Legal provisions of COM(2024)293 - - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2024)293 - . |
|---|---|
| document | COM(2024)293 |
| date | July 11, 2024 |
1. Introduction
The Regulations1 establishing the framework for interoperability entered into force on 11 June 2019 laying out the legal provisions on the development, data handling and monitoring of the European Search Portal (ESP), the shared Biometric Matching Service (sBMS), the Common Identity Repository (CIR), the Multiple-Identity Detector (MID) and the Central Repository for Reporting and Statistics (CRRS). Interoperability brings economy of scale and efficiency advantages to the EU IT-architecture in the field of migration, borders and security and, through the interconnection of its databases, establishes new features without the need to collect more data. These features include enhanced detection of identity fraud, new means to identify third-country nationals without proper identification documents and a fast and efficient way to cross-check the systems to prevent, detect or investigate terrorist or other serious crime offences. The interoperability of EU information systems also puts in place data quality control mechanisms to prevent, detect and address data quality issues, facilitating the Union’s exercise of its positive obligation under data protection law to ensure that data inserted in the systems is accurate and up to date.
The Regulations mandate the Commission, in cooperation with the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), to monitor and evaluate the state of implementation. In line with these requirements, the Commission submits annual reports to the European Parliament and to the Council on the state of play of preparations for the full implementation of the Regulations. This 4th report covers the period between October 2022 and November 2023.
The implementation of the Regulations depends on the proper implementation of the underlying systems that are part of the interoperability framework. Although, the delayed delivery of the Entry/Exit System (EES) at central level by eu-LISA’s contractor remains a risk factor for the proper implementation of the Regulations, remedial action by eu-LISA is bearing fruit. The Agency’s action allowed for the continuation of work with the existing contractor and managed to unlock the project’s implementation problems. The successful release of the EES minimum viable product2 is a decisive step towards the the EES going live. Furthermore, the Justice and Home Affairs Council of October 2023 approved the new waves approach roadmap, allowing the EU information systems and interoperability components to enter into operation in a series of four consecutive waves (first wave second half 2024, second wave first half 2025, third wave mid 2025 and fourth wave end 2026). The waves approach creates much needed clarity for all stakeholders on the way forward for the upcoming years.
In the meantime, work on the implementation of the Regulations continues to progress across Member States, Schengen Associated Countries and EU agencies. As the interoperability project requires all stakeholders to work in a coordinated manner to avoid delays in one Member State affecting all, the Commission closely monitors and supports each Member State’s readiness for the moment the interoperability components go live.
2. State of play of interoperability framework systems
Under the interoperability framework the new EU large-scale information systems, the Entry-Exit-System3, the European Travel Information and Authorisation System (ETIAS)4, the European Criminal Records Information System for Third-country Nationals (ECRIS-TCN)5, the already existing but revised EU information systems – Schengen Information System (SIS)6 and Visa Information System (VIS)7, as well as Eurodac – will be interacting with one another through the newly established interoperability components and the tool for statistical reporting. The timeline described above is now seeing steady progress in the gradual entry into operation of the new and revised EU information systems.
On 7 March 2023, an important milestone was reached when the renewed SIS entered into operation, as the first element in the interoperability framework. The novelties of new types of alerts, more data categories and enhanced cooperation functionalities improve security and border management of the Schengen area. It does so by providing additional tools to combat criminality and terrorism, find missing persons, and protect vulnerable persons. It also allows to prevent and deter irregular migration and safeguard the rights of citizens. On 25 July 2023, Cyprus started to operate SIS, making it the 31st member country to use the system.
In preparation for the entry into operation of the EES, 15 implementing and delegated acts have been adopted.8 Although the project has experienced significant delays, the implementation of the system is now entering the final stages, both at central and national level. The resolution strategy developed by eu-LISA to overcome the project’s delays is bearing fruit. The successful release of the EES minimum viable product is an important first step that allows for technical and business testing of the system. To soften the impact of the of the EES going live on border crossing points, the Commission discussed precautionary measures with eu-LISA and the Member States, while Frontex is developing a mobile application that allows the pre-registration of data of third country nationals. The EES Practical Handbook has already been shared with the Member States to support the training of national authorities. In addition to this, the launch of the EES website with information for travellers and the preparation of an EES information campaign accompanying the start of operations will facilitate understanding of the new procedures at the external borders. The EES and the sBMS are now part of the first wave for the implementation of the Interoperability Framework, and are foreseen to enter into operation during the second half of 2024.
