Explanatory Memorandum to COM(2019)3 - Conditions for accessing the other EU information systems - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2019)3 - Conditions for accessing the other EU information systems. |
|---|---|
| source | COM(2019)3  |
| date | 07-01-2019 |
• Reasons for and objectives of the proposal
In September 2018, the Council and the European Parliament adopted two legislative acts, a Regulation establishing the European Travel Information and Authorisation System (‘ETIAS’) 1 and an amendment of the Europol Regulation for the purpose of establishing ETIAS 2 .
Establishing ETIAS is among efforts undertaken in recent years at EU level to enhance the security of citizens and prevent irregular migration in an open Europe, securing and continuing to strengthen the management of external borders 3 , 4 . The context and the establishment of the system were announced in the 2016 State of the Union speech. President Juncker said: ‘We will defend our borders […] with strict controls […] on everyone crossing them. Every time someone enters or exits the EU, there will be a record of when, where and why. In November [2016] we will propose a European travel information and authorisation system – an automated system to determine who will be allowed to travel to Europe. That way we will know who is travelling to Europe before they even get here”.
ETIAS will fill the information gap on travellers exempt from the requirement of being in possession of a visa when crossing the external borders. ETIAS will determine the eligibility of visa-exempt third-country nationals prior to their travel to the Schengen Area and whether such travel poses a security, irregular migration or high epidemic risk. ETIAS will also give travellers confidence that they would be able to cross the borders smoothly. If needed, ETIAS travel authorisation could be denied by ETIAS National Units.
The assessment of such risks will involve automated processing of personal data provided in the applications for travel authorisation. The ETIAS Regulation establishes that personal data in the applications will be compared with the data present in records, files or alerts registered in EU information systems or databases (the ETIAS Central System, Schengen Information System (‘SIS’), the Visa Information System (‘VIS’), the Entry/Exit System ‘(EES’) or Eurodac), in Europol data or in the Interpol databases (the Interpol Stolen and Lost Travel Document database (‘SLTD’) or the Interpol Travel Documents Associated with Notices database (‘TDAWN’)) 5 .
While the Regulation defines in its Article 20 which group of data from the ETIAS application files can be used to consult the other systems, not all those data are collected or recorded in the same way in the other EU information systems and Europol data. For instance in one of the systems, ‘country of issue of the travel document’ is collected while in another the same data is recorded in another way, e.g. as ‘three letter code of the issuing country of the travel document’. In other instances, a category of data is collected in one system but not in the other. For instance, ‘first names of parents of applicants’ are collected by ETIAS, but not in most of the other systems to be queried by ETIAS.
Also at the time the ETIAS proposal 6 was adopted, the situation as regards the different EU information systems to be queried by ETIAS was different from today. At the time the ETIAS proposal was adopted, two other new EU information technology systems had been proposed to be set up: discussions were ongoing on the EES Regulation 7 while the Commission’s proposal on the European Criminal Records Information System – Third Country Nationals (‘ECRIS-TCN’) 8 was just about to be proposed. As regards existing information systems, the legal texts of the SIS were evolving due to the proposed revisions to the SIS legal framework in December 2016, finally adopted by co-legislators in November 2018 9 . The recast of the Eurodac Regulation 10 had also been proposed by the Commission as part of the reform of the Common European Asylum System, but had not yet been adopted by co-legislators 11 . The recast Eurodac Regulation still remains to be adopted by co-legislators today.
Based on these considerations, the ETIAS Regulation stipulates, in its Article 11 i that: “The amendments to the legal acts establishing the EU information systems that are necessary for establishing their interoperability with ETIAS as well as the addition of corresponding provisions in this Regulation shall be the subject of a separate legal instrument”.
The present proposal therefore aims to set out the technical amendments necessary to fully set up the ETIAS system by amending the legal acts of the EU information technology systems ETIAS queries. The present proposal also sets out coresponding provisions and amends the ETIAS Regulation accordingly.
First, the present initiative sets out amendments to the Regulation on ECRIS-TCN, on which recently, an ‘agreement in principle’ was found by the co-legislators. Thus, in line with the intention expressed by co-legislators in the ETIAS Regulation 12 it is now possible to include in ETIAS the necessary provisions on the relationship between ETIAS and ECRIS-TCN and to amend ECRIS-TCN accordingly.
