Next event: Final act published in Official Journal 2018/11/21 more...
- Draft final act 2018/11/14
- Final act signed 2018/11/14
- End of procedure in Parliament 2018/11/14
- Act adopted by Council after Parliament's 1st reading 2018/11/09
- Council Meeting 2018/11/09
- Commission response to text adopted in plenary 2018/09/12
- Results of vote in Parliament 2018/07/05
- Decision by Parliament, 1st reading 2018/07/05
- Committee decision to enter into interinstitutional negotiations confirmed by plenary (Rule 71) 2018/01/17
- Committee decision to enter into interinstitutional negotiations announced in plenary (Rule 71) 2018/01/15
- Committee report tabled for plenary, 1st reading 2017/12/18
- Council Meeting 2017/12/08
- Vote in committee, 1st reading 2017/12/07
- Committee decision to open interinstitutional negotiations with report adopted in committee 2017/12/07
- Committee opinion 2017/11/09
- Amendments tabled in committee 2017/11/07
- Contribution 2017/10/23
- Contribution 2017/10/22
- Contribution 2017/10/15
- Document attached to the procedure 2017/10/09
- Contribution 2017/10/08
- Committee draft report 2017/10/04
Progress: Procedure completed
Role | Committee | Rapporteur | Shadows |
---|---|---|---|
Lead | LIBE | MACOVEI Monica ( ECR) | KUDRYCKA Barbara ( PPE), CHINNICI Caterina ( S&D), WIKSTRÖM Cecilia ( ALDE), ALBRECHT Jan Philipp ( Verts/ALE) |
Committee Opinion | BUDG | GEIER Jens ( S&D) | |
Committee Opinion | CONT |
Lead committee dossier:
Legal Basis:
TFEU 074, TFEU 077-p2, TFEU 078-p2, TFEU 079-p2, TFEU 082-p1, TFEU 085-p1-a2, TFEU 087-p2, TFEU 88-p2
Legal Basis:
TFEU 074, TFEU 077-p2, TFEU 078-p2, TFEU 079-p2, TFEU 082-p1, TFEU 085-p1-a2, TFEU 087-p2, TFEU 88-p2Events
PURPOSE: to create an agency at European Union level responsible for the operational management and, where appropriate, the development of large-scale IT systems within the area of freedom, security and justice (extending the mandate of eu-LISA).
LEGISLATIVE ACT: Regulation (EU) 2018/1726 of the European Parliament and of the Council on the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), and amending Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) No 1077/2011.
CONTENT: this Regulation strengthens the mandate of the ‘eu-LISA’ Agency by giving the Agency an important role in the implementation of the new IT architecture in the field of justice and home affairs (JHA).
Missions
TheAgency established by this Regulation replaces and succeeds the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice as established by Regulation (EU) No 1077/2011.
It shall be responsible for:
- the operational management of the Schengen Information System (SIS), the Visa Information System (VIS) and Eurodac, as well as the preparation, development and/or operational management of the Entry/Exit System ( EES ), DubliNet and the European Travel Information and Authorisation System ( ETIAS );
- implementing technical solutions to achieve interoperability, defined as the ability of information systems to exchange data and share information;
- providing assistance to Member States, at their request, for example support when extraordinary security or migration challenges or needs require it;
- playing a greater role in research relevant to the operational management of systems and in pilot projects of an experimental nature designed to test the feasibility of an action and its usefulness;
- providing support to the Commission services on technical issues relating to existing or new systems, where requested, in particular for the preparation of new proposals for large-scale IT systems to be managed by the Agency.
The Agency shall ensure a high level of data protection, in accordance with EU data protection law, including specific provisions for each large-scale IT system.
Legal status and location
The Agency shall be a body of the Union and shall have legal personality. It is based in Tallinn (Estonia). Development and operational management tasks shall be carried out at the technical site in Strasbourg (France). A backup site capable of operating a large-scale IT system in the event of a failure of such a system shall be installed in Sankt Johann im Pongau, Austria.
