission has set up, together with the eu-LISA Management Board and the European Border and Coast Guard Agency, a mechanism to monitor progress in all interrelated projects and detect any issues at an early stage.
The next status report, which is due on 28 December 2020, will cover a full year and will describe the activities of stakeholders during the next reporting period, from 1 October 2019 until 30 September 2020.
(1) Regulation (EU) 2018/1860 of the European Parliament and of the Council of 28 November 2018 on the use of the Schengen Information System for the return of illegally staying third-country nationals OJ L 312, 7.12.2018, p. 1; Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006 OJ L 312, 7.12.2018, p. 14; Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU OJ L 312, 7.12.2018, p. 56.
(2) In accordance with the new SIS Regulations, the members of the teams referred to in points (8) and (9) of Article 2 of Regulation (EU) 2016/1624 of the European Parliament and of the Council of 14 September 2016 on the European Border and Coast Guard and amending Regulation (EU) 2016/399 of the European Parliament and of the Council will have the right to access and search data in SIS insofar it is necessary for the performance of their tasks and as required for the operational plan for a specific operation. In accordance with Regulation (EU) 2019/1896 of the European Parliament and of the Council of 13 November 2019 on the European Border and Coast Guard and repealing Regulations (EU) No 1052/2013 and (EU) 2016/1624, the European Border and Coast Guard Agency provides its operational support through the deployment of the European Border and Coast Guard standing corps forming border management teams, migration management support teams and return teams.
(3) https://ec.europa.eu/transparency/regexpert/index.cfm?do=groupDetail.groupDetail&groupID=3643
(4) Supplementary Information Request at the National Entries.
(5) https://ec.europa.eu/transparency/regcomitology/index.cfm?do=List.list
(6) Haraksim R., Galbally J., Beslay L., Study on Fingermark and Palmmark Identification Technologies for their Implementation in the Schengen Information System, EUR 29755 EN, Publications Office of the European Union, Luxembourg, 2019; J. Galbally, P. Ferrara, R. Haraksim, A. Psyllos, L. Beslay, Study on Face Identification Technology for its Implementation in the Schengen Information System, EUR 29808 EN, Publications Office of the European Union, Luxembourg, 2019; Angers A, Kagkli DM, Oliva L, Petrillo M, Raffael B, Study on DNA Profiling Technology for its Implementation in the Central Schengen Information System, EUR 29766 EN, Publications Office of the European Union, Luxembourg, 2019.
(7) Commission Implementing Decision (EU) 2016/1345 of 4 August 2016 on minimum data quality standards for fingerprint records within the second generation Schengen Information System (SIS II) (notified under document C(2016) 4988). OJ L 213, 6.8.2016, p. 15.
(8) Commission Implementing Decision (EU) 2017/1528 of 31 August 2017 replacing the Annex to Implementing Decision 2013/115/EU on the SIRENE Manual and other implementing measures for the second generation Schengen Information System (SIS II) (OJ L 231, 7.9.2017, p. 6).
(9) List of EU and Schengen Member States that answered the questionnaires: Austria, Belgium, Bulgaria, Croatia, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Lithuania, Liechtenstein, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland.
(10) Not all Member States were able to provide a specific assessment for each of the categories taken into account in the questionnaire.