The Commission presented a report to the Commission to the European Parliament and the Council on the evaluation of the second generation Schengen Information System (SIS II) in accordance with art. 24 (5), 43 (3) and 50 (5) of Regulation (EC) No 1987/2006 and art. 59 (3) and 66 (5) of Decision 2007/533/JHA.

The Schengen Information System (SIS) is a centralised, large-scale information system supporting checks on persons and objects (such as travel documents and vehicles) at the external Schengen borders and reinforcing law enforcement and judicial cooperation within 29 countries throughout Europe.

The second generation of the system (SIS II) entered into operation on 9 April 2013. The operation and use of SIS is established in two major legal instruments: Regulation (EC) No 1987/2006 relates to the use of SIS in checks on third-country nationals who do not fulfil the conditions for entry or stay in the Schengen area and Council Decision 2007/533/JHA relates to the use of SIS for police and judicial cooperation in criminal matters.

In addition to the original features, SIS II now provides new functions and object categories:

the possibility of linking alerts on persons and objects (e.g. alerts on a wanted person and the stolen vehicle he is using); biometric data (fingerprints and photographs) to confirm the identity of a person; a copy of the European Arrest Warrant attached directly to alerts for persons wanted for arrest for surrender or extradition; information on misused identity preventing the misidentification of the innocent party in identity fraud.

Since May 2013, eu-LISA has been responsible for the operational management of Central SIS II, while Member States are responsible for the operational management of their national systems.

Main conclusions : according to the report, SIS II is an operational system which cannot remain static and has demonstrated obvious success against a background of evolving and complex issues . Accordingly, the evaluation not only examined existing performance but also looked to the future to propose major evolutions in technology , managing workload, protecting individual rights and achieving better operational outcomes.

Notwithstanding the considerable success and EU added-value achieved through the use of SIS II and its ongoing relevance to the serious security and migration challenges faced by Europe, the Commission has identified certain points to be addressed.

Among them, the report highlighted the key objectives of SIS II and its relevance to border management. Thus, several of the findings have been made to confirm the need for increased efficiency of the SIS from a strategic plan point of view.

In addition, one of the questions posed by the report was the question of its relevance with regard to the security of citizens .

SIS II is today the most important and widely used information-sharing instrument in Europe, as underlined by the European Agenda on Security.

The European Council and the Justice and Home Affairs Council have repeatedly pointed to the high relevance of SIS II for exchanging data on and tracking down terrorist suspects and foreign terrorist fighters and stated that all possibilities of SIS in the fight against terrorism should be exploited. The role of SIS II as a source for intelligence and investigation by Europol was emphasised.

The Council also highlighted SIS II several times as an instrument to enhance European return policy.

In conclusion, in light of the security and migration issues faced and the consequent increased and broader usage of SIS II with significant results, the view of the Commission is that the underlying rationale of SIS II continues to be valid . To achieve this SIS must remain a flexible system, capable of swiftly addressing new operational phenomena .

Next steps : the report focused in the strategic future of the SIS and on elements that should be reviewed in the light of the current challenges faced by Member States regarding migration.

The report noted:

the outstanding operational and technical success of the system but also the need to further enhance the effectiveness, efficiency, relevance, coherence and EU added-value of SIS II , both at central level and in some Member States where technical and operational implementation could be improved; that further development of the legal framework is needed to: (i) reflect better the operational challenges in the field of security; (ii) further harmonise the rules in the use of the system to address irregular migration; (iii) improve the monitoring of the compliance with the data protection via statistical reporting.

In order to address those issues highlighted by the evaluation which require legislative change, the Commission intends to present a proposal to amend the legal basis for SIS by the end of December 2016.

The Commission presented this report on the availability and readiness of technology to identify a person on the basis of fingerprints held in the second generation Schengen Information System (SIS II).

Given that it is becoming increasingly difficult to establish the identity of a person due to changing names and the use of aliases or fraudulent documents and that this practice not only undermines border security but also the internal security of the EU, the Commission stated that a reliable method to establish identity is needed. The use of fingerprints would be an efficient way for both border guards and law enforcement officials to identify persons sought by the authorities and to detect cases of document fraud.

