PURPOSE: to establish a framework for interoperability between EU information systems (police and judicial cooperation, asylum and migration) and amend the legislation in force as a consequence.

LEGISLATIVE ACT: Regulation (EU) 2019/818 of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816.

CONTENT: the interoperability of EU information systems in the fields of justice and home affairs has been a priority at the highest political level in recent years.

In a resolution adopted on 6 July 2016, the European Parliament called for proposals to improve and develop existing EU information systems, address information gaps and move towards their interoperability, as well as proposals for compulsory information sharing at EU level, accompanied by the necessary data protection safeguards. In its conclusions of 23 June 2017, the European Council also stressed the need to improve the interoperability of databases.

Framework for the interoperability of EU information systems

This Regulation, together with the proposed Regulation on interoperability (police and judicial cooperation, asylum and migration), creates a framework to ensure interoperability between the entry/exit system ( EES ), the Visa Information System ( VIS ), the European Travel Information and Authorisation System ( ETIAS ), Eurodac , the Schengen Information System ( SIS ) and the European Criminal Records Information System for third-country nationals ( ECRIS-TCN ) so that these systems and their data supplement each other.

In addition, this Regulation:

- lays down provisions on data quality requirements, on a universal message format (UMF), on a central repository for reporting and statistics (CRRS) and on the responsibilities of the Member States and of the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice ( eu-LISA ), with respect to the design, development and operation of the interoperability components;

- adapts the procedures and conditions for the designated authorities and for the European Union Agency for Law Enforcement Cooperation (Europol) to access the EES, VIS, ETIAS and Eurodac for the purposes of the prevention, detection or investigation of terrorist offences or of other serious criminal offences;

- lays down a framework for verifying the identity of persons and for identifying persons.

Elements of the interoperability framework

The interoperability of information systems shall enable the systems to complement each other and shall contribute to facilitating the correct identification of individuals and to combating identity fraud. The interoperability elements put in place by the Regulation are as follows:

- the European search portal (ESP) is the component that would enable the simultaneous query of multiple systems (Central-SIS, Eurodac, VIS, the future EES, and the proposed ETIAS and ECRIS-TCN systems, as well as the relevant Interpol systems and Europol data) using identity data (both biographical and biometric);

- the shared biometric matching service (shared BMS) would enable the querying and comparison of biometric data (fingerprints and facial images) from several central systems (in particular, SIS, Eurodac, VIS, the future EES and the proposed ECRIS-TCN system);

- the common identity repository (CIR) would be the shared component for storing biographical and biometric identity data of third-country nationals;

- the multiple-identity detector (MID) would check whether the queried identity data exists in more than one of the systems connected to it.

Objectives

Interoperability shall improve the management of external borders by establishing seamless, simple and efficient access to EU information systems. By ensuring interoperability, the Regulation pursues the following objectives:

- improve the effectiveness and efficiency of border checks at external borders;

- contribute to the prevention and the combating of illegal immigration;

- contribute to a high level of security within the area of freedom, security and justice of the Union including the maintenance of public security and public policy and safeguarding security in the territories of the Member States;

- improve the implementation of the common visa policy;

- assist in the examination of applications for international protection;

- contribute to the prevention, detection and investigation of terrorist offences and of other serious criminal offences;

- facilitate the identification of unknown persons who are unable to identify themselves or unidentified human remains in case of a natural disaster, accident or terrorist attack.

Non-discrimination and fundamental rights

The processing of personal data for the purposes of the Regulation shall not give rise to any discrimination against individuals. It must fully respect human dignity, the integrity of individuals and fundamental rights, including the right to privacy and the right to the protection of personal data. Particular attention will be paid to children, the elderly, people with disabilities and people in need of international protection. The best interests of the child shall be a primary consideration.

The Regulation provides for the provision of an online portal to facilitate the exercise by data subjects of their rights of access to their personal data and their rights to rectify, erase and limit the processing of such data. The implementation and management of the portal should be the responsibility of eu-LISA.

ENTRY INTO FORCE: 11.6.2019.

The European Parliament adopted by 510 votes to 130, with 9 abstentions, a legislative resolution on the amended proposal for a regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (police and judicial cooperation, asylum and migration) and amending Regulation (EU) 2018/XX [the Eurodac Regulation], Regulation (EU) 2018/XX [the Regulation on SIS in the field of law enforcement], Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] and Regulation (EU) 2018/XX [the eu-LISA Regulation].

