In the margins of the Council, the Mixed Committee (the EU plus Norway, Iceland, Liechtenstein and Switzerland) discussed the state of play concerning the development of the Visa Information System (VIS) and of the Schengen Information System II (SIS II).

Ministers expressed concern at the delays being experienced and invited the Commission and the Council working parties to continue their work and to report back to the Council at its next meeting on 30 November and 1 December 2009.

2969

2962

PURPOSE: to confer upon the future Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, tasks regarding the operational management of SIS II and VIS in application of Title VI of the EU Treaty.

PROPOSED ACT: Council Decision.

BACKGROUND: in order to ensure the free movement of persons, the Schengen Convention (1985) established a Schengen Information System (SIS) designed to compensate for the abolition of internal border controls between the participating countries by reinforcing security at the Union's external borders. This system, which was also established to maintain public policy and public security including national security, has since been greatly improved and extended, leading to the second-generation Schengen Information System (SIS II), established by Council Decision 2007/533/JHA and Regulation (EC) No 1987/2006 of the European Parliament and of the Council.

At the same time, the Visa Information System (VIS) was established by Regulation (EC) No 767/2008 of the European Parliament and of the Council enabling consulates and other competent authorities of the Member States to exchange visa information for the purposes of facilitating the visa application procedure, preventing 'visa shopping' and facilitating checks at external border crossing points and within the Member States, contributing to the prevention of threats to the internal security of any of the Member States. Council Decision 2008/633/JHA complements the VIS Regulation as regards access for consultation of VIS by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences.

In accordance with the relevant provisions of that Decision and the VIS Regulation, the Commission is entrusted with the operational management of Central SIS II and VIS as well as parts of the communication infrastructure during the transitional period. In joint statements accompanying the SIS II and VIS legal instruments, the Council and the European Parliament invited the Commission, following an Impact Assessment containing a substantive analysis of alternatives, from the financial, operational and organisational perspective, to present the necessary legislative proposals entrusting an agency with the long term operational management of SIS II and VIS . After the analysis of different options, a new Regulatory Agency was found to be the most feasible alternative for carrying out the tasks of a "Management Authority" for these systems in the long term. That is why the Commission is now proposing the current legal framework, including this Decision and a Regulation establishing the Agency (see below).

IMPACT ASSESSMENT: the Commission carried out an impact assessment. Following a pre‑screening process, five possible options to achieve the objective of long-term operational management of SIS II, VIS and EURODAC were retained and further analysed:

Option 1: baseline : the operational management solution for SIS II and VIS (namely, entrusting management tasks to Member States' authorities). Currently, the Commission manages EURODAC and this solution would also be maintained; Option 2: Baseline+ : the Commission would entrust the operational management tasks related to SIS II, VIS and EURODAC to Member States' authorities; Option 3: a new Regulatory Agency : a new Regulatory Agency would assume responsibility for the long-term operational management of SIS II, VIS and EURODAC; Option 4: FRONTEX : this Agency would manage the three systems, which would entail changes to both its basic act and its operational management structure; Option 5: EUROPOL : EUROPOL would manage SIS II, whereas the Commission would manage VIS and EURODAC. This option was considered while negotiations on the conversion of the current Europol Convention into a Community act were still ongoing ( CNS/2006/0310 ).

As a result of a comparative analysis, the new Regulatory Agency option ( option 3 ), which aims to create a joint management structure for SIS II, VIS and EURODAC, scored highest.

CONTENT: in the framework of the establishment of the future Agency for the operational management of large-scale IT systems in the area of freedom, security and justice created by the proposal for a Regulation of the European Parliament and of the Council, this proposal complements the required legal framework to confer on the Agency tasks regarding the operational management of SIS II and VIS in application of Title VI of the EU Treaty, namely the tasks assigned to the Management Authority by Council Decisions 2007/533/JHA and 2008/633/JHA.

Legal particularity of the proposed plan: this legislative package contains two distinct proposals:

a proposal for a Regulation covering the first pillar scope of SIS II, VIS and EURODAC; and this proposal for a Council Decision entrusting the Agency created by the Regulation with tasks related to the operation management of the SIS II and VIS systems in application of Title IV of the EC Treaty, and under the third pillar.