To date there is no EU-wide system which would allow the checking of persons on the basis of fingerprints.

The second generation Schengen Information System (SIS) entered into operations on 9 April 2013. A new feature is the storage of fingerprints in the central system. At present, prints are used to confirm the identity of a person located as a result of a search, usually on name and date of birth. This is a “one-to-one” search - the person’s prints are compared to one set of prints stored in SIS. However the possibility to identify a person on the basis of his/her fingerprints requires an evolution to the present law enforcement practice: the comparison of a person’s prints to all sets of prints – a “one-to-many” search – to identify the person solely on the basis of fingerprints. This functionality requires the implementation of an Automatic Fingerprint Identification System (AFIS).

AFIS has been successfully used in numerous national and cross-border cooperation databases. For the E.U. the obvious examples are the Visa Information System (VIS) and EURODAC.

Both the SIS II Decision and the SIS II Regulation provide a legal basis for using AFIS. Before this functionality is implemented, the Commission must present a report on the availability and readiness of the required technology, on which the European Parliament shall be consulted.

The objective of this present report is to address this requirement and to confirm that fingerprint identification technology is available and ready for its integration into SIS-II.

The level of readiness and availability have to be assessed in the context of the unique situation and characteristics of SIS II which present a series of technical and organisational challenges requiring appropriate and customised solutions.

This report, supported by a study conducted by the Commission’s Joint Research Centre (JRC), also outlines the technical and organisational requirements in the context of SIS, describes the type of scenarios where fingerprints are used operationally and includes recommendations for the successful implementation of AFIS functionality.

The JRC study and its findings : the Horizon 2020 EU Research and Innovation Framework Program describes the readiness and availability of technology using a nine-point scale: level 1 represents the observation of basic principles, level 9 the proving of actual systems in an operational environment. AFIS technology has already achieved level 9 with many systems working world-wide.

Recommendations : overall, the report confirmed the readiness and availability of AFIS technology. In addition, the Commission considered that the implementation of the following recommendations should be considered to support the successful deployment and use of an AFIS in SIS:

need for complementary statistics; promotion of best practices; common exchange standard; Prüm and SIS II complementarity; storage of multiple datasets; quality of capture points; quality of identification systems; quality check central service; reporting on lower quality fingerprint card; integrity of the database; consultation and queries; performance benchmark.

The next steps: action plan : the completion of the study and the submission of this report for consultation to the European Parliament are the first steps towards the provision of AFIS functionality in the SIS environment. In practical terms, the high-level description of activities which must now take place, with euLISA and the Member States, can be summarised as follows:

establish the requirements for the special quality check to ascertain the fulfilment of a minimum data quality standard; finalise the user requirements and the sizing of the required system; define the architecture of the required system; define the technical specifications and the timeline for implementation; carry out the project leading to the implementation of the SIS AFIS.

In conclusion, the Commission that the AFIS functionality has already been intrinsically linked with law enforcement and border databases. SIS constitutes one of these databases and alerts related to persons will not deliver their full capacity and usefulness without the support of an AFIS.

In the light of the analysis and observations summarised in this report, the Commission concluded that AFIS technology has reached sufficient levels of readiness and availability in order to be integrated in SIS.

PURPOSE: the establishment of SIS II and to lay down specific provisions on the processing of data for police and judicial cooperation in criminal matters.

LEGISLATIVE ACT: Council Decision 2007/533/JHA on the establishment, operation and use of the second generation Schengen Information System (SIS II).

BACKGROUND: this Decision forms part of a package of legislation defining the legal basis for SIS II. Given the different policy areas involved and the cross-pillar nature of the SIS, three legislative acts had to be adopted: two Regulations and one third pillar Decision. The package is as follows:

Regulation (EC) No 1986/2006 (vehicle registration certificates). Regulation (EC) No 1987/2006 (movement of people). Decision 2007/533/JHA (processing data for police and judicial cooperation in criminal matters).

The fact that the legislative package consists of separate instruments does not, however, effect the principle that SIS II constitutes one single information system and that it should operate as such. Certain provisions of all three legislative acts are, as a result, identical.

