EUROPEAN COMMISSION

Brussels, 8.12.2021

SWD(2021) 374 final

COMMISSION STAFF WORKING DOCUMENT

IMPACT ASSESSMENT REPORT

Accompanying the document

DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

on information exchange between law enforcement authorities of Member States, repealing Council Framework Decision 2006/960/JHA

{COM(2021) 782 final} - {SEC(2021) 420 final} - {SWD(2021) 377 final}

Table of contents

Glossary    

1.    Introduction: Political and legal context    

1.1.    Background    

1.2.    Recent developments    

1.3.    The Police Cooperation Code    

2.    Problem definition    

2.1.    Problem 1: Rules at national level impede the effective and efficient flow of information    

2.1.1.    What is the problem?    

2.1.2.    What are the problem drivers?    

2.1.3.    How will the problem evolve without intervention?    

2.2.    Problem 2: Structures at national level are not set up and equipped in a sufficiently efficient and effective manner    

2.2.1.    What is the problem?    

2.2.2.    What are the problems drivers?    

2.2.3.    How will the problem evolve without intervention?    

2.3.    Problem 3: The free choice of communication channel(s) between Member States causes recurrent duplication of requests    

2.3.1.    What is the problem?    

2.3.2.    What are the drivers?    

2.3.3.    How will the problem evolve without intervention?    

3.    Why should the EU act?    

3.1.    Legal basis    

3.2.    Subsidiarity: Necessity of EU action    

3.3.    Subsidiarity: Added value of EU action    

4.    Objectives: What is to be achieved?    

4.1.    General objective    

4.2.    Specific objectives    

5.    What are the available policy options?    

5.1.    Baseline representing current situation    

5.2.    Description of policy options    

5.2.1.    Objective I: Facilitate equivalent access for law enforcement authorities to information held in another Member State, while complying with fundamental rights and data protection requirements    

5.2.2.    Objective II: Ensure that all Member States have an effective functioning Single Point of Contact (SPOC), including when a judicial authorisation is required to provide the data upon request of another Member State, and ensuring its effective cooperation with Police and Customs Cooperation Centres (PCCCs)    

5.2.3.    Objective III: To remedy the proliferation of communication channels used for law enforcement information exchange between Member States while empowering Europol as the EU criminal information hub for offences falling within its mandate (unless otherwise regulated by EU law)    

5.3.    Options discarded at an early stage    

6.    What are the impacts of the policy options?    

6.1.    Fundamental Right expected impacts    

6.2.    Objective I: Facilitate equivalent access for law enforcement authorities to information held in another Member State, while complying with fundamental rights and data protection requirements    

6.3.    Objective II: Ensure that all Member States have an effective functioning Single Point of Contact (SPOC), including when a judicial authorisation is required to provide the data upon request of another Member State, and ensuring its effective cooperation with Police and Customs Cooperation Centres (PCCCs)    

6.4.    Objective III: To remedy the proliferation of communication channels used for law enforcement information exchange between Member States while empowering Europol as the EU criminal information hub for offences falling within its mandate (unless otherwise regulated by EU law)    

7.    How do the options compare?    

7.1.    Objective I: Facilitate equivalent access for law enforcement authorities to information held in another Member State, while complying with fundamental rights and data protection requirements    

7.2.    Objective II: Ensure that all Member States have an effective functioning Single Point of Contact (SPOC), including when a judicial authorisation is required to provide the data upon request of another Member State, and ensuring its effective cooperation with Police and Customs Cooperation Centres (PCCCs)    

7.3.    Objective III: To remedy the proliferation of communication channels used for law enforcement information exchange between Member States while empowering Europol as the EU criminal information hub for offences falling within its mandate (unless otherwise regulated by EU law)    

8.    Preferred policy option: a game changer for law enforcement cooperation    

8.1.    Overview of the preferred policy option    

8.2.    Preferred policy option cumulated advantages and disadvantages    

8.3.    Main types of costs expected to be reduced/increased with the preferred policy option    

9.    How will actual impacts be monitored and evaluated?    

Annex 1: Procedural information    

Annex 2: Stakeholder consultation    

Annex 3: Who is affected and how?    

Annex 4: Supporting information on the high-level problems and their impacts on the core problems    

Annex 5: Supporting information on the problems 1, 2 & 3    

Annex 6: Questionnaire for consultations    

Annex 7: Discarded options    

Annex 8: Ad hoc workshops (summaries)    

Annex 9: Complementary information on the expected effects of the policy options in the Member States    

Annex 10: Complementary information on the political feasibility of envisaged measures    

Glossary

1.1.    Introduction: Political and legal context

1.1. Background

Security and cross-border crime are, by definition, international issues. As set out in the EU Security Union Strategy, Europe faces evolving and increasingly complex security threats. These threats spread across borders and manifest themselves in organised crime groups that engage in a wide range of criminal activities. According to the EU Serious and Organised Crime Threat Assessment 2021 (SOCTA), more than 70% of organised crime groups are present in more than three Member States 1 . The 2021 SOCTA and the EMCDDA European Drug report 2  outline a number of areas where serious and organised crime appears to be on the rise 3 . At the same time, as set out in the December 2020 Counter-Terrorism Agenda, the EU remains on high terrorist alert 4 .

The SOCTA also outlines ways in which serious crime is evolving. Notably, technological advancements have created opportunities for new types of cross-border crime, and for modernising traditional forms of crime. Linked to this, the increased use of digital technologies means there is no longer a need for a perpetrator to be in the same location as a victim. The Covid-19 pandemic has accelerated the rise in technology-facilitated serious and organised crime.

The growing mobility of people within the EU creates additional challenges in preventing and fighting all forms of criminal threats. In 2017, EU internal border regions covered approximately 40% of the EU's territory and were home to 30% of the population, i.e. 150 million people. Almost 2 million people commuted across borders, including 1.3 million cross-border workers 5 . In 2018, residents of the EU made in total 1.1 billion trips, either for business or privately – an increase of 11% since 2014. In 2019, 3.3% of the EU citizens of working age (20-64) had a nationality of an EU Member State other than the EU Member State of residence, compared to 2.4 % in 2009 6 . Despite the COVID-19 pandemic having reduced intra-EU mobility, flows of people will likely continue to be important in the near future.

The rapidly evolving criminal and terrorist landscape and the mobility of people suggest that cross-border cooperation between law enforcement authorities in the EU and the Schengen area will remain crucial to tackle criminal offences, and allow EU citizens to safely enjoy their rights of free movement in the future 7 . However, there are still obstacles for data exchange between law enforcement, which leads to blind spots and loopholes (for instance information not exchanged or exchanged too late) for criminals and terrorists that act in more than one Member State. The cross-border nature of crime requires Member States to be able to rely on one another through cross-border law enforcement cooperation, based on respect for fundamental rights.

Law enforcement cooperation is an area of shared competence between the EU and the Member States. Most of the EU legal framework underpinning law enforcement cooperation was designed 30 years ago through the 1990 Convention Implementing the Schengen Agreement (CISA) 8 . The Convention entails a number of obligations for contracting Parties regarding police cooperation at their common internal borders, at the external borders of the Schengen territory (land, international airports, and sea) and within the Schengen area in general to counteract any security deficit caused by the abolition of the checks at the internal borders.

The Commission and EU agencies support the Member States by providing means and tools for the exchange of information between national law enforcement authorities, such as the Schengen Information System (SIS), inter alia used to exchange data on wanted and missing persons and objects in real time, and the Prüm mechanism, aimed to step up the exchange of biometric and vehicle registration data information, between authorities responsible for the prevention and investigation of criminal offences.

The 2006 Swedish Framework Decision (SFD) complements these tools by introducing horizontal rules on the exchange of information between law enforcement authorities of EU Member States to conduct criminal investigations or criminal intelligence operations. The SFD sets out rules regarding time limits and standard forms for the exchange of any type of information or data held by law enforcement authorities (principle of availability), on prior request or spontaneously, ensuring that procedures for cross-border data exchanges are not stricter than those applying to exchanges at national level (principle of equivalent access). It also covers the channels of communication to be used. A response should be made within 8 hours where the request is urgent. In other cases, countries should respond within 14 days.

Europol, the EU law enforcement agency, supports EU Member States in their fight against terrorism, cybercrime and other serious and organised forms of crime, notably through the collection, analysis and exchange of information with Member States. 

The EU has also fostered greater cooperation between law enforcement bodies through the publication of recommendations and guidelines (e.g. on national Single Point of Contact responsible for law enforcement exchange of information). Those seek to lay out the grounds for adopting common approaches to the access and the exchange of information within the EU. They also seek to clarify the implementation of binding rules 9 .

1.2.  Recent developments

In recent years, much progress has been made to improve the exchange of information between Member States and to close down the space in which terrorists and criminals operate.

The legislative framework on counterterrorism and information exchange was strengthened in the aftermath of the terrorist attacks in Europe. Following the migration crisis of 2015, the general architecture of Justice and Home Affairs (JHA) information systems and databases was overhauled with a focus on interoperability and dynamic convergence between security, borders and migration management. The mandates of JHA agencies are continuously being strengthened to allow them to provide enhanced support to Member States in their operational activities. 10

Strategic documents underpin the Commission’s efforts to improve the efficiency and effectiveness of law enforcement cooperation in the EU. These include the Security Union strategy 11 , the new counter-terrorism agenda for the EU 12 , the EU Strategy to tackle Organised Crime 2021-2025 13 and the new Schengen Strategy 14 . All stress the need to improve the timely access and smooth exchange of information for law enforcement purposes, both between Member States and with Schengen Associated Countries (SAC).

In spite of the progress made in recent years, important challenges remain, a very pressing one among these being that law enforcement authorities do not always effectively and efficiently exchange information with their partners in other Member States.

The co-legislators have repeatedly called for further EU action to address these challenges. The European Parliament resolution ofDecember 2020 on the EU Security Union Strategy stresses that "measures in the framework of the Security Union Strategy must be sufficiently flexible to respond to constantly changing circumstances and criminal organisations changing their modus operandi". The Council takes a comparable stance in the Council Conclusions of November 2020 on Internal Security and European Police Partnership, which asked the Commission “to consider consolidating the EU legal framework to further strengthen cross-border law enforcement cooperation” 15 .

1.3.  The Police Cooperation Code

In line with the call by President von der Leyen in her Political Guidelines 16 to "leave no stone unturned when it comes to protecting our citizens", the Commission Work Programme for 2021 announced a legislative initiative to "modernise existing intra-EU law enforcement cooperation by creating an EU police cooperation code" 17 .

A proposal for setting up a Police Cooperation Code on Information Exchange and Communication (PCC) would aim at the codification of organisational and procedural aspects of information exchange and communication between law enforcement authorities in the EU.

It would deal with the cross-cutting 'horizontal' aspects of information exchange between Member States. This proposal would not touch upon the system-specific dimensions of individual systems or frameworks such as the Schengen Information System, Passenger Name Record (PNR) or Prüm, which address the processing of specific data categories for specific purposes and are therefore regulated by specific legal instruments.

The proposal for a PCC would repeal and replace the 2006 SFD. In doing so, the SFD will be "lisbonised", i.e. it will be turned into a legislative instrument to be adopted by both the Council and the European Parliament in the ordinary legislative procedure.

