52009DC0292

[pic] | COMMISSION OF THE EUROPEAN COMMUNITIES |

Brussels, 24.6.2009

COM(2009) 292 final

COMMUNICATION FROM THE COMMISSION

Legislative package establishing an Agency for the operational management of large-scale IT systems in the area of freedom, security and justice

{COM(2009) 293 final}{COM(2009) 294 final}{SEC(2009) 836}{SEC(2009) 837}

COMMUNICATION FROM THE COMMISSION

Legislative package establishing an Agency for the operational management of large-scale IT systems in the area of freedom, security and justice

OBJECTIVE

The objective of this legislative package is to establish an Agency responsible for the long-term operational management of the second-generation Schengen Information System (SIS II)[1], Visa Information System (VIS)[2] and EURODAC[3]. In addition, the Agency could be given responsibility for other large-scale IT systems in the area of freedom, security and justice.

Context

In order to benefit from the developments in the field of information technology and to allow for the introduction of new functionalities, a second-generation Schengen Information System (SIS II) will replace the existing Schengen Information System (SIS 1+). SIS II will ensure a high level of security within the European Union’s area of freedom, security and justice, including maintenance of public security and public policy as well as safeguarding security in the territories of the Member States.

The Visa Information System (VIS) will be the essential IT-based instrument for supporting implementation of the common visa policy and facilitating, inter alia, effective border control by enabling authorised national authorities to enter and update visa data, including biometric data, as well as to consult such data electronically.

EURODAC is an IT system for comparing the fingerprints of asylum seekers and illegal immigrants in order to facilitate the application of the Dublin II Regulation[4], which makes it possible to determine the Member State responsible for examining an asylum application.

SIS II and VIS are being developed by the Commission. According to the legal instruments governing these systems, the Commission is entrusted with the operational management of SIS II and VIS during a transitional period. This period should be no longer than five years from the date from which the SIS II legal instruments apply or the VIS Regulation enters into force respectively. The Commission currently entrusts the operational management of SIS II and VIS to national public-sector bodies in two different Member States, namely in France and Austria.

Regarding EURODAC, the Commission has developed the system and is currently responsible for operating the Central Unit and ensuring the security of data transmission.

It is, however, not the Commission’s core task to operate such large-scale IT systems. Hence, the SIS II and VIS legal instruments stipulate the need to establish a Management Authority in the long term, mainly to ensure continuity and operational management of the respective systems and the permanent flow of data.

In joint statements accompanying the SIS II and VIS legal instruments, the Council and the European Parliament invited the Commission to present, following an impact assessment, the necessary legislative proposals entrusting an Agency with the long-term operational management of the Central SIS II and parts of the Communication Infrastructure as well as the VIS. The Commission committed itself to presenting, within two years of the entry into force of the SIS II and VIS legal instruments, the necessary legislative proposals to entrust an Agency with the long-term operational management of these systems.

In its recent communication on European agencies[5], the Commission committed itself not to make proposals for new regulatory agencies, except for those already planned in the field of justice and home affairs, such as the proposal for an Agency for the operational management of SIS II, VIS and EURODAC and other large-scale IT systems.

The structure of the legislative package

Overview of the Agency

A new Regulatory Agency is the best option for carrying out the tasks of the ‘Management Authority’ for SIS II, VIS and EURODAC in the long term[6].

The best way to improve productivity and reduce operational costs is to exploit synergies. This could be achieved if all three systems, and possibly other systems, were housed in one location and running on the same platform.

The Agency’s core task should be to provide the operational management for these systems keeping them functioning 24 hours a day, seven days a week. Beyond these operational tasks, the corresponding responsibilities for adopting security measures, reporting, publishing, monitoring and information issues as well as organising specific VIS and SIS II related trainings, should be assigned to the Agency. Many of the tasks related to the operation of these IT systems, such as procurement and project management would overlap, thus allowing the creation of synergies.

The analysis in the impact assessment also demonstrated that, in order to increase the operational base and to better justify managerial overheads, an Agency could be made responsible for the development and operational management of any new system that may be set up in the future in the area of freedom, security and justice.

The Agency’s governance structure should also reflect the existing variable geometry , i.e. a heterogeneous group of Member States and associated countries with a varying level of participation in the systems.

Cross-pillar elements of the systems

SIS II is established both on the first and the third pillar. The first-pillar aspects of SIS II cover alerts for refusal of entry as well as access by Member States’ services responsible for issuing vehicle registration certificates. The third-pillar aspects of SIS II cover all the alerts falling under Title VI of the EU Treaty, i.e. provisions on police and judicial cooperation in criminal matters. The legal instruments governing SIS II contain identical provisions concerning the Management Authority and its tasks.

