Council Regulation (EC) No 1104/2008 of 24 October 2008 on migration from the Schengen Information System (SIS 1+) to the second generation Schengen Information System (SIS II) (2) and Council Decision 2008/839/JHA of 24 October 2008 on migration from the Schengen Information System (SIS 1+) to the second generation Schengen Information System (SIS II) (3) have been substantially amended. Since further amendments are to be made, they should be recast in the interest of clarity.
(2)
The Schengen Information System (SIS) set up pursuant to the provisions of Title IV of the Convention of 19 June 1990 implementing the Schengen Agreement of 14 June 1985 between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and the French Republic on the gradual abolition of checks at their common borders (4) (the ‘Schengen Convention’), and the further development, thereof, SIS 1+, constitute essential tools for the application of the provisions of the Schengen acquis as integrated into the framework of the European Union.
(3)
The development of the second generation Schengen Information System (SIS II) was entrusted by the Council to the Commission pursuant to Regulation (EC) No 2424/2001 (5) and Decision 2001/886/JH (6). Those acts expired on 31 December 2008 prior to the completion of the SIS II developments. They therefore needed to be supplemented firstly by Regulation (EC) No 1104/2008 and by Decision 2008/839/JHA and subsequently by this Regulation and Council Regulation (EU) No 1273/2012 of 20 December 2012 on migration from the Schengen Information System (SIS 1+) to the second generation Schengen Information System (SIS II) (7) at the latest until the termination of the migration from SIS 1+ to SIS II or until a date to be fixed by the Council, acting in accordance with Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second generation Schengen Information System (SIS II) (8) and Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second generation Schengen Information System (SIS II) (9).
(4)
SIS II was established by Regulation (EC) No 1987/2006 and by Decision 2007/533/JHA. This Regulation should be without prejudice to the provisions of those acts.
(5)
Certain tests of SIS II are provided for in Council Regulation (EC) No 189/2008 (10) and in Council Decision 2008/173/JHA (11).
(6)
The development of SIS II should be continued and should be finalised in the framework of the SIS II global schedule endorsed by the Council on 6 June 2008 and subsequently amended in October 2009 in the light of orientations given by the Council of 4 June 2009 (Justice and Home Affairs). The new version of the SIS II global schedule was presented by the Commission to the European Parliament and the Council in October 2010.
(7)
A comprehensive test of SIS II should be conducted in full cooperation between the Member States and the Commission, in accordance with the provisions of this Regulation. As soon as possible after its completion, that test should be validated as provided for by Regulation (EC) No 1987/2006 and Decision 2007/533/JHA. Only test data should be used for the purpose of the comprehensive test.
(8)
Member States should perform a test on the exchange of supplementary information.
(9)
As regards SIS 1+, the Schengen Convention provides for a technical support function (C.SIS). As regards SIS II, Regulation (EC) No 1987/2006 and Decision 2007/533/JHA provide for a Central SIS II composed of a technical support function and a uniform national interface (NI-SIS). The technical support function of Central SIS II should be located in Strasbourg (France) and a backup in St Johann im Pongau (Austria).
(10)
In order to better manage the potential difficulties brought about by the migration from SIS 1+ to SIS II, an interim migration architecture for SIS should be established and tested. The interim migration architecture should have no impact on the operational availability of SIS 1+. A converter should be provided by the Commission.
(11)
The Member State issuing an alert should be responsible for ensuring that the data entered into SIS is accurate, up to date and lawful.
(12)
The Commission should remain responsible for Central SIS II and its communication infrastructure. This responsibility includes the maintenance and continuation of the development of SIS II and its communication infrastructure, including at all times the correction of errors. The Commission should provide coordination and support for the joint activities. The Commission should provide, in particular, the necessary technical and operational support to the Member States at Central SIS II level including the availability of a helpdesk.
(13)
The Member States are and should remain responsible for the development and maintenance of their national systems (N.SIS II).
(14)
France should remain responsible for the technical support function of SIS 1+, as expressly provided for in the Schengen Convention.
(15)
Representatives of the Member States participating in SIS 1+ should coordinate their actions within the framework of the Council. It is necessary to set out a framework for that organisational action.
