• Key words: signalisation, SIS II, data protection in personal matter, Common Controlling Authority, SIRENE.

• Related cards: Police Cooperation, Customs Cooperation, Border Control.
• Link to the SCOREBOARD of the European Commission.
• Link to SCAD +
  • Schengen Area. (Free movement of Persons, Asylum and immigration)

• INTRODUCTION: The Schengen Information System is a shared database that uses a computerised system to place alerts concerning persons or property at the disposal of the authorities of each Member State. Information on more than ten million individuals is registered in the system. The SIS operates efficiently through an inquiry response time of only a few seconds.
  It has been in operation since 26 March 1995, which was when the Convention Applying the Schengen Agreement came into force. In the context of Union enlargement, a second generation SIS (known as SIS II) is being developped. It must be up and running by 2007.
  The European Commission recommends synergy between SIS II and the future Visa Information System. (VIS)
  The European Parliament takes issue with a complex and opaque system.

• Relevant legal texts:
• • Council Regulation 2424/2001/EC, of 6 December 2001, on the development of the second generation Schengen Information System. (SIS II) (OJEU L 328 of 13.12.2001, p. 4)
  • Council Decision 2001/886/JHA, of 6 December 2001, on the development of the second generation Schengen Information System. (SIS II) (OJEU L 328 of 13.12.2001, p. 1)
  • Council Regulation 871/2004/EC, of 29 April 2004, concerning the introduction of some new functions for the Schengen Information System, including in the fight against terrorism. (OJEU of 30.4.2004, p. 29)
  • Council Decision 2005/211/JHA, of 24 February 2005 concerning the introduction of some new functions for the Schengen Information System, including in the fight against terrorism. (OJEU L 68 of 15.3.2005, p. 44)
• Main European Parliament Resolutions:
  • Resolution of 23 October 2001, on Initiative of the Kingdom of Belgium and of the Kingdom of Sweden with a view to the adoption of a Council regulation and a decision on the development of the second generation Schengen information system. (von BOETTICHER report)
  • Resolution of 3 December 2002, on the initiative of the Kingdom of Spain with a view to adopting a Council Decision concerning the introduction of some new functions for the Schengen Information System, in particular in the fight against terrorism and on the initiative of the Kingdom of Spain with a view to adopting a Council Regulation concerning the introduction of some new functions for the Schengen Information System, in particular in the fight against terrorism. (COELHO report adopted in the Resolution)
  • Recommendation of 20 November 2003, to the Council on the second-generation Schengen information system (SIS II) (COELHO report)

The Schengen Information System (SIS) is a computer system used in the framework of implementing the Schengen area. It is one of the countervailing measures intended to ensure a level of protection that at least equals the previous level. In fact, one of the conditions for applying the Agreement signed 14 June 1985 was that the abolition of the internal frontiers should not endanger the security of the Member Sates. It is legally funded on the Convention of 19 June 1990. The SIS is the backbone of the Schengen mechanism. For this reason, the States waited until it was operating effectively before abolishing border controls.

SIS has a twofold objective:

• to safeguard law and order;
• to contribute to the implementation of provisions on the free movement of persons.

The management of migratory flows is another goal of the Schengen Information System, although it is not explicitly mentioned in the Convention. This function has taken on growing importance in the wake of Member States' adoption of the Comprehensive Plan to combat illegal immigration and trafficking in human beings on 28 February 2002 and of the Action Plan for the management of external borders on 13 June 2002.

The SIS was integrated as an element of the Schengen acquis within the framework of the European Union on 1 May 1999. Because there is no agreement regarding its legal basis, the system temporarily rests on the provisions of the third pillar by virtue of a protocol to the Amsterdam Treaty. Seven States took part in launching it. It has been progressively extended to other countries as the Schengen area has grown. Currently, it is in effect in 13 Member States, and in Norway and Iceland. It will soon be implemented in the United Kingdom and Ireland.

