EUROPEAN COMMISSION

Brussels, 29.6.2017

COM(2017) 346 final

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL

on the functioning of the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA)

{SWD(2017) 249 final}
{SWD(2017) 250 final}

1. Introduction

The European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA or the Agency) was set up in 2011 by Regulation 1077/2011 1 (the establishing Regulation) to provide a long-term solution for the operational management, at central level, of large-scale IT systems in this area. The establishing Regulation was amended on 20 July 2015 by Regulation (EU) No 603/2013 (Eurodac recast Regulation) 2 to reflect the changes brought by this Regulation with regard to the Agency's tasks related to Eurodac.

eu-LISA currently manages the Visa Information System (VIS), the Schengen Information System (SIS) and Eurodac, i.e. the instruments essential for safeguarding the Schengen area and border management and for the implementation of asylum and visa policies. eu-LISA may also be made responsible for the preparation, development and operational management of other large-scale IT systems in the policy area if so provided by a relevant legislative instrument based on Articles 67 to 89 TFEU. eu-LISA began operations on 1 December 2012. In accordance with Article 31(1) of the establishing Regulation, the Commission carried out the first evaluation of the Agency in close consultation with the agency's Management Board. eu-LISA was also closely involved.

This report builds on the findings of the external evaluation of the action of the Agency which covered the period from December 2012 to September 2015. The establishing Regulation (Article 31(2)) provides that, on the basis of the evaluation, the Commission, after consulting the Management Board, issues recommendations regarding changes to the Regulation and forwards them together with the opinion of the Management Board, as well as appropriate proposals to the European Parliament, the Council and the European Data Protection Supervisor. This report focuses on the recommendations regarding changes to the establishing Regulation. An action plan to follow up the findings in the evaluation which do not need changes to the establishing Regulation was adopted by the Management Board of eu-LISA on 21 March 2017.

This report covers the outcome of the evaluation, as presented in the annexed Commission Staff Working Document on the evaluation of eu-LISA, and the external evaluation report 3 (section 2). The report puts the evaluation and the role of the Agency in a broader perspective and takes into account further factual, legal and policy developments (see section 3).

2. eu-LISA evaluation 2012-2015

2.1. Evaluation context

The evaluation of eu-LISA started just before the EU Agenda on security 4 and the EU Agenda on migration 5 were published in April and May 2015 respectively. These Communications outlined the direction for the development and implementation of EU policy to address the parallel challenges of migration management and the fight against terrorism, organised crime and cybercrime.

Both Agendas include direct references to the systems that eu-LISA operates at central level or is expected to develop and operate, subject to the adoption of the relevant legislative instruments.

Managing the external Schengen borders more efficiently implies making better use of the (new) opportunities offered by IT systems and modern technologies. The evaluation was carried out against the background of unprecedented migration flows as well as new security threats (the terrorist attacks) faced by Member States and European Council conclusions identifying the urgent need to tackle these phenomena with new vigour and tools 6 . These events and conclusions again highlighted the vital importance of the databases operated by the Agency for the day-to-day, effective and sustainable functioning of the Schengen area.

2.2. Findings of the evaluation

In general, the evaluation confirmed that the Agency effectively ensures the operational management of large-scale IT systems in the area of freedom, security and justice and fulfils the tasks laid down in the Regulation as well as new tasks entrusted to it. It also found that eu-LISA effectively contributed to the establishment of a more coordinated, effective and coherent IT environment for the management of large-scale IT systems supporting the implementation of Justice and Home Affairs (JHA) policies.

However, the evaluation also identified room for improvement. The vast majority of shortcomings can be remedied by structural, organisational or staffing changes or changes to eu-LISA's working practices and documents. However, in order to adapt the Agency’s mandate to ensure that it meets EU challenges in the area of migration and security, the evaluation identified the need for limited revision of, or extension of, the tasks entrusted to eu-LISA in the establishing Regulation and other relevant legal instruments.