The European Parliament's position adopted at first reading under the ordinary legislative procedure amended the Commission's proposal as follows:

Framework for the interoperability of EU information systems

The proposed Regulation, in conjunction with the Regulation of the European Parliament and of the Council on borders and visas, shall establish a framework to ensure interoperability between the entry/exit system (EES), the visa information system (VIS), the European Travel Information and Authorisation System (ETIAS), Eurodac, the Schengen Information System (SIS) and the European Criminal Records Information System for third-country nationals (ECRIS-TCN). It would also establish a framework for verifying the identity of individuals and identifying individuals.

This framework shall include the following interoperability components: (i) a European search portal (ESP); (ii) a shared biometric matching service (shared BMS); (iii) a common identity repository (CIR); (iv) a multiple-identity detector (MID).

Objectives

Interoperability shall improve the management of external borders by establishing rapid, simple and efficient access to EU information systems. According to the amended text, this Regulation has the following objectives:

- to improve the effectiveness and efficiency of border checks at external borders;

- to contribute to the prevention and the combating of illegal immigration;

- to contribute to a high level of security within the area of freedom, security and justice of the Union including the maintenance of public security and public policy and safeguarding security in the territories of the Member States;

- to contribute to the prevention, detection and investigation of terrorist offences and of other serious criminal offences;

- to facilitate the identification of unknown persons who are unable to identify themselves or unidentified human remains in case of a natural disaster, accident or terrorist attack.

Non-discrimination and fundamental rights

Processing of personal data for the purposes of this Regulation shall not result in discrimination against persons on any grounds. It shall fully respect human dignity and integrity and fundamental rights, including the right to respect for one’s private life and to the protection of personal data. Particular attention shall be paid to children, the elderly, persons with a disability and persons in need of international protection. The best interests of the child shall be a primary consideration.

Access to the European Search Portal (ESP)

The use of the ESP shall be reserved to the Member State authorities and Union agencies having access to at least one of the EU information systems in accordance with the legal instruments governing those EU information systems. Those Member State authorities and Union agencies may make use of the ESP and the data provided by it only for the objectives and purposes laid down in the legal instruments governing those EU information systems.

The ESP shall provide no information regarding data in EU information systems, Europol data and the Interpol databases to which the user has no access under the applicable Union and national law.

Any queries of the Interpol databases launched via the ESP shall be performed in such a way that no information shall be revealed to the owner of the Interpol alert.

Access to the common identity data repository (CIR) for identification

Under the amended text, queries of the CIR shall be carried out by a police authority only in the following circumstances:

- where a police authority is unable to identify a person due to the lack of a travel document or another credible document proving that person’s identity;

- where there are doubts about the identity data provided by a person and to the authenticity of the travel document or another credible document provided by a person;

- where a person is unable or refuses to cooperate.

Such queries shall not be allowed against minors under the age of 12 years old, unless in the best interests of the child.

Terrorist offences

In specific cases, where there are reasonable grounds to believe that searching EU information systems will contribute to the prevention or detection of terrorist offences or other serious criminal offences, designated authorities and Europol could consult the CIR to determine whether data on a particular person are stored in the EES, VIS or ETIAS.

In this context, a reply from the CIR should not be interpreted or used as a ground or reason to draw conclusions on or undertake measures in respect of a person, but should be used only for the purpose of submitting an access request to the underlying EU information systems, subject to the conditions and procedures laid down in the respective legal instruments governing such access.

As a general rule, where a match-flag indicates that the data are recorded in the EES, VIS, ETIAS or Eurodac, the designated authorities or Europol should request full access to at least one of the EU information systems concerned. Where exceptionally such full access is not requested, for example because designated authorities or Europol have already obtained the data by other means, or obtaining the data is no longer permitted under national law, the justification for not requesting access should be recorded. Europol shall record the justification in the relevant file.

Results of multiple identity detection

The MID should create and store links between data in the different EU information systems in order to detect multiple identities, with the dual purpose of facilitating identity checks for bona fide travellers and combating identity fraud. These links will be classified into four categories: white, yellow, green and red.

In order to facilitate the implementation of the necessary safeguards in accordance with applicable Union data protection rules, individuals who are subject to a red link or a white link following manual verification of different identities should be informed in writing without prejudice to limitations to protect security and public order, prevent crime and guarantee that national investigations are not jeopardised. Those individuals should receive a single identification number allowing them to identify the authority to which they should address themselves to exercise their rights.