Originally conceived to allow the integration of a maximum of 18 States, the need to include applicant countries, along with the increasing obsolescence of the system, prompted the States to launch a technical study with the goal of defining the architecture and the technical characteristics of a second-generation system, called the SIS II.
The Council approved the principle of community financing and entrusted the Commission with the management of the project. In a Communication dated 26 April 2004 reviewing the latest developments on SIS II, the Commission announced that the system was set to be up and running by March 2007.
The Council passed a Regulation on 29 April 2004 and a Decision on 24 February 2005, both aimed at adapting the Convention's provisions to provide the system with certain functions that are workable in its existing version.

On 11 June 2002, the Spanish Presidency at once presented two texts whose objective was to adapt the provisions of the Convention to give the system certain functions achievable within the framework of the current version.

An invitation to tender for SIS II was issued in August 2003 and development of the system is expected to get under way in January 2005. In a communication of 11 December 2003, the Commission estimates the cost of development, based on the results of the feasibility study, at 28 million euro. The real cost will depend on the choice of the system architecture.
It suggests that operational management or day-to-day running of the system be entrusted to an executive agency. It recommends placing a Steering Committee in charge of strategic aspects. Members of that committee, which would form an integral part of the agency, would be appointed by the Commission.
The communication also recommends synergy between SIS II and the future Visa Information System (VIS) particularly through the development of a shared technical platform and, where appropriate, joint technical services.
The Council gave its verdict on the future location of SIS II. Its Conclusions of 29 April 2004 state that France remains provisionally responsible for its operational management. The definitive location will be Salzburg, Austria.

The SIS has a shared database characterised by a specific architecture. (1.) It is a well-regulated system: access to it is safeguarded, the categories of alert that can be integrated are limited, and the legislation regarding its consultation procedure is very complex and very strict. In addition, the States have set up an entity called the "Joint Supervisory Body", which is responsible for ensuring proper application of the texts related to the protection of the information. (2.)

1. The SIS Architecture

The SIS is an interconnection of national files accumulating shared data, which is provided and consulted by the authorities of the various Member States. In fact, although the system is European, the information is still national.
The States are the only ones who decide whether it is appropriate to enter information into an alert base. Moreover, to date there are no guidelines governing selection of these entries.
Following negotiations, the States opted for a "radial" system. The C-SIS constitutes the hub and the N-SIS the spokes of the wheel. There is one N-CIS per State.
The C-SIS, which was installed in Strasburg (France), represents its central core. It is the technical support for the system. Its role is not to store information but rather to serve as intermediary in the exchange of information.

The N-SIS can exchange information needed for the proper working of the SIS, using a permanent physical structure available 24 hours a day, without having to go through the central system. These structures, the SIRENE Offices (Supplementary Information Request at the National Entry), make up the system's human interface.
In essence, their mission include:

• receiving and transmitting additional data needed for the computer data provided by the SIS, and
• assisting SIS users.

The SIRENE offices are connected to each other through a protected telecommunication system: the SISNET, which has been operating since 2001.
Communications between SIRENE Offices primarily take place by telephone. Written messages are of two types: free text and standard forms. The forms are supplemental data sheets exchanged by SIRENE Offices. Each has a different letter corresponding to a particular type of information.
Rules for exchanges of information between SIRENE Offices are set out in detail in the SIRENE Manual. This manual, most of which was declassified on 14 October 2002, is a set of instructions for operators in the SIRENE Offices in the different Member States.

2. A Well-regulated System

The Convention authorises only those national authorities with jurisdiction for carrying out border surveillance and identity checks on national territory to consult the SIS. Visa services also have access to the SIS, but only with regard to alerts for third-country nationals barred from entering the national territory. Europol, Eurojust, authorities issuing residence permits and those charged with asylum matters may also consult the system. A Regulation currently undergoing adoption makes provision for extending the right of consultation to vehicle registration authorities.

The Convention authorises entering data only under certain groups of alerts that can be further classified into two categories: persons and property.

As regards the category of persons, the Convention refers to:

• individuals wanted for extradition.
• persons against whom a European Arrest Warrant has been issued may be the object of an alert,
• third-country nationals declared ineligible to enter national territory. Persons not in a lawful position as well as those who represent a threat to public order are included in this category. Alerts issue on this basis account for 90% of the persons registered in this category.
• individuals who have disappeared, particularly minors who have either run away or have been abducted.
• individuals who must be monitored discreetly and controlled specifically. The Spanish proposal suggests the possibility of introducing data on escapees.