Moreover, a PCC proposal would form part of a coherent package with upcoming measures to reinforce operational cross-border police cooperation and the upcoming proposal revising the Automated Data Exchange Mechanism for Police Cooperation ("Prüm II"). The "Prüm II" proposal will aim at strengthening the technical architecture of the Prüm exchange, broadening its scope of data categories and streamlining and accelarating its post-hit data exchange. The reinforced "Prüm II" proposal would provide specific rules and possibilities for the automated exchange of specific – and particularly important – data categories (e.g. fingerprints, DNA, facial images) within the overall framework and general rules for general information exchange that the Police Cooperation Code will provide.

A PCC proposal would fit together with the 2020 proposal revising the Europol mandate 18 . The latter aims at strenghening the agency's mandate on the processing of large and complex datasets, cooperation with privates parties, and the use of the Schengen Information System. A PCC proposal would build on and further develop Europol as a criminal information hub in the EU.

As an important measure to enhance security within the EU, a PCC proposal would also contribute to a fully functioning and resilient Schengen area as set out in the Schengen Strategy. It would help ensure a high level of security within the territory of Member States and hence support a Schengen area without controls at internal borders. It would therefore complement the proposal announced in the June 2021 Schengen Strategy 19 to amend the Schengen Borders Code 20 . 

Whilst taking these complementary developments fully into account, this impact assessment focuses on the envisaged scope of a proposal for a Police Cooperation Code, namely the 'horizontal' cross-cutting aspects of information exchange and communication between competent law enforcement authorities in EU Member States.

Intervention logic: Problems, problem drivers, objectives and options

High level problem: A number of criminal markets are evolving and expanding while cross-border mobility is increasing 21 .

Core problem: Law enforcement authorities do not always effectively and efficiently exchange information with their partners in other Member States.

2.2.    Problem definition 

The evolution of the EU security landscape and the increased cross-border mobility call for more effective and efficient exchange of information between Member States. Noted inefficiencies stem from three vertical problems.

2.

2.1. Problem 1: Rules at national level impede the effective and efficient flow of information

2.1.1.    What is the problem?

Member States' Law Enforcement Authorities (LEAs) are involved in daily cross-border information exchanges related to operations against criminal offences 23 .

Yet, rules at national level impede the effective and efficient flow of information. While EU measures are supposed to ensure access to information, their scope is often unclear and law enforcement authorities face difficulties in interpreting and implementing relevant EU provisions. As a case in point, the 2006 Swedish Framework Decision is found unclear and complex, thereby hampering the full implementation of the principles of availability/equivalent access of relevant information in a cross-border context 24 . As a consequence, the Framework Decision is not fully implemented and rules at national level continue to impede the flow of information.

2.1.2.     What are the problem drivers? 

As indicated above, at EU level, the principles for the exchange of law enforcement information and intelligence of cross-border relevance are laid down in the 2006 Swedish Framework Decision, notably through its two key principles of availability and equivalent access.

This means that:

·a law enforcement officer in one Member State in need of information and intelligence in order to carry out his duties can obtain it from another Member State; and that

·the law enforcement authorities in the Member State that holds this information and intelligence will make it available for the declared purpose, taking account of the needs of investigations pending in that Member State; and that

·once information and intelligence is available in a Member State, it should be shared across borders under the same conditions which govern information sharing at national level, meaning that the rules applied in a cross-border case are not stricter than those applying to data exchanges at national level ("principle of equivalent access") 28 .

In practice, as evidenced in the Schengen evaluations in the field of police cooperation, the Swedish framework Decision is hardly used, as the availability of many options for cooperation or information exchange limits its added value, and it overlaps with the Convention Implementing the Schengen Agreement (CISA), with many articles worded in a similar way 29 . The envisaged proposal will address this discrepancy by expanding the scope of the SFD to "preventing and detecting criminal offences", thereby fully superseding Articles 39 and 46 CISA and hence providing the necessary legal clarity.

The quantification of information exchange and its breakdown per communication channel was not possible for lack of national and comparable data. Indeed, 17 countries have reported not to produce complete and comparable statistics regarding the information requests exchanged pursuant to the SFD, while seven indicated to keep statistics and five to do so only for information shared with Europol 30 .

Collection of statistics concerning information exchange

*Blue cells: statistics are collected. Grey cells: no data available

Source: EY/RAND Study' elaboration based on desk research

Deadlines are usually not met when a judicial authorisation is required to deliver the requested information.

Indeed, the more authorities are concerned, the more procedural steps have to be followed, hence the need for additional time to cope with all procedures 31 . Representatives from national judicial authorities have pointed out that the EU legal bases for information exchange in law enforcement cooperation is complex, creating burdensome, laborious and unclear processes to be followed 32 .

This issue is further exacerbated by the fact that what is regarded as an information request for police officers in one country might be regarded as an information request for judicial authorities in another country, depending on the rules at national level. Hence, different authorities may be concerned depending on the specific national institutional framework, further undermining the overall efficiency of the process 33 . Furthermore, there is no obligation to have a judicial authority functionally available 24/7 within the national Single Point of Contact (SPOC – national information hub centralising the reception, processing and the sending of the information – in and out), thereby slowing down the judicial authorisation process, where it is needed.

The distinction between "urgent", "non-urgent" and "all other" cases provided for in the SFD and the SFD forms to be used (on a voluntary basis) for information exchange is unclear and (unnecessarily) complex.

The SFD does not define "urgent cases", "non- urgent cases" and "all other cases", which are deductively identified as those not fitting the "urgency criteria". Such a deductive process takes time. Some guidance on the possible understanding of "urgency" is offered by Council (non-binding) guidelines 34 , which, however, has not led to a convergence of national practices.

Moreover, the forms for submitting and requesting information included in the SFD are rarely used 35 . They are considered time-consuming and labour intensive, and the Member States prefer free-text messages 36 . Hence, although the SFD forms were expected to boost a standardised and efficient exchange of information, their limited use results in a limited harmonisation of communication procedures.

The Swedish Framework Decision is not aligned with the 2016 Law Enforcement Data Protection Directive.

The exchange of personal data pursuant to the SFD is not aligned with the 2016 Law Enforcement Data Protection Directive (LED) 37 . Indeed, Article 8 SFD states that the use of the information and intelligence exchanged must be subject to the national data protection provisions of the Member State receiving the information, according to the same rules as if they had been gathered in that Member State.

Moreover, when providing information and intelligence, the competent law enforcement authority may impose additional conditions that are in accordance with its national law on their use by the receiving competent law enforcement authority. The Commission committed to "make a legislative proposal, which as a minimum will entail an amendment of Council Framework Decision 2006/960/JHA to ensure the necessary data protection alignment, in the last quarter of 2021" 38 . 

In practice, law enforcement authorities do not have a clear understanding of the data available for possible exchange with their counterparts in other Member States.

The content of these data depends on national legislations. The type of information available from each Member State is set out in national fact sheets (compiled in Council guidelines) 39 . Yet, the awareness of these national fact sheets remains limited. This results in unnecessary wide requests leading to lengthy processing time. In other instances, data that would have been needed is not included in the exchange while unnecessary one is provided.

2.1.3.     How will the problem evolve without intervention? 

Member States alone would not be able to ensure the full implementation of the principles of availability and equivalent access to information. This means that the current uncertainties with regard to the applicable legislation and the data available for possible exchange between the Member States would remain and continue to negatively affect the effective and efficient sharing of information, thereby leaving the impacts in the evolution of the EU security landscape and in the increased cross-border mobility essentially unaddressed. In practice, there would continue to be a lack of clarity on what data are available in different Member States. The respect of deadlines for urgent information requests would remain unlikely when a judicial authorisation is required. The distinction between urgent and non-urgent cases/all other cases, and the forms to be used for information exchange will remain (unnecessarily) complex.

Without intervention, the 2006 Swedish Framework Decision will remain unaligned with the 2016 Law Enforcement Data Protection Directive (LED). This means that even though Fundamental Rights would remain adequately safeguarded, improvement would not be brought forward.

2.2.Problem 2: Structures at national level are not set up and equipped in a sufficiently efficient and effective manner

2.2.1.    What is the problem?

Member States do not always have the necessary structures in place to exchange information effectively and efficiently with other Member States. Where Single Point Of Contacts (SPOCs), Police and Customs Cooperation Centres (PCCCs) and other equivalent structures at national level exist they do not always play their coordination role and lack resources to face the increasing number of requests.

Notably, SPOCs, PCCCs and other equivalent structures often have outdated IT infrastructure. They are not always equipped with the necessary information management tools (e.g. a case management system with a common dashboard and automatic data upload and cross-check).

2.2.2.    What are the problems drivers? 

SPOC do not always play their coordination role and lack resources to face the increasing number of information requests.

Member States are free to decide which law enforcement authorities and services are represented within their SPOCs 42 . Although different manuals and national factsheets have been produced in order to facilitate a harmonised approach to the way national SPOCs are organised 43 , there are still significant differences across countries as regards the structures at national level 44 .

For example, in some countries the SPOC includes the Europol National Unit (ENU), the Supplementary Information Request at the National Entry (SIRENE) bureau and the INTERPOL National Central Bureau, while in other countries these units are not included. Such differences lead to confusion when it comes to the cross-border exchange of information.

Thus, when a request for information is addressed to a specific Law Enforcement Authority (LEA) or a dedicated service within a LEA, the requesting Member State does not know in advance whether this entity is included or not within the SPOC of the receiving Member State. This leads to a risk of duplication of requests, which are sent both to the SPOC and to the specific service. Moreover, SPOCs face a high workload notably due to the practice of "fishing" and difficulties in the choice of the most appropriate communication channels to be used to exchange information 45 .

Additionally, the SPOCs – and in some cases also the PCCCs 46 – lack resources to timely and effectively address the increasing number of requests they receive 47 . The increasing amount of information requests has not been accompanied by a proportionate increase of the resources allocated to manage these requests 48 . The lack of sufficient resources allocated to the SPOCs is particularly challenging in cases of urgent requests for information 49 . 

Pursuant to Article 4 of the Swedish Framework Decision (SFD), urgent requests for information shall be addressed within 8 hours. This timeframe is not critical per se and it seems well suited to share information, which is necessary to carry out the investigation. However, if several urgent requests are received at the same time, enough officials would need to be available to manage them in parallel, and this is problematic since human resources within the SPOCs are limited. This is particularly challenging since the SFD does not envisage an automated tool for issuing reminders of the information requests.

Hence, timely responses depend on the SPOC's capacity to monitor and track the deadlines in the Case Management Systems 50 . There is often a lack of a modern information management architecture that would alleviate tensions on limited human resources.

SPOC's staff

*Blue cells: number of SPOC’s staff. White cell: no data available. Grey cells: no Schengen evaluation report available.

Source: EY/RAND study' elaboration based on Schengen evaluation reports

Information from (i) different units within the SPOCs and (ii) from the PCCCs (and equivalent structures in the border area) is not always integrated in the SPOC information management system.