This established method for a legislative package of this nature is also applied in the entire legal instrument related to the SIS, in accordance with the relevant provisions of the Treaty.

Status of Europol and Eurojust within the governance structure of the Agency : in relation to the governance structured provided for the Agency, members of Europol and Eurojust should have observer status at the meetings of the Management Board when a question to SIS II in relation to the application of Decision 2007/533/JHA or Decision 2008/633/JHA is on the agenda.

Rules on security and data protection : entrusting an Agency with the operational management of large-scale IT systems in the area of freedom, security and justice does not affect the specific rules governing the purpose, access rights, security measures and further data protection requirements applicable to those systems.

Territorial provisions : the legal frameworks of SIS II and VIS are characterised by variable geometry. To the extent that it applies to VIS, the proposal shall not apply to Ireland or the United Kingdom, in accordance with the relevant provisions of the Treaty and other relevant legal provisions. However, the legal framework shall apply to Ireland and the United Kingdom insofar as its provisions relate to SIS II, in which the two countries take part. Moreover, a number of third countries, namely Iceland, Norway, Switzerland and Liechtenstein are or will be associated with the implementation, application and development of the Schengen acquis, and therefore participate both in SIS II and VIS.

BUDGETARY IMPLICATIONS: the proposal does not impact on the financial framework for 2007‑2013. The financial statement annexed to the proposal for a Regulation establishing the Agency is based on the assumption that it will be adopted in 2010 in order for the Agency to be legally established in 2011 and become a fully fledged Agency in 2012 .

Overall, the preparatory and start-up phase of the Agency between 2010 and 2013 is estimated at EUR 113 million , which will be covered by the 2007‑2013 financial framework.

COM(2009)0294
EUR-Lex

This Commission communication concerns the legislative package establishing an Agency for the operational management of large-scale IT systems in the area of freedom, security and justice.

The main issues are as follows:

Objective : the objective of this legislative package is to establish an Agency responsible for the long-term operational management of the second-generation Schengen Information System (SIS II), Visa Information System (VIS) and EURODAC. In addition, the Agency could be given responsibility for other large-scale IT systems in the area of freedom, security and justice.

Background : in order to benefit from the developments in the field of information technology and to allow for the introduction of new functionalities, a second-generation Schengen Information System (SIS II) will replace the existing Schengen Information System (SIS 1+). It will ensure a high level of security within the European Union’s area of freedom, security and justice, including maintenance of public security and public policy as well as safeguarding security in the territories of the Member States. VIS will be the essential IT-based instrument for supporting implementation of the common visa policy and facilitating, inter alia, effective border control. EURODAC is an IT system for comparing the fingerprints of asylum seekers and illegal immigrants in order to facilitate the application of the Dublin II Regulation, which makes it possible to determine the Member State responsible for examining an asylum application.

SIS II and VIS are being developed by the Commission. According to the legal instruments governing these systems, the Commission is entrusted with the operational management of SIS II and VIS during a transitional period. The Commission currently entrusts the operational management of SIS II and VIS to national public-sector bodies in two different Member States, namely in France and Austria. It is, however, not the Commission’s core task to operate such large-scale IT systems. Hence, the SIS II and VIS legal instruments stipulate the need to establish a Management Authority in the long term, mainly to ensure continuity and operational management of the respective systems and the permanent flow of data.

In joint statements accompanying the SIS II and VIS legal instruments, the Council and the European Parliament invited the Commission to present, following an impact assessment, the necessary legislative proposals entrusting an Agency with the long-term operational management of the Central SIS II and parts of the Communication Infrastructure as well as the VIS and EURODAC.

Structure of the legislative package : the Commission document proposes a descriptive summary of the objectives of the legislative framework of the future Agency. This can be summarised as follows:

Overview of the Agency : the Agency’s core task should be to provide the operational management for these systems keeping them functioning 24 hours a day, seven days a week. Beyond these operational tasks, the corresponding responsibilities for adopting security measures, reporting, publishing, monitoring and information issues as well as organising specific VIS and SIS II related trainings, should be assigned to the Agency. Many of the tasks related to the operation of these IT systems, such as procurement and project management would overlap, thus allowing the creation of synergies.