The Schengen Information System (SIS), which was set up in the mid 1980’s is an essential tool for the application of the Schengen acquis . It allows the Member States, through an automatic query procedure, to obtain information on a suspected person when an alert has been sent out. Information thus obtained can be used:

for police and judicial cooperation in criminal matters; for controls on persons both at the external borders of the EU or within a national state; for issuing visas and residence permits.

It acts as an indispensable component of Schengen by offering those participating in the Schengen Agreement a high level of security.

When first established SIS was organised on an intergovernmental basis. However, in 2004 with the enlargement of the EU, it was decided to assign the technical development of the second generation SIS to the Commission. The necessary financial resources from the EU’s budget for the realisation of this project were allocated accordingly. (See Council Regulation (EC) No 2424/2001 ).

CONTENT: the purpose of this Decision, therefore, is the establishment of the second generation Schengen Information System (SIS II) in order to ensure a high level of security within the area of freedom, security and justice. It constitutes the necessary legislative basis for governing SIS II.

This Decision establishes the conditions and procedures for the entry and processing in SIS II of:

alerts on persons and objects; the exchange of supplementary information; and additional data for the purpose of police and judicial cooperation in criminal matters.

Specifically the Decision also lay down provisions on:

the technical architecture of SIS II; the responsibilities of the Member States and the Management Authorities; general data processing; the rights of persons concerned; and liability issues.

The Decision specifies the technical architecture and financing of SIS II; it lays down rules concerning its operation and use; the categories of data to be entered into the system; the purpose for which data is to be entered; the criteria for their entry; the authorities authorised to access the data; the interlinking of alerts and further rules on data processing and the protection of personal data.

SIS II includes a central system (Central SIS II) and national applications. The expenditure involved in the operation of Central SIS II and related communication infrastructure is to be charged to the general budget of the EU.

In other provisions, the Decision:

establishes a manual that sets out the detailed rules for the exchange of certain supplementary information on alerts; awards the Commission, for a transitional period only, responsibility for the operational management of Central SIS II and parts of the communication infrastructure. (The transitional period should last for no longer than five years); specifies that SIS II is to contain alerts on persons wanted for arrest for surrender purposes and wanted for arrest for extradition purposes; sets out provisions regarding the exchange of supplementary information, particularly, data relating to the European Arrest Warrant; specifies that SIS II should contain alerts on missing persons, on persons and objects for discreet checks or specific checks, and on objects for seizure or use as evidence in criminal proceedings; specifies that alerts should not be kept on SIS II for longer than needed. As a general principle, alerts should be erased from SIS II after a period of three years. Alerts on objects entered for discreet checks or specific checks should be automatically erased from SIS II after five years. Alerts on objects seized for use as evidence should be automatically erased from SIS II after a period of 10 years; allows for the processing of biometric data in order to assist in the reliable identification of individuals. By the same token SIS II will also allow for the processing of data concerning individuals whose identify has been misused in order to avoid inconvenience caused by the misidentification; allows Member States to add an indication, called a flag, to an alert, meaning that the action to be taken on the basis of the alert will not be taken on its territory. When a flag has been added and the whereabouts of the person wanted for arrest for surrender becomes known, the whereabouts should always be communicated to the issuing judicial authority, which may decide to transmit a European Arrest Warrant; makes it possible for Member States to establish links between alerts in SIS II; specifies that data processed in connection with this Decision must not be transferred, or made available, to third countries; states that personal data processed in the context of this Decision should be protected in accordance with the principles set out in the Council of Europe Convention for the protection of individuals with regard to automatic processing of personal data; as should Regulation (EC) No 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and the free movement of such data; states that national supervisory authorities responsible for personal data will monitor the processing of personal data relating to this Regulation; as will the European Data Protection Supervisor; requires the Member States and the Commission to draw up a security plan in order to facilitate the implementation of security obligations and requires them to cooperate with each other in order to address common security issues; allows Europol and Eurojust direct access to SIS II data – subject to certain conditions; requires the Commission to prepare a report on the technical functioning of Central SIS II and the communications infrastructure every two years. An overall evaluation should be prepared by the Commission every four years; specifies the technical rules on entering data, including data required for entering an alert, updating, deleting and searching data, rules on compatibility and priority of alerts, links between alerts and the exchange of supplementary information etc. are to be prepared by the Commission through implementing powers; and finally sets out appropriate transitional provisions in respect of alerts issued in SIS 1+, which are to be transferred to SIS II.

