Questions and Answers: Schengen Information System (SIS II)
European Commission - MEMO/13/309 09/04/2013
Other available languages: none
Brussels, 9 April 2013
Questions and Answers: Schengen Information System (SIS II)
What is Schengen?
Today, the Schengen area is encircled by 42 673 km of sea borders and 7 721 km of land borders; it was established by the 1985 Schengen Agreement that set out the gradual abolition of checks at common borders. The Agreement was supplemented by the 1990 Schengen Implementing Convention that set out the final abolition of internal border controls, as well as a series of necessary accompanying measures.
The Schengen Agreement has made passport-free travel possible for over 400 million Europeans. From the initial five, the Schengen area now includes 26 countries. The participating countries apply common rules for checks at the external borders of the Schengen area, as well as on the issue of visas and co-operation between police and judicial services in criminal matters.
In 2011, the European Commission proposed to strengthen the Schengen area. This proposal includes a stronger EU-level system for evaluating EU States’ application of Schengen rules and for taking decisions on the temporary reintroduction of internal border controls in case of serious threats to public policy or internal security. Moreover, the Commission launched bi-annual debates with the European Parliament and the Council on the political governance of the Schengen area.
What is the Schengen Information System II (SIS II)?
The Schengen Information System (and the second generation of the system - SIS II) is at the heart of Schengen cooperation. As a key compensatory measure for the abolition of internal border checks the SIS II therefore continues to play crucial role in facilitating the free movement of people within the Schengen area.
SIS II allows competent national authorities to issue and consult alerts on persons who may have been involved in a serious crime or may not have the right to enter or stay in the EU. It also contains alerts on missing persons, in particular children, as well as information on certain property, such as banknotes, cars, vans, firearms and identity documents, that may have been stolen, misappropriated or lost.
Being a state-of-the-art IT system and one of the largest of its kind worldwide, it will ensure strong data protection.
It will consist of three components: a Central System, Schengen States’ national systems and a communication infrastructure (network) between the Central and the national systems.
Why do we need to replace the current SIS?
The Member States have decided to replace the inter-governmental SIS system which has been in operation since the mid -1990's with a more up-to date system offering additional functionalities.
SIS II will enhance the exchange of information for certain categories of persons & objects between national border control, police, customs, visa, immigration, judicial and vehicle registration authorities (as well as Europol and Eurojust) in the Schengen Area, increasing security and facilitating free movement.
New functionalities of the SIS II:
What were the steps to get to SIS II?
In 1998, a preliminary study was launched to assess the potential development of the system and to examine different options and various improvements, which the SIS could embrace. Meanwhile an updated version of the SIS was developed (SIS I+) when the Nordic Countries joined Schengen which included the possibility of linking two or three additional countries to the system. The upgrade was also meant to improve the performance of the C.SIS and make it easier to manage and maintain.
The Council, in its Decision and Regulation of 6 December 2001, gave a mandate to the Commission to develop the SIS II to be funded by the EU budget. The Commission launched the technical implementation in October 2004.
SIS II has been developed by an external contractor, supervised by the European Commission in cooperation with the Member States. The initial target date for the delivery of the SIS II was March 2007.
Why has it taken so long to start operations?
Development of one of the largest information system in the field has had its difficult periods. Considering the scale of the project and the changing legal, technical and political environment, the initial time set for this project was perhaps too ambitious. The development of technical solutions took longer than expected but the Commission and the Member States did not want to compromise neither the quality nor safety of the new SIS II.
The Commission has regularly kept the European Parliament fully informed of the developments of this project and has published regular reports.
What are the costs of SIS II?
At the end February 2013, the total budgetary commitments made by the Commission on the SIS II project since 2002, amounts to EUR 167 784 606. The corresponding contracts include feasibility studies, the development of the Central SIS II itself, support and quality assurance, the SIS II network, preparation for operational management in Strasbourg, security, biometrics preparations, communication and experts' mission expenses.
The main expenditure items were development (EUR 85 581 606), the network (EUR 45 335 129), support and quality assurance (EUR 15 942 064) and preparation for operational management in Strasbourg and Sankt Johann im Pongau (EUR 12 998 242).
What data can be stored in SIS II?
SIS II provides information on individuals who do not have the right to enter or stay in the Schengen area, or on those who are sought in relation to criminal activities. SIS II also contains information on missing persons, in particular children or other vulnerable individuals who are in need of protection, or in order to prevent threats. Details of certain objects are also recorded in SIS II, for example, cars, firearms, boats, and identity documents that may have been lost or stolen or used to carry out a crime.
Data on persons stored in the SIS II are the data necessary to locate a person and confirm his/her identity (including newly a picture and fingerprints) as well as relevant information about the alert (including the action to be taken). As soon as this becomes technically possible, fingerprints may also be used to identify a third-country national on the basis of the biometric identifier.
What are the reasons for issuing an alert?
