Second generation Schengen Information System (SIS II) – former 3rd pillar decision

The second generation Schengen Information System (SIS II) will replace the current system, providing enhanced functionalities. It is currently undergoing extensive testing in close cooperation with European Union (EU) countries and associated countries participating in the Schengen area.

The SIS II Decision constitutes the necessary legislative basis for governing SIS II for matters falling under Title VI of the Treaty on European Union (former third pillar). It includes provisions on the technical aspects and operation of SIS II, responsibilities of the management authority and of participating countries, processing of data relating to alerts that will be contained in the system and conditions for data access and protection. More specifically, it defines the alerts on persons and objects that will be entered in SIS II for facilitating police and judicial cooperation in criminal matters. It also includes provisions on the conditions and procedures for issuing these alerts and on the authorities that will have a right to access this data.

ACT

Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second generation Schengen Information System (SIS II).

SUMMARY

The second generation Schengen Information System (SIS II) will be a large-scale information system containing alerts on persons and objects. It will be used by border guards, customs officers, visa- and law-enforcement authorities throughout the Schengen area, with a view to ensuring a high level of security. This new system is currently undergoing extensive testing in close cooperation with European Union (EU) countries and associated countries participating in the Schengen area (referred to below as the Member States) and will replace the current system, providing enhanced functionalities.

The legislative basis for SIS II is based on two acts, the SIS II Decision and the SIS II Regulation, which complement each other. Both have a number of common articles, complemented by a set of specific provisions governing the use of the system for the specific area covered by that instrument.

Specific provisions in the SIS II Decision govern its use for purposes covered by Title VI of the Treaty on European Union (former third pillar). In particular, the decision defines the categories of data (alerts on persons and objects) to be entered in the system for supporting operational cooperation between police and judicial authorities in criminal matters, the purposes for which these data are to be entered, the criteria and procedures for entry and processing of these data, and the authorities that will have a right to access these data. The decision also includes specific provisions on data processing and protection with respect to these categories of data.

Alerts included in SIS II

The decision specifies that the following categories of alerts will be included in SIS II, in order to support operational cooperation between police and judicial authorities in criminal matters:

• alerts on persons wanted for arrest for surrender purposes on the basis of a European Arrest Warrant and persons wanted for extradition purposes;
• data on missing persons who need to be placed under police protection and/or whose whereabouts need to be ascertained;
• alerts on persons sought to assist with a judicial procedure;
• alerts on persons or vehicles, boats, aircraft and containers for discreet or specific checks for the purposes of prosecuting criminal offences and for the prevention of threats to public security;
• data on objects sought for the purposes of seizure or use as evidence in criminal proceedings.

Once SIS II becomes operational, the following provisions and procedures will apply in relation to alerts:

• in the case of a wanted person, the alert will be equivalent to a European Arrest Warrant or a request for provisional arrest (in extradition cases); the competent authority will act accordingly;
• in the case of a missing person, the authority will report when that person has been located and the action taken as requested by the authorities creating the alert;
• in the case of a person sought in connection with judicial proceedings, the authority will act as requested by the SIRENE Bureau;
• in relation to alerts concerning serious crime or threats to public security, the authority will carry out a discreet or a specific check according to the request of the authority creating the alert and if this is in compliance with national legislation in the Member State locating the person;
• if a Member State authority discovers an object that is covered by an alert in SIS II for seizure or use as evidence in criminal proceedings, it will seize the object or take all the necessary protective measures.

Access to and processing of SIS II data

A Member State issuing an alert will be responsible for ensuring that the data are accurate, up-to-date and lawfully entered in SIS II. Only the Member State issuing an alert will be authorised to modify, add to, correct, update or delete data that it has entered.

Rules on access to SIS II data in the decision are the same as those in the regulation. However, the decision also provides for access to SIS II data by specifically authorised staff of Europol and national members of Eurojust and their assistants. These bodies may only access the specific data that they require for the performance of their tasks.

In general, alerts on persons and objects should only be retained in SIS II for the time required to achieve the purposes for which they were entered. Both the decision and the regulation specify that Member States should review the need to keep an alert on a person within three years of its entry into SIS II. The decision adds additional safeguards by reducing this period to one year for alerts on persons for discreet or specific checks. Member States may set shorter review periods in accordance with national law. The decision also contains specific provisions on the maximum periods for retaining alerts on objects (5 or 10 years depending on the type of alert).