The Decision applies to the United Kingdom, Ireland, Norway, Iceland and Switzerland.

ENTRY INTO FORCE: 27 August 2007.

For countries participating in SIS 1+ is will apply on a date to be fixed by the Council.

The European Parliament adopted the resolution drafted by Carlos COELHO (EPP-ED, PT) incorporating a series of compromise proposals agreed with the Council on the proposed regulation on the Schengen Information System, with a view to reaching agreement at 1st reading. The report was adopted by 521 votes in favour to 72 against with 65 abstentions. (Please see the document of 05/10/2006 for a summary of the main amendments.) The proposal is part of a package measures on the legislative basis for a new Schengen Information System (SIS I) which will allow new Member States to join the Schengen area as soon as possible. (Please see COD/2005/0104 and COD/2005/0106). The rapporteur sought to achieve a first reading agreement with Council and the compromise amendments adopted had been negotiated and accepted in informal trialogues with the Commission and the Council. However MEPs refused to introduce a last minute change requested by Council which would allow national intelligence services to have access to the information stored in SIS II.

The key amendments relating to the Management Authority and biometrics are detailed in the preceding summary. Many of the amendments seek to improve personal data protection in SIS II. For instance, alerts after refusing entry or stay should not be kept longer in the SIS II than the time required to meet the purposes for which they were supplied. As a general principle, such data should be kept no longer than three years.

The Presidency informed the Council of the vote that took place at the LIBE Committee (on civil liberties, Justice and Home Affairs) of the European Parliament on 5 October 2006 regarding the legislative package on SIS II. The LIBE Committee adopted these texts with the exception of the addition of the words "or the entry of data in the SIS II" at the end of Article 17(1)(b) of the Regulation ( COD/2005/0106 ) and of Article 37(1)(b) of the Decision ( CNS/2005/0103 ).

The texts as adopted by the LIBE Committee shall be submitted to the second Plenary session of the European Parliament in October 2006.

The Council confirmed its position on this legislative package as agreed by Coreper and gave a mandate to the Finnish Presidency to continue negotiations with the European Parliament with a view to reaching an agreement at first reading.

The Council adopted conclusions on SIS I+ and SIS II.

As regards SIS II , the Council :

§ considers that the revised implementation schedule for the SIS II (contained in Commission staff working document 12379/06) seems to be feasible and realistic. According to the revised schedule, the SIS II would be operational for the Member States currently participating in the SIS 1+ by June 2008, allowing the integration of the Member States not yet participating in the SIS 1+;

§ confirms the revised schedule, and at the same time instructs the relevant Council working groups and Commission bodies to do their utmost to have the SIS II operational at the earliest possible opportunity. - reaffirms that the development of the SIS II remains the absolute priority ;

§ agrees to prolong the Commission mandate to develop the SIS II beyond 31 December 2006 and also to clarify the mandate so as to make it clear that the technical integration of the new Member States into the SIS II is included in the mandate;

§ agrees to set up an informal Task Force, consisting of experts seconded by interested Member States, to assist the work of the Council, in co-operation with the Commission, on the management and coordination of the SIS II project, including the state of preparedness of all Member States. The Council invites all the stakeholders in the SIS II project to cooperate fully with the Task Force and the Presidency and the Commission are invited to agree on the practical arrangements for the Task Force as soon as possible.

Concerning the SIS 1+ , the Council welcomes the Portuguese proposal, which could make it possible to integrate the new Member States in the SIS1+, and agrees with the elements contained in document 12583/06. The relevant working groups are invited to work out all the outstanding technical, financial, legal, organisational and management aspects of the proposal forwarded by Portugal, so as to be in a position to take a final decision at its meeting in December on whether or not to proceed with the integration of the new Schengen States into the SIS 1+.

As regards the lifting of internal border controls , the Council invites, on the basis of the outcome of discussions on having an operational Schengen Information System in place in all Member States as soon as possible, the competent working groups to prepare a feasible and realistic global planning for the lifting of the controls at the internal land, sea and air borders , taking into account also the results of the Schengen evaluations required for permitting the putting into effect of the entire Schengen acquis for the Member States concerned. On the basis of this work, the Council intends to decide in December 2006 on the date or dates for the lifting of those controls and to inform the European Council.