Where a yellow link is created, the authority responsible for the manual verification of different identities should have access to the MID. Where a red link exists, Member State authorities and Union agencies having access to at least one EU information system included in the CIR or to SIS should have access to the MID. A red link should indicate that a person is using different identities in an unjustified manner or that a person is using somebody else’s identity.

Web portal

As the interoperability components will involve the processing of significant amounts of sensitive personal data, persons whose data are processed by these elements should be able to effectively exercise their rights as data subjects. To this end, the amended text provides for the provision of a web portal to facilitate the exercise by data subjects of their rights of access to their personal data and their rights to rectify, delete and limit the processing of such data. The implementation and management of the portal should be the responsibility of eu-LISA.

The Regulation also contains clear provisions on liability and the right to compensation in the event of unlawful processing of personal data or in the event of any other act incompatible with the Regulation.

The Committee on Civil Liberties, Justice and Home Affairs adopted the report by Nuno MELO (EPP, PT) on the amended proposal for a regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (police and judicial cooperation, asylum and migration) and amending Regulation (EU) 2018/XX [the Eurodac Regulation], Regulation (EU) 2018/XX [the Regulation on SIS in the field of law enforcement], Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] and Regulation (EU) 2018/XX [the eu-LISA Regulation].

The proposal Regulation establishes four interoperability components of EU information systems (police and judicial cooperation, asylum and migration): (i) the European Search Portal (ESP); (ii) the shared Biometric Matching Service (Shared BMS); (iii) the Common Identity Repository (CIR); (iv) and the Multiple Identity Detector (MID).

T he systems covered would include the entry/exit system (EES), the visa information system (VIS), [the European Travel Information and Authorisation System (ETIAS)], Eurodac, the Schengen Information System (SIS) and the [European Criminal Records Information System for third-country nationals (ECRIS-TCN)].

The proposal lays down provisions on the objectives of the interoperability components, their technical architecture, rules regarding the use of the components, the storing of logs, the quality of the data, rules regarding data protection, supervision and responsibilities of the various agencies and the Member States.

The committee recommended that the European Parliament's position adopted at first reading under the ordinary legislative procedure should amend the Commission's proposal as follows.

Objectives : the establishment of interoperability should improve the management of the external borders by establishing fast, simple and efficient access to EU information systems . Its main elements should:

enhance the effectiveness and efficiency of border checks at the external borders; contribute to preventing and tackling irregular migration ; contribute to the prevention, detection and investigation of terrorist offences or of other serious criminal offences; aid in the identification of unknown persons who are unable to identify themselves or unidentified human remains in cases of natural disasters, accidents or terrorist attacks.

These objectives should be achieved:

by facilitating the correct identification of third-country nationals registered in the Union information systems; by improving the data quality and harmonising the quality requirements for the data stored in the Union information systems while respecting the data processing requirements of the legal bases of the individual systems, data protection standards and principles; by improving judicial cooperation within the area of freedom, security and justice.

The eu-LISA Agency should develop and manage all interoperability components in such a way as to ensure fast, seamless, efficient, controlled access, their full availability and a response time in line with the operational needs of the Member Sates’ authorities.

Data protection : Members ensured that adequate safeguards are in place to protect fundamental rights and access to data by calling for all EU data protection rules to be applicable to all information systems .

Processing of personal data for the purposes of this Regulation should not result in discrimination against persons on any grounds such as sex, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age or sexual orientation. Particular attention shall be paid to children, the elderly and persons with a disability and persons in need of international protection . The best interests of the child shall be a primary consideration.

Auxiliary systems : in order to ensure rapid and continuous use of all relevant EU information systems, Members proposed that a central Union backup ESP should be established in order to provide all the functionalities of the principal ESP and a similar level of performance as it in the event of its failure. However, the national connection to the different relevant Union information systems should remain in order to provide a technical fall back.

Identification of persons : changes have been made so that the identity of a person is first established on the basis of the identity or travel document, following the rules and procedures provided for in national law, before it is possible to launch a search in the CIR using the biometric data of the person concerned.

The CIR could only be consulted for the purpose of identifying a person if the person concerned is physically present during the check.