Secondly, the present initiative also aims to establish the relations between ETIAS and the SIS. The revised SIS legal framework has been adopted in November 2018. The present proposal includes consequential amendments resulting from the adoption of the new SIS Regulations. In line with the new SIS legal framework it is proposed to include the new alert category on inquiry checks 13 for the assessment of applications. It is not proposed to include the alert category on return decisions as such alerts are erased at the moment a return decision is implemented. This means that persons that apply for an ETIAS authorisation after having left the EU will – by definition – not have a return record in the SIS. Thirdly, the present initiative seeks to amend the EES Regulation to establish technically its relationship with ETIAS.
Fourthly, the initiative also aims at amending the VIS Regulation in order to allow VIS to receive, process and answer ETIAS queries. Although in May 2018, the Commission presented a proposal to amend the VIS Regulation in order to upgrade that database, the present initiative puts forward amendments to the VIS Regulation currently in force, as the negotiations on the proposal for the upgraded VIS are not sufficiently advanced. However, if the proposal to amend the VIS Regulation were to be adopted first, it could become necessary to introduce some technical changes in the present proposal to align it with the amended version of the VIS Regulation. If the present proposal is adopted first, some technical changes could be required in the proposal amending the VIS Regulation before its adoption.
In addition, following the adoption of both the EES Regulation and ETIAS Regulation, it is now required to align the way EES and ETIAS are working together on the way EES and VIS are integrated for the purpose of border control process and registration of border crossings in EES. This will rationalise and simplify the work of border guards through the implementation of a more uniform border control process for all third-country national entering for a short stay.
The present initiative however does not include the amendments related to Eurodac, the EU asylum and irregular migration database, given that discussions have not yet been concluded on the May 2016 legislative proposal to strengthen Eurodac 14 . Furthermore, the data available in the current Eurodac are not sufficient for ETIAS purposes, given that the existing Eurodac only stores biometric data and a reference number, but no other personal data (e.g. name(s), age, date of birth) that would allow for contributing to the objectives of ETIAS. The May 2016 legislative proposal for a recast Eurodac Regulation seeks to extend the purpose of the database to the identification of illegally staying third-country nationals and those who have entered the EU irregularly. In particular, it provides for the storage of personal data such as the name(s), age, date of birth, nationality, and identity documents. These identity data are essential to ensure that Eurodac will be able to contribute to the objectives of ETIAS.
Once the co-legislators reach political agreement on the recast Eurodac Regulation, the recast Eurodac Regulation will need to be supplemented with the necessary amendments to connect Eurodac to ETIAS. Additionally, once the co-legislators adopt the Commission’s legislative proposals 15 for the interoperability of information systems for security, border and migration management, and following political agreement on the proposal for a recast Eurodac Regulation, the Commission will apply the same approach with regards to the necessary amendments to make Eurodac part of the interoperability of information systems.
Finally, in line with the April 2016 Communication on 'Smarter Information Systems for borders and security', ETIAS is to be built based on a re-use of hardware and software components developed for the EES 16 . This is also the approach followed by the legislative proposals on the interoperability of information systems 17 . The technical development of the common identity repository and the European search portal as foreseen by the legislative proposals on the interoperability of information systems would be developed on the basis of the EES/ETIAS components.
This proposal therefore presents amendments to the ETIAS Regulation to specify that the ETIAS Central System would build upon the EES Central System’s hardware and software components in order to establish a shared identity repository for the storage of the identity alphanumeric data of both ETIAS applicants and third-country nationals registered in EES. This shared identity repository would be the basis for the implementation of the common identity repository once the co-legislators adopt the legislative proposals on the interoperability of information systems. Moreover, during a transitional period, before the European search portal is available, the automated processing of ETIAS applications would rely on a tool, which would be used as the basis for the development and implementation of the European search portal.
Due to the variable geometry in Member States' participation in EU policies in the area of freedom, security and justice, it is necessary to adopt two separate legal instruments which will nonetheless work seamlessly together to enable the comprehensive operation and use of the system.
