Explanatory Memorandum to COM(2009)293 - Agency for the operational management of large-scale IT systems in the area of freedom, security and justice - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
dossier | COM(2009)293 - Agency for the operational management of large-scale IT systems in the area of freedom, security and justice. |
---|---|
source | COM(2009)293 |
date | 24-06-2009 |
The objective of this proposal for a Regulation is to establish an Agency responsible for the operational management of large-scale information technology ("IT") systems in the area of freedom, security and justice.
The Agency will be responsible for the long-term operational management of the second-generation Schengen Information System (SIS II), the Visa Information System (VIS) and EURODAC. This proposal for a Regulation also aims to lay down the framework for the development and the operational management by the Agency of other large-scale IT systems in application of Title IV of the EC Treaty and potentially for other large-scale IT systems in the area of freedom, security and justice. However, any such integration of further systems will require a specific mandate by the legislator not given by this proposal.
The present legislative package consists of two proposals: this proposal for a Regulation and a proposal for a Council Decision conferring upon the Agency established by this Regulation tasks regarding the operational management of SIS II and VIS in application of Title VI of the EU Treaty. The proposed Regulation covers the first pillar scope of SIS II, VIS and EURODAC. The proposed Decision covers the third pillar scope of SIS II and VIS.
In order to identify the best solution for the long-term operational management of SIS II, VIS and also EURODAC, the Commission has conducted an Impact Assessment.[1] In joint statements accompanying the SIS II and VIS legal instruments i, the Council and the European Parliament invited the Commission, following an Impact Assessment containing a substantive analysis of alternatives, from the financial, operational and organisational perspective, to present the necessary legislative proposals entrusting an agency with the long term operational management of SIS II and VIS. After the analysis of different options, a new Regulatory Agency was found to be the most feasible alternative for carrying out the tasks of a 'Management Authority' for these systems in the long term.
The Agency's core task will be to fulfil the operational management tasks for SIS II, VIS and EURODAC, keeping the systems functioning 24 hours a day, seven days a week, thus ensuring a continuous, uninterrupted flow of data exchange. Beyond these operational tasks, the corresponding responsibilities for adopting security measures, reporting, publishing, monitoring, information, organising specific VIS and SIS II related trainings, implementing pilot schemes upon specific and precise request of the Commission and monitoring of research will be assigned to the Agency. Combining the systems in a joint Agency will make it possible to exploit synergies and share facilities and staff. The Agency's governance structure reflects the existing variable geometry which denotes a heterogeneous group of participating countries (EU Member States with different levels of participation in the information systems and associated countries).
This proposal does not impact on the financial framework for 2007-2013. The legislative financial statement annexed to this proposal is mainly founded on estimates and figures from the impact assessment conducted in 2007. This legislative financial statement is also based on the assumption that this proposal will be adopted in 2010 in order for the Agency to be legally established in 2011 and become a fully fledged Agency able to take over all the tasks related to the operational management of SIS II, VIS and EURODAC and other large-scale IT systems in 2012. In the joint statement accompanying the SIS II and VIS legal instruments the European Parliament and the Council committed themselves to dealing with the proposals on the long term operational management of SIS II and VIS as quickly as possible and to having them adopted in time to allow the Agency to take up fully its activities before the end of a five year period following the entry into force of the SIS II and VIS legal instruments.
Finally, the Council should bear in mind the implications linked to the choice of the location of the Agency.
Article 61 of the Treaty establishing the European Community (referred to hereinafter as 'EC Treaty') requires the adoption of measures aimed at ensuring the free movement of persons, in accordance with Article 14 of the EC Treaty, in conjunction with directly related flanking measures regarding external border controls, asylum and immigration, as well as measures to prevent and combat crime.
On the basis of the Schengen Convention i, the Schengen Information System (SIS) was established to maintain public policy and public security, including national security. The second-generation Schengen Information System (SIS II) was established by Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 and Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second-generation Schengen Information System (SIS II) i. Its aim is to contribute to ensuring a high level of security within the area of freedom, security and justice of the European Union, including the maintenance of public security and public policy and the safeguarding of security in the territories of the Member States, and to applying the provisions of Title IV of Part Three of the EC Treaty relating to the movement of persons in their territories, using information communicated via this system.
