Annexes to COM(2016)655 - Implementation of Regulation 767/2008 on the Visa Information System (VIS), the use of fingerprints and biometrics/REFIT Evaluation

Please note

This page contains a limited version of this dossier in the EU Monitor.

dossier COM(2016)655 - Implementation of Regulation 767/2008 on the Visa Information System (VIS), the use of fingerprints and biometrics/REFIT ...
document COM(2016)655 EN
date October 14, 2016
agreements and by making it overall easier to conclude new agreements. It would also be beneficial for applicants because it would remove the uncertainty over the way the procedure is conducted in the case of representation.

Integration of VIS Mail into the VIS

In order to make exchanges between the central system and the national systems more coherent, the VIS Mail mechanism for consultations should be integrated into the VIS infrastructure. Such a measure would also make it easier for the Member States to perform their tasks, because there would be fewer systems to manage and maintain at national level. This measure could be accompanied by an examination of the necessary messages/notifications (e.g. consular cooperation, VLTV 23 issue notifications) to be run through the VIS Mail.

Multiple fingerprint collection within 59 months

A possible solution to address the current issue with the 59-month rule on copying fingerprints could be to have each consulate issue a receipt certifying that it collected the fingerprints of a particular applicant on a particular date. The person concerned would be instructed to present this receipt when applying for a visa again within the next 59 months.

Access to the VIS for law enforcement purposes

Given the recent introduction of access to the VIS for the purposes of preventing, detecting and investigating terrorist offences and other serious criminal offences, further information and evidence are necessary to identify why the system has so far been consulted infrequently for this purpose.

In future, law enforcement authorities could be given the possibility to search the VIS using latent fingerprints and photographs. This would make such searches more useful and efficient.

Use of the VIS on a systematic basis at borders

Member State authorities should be encouraged to comply with the existing obligation to perform mandatory checks against the VIS using the visa number in combination with the visa holder’s fingerprints. Practical information on visa checks at external borders is available in the Practical Handbook for border guards and was updated in line with the full roll-out of the system. In addition, the planned increased interoperability between the information systems available at the external borders may facilitate and speed up the required checks. Since delays in border crossings are one of the main obstacles to systematic checks against the VIS, this increased operability and the development of the entry-exit system should have a positive impact.

Use of the VIS to identify people apprehended in connection with the irregular crossing of an external border or found to be illegally staying in a Member State

Member States should consider introducing systematic checks of irregular migrants without valid travel documents within the territory so that they can be identified for the purpose of return. Although third countries often do not consider data collected from the VIS as sufficient evidence for issuing travel documents for the purpose of return, the system can still be useful for establishing the nationality and in subsequent investigations. Furthermore, most recent EU readmission agreements qualify the results of searches in the VIS as proof of nationality.

The VIS is currently used for return purposes only to a very limited extent. However, the VIS could play a much more significant role if given the possibility to store a scanned data page of the visa applicant’s passport. Providing Member States with the possibility to access a copy of the passport of an irregular migrant could improve the chances of effective return and accelerate the procedure. This would also enable more returns to be carried out on the basis of the EU travel document for return purposes 24 combined with a copy of the passport.

Systematic use of the VIS for asylum applications

The potential of the VIS for asylum purposes should be exploited by all Member States in a more systematic manner. All Member States should be encouraged to use the VIS for asylum purposes to:

• determine the Member State responsible for examining an asylum application in order to ensure a more effective and uniform practice; and

• when examining the substance of the asylum application in order to help establish the applicant’s identity and credibility.

As regards the Dublin procedure, the proposal for a recast of the Dublin III Regulation 25 provides for an obligation for Member States to search in the VIS. In future, asylum authorities should be allowed access to check the purpose of travel, as part of the credibility assessment.

Data protection

National data protection authorities should be invited to carry out quality controls on the information provided to data subjects by diplomatic missions, consular posts and external service providers, and to carry out more systematic checks, including audits of the national VIS.