• Existing provisions in the area of the proposal
ETIAS was established by Regulation (EU) 2018/1240 18 . The Regulation specifies the objectives of ETIAS, defines its technical and organisational architecture, lays down rules concerning the operation and the use of the data to be entered into the system by the applicant and rules on the issue or refusal of the travel authorisations, lays down the purposes for which the data are to be processed, identifies the authorities authorised to access the data and specifies rules to ensure the protection of personal data.
In line with the ETIAS Regulation, this proposal introduces amendments to the legal acts establishing the EU information systems that are necessary for establishing their relation with ETIAS. It also adds corresponding provisions in the ETIAS Regulation itself.
This proposal is without prejudice to Directive 2004/38/EC 19 . The proposal does not in any respect amend Directive 2004/38/EC.
• Consistency with other Union policies
This proposal is consistent with the European Agenda on Migration and subsequent communications, including the Communication of 14 September 2016 ‘Enhancing security in a world of mobility: improved information exchange in the fight against terrorism and stronger external borders’, as well as the European Agenda on Security 20 and the Commission’s work and progress reports towards an effective and genuine Security Union 21 .
2. LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY
• Legal basis
The legal basis for this proposal is composed of Article 82(1)(d) and Article 87(2)(a) of the Treaty on the Functioning of the European Union (TFEU).
Article 82(1)(d) TFEU allows the European Parliament and the Council to adopt measures to facilitate cooperation between judicial or equivalent authorities of the Member States in relation to proceedings in criminal matters and the enforcement of decisions.
Article 87(2)(a) TFEU allows the European Parliament and the Council to adopt measures concerning the collection, storage, processing, analysis and exchange of information that is relevant to police cooperation in relation to the prevention, detection and investigation of criminal offences.
Those two treaty provisions served as legal basis for the adoption of the Regulation (EU) 2018/1862 establishing the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters. They also serve as legal basis for this proposal to amend that regulation.
Article 82(1)(d) TFEU on judicial cooperation in criminal matters and the enforcement of decisions is also foreseen as legal basis for the proposal on ECRIS-TCN on which a political agreement has been reached between the co-legislators. It is therefore also the legal basis for this proposal to amend the ECRIS-TCN regulation assuming that the latter will be adopted.
• Subsidiarity
The Proposal contains amendments of Regulations setting up EU-wide information systems to manage the external borders and the security of an area without controls at internal borders. Such information technology systems can, by their nature, only be set up at EU level, and not by the Member States acting alone.
• Proportionality
This proposal elaborates further on principles already established by the legislator in the ETIAS Regulation.
This becomes apparent from the following elements.
The specifications as regards exchanges of data between ETIAS and each of the other EU information systems are in line with the exchanges of data provided by Articles 20 and 23 of the ETIAS Regulation.
The granting of access rights to identity data in the EU information systems (EES, VIS, SIS, ECRIS-TCN) by the ETIAS Central Unit falls within the scope of responsibilities assigned to the ETIAS Central Unit pursuant to Articles 7, 22 and 75 of the ETIAS Regulation.
The granting of access rights to the other EU information systems for the manual processing of application by the ETIAS National Units falls within the scope of responsibilities assigned to the ETIAS National Units pursuant to Article 8 and Chapter IV of the ETIAS Regulation.
Including in this proposal the inclusion of alerts concerning an inquiry check are coherent with the provisions on the support of objectives of SIS in Article 23 ETIAS Regulation.
This proposal is proportionate in that it does not go further than what is required in terms of action at EU level to reach the objectives.
• Choice of the instrument
A regulation of the European Parliament and the Council is proposed. The proposed legislation addresses the operation of central EU information systems for borders and security, all of which have been - or are proposed to be - established under regulations. As a consequence, only a regulation can be chosen as a legal instrument.
3. RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS
• Stakeholder consultations
The ETIAS proposal was developed on the basis of a feasibility study. As part of this study, the Commission collected the views of Member State experts on border control and security. In addition, the main elements of the ETIAS proposal were discussed in the framework of the High-Level Expert Group on Interoperability that was set up as a follow-up of the Communication on Stronger and Smarter Borders of 6 April 2016. Consultation took also place with representatives of the air, sea and rail carriers, as well as with representatives of EU Member States with external land borders. As part of the feasibility study, a consultation of the Fundamental Rights Agency was also undertaken.
This proposal only introduces limited technical changes, mirroring provisions that are already established in the ETIAS Regulation. These limited technical adjustments do not justify having separate stakeholder consultations.