The Visa Information System (VIS) was established by Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) i. VIS will enable consulates and other competent authorities of the Member States to exchange visa information for the purposes of facilitating the visa application procedure, preventing visa shopping, contributing to the fight against fraud, facilitating checks at external border crossing points and within the Member States, assisting in the identification of third country nationals, facilitating the application of the Dublin Regulation and contributing to the prevention of threats to the internal security of any of the Member States.
The legal instruments establishing and governing the SIS II and VIS provide that the central and back-up central systems are located in Strasbourg, France (CS-SIS and central VIS) and in Sankt Johann im Pongau, Austria (back-up CS-SIS and back-up central VIS), respectively.
EURODAC, a Community-wide information technology system, was created to facilitate the application of the Dublin Convention,[6] which aimed to establish a mechanism for determining responsibility for asylum applications lodged in one of the EU Member States. The Convention was replaced by a Community law instrument, Council Regulation (EC) No 343/2003 of 18 February 2003 establishing the criteria and mechanisms for determining the Member State responsible for examining an asylum application lodged in one of the Member States by a third-country national (ie. the Dublin Regulation) i.
The legal frameworks of SIS II, VIS and EURODAC are characterized by variable geometry. On the one hand, Ireland and the United Kingdom participate in EURODAC but are only partly involved in SIS II, and do not participate in VIS, while Denmark is involved in all three systems on a different legal basis. On the other hand, a number of non-EU countries, namely Iceland, Norway, Switzerland and Liechtenstein, are or will be associated with the implementation, application and development of the Schengen acquis , and therefore participate both in SIS II and VIS.
At present, owing to the cross-pillar elements of the SIS II, the legal framework of SIS II is composed of first pillar Regulations and Decisions and third pillar Decisions:
- Council Regulation (EC) No 2424/2001 of 6 December 2001 on the development of the second-generation Schengen Information System (SIS II);[8]
- Council Decision 2001/886/JHA of 6 December 2001 on the development of the second-generation Schengen Information System (SIS II);[9]
- Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second-generation Schengen Information System (SIS II);[10]
- Regulation (EC) No 1986/2006 of the European Parliament and of the Council of 20 December 2006 regarding the access to the second-generation Schengen Information System (SIS II) by the services in the Member States responsible for issuing vehicle registration certificates;[11]
- Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second-generation Schengen Information System (SIS II);[12]
- Commission Decisions 2007/170/EC and 2007/171/EC of 16 March 2007 laying down the network requirements for the Schengen Information System II i;
- Council Regulation (EC) No 189/2008 of 18 February 2008 on the tests of the second-generation Schengen Information System (SIS II) i;
- Council Decision 2008/173/EC of 18 February 2008 on the tests of the second-generation Schengen Information System (SIS II) i;
- Commission Decisions 2008/333/EC and 334/2008/JHA of 4 March 2008 adopting the SIRENE Manual and other implementing measures for the second-generation Schengen Information System (SIS II) i;
- Council Regulation (EC) No 1104/2008 of 24 October 2008 on migration from the Schengen Information System (SIS 1+) to the second-generation Schengen Information System (SIS II) i;
- Council Decision 2008/839/JHA of 24 October 2008 on migration from the Schengen Information System (SIS 1+) to the second-generation Schengen Information System (SIS II) i.
As opposed to the SIS II, VIS is established under the first pillar. However, a VIS third pillar instrument was adopted to allow designated law enforcement authorities to access the system for consultation regarding the commitment of certain offences. The following legal instruments are relevant for VIS:
- Council Decision 2004/512/EC of 8 June 2004 establishing the Visa Information System (VIS) i constitutes the legal basis for including in the general budget of the European Union of the necessary appropriations for the development of the VIS;
- Commission Decision 2006/752/EC of 3 November 2006 establishing the sites for the Visa Information System during the development phase i;
- Commission Decision 2006/648/EC of 22 September 2006 laying down the technical specifications on the standards for biometric features related to the development of the Visa Information System i;
- Commission Decision 2008/602/EC of 17 June 2008 laying down the physical architecture and requirements of the national interfaces and of the communication infrastructure between the central VIS and the national interfaces for the development phase;[22]
- Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation);[23]
- Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences.[24]
EURODAC is established under the first pillar:
- Council Regulation (EC) No 2725/2000 of 11 December 2000 concerning the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of the Dublin Convention i;
- Council Regulation (EC) No 407/2002 of 28 February 2002 laying down certain rules to implement Regulation (EC) No 2725/2000 concerning the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of the Dublin Convention i.