(16)
In order to support Member States in opting for the most favourable technical and financial solution, the Commission should initiate without delay the process of adapting this Regulation by proposing a legal framework for the migration from SIS 1+ to SIS II which better reflects the technical migration approach outlined in the Migration Plan for the SIS Project (the ‘Migration Plan’) adopted by the Commission after a positive vote by the SIS-VIS Committee on 23 February 2011.
(17)
The Migration Plan envisages that within the switchover period all Member States, consecutively, will perform their individual switchover of the national application from SIS 1+ into SIS II. It is desirable from a technical point of view that Member States that have switched over be able to use the full scope of SIS II from the time of the switchover and not have to wait until other Member States have also switched over. Therefore, it is necessary to apply Regulation (EC) No 1987/2006 and Decision 2007/533/JHA from the time of the initiation of the switchover by the first Member State. For reasons of legal certainty, the period of switchover should be kept as short as possible, and should not exceed 12 hours. The application of Regulation (EC) No 1987/2006 and Decision 2007/533/JHA should not prevent Member States, which have not switched over yet or which have had to fall back for technical reasons, from using SIS II limited to SIS 1+ functionalities during the intensive monitoring period. In order to apply the same standards and conditions to alerts, data processing and data protection in all Member States, it is necessary to apply the SIS II legal framework to the SIS operational activities of the Member States which did not yet switch over.
(18)
It is necessary to maintain the application of certain provisions of Title IV of the Schengen Convention on a temporary basis by incorporating those provisions into this Regulation as they provide the legal framework for the converter and the interim migration architecture during the migration. The interim migration architecture for the operations of SIS 1+ allows SIS 1+ and certain technical parts of the SIS II architecture to operate in parallel during a limited transitional period which is needed to make possible an incremental migration from SIS 1+ to SIS II.
(19)
Regulation (EC) No 1987/2006 and Decision 2007/533/JHA provide that the best available technology, subject to a cost-benefit analysis, should be used for Central SIS II. The Annex to the Council Conclusions on the further direction of SIS II of 4-5 June 2009 laid down milestones which should be met in order to continue with the current SIS II project. In parallel, a study has been conducted concerning the elaboration of an alternative technical scenario for developing SIS II based on SIS 1+ evolution (SIS 1+ RE) as the contingency plan, in case the tests demonstrate non-compliance with the milestone requirements. Based on these parameters, the Council may decide to invite the Commission to switch to the alternative technical scenario.
(20)
The description of the technical components of the interim migration architecture should therefore be adapted to allow for another technical solution, and in particular the SIS 1+ RE regarding the development of Central SIS II. SIS 1+ RE is a possible technical solution to develop Central SIS II and to achieve the objectives of the SIS II laid down in Regulation (EC) No 1987/2006 and Decision 2007/533/JHA.
(21)
The SIS 1+ RE is characterised by uniqueness of means between SIS II development and SIS 1+. The references in this Regulation to the technical architecture of SIS II and to the migration process should therefore, in case of implementation of an alternative technical scenario, be read as the references to SIS II based on another technical solution, as applied mutatis mutandis to the technical specificities of that solution, in keeping with the objective to develop Central SIS II.
(22)
In any technical scenario, the result of migration at central level should be availability of the SIS 1+ database and new SIS II functionalities, including additional data categories, in the Central SIS II. In order to facilitate data loading it should be specified that deleted data as referred to in Article 113(2) of the Schengen Convention will not be migrated from SIS 1+ to SIS II.
(23)
The Commission should be empowered to contract out to third parties, including national public bodies, tasks conferred upon it by this Regulation and tasks relating to the implementation of the budget, in accordance with Council Regulation (EC, Euratom) No 1605/2002 of 25 June 2002 on the Financial Regulation applicable to the general budget of the European Communities (12) (the ‘Financial Regulation’).
Any such contract should respect the rules of data protection and data security and take into account the role of the relevant data protection authorities applicable to the SIS, in particular the provisions of the Schengen Convention and of this Regulation.
