Explanatory Memorandum to COM(2019)4 - Conditions for accessing other EU information systems for ETIAS purposes - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2019)4 - Conditions for accessing other EU information systems for ETIAS purposes. |
|---|---|
| source | COM(2019)4  |
| date | 07-01-2019 |
Contents
• Reasons for and objectives of the proposal
In September 2018, the Council and the European Parliament adopted two legislative acts, a Regulation establishing the European Travel Information and Authorisation System (‘ETIAS’) 1 and an amendment of the Europol Regulation for the purpose of establishing ETIAS 2 .
Establishing ETIAS is among efforts undertaken in recent years at EU level to enhance the security of citizens and prevent irregular migration in an open Europe, securing and continuing to strengthen the management of external borders 3 , 4 . The context and the establishment of the system were announced in the 2016 State of the Union speech. President Juncker said: ‘We will defend our borders […] with strict controls […] on everyone crossing them. Every time someone enters or exits the EU, there will be a record of when, where and why. In November [2016] we will propose a European travel information and authorisation system – an automated system to determine who will be allowed to travel to Europe. That way we will know who is travelling to Europe before they even get here”.
ETIAS will fill the information gap on travellers exempt from the requirement of being in possession of a visa when crossing the external borders. ETIAS will determine the eligibility of visa-exempt third-country nationals prior to their travel to the Schengen Area and whether such travel poses a security, irregular migration or high epidemic risk. ETIAS will also give travellers confidence that they would be able to cross the borders smoothly. If needed, ETIAS travel authorisation could be denied by ETIAS National Units.
The assessment of such risks will involve automated processing of personal data provided in the applications for travel authorisation. The ETIAS Regulation establishes that personal data in the applications will be compared with the data present in records, files or alerts registered in EU information systems or databases (the ETIAS Central System, Schengen Information System (‘SIS’), the Visa Information System (‘VIS’), the Entry/Exit System ‘(EES’) or Eurodac), in Europol data or in the Interpol databases (the Interpol Stolen and Lost Travel Document database (‘SLTD’) or the Interpol Travel Documents Associated with Notices database (‘TDAWN’)) 5 .
While the Regulation defines in its Article 20 which group of data from the ETIAS application files can be used to consult the other systems, not all those data are collected or recorded in the same way in the other EU information systems and Europol data. For instance in one of the systems, ‘country of issue of the travel document’ is collected while in another the same data is recorded in another way, e.g. as ‘three letter code of the issuing country of the travel document’. In other instances, a category of data is collected in one system but not in the other. For instance, ‘first names of parents of applicants’ are collected by ETIAS, but not in most of the other systems to be queried by ETIAS.
Also at the time the ETIAS proposal 6 was adopted, the situation as regards the different EU information systems to be queried by ETIAS was different from today. At the time the ETIAS proposal was adopted, two other new EU information technology systems had been proposed to be set up: discussions were ongoing on the EES Regulation 7 while the Commission’s proposal on the European Criminal Records Information System – Third Country Nationals (‘ECRIS-TCN’) 8 was just about to be proposed. As regards existing information systems, the legal texts of the SIS were evolving due to the proposed revisions to the SIS legal framework in December 2016, finally adopted by co-legislators in November 2018 9 . The recast of the Eurodac Regulation 10 had also been proposed by the Commission as part of the reform of the Common European Asylum System, but had not yet been adopted by co-legislators 11 . The recast Eurodac Regulation still remains to be adopted by co-legislators today.
Based on these considerations, the ETIAS Regulation stipulates, in its Article 11 i that: “The amendments to the legal acts establishing the EU information systems that are necessary for establishing their interoperability with ETIAS as well as the addition of corresponding provisions in this Regulation shall be the subject of a separate legal instrument”.
The present proposal therefore aims to set out the technical amendments necessary to fully set up the ETIAS system by amending the legal acts of the EU information technology systems ETIAS queries. The present proposal also sets out coresponding provisions and amends the ETIAS Regulation accordingly.