The evaluation’s main findings 7 over the four assessment criteria are the following:

2.2.1. Effectiveness

eu-LISA effectively ensures the operational management of the three large-scale IT systems and has implemented effective organizational frameworks. However, important opportunities for improvement were identified in monitoring the performance of implemented IT processes. A risk was identified with regard to business continuity due to the absence of a unique and transversal Disaster Recovery Plan for the three systems. There are also missing key performance indicators, there is a lack of a systematic systems' capacity review and an insufficient incident notification process.

The inconvenience linked to the current division of responsibilities between eu-LISA and the Commission relating to the communication infrastructure 8 could be addressed by making the Agency fully responsible for the management of the communication infrastructure and transferring the related budget and tasks currently managed by the Commission. The current division of tasks is no longer contractually or otherwise necessary 9 and a transfer would streamline the relationship between the contractor and the Agency while minimising managerial and administrative overheads and related costs.

For the sake of effectiveness and further to the statistics currently published as required by the existing legal framework, an extended responsibility for eu-LISA in generating/publishing statistics for each system merits consideration. In the same vein, exploring the possibility of tasking eu-LISA with producing data quality and data analysis reports (i.e. analysis reports of data included in the systems by the Member States and requiring access to the data within the systems) could also prove opportune.

The monitoring of research is considered pertinent and necessary. However, the output is rather low so far and more attention should be paid to ensuring compliance with the mandate and consistency with other stakeholders' research activities.

Training activities are, in principle, in line with the needs of the national authorities. However further alignment of training with the technical needs would be necessary.

eu-LISA responded effectively to new tasks, in particular DubliNet, VISION and the implementation of the Smart Borders pilot project 10 .

The latter, which was well implemented otherwise, highlighted a need for the Agency to strengthen its financial management capacity in relation to EU grants management. The evaluation confirmed that if eu-LISA were to be tasked with the development of new large-scale IT systems, it could not manage this with current resources, lacking sufficient project management and development capacity. On partnership and synergies with other EU agencies, eu-LISA developed cooperative and effective working arrangements with the most relevant JHA agencies. However, the respect of its mandate should be ensured and a risk of losing focus on the core business priorities was identified, for example through eu-LISA's ambition to provide services to other agencies.

Another very important point involves making better use of the potential of the Advisory Groups by ensuring that they are consulted on the programming documents early enough and that they provide input. In addition, the Agency should strengthen its data protection support in Strasbourg, either by transferring the Data Protection Officer (DPO) from Tallinn to Strasbourg or appointing a deputy DPO there in order to enhance communication with the technical staff in Strasbourg and assisting them on data protection matters.

2.2.2. Efficiency

When implementing the tasks within its mandate, eu-LISA efficiently aligned functions, operations and internal processes with the management of an IT framework. However, it should review the allocation of resources to tasks to ensure that sufficient staff resources are available for project management based on project needs. eu-LISA progressively developed a procurement strategy and contracting arrangements. The Agency also made some progress on the rigor and clarity of the key programming and reporting documents which are the major source for overall assessment of performance. However, there is still room for improvement in the programming and reporting mechanisms and their transparency. On organisational solutions, human resources and procedures, the Agency acted consistently in line with the budgetary process but in addition to duly involving all parties concerned including the technical staff of the Agency who could potentially provide greater input into the budgetary process if their role was enhanced, it could also involve the Advisory Groups more by providing them with all relevant information regarding the projects they have to assess with a view to giving proper advice to the Management Board.

The evaluation paid particular attention to the multi-site arrangement. The comparative analysis of all alternative scenarios described in detail in the external evaluation report provided the necessary reassurance that the security considerations for establishing the main site and the backup site of the systems in France and Austria respectively are still valid. The same applies regarding the political considerations for establishing the seat of the Agency in Estonia 11 . The additional direct and indirect costs 12 linked to the multi-site arrangement of the Agency are therefore considered justified and reasonable.

