Second generation Schengen Information System (SIS II): establishment, operation and use  
2005/0103(CNS) - 12/06/2007  

PURPOSE: the establishment of SIS II and to lay down specific provisions on the processing of data for police and judicial cooperation in criminal matters.

LEGISLATIVE ACT: Council Decision 2007/533/JHA on the establishment, operation and use of the second generation Schengen Information System (SIS II).

BACKGROUND: this Decision forms part of a package of legislation defining the legal basis for SIS II. Given the different policy areas involved and the cross-pillar nature of the SIS, three legislative acts had to be adopted: two Regulations and one third pillar Decision. The package is as follows:

The fact that the legislative package consists of separate instruments does not, however, effect the principle that SIS II constitutes one single information system and that it should operate as such. Certain provisions of all three legislative acts are, as a result, identical.

The Schengen Information System (SIS), which was set up in the mid 1980’s is an essential tool for the application of the Schengen acquis.  It allows the Member States, through an automatic query procedure, to obtain information on a suspected person when an alert has been sent out. Information thus obtained can be used:

  • for police and judicial cooperation in criminal matters;
  • for controls on persons both at the external borders of the EU or within a national state;
  • for issuing visas and residence permits.

It acts as an indispensable component of Schengen by offering those participating in the Schengen Agreement a high level of security.

When first established SIS was organised on an intergovernmental basis. However, in 2004 with the enlargement of the EU, it was decided to assign the technical development of the second generation SIS to the Commission. The necessary financial resources from the EU’s budget for the realisation of this project were allocated accordingly. (See Council Regulation (EC) No 2424/2001).

CONTENT: the purpose of this Decision, therefore, is the establishment of the second generation Schengen Information System (SIS II) in order to ensure a high level of security within the area of freedom, security and justice. It constitutes the necessary legislative basis for governing SIS II.

This Decision establishes the conditions and procedures for the entry and processing in SIS II of:

  • alerts on persons and objects;
  • the exchange of supplementary information; and
  • additional data for the purpose of police and judicial cooperation in criminal matters.

Specifically the Decision also lay down provisions on:

  • the technical architecture of SIS II;
  • the responsibilities of the Member States and the Management Authorities;
  • general data processing;
  • the rights of persons concerned; and
  • liability issues.

The Decision specifies the technical architecture and financing of SIS II; it lays down rules concerning its operation and use; the categories of data to be entered into the system; the purpose for which data is to be entered; the criteria for their  entry; the authorities authorised to access the data; the interlinking of alerts and further rules on data processing and the protection of personal data.

SIS II includes a central system (Central SIS II) and national applications. The expenditure involved in the operation of Central SIS II and related communication infrastructure is to be charged to the general budget of the EU.

In other provisions, the Decision:

  • establishes a manual that sets out the detailed rules for the exchange of certain supplementary information on alerts;
  • awards the Commission, for a transitional period only, responsibility for the operational management of Central SIS II and parts of the communication infrastructure. (The transitional period should last for no longer than five years);
  • specifies that SIS II is to contain alerts on persons wanted for arrest for surrender purposes and wanted for arrest for extradition purposes;
  • sets out provisions regarding the exchange of supplementary information, particularly, data relating to the European Arrest Warrant;
  • specifies that SIS II should contain alerts on missing persons, on persons and objects for discreet checks or specific checks, and on objects for seizure or use as evidence in criminal proceedings;
  • specifies that alerts should not be kept on SIS II for longer than needed. As a general principle, alerts should be erased from SIS II after a period of three years. Alerts on objects entered for discreet checks or specific checks should be automatically erased from SIS II after five years. Alerts on objects seized for use as evidence should be automatically erased from SIS II after a period of 10 years;
  • allows for the processing of biometric data in order to assist in the reliable identification of individuals. By the same token SIS II will also allow for the processing of data concerning individuals whose identify has been misused in order to avoid inconvenience caused by the misidentification;
  • allows Member States to add an indication, called a flag, to an alert, meaning that the action to be taken on the basis of the alert will  not be taken on its territory. When a flag has been added and the whereabouts of the person wanted for arrest for surrender becomes known, the whereabouts should always be communicated to the issuing judicial authority, which may decide to transmit a European Arrest Warrant;
  • makes it possible for Member States to establish links between alerts in SIS II;
  • specifies that data processed in connection with this Decision must not be transferred, or made available, to third countries;
  • states that personal data processed in the context of this Decision should be protected in accordance with the principles set out in the Council of Europe Convention for the protection of individuals with regard to automatic processing of personal data; as should Regulation (EC) No 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and the free movement of such data;
  • states that national supervisory authorities responsible for personal data will monitor the processing of personal data relating to this Regulation; as will the European Data Protection Supervisor;
  • requires the Member States and the Commission to draw up a security plan in order to facilitate the implementation of security obligations and requires them to cooperate with each other in order to address common security issues;
  • allows Europol and Eurojust direct access to SIS II data – subject to certain conditions;
  • requires the Commission to prepare a report on the technical functioning of Central SIS II and the communications infrastructure every two years. An overall evaluation should be prepared by the Commission every four years;
  • specifies the technical rules on entering data, including data required for entering an alert, updating, deleting and searching data, rules on compatibility and priority of alerts, links between alerts and the exchange of supplementary information etc. are to be prepared by the Commission through implementing powers; and
  • finally sets out appropriate transitional provisions in respect of alerts issued in SIS 1+, which are to be transferred to SIS II.

The Decision applies to the United Kingdom, Ireland, Norway, Iceland and Switzerland.

ENTRY INTO FORCE: 27 August 2007.

For countries participating in SIS 1+ is will apply on a date to be fixed by the Council.