First, the present initiative sets out amendments to the Regulation on ECRIS-TCN, on which recently, an ‘agreement in principle’ was found by the co-legislators. Thus, in line with the intention expressed by co-legislators in the ETIAS Regulation 12 it is now possible to include in ETIAS the necessary provisions on the relationship between ETIAS and ECRIS-TCN and to amend ECRIS-TCN accordingly.
Secondly, the present initiative also aims to establish the relations between ETIAS and the SIS. The revised SIS legal framework has been adopted in November 2018. The present proposal includes consequential amendments resulting from the adoption of the new SIS Regulations. In line with the new SIS legal framework it is proposed to include the new alert category on inquiry checks 13 for the assessment of applications. It is not proposed to include the alert category on return decisions as such alerts are erased at the moment a return decision is implemented. This means that persons that apply for an ETIAS authorisation after having left the EU will – by definition – not have a return record in the SIS. Thirdly, the present initiative seeks to amend the EES Regulation to establish technically its relationship with ETIAS.
Fourthly, the initiative also aims at amending the VIS Regulation in order to allow VIS to receive, process and answer ETIAS queries. Although in May 2018, the Commission presented a proposal to amend the VIS Regulation in order to upgrade that database, the present initiative puts forward amendments to the VIS Regulation currently in force, as the negotiations on the proposal for the upgraded VIS are not sufficiently advanced. However, if the proposal to amend the VIS Regulation were to be adopted first, it could become necessary to introduce some technical changes in the present proposal to align it with the amended version of the VIS Regulation. If the present proposal is adopted first, some technical changes could be required in the proposal amending the VIS Regulation before its adoption.
In addition, following the adoption of both the EES Regulation and ETIAS Regulation, it is now required to align the way EES and ETIAS are working together on the way EES and VIS are integrated for the purpose of border control process and registration of border crossings in EES. This will rationalise and simplify the work of border guards through the implementation of a more uniform border control process for all third-country national entering for a short stay.
The present initiative however does not include the amendments related to Eurodac, the EU asylum and irregular migration database, given that discussions have not yet been concluded on the May 2016 legislative proposal to strengthen Eurodac 14 . Furthermore, the data available in the current Eurodac are not sufficient for ETIAS purposes, given that the existing Eurodac only stores biometric data and a reference number, but no other personal data (e.g. name(s), age, date of birth) that would allow for contributing to the objectives of ETIAS. The May 2016 legislative proposal for a recast Eurodac Regulation seeks to extend the purpose of the database to the identification of illegally staying third-country nationals and those who have entered the EU irregularly. In particular, it provides for the storage of personal data such as the name(s), age, date of birth, nationality, and identity documents. These identity data are essential to ensure that Eurodac will be able to contribute to the objectives of ETIAS.
Once the co-legislators reach political agreement on the recast Eurodac Regulation, the recast Eurodac Regulation will need to be supplemented with the necessary amendments to connect Eurodac to ETIAS. Additionally, once the co-legislators adopt the Commission’s legislative proposals 15 for the interoperability of information systems for security, border and migration management, and following political agreement on the proposal for a recast Eurodac Regulation, the Commission will apply the same approach with regards to the necessary amendments to make Eurodac part of the interoperability of information systems.
Finally, in line with the April 2016 Communication on 'Smarter Information Systems for borders and security', ETIAS is to be built based on a re-use of hardware and software components developed for the EES 16 . This is also the approach followed by the legislative proposals on the interoperability of information systems 17 . The technical development of the common identity repository and the European search portal as foreseen by the legislative proposals on the interoperability of information systems would be developed on the basis of the EES/ETIAS components.
This proposal therefore presents amendments to the ETIAS Regulation to specify that the ETIAS Central System would build upon the EES Central System’s hardware and software components in order to establish a shared identity repository for the storage of the identity alphanumeric data of both ETIAS applicants and third-country nationals registered in EES. This shared identity repository would be the basis for the implementation of the common identity repository once the co-legislators adopt the legislative proposals on the interoperability of information systems. Moreover, during a transitional period, before the European search portal is available, the automated processing of ETIAS applications would rely on a tool, which would be used as the basis for the development and implementation of the European search portal.