The committee adopted the report by Carlos COELHO (EPP-ED, PT) incorporating a series of compromise proposals agreed with the Council (under the consultation procedure) on the proposed decision on the establishment, operation and use of the second generation Schengen Information System (SIS II). The proposal was part of a package of legislation defining the legal basis for SIS II on which the committee was seeking to negotiate an agreement with the Council so that the new Member States could be included as soon as possible in the Schengen Information System (see COD/2005/0106 and COD/2005/0104). Given the different policy areas involved and the cross-pillar nature of the SIS, the Commission had to table three legislative proposals: two EC regulations and one third pillar EU decision. The key proposals for the decision were as follows:

- a Management Authority, funded by the EU budget, will be responsible for managing the operation of the SIS II central data base. The Management Authority's personal data processing activities will be monitored by the European Data Protection Supervisor, who will be required to ensure that they are audited to international standards at least every four years. During a transitional period before this authority starts work the Commission will be responsible for the management of the central SIS II. It may delegate the management to national public bodies in two different countries. The European Parliament and the Council must be regularly informed about the conditions and the scope of that delegation;

- personal data processing at national level would be audited by national supervisory authorities, but in cooperation with the European Data Protection Supervisor so as to ensure coordinated supervision;

- each Member State would be responsible for setting up and maintaining a national data system that can communicate with the central SIS II and would have to designate an authority for that purpose. It would also have to take steps necessary to protect personal data;

- with regard to biometrics, photographs and fingerprints may only be entered in SIS II following a special quality check to ascertain the fulfilment of a minimum data quality standard. A search with biometrics should be excluded at the initial stage of the system and will be possible only when that is technically viable. Before this functionality is implemented in SIS II, the Commission will have to report to Parliament on the availability and readiness of the required technology;

- a Member State may create a link between alerts only when there is a clear operational need;

- with regard to data retention periods, alerts on objects for discreet checks or specific checks shall be kept for a maximum of five years, and alerts on objects for seizure or use as evidence in criminal proceedings shall be kept for a maximum of ten years. These conservation periods may be extended should this prove necessary for the purposes for which the alert was issued;

- data processed in the SIS II in application of the Decision shall not be transferred or made available to a third country or to an international organisation. By way of derogation, certain passport details may be exchanged with members of Interpol by establishing a connection between the SIS II and the Interpol database on stolen or missing travel documents, subject to the conclusion of an Agreement between Interpol and the EU;

- in view of the importance of transparency and communication to the public, the Commission and the National Supervisory Authorities shall organise a campaign to inform the public about the objectives, the data stored, the authorities with access and the rights of persons. Such campaigns will have to be repeated regularly and Member States will also have to inform their citizens in general about the SIS II.

The Mixed Committee (EU + Norway, Iceland and Switzerland) reached agreement on a number of outstanding issues concerning the legal instruments of the second generation of the Schengen Information System (SIS II), in particular:

§ the long-term operational management of SIS II;

§ the use of biometrics;

§ the transitional period applying to the content of the old alerts.

Regarding the question of alerts relating to surrender procedures, the Mixed Committee asked the Council preparatory bodies to finalise a compromise text. On that basis, the Presidency of the Council will negotiate with the European Parliament with a view to having the SIS II legal instruments adopted as soon as possible.

The Mixed Committee (EU + Norway, Iceland and Switzerland) reached an agreement on a draft Regulation on the establishment, operation and use of the second generation Schengen Information System (SIS II).

This draft Regulation defines the conditions and procedures for the processing of alerts entered in the SIS II in respect of third country nationals, the exchange of supplementary information and additional data for the purpose of refusing entry or stay in the territory of the Member States.

This Regulation also lays down provisions in particular on the technical architecture of the SIS II, the responsibilities of the Member States and of the Management Authority, general data processing, the rights of the persons concerned and liability.