If there is a need to establish a second separate technical site, either in Strasbourg or Sankt Johann im Pongau or, where appropriate, in both locations, to host the systems, this request shall be justified on the basis of an impact assessment and an independent cost-benefit analysis.
Structure
The administrative and management structure of the Agency shall comprise: a Management Board; an Executive Director; Advisory Groups.
The Management Board shall appoint the Executive Director from a list of at least three candidates proposed by the Commission following an open and transparent selection procedure.
Before appointment, the candidates proposed by the Commission shall be invited to make a statement before the competent committee or committees of the European Parliament and answer questions from the committee members.
If the Management Board decides to appoint a candidate other than the one for which Parliament has expressed its preference, it shall inform Parliament and the Council in writing of the manner in which Parliament's opinion has been taken into account.
The Executive Director shall be assisted by a Deputy Executive Director appointed by the Management Board on a proposal from the Executive Director.
ENTRY INTO FORCE: as from 11.12.2018.
The European Parliament adopted by 541 votes to 71, with 20 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council on the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, and amending Regulation (EC) 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) 1077/2011.
The European Parliament’s position, adopted at first reading under the ordinary legislative procedure, amended the Commission proposal as follows:
Tasks : the Agency established by this Regulation replaces and succeeds the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice as established by Regulation (EU) No 1077/2011. It shall be responsible for the operational management of the Schengen Information System ( SIS ), the Visa Information System ( VIS ) and Eurodac , as well as the preparation, development and/or operational management of the Entry/Exit System ( EES ), DubliNet and the European Travel Information and Authorisation System ( ETIAS ).
Technical solutions : the amended text specifies that the Agency shall be able to implement technical solutions in order to comply with the availability requirements laid down in the legislative instruments governing the systems under the responsibility of the Agency while fully respecting the specific provisions of those instruments with regard to the technical architecture of the respective system.
Where those technical solutions require a duplication of a system or a duplication of components of a system an independent impact assessment and cost-benefit analysis shall be carried out and a decision shall be taken by the Management Board following the consultation of the Commission. The assessment shall also include an examination of the needs in terms of hosting capacity of the existing technical sites related to the development of such solutions and the possible risks of the current operational set up.
Tasks related to the communication infrastructure : when carrying out those tasks all external private-sector entities or bodies, including the network provider, shall be bound by the security measures and shall have no access to any operational data stored in the large scale IT systems operated by the Agency or transferred through the communication infrastructure or to the SIS II SIRENE-related exchange by any means.
Interoperability : where interoperability of large-scale information systems has been stipulated in a relevant legislative instrument, the Agency shall develop the necessary actions to enable that interoperability.
Support to Member States and the Commission: any Member State may request the Agency to provide advice with regard to its national systems' connection to the central systems . Any Member State may submit a request for ad-hoc support to the Commission which, subject to its positive assessment that such support is required by security or migratory extraordinary needs, shall transmit it, without delay, to the Agency, which shall inform the Management Board. The Member State shall be informed in case the Commission's assessment is negative.
The requesting Member States may task the Agency to establish a common component or router for advance passenger information and passenger name record data as a technical support tool to facilitate connectivity with air carriers. In such case eu-LISA is to collect centrally the data from air carriers and transmit those data to the Member States via the common component or router. The requesting Member States are to adopt the necessary measures to ensure air carriers transfer the data via eu-LISA.
Location : the Agency shall have its seat in Tallinn (Estonia). The tasks relating to development and operational management shall be carried out in the technical site in Strasbourg , France. A backup site capable of ensuring the operation of a large-scale IT system in the event of failure of such a system shall be installed in Sankt Johann im Pongau , Austria.
Due to the specific nature of the large-scale IT systems, should it become necessary for the Agency to establish a second separate technical site either in Strasbourg or in Sankt Johann im Pongau or in both locations, as required, in order to host the systems, such need shall be justified on the basis of an independent impact assessment and cost-benefit analysis.