Due to the variable geometry in Member States' participation in EU policies in the area of freedom, security and justice, it is necessary to adopt two separate legal instruments which will nonetheless work seamlessly together to enable the comprehensive operation and use of the system.
• Existing provisions in the area of the proposal
ETIAS was established by Regulation (EU) 2018/1240 18 . The Regulation specifies the objectives of ETIAS, defines its technical and organisational architecture, lays down rules concerning the operation and the use of the data to be entered into the system by the applicant and rules on the issue or refusal of the travel authorisations, lays down the purposes for which the data are to be processed, identifies the authorities authorised to access the data and specifies rules to ensure the protection of personal data.
In line with the ETIAS Regulation, this proposal introduces amendments to the legal acts establishing the EU information systems that are necessary for establishing their relation with ETIAS. It also adds corresponding provisions in the ETIAS Regulation itself.
This proposal is without prejudice to Directive 2004/38/EC 19 . The proposal does not in any respect amend Directive 2004/38/EC.
• Consistency with other Union policies
This proposal is consistent with the European Agenda on Migration and subsequent communications, including the Communication of 14 September 2016 ‘Enhancing security in a world of mobility: improved information exchange in the fight against terrorism and stronger external borders’, as well as the European Agenda on Security 20 and the Commission’s work and progress reports towards an effective and genuine Security Union 21 .
2. LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY
• Legal basis
The legal basis for this proposal is composed of Article 77(2)(a), (b) and (d) of the Treaty on the Functioning of the European Union (TFEU).
Under Article 77 i, (a), (b) and (d) TFEU, the European Parliament and the Council can adopt measures concerning the common policy on visas and other short-stay residence permits, the checks to which persons crossing external borders are subject, and any measure necessary for the gradual establishment of an integrated management system for external borders. Those treaty provisions (or their precursor, in the case of Article 77(2)(a) TFEU) were the legal basis for the adoption of the regulations establishing the Visa Information System (Article 62(2)(b)(ii) Treaty on the European Community, succeeded by Article 77(2)(a) TFEU), the Entry Exit System (Article 77 i (b) and (d) TFEU), the European Travel Information and Authorisation System (Article 77 i TFEU) and the Schengen Information System with regard to borders (Article 77(2)(b) and (d) TFEU). This proposal has the objective of amending those regulations and relies on Article 77(2)(a), (b) and (d) TFEU for that.
• Subsidiarity
The Proposal contains amendments of Regulations setting up EU-wide information systems to manage the external borders and the security of an area without controls at internal borders. Such information technology systems can, by their nature, only be set up at EU level, and not by the Member States acting alone.
• Proportionality
This proposal elaborates further on principles already established by the legislator in the ETIAS Regulation.
This becomes apparent from the following elements.
The specifications as regards exchanges of data between ETIAS and each of the other EU information systems are in line with the exchanges of data provided by Articles 20 and 23 of the ETIAS Regulation.
The granting of access rights to identity data in the EU information systems (EES, VIS, SIS, ECRIS-TCN) by the ETIAS Central Unit falls within the scope of responsibilities assigned to the ETIAS Central Unit pursuant to Articles 7, 22 and 75 of the ETIAS Regulation.
The granting of access rights to the other EU information systems for the manual processing of application by the ETIAS National Units falls within the scope of responsibilities assigned to the ETIAS National Units pursuant to Article 8 and Chapter IV of the ETIAS Regulation.
Including in this proposal the inclusion of alerts concerning an inquiry check are coherent with the provisions on the support of objectives of SIS in Article 23 ETIAS Regulation.
This proposal is proportionate in that it does not go further than what is required in terms of action at EU level to reach the objectives.
• Choice of the instrument
A regulation of the European Parliament and the Council is proposed. The proposed legislation addresses the operation of central EU information systems for borders and security, all of which have been - or are proposed to be - established under regulations. As a consequence, only a regulation can be chosen as a legal instrument.
3. RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS
• Stakeholder consultations
The ETIAS proposal was developed on the basis of a feasibility study. As part of this study, the Commission collected the views of Member State experts on border control and security. In addition, the main elements of the ETIAS proposal were discussed in the framework of the High-Level Expert Group on Interoperability that was set up as a follow-up of the Communication on Stronger and Smarter Borders of 6 April 2016. Consultation took also place with representatives of the air, sea and rail carriers, as well as with representatives of EU Member States with external land borders. As part of the feasibility study, a consultation of the Fundamental Rights Agency was also undertaken.
This proposal only introduces limited technical changes, mirroring provisions that are already established in the ETIAS Regulation. These limited technical adjustments do not justify having separate stakeholder consultations.
• Impact assessment
This proposal is not supported by an impact assessment. The proposal is coherent with the ETIAS Regulation, the proposal of which was based on the results of the feasibility study conducted from June until October 2016.
As this proposal does not contains new political elements but merely introduces limited technical changes, mirroring provisions that are already established in the ETIAS Regulation, a impact assessment is not necessary.
Fundamental rights
As compared to the ETIAS Regulation, this proposal only specifies in more details which data is to be compared to which data in the other EU information systems and provides with the necessary amendments as regards granting access rights to those other systems to ETIAS Central and National Units. Therefore, this proposal complies with the Charter of Fundamental Rights of the European Union, in particular as regards the right to the protection of personal data, and is also in line with Article 16 TFEU which guarantees everyone the right to protection of personal data concerning them.
4. BUDGETARY IMPLICATIONS
The proposal does not have budgetary implications.
5. OTHER ELEMENTS
• Participation
This proposal builds upon the Schengen acquis regarding the crossing of external borders and visa.
Therefore the following consequences in relation to the various protocols and agreements with associated countries have to be considered:
Denmark: In accordance with Articles 1 and 2 of the Protocol (no 22) on the position of Denmark, annexed to the Treaty on European Union (TEU) and the Treaty on the Functioning of the European Union (TFEU), Denmark does not take part in the adoption by the Council of measures pursuant to Title V of part Three of the TFEU. Given that this Regulation builds upon the Schengen acquis, Denmark shall, in accordance with Article 4 of that Protocol decide within a period of six months after the Council has decided on this Regulation whether it will implement it in its national law.
United Kingdom and Ireland: In accordance with Articles 4 and 5 of the Protocol integrating the Schengen acquis into the framework of the European Union and Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland, and Council Decision 2002/192/EC of 28 February 2002 concerning Ireland's request to take part in some of the provisions of the Schengen acquis, the United Kingdom and Ireland do not take part in the legal instruments organising and supporting the abolition of controls at internal borders and the flanking measures regarding the controls at external borders and visa.
This Regulation constitutes a development of this acquis, and therefore, the United Kingdom and Ireland are not taking part in the adoption of this Regulation and are not bound by it or subject to its application.
Iceland and Norway: The procedures laid down in the Association Agreement concluded by the Council and the Republic of Iceland and the Kingdom of Norway concerning the latter's association with the implementation, application and development of the Schengen acquis are applicable, since the present proposal builds on the Schengen acquis as defined in Annex A of that Agreement. 22
Switzerland: This Regulation constitutes a development of the provisions of the Schengen acquis, as provided for by the Agreement between the European Union, the European Community and the Swiss Confederation on the latter's association with the implementation, application and development of the Schengen acquis. 23
Liechtenstein: This Regulation constitutes a development of the provisions of the Schengen acquis, as provided for by the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis. 24
Croatia, Cyprus, Bulgaria and Romania: To the extent that it amends the Regulation establishing the ETIAS, this proposal builds on the conditions of entry as described in Article 6 of Regulation (EU) 2016/399, which were to be applied by those Member States upon accession to the European Union. To the extent that this proposal tends to amend the Regulations establishing VIS, SIS and EES, the full application by the four Member States concerned depends on a unanimous Council decision lifting the controls at internal borders with them; in the meantime, account should already be taken of Council Decisions 2010/365/EU 25 , (EU) 2017/733 26 , (EU) 2017/1908 27 and (EU) 2018/934 28 .