Members also believe that there should be no strict obligation for border guards to carry out a second line check when the search carried out in the multiple identity detector (MID) through the European search portal (ESP) gives a yellow link or detects a red link. Such a decision should be left to the border guards as they are trained to detect identity fraud.

Access rights : Members specified that a hit-flag should reveal only personal data of the concerned individual other than an indication that some of his or her data are stored in one of the systems, provided the authority making the search has access to that system. No adverse decision for the concerned individual should be made by the authorised end-user solely on the basis of the simple occurrence of a hit-flag, and the hit-flag should be used by the relevant authorities only for the purpose of deciding which database to query.

It is necessary to provide for a transitional period which should entail, inter alia , training programmes for end users so as to ensure that the new instruments operate to their full potential.

Evaluation : amendments have been introduced to strengthen the ability of the European Commission, the Council and the European Parliament to monitor and evaluate the functioning of this proposal, further amendments have been made to this article. Especially, with regard to the use of the CIR for the purposes of identification, for the purposes of law enforcement and the use of the Interpol database through the ESP.

PROPOSED ACT: Regulation of the European Parliament and of the Council.

ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.

BACKGROUND: this proposal seeks to amend the proposal submitted by the Commission in December 2017 for a Regulation of the European Parliament and of the Council establishing a framework for the interoperability between EU information systems (police and judicial cooperation, asylum and migration) ( see the summary of the initial proposal dated 12.12.2017 ).

This proposal also seeks to amend the original proposal only insofar as it presents the further necessary amendments to other legal instruments that are required under the interoperability proposal. These amendments were identified as necessary in the original proposal but, because of ongoing negotiations between co-legislators on some of the systems concerned, it was not possible to include the necessary amendments in the original proposal.

CONTENT: the proposed Regulation, together with the proposed Regulation on interoperability (police and judicial cooperation, asylum and migration), creates a framework to ensure interoperability between the entry/exit system ( EES ), the Visa Information System ( VIS ), the European Travel Information and Authorisation System ( ETIAS ), Eurodac , the Schengen Information System ( SIS ) and the European Criminal Records Information System for third-country nationals ( ECRIS-TCN ) so that these systems and their data supplement each other.

Elements of the interoperability framework : the framework shall consist of the following elements of interoperability:

the European search portal (ESP) is the component that would enable the simultaneous query of multiple systems (Central-SIS, Eurodac, VIS, the future EES, and the proposed ETIAS and ECRIS-TCN systems, as well as the relevant Interpol systems and Europol data) using identity data (both biographical and biometric); the shared biometric matching service (shared BMS) would enable the querying and comparison of biometric data (fingerprints and facial images) from several central systems (in particular, SIS, Eurodac, VIS, the future EES and the proposed ECRIS-TCN system); the common identity repository (CIR) would be the shared component for storing biographical and biometric identity data of third-country nationals; the multiple-identity detector (MID) would check whether the queried identity data exists in more than one of the systems connected to it.

Objectives : the proposed Regulation:

lays down provisions on data quality requirements , on a Universal Message Format (UMF), on a central repository for reporting and statistics (CRRS); lays down the responsibilities of the Member States and of the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice ( eu-LISA ), with respect to the design and operation of the interoperability components; lays down the procedures and conditions for Member State law enforcement authorities and for the European Union Agency for Law Enforcement Cooperation (Europol) access to the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS),] and Eurodac for the purposes of the prevention, detection and investigation of terrorist offences or of other serious criminal offences falling under their competence.

By ensuring interoperability, the proposal shall have the following objectives:

to improve the management of the external borders; to contribute to preventing and combating irregular migration; to contribute to a high level of security within the area of freedom, security and justice of the Union including the maintenance of public security and public policy and safeguarding the security in the territories of the Member States; to improve the implementation of the common visa policy; and to assist in examining application for international protection.

Scope : the proposed Regulation applies to Eurodac , the Schengen Information System ( SIS ) and [the European Criminal Records Information System for third-country nationals ( ECRIS-TCN ). It also applies to the Europol data to the extent of enabling querying it simultaneously to the EU information systems and to persons in respect of whom personal data may be processed in the EU information systems and in the Europol data.

Consequences for other legal instruments : the proposal includes detailed provisions for the necessary changes to the draft legal instruments that are currently stable texts as provisionally agreed by the co-legislators: the proposed Regulations on ETIAS, on SIS in the field of border checks, and on eu-LISA . It is also proposed to make the necessary changes to the text as it stood on 31 May 2018 for ECRIS-TCN.