As regards the ETIAS, implementation activities are ongoing. Out of the 31 implementing and delegated acts that have to be adopted, five acts remain to be adopted and three acts are currently being finalised before their adoption. Two of the remaining delegated acts (on the duration of the transition and grace periods) can only be adopted once ETIAS has started. A global communication campaign is being prepared, including a dedicated ETIAS website, to ensure that travellers to Europe will be adequately informed about the new travel requirements in a timely manner. The ETIAS, together with the ESP and the CIR, are part of the second wave which should enter into operation in the first half of 2025.
The development of the ECRIS-TCN is progressing. The implementing act laying down measures for the technical development and implementation of the centralised system for the identification of Member States holding conviction information on third-country national and stateless persons has been adopted. eu-LISA is currently implementing the system. The ECRIS-TCN, together with the ESP, CIR and sBMS for ECRIS-TCN, will go live in the third wave, which is set for mid-2025.
The work on the revision of the VIS is underway since the adoption of amending Regulation (EU) 2021/1134. The current focus is on the preparation of the secondary legislation necessary for the development of the revised VIS. Six out of 12 acts have been adopted. The revised VIS, together with the MID, the last component of Interoperability, will go live in the fourth wave (second half of 2026). With the delivery of the MID, the MID Transitional Period will start9.
The Regulations will also be applicable to the revised Eurodac10.
3. State of implementation of interoperability by the Commission
The Regulations confer on the Commission the power to adopt delegated and implementing acts to supplement and implement certain detailed technical aspects of the Regulations. Some of these acts are necessary to fully enable eu-LISA to commence its design and development of the components in the context of the overall system architecture, especially as this requires defining technical specifications and preparing procurement procedures in order to work with contractors. Other acts are needed to lay down technical rules to facilitate the relevant authorities’ operations on the ground, for example through the use of standard forms and cooperation procedures to address security incidents.
The acts are adopted in close cooperation with Member States and relevant agencies as well as the European Parliament and the Council of the EU and are discussed in the committees and expert groups that have been established for that purpose. All acts required for the development of interoperability have been adopted (three delegated and ten implementing acts). Due to the adoption of the Revised VIS Regulation11, the VIS consequential amendments Regulation12 and the ETIAS consequential amendments Regulations13 on 7 July 2021, three acts14 had to be revised. The new texts are now considered stable and close to their final adoption. The power to adopt delegated acts is conferred on the Commission for a five year term by the Regulations. Due to the delays caused by the EES project and its effect on the entry into operation of the interoperability components, the Commission has requested an extension of the delegated powers. This is the only way to guarantee that the transitional period foreseen for the European search portal15 and the transitional period for the multiple-identity detection16 could be extended if necessary.
Pursuant to Article 77 of Regulation (EU) 2019/817 and Article 73 of Regulation (EU) 2019/818, the Commission is also mandated to make available a Practical Handbook for the Implementation and Management of the Interoperability Components. The Handbook is vital to support the users of the EU information systems (such as border, visa, immigration and law enforcement authorities) with ready-made, user-friendly guidance for using the features made available through interoperability. The Handbook is developed by the Commission in close cooperation with the Member States, eu-LISA, Europol, Frontex and the Fundamental Rights Agency. During the reporting period, seven expert group meetings and three joint-expert group meetings were organised to foster common understanding and to develop standard procedures and recommendations to be inserted in the Handbook. The first version of the interoperability Practical Handbook is planned to be ready by mid-2024.
The Commission is also developing a digital, easy to navigate version of the Handbooks in order to respond to the increasingly complex work environment of the users of the EU information systems. Due to the addition of features, like links requiring manual verification, users will need to perform operations sometimes involving several of the information systems and interoperability components at once. The online dissemination tool17 that is currently being set-up, will interlink all Handbook sections so that users can navigate through them from a systems perspective (e.g. EES or ETIAS) or from an end-users perspective (e.g. border guard or police officer). Depending on the users’ role, information and procedures will be filtered to display only the information relevant to that particular user. The SIS, EES, ETIAS and Interoperability Handbooks will be made available on the dissemination tool by the second quarter of 2024.
4. State of implementation of interoperability by Member States and Union agencies
The Regulations establish the governance framework comprised of the Interoperability Programme Management Board18 and the Interoperabiliy Advisory Group19 to ensure adequate design and development of the interoperability components and tools. Both bodies are under the umbrella of eu-LISA, with the Commission being a member of both. Technical implementation of the Regulations is discussed in these bodies and progress is monitored using a monthly/bi-monthly questionnaire on the technical preparations at Member States’ and relevant EU agencies’ level.
In order to assess the state of implementation beyond the technical preparations, the Commission organises at regular intervals the Forum on the implementation of the new architecture for EU information systems for borders, migration and security. The Forum is preceded by a questionnaire to all Member States and relevant EU agencies to gauge implementation levels. During the reporting period, the Commission organised two Forums (December 2022, November 2023) and launched two questionnaires (November 2022 and April 2023).
