PURPOSE: to establish an Agency for the operational management of large-scale IT systems in the area of freedom, security and justice.
PROPOSED ACT: Regulation of the European Parliament and of the Council.
BACKGROUND: on the basis of the Schengen Convention (1985), the Schengen Information System (SIS) was established to maintain public policy and public security, including national security. Since then, the system has been great improved and extended, leading to the second-generation Schengen Information System (SIS II), established by Regulation (EC) No 1987/2006 of the European Parliament and of the Council and Council Decision 2007/533/JHA.
At the same time, the Visa Information System (VIS) was established by Regulation (EC) No 767/2008 of the European Parliament and of the Council enabling consulates and other competent authorities of the Member States to exchange visa information for the purposes of facilitating the visa application procedure, preventing 'visa shopping' and contributing to the fight against fraud in the framework of the implementation of Council Regulation (EC) No 343/2003 establishing the criteria and mechanisms for determining the Member State responsible for examining an asylum application (Dublin Regulation).
Lastly, EURODAC was established to facilitate the application of that Regulation (see CNS/1999/0116) by enabling Member States to identify asylum seekers as well as persons having crossed an external border of the Community illegally, by comparing their fingerprints with those in an existing database.
At present, the central systems of the SIS II and VIS (CS-SIS and central VIS) are located in Strasbourg (France), whereas the back-up central systems (back-up CS-SIS and back-up central VIS) are located in Sankt Johann im Pongau (Austria). The Commission is entirely responsible for the management of EURODAC.
In joint statements accompanying the SIS II and VIS legal instruments, the Council and the European Parliament invited the Commission, following an Impact Assessment containing a substantive analysis of alternatives, from the financial, operational and organisational perspective, to present the necessary legislative proposals entrusting an agency with the long term operational management of SIS II and VIS. After the analysis of different options, a new Regulatory Agency was found to be the most feasible alternative for carrying out the tasks of a "Management Authority" for these systems in the long term. That is why the Commission is now proposing the current legal framework.
The approach of a single entity for the management of the three systems will result in economies of scale both in terms of capital and human resources.
IMPACT ASSESSMENT: the Commission carried out an impact assessment. Following a pre‑screening process, five possible options to achieve the objective of long-term operational management of SIS II, VIS and EURODAC were retained and further analysed:
- Option 1: baseline: the operational management solution for SIS II and VIS (namely, entrusting management tasks to Member States' authorities). Currently, the Commission manages EURODAC and this solution would also be maintained;
- Option 2: Baseline+: the Commission would entrust the operational management tasks related to SIS II, VIS and EURODAC to Member States' authorities;
- Option 3: a new Regulatory Agency: a new Regulatory Agency would assume responsibility for the long-term operational management of SIS II, VIS and EURODAC;
- Option 4: FRONTEX: this Agency would manage the three systems, which would entail changes to both its basic act and its operational management structure;
- Option 5: EUROPOL: EUROPOL would manage SIS II, whereas the Commission would manage VIS and EURODAC. This option was considered while negotiations on the conversion of the current Europol Convention into a Community act were still ongoing (CNS/2006/0310).
As a result of a comparative analysis, the new Regulatory Agency option (option 3), which aims to create a joint management structure for SIS II, VIS and EURODAC, scored highest.
CONTENT: this proposal aims to establish an agency responsible for the operational management of the SIS II, VIS, EURODAC and other large-scale IT systems in application of Title IV of the EC Treaty and potentially for other large-scale IT systems in the area of freedom, security and justice (on the basis of a legal instrument to be adopted at a later date).
Legal particularity of the proposed plan: this legislative package contains two distinct proposals:
- this proposal for a Regulation covering the first pillar scope of SIS II, VIS and EURODAC; and
- a proposal for a Council Decision entrusting the Agency created by the Regulation with tasks related to the operation management of the SIS II and VIS systems in application of Title IV of the EC Treaty, and under the third pillar.
This established method for a legislative package of this nature is also applied in the entire legal instrument related to the SIS, in accordance with the relevant provisions of the Treaty.