(24)
As regards the financing of the development of the Central SIS II based on an alternative technical solution, it should be covered by the general budget of the Union while respecting the principle of sound financial management. In accordance with the Financial Regulation the Commission may delegate budget implementation tasks to national public sector bodies. Following the political orientation and subject to the conditions laid down in the Financial Regulation, the Commission would be invited, in case of switchover to the alternative solution, to delegate the budget implementation tasks related to the development of the SIS II based on SIS 1+ RE to France.
(25)
Regulation (EC) No 1987/2006 and Decision 2007/533/JHA, as well as Decision No 574/2007/EC of the European Parliament and of the Council of 23 May 2007 establishing the External Borders Fund for the period 2007 to 2013 as part of the General Programme Solidarity and Management of Migration Flows (13), included SIS II national developments among the eligible actions to be co-financed under the External Borders Fund (EBF). Commission Decision 2007/599/EC of 27 August 2007 implementing Decision No 574/2007/EC of the European Parliament and of the Council as regards the adoption of strategic guidelines for 2007 to 2013 (14) further identified SIS II as one of the five strategic priorities under the EBF, recognising the importance of supporting the coherent and timely development of the national projects alongside the central SIS II.
Since the adoption of those legal acts, the SIS II project received a significant reorientation in the course of 2010, after the completion of an important test campaign, the ‘Milestone 1’. Furthermore, the evolutions in the use of the SIS by the Member States led to a need to update the SIS II technical requirements concerning performance and storage capacity which affected the costs of the SIS II project both at central and national level.
(26)
With regard to the migration process from SIS 1+ to SIS II, the evolution in requirements and the advances made in the completion of the SIS II project led to a redefinition of the migration architecture, of the migration calendar and of the testing requirements. An important part of the activities that would now be required at Member State level for the migration to SIS II were not anticipated at the time when Regulation (EC) No 1104/2008 and Decision 2008/839/JHA were adopted or at the time when the financial package and the multiannual programmes under the EBF were drawn up. It is, therefore, necessary to partly realign the cost distribution principles for the migration from SIS 1+ to SIS II. Certain national activities related to that migration, in particular in connection with the participation of Member States in migration-related testing activities could be co-financed from the SIS II budget line of the general budget of the Union. That possibility should cover specific and well-defined activities beyond, and not to coincide with, other SIS II related actions which would continue to be supported under the EBF. The financial assistance thus provided under this Regulation should be complementary to that provided by the EBF.
(27)
In relation to the co-financing provided under this Regulation, appropriate measures should be taken to prevent irregularities and fraud and the necessary steps should be taken to recover funds lost, wrongly paid or incorrectly used, in accordance with Council Regulation (EC, Euratom) No 2988/95 of 18 December 1995 on the protection of the European Communities financial interests (15), Council Regulation (Euratom, EC) No 2185/96 of 11 November 1996 concerning on-the-spot checks and inspections carried out by the Commission in order to protect the European Communities’ financial interests against fraud and other irregularities (16), and Regulation (EC) No 1073/1999 of the European Parliament and of the Council of 25 May 1999 concerning investigations conducted by the European Anti-Fraud Office (OLAF) (17).
(28)
In order to ensure uniform conditions for the implementation of this Regulation, taking into consideration the financial impacts of the decision upon Member States, which should remain fully involved when the Commission exercises its implementing powers, implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission’s exercise of implementing powers (18).
(29)
The Commission and the Member States should continue to cooperate closely during all steps of the development of the SIS II and the migration from SIS 1+ to SIS II in order to complete the process. In the Council conclusions on SIS II of 26-27 February 2009 and 4-5 June 2009, an informal body consisting of the experts of the Member States and designated as the Global Programme Management Board, was established to enhance the cooperation and to provide direct Member States support to the central SIS II project. The positive result of the work of that group of experts and the necessity of further enhancing the cooperation and the transparency of the central SIS II project justify the formal integration of the group of experts into the SIS II management structure. A group of experts, called the Global Programme Management Board, should therefore be formally established to complement the current SIS II organisational structure. In order to ensure efficiency as well as cost effectiveness the number of experts should be limited. The activities of the Global Programme Management Board should be without prejudice to the responsibilities of the Commission and of the Member States.