In some Member States there is no integration of information included in databases owned by the different law enforcement authorities, which form part of the same SPOC and/or the PCCC. The lack of integration of information collected and stored by different law enforcement authorities results in a risk of duplications of both uploads and searches of information, hence reducing the overall efficiency of information exchange 51 .

Direct and user-friendly access to all relevant EU and international databases and platforms is not the norm in the SPOCs and the PCCCs. The specific national law enforcement authorities (LEAs) entitled to access and use EU and international databases and platforms vary between the Member States.

An additional issue hampering a smooth cross-border exchange of information is that the SPOCs and the PCCCs do not always have direct and user-friendly access to all relevant EU and international databases and platforms, limiting their capacity to effectively support cross-border exchange of information 52 , thus hampering cross-border law enforcement cooperation 53 . As regards the PCCCs, out of 59 PCCCs active in Europe, only 14 are connected to Europol SIENA 54 . Besides the PCCCs, this consideration also applies to regional and local level law enforcement authority investigation departments that most of the times do not have access to SIENA 55 .

National LEAs have limited awareness and knowledge of relevant databases.

Cross-border information sharing is further hampered by the national LEAs' limited awareness and knowledge of relevant databases. Notably, the majority of Member States reported that national LEAs' officials are not completely aware of all the law enforcement databases available to them or they are not sufficiently experienced and proficient in their use 56 . 

The SPOCs often face IT capacity issues when dealing with the increasing requests for urgent information. 

This is further challenged by the fact that the SPOCs and the PCCCs are not always equipped with the necessary information management tools, preventing an efficient tracking/filing of information in cross-border cases 57 .

For instance, some SPOCs have limited access to relevant national databases 58 . Since they cannot access directly the databases of other law enforcement authorities, they need to ask officials within those authorities to collect and share the information. This delays the overall exchange process 59 . Difficulties related to the steps needed for the SPOCs to obtain the relevant information included in national databases are further exacerbated by the actual limited interconnectivity between national law enforcement databases 60 .

Main features of SPOC's Case Management System

Source: EY/RAND Europe Study’s elaboration based on desk research (dark grey cells indicate that no information is available)

The use of rudimentary search tools hampers the adoption of transliteration and "fuzzy logic" search.

Furthermore, the exploitation of the full potential of existing databases is hindered by the use of rudimentary search tools, which prevent the adoption of transliteration 61 techniques and "fuzzy logic" 62 search functions. The lack of transliteration and fuzzy logic search options within national databases and information systems prevents officials to get a full picture about the person they are looking for in the systems through a unique query. As a result, officials have to carry out a new search for each personal detail they are investigating, resulting in an increased workload, which slows down the search process (e.g. inversion of first and last name, different spelling used for the same individual notably stemming from different languages, alphabets and diacritic accents).

There is limited availability of training for law enforcement staff involved in cross-border information exchanges and cooperation.

Training concerning cross-border law enforcement cooperation is not held on a regular basis at national level and does not always take into account the latest changes in the EU law enforcement legislative framework in a timely manner (e.g. new EU or Schengen-related legislative initiatives) 63 . In practice, this implies that training for staff involved in cross-border cooperation is often based on informal mentoring by experienced colleagues, which has a negative impact on the number of officials who possess the necessary skills to properly manage all the different procedures and information tools required 64 . Moreover, this training is often voluntary, thus leaving room for heterogeneous skills between police officials, and it is not always systematic for newcomers in the SPOCs and PCCCs 65 .

Language barriers hamper the efficient cross-border exchange of information.

Finally, language barriers were reported by some Member States as hampering the cross-border exchange of information 66 . Officials engaged in cross-border cooperation are not always proficient in English and this has a twofold drawback. First, since EU official communication channels requires the exchange of information in a language that can be understood by the receiving Member State, officials who are not proficient in English or in the language of the requesting country prefer to exchange information via informal channels (e.g. email, etc.). Second, even when official channels are used, information is often reported in a rudimentary English. Thus, officials receiving a request for information often need to take time to translate it 67 .

2.2.3.    How will the problem evolve without intervention?

Whilst it remains possible that the SPOCs and PCCCs will over time incrementally update and improve their information management systems, these developments would not be aligned between the Member States and the current efficiency and effectiveness gaps are expected to remain. The varied competences of the SPOCs across the EU would continue to hamper the efficient and effective exchange of information, notably because adequate access to key databases and platforms would not be ensured in all SPOCs and PCCCs. Moreover, some SPOCs would continue to have insufficient resources to address the information requests received within the deadlines in all cases.

The latest cycle of Schengen evaluations in the field of police cooperation revealed, in a number of Member States, deeply engrained internal coordination issues between different law enforcement authorities, preventing the proper functioning of their national SPOC/PCCCs.

Such internal issues have been proven to significantly hinder the efficient and effective functioning of the SPOC/PCCCs and hence the exchange of information between Member States. For example, some national SPOCs/PCCCs do not have a direct access to relevant national databases, nor benefit from a modern information architecture, thereby preventing necessary cross-match with EU and International databases.

Furthermore, designing IT upgrades can be complex and the implication far reaching rendering an efficient internal coordination even more essential. A general finding of the Schengen evaluations points to the need to address national/domestic structures, processes and procedure in order to improve the exchange of information between Member States in the framework of EU law.

Member States would not ensure appropriate and uniform level of training in intra-EU cross-border cases, in foreign languages and in the adequate use relevant databases and communication channels either. Law enforcement authorities will not effectively and efficiently exchange information with their partners in other Member States, thereby leaving the impacts in the evolution of the EU security landscape and in the increased cross-border mobility essentially unaddressed.

2.3. Problem 3: The free choice of communication channel(s) between Member States causes recurrent duplication of requests

2.3.1.    What is the problem?

Member States' law enforcement authorities use a variety of different channels to exchange information, leading to recurrent duplication of requests and creating confusion due to the number of information systems that can be used 68 . Three main channels are used for cross-border information exchange, each based on national units in each Member State that use a related communication tool:

·SIRENE Bureaux can, following a hit on an alert in Schengen Information System (SIS), obtain supplementary information from the Member State that issued the alert. They operate 24/7 and follow the procedures of the SIRENE Manual.

·Europol National Units (ENUs) exchange information with Europol. They may also exchange information bilaterally on crime outside Europol's mandate and without involving Europol. ENUs can exchange information directly or through Europol Liaison Officers, who are part of an ENU but stationed at Europol headquarters. A secure communications tool, SIENA 69 , has been developed by Europol for exchanges with Europol and between Member States.

·INTERPOL National Central Bureaux, operating 24/7, exchange information with INTERPOL as well as bilaterally without involving INTERPOL. National Central Bureaux use the I-24/7 communication tool developed by INTERPOL.

Other channels include bilateral Liaison Officers (stationed in other Member States and typically used in more complex cases) and PCCCs.

Member States use different channels to different extents to request, send and receive information, which hampers effective and efficient exchange of information. This was also confirmed by a number of stakeholders who also pointed out that the use of different tools at the same time contributes to the duplication of requests. Such cases of duplications of requests due to the use of different channels concerning the same piece of information were also reported during the technical workshop held on 24 March 2021 70 .

On top of noted duplications, the use of different communication channels leads to the Europol Secure Information Exchange Network Application (SIENA) to being underused in spite of its tailored features and strong data security infrastructure. Even when Member States use Europol SIENA they can choose not to involve Europol in their bilateral exchanges even though the information exchanged falls under the Europol mandate. This significantly hinders Europol' ability to fulfil its support function, thereby creating an important information gap.

There are also differences at national level as regards the access to EU instruments. In some Member States all Law Enforcement Authorities (LEAs) have access to SIENA, in other ones, access to SIENA is only granted to a single national authority that coordinates the information exchange thereby hampering its full use 71 . Consequently, most of the times, regional and local investigation services do not have access to SIENA. This is particularly important considering that SIENA seems to be one of the preferable tools to share sensitive and confidential information since it allows to securely exchange data.

This issue was also raised in the recent evaluation of the EU Policy Cycle 2018-2021 72 . Notably, the effectiveness of SIENA was hindered by the fact that national stakeholders regularly have to firstly share information with the central authority which in turn shares it with other countries. This double-tier process delays the overall process, with possible negative impact on international investigations where timely information sharing is crucial for success 73 . 

Ideally, the SPOC should ensure that a request is sent through one channel only. The SPOC Front desk is crucial in choosing the most appropriate and relevant channel by gathering all requests ("in" or "out") dealt with by the SPOC, before dispatching them to the relevant desk (SIRENE Bureau, INTERPOL National Central Bureau, Europol National Unit, and bilateral liaison officers) 74 . So far, a number of national SPOC use internal guidelines recommending or requiring the specific use of a communication channel for specific purpose, thereby ensuring consistency and avoiding duplication of requests. Other SPOCs rely on officers' habits and personal preferences. Such leeway result in inefficiencies in a cross-border context. Council guidelines did not led to a convergence of national practices either 75 . 

The current proliferation of information exchange channels has also meant that different Member States have invested in different information exchange channels, thus not always matching the investments made in other Member States and hence hindering and effective use of the investments made domestically. Some Member States lack the necessary funding. Correspondingly, the present proposal will be flanked with financial support via the national programmes under the EU Internal Security Fund.

2.3.2.    What are the drivers?

Member States have not agreed on a single channel of information exchange between their law enforcement authorities for cases with an EU dimension. The choice of channel is only partly regulated by EU law: SIS requests for supplementary information must be made via SIRENE Bureaux, 76  and information exchange with Europol via ENUs. 77 Otherwise the choice is up to Member States 78 .

There is not a clear rationale behind the choice of one tool instead of the other 79 . Some Member States have moved towards more systematic use of the Europol channel. Others continue to rely a good deal on the INTERPOL channel for intra-EU cooperation, the attraction of which seems to lie partly in its traditional central role in international police cooperation, partly in its perceived ease of use, and partly on Member States officers' habits and personal preferences 80 .

The limited training hampers the efficient use of available tools for exchanging information by national law enforcement officials. As regards the PCCCs, out of 59 PCCCs active in Europe in 2017, only nine were connected to SIENA 81 (against 14 PCCCs in 2021, thereby indicating slow progress).

Communication channel used for police cooperation

*Blue cells: both channels are used indifferently. Light grey cells: preferred channel of communication. Dark grey cells: No Schengen evaluation report available

Source: EY/RAND Europe Study’s elaboration based on a questionnaire on the developments since the update of the SPOC guidelines in 2014

2.3.3.    How will the problem evolve without intervention?

The planned changes to SIENA that are currently envisaged by Europol are expected to lead to some clear improvements with regard to the cross-border exchange of information, notably due to its anticipated doubling of end-users.

Yet, Member States would only slowly update their IT information management system to integrate these upgrades. Member States are also expected to continue to send requests to multiple countries at the same time via parallel channels to "fish" for information, leading to duplication of work. Member States will remain free to choose not to copy Europol in their exchanges via Europol SIENA even when this concerns an offence falling under the Europol mandate. The qualitative and quantitative information flow towards Europol would thus only increase in a piece-meal manner across the European Union, hampering Europol's ability to support Member States in their cross-border investigations.