• Impact assessment
This proposal is not supported by an impact assessment. The proposal is coherent with the ETIAS Regulation, the proposal of which was based on the results of the feasibility study conducted from June until October 2016.
As this proposal does not contains new political elements but merely introduces limited technical changes, mirroring provisions that are already established in the ETIAS Regulation, a impact assessment is not necessary.
Fundamental rights
As compared to the ETIAS Regulation, this proposal only specifies in more details which data is to be compared to which data in the other EU information systems and provides with the necessary amendments as regards granting access rights to those other systems to ETIAS Central and National Units. Therefore, this proposal complies with the Charter of Fundamental Rights of the European Union, in particular as regards the right to the protection of personal data, and is also in line with Article 16 TFEU which guarantees everyone the right to protection of personal data concerning them.
4. BUDGETARY IMPLICATIONS
The proposal does not have budgetary implications.
5. OTHER ELEMENTS
• Participation
To the extent that it aims to amend the Regulation establishing the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, this proposal builds upon the provisions of the Schengen acquis related to police cooperation and judicial cooperation in criminal matters, with consequences with regard to the application of protocols (No 19) and (No 22) to the TEU and the TFEU as well as of the agreements with associated countries.
To the extent that it aims to amend the proposed Regulation establishing a centralised system for the identification of Member States holding conviction information on third country nationals and stateless persons (ECRIS-TCN), there are consequences with regard to the application of protocols (No 21) and (No 22); there are no agreements with associated countries on this subject matter.
The consequences are as follows, presented per country.
Denmark: As far as the SIS (police cooperation) is concerned, according to Article 4 of Protocol 22 on the position of Denmark annexed to the Treaties, Denmark shall decide, within a period of six months after the Council has decided on this Regulation, whether it will implement this proposal, which builds upon the Schengen acquis, in its national law. As far as ECRIS-TCN is concerned, this proposal does not apply to Denmark, in view of Article 1 of Protocol 22.
The United Kingdom: As far as the SIS (police cooperation) is concerned, in accordance with Article 5 of Protocol (No 19) and Article 8 i of Council Decision 2000/365/EC of 29 May 2000, concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis, the United Kingdom is bound by this Regulation. As far as ECRIS-TCN is concerned, Article 3 and 4a of Protocol (No 21) give the United Kingdom the faculty to opt into the measure proposed.
Ireland: As far as the SIS (police cooperation) is concerned, in accordance with Article 5 of Protocol (No 19) and Article 6 i of Council Decision 2002/192/EC of 28 February 2002 concerning Ireland's request to take part in some of Ireland is bound by this measure. As far as ECRIS-TCN is concerned, Article 3 and 4a of Protocol (No 21) give Ireland the faculty to opt into the proposed measure; this would require that Ireland opt into the ECRIS-TCN regulation which is proposed to amend as well as into the entire ECRIS acquis.
Bulgaria and Romania: As far as the SIS (police cooperation) is concerned, this proposed Regulation constitutes an act building upon, or otherwise relating to, the Schengen acquis, within the meaning of Article 4 i of the 2005 Act of Accession. This proposed regulation has to be read in conjunction with Council Decision 2010/365/EU of 29 June 2010 which rendered applicable, subject to some restrictions, the provisions of the Schengen acquis related to the Schengen Information System in Bulgaria and Romania. As far as ECRIS-TCN is concerned, Bulgaria and Romania are not different from other Member States.
Cyprus and Croatia: As far as the SIS (police cooperation) is concerned, this proposed regulation constitutes an act building upon, or otherwise relating to, the Schengen acquis within, respectively, the meaning of Article 3 i of the 2003 Act of Accession and Article 4 i of the 2011 Act of Accession. With regard to Croatia, it should be read in conjunction with Council Decision (EU) 2017/733 of 25 April 2017 on the application of the provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Croatia 22 . As far as ECRIS-TCN is concerned, Cyprus and Croatia are not different from other Member States.
Associated Countries: On the basis of the respective agreements associating those countries with the implementation, application and development of the Schengen acquis, Iceland, Norway, Switzerland and Liechtenstein are to be bound by the Regulation proposed to the extent that it concerns the SIS (police cooperation) Regulation.