On 31 May 2005, the Commission submitted legislative proposals setting out the legal basis for SIS II: two Regulations to be adopted by the codecision procedure and one Council Decision. In order to allow SIS II to be operational as soon as possible and consequently to lift the checks at the internal borders for the new Member States, the legislative instruments have to be adopted by the Council and the European Parliament quickly.

The Council reviewed the state of play of SIS II and discussed its legal basis. It confirmed the use of biometrics for identification purposes in the SIS II as soon as technically possible. Six of the new Member States (Czech Republic, Latvia, Lithuania, Hungary, Estonia and Slovakia), joined by Slovenia, presented a joint statement urging the Council to ensure that discussions on the legislative proposals would not delay the adoption of SIS II.

To recall, on 31 May 2005, the Commission submitted legislative proposals setting out the legal basis for SIS II: two Regulations to be adopted by the codecision procedure and one Council Decision. Discussions on these proposals have reached a crucial stage. In order to allow SIS II to be operational in 2007 and consequently to lift the checks at the internal borders for the new Member States, the legislative instruments have to be adopted quickly.

The Council agreed to set up a high-level group of experts that will support political decision-making

on the project. The group would meet for the first time in March and report to the April 2006 JHA Council meeting.

The Council concluded that the best solution for the management of the SIS II during the interim period would be for the Commission to delegate management to the appropriate Member States: France for the central unit and Austria for the backup central unit. The management of the information technology in the JHA field should be looked at in a long-term perspective.

The Austrian Presidency invited the Commission to present proposals on these issues.

The Mixed Committee heard an oral update from the Commission concerning the technical development of the Schengen Information System (SIS) II. The Commission announced more flexibility in the use of the Schengen financing facility. Some Member States were concerned that SIS II would lead to diminished security compared to the existing SIS.

The new Member States emphasised the importance of political commitment to the timescales for removing internal borders.

PURPOSE: To establish a legal framework for governing SIS II and to lay down specific provisions for the processing of data supporting police and judicial co-operation in criminal matters.

PROPOSED ACT : Council Decision

CONTENT: In December 2001 the Council recognised the need to upgrade, modernise and re-organise the existing Schengen Information System (SIS), which acts as a common information system allowing the competent authorities in the Member States to exchange information on persons suspected of criminal activities. Specifically, SIS allows Member States, through an automatic query procedure, to obtain information on a suspected person when an alert has been sent out. Information obtained can be used for police and judicial co-operation in criminal matters as well as for controls on persons both at the external borders of the EU or within a nation state. It can also be used for issuing visas and residence permits. SIS acts as an indispensable component of Schengen by offering those participating in the Schengen Agreement a high level of security. With the enlargement of the EU in 2004 the Council decided to assign the technical development of the second generation SIS to the Commission. The necessary financial resources from the EU’s budget for the realisation of this project were allocated accordingly (see 2001/0818 CNS).

In order to enact the legal framework governing SIS II the Commission has presented two legal instruments (a Regulation and a Decision) that will work in tandem with each other. The Regulation (2005/0106 COD) is based on Title IV of the EU Treaty, whereas the Decision is based on Title VI of the EU Treaty. A third proposal is also being presented based on Title V of the EU Treaty relating to Transport, (2005/0104 COD).

The provisions being proposed in the Decision are based largely on the current SIS system, the requirements of which are contained in a 1990 Convention implementing the Schengen Agreement. The differences between the Regulation and the Decision can be explained as follows. The Regulation will focus on the processing of data linked to the movement of persons , subject or part of the Schengen acquis. The Decision, on the other hand, will focus on the processing of data supporting police and judicial co-operation in criminal matters .

Once approved, this Decision will repeal Council Decision 2004/201/JHA on procedures for amending the SIRENE manual, as well as replacing Article 92-119 of the Schengen Convention. The Commission has chosen to present this as a Decision given that an act is needed to apply common rules relating to the processing of data in the system. One of the main objectives of the proposal is to facilitate co-operation between the judicial authorities of he Member States in relation to criminal proceedings and the enforcement of criminal decisions. The proposal also intends to facilitate extradition and surrender between the Member States.

As such the specific objectives of the proposed Decision are as follows:

- To provide and process data needed for the effective implementation of the European Arrest Warrant. Data on the EAW will thus be stored centrally on the SIS II system thereby improving upon the current situation where information is exchanged on a bilateral basis only.