A small group of Member States can be identified as front-runners, while the other Member States are showing more modest progress. This is not yet a cause of concern but will be closely monitored to ensure timely readiness by all Member States. For the first time, the April 2023 questionnaire also focused on the steps taken at national level to get ready for the manual verification of links between data in the different EU information systems, which is the biggest change to current business operations for the authorities involved. About one third of the Member States and Schengen Associated Countries have started to develop national software for this purpose. Several Member States prefer eu-LISA to develop a central tool for this purpose and a request for its development has been filed during the reporting period. Furthermore, several Member States are planning for some level of centralisation to perform the manual verification more efficiently, which is a step welcomed by the Commission.
The Commission continues to monitor Member States’ implementation progress in order to identify areas of potential concern early on and ensure readiness for the start of operation of the EU information systems and their interoperability. During the reporting period, the Commission organised, with the support of eu-LISA, 56 meetings with Member States, Schengen Associated Countries, EU agencies and carriers.
5. Training needs
During the reporting period, the Commission supported Interoperability related trainings organised by CEPOL20. Six courses were organised during the reporting period. Three webinars on using interoperability to facilitate law enforcement access to data and three full-week courses, two on the Interoperability Regulations in general and one specific course on the MID and related operations.
The delays and rescheduling of the entry into operations of the revised and new EU information systems, will also affect the interoperability training schedule. This is particularly relevant for the preparatory training for the entry into operation of the MID. The MID is the last interoperability component to go live, but it has the biggest impact on business operations in the Member States and Frontex. To properly prepare end users, CEPOL will organise courses focussing on the MID process and links management.
The Commission is developing interoperability training material to support these training activities. A detailed training programme covering all aspects related to interoperability is being developed as well as shorter, more tailor-made training sessions for the different user communities.
6. EU funds
Expenditures during the reporting period are below the amounts estimated in the legislative financial statement and no risk of overspending has been identified to date. According to eu-LISA’s latest Interoperability Progress Report21, EUR 32.5 million has been paid to contractors and EUR 60.6 million has been contracted so far for development and implementation activities.
Member States are encouraged to make full use of the resources available under their Internal Security Fund programmes for the period 2014-2020, until the deadline for eligibility of expenditure lapses on 30 June 2024. Member States are also encouraged to use the resources for the further development and implementation of the interoperability of EU information systems that are available under their programmes, funded by the Instrument for Financial Support for Border Management and Visa Policy (BMVI) actions for the development and further implementation of the interoperability of EU information systems.
7. Conclusion
The implementation of interoperability is an essential part of the improved IT-architecture for new and upgraded EU information systems facilitating not only faster, more efficient and systematic access to data by border, visa, immigration and law enforcement authorities, but allowing also for smoother and safer border crossing for the millions of third-country nationals who visit the European Union every year.
The report shows steady progress during the period October 2022 - November 2023. The Commission is in the final stages of adopting three amended and delegated acts22 related to the Interoperability Framework. Work progressed steadily on the development of the Practical Handbook for the Implementation and Management of the Interoperability Components and a first version is expected by mid-2024, and the online dissemination tool for the interoperability Handbook and other Handbooks has also progressed. The state of implementation of the Regulations among Member States shows a small group of front-runner Member States and a large group making more modest progress. This is not yet a cause of concern, but close monitoring is required.
The impact of the obligation to manually verify links generated by the MID on the business operations of the authorities affected is considered to be substantial. The first in-depth inquiry into levels of preparedness showed positive results as efforts are underway in Member States taking account of these new obligations, but the preparatory work is far from completed. While the new date for the go live of the interoperability components, in particular the MID, offers some additional preparation time, this should not result in a slowing of the project’s momentum.
The Commission will continue to monitor progress closely and assess the risks for the implementation of the Regulations. It will continue to regularly engage with all stakeholders concerned in order to coordinate and monitor actions, identify areas of potential difficulty, reduce the risks related to the implementation of interoperability and support timely and efficient implementation of all projects in line with the agreed timeline. The Commission will also keep the Council and the European Parliament informed on progress achieved through annual reporting and through the proceedings of the Commission’s Committees and expert groups.
1 Regulation (EU) 2019/817 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA; and Regulation (EU) 2019/818 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816. Throughout the report these Regulations are referenced to as ‘the Regulations’.