The Agency’s governance structure should also reflect the existing variable geometry, i.e. a heterogeneous group of Member States and associated countries with a varying level of participation in the systems:

Cross-pillar elements of the structure : these elements require the adoption of different legal instruments for establishing the Agency (in particular for the SIS II). The Agency shall be based on legal instruments covering the first and third pillars. The present package of legal instruments combines two legal instruments:

Regulation of the European Parliament and of the Council establishing an Agency for the operational management of large-scale IT systems in the area of freedom, security and justice; Council Decision conferring upon the Agency established by Regulation XX tasks regarding the operational management of SIS II and VIS in application of Title VI of the EU Treaty.

The Regulation, will describe the structure and the tasks of the Agency, its voting procedures and other necessary elements.

The Decision, which takes account of the cross-pillar elements of the systems, will confer on the Agency the tasks related to the operational management of SIS II and VIS in application of Title VI of the EU Treaty.

Financial Implications : the estimated total costs related to the preparatory and start-up phase of the long-term operational management of SIS II, VIS and EURODAC amount to EUR 113 million between 2010 and 2013. This amount is covered by the financial framework for 2007-2013. An overview of the operational and administrative expenditure is provided in the legislative financial statement annexed to the proposal for a Regulation establishing an Agency for the operational management of large-scale IT systems in the area of freedom, security and justice. The financial statement is mainly founded on estimates and figures from the impact assessment conducted in 2007. It is also based on the assumption that this proposal will be adopted in 2010, in order for the Agency to be legally established in 2011 and become a fully fledged Agency able to take over all the tasks related to the operational management of SIS II, VIS and EURODAC and other large-scale IT systems in 2012.

The estimated costs for the Agency cover operational as well as administrative expenditure needed to ensure the effective operational management of SIS II, VIS and EURODAC. The total amount also includes costs related to personnel and its training. It is currently foreseen that the Agency will employ 120 people. However, what is not foreseen in the budget of the Agency are the costs linked to the connection of the three systems to the s-TESTA network. According to the proposal, the Commission remains responsible for all contractual and budgetary aspects related to the communication infrastructure. The yearly costs of the connection of the three systems amount to around EUR 16.5 million, an amount that will be covered by the Community budget. Lastly, resources have been foreseen for the acquisition of a new site for the Agency which has also the capacity to host systems.

Compared to the current situation, where the systems are developed and operated separately, and once the necessary initial investments have been made, a joint management structure would result in synergies and cost efficiencies in the long term.

EUR-Lex
COM(2009)0292

EUR-Lex
SEC(2009)0836

EUR-Lex
SEC(2009)0837

PURPOSE: to confer upon the future Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, tasks regarding the operational management of SIS II and VIS in application of Title VI of the EU Treaty.

PROPOSED ACT: Council Decision.

BACKGROUND: in order to ensure the free movement of persons, the Schengen Convention (1985) established a Schengen Information System (SIS) designed to compensate for the abolition of internal border controls between the participating countries by reinforcing security at the Union's external borders. This system, which was also established to maintain public policy and public security including national security, has since been greatly improved and extended, leading to the second-generation Schengen Information System (SIS II), established by Council Decision 2007/533/JHA and Regulation (EC) No 1987/2006 of the European Parliament and of the Council.

At the same time, the Visa Information System (VIS) was established by Regulation (EC) No 767/2008 of the European Parliament and of the Council enabling consulates and other competent authorities of the Member States to exchange visa information for the purposes of facilitating the visa application procedure, preventing 'visa shopping' and facilitating checks at external border crossing points and within the Member States, contributing to the prevention of threats to the internal security of any of the Member States. Council Decision 2008/633/JHA complements the VIS Regulation as regards access for consultation of VIS by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences.