However, the two amending proposals on interoperability do not include the amendments relating to Eurodac , the EU asylum and irregular migration database, given that discussions have not yet been concluded on the May 2016 legislative proposal to strengthen Eurodac. Once the co-legislators reach agreement on the legislative proposal to strengthen Eurodac, or have achieved sufficient progress, the Commission will present the related amendments to the interoperability proposals within two weeks.

BUDGETARY IMPLICATIONS: the proposed amendments necessitated an update of the legislative financial statement accordingly.

The total budget required over nine years (2019-2027) is estimated at EUR 461.0 million , which includes the following elements:

EUR 261.3 million for eu-LISA . A specific budget of EUR 36.3 million covers the cost of upgrading the network and the central SIS (Schengen Information System) for the estimated increase of searches that is likely to occur as a result of interoperability;

EUR 136.3 million to enable Member States to cover the changes to their national systems in order to use the interoperability components; EUR 48.9 million for Europol to cover the upgrade of Europol's IT systems; EUR 4.8 million for the European Border and Coast Guard Agency for hosting a team of specialists who during one year will validate the links between identities at the moment the multiple-identity detector goes live; EUR 2.0 million for European Union Agency for Law Enforcement Training (CEPOL) to cover the preparation and delivery of training to operational staff; a provision of EUR 7.7 million for DG HOME.

Opinion of the European Data Protection Supervisor on the Proposals for two Regulations establishing a framework for interoperability between EU large-scale information systems.

In December 2017, the Commission published two legislative proposals for two Regulations establishing a framework for interoperability between EU large-scale information systems :

a Regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (borders and visa) ; a Regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (police, and judicial cooperation, asylum and migration).

The proposals would introduce new possibilities to access and use the data stored in the various systems in order to combat identity fraud, facilitate identity checks, as well as streamline access to non-law information systems by law enforcement authorities.

In particular, the proposals create a new centralised database that would contain information about millions of third-country nationals, including their biometric data . Due to its scale and the nature of the data to be stored in this database, the consequences of any data breach could seriously harm a potentially very large number of individuals. If such information ever falls into the wrong hands, the database could become a dangerous tool against fundamental rights. It is therefore essential to build strong legal, technical and organisational safeguards .

In this context, the EDPS stresses the importance of:

further clarifying the extent of the problem of identity fraud among third-country nationals, in order to ensure that the proposed measure is appropriate and proportionate ; formulating more precisely the possibility of consulting the centralised database to facilitate identity checks on the territory of the Member States; putting in place effective safeguards to protect the fundamental rights of third-country nationals in so far as systematic access to law enforcement systems could represent a serious breach of the purpose limitation principle.

More specifically, the EDPS makes the following recommendations:

three of the six EU information systems the proposals seek to interconnect do not exist at the moment (the European Travel Information and Authorisation System ETIAS, the European Criminal Records Information System for third country nationals ECRIS-TCN and the EES entry/exit system), two are currently under revision (SIS and Eurodac) and one is to be revised later this year (VIS): the EDPS recalls the importance to ensure consistency between the legal texts already under negotiation (or upcoming) and the proposals in order to ensure a unified legal, organisational and technical environment for all data processing activities within the Union; access to the data to identify a person during an identity check would be allowed: (i) in principle, in the presence of the person and, where he or she is unable to cooperate and does not have document establishing his/her identity or, (ii) refuses to cooperate or, (iii) where there are justified or well-founded grounds to believe that documents presented are false or that the person is not telling the truth about his/her identity; access to the common repository of identity data to establish the identity of a third country national for purposes of ensuring a high level of security should only be allowed where access for the same purposes to similar national databases (e.g. register of nationals/residents etc.) exist and under the same conditions; the proposal should specify the conditions related to the existence of reasonable grounds, the carrying out of a prior search in national databases and the launching of a query of the automated fingerprint identification system of the other Member States under Decision 2008/615/JHA, prior to any search in the common repository for identity; the compliance with the conditions of access to even limited information such as a hit/no hit should always be verified, independently of further access to the data stored in the system that triggered the hit; ensure in the proposals that the data stored in the ECRIS- TCN could be accessed and used solely for the purposes of the ECRIS TCN as defined in its legal instrument; the fundamental data protection principles should be taken into account during all stages of the implementation of the proposals. The obligation for eu-LISA and the Member States to follow the principles of data protection by design and by default should also be included in the proposals.