Executive Director : the Management Board shall appoint the Executive Director from a list of at least three candidates proposed by the Commission following an open and transparent selection procedure.
Before appointment, the candidates proposed by the Commission shall be invited to make a statement before the competent committee or committees of the Parliament and answer questions from the committee members. If the Management Board takes a decision to appoint a candidate other than the candidate whom the Parliament indicated as its preferred candidate , the Management Board shall inform the Parliament and the Council in writing of the manner in which the opinion of the Parliament was taken into account.
The Executive Director shall be assisted by a Deputy Executive Director appointed by the Management Board on the proposal of the Executive Director.
Cooperation with international organisations and other relevant entities : where so provided by a Union act, in so far as it is necessary for the performance of its tasks, the Agency may, by means of the conclusion of working arrangements , establish and maintain relations with international organisations and their subordinate bodies governed by public international law or other relevant entities or bodies, which are set up by, or on the basis of, an agreement between two or more countries.
The Committee on Civil Liberties, Justice and Home Affairs adopted the report by Monica MACOVEI (ECR, RO) on the proposal for a regulation of the European Parliament and of the Council on the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, and amending Regulation (EC) 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) 1077/2011.
As a reminder, the aim of the proposal is to review eu-LISA establishing Regulation in order to adapt it to the recommendations for legislative amendments stemming from the evaluation, as well as to improve the functioning of eu-LISA and enhance and strengthen its role to ensure that its mandate meets current challenges at EU level in the area of freedom, security and justice.
Aims : Members pointed out that the Agency shall, inter alia , ensure:
effective, secure and continuous operation of large-scale IT systems in order to ensure continuous improvement of data quality; a high level of data protection , in line with relevant Union legislation; an appropriate level of security , including the implementation of a proper information security risk management process; the provision of adequate statistics to the Commission and to the relevant Union decentralised agencies.
Interoperability : the proposal provides for the Agency to develop the necessary measures to enable interoperability of systems, subject, where appropriate, to the adoption of the relevant legislative instruments.
Considering the risks posed to the right to privacy and the right to data protection, Members stated that interoperability cannot be implemented without a specific legal basis, comprising an impact assessment and a feasibility study . This is why they removed that provision.
Assistance to the Member States and the Commission : any Member State may request the Agency to provide advice as regards its national systems' connection to the central systems. Any Member State may also submit a request directly to the Agency for ad-hoc support. Prior to providing such ad-hoc support, the Agency shall consult the Commission .
Legal status and location : where a backup site is required to ensure the full functionality of the systems in the event of failure of one or more of those systems, this site shall be installed in Sankt Johann im Pongau, Austria. Members envisaged the possibility of creating new technical sites . No later than 15 months after the entry into force of the Regulation, the Commission shall assess the existing and future needs of the Agency in terms of the hosting capacity of existing sites.
Transparency : Members proposed that the rules adopted by the Management Board on the prevention and management of conflicts of interest of its members and the annual, written statement of commitment of the Members of the Management Boards, the executive Director and the members of the Advisory Groups shall be published on the website of the Agency . Moreover, the Agency is called on to adopt internal rules on the protection of whistle-blowers .
Management Board, the Executive Director and the Deputy Executive Director : following the organisation of an appropriate selection procedure by the Commission, and following a hearing of the proposed candidates in the competent committee of the European Parliament, the Management Board should also appoint an Executive Director. The Executive Director should be assisted by a Deputy Executive Director.
The Executive Director and the Deputy Executive Director shall be independent in the performance of their respective duties.
The Management Board shall evaluate the performance of the Agency. It shall also adopt internal rules to control the use and access of large-scale IT systems by Agency staff.
The Agency shall have sufficient budgetary and staff resources at its disposal so that it does not need to outsource its tasks and duties to private companies.