In accordance with the relevant provisions of that Decision and the VIS Regulation, the Commission is entrusted with the operational management of Central SIS II and VIS as well as parts of the communication infrastructure during the transitional period. In joint statements accompanying the SIS II and VIS legal instruments, the Council and the European Parliament invited the Commission, following an Impact Assessment containing a substantive analysis of alternatives, from the financial, operational and organisational perspective, to present the necessary legislative proposals entrusting an agency with the long term operational management of SIS II and VIS . After the analysis of different options, a new Regulatory Agency was found to be the most feasible alternative for carrying out the tasks of a "Management Authority" for these systems in the long term. That is why the Commission is now proposing the current legal framework, including this Decision and a Regulation establishing the Agency (see below).

IMPACT ASSESSMENT: the Commission carried out an impact assessment. Following a pre‑screening process, five possible options to achieve the objective of long-term operational management of SIS II, VIS and EURODAC were retained and further analysed:

Option 1: baseline : the operational management solution for SIS II and VIS (namely, entrusting management tasks to Member States' authorities). Currently, the Commission manages EURODAC and this solution would also be maintained; Option 2: Baseline+ : the Commission would entrust the operational management tasks related to SIS II, VIS and EURODAC to Member States' authorities; Option 3: a new Regulatory Agency : a new Regulatory Agency would assume responsibility for the long-term operational management of SIS II, VIS and EURODAC; Option 4: FRONTEX : this Agency would manage the three systems, which would entail changes to both its basic act and its operational management structure; Option 5: EUROPOL : EUROPOL would manage SIS II, whereas the Commission would manage VIS and EURODAC. This option was considered while negotiations on the conversion of the current Europol Convention into a Community act were still ongoing ( CNS/2006/0310 ).

As a result of a comparative analysis, the new Regulatory Agency option ( option 3 ), which aims to create a joint management structure for SIS II, VIS and EURODAC, scored highest.

CONTENT: in the framework of the establishment of the future Agency for the operational management of large-scale IT systems in the area of freedom, security and justice created by the proposal for a Regulation of the European Parliament and of the Council, this proposal complements the required legal framework to confer on the Agency tasks regarding the operational management of SIS II and VIS in application of Title VI of the EU Treaty, namely the tasks assigned to the Management Authority by Council Decisions 2007/533/JHA and 2008/633/JHA.

Legal particularity of the proposed plan: this legislative package contains two distinct proposals:

a proposal for a Regulation covering the first pillar scope of SIS II, VIS and EURODAC; and this proposal for a Council Decision entrusting the Agency created by the Regulation with tasks related to the operation management of the SIS II and VIS systems in application of Title IV of the EC Treaty, and under the third pillar.

This established method for a legislative package of this nature is also applied in the entire legal instrument related to the SIS, in accordance with the relevant provisions of the Treaty.

Status of Europol and Eurojust within the governance structure of the Agency : in relation to the governance structured provided for the Agency, members of Europol and Eurojust should have observer status at the meetings of the Management Board when a question to SIS II in relation to the application of Decision 2007/533/JHA or Decision 2008/633/JHA is on the agenda.

Rules on security and data protection : entrusting an Agency with the operational management of large-scale IT systems in the area of freedom, security and justice does not affect the specific rules governing the purpose, access rights, security measures and further data protection requirements applicable to those systems.

Territorial provisions : the legal frameworks of SIS II and VIS are characterised by variable geometry. To the extent that it applies to VIS, the proposal shall not apply to Ireland or the United Kingdom, in accordance with the relevant provisions of the Treaty and other relevant legal provisions. However, the legal framework shall apply to Ireland and the United Kingdom insofar as its provisions relate to SIS II, in which the two countries take part. Moreover, a number of third countries, namely Iceland, Norway, Switzerland and Liechtenstein are or will be associated with the implementation, application and development of the Schengen acquis, and therefore participate both in SIS II and VIS.

BUDGETARY IMPLICATIONS: the proposal does not impact on the financial framework for 2007‑2013. The financial statement annexed to the proposal for a Regulation establishing the Agency is based on the assumption that it will be adopted in 2010 in order for the Agency to be legally established in 2011 and become a fully fledged Agency in 2012 .

Overall, the preparatory and start-up phase of the Agency between 2010 and 2013 is estimated at EUR 113 million , which will be covered by the 2007‑2013 financial framework.

COM(2009)0294
EUR-Lex