On planning, eu-LISA implemented adequate processes to prepare the annual work programme and budget. It also introduced adequate and appropriate accounting practices and systems, in line with general practices in the EU. This could be further enhanced by more inclusive involvement of the stakeholders and the Advisory Groups in particular by:

·carrying out systematic ex-ante and ex-post evaluations of programmes and activities which entail significant spending as required by Article 29(5) of Commission Delegated Regulation (EU) No 1271/2013 13 and of the Agency's Financial Regulation 14 , and

·by linking, in a more synchronised and transparent manner, budget reporting to the implementation of the annual work programme. In addition, setting up an activity-based management system and more detailed multi-annual budget forecasting would allow eu-LISA to have a better financial overview of its activities while making its planning easier.

In general, eu-LISA dealt efficiently with new tasks. However, it could manage the use of external resources better by strengthening in-house capacities and becoming less dependent on external contractors. eu-LISA also established appropriate policies, processes and procedures to govern, structure and organise operations. However, the Agency should take actions to update them regularly. Governance worked in line with the governance provisions in the establishing Regulation and the Rules of procedure 15 . However, the participation of the Advisory Groups should be improved by increasing their active and timely involvement preparing the Management Board documents (in particular the annual work programmes and activity reports) as well as in assessing and prioritising of projects envisaged by eu-LISA. The use of the written procedure should be reviewed so that important decisions that have a significant financial impact and need to be discussed in the Management Board are not silently adopted.

2.2.3. Coherence

With the exception of occasional interventions that were inconsistent with the Commission's policy line or that misinterpreted its mandate, eu-LISA acted, overall, in coherence with the main stakeholders, whether the Commission and other institutions or the Member States and Associated Countries.

The Agency made commendable efforts to establish a sound cooperation strategy to engage with different stakeholders in a structured way by adopting a Stakeholder Management Strategy.

On effective cooperation with the Commission, a strong framework exists in the establishing Regulation and the Memorandum of Understanding between the Commission and the Agency 16 . However, the preparation, as well as the content, of eu-LISA programming documents could be improved and strictly aligned with its mandate and the Commission's opinions. As underlined in the assessment of the Agency's effectiveness, the evaluation concluded that it is advisable to transfer the Commission's responsibilities relating to the communication infrastructure to the Agency to improve coherence regarding the management of related tasks. The Agency has the technical competence and capacity to deal with these tasks and their transfer could also lead to enhanced efficiency.

2.2.4. Relevance and added value

In general, the evaluation provided the necessary reassurance that the creation of eu-LISA has provided an added value, in particular by bringing the three systems together ‘under one roof’, pooling expertise, harnessing synergies and allowing a more flexible framework than was possible before. eu-LISA's main success since its establishment has been its ability to ensure a uniform and stable environment for the operation and the maintenance at central level of the systems. This contributed to a coordinated, effective and coherent IT environment for the management of IT systems supporting the implementation of JHA policies. The establishment of a single management authority to assume operational management of the three IT systems creates a high level of added value, to the extent that the Agency carries out its tasks in an effective and efficient manner.

However, according to the evaluation, it is not yet possible to say whether the creation of eu-LISA has led to efficiency gains through economies of scale. An overall comparative assessment of the costs could not be carried out due to a difference in how the costs were recorded before and after the systems were transferred to the Agency and the lack of an internal recording process to measure all costs associated with each system.

The comparison of operational costs identified the need for the Agency to ensure that costs are clearly recorded for each system (activity-based management) in order to ascertain whether gains in efficiency have been achieved. Although synergies were clearly created at an administrative and organisational level, a service-oriented architecture for the IT systems is still being developed.

3. Developments after the evaluation period

The evaluation of eu-LISA coincided with the first evaluation of the SIS II 17 and VIS 18 legislative frameworks. Similarly, as a part of work on the future architecture of the EU's asylum policy, a Communication 19 and legislative proposals were adopted by the Commission, including a proposal for review of the Dublin Regulation 20 which entrusts eu-LISA with the development and operational management of a new automated system 21 . The legislative package also includes a proposal to review the Eurodac Regulation 22 , which extends the system's scope. Both initiatives will have an impact on eu-LISA.