The EDPS has additional recommendations related to the following aspects of the proposals: (i) the functionality of the European search portal (‘ESP’), the shared biometric matching service (‘shared BMS’), the common identity repository (‘CIR’) and, the multiple identity detector (‘MID’); (ii) the data retention periods in the CIR and the MID; (iii) the division of roles and responsibility between eu-LISA and the Member States; (iv) the data subjects' rights; (v) the access by eu-LISA staff.

Lastly, the EDPS calls for a wider debate on the future of the EU information exchange, their governance and the ways to safeguard fundamental rights in this context.

PURPOSE: to establish a framework for interoperability between EU information systems (police and judicial cooperation, asylum and migration).

PROPOSED ACT: Regulation of the European Parliament and of the Council.

ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.

BACKGROUND: the importance of overcoming the current shortcomings in data management and of improving the interoperability of existing information systems has been stressed on many occasions. Recent terrorist attacks have brought this into even greater focus, highlighting the urgent need for information systems to be interoperable, and to eliminate the current blind spots where terrorist suspects can be recorded in different, unconnected databases under different aliases.

Currently, various information systems at EU level (the Schengen Information System ( SIS ), the Eurodac system with fingerprint data of asylum applicants and third-country nationals who have crossed the external borders irregularly or who are illegally staying in a Member State; and the Visa Information System ( VIS ) with data on short-stay visas) are currently not interoperable — that is, able to exchange data and share information so that authorities and competent officials have the information they need, when and where they need it. This risks pieces of information slipping through the net and terrorists and criminals escaping detection by using multiple or fraudulent identities, endangering the EU's internal security and making border and migration management more challenging.

In addition to these existing systems, the Commission proposed in 2016-2017 three new centralised EU information systems:

the Entry/Exit System ( EES ); the proposed European Travel Information and Authorisation System ( ETIAS ); the proposed European Criminal Record Information System for third-country nationals ( ECRIS -TCN system).

These six systems are complementary and — with the exception of the Schengen Information System (SIS) — exclusively focused on third-country nationals.

By simultaneously cross-checking information in different databases and streamlining access by law enforcement, the new tools will quickly alert border guards or police if a person is using multiple or fraudulent identities.

This proposal is presented in combination with its sister proposal .

CONTENT: the specific objectives of this proposal are to:

ensure that end-users, particularly border guards, law enforcement officers, immigration officials and judicial authorities have fast, seamless, systematic and controlled access to the information that they need to perform their tasks; provide a solution to detect multiple identities linked to the same set of biometric data, with the dual purpose of ensuring the correct identification of bona fide persons and combating identity fraud ; facilitate identity checks of third-country nationals , on the territory of a Member State, by police authorities; and facilitate and streamline access by law enforcement authorities to non-law enforcement information systems at EU level, where necessary for the prevention, investigation, detection or prosecution of serious crime and terrorism.

Scope : the proposal concerns EU information systems for centrally managed security, borders and migration management, i.e. the three systems that already exist (the Schengen Information System ( SIS ) ), the Eurodac system and the Visa Information System ( VIS ) and the three systems proposed in 2016-2017 ( EES, ETIAS and ECRIS-TCN ).

The scope also includes Interpol’s Stolen and Lost Travel Documents ( SLTD ) database, which pursuant to the provisions of the Schengen Borders Code is systematically queried at the EU’s external borders, and Interpol's Travel Documents Associated with Notices ( TDAWN ) database.

In order to achieve the objectives of this proposal, four interoperability components need to be established:

European search portal – ESP; Shared biometric matching service - shared BMS; Common identity repository – CIR; Multiple-identity detector - MID.

In addition to the above components, this draft Regulation also includes the proposal to:

establish a central repository for reporting and statistics (CRRS) to enable the creation and sharing of reports with (anonymous) statistical data for policy, operational and data quality purposes; establish the Universal Message Format (UMF) as the standard that would be used at EU level to orchestrate interactions between multiple systems in an interoperable way, including the systems developed and managed by eu-LISA; introduce the concepts of automated data quality control mechanisms and common quality indicators , and the need for Member States to ensure the highest level of data quality.

BUDGETARY IMPLICATIONS: the total budget required over nine years (2019-2027) amounts to EUR 424.7 million.