Cooperation with the Union's institutions, bodies, offices and agencies : the Agency shall cooperate with the Commission, with other Union institutions and with other Union bodies, offices and agencies in particular those established in the area of freedom, security and justice, and in particular the European Agency for Fundamental Rights, in matters covered by this Regulation, in order to achieve coordination and financial savings, to avoid duplication and to promote synergy and complementarity as regards their activities. This cooperation shall take place within the framework of practical working arrangements setting out cost recovery mechanisms .
Third countries : the Agency shall be open to the participation of third countries that have entered into any type of association agreement with the Union concerning the implementation, application and development of the Schengen acquis, as well as of Dublin-related measures and Eurodac-related measures.
Members want to provide a sufficient legal basis for the Agency to establish and maintain relations with international organisations and other relevant entities of bodies (such as Interpol and IATA) for the implementation of proposals on the Entry-Exit System and ETIAS .
Opinion of the European Data Protection Supervisor on the proposal for a Regulation on the eu-LISA.
As a reminder, the eu-LISA proposal is part of a wider process aimed at improving the management of external borders and strengthening internal security in the European Union to meet specific security challenges.
This Proposal aims mainly to entrust eu-LISA with:
the operational management of the existing and future large-scale IT systems in the area of freedom, security and justice; developing some aspects of the interoperability of these systems; carrying out research activities and pilot projects; developing, managing and hosting a common IT system for a group of Member States opting on a voluntary basis for a centralised solution in implementing technical aspects of the EU legislation on decentralised systems in the area of freedom, security and justice.
The EDPS was consulted informally before the publication of the eu-LISA Proposal and he provided informal comments to the Commission, which were taken into account only partially.
In its capacity as eu-LISA's supervisory authority, the EDPS:
recommends that the eu-LISA Proposal is accompanied by a detailed impact assessment of the right to privacy and the right to data protection which are enshrined in the Charter of Fundamental Rights of the EU ; recalled that there is currently no legal framework for the interoperability of EU large scale IT systems. Therefore eu-LISA could develop the implementing actions only if such legal framework is adopted. The EDPS proposes to delete current references related to interoperability in the eu-LISA Proposal; has concerns regarding the possibility that eu-LISA could develop and host a common centralised solution for large scale IT systems which are in principle decentralised. The EDPS proposes to delete the provision allowing the change of the architecture of the system on a basis of the delegation agreement between eu-LISA and group of Member States.
In addition to the main concerns identified above, the recommendations of the EDPS relate to the following aspects of the eu-LISA Proposal: (i) statistics generated by the system; (ii) internal monitoring; (iii) Information Security Risk Management; (iv) roles of the EDPS and the Data Protection Officer.
PURPOSE: to create an agency at European Union level responsible for the operational management and, where appropriate, the development of large-scale information systems within the area of freedom, security and justice (extending the mandate of eu-LISA).
PROPOSED ACT: Regulation of the European Parliament and of the Council.
ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.
BACKGROUND: the eu-LISA Agency - established by Regulation (EU) No 1077/2011 , amended in 2015 by Regulation (EU) No 603/2013 - currently manages the Visa Information System (VIS), second generation Schengen Information System (SIS II) and Eurodac (for the comparison of fingerprints).
The first evaluation of the Agency's work, carried out in 2015-2016 on the basis of an independent external evaluation , concluded that the eu-LISA agency effectively carried out the operational management of large-scale IT systems as well as the other tasks entrusted to it, but also that a number of amendments to its establishing Regulation were necessary.
In the light of this assessment, the Commission proposes to extend the mandate of the eu-LISA agency by entrusting it to:
provide technical solutions needed to ensure interoperability between large-scale IT systems; develop and manage the future large-scale IT systems of the EU.
The proposal follows on from the Commission Communication of 6 April 2016 entitled 'Stronger and smarter information systems for borders and security', the High Level Expert Group's final report of 11 May 2017 and in the Commission's Seventh progress report towards an effective and genuine Security Union of 16 May 2017.
IMPACT ASSESSMENT: the proposal is based to a large extent on the results and recommendations of the independent external evaluation report of the Agency’s work. No impact assessment was carried out since the evaluation concluded that the amendments are essentially technical in nature.