Another major contribution from the Commission is the Communication on Stronger and Smarter Information Systems for Borders and Security of April 2016 23 . The Communication, whose main aim is the enhanced interoperability of information systems, envisages new tasks for the Agency, some of which will be carried out jointly with the Commission while others will be carried out also with the Member States. It stipulates that the Commission will examine the possibility of establishing a new system, the European Travel Information and Authorisation System (ETIAS). The Commission adopted the ETIAS proposal in November 2016 24 and it is now being examined by the European Parliament and Council. The innovative solutions identified in the Communication are also reflected in the Roadmap to enhance information exchange and information management including interoperability solutions in the Justice and Home Affairs area, endorsed by the June 2016 Justice and Home Affairs Council 25 .

In line with the Communication, the Commission set up a High Level Expert Group to address the legal, technical and operational aspects of different options in order to achieve interoperability of information systems in the area of border management and security. Following the findings of the Expert Group in its final report 26 , the Commission presented further concrete ideas to the European Parliament and the Council in the Seventh progress report towards an effective and genuine Security Union as the basis for a joint discussion on the way forward 27 . Alongside with the April 2016 Communication, the Commission tabled a proposal for an Entry/Exit System 28 which could become, subject to its adoption by the co-legislators, the first large-scale IT system actually developed by eu-LISA.

In developing and implementing the aforementioned tasks, eu-LISA will have to take into account the fundamental right to protection of personal data as recognised in Article 8 of the Charter of Fundamental Rights, and in particular the purpose limitation principle of that right. 29 In exploring interoperability of large scale systems special consideration should be given to data protection by design requirements as mentioned in Article 25 of the new General Data Protection Regulation and Article 20 of the Data Protection Police Directive which will apply respectively from 25 May 2018 and from 5 May 2018.

When considering possible amendments to the establishing Regulation, the Commission needs to take account of relevant changes made to EU legislation since the Agency was established (such as the Financial Regulation and the Framework Financial Regulation) 30 and changes that derive from the Common Approach annexed to the Joint Statement of the European Parliament, the Council of the EU and the European Commission on decentralised agencies of 19 July 2012 (Common Approach). It also needs to reflect the legal changes deriving from the evaluation of the SIS II. With increasing experience in operating the systems at central level and with a view to enhanced efficiency, eu-LISA itself has suggested, in its programming documents, some ideas for improving several aspects of the current technical set-up of the systems, which could require amendments to the establishing Regulation and/or the systems' Regulations.

The establishing Regulation responds to the legal, political and economic environment in which the Agency was created. The outcome of the evaluation (see section 2) and these factual, legal and policy developments provide an opportunity to adapt eu-LISA's mandate to its growing potential to contribute further to new EU needs and develop the new interoperability approach. For example, extending the mandate to provide, in specific circumstances, support to Member States that are responsible for the operation of the national components of the systems, merits consideration. This must also be viewed in the light of eu-LISA's intervention in Greece following the refugee crisis 31 .

As set out in the Communication on Programming of human and financial resources for decentralised agencies 2014-2020 32 , which set the programming on staffing and subsidy levels for each decentralised agency, this programming has to be compatible with a 5 % staff reduction over five years, applicable to all institutions, bodies and agencies. eu-LISA was, in light of its recent creation, not requested to reduce staff over the period 2013-2015.

Modifications to the establishing Regulation will therefore need to balance the political, legal and financial realities with the main objective of ensuring that eu-LISA retains sufficient capacity to focus on delivering its core tasks. These include the evolution of current systems, the envisaged development of the EES, ETIAS and the new automated system for the registration of applications for international protection and the monitoring of each Member States' share in all applications and of the corrective allocation system.

It can be reasonably expected that the contribution of eu-LISA to a coordinated, effective and coherent IT environment for the management of IT systems supporting the implementation of the JHA policies will increase progressively, through providing a professional and stable environment for supporting the development, operational management and evolution of the IT systems including their interoperability, where needed and allowed by the legal framework of the systems.

