PURPOSE: to establish a European agency for the operational management of large-scale IT systems in the area of freedom, security and justice (the Agency).
LEGISLATIVE ACT: Regulation (EU) No 1077/2011 of the European Parliament and of the Council establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice.
CONTENT: on the basis of a text agreed with the European Parliament, the Council adopted this Regulation establishing a European agency for the operational management of large-scale EU information technology systems. The Agency shall be responsible for the operational management of the second-generation Schengen Information System (SIS II – Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA), the Visa Information System (VIS - Regulation (EC) No 767/2008) and Eurodac – CNS/1999/0116) . It will also be responsible for the management of any other IT systems, which might be developed in the area of freedom, security and justice in the future. However, any integration of further systems will require a specific decision by the Council and the European Parliament.
Current EU information systems:
· SIS II is currently under construction and was launched to replace the existing Schengen Information System (SIS I+). The global schedule presented by the Commission at the Council meeting in October 2010 provides for entry into operation of the SIS II by the first quarter of 2013. The Schengen Information System is a common database with stringent data protection rules that facilitates the exchange of information on persons and objects between national law enforcement authorities responsible, inter alia, for border controls and other customs and police checks.
· VIS is another database under preparation. It will support the implementation of the common visa policy and facilitate effective border control by enabling Schengen member states to enter, update and consult visa data, including biometric data, electronically. For the VIS to go live, the central VIS, managed by the Commission, the national VIS of each individual Member State as well as preparations at the external border crossing points and in the consulates of the first roll-out region (North Africa) must be ready. The central VIS is expected to be ready by the end of June 2011. The whole system should start operating in the autumn 2011.
· EURODAC is an existing IT system - currently managed by the European Commission - for comparing the fingerprints of asylum seekers and illegal immigrants, in order to facilitate the application of the Dublin II Regulation, which makes it possible to determine the Member State responsible for examining an asylum application (the country through which the asylum seeker first entered the EU).
Operational management, for which the Agency is responsible, shall consist of all the tasks necessary to keep large-scale IT systems functioning in accordance with the specific provisions applicable to each of them, including responsibility for the communication infrastructure used by them. Those large-scale IT systems shall not exchange data or enable sharing of information or knowledge, unless so provided in a specific legal basis.
Objectives: the Agency shall ensure:
· effective, secure and continuous operation of large-scale IT systems;
· the efficient and financially accountable management of large-scale IT systems;
· an adequately high quality of service for users of large-scale IT systems;
· continuity and uninterrupted service;
· a high level of data protection, in accordance with the applicable rules, including specific provisions for each large-scale IT system;
· an appropriate level of data and physical security, in accordance with the applicable rules, including specific provisions for each large-scale IT system; and
· the use of an adequate project management structure for efficiently developing large-scale IT systems.
Tasks: the Regulation sets out the tasks specific to SIS II, VIS and Eurodac, as well as the tasks relating to the communications infrastructure. In addition, the Agency should perform tasks relating to training on the technical use of SIS II, VIS and Eurodac and other large-scale IT systems which might be entrusted to it in the future.
Moreover and only upon the specific and precise request of the Commission, which shall have informed the European Parliament and the Council at least 3 months in advance, and after a decision by the Management Board, the Agency may carry out pilot schemes for the development or the operational management of large-scale IT systems, in the application of Articles 67 to 89 TFEU. The Agency shall on a regular basis keep the European Parliament, the Council and, where data protection issues are concerned, the European Data Protection Supervisor, informed of the evolution of the pilot schemes.
Seat: the seat of the Agency will be in Tallin, Estonia. The tasks related to development and operational management will be carried out in Strasbourg, France. A backup site will be installed in Sankt Johann im Pongau, Austria.
Structure: the Agency’s administrative and management structure shall comprise: (a) a Management Board; (b) an Executive Director; (c) Advisory Groups. The Regulation sets out the tasks of each of these. The structure must include a Data Protection Officer, a Security Officer; and an Accounting Officer.
Each Member State which is bound under Union law by any legislative instrument governing the development, establishment, operation and use of a particular large-scale IT system, as well as the Commission, shall appoint one member to the Advisory Group relating to that large-scale IT system, for a three-year term, which may be renewed. As regards Denmark, it shall also appoint a member to an Advisory Group relating to a large-scale IT system, if it decides to implement the legislative instrument governing the development, establishment, operation and use of that particular large-scale IT system in its national law.
Access to data: on the basis of a proposal by the Executive Director, and not later than 6 months after 1 December 2012, the Management Board shall adopt rules concerning access to the Agency’s documents, in accordance with Regulation (EC) No 1049/2001.
Evaluation: within 3 years from 1 December 2012, and every 4 years thereafter,
Budget: the revenue of the Agency shall consist of: (a) a subsidy from the Union; (b) a contribution from the countries associated with the implementation, application and development of the Schengen acquis and Eurodac-related measures; (c) any financial contribution from the Member States.
ENTRY INTO FORCE: 21/11/2011. The Agency shall take up part of its responsibilities from 1 December 2012.