In the absence of further intervention, formal and informal processes that have been established over the years are expected to remain intact. This means that stakeholders are expected to continue to use ad hoc processes. One example is, of course, not sending an information request via SIENA, but simply calling the official counterpart in another country or requesting information via an informal email. Informal practices have been and remain an important part of law enforcement cooperation today. This being said, such traditional ways of working may no longer prove adequate in the future. More specifically, while they may work well between Member States where frequent contacts and cooperation are established, this may not be the case with other Member States. Existing Council guidelines did not manage to ensure a satisfactory convergence of national practices. Updated guidance is thus unlikely to achieve further results.

Without intervention, law enforcement authorities will continue not to effectively and efficiently exchange information with their partners in other Member States, thereby leaving the impacts in the evolution of the EU security landscape and in the increased cross-border mobility essentially unaddressed.

3.3.    Why should the EU act?

3.

3.1. Legal basis

A legislative proposal following this impact assessment would be based on Article 87 (2) of the Treaty on the Functioning of the European Union (TFEU).

3.2.  Subsidiarity: Necessity of EU action

The objective of improving information flows between relevant law enforcement authorities and with Europol, cannot be sufficiently achieved by the Member States acting alone. Owing to the cross-border nature of crime, the Member States are obliged to rely on one another. This can be better achieved at the level of the Union.

Despite the existence of a number of national and regional measures in place that aim to strengthen national capacity to deploy coordinated actions against common threats and challenges, Member States alone would not be able to ensure the full implementation of the principles of availability and of equivalent access to information. Member States would not overcome current differences among SPOCs (and in its relation with PCCCs), which hinder the efficient exchange of relevant information across countries. They would not ensure appropriate and uniform level of knowledge of and capacity to use relevant databases and communication channels.

The EU is better equipped than individual Member States to ensure the coherence of actions taken at the national level, address the divergence of practices, prevent duplications and uncertainties and eventually ensure an efficient counter-action to cross-border crime. The need for EU intervention is widely supported by Law Enforcement Authorities (LEAs) answering the survey with 82% (n=131) of respondents reporting a need for EU action from a moderate to a very high extent.

3.3.  Subsidiarity: Added value of EU action

EU action in response to the identified problems is expected to bring added value for the entire EU with a ripple effect on Schengen Associated Countries, and therefore to its citizens. Common EU level rules, standards and requirements facilitating these information exchanges on cross-border crime between law enforcement authorities will generate significant economies of scale while ensuring high-level data security and data protection standards.

Additionally, common standards allow for the automation of information exchange workflows, releasing law enforcement officers from a number of labour-intensive/time-consuming manual activities, thereby increasing the efficiency and effectiveness of national practices.

Law enforcement cooperation at EU level does not replace different national policies on internal security. It does not substitute the work of national law enforcement authorities. Quite the contrary, EU level action supports and reinforces national security policies and the work of national law enforcement authorities, helping them to enforce the law against criminals and terrorists that act across borders. Differences in the legal systems and traditions of the Member States, as acknowledged by the Treaties 82 , remain unaffected by this EU level support. The envisaged proposal, a Directive, would introduce an obligation of result. In full line with the subsidiarity principle, Member States will remain free to determine the most appropriate means to achieve the prescribed results.

4.4.    Objectives: What is to be achieved?

4.

4.1.  General objective

Law enforcement work is inherently an information-based activity. The successful prevention, detection and investigation of criminal offences, require a fast, streamlined and systematic access to all relevant information.

The general objective of the initiative is to ensure the timely access and the smooth exchange of necessary information, thereby enabling effective and efficient cooperation between law enforcement authorities to counter the cross-border dimension of criminal action while ensuring a high level of protection of fundamental rights and personal data.

4.2.  Specific objectives

The specific policy objectives of this initiative respond to the three problems identified in chapter 2:

·To facilitate equivalent access for law enforcement authorities to information held in another Member State, while complying with fundamental rights and data protection requirements;

·To ensure that all Member States have an effective functioning Single Point of Contact (SPOC), including when a judicial authorisation is required to provide the data upon request of another Member State, and ensuring its effective cooperation with Police and Customs Cooperation Centres (PCCCs) 83 ;

·To remedy the proliferation of communication channels used for law enforcement information exchange between Member States while empowering Europol as the EU criminal information hub for offences falling within its mandate (unless otherwise regulated by EU law) 

5.5.    What are the available policy options?

5.

5.1.  Baseline representing current situation

The baseline is a "no policy change" scenario (option 0). This implies:

·No additional regulatory intervention is implemented by the EU to the exception of the alignment the 2006 SFD with the 2016 Law enforcement data Protection Directive 84 ;

·No specific flanking support measures are undertaken by the EU, such as awareness raising, training, funding etc. in order to improve access to and exchange of information between Law Enforcement Authorities;

·No further technical changes are implemented by the EU, e.g. in relation to technical means to access and share information via SIENA, apart from what is already planned.

·However, the Commission committed to ensure the alignment of the 2006 SFD with the 2016 law enforcement data protection Directive (LED). Consequently at the very least, a targeted amendment would be necessary.

As a result, law enforcement authorities will not effectively and efficiently exchange information with their partners in other Member States and with Europol, causing operational hurdles in the daily law enforcement practices.

In addition, differences with regard to the efficiency and effectiveness of SPOCs, PCCCs and other equivalent structures are expected to continue to exist and hamper the level playing field between Member States.

Europol is making efforts to improve SIENA. The planned changes are expected to lead to some improvements with regard to the cross-border exchange of information already in the baseline scenario 85 .

If no further action is taken (other than the ones already agreed or underway), LEAs will likely face additional challenges in keeping pace with criminal groups in the near future. LEAs are expected to take advantage of and use new technologies to cope with evolving criminal patterns.

5.2.  Description of policy options

5.2.1.    Objective I: Facilitate equivalent access for law enforcement authorities to information held in another Member State, while complying with fundamental rights and data protection requirements

The problem described in chapter 2 will be addressed, to the extent possible, via support measures aiming to improve awareness, the implementation of EU provisions as well as national capabilities through dedicated funding via the Internal Security Fund (ISF).

This could cover training, Commission guidance (e.g. on the use of communication channels, on SPOCs, on PCCCs and on information exchange, the provision of a matrix concerning which information channel should be used in what cases, and the provision of information concerning what data are available in the Member States). Europol would be asked to speed up the SIENA roll-out.

As a result of the lisbonisation of the SFD, possible future guidelines will no longer be developed by the Council but by the European Commission. These new guidelines will require an active support from the Member States given national specificities and related technicalities.

Based on the Council guidance, the Schengen evaluations in the field of police cooperation, and on the Study' findings, the policy option 1.2 will cover Option 1.1, extended to the revision of the Swedish Framework Decision with a view to clarify and simplify its use, thereby improving the implementation of the principles of availability and of equivalent access.

This would be achieved through:

·Adaptations to the SFD to remove references to "other" cases and also remove the forms for information exchange (two annexes of the SFD);

·Commission Guidelines clarifying the data sets available for possible exchange;

·Clarification of the scope of operations to which the SFD applies 86 .

Based on the Council guidance, the Schengen evaluations in the field of police cooperation, and on the Study' findings, the policy option 1.3 will cover option 1.2 and extend the revision of the Swedish Framework Decision to ensuring compliance with deadlines requirements by which data is to be made available to another Member State (including when a judicial authorisation is required).

5.2.2.    Objective II: Ensure that all Member States have an effective functioning Single Point of Contact (SPOC), including when a judicial authorisation is required to provide the data upon request of another Member State, and ensuring its effective cooperation with Police and Customs Cooperation Centres (PCCCs) 

Based on the Council guidance, the Schengen evaluations in the field of police cooperation, and on the Study findings, the policy option 2.1 will limit itself to supporting measures to improve the effective and efficient role of SPOCs/PCCCs and any other relevant structures.

Recommendations (Commission Guidance – 'soft law') would be made with a view to support Member States in setting up and developing common requirements for modern case management systems (CMS). This would include:

·Guidance on a list of possible common requirements for the functionalities of the Case Management System (CMS), e.g.:

oDegrees of urgency should be linked with a deadline (e.g. when a deadline draws near, automated alerts should be triggered);

oSelection (in a multiple-choice list by the requesting Member State) and cancellation of the degrees of urgency should be done manually;

oOne CMS for receiving, sending and dispatching messages (follow up, manage, store and exploit the international exchange of information). The Universal Message Format (UMF) is to be used 87 ;

oThe Case Management System (CMS) should be able to import and export incoming messages from e-mail, documents or web applications to reduce the number of registration acts to the minimum;

oClear identification of the case and its components: within the case (unique case number), all documents and acts should be clearly identified. The CMS should be able to make links between persons/objects; per item – per act; author, date and time. This should be done automatically on the basis of the user profile;

oAutomation of data cross-check, e.g. through improved search tools and the adoption of transliteration and “fuzzy logic” search;

ofurther coordination between the SPOCs and the PCCCs (and other relevant bodies) through the interconnectivity between their respective CMSs;

oGeneration of necessary statistics for national analytical needs.

·Guidance on accreditation of the CMS (security needs, security check for data access, data protection, handling codes, confidentiality, access rights by different units and to EU databases);

·Guidance on quality control: Through subject-based registration and the use of structured and mandatory fields and multiple-choice lists, certain quality requirements can be met beforehand without needing to conduct additional checks afterwards;

·Guidance on availability of technical support;

·Training on CMS use.

Updating existing Council guidelines in view to achieve further approximation of practices will require an active support from the Member States given national specificities and related technicalities. IT upgrades would require financial supports.

Based on the Council' guidance, the Schengen evaluations in the field of police cooperation, and on the Study' findings, the policy option 2.2 will ensure the approximation of common minimum requirements regarding the SPOCs/PCCCs' (and any other relevant bodies) environment (structure, composition, role, IT capabilities and staffing). These common minumum requirements ('hard law') will cover:

·Establishment of the SPOC as a "one stop shop" for LEA cooperation through common minimum standards. A SPOC should:

oBe, at the minimum, informed about all international law enforcement cooperation requests dealt with at national level, and, in addition, be established as the preferred hub to handle intra-EU law enforcement cooperation requests;

oOperate 24/7 (including when a judicial authorisation is required);

oHave full access to all relevant EU and international law enforcement databases (i.e. Schengen Information System (SIS), Europol databases, INTERPOL databases and software applications;

oBe connected to Europol SIENA (for intra-EU cases), INTERPOL I24/7 (for cases involving third countries having no access to Europol SIENA) and SIS; 

oInvolve staff in the SPOC who have full access to all relevant national case management systems (including those managed by customs and border guards where relevant);

oEnsure that all relevant information from the Police and Customs Cooperation Centres (PCCCs) is integrated in the SPOC information system;

oHave arrangements for indirect (e.g. on a hit/no hit basis), but quick, effective and efficient access to relevant databases of other authorities or bodies (including customs, border guards and tax authorities where relevant);

oEnsure further coordination between the SPOCs and the PCCCs and other relevant entities through the interconnectivity between the national SPOC and the national PCCCs (and any other equivalent bodies) Case Management Systems.