CONTENT: the aim of this proposal is to review the Regulation establishing the eu-LISA Agency in order to adapt it to the recommendations for legislative amendments stemming from the evaluation, as well as to improve the functioning of the Agency and enhance and strengthen its role to ensure that its mandate meets current challenges at EU level in the area of freedom, security and justice.
The tasks of the new eu-LISA agency would be as follows:
Ensuring the centralised operational management of EU information systems : subject to the adoption of legislative instruments proposed by the Commission, eu-LISA would also be responsible for the preparation, development and operational management of the Entry/Exit System ( EES ), DubliNet, the European Travel Authorisation System ( ETIAS ), the automated system for registration, monitoring and the allocation mechanism for applications for international protection and the ECRIS-TCN system. Developing the necessary actions to enable interoperability : the Agency shall be tasked with the development of a European Search Portal , a shared biometric matching service and a Common Identity Repository , subject to the adoption of the relevant legislative instrument on interoperability. Where relevant, any actions carried out on interoperability should have to be guided by the Commission Communication on the European interoperability framework – implementation strategy. Ensuring data quality : subject to the adoption of specific legislative amendments/proposals, the proposal entrusts the Agency with the task of setting up automated data quality control mechanisms and common data quality indicators, as well as developing a central repository for reporting and statistics. The purpose of such mechanisms would be to enable central systems to automatically identify apparently incorrect or inconsistent data submissions so that the originating Member State is able to verify the data and carry out any necessary remedial actions. Providing assistance to Member States and the Commission : the Agency may provide advice and/or assistance to the Commission on technical matters relating to existing or new systems, including through studies and testing. It could be responsible for developing, managing or hosting a common IT system by a group of at least six Member States voluntarily opting for a centralised solution.
The proposal also specifies the tasks to be entrusted to the Management Board and to the Executive Director , whose mandate may be extended for a period not exceeding five years, in accordance with the Common Approach on decentralised agencies.
BUDGETARY IMPLICATIONS: for the Agency to adequately address its new tasks, from 2018 to 2020 an amount of EUR 78.354 million will need to be added to the Agency's Union subsidy. This amount does not include the budget required for the new systems which is foreseen under the relevant legislative proposals nor that required for the proposals amending existing systems.
Documents
- Final act published in Official Journal: Regulation 2018/1726
- Final act published in Official Journal: OJ L 295 21.11.2018, p. 0099
- Draft final act: 00029/2018/LEX
- Commission response to text adopted in plenary: SP(2018)547
- Results of vote in Parliament: Results of vote in Parliament
- Decision by Parliament, 1st reading: T8-0310/2018
- Committee report tabled for plenary, 1st reading: A8-0404/2017
- Committee opinion: PE612.072
- Amendments tabled in committee: PE613.328
- Contribution: COM(2017)0352
- Contribution: COM(2017)0352
- Contribution: COM(2017)0352
- Document attached to the procedure: N8-0087/2017
- Document attached to the procedure: OJ C 386 16.11.2017, p. 0006
- Contribution: COM(2017)0352
- Committee draft report: PE610.908
- Legislative proposal published: COM(2017)0352
- Legislative proposal published: EUR-Lex
- Committee draft report: PE610.908
- Document attached to the procedure: N8-0087/2017 OJ C 386 16.11.2017, p. 0006