The Convention limits the type of information that can be entered in the SIS. Data can include civil status, distinguishing marks and possibly the notation that the person is armed, violent or an escapee. Information may not include race, political opinions, religion, state of health or sexual preferences.

For objects, the Convention mentions that vehicles, firearms, identification papers, and stolen or lost banknotes may be listed in the SIS. The Decision of 24 February 2005 adds to the list boats and aircraft, containers, residence permits, vehicle registration papers and payment means.

The limits on the use of the SIS are very rigorous.
If a consultation discloses an alert for an object or person, the user first executes the instructions that appear on the screen. All alerts stored in the SIS are accompanied by an "action to be taken" that must be carried out immediately by any State party to the Convention. The only existing reservation to this execution is the insertion of the validity indicator. This indicator is entered by the State if the conduct does not comply with juridical rules. The authority then contacts the national SIRENE office to obtain additional information. The Office then contacts the authority to agree on the necessary measures.

The operation of the SIS necessarily presupposes the creation of a body responsible for monitoring proper application of the Convention's rules regarding personal information. To do this, the originators conceived of setting up a Joint Supervisory Board (JSB). The JSB is made up of two representatives of each of the Member State National Supervisory Boards (NSB) and has the task of ensuring that SIS operators abide by the data protection rules contained in:

• the Convention implementing the Schengen Agreement;
• the Council of Europe Convention of 28 January 1981, for the protection of Individuals with regard to automatic processing of personal data;
• Recommendation R (87) 15 of the Council of Europe Committee of Ministers of 17 September 1987, regulating the use of personal data in the police sector.

In spite of repeated efforts by the European Parliament, the Council has not set up a joint supervisory body with information systems based on the third pillar. It has limited its action to the adoption, on 17 October 2000, of a decision creating a Secretariat for the Joint Supervisory Data Protection Boards in charge of the SIS, the Europol Information System and the Customs Information System (CIS, third pillar).

Each State is to make the latter responsible for monitoring the file of the national division of the SIS. (N-SIS) The JSB cooperates closely with these. It falls to the NSBs to ensure that the rules in the Convention related to the protection of the data as well as those that are added, as necessary, by national law are respected. The JSBs are responsible for monitoring the operation of the technical support.To carry out its missions, the JSB may visit the sites and have access to all relevant documents.

Although there are some technical problems inherent in the use of a network as extensive as the SIS, it functions satisfactorily. It is true that as many problems have appeared at the level of the system's security against possible intrusions as they have at the level of protection of data, but these have been resolved or are being regulated.

The question of the legal basis of the SIS is still in abeyance. The alerts related to third-country nationals who have been declared ineligible relate to the first pillar while the other forms of alert, such as those regarding wanted persons, are based on the third pillar. Because there was no agreement between them, the States decided when the Schengen acquis was integrated into Union Law to base temporarily the SIS on the provisions of the third pillar.
The question is again raised for SIS II. Is it necessary to opt for a system that rests only on the third pillar or that rests on a combined basis (first and third pillars)?
In its Communication of 18 December 2001, the Commission called for a double legal basis.
With their adoption on 6 December 2001 of measures for the development of SIS II, the Member States approved two complementary acts: one based on the EC Treaty and the other on the EU Treaty.
The European Parliament regrets this situation, which is an unnecessary source of legal complication, and has called for the abolition of the third-pillar legal basis.

At a hearing on 8 October 2003, several Members of the EP voiced concerns over the lack of openness of the SIS. The rapporteur for the different proposals related to modernisation of the system, C. COELHO, noted that it is "extremely opaque and hard to understand, even for experts" and "absolutely incomprehensible to citizens". Following that hearing, Parliament adopted a Resolution (COELHO report) on 20 November 2003 calling for the public to be better informed on the SIS.
It also requested:

• an annual assessment of operational use, effectiveness and respect for fundamental rights;
• appointment of a European agency charged with the strategic management of the SIS;
• a detailed study on the technical possibility of merging existing or future data bases (SIS II, Europol, VIS, Eurojust) to obtain a single technical platform for a "Union information system."