The proposal is consistent with existing policies and objectives of the European Union, in particular the objective to create an area of freedom, security and justice.
The Impact Assessment report is based on a preparatory study, carried out by an external contractor i. Twenty seven interviews were conducted in the framework of the study, involving representatives from the EU Member States, Norway, the European Parliament, the Commission, the European Data Protection Supervisor, the Schengen Joint Supervisory Authority, the European Environmental Agency, the European Agency for the Management of Operational Cooperation at the External Borders (FRONTEX), Europol, the Strasbourg C.SIS site responsible for the operational management of SIS 1+ and industry experts. Furthermore, an Inter-Service Steering Group, composed of the relevant Commission Directorates General was set up to support the impact assessment process.
Following a pre-screening process, five possible options to achieve the objective of long-term operational management of SIS II, VIS and EURODAC were retained and further analysed.
- Option 1 - baseline: the operational management solution for SIS II and VIS identified for the transitional period (the Commission entrusting the operational management tasks to Member States' authorities) would be continued as a permanent solution. Currently, EURODAC is managed by the Commission and this solution would also be maintained.
- Option 2 - baseline+ under which the Commission would entrust the operational management tasks related to SIS II, VIS and EURODAC to Member States' authorities.
- Option 3 - a new Regulatory Agency that would assume responsibility for the long-term operational management of SIS II, VIS and EURODAC.
- Option 4 - FRONTEX would manage the three systems, which would entail changes to both its basic act and its management structure.
- Option 5 - EUROPOL would manage SIS II, whereas the Commission would manage VIS and EURODAC. This option was considered while negotiations on the conversion of the current Europol Convention into a Community act were still ongoing.
As a result of a comparative analysis, the new Regulatory Agency option, which aims to create a joint operational management structure for SIS II, VIS and EURODAC scored highest.
Contents
- LEGAL ELEMENTS OF THE PROPOSAL
- BUDGETARY IMPLICATION
- 1.1. Grounds for and objectives of the proposal
- 1.2. General context
- 1.3. Existing provisions in the area covered by the proposal
- 1.4. Consistency with other policies and objectives of the European Union
- 2. CONSULTATION OF INTERESTED PARTIES AND IMPACT ASSESSMENT
- 2.1. Collection and use of expertise, consultation of interested parties
- 2.2. Impact assessment
- 3.1. Summary of the proposed action
- 3.2. Legal basis
- 3.3. Variable geometry
- 3.4. Subsidiarity principle
- 3.5. Proportionality principle
- 3.6. Choice of instruments
- 5. ADDITIONAL INFORMATION
- 5.1. Simplification
- 5.2. Evaluation
This proposal aims to establish an Agency responsible for the operational management of SIS II, VIS, EURODAC and other large-scale IT systems in application of Title IV of the EC Treaty and potentially for other IT systems in the area of freedom, security and justice on the basis of a relevant legislative instrument.
Entrusting an Agency with the operational management of large-scale IT systems in the area of freedom, security and justice does not affect the specific rules governing the purpose, access rights, security measures and further data protection requirements applicable to those systems.
The regulatory Agency shall be established as a Community body, having legal personality. The first tasks to be conferred on the Agency are operational, that is to say, ensuring the overall management of the information systems and the operation of the systems. It would thus become a 'centre of excellence' with specialised operational staff. A dedicated, specialised organisation would also ensure the highest level of efficiency and responsiveness, also for the development and operational management of other potential systems in the area of freedom, security and justice.
The Agency shall be responsible for the tasks relating to the Communication Infrastructure which are referred to in Articles 15 i of the SIS II Regulation and Decision and Article 26 i of the VIS Regulation and Article [4(2)] of the Regulation (EC) XX/2009 concerning the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of Regulation (EC) No […/…][28]. In addition, the Agency shall perform tasks related to the training of experts on VIS and SIS II including training related to the exchange of supplementary information, as well as monitoring of research activities and implementation of pilot schemes upon specific and precise request of the Commission.