- Amendments tabled in committee: PE613.328
- Committee opinion: PE612.072
- Commission response to text adopted in plenary: SP(2018)547
- Draft final act: 00029/2018/LEX
- Contribution: COM(2017)0352
- Contribution: COM(2017)0352
- Contribution: COM(2017)0352
- Contribution: COM(2017)0352
Activities
History
(these mark the time of scraping, not the official date of the change)
docs/0 |
|
docs/4 |
|
docs/5 |
|
docs/6 |
|
docs/6 |
|
docs/6/docs/0/url |
/oeil/spdoc.do?i=30592&j=0&l=en
|
docs/7 |
|
docs/8 |
|
docs/8 |
|
docs/9 |
|
docs/9 |
|
docs/10 |
|
docs/11 |
|
events/0 |
|
links/Research document/url |
Old
http://www.europarl.europa.eu/thinktank/en/document.html?reference=EPRS_BRI(2018)614678New
https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2018)614678 |
procedure/instrument/1 |
Amending Decision 2007/533/JHA 2005/0103(CNS) Amending Regulation (EC) 1987/2006 2005/0106(COD) Repealing Regulation (EU) 1077/2011 2009/0089(COD) Amended by 2021/0391(COD)
|
procedure/instrument/1 |
Amending Decision 2007/533/JHA 2005/0103(CNS) Amending Regulation (EC) 1987/2006 2005/0106(COD) Repealing Regulation (EU) 1077/2011 2009/0089(COD)
|
committees/0/shadows/3 |
|
docs/0 |
|
docs/0 |
|
docs/1 |
|
docs/1 |
|
docs/1/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE610.908New
https://www.europarl.europa.eu/doceo/document/LIBE-PR-610908_EN.html |
docs/2 |
|
docs/2 |
|
docs/3 |
|
docs/3 |
|
docs/3/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE613.328New
https://www.europarl.europa.eu/doceo/document/LIBE-AM-613328_EN.html |
docs/4 |
|
docs/4/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE612.072&secondRef=02New
https://www.europarl.europa.eu/doceo/document/BUDG-AD-612072_EN.html |
events/0 |
|
events/0 |
|
events/0/type |
Old
Committee referral announced in Parliament, 1st reading/single readingNew
Committee referral announced in Parliament, 1st reading |
events/1 |
|
events/1 |
|
events/1/type |
Old
Vote in committee, 1st reading/single readingNew
Vote in committee, 1st reading |
events/2 |
|
events/3 |
|
events/4 |
|
events/4 |
|
events/5 |
|
events/6 |
|
events/7 |
|
procedure/Legislative priorities/0/title |
Old
Joint Declaration 2018New
Joint Declaration 2018-19 |
procedure/Notes |
|
docs/5/body |
EC
|
events/4/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A8-2017-0404&language=ENNew
http://www.europarl.europa.eu/doceo/document/A-8-2017-0404_EN.html |
events/6/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P8-TA-2018-0310New
http://www.europarl.europa.eu/doceo/document/TA-8-2018-0310_EN.html |
committees/0 |
|
committees/0 |
|
committees/1 |
|
committees/1 |
|
activities |
|
commission |
|
committees/0 |
|
committees/0 |
|
committees/1 |
|
committees/1 |
|
committees/2 |
|
committees/2 |
|
council |
|
docs |
|
events |
|
other |
|
procedure/Legislative priorities |
|
procedure/Notes |
|
procedure/dossier_of_the_committee |
Old
LIBE/8/10385New
|
procedure/final |
|
procedure/instrument |
Old
RegulationNew
|
procedure/legislative_priorities |
|
procedure/stage_reached |
Old
Provisional agreement between Parliament and Council on final actNew
Procedure completed |
procedure/subject |
Old
New
|
procedure/summary |
|
activities/2 |
|
activities/3 |
|
activities/4 |
|
activities/5 |
|
activities/6 |
|
links/Research document |
|
procedure/legal_basis/7 |
Old
Treaty on the Functioning of the EU TFEU 088-p2New
Treaty on the Functioning of the EU TFEU 88-p2 |
procedure/legislative_priorities |
|
procedure/stage_reached |
Old
Awaiting committee decisionNew
Provisional agreement between Parliament and Council on final act |
activities/0/commission/0 |
|
other/0 |
|
activities/0/docs/0/text |
|
activities/1 |
|
procedure/dossier_of_the_committee |
LIBE/8/10385
|
procedure/stage_reached |
Old
Preparatory phase in ParliamentNew
Awaiting committee decision |
committees/2/shadows/3 |
|
activities |
|
committees |
|
links |
|
other |
|
procedure |
|