The potential of eu-LISA to provide further added-value to the actions of its stakeholders will grow with time and technological and policy developments. As well as eu-LISA's long-term ambition to become a centre of excellence, there are increasing requests for ad hoc support to its stakeholders such as the assistance in early 2016 to the Greek authorities to increase the server capacity of Eurodac. Similarly, eu-LISA could assist with providing input on technical issues related to existing or new systems to the relevant Commission services, at the latters' request. However, there are clear legal and financial limitations to what eu-LISA can deliver.

4. Recommendations for change to the establishing Regulation

4.1. Recommendations made in the evaluation

The recommendations for legislative amendment to the Agency Regulation, set out in the external evaluation, are summarised in the Commission Staff Working Document annexed to this report. They include the following recommendations:

-The Commission's responsibilities relating to the communication infrastructure should be transferred to eu-LISA. This amendment will require amendment to the systems' instruments. It will entail a transfer of the relevant budget.

-A new provision on the cooperation framework of eu-LISA with other JHA agencies should clarify the scope of cooperation within the eu-LISA mandate.

-An interim report should be adopted by the Management Board by the end of August each year on progress made on the implementation of planned activities covering the first six months of that same year.

-An extension of the scope of pilot schemes that can be entrusted to eu-LISA by the Commission (Article 9) should be considered. The scope is currently limited to pilot projects referred to in Article 54(2) a) of the Financial Regulation i.e. which may be implemented without a basic act: This should be extended at least to pilot projects with an existing basic act.  

The external evaluation also recommended that a risk and ex-ante assessment should be prepared for projects of more than over EUR 500 000 EUR that are carried out by eu-LISA within its current mandate (i.e. not derived from a legislative instrument entrusting it with a new system for which an impact assessment will be provided by the Commission) This is an important recommendation that shall be appropriately addressed by eu-LISA. However, it does not require a change of the Agency Regulation since Article 29(5) of Commission Delegated Regulation (EU) No 1271/2013 and of the Agency's Financial Regulation already requires ex-ante and ex-post evaluations of programmes and activities which entail significant spending.

The external evaluation also made other recommendations for amendments to the Agency's mandate of the Agency. These should be inserted in the systems' legislative instruments and would not require an amendment to the Agency Regulation as regards the statistics:

-an extended responsibility for eu-LISA in generating/publishing the statistics for each system;

-a new task for eu-LISA to produce data quality and data analysis reports. These amendments would be subject to compliance with the data protection legislative framework.

4.2 Recommendations following from later policy, legal or factual developments

The recommendations for amendments to the Agency Regulation that derive from the policy, legal or factual developments as referred to under point 3 can be summarised as follows:

-possible changes stemming from proposals revising the SIS legislative instruments and from the revised Eurodac recast should be reflected in the Agency Regulation;

-changes to allow eu-LISA to carry out the tasks referred to in the Commission's Communication on Stronger and Smarter Information Systems for Borders and Security of 6 April 2016 and the Seventh progress report towards an effective and genuine Security Union of 16 May 2017, including by way of studies or testing activities should be inserted as appropriate;

-changes derived from amended EU legislation should be inserted as required (such as the Financial Regulation and the Framework Financial Regulation);

-changes derived from the adoption by the co-legislators of Commission proposals that entrust new systems to the Agency such as the EES or Dublin recast proposals should be reflected;

-changes derived from eu-LISA's programming documents on technical development such as the active/active configuration of the central systems should be reflected where justified;

-changes derived from the Common Approach should be incorporated;

-changes to allow eu-LISA to provide advice to Member States with regard to the national systems' connection to the central systems and for ad hoc assistance and support to Member States (such as the support provided in the Greek hotspot), where requested, should be foreseen;

-changes to allow eu-LISA to provide assistance or support to the relevant Commission services on technical issues related to existing or new systems, where requested;

-a change to Article 1(3) should be introduced in order to make it clearer that the Agency could be made responsible for existing systems that could be transferred to it.