Increased search efficiency to combat fraud

The VIS has significantly improved the fight against identity fraud in the visa procedure and at borders, essentially by using biometrics. The scope of second line searches at borders for travellers for whom it is physically impossible to check with fingerprints (or for whom fingerprinting was physically impossible at the time of applying for a visa) could be broadened to allow inexact results. Such results would provide more information to border guards, enabling them to establish whether any suspicion of fraud exists.

Statistics based on VIS data

On the production of statistics, entrusting eu-LISA with the task of generating reports on behalf of Member States seems the appropriate step forward. Similar to what has been proposed for the EES, eu-LISA could be required to establish a central repository of data and make it available on a regular basis to the Commission, Member States, and EU agencies (such as Frontex or Europol). For this purpose, eu-LISA should be entrusted with keeping also the records of data processing operations carried out in the application of Decision 2008/633/JHA. In the longer run it should be made possible for these data to be combined with those of other databases (e.g. EES) in order to generate strategic reporting on migration trends. Member States could then have access to:

- technical statistics (creation of visa application files, searches, border authentications per hour, day, month, year etc.);

- figures about the VIS performance against the objectives (both overall data and per Member State);

- business intelligence and analytics on the VIS data (possibility of a separate repository similar to the one in EES), considering all Member States’ visa activity. In this respect, the task of producing visa statistics could be transferred from the Commission (task allocated to it in the Visa Code) to eu-LISA.

In addition, the report on the technical functioning of the VIS currently produced by eu-LISA every two years could be made annual. This would improve the monitoring of the system and align the relevant provisions with those of similar instruments (SIS, Eurodac).

A revised VIS Regulation should enable the Commission to request that eu-LISA provide statistics on specific aspects of the system’s implementation or on Member States’ implementation of various VIS-related policy aspects, in particular data necessary for the Schengen evaluations of the Member States.


4.2.Other possible future developments of the VIS

In addition to learning the lessons from the past application of the VIS legal framework, attention must also be directed towards VIS’s potential future uses. In a world ever more interconnected and with the complex inter-linkages of the various policy areas, the VIS offers multiple unquantifiable benefits in border security. These include potential easy and low cost interconnectivity with:

• existing EU systems (SIS, Eurodac);

• upcoming EU systems (EES);

• databases (Stolen and Lost Travel Documents).

Following the Communication on Stronger and Smarter Information Systems for Borders and Security 26  (‘Smart Borders’ Communication) adopted on 6 April 2016, the Commission set up a High Level Expert Group on Information Systems and Interoperability, tasked with addressing the legal, technical and operational aspects of the different options to achieve interoperability of the SIS, VIS and Eurodac. A final report with recommendations is expected by mid-2017, which may result in legal amendments to the VIS in order to achieve interoperability with other systems.

Furthermore, a legislative proposal to establish an EU Travel Information and Authorisation System (ETIAS) will be presented before the end of the year, along with new tasks for eu-LISA, including developing a central monitoring capacity for data quality for all systems.

In progressing and implementing further technical and operational interoperability and new functions the fundamental right to protection of personal data as recognised in Article 8 of the Charter of Fundamental Rights, and in particular the purpose limitation principle deriving from that right 27 must be taken into account.

In exploring interoperability of large scale systems special consideration should be given to data protection by design - requirements as mentioned in Article 25 of the new General Data Protection Regulation 2016/679 and Article 20 of the Data Protection Police Directive 2016/680.

Additionally, the eu-LISA evaluation conducted in 2015 28 found that to ensure full coherence of the operational management of the VIS, Commission's responsibilities regarding the communication infrastructure should be transferred to eu-LISA. Some of these initiatives and findings will require amendments to the VIS legal instruments and other legal acts.

The evaluation highlighted some interest from Member States in also having information on national long-stay visas, including biometrics registered in the VIS.

The possibility to adapt the configuration of the central system to better respond to the need to rapidly and efficiently adapt to availability needs in periods of disruption should also be analysed.

In order to allow eu-LISA to test the various VIS functions more realistic testing solutions in line with the applicable data protection framework should be facilitated for eu-LISA.

Finally, as indicated by the study on the reliability of fingerprinting of children below the age of 12 29 , and taking into account the 2016 Commission Report on human trafficking 30 , the possibility to reduce the age limit for collecting fingerprints of children to 6 years of age should be further explored, taking into account the best interests of the child and in order to assess in particular its potential to assist in identifying victims of trafficking in human beings and detecting traffickers.