VIS is based on a first-pillar instrument (the VIS Regulation) but there is also a third-pillar Council Decision regulating access for consultation of the VIS by designated authorities of Member States and by Europol for the purposes of prevention, detection and investigation of terrorist and other serious offences. This Decision also contains a reference to the Management Authority in the context of monitoring and evaluation, requiring a third-pillar legal instrument for the Agency to cover the respective tasks. EURODAC is also established on the first pillar.

The cross-pillar elements underlying these IT systems require the adoption of different legal instruments for establishing the Agency.

The present package of legal instruments combines two legal instruments: a Regulation governing the first-pillar aspects of SIS II and VIS as well as EURODAC and a Decision regarding third-pillar aspects of SIS II and VIS.

One of the two instruments presented here, the Regulation, will describe the structure and the tasks of the Agency, its voting procedures and other necessary elements. It specifies that, when performing the management tasks, the Management Board shall be composed of one representative of each Member State and country associated with the implementation, application and development of the Schengen acquis and the EURODAC related measures as well as two representatives of the Commission. However, associated countries do not have voting rights. The other legal instrument, a Decision, which takes account of the cross-pillar elements of the systems, will confer on the Agency the tasks related to the operational management of SIS II and VIS in application of Title VI of the EU Treaty.

The following proposals make up the current legislative package:

1. Regulation of the European Parliament and of the Council establishing an Agency for the operational management of large-scale IT systems in the area of freedom, security and justice;

2. Council Decision conferring upon the Agency established by Regulation XX tasks regarding the operational management of SIS II and VIS in application of Title VI of the EU Treaty.

Financial implications

The estimated total costs related to the preparatory and start-up phase of the long-term operational management of SIS II, VIS and EURODAC amount to €113 million between 2010 and 2013. This amount is covered by the financial framework for 2007-2013. An overview of the operational and administrative expenditure is provided in the legislative financial statement annexed to the proposal for a Regulation establishing an Agency for the operational management of large-scale IT systems in the area of freedom, security and justice. The financial statement is mainly founded on estimates and figures from the impact assessment conducted in 2007. It is also based on the assumption that this proposal will be adopted in 2010, in order for the Agency to be legally established in 2011 and become a fully fledged Agency able to take over all the tasks related to the operational management of SIS II, VIS and EURODAC and other large-scale IT systems in 2012.

The estimated costs for the Agency cover operational as well as administrative expenditure needed to ensure the effective operational management of SIS II, VIS and EURODAC. The total amount also includes costs related to personnel and its training. It is currently foreseen that the Agency will employ 120 people. However, what is not foreseen in the budget of the Agency are the costs linked to the connection of the three systems to the s-TESTA network. According to the proposal, the Commission remains responsible for all contractual and budgetary aspects related to the communication infrastructure. The yearly costs of the connection of the three systems amount to around €16,5 million, an amount that will be covered by the Community budget. Finally, resources have been foreseen for the acquisition of a new site for the Agency which has also the capacity to host systems.

Compared to the current situation, where the systems are developed and operated separately, and once the necessary initial investments have been made, a joint management structure would result in synergies and cost efficiencies in the long term.

[1] Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second generation Schengen Information System (SIS II) and Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second generation Schengen Information System (SIS II).

[2] Council Decision 2004/512/EC of 8 June 2004 establishing the Visa Information System (VIS) constitutes the required legal basis for including in the general budget of the European Union the appropriations necessary for developing the VIS.

[3] Council Regulation (EC) No 2725/2000 of 11 December 2000 concerning the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of the Dublin Convention.

[4] Council Regulation (EC) 343/2003/EC of 18 February 2003 establishing the criteria and mechanisms for determining the Member State responsible for examining an asylum application lodged in one of the Member States by a third-country national.

[5] Communication from the Commission to the European Parliament and the Council, ‘8ABEOUVWuvwxy¼¿[6] + , - : @ A B C P V W X Y f g h i s v w x › ? ¼ ¿ [7]+,¶¼½Çìí

‚ùîçãßÛ×ãßîçîßîßùÓùÏùËÇÃËÇËÇÃËÇËÇ˼˼ÇËÇ߸±ß±Ï±ª£Ÿ£ª’ª’ª’ªjhRÛh¥^¨0J%U[pic]h¥^¨

h—M€h¥^¨

hRÛh¥^¨

hRÛhÚ,hš[8]/

h›Îh#¸h¤\European agencies – The way forward’, COM(2008) 135 final.

[9] This approach is supported by the conclusions of the impact assessment report based on a preparatory study carried out by an external contractor, COM (2009) XX final.