·Establishment of new provisions on the skills of law enforcement officials working primarily on international cases:

oProvision on appropriate English skills as a criterion ("entry criterion") for specific roles within certain law enforcement agencies working primarily on international cases;

oProvision on mandatory training on EU law enforcement cooperation for officials in specific roles relevant for cross-border law enforcement and at specific levels (e.g. newcomers/senior officials).

·Establishment of flanking soft measures in the form of training measures:

oEstablishment of an awareness raising and training campaign within the EU law enforcement community;

oCEPOL to provide training material to law enforcement agencies (e.g. on how to use EU databases efficiently). The training material should focus on aspects common to all the Member States. The Member States would need to prepare additional training on the specificities in the individual country;

oCEPOL to provide voluntary induction training on cross-border law enforcement;

oExpansion of the existing CEPOL practice to provide online courses on an ad-hoc basis on new EU level developments;

oPerformance of a regular review of the training content provided by CEPOL.

·Establishment of common minimum requirements for Case Management Systems (CMS) for the SPOCs/PCCCs and other equivalent bodies (see policy option 2.1 where these measures would only be proposed as non-binding guidance).

Based on the Council' guidance, the Schengen evaluations in the field of police cooperation, and on the Study' findings, the policy option 2.3 will ensure the harmonisation of rules regarding the SPOCs/PCCCs' (and any other relevant bodies) environment (structure, composition, role, IT capabilities and staffing).

This option will cover the same measures as described in policy option 2.2. The legal provisions would however be more precise where relevant. Such harmonisation would be carried out through a proposal for a Regulation and would consequently offer the advantage to impose an "EU model" for information exchange.

Contrary to option 2.2, where Member States would retain the possibility to chose how to best implement common minimum requirements and decide to go beyond them where they see fit, the harmonisation by means of a Regulation would bind Member States not only regarding the objectives to be achieved but also with regards to the means to achieve them.

Consequently, the impact of options 2.2 and 2.3 on Member States would thus differ considerably. The Regulation would also be directly applicable.

Measures covered by option 2.3 (Regulation) and not by option 2.2 (Directive) would notably seek to define a detailed check list of features for SPOCs, PCCCs and for their Case Management System (beyond com mon minimum requirements); e.g.:

oRequirement to set up a front desk at SPOC to determine which office/contact point will deal with the incoming request;

oRequirement to determine the priority level of the request at the Front Desk;

oEmpower the SPOC management to impose an arbitrage in case of disagreement between law enforcement authorities composing the SPOC;

oRequirement to set up the SPOC in a secure working environment, including high level of security and safety of the premises and is equipped with back-up power systems;

oRequirement for the SPOC to use of the Universal Message Format as a standard for structured, cross-border information exchange;

omandatory development of fuzzy search (notably multi-category search, partial search, any name search) and transliteration tools;

oautomated attribution of a single registration number to every case, unique for the involved cooperation channels such as SIRENE, INTERPOL, Europol, etc.;

oCase Management System able to import and export incoming messages from e-mail, documents or web applications to reduce the number of registration acts to the minimum. The same could apply to the exportation of generated messages;

oRequirements regarding the training of staff...

5.2.3.    Objective III: To remedy the proliferation of communication channels used for law enforcement information exchange between Member States while empowering Europol as the EU criminal information hub for offences falling within its mandate (unless otherwise regulated by EU law) 

Policy option 3.1 will limit itself to supporting measures to improve the effective and efficient use of SIENA. They will mandate Europol with training in the use of SIENA and support Member States' effort notably through funding. The following non-legislative improvements to SIENA would also be recommended:

·Establishment of new, simpler and more user-friendly forms (e.g. design and accessibility, types of information required and clarifications and wording, multiple-choice alternatives, removal of references to "other cases") and implementation of these in SIENA. The forms should include factual reasons for the information request;

·Extension of the functionalities of SIENA, such as the introduction of an automated display of a hit/no hit indication (plus a possibility to request further information).

Updating existing Council guidelines in view to achieve further approximation of practices will require an active support from the Member States given national specificities and related technicalities.

Policy option 3.2 will clarify existing guidelines on the preferred channels of communication. These provisions will cover:

·Establishment of the information channel to be used: Establishment of SIENA as the preferred channel of communication for information exchange in an intra-EU context, while maintaining Member States’ possibility to choose another communication channel. INTERPOL I24/7 should be used in cases where third countries are involved in the exchange of information. SIENA would need to be monitored 24/7 at national level. There would also be an obligation to put Europol in copy in cases concerning information exchange within Europol's mandate.

With Policy option 3.3, Europol SIENA will become the mandatory channel of communication by default for police cooperation 89 between EU Member States 90  (excluding those situations where other channels are required by EU law, e.g. SIS). This means that for cases that only have an EU dimension or in relation to which it is not (yet) clear if they also concern third countries, SIENA should be used as channel for information exchange 91 .

This obligation will only come into force after a necessary transition period allowing the full roll-out of SIENA to all relevant end users. Funding will be made available to support Member States necessary IT upgrades. Additional (flanking) measures correspond to policy option 3.1.

5.3. Options discarded at an early stage

Following the consultation of stakeholders, the Commission discarded 92 the option of expanding legislative changes to the 1998 Naples II Convention on mutual assistance and cooperation between customs administrations. This decision has been taken in view of necessity and proportionality considerations, customs cooperation being mostly of administrative nature.

Customs administrations are nevertheless fully covered as competent authorities under the objectives of this initiative with a view to improve cooperation between relevant law enforcement authorities (notably against tax crimes e.g. tobacco smuggling):

·Objective I: Customs administrations are competent under the Swedish Framework Decision. Its revision by means of a Directive thus covers its use by customs administrations;

·Objective II: customs administrations are to become part of the SPOC where this is not yet the case and where relevant. This includes necessary access to relevant customs databases and case management system (also in Police and Customs Cooperation Centres – where they exist);

·Objective III: customs administrations, as part of the SPOC, are to use Europol SIENA by default when engaging with another Member State and copy Europol when concerning an offence within Europol's mandate.

6.6.    What are the impacts of the policy options?

This chapter assesses all policy options identified in section 5.2 against the baseline options identified in section 5.1. Given that the baseline scenario is evidently unsuited to address the problems identified in chapter 2 (problem definition), this impact assessment will not assess the baseline scenario any further 93 .

These impacts cover a wide range of parameters, including effectiveness, efficiency, EU added value, proportionality and coherence. These criteria are further elaborated upon regarding the combined preferred option.

No direct environmental and economic impacts were clearly identified per policy option. Nevertheless, the following high-level impacts could be mentioned:

·Environmental impact: A small negative impact is expected on the environment due to the expected increase in electricity consumption in relation to computers and servers used for information exchange.

·Economic impact: Immediate economic impacts of any of the above options will be limited to the design, development and operation of the new processes. The costs will fall to the EU budget and to Member State authorities operating the systems. They will vary depending on the Member States national specificities and needs. ISF 94  funding will be made available to support Member States necessary IT upgrades. The proposed measures may have a positive impact on small and medium-sized enterprises given the need for IT-related products. An indirect positive economic impact could be found in a more effective fight against counterfeited good, thereby better protecting SMEs' intellectual property rights.

6.

6.1. Fundamental Right expected impacts 

The provisions on data protection and privacy contained in the 2006 Swedish Framework Decision (SFD) are outdated. The full alignment with the 2016 Data Protection Law Enforcement Directive (LED) is a legal obligation. This is relevant with regard to Article 7 (Respect for private and family life) and Article 8 (Protection of personal data) of the EU Charter of Fundamental Rights. In line with that,  the Commission committed in a 2020 Communication to "make a legislative proposal, which as a minimum will entail an amendment of Council Framework Decision 2006/960/JHA to ensure the necessary data protection alignment, in the last quarter of 2021  95 .

The sharing of information between Law Enforcement Authorities has a potential impact on Fundamental Rights. This concerns the Articles 2 (Right to life), 3 (Right to the integrity of the person), 6 (Right to liberty), 17 (Right to property) and 45 (Freedom of movement and of residence) of the EU Charter of Fundamental Rights.

Data protection impact: EU institutions and Member States are bound to the Charter of Fundamental Rights of the EU when they implement EU law (Article 51(1) of the Charter). The options presented in this impact assessment need to be balanced with the obligation to ensure that interferences with Fundamental Rights that may derive from them are limited to what is strictly necessary to genuinely meet the objectives of general interest pursued, subject to the principle of proportionality (Article 52(1) of the Charter).

The Law Enforcement Data Protection Directive 2016/680 (LED) 97  already applies to personal data processing activities carried out on the basis of the SFD. The revision of the Swedish Framework Decision will ensure its explicit alignment with the LED. It will contain a new provision stating that the legal instrument is without prejudice to the LED. The application of the Law Enforcement Data Protection Directive remains a matter of national competence when applying EU law. Concerning data protection, national law transposing the Law Enforcement Data Protection Directive are applicable to data exchanges between Member States.

The SFD will be aligned with the 2016 Law Enforcement Data Protection Directive (as part of the baseline scenario) thereby ensuring the high level of data protection provided by the wider EU data protection regime. While maintaining the specific data protection safeguards already provided for in the SFD, the alignment with the Law Enforcement Data Protection Directive will provide the necessary safeguards for the cooperation between police authorities in the EU.

Taken together, this will provide all the necessary safeguards. As the Law Enforcement Data Protection Directive provides the required level of data protection in the Union, there is no need to go beyond it. Instead, the alignment will ensure full consistency with the wider EU data protection rules.

Each of the options meet an objective of general interest, which is the safeguarding of the internal security of the European Union. Therefore, for each option, the impact on Fundamental Rights is assessed based on necessity of the measure and its proportionality to the objective.

The impacts are assessed on a scale ranging from 'highly positive impact' (+++) to 'highly negative impact' (---), with intermediate scores: 'significant positive impact' (++), 'significant negative impact' (--), 'low positive impact' (+), 'low negative impact' (-), 'neutral – no impact' (0).

More specifically, it should be noted that various elements considered under this legal proposal may have different impacts on fundamental rights, as outlined below.

Legal barriers

Adaptations to the 2006 Swedish Framework Decision, notably Article 8 on data protection, to ensure alignment with the LED are expected to positively impact safeguarding citizens' fundamental rights.

Moreover, a number of additional, targeted procedural safeguards would be introduced by the new legislative instruments which may have a positive impact on the citizens' right to the protection of personal data:

·The establishment of new provisions ensuring compliance with the deadlines by which data are to be made available to another Member State may have a positive impact on citizens' Fundamental Rights. Indeed, possible suspects who are being wrongfully accused of crimes are expected to be cleared faster. This is expected to improve safeguarding, for instance, the citizens' right to liberty, freedom of movement and of residence;

·The provision on training and updated guidance for officials in relation to the access to and exchange of information may increase the efficiency of law enforcement cooperation processes. This is also expected to contribute to potentially clear citizens from wrongful charges in a swifter fashion;

·The clear establishment of SIENA as the mandatory information channel to be used by default is expected to have a positive impact by minimising the opportunities for officials to "fish" for specific information that could compromise suspects' Fundamental Rights. Furthermore, the use of SIENA for information exchange between Member States will improve the safeguard of data protection standards given the state-of-the-art security and built-in data protection parameters SIENA offers;

·A modern SPOC, equipped with a proper information management architecture, will be able to track access to databases thereby ensuring proper use.