In essence, the relevant national authority in one country may issue an ‘alert’ which describes the person or object being sought. Reasons for issuing an alert are:
Which authorities may access the data?
Access to SIS II is limited to the national border control, police, customs, judicial, visa and vehicle registration authorities. These authorities may only access the SIS II data that they need for the specific performance of their tasks. The European Agencies EUROPOL and EUROJUST have limited access rights to carry out certain types of queries.
What is SIRENE cooperation?
SIRENE stands for Supplementary Information Request at the National Entry. SIRENE Bureaux are set up in every Schengen Member State and provide supplementary information on alerts and coordinate activities in relation to alerts in the Schengen Information System. For example SIRENE ensures that appropriate action is taken if a wanted person is arrested, a person who has been refused entry to the Schengen area tries to re-enter, a missing person is found, a stolen car or ID document seized, etc. SIRENE Bureaux also exchange data important for police and judicial co-operation, conducts database queries, and coordinates cross-border operations.
What is the role of eu-LISA?
The eu-LISA agency will be responsible for the operational management of the central site of the Schengen Information System II, currently doing the same for Eurodac and Visa Information System (VIS), which are all essential instruments in the implementation of EU asylum, migration and border management policies. At a later stage, after gradually building up its expertise, the Agency will develop into a centre of excellence for the development and operational management of other future systems in this policy area.
The core task of the Agency is to keep the IT systems under its responsibility, functioning 24 hours a day, seven days a week, ensuring the continuous, uninterrupted exchange of data between national authorities. The Agency is also responsible for adopting and implementing security measures, organising training for IT experts on the systems under its management, reporting, publishing statistics and monitoring of research activities. The Agency needs to maintain the complete separation of data in the three systems and ensure that security and strict data protection requirements are fully met.
What rights does a person have concerning the data processed in the SIS II?
Any person may bring an action before the courts or authority competent under the law of any Member State to access, correct, delete or obtain information or to obtain compensation in connection with an alert relating to him.
What is the right of access?
Any person has the right to access data related to them and entered in the SIS II. The rules on access are exercised in accordance with the national law of the Member State concerned. Access may only be refused when this is indispensable for the performance of a lawful task related to an alert and to protect the rights and freedoms of other people.
What is the right of rectification and deletion?
If a person believes that their personal information has been misused, needs to be corrected or deleted, they can request access in any Schengen country, by contacting the competent authority (in general the national data protection authority or the authority responsible for the quality of national data entered in SIS II). If they are outside of the Schengen area they may contact the consulate of a Schengen country in the country in which they currently live. They will be informed about the follow-up of their request within three months at the latest.
What is the right of information?
Subject to certain exceptions the third country nationals who are the subject of an alert have the right to be informed about it in writing.
What happens if my name is misused by someone involved in a crime or illegal entry in the Schengen area?
Sometimes a false identity is used when carrying out crimes or attempting to enter or stay in the Schengen area. This misuse often involves lost or stolen identity documents. If such a situation results in an alert being entered in the SIS II, it can cause difficulties for the innocent person whose identity has been stolen. However, detailed procedures have been put in place to protect the interests of these innocent persons.
The SIS II information campaign
The launch of the SIS II is to be accompanied by an information campaign, which will inform a world-wide and general public about the objectives, data stored, the authorities having access to it and the rights of persons who might be affected by the system. This information campaign (according to the SIS II Regulation) is carried out by the Commission in cooperation with the Member States and the European Data Protection Supervisor.
Is transfer of personal data to third parties possible?
No. Data processed in SIS II shall not be transferred or made available to third countries or to international organisations.
Who supervises data processing in the SIS II?
The authorities in every country using SIS II are obliged to check the quality of the information they enter in the system. In the Schengen area there are strict requirements on data protection. In each Schengen Member State the National Supervisory Authority ensures that an audit of the data processing operation within their national part of the SIS II. Such audits are at least every 4 years.
Similarly, the European Data Protection Supervisor shall check that the personal data processing activities in the eu-LISA are carried out lawfully and ensure that an audit of the eu-LISA's personal data processing activities is carried out in accordance with international audit standards at least every four years.
The National Supervisory Authorities and the European Data Protection Supervisor shall cooperate actively and ensure coordinated supervision of SIS II. They shall meet at least twice a year. For the sake of transparency, a joint report of activities shall be sent to the European Parliament, the Council and eu-LISA every two years.
How many records/alerts there are in SIS II?
In SIS II there are over 45 million alerts. The largest number of alerts concern lost or stolen documents (over 39 million) and stolen vehicles (about 5 million). The SIS II capacity at entry-into-operation has been increased to 70 million alerts and the system was tested with a view to ensuring scalability up to 100 million alerts without the need for technical change.
For more information
Press release: IP/13/309
DG Home Affairs website: http://ec.europa.eu/dgs/home-affairs/sisii