Tasks: the Agency's core task will be to fulfil the operational management tasks for SIS II, VIS and EURODAC, keeping the systems functioning 24 hours a day, seven days a week, thus ensuring a continuous, uninterrupted flow of data exchange.
In addition to these operational tasks, the Agency shall assume responsibilities related to:
- adopting security measures;
- establishing and publishing reports and other types of information as well as monitoring;
- organising specific VIS and SIS II related training;
- implementing pilot schemes upon specific and precise request of the Commission;
- monitoring of research on the operational management of the SIS II, VIS and EURODAC and other potential information systems.
The Agency shall also be responsible for the tasks relating to the Communication Infrastructure which are referred to in the SIS II Regulation and Decision, the VIS Regulation and the EURODAC Regulation.
The Agency could also potentially be responsible for developing and managing other large-scale IT systems in the area of freedom, security and justice. This would be subject to legislative instruments establishing such systems that in turn would provide the Agency with the respective competences.
The Agency would also become a "centre of excellence" with specialised operational staff in order to ensure the highest level of efficiency and responsiveness, including for the development and operational management of other potential systems.
Governance structure: combining the systems in a joint Agency will make it possible to exploit synergies and share facilities and staff. The Agency's governance structure reflects the existing variable geometry which denotes a heterogeneous group of participating countries (EU Member States with different levels of participation in the information systems and associated countries).
The regulatory Agency shall be established as a Community body, having legal personality. The main body governing the Agency shall be a Management Board with an adequate representation of the Member States and the Commission. The representation of Member States should reflect each Member State's Treaty rights and obligations. The countries associated with the implementation, application and development of the Schengen acquis and the EURODAC related measures shall also participate in the Agency.
In addition to the Management Board, the governance structure shall include an Executive Director (appointed for five years) and advisory groups responsible for providing the Management Board with the expertise related to the respective IT systems. The procedure for appointing the Director and the Director’s tasks are set out in the proposal.
The Agency shall have all the characteristics of a Community body (financed by the Community budget, the Staff Regulations of Officials of the European Communities shall apply to the Agency’s staff, as well as rules on access to documents, linguistic regime, implementation of the budget and scrutiny of expenditure, under the discharge procedure, by the European Parliament, etc.).
Note that this proposal does not prejudge in any way the Council choice regarding the future headquarters of the Agency but the Commission insists that a choice be made quickly.
Rules on security and data protection: entrusting an Agency with the operational management of large-scale IT systems in the area of freedom, security and justice does not affect the specific rules governing the purpose, access rights, security measures and further data protection requirements applicable to those systems.
Evaluation: the Agency shall be subject to an evaluation three years after its implementation and every five years thereafter.
Territorial provisions: the legal frameworks of SIS II, VIS and EURODAC are characterised by variable geometry. On the one hand, Ireland and the United Kingdom participate in EURODAC but are only partly involved in SIS II, and do not participate in VIS, while Denmark is involved in all three systems on a different legal basis. On the other hand, a number of non-EU countries, namely Iceland, Norway, Switzerland and Liechtenstein, are or will be associated with the implementation, application and development of the Schengen acquis, and therefore participate both in SIS II and VIS.
BUDGETARY IMPLICATIONS: the Agency will be funded by the general budget of the European Union. The necessary appropriations to cover the activities of the Agency will come from the appropriations currently foreseen in the Financial Programming 2011-2013 in the budget lines:
- 18 02 04 "Schengen Information System (SIS II)";
- 18 02 05 "Visa Information System (VIS)";
- 18 03 11 "EURODAC".
Therefore, the proposal does not impact on the financial framework for 2007-2013.
The financial statement annexed to this proposal is based on the assumption that it will be adopted in 2010 in order for the Agency to be legally established in 2011 and become a fully fledged Agency in 2012.
Overall, the preparatory and start-up phase of the Agency between 2010 and 2013 is estimated at EUR 113 million, which will be covered by the 2007‑2013 financial framework.