4.3.Possible legislative revisions

Some of the shortcomings identified in the evaluation of the VIS legal framework and some of the recommendations for improvement can only be addressed through a revision of the VIS legal base. This would include, for example:

• transferring the responsibility for producing statistics to eu-LISA;

• interconnectivity with other systems;

• improved data quality rules and the production of data quality reports;

• scrapping obsolete provisions of the current law (e.g. on the roll-out, the setup and transition to VIS Mail or various transition periods).

Where a legislative revision is envisaged and where appropriate, the Commission will conduct an impact assessment that will analyse and assess the likely impacts of the different policy options for such a proposal.

(1) In this document, ‘Member States’ means Schengen Member States, i.e. EU Member States that are Schengen members, as well as the Schengen Associated countries.
(2) Regulation (EU) No 604/2013 replacing Regulation (EC) No 343/2003, OJ L 50 of 25.2.2003, p. 1.
(3) Cf. Council conclusions of 19.2.2004, point 1(g) of its Annex.
(4) Cf. Articles 5(1)(e) and 15 of the Schengen Convention.
(5) Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) OJUE L 218, 13.8.2008, p. 60.
(6) Council Decision No 512/2004 establishing the Visa Information System (VIS) OJUE L 213, 15.06.2004, p. 5.
(7) Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences, OJUE L 218, 13.08.2008, p. 129.
(8) Regulation (EC) No 810/2009 of the European Parliament and of the Council of 13 July 2009 establishing a Community Code on Visas, OJ L 243, 15.9.2009, p. 1.
(9) Austria, Belgium, Czech Republic, Estonia, France, Germany, Greece, Iceland, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Slovakia, Sweden, and Switzerland.
(10) JRC-IPSC ‘Fingerprint Recognition for Children’ (Report EUR 26193 EN).
(11) 14 out of the 19 Member States which have contributed.
(12) 17 Member States.
(13) 12 Member States.
(14) For details see section 6.1.3 Facilitating the fight against fraud in the accompanying CSWD.
(15) 14 Member States.
(16) Based on the input received from nine Member States.
(17) 15 Member States.
(18) 12 Member States.
(19) Decision 2008/633 became applicable only in September 2013 and by December 2015 most of the 16 Member States that had used the VIS for law enforcement purposes, had been doing so for a few months.
(20) For details see Section 6.2 ‘Efficiency’ in the Commission staff working document and Section 3.5 of Annex 2.
(21) Proposal for a Regulation of the European Parliament and of the Council establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third country nationals crossing the external borders of the Member States of the European Union and determining the conditions for access to the EES for law enforcement purposes and amending Regulation (EC) No 767/2008 and Regulation (EU) No 1077/2011, COM(2016) 194 final.
(22) The VIS was used for asylum purposes for the Dublin procedure by 12 Schengen Member States and for examining an asylum application by 15 Member States, though the vast majority of the searches were carried out by four Member States only. For further details see Section 6.1.6 of the SWD and Section 1.6 of Annex 2 of the SWD.
(23) Visas with limited territorial validity.
(24)

 Proposal for a Regulation of the European Parliament and of the Council on a European travel document for the return of illegally staying third-country nationals, COM(2015) 668 final, 15.12.2015.

(25) COM(2016) 270 final.
(26)

     COM(2016) 205 final.

(27) Article 4 (1) b) of Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data.Article 6 (1) b) of the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, later replaced by Article 5 (1) b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1–88.Article 3 of the Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters, later replaced by Article 4 (1) b) of Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA, OJ L 119, 4.5.2016, p. 89–131.
(28) "Independent external evaluation of the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice - eu-LISA", ISBN: 978-92-79-58236-3, Catalogue number, DR-01-16-464-EN-N.
(29) See Report EUR 26193 EN, ‘Fingerprint Recognition for Children’, carried out by the JRC.
(30)

     Commission staff working document accompanying the document Report from the Commission to the European Parliament and the Council on the progress made in the fight against trafficking in human beings, SWD(2016) 159 final.