- To offer greater protection to individuals, subject to their consent, in cases where their identity has been abused. Under this provision the Decision will allow for the processing of biometrics that will result in more accurate identifications and improved quality of the personal data entered in the system.

- To offer a more consistent and homogenous application of the data protection rules provided for in Regulation 45/2001 by entrusting the European Data Protection Supervisor with the monitoring of personal data connected to the use of the SIS II. The approach being proposed allows for just one body being responsible for all of the Commission’s data processing activities - under both the first and the third pillar.

- Transfer of personal data to a third party or country subject to the appropriate legal instruments. This possibility will be an exception to the general rule.

- The current inter-governmental nature of the SIS provisions will be brought in to the classic framework of European law instruments. In this way the EU institutions will be associated with the adoption and implementation of these new instruments thus reinforcing the legal value of the rules governing the SIS.

- The Commission will be entrusted with the operational management of the Central Part of SIS II.

The proposal is being presented in compliance with relevant Decisions allowing the United Kingdom and Ireland to take part in some of the provisions of the Schengen acquis. As such they will be participating in the provisions of the Decision, as will Norway and Iceland. As far as the new Member States are concerned they will be applying the proposed Decision pursuant to a Council decision in conformity with this provision.

Concerning budgetary implications, it was agreed in 2001 that the Commission should be responsible for the development of the second generation SIS. The finances of this exercise have been charged to the budget of the European Union. The present proposal establishes that the cost incurred for the operation of SIS II shall continue to be covered by the EU’s budget. The biggest expenditure will be made during the development phase (design, construction and testing of SIS II). The operational phase, which will commence in 2007, constitutes a long-term budgetary commitment that will need to be examined in light of the new financial perspective. The Commission points out that if it is to be responsible for the operational management of SIS II for a transitional period, then adequate human resources will need to be allocated. For the mid-to long term, the Commission will assess the different externalisation options, taking into account the synergy effects resulting from the operation of several other large scale IT systems such s the Visa Information System (VIS).

FINANCIAL IMPLICATIONS:

The present financial statement covers the expenditure necessary for operating SIS II as from 2007.

- Budget lines and headings: 18 08 02: Schengen Information System, second generation (SIS II)

- Overall figures: For Part B: EUR 132 Million for commitments until 2013. The costs foreseen include the following elements: The upkeep and operating costs of two premises, the updating of computer equipment and consumables, system maintenance, stationary, furniture and work equipment, direct access to point rental of the network, external support for maintaining the IT management systems, the development and operation of a search engine based on biometric identifies, the cost of external human resources including 21 security agents and 21 data input operators.

- Period of application: From 2007 to 2013 (for this statement). Undetermined duration, after 2013.

- Overall financial impact of human resources and other administrative expenditure: EUR 23 807 million. This will include 23 permanent posts from levels A, B and C.

Lastly, a total contribution from Iceland and Norway totaling 2.128% of the total cost is foreseen.

PURPOSE: To establish a legal framework for governing SIS II and to lay down specific provisions for the processing of data supporting police and judicial co-operation in criminal matters.

PROPOSED ACT : Council Decision

CONTENT: In December 2001 the Council recognised the need to upgrade, modernise and re-organise the existing Schengen Information System (SIS), which acts as a common information system allowing the competent authorities in the Member States to exchange information on persons suspected of criminal activities. Specifically, SIS allows Member States, through an automatic query procedure, to obtain information on a suspected person when an alert has been sent out. Information obtained can be used for police and judicial co-operation in criminal matters as well as for controls on persons both at the external borders of the EU or within a nation state. It can also be used for issuing visas and residence permits. SIS acts as an indispensable component of Schengen by offering those participating in the Schengen Agreement a high level of security. With the enlargement of the EU in 2004 the Council decided to assign the technical development of the second generation SIS to the Commission. The necessary financial resources from the EU’s budget for the realisation of this project were allocated accordingly (see 2001/0818 CNS).

In order to enact the legal framework governing SIS II the Commission has presented two legal instruments (a Regulation and a Decision) that will work in tandem with each other. The Regulation (2005/0106 COD) is based on Title IV of the EU Treaty, whereas the Decision is based on Title VI of the EU Treaty. A third proposal is also being presented based on Title V of the EU Treaty relating to Transport, (2005/0104 COD).