·The removal of references to "other" cases in the SFD is also expected to positively impact on safeguarding fundamental rights, as it may contribute to reducing the likelihood of unsolicited information about citizens is being exchanged between Member States. Moreover, by removing the category "other" cases, all cases would either be "urgent" or "non-urgent". This is expected to speed up the process of requesting information and, thus, could have a positive impact on citizens' Fundamental Rights.

Technical barriers

At the technical level, there are potential risks to Fundamental Rights in relation to the use of Case Management Systems (CMSs) by SPOCs. The measures considered aims to address existing risks by introducing common requirements for the functionalities of the CMSs run by SPOCs, e.g. establishing one CMS for receiving, sending and dispatching messages. This is expected to reduce the number of cases in which case management is distributed across several platforms and layers which, in turn, is expected to reduce the risk of officials unduly being able to access and exchange information.

Moreover, improvements with regard to the clear identification of the case and its components in the CMS are expected to positively impact on citizens' Fundamental Rights. The likelihood of confusing cases and, as a consequence access and exchange unsolicited information is expected to be more limited than in the baseline scenario.

The introduction of a need for an accreditation of Member States' CMS with regard to security needs, security check for data access, data protection, handling codes, confidentiality, access rights by different units and to EU databases is expected to positively impact Fundamental Rights. Law enforcement authorities' IT systems are a prime target for hackers and, thus, under constant scrutiny with regard to their security and potential to ensure citizens' privacy. Therefore, the accreditation of CMS satisfying certain technical minimum quality criteria is expected to add an additional safeguard for IT systems being compromised by criminals. Other safeguards are ensured by the Member States as per their transposition of the Law Enforcement Data Protection Directive 2016/680 (LED).

Structural barriers

At the structural level, the measures envisaged ensure that SPOCs are, at the minimum, informed about all international law enforcement cooperation requests dealt with at national level, and, in addition, established as the preferred hub to handle intra-EU law enforcement cooperation requests. The increased ability and role of the SPOCs to coordinate law enforcement cooperation is expected to have a positive impact on citizens' Fundamental Rights, since cases can be administered more swiftly and discretely without multiple authorities being unduly involved in the processes.

At the same time, however, providing SPOCs via the involvement of different types of eligible law enforcement officials with full access to EU and international law enforcement databases could be regarded by some stakeholders (e.g. Non-Governmental Organisations) as an excessive measure in view of providing law enforcement authorities with only the necessary access to information. Similar to the argumentation in relation to the legal and technical barriers, additional and updated training on EU law enforcement cooperation (including by CEPOL) is expected to increase citizens' Fundamental Rights thus effectively and efficiently mitigating the risk of unnecessary and disproportionate access to personal data.

6.2.Objective I: Facilitate equivalent access for law enforcement authorities to information held in another Member State, while complying with fundamental rights and data protection requirements

6.3.Objective II: Ensure that all Member States have an effective functioning Single Point of Contact (SPOC), including when a judicial authorisation is required to provide the data upon request of another Member State, and ensuring its effective cooperation with Police and Customs Cooperation Centres (PCCCs)

6.4.Objective III: To remedy the proliferation of communication channels used for law enforcement information exchange between Member States while empowering Europol as the EU criminal information hub for offences falling within its mandate (unless otherwise regulated by EU law)

7.7.    How do the options compare?

7.

7.1.Objective I: Facilitate equivalent access for law enforcement authorities to information held in another Member State, while complying with fundamental rights and data protection requirements

The policy options are cumulative in the sense that policy option 1.2 builds on policy option 1.1, and policy option 1.3 builds on policy option 1.2.

Policy option 1.3 is the preferred option 99 . Under this policy option, not only the 2006 Swedish Framework Decision (SFD) will be aligned with the 2016 Data Protection Law Enforcement Directive (LED), but its use will be simplified. The data sets available for possible exchange will also be clarified. Furthermore, the revision of the deadline requirements, even when a judicial authority is involved, will improve the timely access to information. Flanking measures will be defined by a supporting informal expert group set up by the Commmission. This policy option will have a positive ripple effect on Schengen Associated Countries.

Indeed, as part of the online survey conducted within the framework of this study, almost all Heads of SPOCs of the EU Member States and Schengen Associated Countries confirmed that the existing barriers lead to increased time needed for investigations, as well as – in the worst case – discontinued investigations. Moreover, according to the survey respondents, delays were estimated to typically be of two to four weeks in almost half of the cases in which delays occurred. Even longer delays were reported to be experienced in the largest part of the rest of the cases experiencing delays. Such delays are clearly hampering the efficient implementation of law enforcement operations in intra-EU cross-border cases.

Efficiency and effectiveness. Policy option 1.3 is more efficient and effective than the policy options 1.1 and 1.2. Limiting the revision of the SFD to a necessary alignment with the LED (baseline scenario) would represent a missed opportunity to also address additional well known issues hampering the full use of the SFD. Given the cumulative nature of these 3 options, options 1.2 (simplication in the use of the SFD) would significantly improve on option 1.1 while falling short of addressing the need for timely access to necessary information (option 1.3). These issues have been persistently noted in the Schengen evaluation country reports in the field of police cooperation. Council guidelines (non-binding) have not led to a necessary convergence of national practices (while recent Council Conclusions insisted on the need to support the "development of smooth and swift information exchange").

Under policy option 1.1, the identified uncertainties and inefficiencies in the intra-EU law enforcement cooperation, including the current incoherencies between different legislative instruments both at the EU level and between the Member States are expected to remain and eventually to increase.

Political feasibility. Policy option 1.3 is politically feasible. A number of Member States with a less efficient SPOC may express concerns at their ability to meet deadline requirements when the involvement of a judicial authority is required. For this reason, policy options 2.1, 2.2 and 2.3 recommend (option 2.1) and require (option 2.2 and 2.3) the functional availability of a judicial authority, as it is already the case in more effective and efficient SPOCs (see options 2.2 and 2.3 below).

Coherence and proportionality. Policy option 1.3 is in full coherence with past and envisaged initiatives, notably the proposals on Europol, Prüm II and on the Schengen Border Code. Policy option 1.3 is also proportionate to the identified problem and do not go beyond what is necessary to achieve the specific objective.

7.2.Objective II: Ensure that all Member States have an effective functioning Single Point of Contact (SPOC), including when a judicial authorisation is required to provide the data upon request of another Member State, and ensuring its effective cooperation with Police and Customs Cooperation Centres (PCCCs)

The policy options are partially cumulative in the sense that policy option 2.2 builds on policy option 2.1, and policy option 2.3 builds on policy option 2.2 for the sole flanking soft measures.

Policy option 2.2 is the preferred option 100 . Under this policy option, national and regional information hubs will benefit from the necessary approximation of commun minimum standards. This will cover the functionning, staffing, and IT information systems, while ensuring the interconnectivity between the national information management architecture with regional ones (if any). This will significantly improve the efficiency and effectiveness of these information hubs at national and regional levels (inter-agency cooperation) but also at EU level (cooperation between national SPOCs). This will also have a positive ripple effect on Schengen Associated Countries. Flanking measures will be defined and implemented to support Member States accordingly.

Under policy options 2.2 and 2.3, Member States will be required to monitor SIENA 24/7 and to ensure the functional availability of a judicial authority. This good practice, identified in a number of Member States, has been noted to significantly improve the SPOC ability to respond to urgent requests in a timely manner.

Efficiency and effectiveness. While some countries do not seem to work with a modern Case Management System (CMS) in relation to cross-border law enforcement cooperation, other countries have systems in place that are seamlessly interoperable and integrated with Europol SIENA. Thus, the measures identified in policy option 2.2 are expected to contribute to level the playing field in terms of technical progress of law enforcement cooperation between countries and, thereby, facilitate the access to and exchange of information. The approximation of common minimum requirements will ensure coordinated future developments, thereby facilitating and enhancing internal and EU cooperation. Indeed, data can be exchanged in a more structured and swifter way (e.g. via the Universal Message Format).

A large majority of Member States participants to the 2nd technical workshop held in May 2021 indicated that the envisaged measures centred on national Case Management System for SPOCs would have a (very) positive impact on cross-border law enforcement cooperation 101 .

Elements of the policy option 2.1 (non-binding guidance) are expected to make a small positive contribution to improving the efficiency of cross-border law enforcement cooperation. Yet, this would not provide an adequate response from an efficiency perspective. Under policy option 2.1, the identified differences and inefficiencies in the functioning of SPOCs across the EU would remain, hampering the efficient exchange of information, notably due to an inadequate access to key databases and platforms in all SPOCs. The limited interconnectivity between different systems (e.g. due to vast differences between various 'in-house solutions' used in the EU), as well as the limited functionalities of the Case Management System (CMS) in various Member States are also expected to remain and continue to hamper cross-border information exchange in the future.

The plethora of existing databases, channels and systems, as well as the extent to which and how they are used in practice by officials is expected to continue to hamper the efficiency of law enforcement cooperation in the EU. Fragmentation concerning the associated legal, technical and structural requirements at the EU and national levels, as well as established informal practices are expected to continue to be the main reasons for this.

Moreover, some SPOCs have insufficient resources to address the information requests received within the deadlines in all cases. There is also a need to further ensure that law enforcement authorities involved in intra-EU cross-border cases are better trained on recent developments and possess adequate language skills to communicate with their peers. Whilst it remains possible that the SPOCs and PCCCs will over time incrementally update and improve their information management systems, these developments would not be aligned between the Member States and the current barriers are expected to remain.

Political feasibility. Unlike policy option 2.3, policy option 2.2 is politically feasible. The lack of effective and efficient functioning of national and regional information hubs (where they exist) have been persistently noted in the Schengen evaluation country reports in the field of police cooperation. Council guidelines (non-binding) have not led to a necessary minimal convergence of national practices (while recent Council Conclusions insisted on the need to support the "further development of relevant structures and platforms").

This approximation of common minimum standard, notably stemming from the Heads of SPOC network 102 , express a wide consensus at expert level. Ensuring the harmonisation of rules (option 2.3) on issues not covered by EU provisions so far will not be supported by Member States given their far-reaching structural and financial implications.

Coherence and proportionality. Policy option 2.2 is in full coherence with past and envisaged initiatives notably the proposals on Europol, Prüm II and on the Schengen Border Code. Policy option 2.2 is also proportionate to the identified problem and do not go beyond what is necessary to achieve the specific objective.

A full harmonisation of rules (option 2.3) do not meet the proportionality test. Indeed, passing from Council non-binding guidance to a fully-fledged harmonisation by EU law would not be feasible given the major technical, legal and financial implications. The approximation of core minimum standards is considered less invasive while still being conducive to achieving the objective II.

7.3.Objective III: To remedy the proliferation of communication channels used for law enforcement information exchange between Member States while empowering Europol as the EU criminal information hub for offences falling within its mandate (unless otherwise regulated by EU law)

The policy options are partially cumulative in the sense that policy option 3.2 builds on policy option 3.1, and policy option 3.3 builds on policy options 3.2 for the sole flanking soft measures.