The Agency could also potentially be responsible for developing and managing other large-scale IT systems in the area of freedom, security and justice. This would be subject to legislative instruments establishing such systems that in turn would provide the Agency with the respective competences.
The main body governing the Agency shall be a Management Board with an adequate representation of the Member States and the Commission. The representation of Member States should reflect each Member State's Treaty rights and obligations. The countries associated with the implementation, application and development of the Schengen acquis and the EURODAC related measures shall also participate in the Agency.
This proposal for a Regulation is based on the same legal basis as the SIS II Regulation (Regulation (EC) No 1986/2006), the VIS Regulation (Regulation (EC) No 767/2008) and the EURODAC Regulation (Regulation (EC) No 2725/2000) and is, thus, founded on Articles 62(2)(a), 62(2)(b)(ii), 63(1)(a), 63(3)(b) and Article 66 of the EC Treaty.
Article 66 of the EC Treaty, provides for the adoption of appropriate measures to encourage and strengthen administrative cooperation between the relevant departments of Member States' administrations, as well as between those departments and the Commission in the field of visas, asylum, immigration and other policies related to free movement of persons. This constitutes an appropriate legal basis since the Agency will facilitate the communication and cooperation between the relevant departments of the Member States' administrations in the areas mentioned above.
The operational management tasks to be entrusted to the Agency shall support the policy aspects underlying the SIS II and VIS Regulations. In accordance with Article 62(2)(a) and 63(3)(b) of the EC Treaty, which provide an appropriate legal basis for the SIS II Regulation, the Agency's activities shall technically cover matters related to checks on persons at external borders as well as measures in the area of illegal immigration and illegal residence, respectively. As for VIS matters, the Agency's activities shall technically support the procedures for issuing visas by Member States; it is therefore founded on Article 62(2)(b)(ii) of the EC Treaty.
Regarding EURODAC matters, the operational management tasks to be entrusted to the Agency shall technically support the determination of which Member State is responsible for considering an application for asylum submitted by a national of a third country in one of the Member States (Article 63(1)(a) of the EC Treaty).
According to Article 67 of the EC Treaty read in conjunction with Article 1 of Council Decision 2004/927/EC providing for certain areas covered by Title IV of Part Three of the EC Treaty to be governed by the procedure laid down in Article 251 of that Treaty i, measures referred to in Articles 62(2)(a), 62(2)(b)(ii), 63(1)(a) and 63(3)(b) of the EC Treaty, shall be adopted in accordance with the co-decision procedure referred to in Article 251 of the EC Treaty. Since Article 66 of the EC Treaty is subject to qualified majority i, the legal bases are compatible and can be combined. Therefore, the co-decision procedure applies to the adoption of the Regulation as an integral whole.
As the legal basis for this proposal for a Regulation is to be found in Title IV of the EC Treaty, it is affected by the variable geometry arising from the Protocols on the positions of the United Kingdom, Ireland and Denmark. This proposal for a Regulation builds upon the Schengen acquis and the provisions of the EURODAC related measures. Therefore the following consequences in relation to the various protocols and association agreements have to be considered.
Denmark:
Under the Protocol on the position of Denmark, annexed to the TEU and the TEC, Denmark does not take part in the adoption by the Council of the measures pursuant to Title IV of the EC Treaty, with the exception of 'measures determining the third countries whose nationals must be in possession of a visa when crossing the external borders of the Member States, or measures relating to a uniform format for visas'. This proposal builds on the Schengen acquis and Article 5 of the Protocol applies. In accordance with Article 5 of the said Protocol, Denmark decided to implement Regulation (EC) No 1987/2006 and Regulation (EC) No 767/2008 in national law.
As far as it concerns EURODAC, in accordance with Articles 1 and 2 of the Protocol on the position of Denmark attached to the Treaties, Denmark does not take part in the adoption of this Regulation and is not bound by it nor subject to its application. However, Denmark applies the current EURODAC Regulation, following an international agreement i that it concluded with the EC in 2006.