(30)
Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (19) applies to the processing of personal data by the Commission.
(31)
The European Data Protection Supervisor is responsible for monitoring and ensuring the application of Regulation (EC) No 45/2001 and is competent to monitor the activities of the Union institutions and bodies in relation to the processing of personal data. The Joint Supervisory Authority is responsible for supervising the technical support function of the current SIS 1+ until the entry into force of the SIS II legal framework. National Supervisory Authorities are responsible for supervising the processing of SIS 1+ personal data on the territory of their respective Member States and remain responsible for monitoring the lawfulness of the processing of SIS II personal data on the territory of their respective Member States. This Regulation should be without prejudice to the specific provisions of the Schengen Convention as well as of Regulation (EC) No 1987/2006 and of Decision 2007/533/JHA on the protection and security of personal data. That SIS II legal framework provides that the National Supervisory Authorities and the European Data Protection Supervisor ensure the coordinated supervision of SIS II.
(32)
The migration from SIS 1+ to SIS II is a complex process which, despite extensive preparation by all stakeholders, entails significant technical risks. It is desirable for the legal framework to provide for the necessary flexibility to respond to unexpected difficulties which the central system or one or several national systems could face during the migration process. Therefore, while for reasons of legal certainty the switchover phase and the intensive monitoring period during which the interim migration architecture continues to exist should be as short as possible, the Council should, in case of technical difficulties, be enabled to fix the final date for the termination of migration in accordance with Article 55(2) of Regulation (EC) No 1987/2006 and Article 71(2) of Decision 2007/533/JHA.
(33)
Since the objectives of this Regulation, namely setting up the interim migration architecture and migrating the data from SIS 1+ to SIS II, cannot be sufficiently achieved by the Member States and can, therefore, by reason of the scale and effects of the action, be better achieved at Union level, the Union may adopt measures in accordance with the principle of subsidiarity, as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary to achieve those objectives.
(34)
This Regulation respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union.
(35)
In order to give effect in 2012 to the financial facility which could be provided to Member States from the general budget of the Union in accordance with this Regulation, this Regulation should enter into force on the day following its publication.
(36)
As regards Iceland and Norway, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters’ association with the implementation, application and development of the Schengen acquis (20) which fall within the area referred to in Article 1, point G, of Council Decision 1999/437/EC (21) on certain arrangements for the application of that Agreement.
(37)
As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (22) which fall within the area referred to in Article 1, point G, of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/146/EC (23).
(38)
As regards Liechtenstein, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation’s association with the implementation, application and development of the Schengen acquis (24) which fall within the area referred to in Article 1, point G, of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU (25).
(39)
In accordance with Articles 1 and 2 of Protocol (No 22) on the position of Denmark, annexed to the Treaty on European Union and the Treaty on the Functioning of the European Union, Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application. Given that this Regulation builds upon the Schengen acquis, Denmark shall, in accordance with Article 4 of that Protocol, decide within a period of six months after the Council has decided on this Regulation whether it will implement it in its national law.
(40)
The United Kingdom is taking part in this Regulation, in accordance with Article 5(1) of the Protocol (No 19) on the Schengen acquis integrated into the framework of the European Union, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, and Article 8(2) of Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis (26).
(41)
Ireland is taking part in this Regulation, in accordance with Article 5(1) of the Protocol (No 19) on the Schengen acquis integrated into the framework of the European Union, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, and Article 6(2) of Council Decision 2002/192/EC of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen acquis (27).
(42)
This Regulation is without prejudice to the arrangements for the partial participation of Ireland and the United Kingdom in the Schengen acquis as determined by Decisions 2000/365/EC and 2002/192/EC respectively.
(43)
As regards Cyprus, this Regulation constitutes an act building upon, or otherwise related to, the Schengen acquis within the meaning of Article 3(2) of the 2003 Act of Accession.
(44)
The European Data Protection Supervisor was consulted and delivered an opinion on 9 July 2012 (28),