Policy option 3.3 is the preferred option 103 . Under this policy option, Member States will be required to exchange information between them via SIENA (unless otherwise regulated by EU law) while putting Europol in copy when this concerns an offence within Europol's mandate. Such requirement will only enter into force after a necessary transition period ensuring the full roll-out of SIENA at national level. This will also have a positive ripple effect on Schengen Associated Countries.

Flanking soft measures will be defined and implemented to support Member States accordingly. Compared to the status quo, where Member States use different communication channels and often do not involve Europol in their bilateral exchanges, this will also significantly increase the amount of information that Member States will share with Europol on cross-border crime, and hence close an important information gap.

The main difference between policy option 3.2 and 3.3 lies in SIENA being the "preferred" channel of communication, thereby still leaving room for Member States not to implement this option if they so decide, and SIENA being the channel of communication “by default” for intra-EU communication.

Policy option 3.2 will still allow Member States leeway in the choice of the communication channel in predefined cases, thereby promoting the use of Europol SIENA as the preferred channel of communication where relevant. The policy option 3.2 will thus seek to clarify existing Council guidelines on the choice of the appropriate channel in a (binding) legal text. Policy option 3.3 ensures a more coherent approach, one giving the Europol channel a central role. Member States could still be allowed to use an alternative channel in exceptional circumstances (to be understood restrictively).

Efficiency and effectiveness. One result of Member States having a free choice of channel (apart from the legal requirements relating to SIRENE Bureaux and Europol National Units) is that they use different channels to different extents also depending from officers' habits and personal preferences. Some Member States have moved towards more systematic use of the Europol channel (SIENA). Others continue to rely a good deal on the INTERPOL channel.

It is important to note that the Member States have divergent views in relation to the use of SIENA as default channel of communication. Some Member States have pointed out that it is important for their own purposes to be able to decide based on the case at hand in a rather flexible manner via which channel information should be exchanged. For instance, it is not always clear in practice to determine whether a specific case is only related to the EU or also has an international component. In such a case, making SIENA the default channel via which information is exchanged may lead to double work if the case turns out to be of international nature in relation to which INTERPOL I24/7 should rather have been used.

However, the choice of the Europol channel (SIENA) is justified by its advantages. SIENA can be used for direct bilateral exchanges, but also facilitates sharing of information with Europol in line with legal requirements of the Europol Regulation and the Swedish Framework Decision. SIENA messages are structured, can handle large data volumes and are exchanged with a high level of data protection and security. The Europol Liaison Officers community is an additional benefit as they can be asked to intervene where necessary to facilitate the understanding and effectiveness of information exchange.

Europol indicated that the definition of SIENA as the default channel (while putting Europol in copy) instead of as a preferred channel (policy option 3.2) is in particular expected to further facilitate the access to and exchange of information and, inevitably, lead to a strong increase of the number of messages exchanged via SIENA. The yearly number of messages exchanged via SIENA is estimated to increase to up to 3.86 million messages in 2030 (against 1.3 million in 2020).

Option 3.1 is expected to, one the one hand, have a small positive impact as regards the achievement of this objective, since Europol is expected to make further improvements to SIENA, potentially doubling the number of users.

However, the extent to which the potential efficiency gains may actually materialise largely depends on Member States' commitment to the improvement of law enforcement cooperation and their willingness to implement (common) changes within their national systems. The current differences between the national set-ups are expected to continue to exist and hamper the level playing field between Member States. Member States will remain free not to put Europol in copy of their exchanges via SIENA even when concerning offences falling into the agency' mandate.

Under policy option 3.1, the identified uncertainties and inefficiencies in the intra-EU law enforcement cooperation, including the current duplication of requests in various communication channels both at the EU level and between the Member States are expected to remain and eventually to increase, causing undue delays and additional workload.

For example, the practice of 'fishing' is likely to remain, meaning that a number of Member States or national LEAs may receive the same information request without any clear link to a specific case, thus leading to duplication of work. Therefore, it is expected that the efficiency of future law enforcement cooperation will considerably lag behind its potential.

Political feasibility. A number of Member States favours an approach that leaves wide flexibility to use different channels. While considered politically feasible 104 , the policy option 3.3 is likely to be closely analysed by the Member States.

Coherence and proportionality. While possibly more readily acceptable by a number of Member States, the policy option 3.2 is considered to be only partially coherent with other EU measures, notably the Europol Regulation and Council Document 5503/21 105 on the use of SIENA as a primary communication channel. Because the policy option 3.2 will leave Member States more leeway, it is considered to falling short of the necessity requirement, while policy option 3.3 is considered proportionate to the identified problem and do not go beyond what is necessary to achieve the specific objective.  

Policy option 3.3 is fully in line with a decade-long political commitment to make of Europol the "hub for information exchange between the law enforcement authorities of the Member States, a service provider and a platform for law enforcement services" 106 . 

In coherence with this 2009 European Council strategic guidance, a 2021 Council Presidency Document also states: "applying SIENA as the default communication channel would add to the streamlining of law enforcement information exchange, and increase the level of security in the context of police cooperation in the Union. By the same token, it would enable that efforts be focused on the development of a single instead of numerous solutions, thus fostering the objective of reaching enhanced EU internal security" 107 .

8.8.    Preferred policy option: a game changer for law enforcement cooperation

Options 1.3, 2.2 and 3.3 form the preferred option.

Taken together, the preferred policy option will streamline, clarify, develop and modernise cross-border law enforcement cooperation while better safeguarding Fundamental Rights. It will also step up Europol support to Member States in countering evolving threats. The preferred policy option, a game changer, will ensure a strong convergence of national practices regarding the effective and efficient functionning of SPOC, through common minimum standards.

This choice reflects the best cumulative score of these options as regards to relevance, added value, effectiveness, efficiency, coherence and proportionality. It draws the lessons from the past and, at the same time, is sufficiently ambitious. The approximation of common minimum (ambitious) standards will ensure a sufficient degree of convergence of national practices and ultimately deliver effective and efficient information flows. It respects the views of the Member States concerning the role of information exchange in addressing criminal offences while at the same time respecting also the legitimate expectations of the EU citizens and businesses as to contribute to the effective and efficient safeguard of the Schengen area as one of the main enablers of the freedom of movement of persons and goods 108 .

8.

8.1. Overview of the preferred policy option

The most positive cumulated impacts of the preferred policy option are expected to stem from establishing the SPOC as a "one stop shop" for law enforcement cooperation in all Member States. Additionally:

·The requirement to have full access to EU and international law enforcement databases (e.g. by involving staff in the SPOC who have full access) will constitute a key step forward, as the current uneven access to relevant databases by the SPOCs have a negative impact on the speed to which information can be exchanged.

·The requirement to have a judicial authority functionally available will imply that those cases where a judicial authorisation is required can be handled more swiftly than what is currently the case, meaning that deadlines can be more readily met also in these cases. At present, deadlines are almost always exceeded when a judicial authorisation is required.

·The requirement for the SPOC to be, at the minimum, informed about all international law enforcement cooperation requests dealt with at national level will lead to better (statistical) information concerning the information exchanges and thus constitute an important basis for better informed future action. It will also mean that the SPOC will have better possibilities to assist with information exchanges.

·The requirement to set up a Case Management System (CMS) with common minimum features at SPOC and ensure its interconnection with the PCCCs’ CMSs, will significantly improve both the efficiency and effectiveness of national, regional and EU level inter-agency cooperation.

·The establishment of Europol SIENA as the default (rather than the preferred) channel of communication will add to the streamlining of law enforcement information exchange.

·A key enabler to achieve the specific objectives is the establishment of appropriate training and financial support.

The consultation process revealed some political red lines for Member States. If the preferred options took note of them, the main reason for excluding a full harmonisation of the functioning of the SPOC by means of a Regulation stems, first and foremost, from the wide divergence of practices, legal traditions and existing set up in place at national level. The policy options would have therefore remained the same irrespective of their political feasibility.

Ensuring the harmonisation of rules (Regulation) through a detailed check list of necessary features (option 2.3) on issues not covered by EU provisions so far will not be supported by Member States given their far-reaching structural and financial implications. Such harmonisation may also be considered going beyond would be strictly necessary to achieve the main goal of this initiative. It would thus not pass the proportionality, necessity and subsidiarity tests.

Even though the political feasibility of new measures in the area of law enforcement cooperation is generally challenging, the preferred policy responds to calls for actions from the co-legislators. It will notably meet the objectives of the Council Conclusions of November 2020 109 calling on:

·the Member States to: "take all necessary steps to further strengthen operational cross-border law enforcement cooperation by effectively implementing existing instruments and, where appropriate and necessary, by consolidating, simplifying and extending the legal foundations [and] swiftly improve means for regular or ad hoc exchange of information".

·The Commission to support: "the development of smooth and swift information exchange, further development of relevant structures and platforms; to consider consolidating the EU legal framework to further strengthen cross-border law enforcement cooperation" [and]

·"to duly take into account – when assessing options for a proposal for a European Police Cooperation Code and while upholding the principle of national sovereignty, the existing standards for the protection of fundamental rights, existing legal systems in Member States and the decisive role of the host state – the value and success of local, regional, bi- and multilateral law enforcement cooperation between Member States".

Stakeholders' high-level support for the policy options

Source: EY/RAND Europe Study’s elaboration

Cells that are marked in darker green denote a stronger positive impact on the different types of stakeholders. This table is not based on official positions provided by the Member States.

Based on the study' findings and initial feedback at political level 110 , there is a general trend towards high-level support among stakeholders. Law Enforcement Authorities (LEAs) seem to be more supportive of the elements of the policy options than judicial authorities. With specific regard to data protection authorities, it is crucial to note that the support is contingent on the extent to which the protection of personal data is safeguarded throughout all measures foreseen under the policy options.

Generally spoken, Non-Governmental Organisations and civil society organisations are supportive of the policy options as long as fundamental rights are safeguarded, and LEAs do not come into the possession of excessive, unjustified amounts of information about citizens and businesses that do not concern actual criminal investigations and/or legal proceedings before Court.

The preferred policy option is also coherent with:

·the EU Security Union Strategy for the period 2020 to 2025 111 , which points to the need to improve intra-EU operational law enforcement cooperation;

·the Counter-Terrorism Agenda 112 , which calls for a more effective interoperability of EU information;

·the EU Strategy to tackle organised Crime 2021-2025 113 , which is focused on boosting law enforcement and judicial cooperation;

·the new Schengen strategy 114 , which points to the need for police officers to cooperate effectively and by default across Europe;

·the 2020 Council Conclusions on Internal Security and European Police Partnership 115 , which calls for the consolidation and improvement of available law enforcement instruments;

·the Commission Recommendation (EU) 2017/820 116 , which invites Member States to strengthen cross-border police cooperation;

·the Commission Staff Working Document SWD/2020/327 final 117 , which highlights the need to address the deficiencies and the recurrent issues affecting law enforcement cooperation, and;

·the Council Document 5503/21 118 on the use of SIENA as a primary communication channel.

The high-level issues and core problems stemming from them as well as their likely future development are addressed by the preferred policy option in line with the subsidiarity and proportionality principles.