2 In May 2023, eu-LISA developed a new resolution strategy by elevating the interaction level with the project Consortium's CEOs to ensure their commitment and resource allocation, implementing a gradual ‘build-up’ approach with a more secure timeline and agile working methods. The new minimal viable product (MVP) approach, endorsed by eu-LISA’s Management Board, aims to stabilise the implementation of EES by focusing on aspects that would add value for end-users and accelerate their preparations. The first release of the MVP, end of July 2023, is the first step of the resolution strategy. Subsequent steps concentrate on resuming Member State testing activities and the upgrade of the MVP improving the quality of the product.
3 Regulation 2017/2226 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011 (OJ L 327, 9.12.2017, p.20).
4 Regulation (EU) 2018/1240 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).
5 Regulation (EU) 2019/816 establishing a centralised system for the identification of Member States holding conviction information on third-country nationals and stateless persons (ECRIS-TCN) to supplement the European Criminal Records Information System and amending Regulation (EU) 2018/1726 (OJ L 135, 22.5.2019, p. 1).
6 Regulation 2018/1860 on the use of the Schengen Information System for the return of illegally staying third-country nationals (OJ L 312, 7.12.2018, p. 1);
Regulation (EU) 2018/1861 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006 (OJ L 312, 7.12.2018, p. 14);
Regulation (EU) 2018/1862 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 210/261/EU (OJ L 312, 7.12.2018, p. 56).
7 Regulation (EU) 2021/1134 amending Regulations (EC) No 767/2008, (EC) No 810/2009, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1860, (EU) 2018/1861, (EU) 2019/817 and (EU) 2019/1896 of the European Parliament and of the Council and repealing Council Decisions 2004/512/EC and 2008/633/JHA, for the purpose of reforming the Visa Information System (OJ L 248, 13.7.2021, p. 11).
8 An implementing act laying down rules on a functionality for the centralised management of lists of authorities for both Entry/Exit Systems and Visa Information System is under preparation at Commission level.
9 Article 69 of Regulation (EU) 2019/817, Article 65 of Regulation (EU) 2019/818.
10 Regulation (EU) 2024/1358 of the European Parliament and of the Council of 14 May 2024 on the establishment of ‘Eurodac’ for the comparison of biometric data in order to effectively apply Regulations (EU) 2024/1351 and (EU) 2024/1350 of the European Parliament and of the Council and Council Directive 2001/55/EC and to identify illegally staying third-country nationals and stateless persons and on requests for the comparison with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes, amending Regulations (EU) 2018/1240 and (EU) 2019/818 of the European Parliament and of the Council and repealing Regulation (EU) No 603/2013 of the European Parliament and of the Council
11 Regulation (EU) 2021/1134 for the purpose of reforming the Visa Information System (OJ L 248, 13.7.2021, p. 11)
12 Regulation (EU) 2021/1133 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the Visa Information System (OJ L 248, 13.7.2021, p. 1)
13 Regulation (EU) 2021/1150 amending Regulations (EU) 2018/1862 and (EU) 2019/818 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the European Travel Information and Authorisation System (OJ L 249, 14.7.2021, p. 1);
Regulation (EU) 2021/1151 amending Regulations (EU) 2019/816 and (EU) 2019/818 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the European Travel Information and Authorisation System (OJ L 249, 14.7.2021, p. 7);
Regulation (EU) 2021/1152 amending Regulations (EC) No 767/2008, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1860, (EU) 2018/1861 and (EU) 2019/817 as regards the establishment of the conditions for accessing other EU information systems for the purposes of the European Travel Information and Authorisation System (OJ L 249, 14.7.2021, p. 15);
14 C(2021)4982 supplementing Regulation (EU) 2019/817 with detailed rules on the operation of the central repository for reporting and statistics, C(2021)5052 laying down technical rules for European search portal user profiles, and C(2021)6176 laying down technical rules for creating links between data from different EU information systems.
15 Article 67(2) Regulation (EU) 2019/817, Article 63(2) Regulation (EU) 2019/818.
16 Article 69(8) Regulation (EU) 2019/817, Article 65(8) Regulation (EU) 2019/818.
17 The dissemination tool is a website whose access is restricted to the user community of the systems to which the Handbooks apply and hosted by the Commission’s IT service (DIGIT).
18 Article 54(4) Regulation (EU) 2019/817 and Regulation (EU) 2019/818.
19 Article 75 Regulation (EU) 2019/817, Article 71 Regulation (EU) 2019/818.
20 The European Union Agency for Law Enforcement Training.
21 Eighth progress report on the development of interoperability as per article 78(2) of Regulation (EU) 2019/817 and article 74(2) of Regulation (EU) 2019/818 (2023-215).
22 C(2021)4982, C(2021)5052, and C(2021)6176. See footnote 14 for the full titles.
EN EN