Data protection

The data protection provisions in the decision and regulation are largely similar. However, the decision invokes the Council of Europe Convention of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data according to which personal data in relevant SIS II alerts concerning police and judicial cooperation in criminal matters must be protected and as the basis for defining categories of data whose processing in SIS II will be prohibited.

Final provisions

The SIS II Decision will apply to the Member States participating in the current Schengen Information System (SIS 1+) from the date to be set by the Council (acting by unanimity of its members representing the governments of the Member States participating in SIS 1+) once all necessary technical preparations have been completed at central and Member State level and once all implementing measures have been adopted. Precise information on this matter is given in Article 71 of the decision and in the legal instruments governing migration from SIS 1+ to SIS II.

Three years after the SIS II is brought into operation, and then every four years, the Commission will produce an overall evaluation of the Central SIS II and the bilateral and multilateral exchanges of supplementary information between Member States. It will transmit the evaluation to the European Parliament and the Council.

The United Kingdom and Ireland are participating in aspects of SIS II falling under this decision.

RELATED ACTS

Commission Decision 2010/261/EU of 4 May 2010 on the Security Plan for Central SIS II and the Communication Infrastructure [Official Journal L 112 of 5.5.2010]. This decision provides for the organisation of the security of the Central SIS II and its communication infrastructure, and establishes a security plan for both. The purpose is to ensure protection against any threats to their availability, integrity and confidentiality. The Commission is responsible for implementing and monitoring the security measures for the communication infrastructure and, during the transitional period, for the Central SIS II. Once the management authority becomes operational, it must adopt its own security plan for the Central SIS II.

For monitoring the implementation of the security measures, the Commission designates a System Security Officer. A Local Security Officer is designated for the Central SIS II and for the communication infrastructure. They are responsible for implementing and monitoring the security measures and procedures in the principal CS-SIS, including the backup CS-SIS, and in the communication infrastructure respectively.

The System Security Officer, in cooperation with the Local Security Officers, prepares a security policy that provides detailed measures and procedures for protecting the Central SIS II and the communication infrastructure. Among others, the policy provides measures for controlling:

• access to data processing facilities;
• removable media containing data and any other important assets;
• storage of data;
• passwords;
• access to SIS II hardware and software;
• communications through the communication infrastructure.

It also lays down security measures in relation to human resources, defining for example the functions and responsibilities of staff that have access to the Central SIS II.

Commission Decision 2008/334/JHA of 4 March 2008 adopting the SIRENE Manual and other implementing measures for the second generation Schengen Information System (SIS II) [Official Journal L 123 of 8.5.2008]. The alerts in SIS II will contain a set of data that is absolutely necessary for identification of a person or object sought. In cases where the future end-users (officers from the competent national authorities) need to take action after obtaining a matching alert, they will require supplementary information on this alert (information that will not be contained in SIS II, but that will be connected to SIS II alerts).

National offices known as SIRENE Bureaux (Supplementary Information Request at the National Entries) have been set up in all Schengen countries to assist with obtaining supplementary information for SIS by acting as the contact points between a Member State creating an alert and one achieving the match. The same offices will be used for SIS II.

The SIRENE Manual is a set of instructions indicating both the general and specific procedures that competent authorities will have to follow for exchanging supplementary information on the following categories of alerts:

• alerts for refusal of entry or stay (first pillar);
• alerts for arrest for surrender or extradition purposes (this and the following categories fall under the third pillar);
• alerts on missing persons;
• alerts on people sought for a judicial procedure;
• alerts for discreet and specific checks;
• alerts on objects for seizure or use as evidence.

The purpose will be to assure communication among Member States, in particular when entering an alert, acting on an alert, handling multiple alerts, and dealing with the quality of SIS II data or with rights of access.

The implementing measures cover SIS II aspects that, due to their technical nature, level of detail and need for regular updating, are not covered exhaustively by the SIS II legal instruments.

As is the case for other instruments related to SIS II, there are two legal instruments (Commission decisions) for the SIRENE Manual and implementing measures: one for the first pillar (Annex of Decision 2008/333/JHA) and one for the third pillar (Annex of Decision 2008/334/JHA). The Annexes to both decisions are identical.

See also

• Texts relating to Schengen Information System (SIS II) on the website of the European Commission Directorate-General for Home Affairs
• Glossary entry “Area of freedom, security and justice” for information on changes brought by the Lisbon Treaty upon its entry into force in December 2009

Last updated: 13.07.2010