8.2. Preferred policy option cumulated advantages and disadvantages

Overall, it is expected that the preferred policy option will have a very significant impact on the effectiveness of EU cross-border law enforcement cooperation. The preferred policy option will contribute to efficiently reduce specific types of costs related to law enforcement cooperation, while at the same time contribute to increasing others.

It can be expected that different Member States will be affected by reduced/increased costs to varying degrees depending on how much aligned their current national set-up already is with the measures envisaged under the preferred policy option. However, reliable quantitative data on costs are largely missing 119 .

8.3. Main types of costs expected to be reduced/increased with the preferred policy option

While highly depending from the specificities of each national IT set-up and legal parameters, an estimation of possible costs has been provided by Europol. These costs, deemed acceptable, are proportionate to the identified problem and do not go beyond what is necessary to achieve the specific objective (see below). The Annex 3 provide further details on the methodology issues to estimate anticipated costs. Given the lack of data, these costs are considered rough estimations.

Based on the estimation above, the set-up of Case Management Systems and their SIENA integration in PCCCs not yet equipped could possibly cost EUR 9 million (one-off).

This cost is broken down as follow:

·Out of the 59 identified PCCCs, 14 are already connected to SIENA;

·The SIENA connection to a possible maximum of 45 PCCCs would cost EUR 2,250 million (45x EUR 50.000);

·The set-up of CMSs in a maximum of 45 PCCCs would cost EUR 6,750 million (45x EUR 150.000);

·Hence a total of EUR 9 million (2,250 + EUR 6,750 million) for PCCCs;

·This would be considered as a maximum one-off cost given that a number of PCCCs are already connected to the SPOC CMS. Hence the SIENA integration in the SPOC CMS would de facto cover the SIENA integration in the connected PCCCs.

The necessary IT upgrades in both SPOCs and PCCCs could thus amount to a maximum one-off grand total of EUR 11,5 million (2.5 + 9 million).

These costs (one-off investment), deemed acceptable, are proportionate to the identified problem and do not go beyond what is necessary to achieve the specific objective. As Member States are in any case pursuing a modernisation of their IT systems (also in the context of the interoperability of EU information systems), this provides a good opportunity for cost effective implementation of the envisaged changes. These costs do not cover training needs. As for IT upgrades, the training costs are highly depending from the specificities of each national IT set-up and legal parameters.

The costs at national level should be covered by Member States' programmes under the Internal Security Fund. 122 The Internal Security Fund includes the specific objective to "improve and facilitate the exchange of information" and to "improve and intensify cross-border cooperation". 123 When preparing their national programmes, Member States are invited to include in their national programmes activities relevant to the upcoming Police Cooperation Code, with explicit reference to SPOCS and PCCCs, and the connection to SIENA.

With a view to maximising the main advantages of the preferred policy option, and to minimise the main disadvantages to the extent possible, various success factors have been identified:

·Provide sufficient funding and financial support to Member States in order to facilitate high-level political support for the preferred policy option, as well as to ensure the necessary financial commitment;

·Leverage and streamline existing IT-solutions (e.g. developed by Europol) in order to avoid Member States diverging at the technical level;

·Provide sufficient funding and co-develop awareness raising campaigns targeted at EU law enforcement officials in relation to cross-border matters;

·Provide sufficient funding and co-develop specific training relevant for the subject matter covered by the preferred policy option and leverage existing training opportunities provided by CEPOL;

·Closely collaborate with Member States in order to take advantage of proven operational practices;

·Take appropriate action in unison with the Member States in order to identify and streamline good practices concerning the implementation of the preferred policy option; and

·Continuously collect relevant statistics and monitor the implementation of the preferred policy option to enable swift action in case diverging implementation practices occur.

9.9.    How will actual impacts be monitored and evaluated?

The evaluation of impacts will depend on the information to be received from the Member States. For this reason, the Directive Proposal would contain provisions on collection of data indicators on the quantity of information requested, sent, received; the number of urgent requests, the number of urgent requests replied on time and a breakdown by communication channels at SPOC, at PCCCs (if any) and at any other equivalent structures.

The responsibility for the collection of the relevant monitoring data should be in the hands of national authorities. The development of a modern information management architecture, as per the Directive proposal, will greatly facilitate the data collection exercise at no additional cost by the SPOCs.

Subsequently, the monitoring of these activity indicators will be used to inform on the application of the Directive proposal. Three and five years after the transpositon deadline, , the Commission intends to submit to the European Parliament and the Council two reports. The first, assessing the extent to which the Member States have taken the necessary measures to comply with this Directive; the second, assessing its results against its objectives and the continuing validity of the underlying rationale and any implications for future options.

Aside from this legal proposal, the Commission, acting by virtue of its administrative autonomy, will set up an expert group composed by experts from each Member State, to advise and support the Commission in the monitoring and application of the Directive, including in the preparation of Commission guidance papers.

Main indicators for the monitoring of the preferred policy option contained in the Directive proposal

Annex 1: Procedural information

1.Lead DG, Decide Planning/CWP references

The lead DG is the Directorate-General for Migration and Home Affairs (DG HOME). The agenda planning reference is PLAN/2020/8314 - HOME - EU police cooperation.

The Commission Work Programme for 2021 announced a legislative initiative to "modernise existing intra-EU law enforcement cooperation by creating an EU police cooperation code 125 .

2.Organisation and timing

The inception impact assessment was published on 28 September 2020 126 and open for feedback for a period of 8 weeks, until 16 November 2021 127 .

An Inter-Service Sterring Group (ISSG), composed of representatives from SG, SJ, HOME, JUST, TAXUD and OLAF was set up. The ISSG met four times:

·Comment on and validation of the Terms of Reference for the Study underpinning this Impact Assessment and Consultation strategy, 30 October 2020;

·Comment on and validation of the Study' Inception Report, 17 February 2021;

·Comment on and validation of the Study' Interim Report, 29 April 2021;

·Comment on and validation of the Study' Final Report, 21 June 2021.

The Inter-service Group on the Security Union discussed a draft text of the impact assessment on 9 July 2021. It was composed of representatives from SG, SJ, HOME, JUST, TAXUD, BUDG, EAC, CNECT, NEAR, MOVE, ECHO, ENV, EMPL, ENER, DEFIS, DIGIT, FISAM, FPI, GROW, HR, RTD, SANTE, TRADE, INPTA, REGIO, MARE, CERT-EU, ESTAT, JRC OLAF, EEAS.

The comments made by the ISG were integrated in the draft Impact Assessment.

3.Consultation of the RSB

On 19 August 2021, the Directorate-General for Migration and Home Affairs submitted the draft impact assessment to the Regulatory Scrutiny Board, in view of a hearing that took place on 22 September 2021.

The opinion of the Regulatory Scrutiny Board was positive 128 . The following comments were made:

4.Evidence, sources and quality

The impact assessment is notably based on the stakeholder consultation (see annex 2). The Commission applied a variety of methods and forms of consultation, ranging from consultation on the Inception Impact Assessment, which sought views from all interested parties, to targeted stakeholders' consultation by way of a questionnaire, experts' interviews and targeted thematic stakeholder workshops, which focused on subject matter experts, including practitioners at national level. Taking into account the technicalities and specificities of the subject, the Commission emphasised in targeted consultations, addressing a broad range of stakeholders, at national and EU level.

In this context, the Commission also took into account the findings of the "Study to support the preparation of an impact assessment on EU policy initiatives facilitating cross-border law enforcement cooperation", which was commissioned by DG HOME and developed by the contractor based on desk research and the following stakeholder consultation methods: scoping interviews, questionnaire and online survey, semi-structured interviews, case-studies and two online workshops (see annex 2).

Annex 2: Stakeholder consultation

This annex provides a synopsis report of all stakeholder consultation activities undertaken in the context of this impact assessment.

1.Consultation strategy

The aim of the consultation was to receive relevant input from stakeholders to enable an evidence-based preparation of the future Commission initiative on a improving law enforcement cooperation between Member States.

 The stakeholders' consultation took place between September 2020 and July 2021 and encompassed, primarily, targeted stakeholders by way of the Study and two workshops hosted by the Commission with Member States and Schengen Associated Countries' representatives.

To do this, the Commission services identified relevant stakeholders and consulted them throughout the development of its draft proposal. The Commission services sought views from a wide range of subject matter experts, national authorities, civil society organisations, and from members of the public on their expectations and concerns relating to strengenting law enforcement cooperation in the EU. 

During the consultation process, the Commission services applied a variety of methods and forms of consultation. They included:

·the consultation on the Inception Impact Assessment, which sought views from all interested parties;

·targeted stakeholder consultation by way of a questionnaire;

·expert interviews; and

·targeted thematic stakeholder workshops that focused on subject matter experts, including practitioners at national level. Taking into account the technicalities and specificities of the subject, the Commission services focused on targeted consultations, addressing a broad range of stakeholders at national and EU level.

The Commission also took into account the findings of the "Study to support the preparation of an impact assessment on EU policy initiatives facilitating cross-border law enforcement cooperation", which was commissioned by DG HOME and developed by the contractor based on desk research and the following stakeholder consultation methods: scoping interviews, questionnaire and online survey, semi-structured interviews, case-studies and two online workshops.

The aforementioned diversity of perspectives proved valuable in supporting the Commission to ensure that its proposal address the needs, and took account of the concerns, of a wide range of stakeholders. Moreover, it allowed the Commission to gather necessary data, facts and views on the relevance, effectiveness, efficiency, coherence and EU added value of the proposal.

Taking into consideration the Covid-19 pandemic and the related restrictions and inability to interact with relevant stakeholders in physical settings, the consultation activities focused on applicable alternatives such as online surveys, semi-structured phone interviews, as well as meetings via video conference.

A public consultation as part of our consultation strategy for the new legislative proposal was carried out.

2.Consultation activities (summary)

2.1. Feedback on the Inception Impact Assessment

A call for feedback, seeking views from any interested stakeholders, on the basis of the Inception Impact Assessment was organised from 28 September to 16 November 2020. The consultation, sought feedback from public authorities, businesses, civil society organisations and the public, was open for response from 4 May 2020 to 09 July 2020. Participants of the consultation were able to provide online comments and submit short position papers, if they wished, to provide more background on their views. 4 contributions were received 129 . They were integrated as part of the study' findings.

2.2. Consultations that took place during the study to support the preparation of an impact assessment on EU policy initiatives facilitating cross-border law enforcement cooperation 

The Commission contracted an external consultant to conduct a study. It took place from January to August 2021. It involved desk research, and stakeholder consultations by way of scoping interviews, targeted questionnaires, a survey, semi-structured interviews, case-studies, a public consultation and two ad hoc workshops. 

2.3.1. Feedback on the public consultation 

The public consultation was carried out from 19 April to 14 June 2021. 20 contributions were received 130 . They were integrated as part of the study' findings.

2.3.2. Targeted consultation by way of a questionnaire

An online survey in the form of questionnaires made accessible to targeted stakeholders via the EUSurvey 131 tool was also held as part of the Study. The objective of this consultation was to receive feedback, comments and observations on the challenges identified for the legal proposal. The questionnaires were tailored to different stakeholders.