5. Conclusion

5.1. Outcome of the evaluation

The first evaluation of the Agency confirmed that, similar to the systems under its operational management that are vital for the functioning of the ever-evolving Schengen area, eu-LISA is a well performing and increasingly important agency.

The decision to establish a dedicated European Union agency, entrusted with the operational management of SIS, VIS and Eurodac as well as with the preparation, development and operational management of similar systems therefore proved to be fully justified.

The evaluation also confirmed that the functioning of the Agency is work in progress. While it would be unrealistic to expect the Agency to reach full maturity in its first three years, eu-LISA has established itself as a reliable provider of operational management of SIS, VIS and Eurodac, as well as additional tasks. It is also an important stakeholder for European Institutions and other JHA agencies.

The evaluation also made suggestions for improving the implementation of the current mandate and identified limitations to extending the mandate. 

Although the Agency proved that it can do more with the same level of resources and can adapt with a high degree of flexibility to new needs, the evaluation also concluded that, should eu-LISA be made responsible for new IT systems, it would not be able to manage this with the resources available. Against the background of the migration and security challenges, it is clear that in the coming years, eu-LISA will continue to be extremely busy with fulfilling its main mission (i.e. the operational management of SIS II, VIS and Eurodac, their envisaged evolution and interoperability, as well as the development and operational management of future large-scale IT systems in the area of freedom, security and justice).

Accordingly, the focus must be on ensuring that the Agency has the capacity to manage its core business. To lessen the risk of eu-LISA being unable to fulfil requests resulting from the very dynamic developments in this policy area, the Agency will need to engage more with its stakeholders, primarily the Member States and the Commission; the Management Board and the Advisory Groups will serve as the main platforms for this. The prioritisation of core tasks and continuous cost-efficiency improvements should be the key to success.

5.2. Next steps

In addition to this report and its recommendations, the Commission is tabling a proposal on the same date as this report to amend the establishing Regulation and the systems' instruments where necessary.

In addition to incorporating the changes stemming from the external independent evaluation, in particular the transfer of the Commission's responsibilities relating to the communication infrastructure to eu-LISA, the proposal will align the establishing Regulation with the updated instruments applicable to the functioning of EU agencies, such as the Financial Regulation and with the Common Approach. It will also take account of the proposals that revise the SIS legislative instruments and the proposal that revised the Eurodac recast Regulation.

The possible new tasks for the Agency envisaged in the Communication on Stronger and Smarter Information Systems for Borders and Security and in the Seventh progress report towards an effective and genuine Security Union will also need to be reflected in the Agency Regulation.

Other changes will include further specific enlargement of the scope of the Agency's mandate such as the possibility to provide ad hoc support to the Member States as well as changes deriving from technical developments where justified.

Finally, alongside the amendments required by the future adoption of the EES proposal, the establishing Regulation would also need changes triggered by other proposals that envisage development or operational management related tasks for eu-LISA.

The amendments described above are essentially technical in the sense that they are either required to improve the functioning and operational effectiveness of the Agency or because of other legislative and policy developments i.e. entrusting it with new systems or tasks. These amendments would extend the mandate of the Agency in a limited way and have been assessed primarily against the financial and human resources, including the budgetary reinforcements that were proposed by the Commission for eu-LISA under the ongoing legislative procedures for EES, Eurodac, Dublin II, SIS and ETIAS.

(1)

     OJ L 286, 1.11.2011, p.1.

(2)

     OJ L 180, 29.6.2013 p.1.

(3)

    http://bookshop.europa.eu/is-bin/INTERSHOP.enfinity/WFS/EU-Bookshop-Site/en_GB/-/EUR/ViewPublication-Start?PublicationKey=DR0116464  

(4)

     COM(2015) 185 final, 28.4.2015.

(5)

     COM(2015) 240 final, 13.5.2015.

(6)

     EUCO 22/15, EUCO 26/15, EUCO 28/15, EUCO 1/16, EUCO 12/1/16 REV 1.

(7)

     For details on all findings please refer to the external evaluation report (http://bookshop.europa.eu).