The provisions being proposed in the Decision are based largely on the current SIS system, the requirements of which are contained in a 1990 Convention implementing the Schengen Agreement. The differences between the Regulation and the Decision can be explained as follows. The Regulation will focus on the processing of data linked to the movement of persons , subject or part of the Schengen acquis. The Decision, on the other hand, will focus on the processing of data supporting police and judicial co-operation in criminal matters .

Once approved, this Decision will repeal Council Decision 2004/201/JHA on procedures for amending the SIRENE manual, as well as replacing Article 92-119 of the Schengen Convention. The Commission has chosen to present this as a Decision given that an act is needed to apply common rules relating to the processing of data in the system. One of the main objectives of the proposal is to facilitate co-operation between the judicial authorities of he Member States in relation to criminal proceedings and the enforcement of criminal decisions. The proposal also intends to facilitate extradition and surrender between the Member States.

As such the specific objectives of the proposed Decision are as follows:

- To provide and process data needed for the effective implementation of the European Arrest Warrant. Data on the EAW will thus be stored centrally on the SIS II system thereby improving upon the current situation where information is exchanged on a bilateral basis only.

- To offer greater protection to individuals, subject to their consent, in cases where their identity has been abused. Under this provision the Decision will allow for the processing of biometrics that will result in more accurate identifications and improved quality of the personal data entered in the system.

- To offer a more consistent and homogenous application of the data protection rules provided for in Regulation 45/2001 by entrusting the European Data Protection Supervisor with the monitoring of personal data connected to the use of the SIS II. The approach being proposed allows for just one body being responsible for all of the Commission’s data processing activities - under both the first and the third pillar.

- Transfer of personal data to a third party or country subject to the appropriate legal instruments. This possibility will be an exception to the general rule.

- The current inter-governmental nature of the SIS provisions will be brought in to the classic framework of European law instruments. In this way the EU institutions will be associated with the adoption and implementation of these new instruments thus reinforcing the legal value of the rules governing the SIS.

- The Commission will be entrusted with the operational management of the Central Part of SIS II.

The proposal is being presented in compliance with relevant Decisions allowing the United Kingdom and Ireland to take part in some of the provisions of the Schengen acquis. As such they will be participating in the provisions of the Decision, as will Norway and Iceland. As far as the new Member States are concerned they will be applying the proposed Decision pursuant to a Council decision in conformity with this provision.

Concerning budgetary implications, it was agreed in 2001 that the Commission should be responsible for the development of the second generation SIS. The finances of this exercise have been charged to the budget of the European Union. The present proposal establishes that the cost incurred for the operation of SIS II shall continue to be covered by the EU’s budget. The biggest expenditure will be made during the development phase (design, construction and testing of SIS II). The operational phase, which will commence in 2007, constitutes a long-term budgetary commitment that will need to be examined in light of the new financial perspective. The Commission points out that if it is to be responsible for the operational management of SIS II for a transitional period, then adequate human resources will need to be allocated. For the mid-to long term, the Commission will assess the different externalisation options, taking into account the synergy effects resulting from the operation of several other large scale IT systems such s the Visa Information System (VIS).

FINANCIAL IMPLICATIONS:

The present financial statement covers the expenditure necessary for operating SIS II as from 2007.

- Budget lines and headings: 18 08 02: Schengen Information System, second generation (SIS II)

- Overall figures: For Part B: EUR 132 Million for commitments until 2013. The costs foreseen include the following elements: The upkeep and operating costs of two premises, the updating of computer equipment and consumables, system maintenance, stationary, furniture and work equipment, direct access to point rental of the network, external support for maintaining the IT management systems, the development and operation of a search engine based on biometric identifies, the cost of external human resources including 21 security agents and 21 data input operators.

- Period of application: From 2007 to 2013 (for this statement). Undetermined duration, after 2013.

- Overall financial impact of human resources and other administrative expenditure: EUR 23 807 million. This will include 23 permanent posts from levels A, B and C.

Lastly, a total contribution from Iceland and Norway totaling 2.128% of the total cost is foreseen.