United Kingdom and Ireland:
This proposal builds on the provisions of the Schengen acquis , in which the United Kingdom and Ireland do not participate, in accordance with Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis and Council Decision 2002/192/EC of 28 February 2002 concerning Ireland's request to take part in some of the provisions of the Schengen acquis . Therefore, the United Kingdom and Ireland are not participating in the adoption of this Regulation and are not bound by it or subject to its application.
The United Kingdom and Ireland are bound by the EURODAC Regulation (EC) No 2725/2000 following their notice of their wish to take part in the adoption and application of that Regulation based on the Protocol on the position of the United Kingdom and Ireland attached to the Treaties. The position of these Member States with regard to the EURODAC Regulation does not affect their possible participation regarding this proposal.
Norway and Iceland:
As regards Norway and Iceland, this proposal constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis i.
In parallel to the association of several non-EU Member States to the Schengen acquis, the Community concluded, or is in the process of doing so, several agreements associating these countries also to the EURODAC related measures. The agreement associating Iceland and Norway was concluded in 2001 i.
Switzerland:
As regards Switzerland, this proposal constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the European Union, the European Community and the Swiss Confederation on the latter's association with the implementation, application and development of the Schengen acquis i.
As regards the EURODAC related measures, the agreement associating Switzerland was concluded on 28 February 2008 and is applicable as of 12 December 2008 i.
Liechtenstein:
As regards Liechtenstein, this proposal constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis which falls within the area referred to in Article 1, point A, B and G of Council Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/261/EC i.
As regards the EURODAC related measures, the agreement associating Liechtenstein was signed on 28 February 2008 and is subject to conclusion at a later stage i.
Common provisions for the countries associated with the EURODAC related measures:
In accordance with the three above-cited agreements, the associated countries shall accept the EURODAC related measures and its development without exception. They do not take part in the adoption of any acts amending or building upon the EURODAC related measures (including therefore this proposal) but have to notify to the Commission within a given time-frame of their decision whether or not to accept the content of that act, once approved by the Council and the European Parliament. In case Norway, Iceland, Switzerland or Liechtenstein do not accept an act amending or building upon the EURODAC related measures, the respective agreements will be terminated, unless the Joint/Mixed Committee established by the agreements decides otherwise by unanimity.
In order to create rights and obligations between Denmark – which as explained above has been associated to the EURODAC related measures via an international agreement – and the associated countries mentioned above, two other instruments have been concluded between the Community and the associated countries.[38]
The proposal respects the principle of subsidiarity, as the objective of the proposed action, the conferring of the operational management of Central SIS II, Central VIS and the National Interfaces, Central EURODAC, as well as certain aspects of their communication infrastructure, on an Agency, cannot be achieved by the Member States individually.
The Agency, financed from the EU budget, would be given the competences to manage only the central parts of SIS II, central parts of VIS and the national interfaces, the central part of EURODAC, as well as certain aspects of the communication infrastructure, without having responsibility for the data entered in the systems. Member States are competent for their national systems. Therefore, the Agency's competences are kept to the minimum necessary for supporting effective, secure and continuous data exchange between the Member States. Setting up a dedicated structure is considered proportionate to the legitimate interests of users and the high-security, high-availability and mission-critical nature of the systems.
A Regulation of the European Parliament and of the Council based on Article 62(2)(a), 62(2)(b)(ii), 63(1)(a), 63(3)(b) and Article 66 of the EC Treaty is the most appropriate instrument for establishing a body under Title IV of the EC Treaty.
The Agency will be funded by the general budget of the European Union. The necessary appropriations to cover the activities of the Agency will come from the appropriations currently foreseen in the Financial Programming 2011-2013 in the budget lines 18 02 04 'Schengen Information System (SIS II)', 18 02 05 'Visa Information System (VIS)'and 18 03 11 'EURODAC'. The financial statement annexed to this proposal is common to the proposal for a Council Decision conferring upon the Agency established by the Regulation XX tasks regarding the operational management of SIS II and VIS in application of Title VI of the EU Treaty.
The proposal provides for simplification of legislation by establishing a single operational management structure for several IT-systems in the area of freedom, security and justice.
Article 27 of the proposed Regulation includes an evaluation clause.