(8)

See Article 7(2) of Regulation (EU) No 1077/2011.

(9)

With the exception of systems using the EuroDomain like Eurodac.

(10)

     See the annexed Commission Staff Working Document, notably section 1.1, p.3 (DubliNet, VISION, Smart Borders pilot) and section 2.1, p.4 (Smart Borders Pilot).

(11)

     At the European Council of December 2003, the Member States agreed to give priority to newly acceding states in the distribution of the seats of Community offices or agencies to be set up in the future. According to the conclusions of this European Council, seats of future offices or agencies should be primarily located in the Member States that acceded to the Union in or after 2004. The European Council of June 2008 recalled the 2003 conclusions agreeing further that appropriate priority should be given to the Member States that do not already host an EU office or agency. The choice of the co-legislators of Tallinn as the seat for eu-LISA was based on the joint offer of Estonia and France according to which the seat of the Agency would be Tallinn while the technical site would stay in Strasbourg where the systems were already being developed.

(12)

     Tangible costs include the mission costs for travel between sites, parallel procedures for procurement, multiple contractors for service providers (e.g. cleaning, security) or missed opportunities for economies of scale in running costs. Examples of intangible disadvantages are negative impacts on the fluidity of communication between sites (further compounded by the functional divide between Tallinn and Strasbourg), inherent management challenges imposed by geographical distance, retaining and attracting skilled labour or the impediment to the emergence of a strong and unified organisational culture.

(13)

     Commission Delegated Regulation (EU) No 1271/2013, OJ L 328 of 7.12.2013, p. 42.

(14)

     In its opinion on the 2017 Annual Work Programme of eu-LISA, the Commission recalled that in accordance with the Commission's Secretariat General IT Governance charter applicable as of 14.2.2011, for all projects with a price tag higher than EUR 500.000 a "Vision Document" should be drafted assessing the legal, technical, financial and organisational aspects as well as the multiannual dimension of the projects.

(15)

     As revised by document 2015-153 adopted at the 11th Management Board meeting of eu-LISA (17-18 November 2015).

(16)

     C(2014) 3486 final.

(17)

   COM(2016) 880 final, 21.12.2016.

(18)

   COM(2016) 655 final, 14.10.2016.

(19)

     COM(2016) 197 final, 6.4.2016.

(20)

     COM(2016) 270 final, 4.5.2016.

(21)

     An automated system that will allow for the registration of all applications for international protection and for the monitoring of each Member State's share in all applications and of the corrective allocation system.

(22)

   COM(2016) 272 final, 4.5.2016.

(23)

     COM(2016) 194 final, 6.4.2016.

(24)

     COM(2016) 731 final, 16.11.2016.

(25)

     9368/16, 6.6.2016.

(26)

      http://ec.europa.eu/transparency/regexpert/index.cfm?do=groupDetail.groupDetailDoc&id=32600&no=1

(27)

     COM(2017) 261 final, 16.5.2017.

(28)

     COM(2016) 194 final, 6.4.2016.

(29)

     Article 4(1)(b) of Regulation (EC) No 45/2001, Article 6(1)(b) of Directive 95/46/EC later replaced by Article 5(1)(b) of Regulation (EU) 2016/679, OJ L 119, 4.5.2016, p. 1–88, Article 3 of Council Framework Decision 2008/977/JHA, later replaced by Article 4(1)(b) of Directive (EU) 2016/680, OJ L 119, 4.5.2016, p. 89–131.

(30)

     Regulation (EU, Euratom) 2015/1929, L 286 of 30.10.2015, p. 1. Commission Delegated Regulation (EU) No 1271/2013, OJ L 328 of 7.12.2013, p. 42.

(31)

     The Commission requested eu-LISA to provide support, in early 2016 during the refugee crisis, to a Greek "hotspot" with regard to increasing the server capacity for Eurodac as well as to participate in the EU regional task forces (EURTF) in Piraeus and Catania. It cannot be excluded that such ad hoc support might be required in the future in other areas.

(32)

    COM(2013) 519 final, 10.7.2013.