52013SC0048

COMMISSION STAFF WORKING DOCUMENT

EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT

Accompanying the document

PROPOSAL FOR A REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

establishing the entry/exit system to register entry and exit data of third-country nationals crossing the external borders of the Member States of the European Union

1. Problem definition 1.1. Background

In its Communication of 13 February 2008 preparing the next steps in border management in the European Union[1] the Commission suggested the establishment of an entry/exit system (EES). Such a system would entail the registration of the personal data together with the dates of entry and exit of each third-country national admitted for a short stay when they cross the external borders. The 2008 Communication was accompanied by an impact assessment report[2].

The Conclusions of the European Council of 23 and 24 June 2011 called for work on "smart borders" to be moved forward rapidly. In response, the Commission adopted on 25 October 2011 a new Communication on the various options and the way ahead.[3] It concluded that the implementation of an EES would provide the Union with accurate data on travel flows in and out of the Schengen area at all parts of its external borders and on overstayers.

1.2. Why the creation of an EES is being examined

The 2008 impact assessment identified and examined irregular immigration, including the lack of data for identifying overstayers, and terrorism and serious crime as the main problems to be addressed through the creation of an EES. As explained in the 2011 communication:

'An EES would allow the accurate and reliable calculation of authorised stay as well as the verification of the individual travel history for both visa holders and visa exempted travellers as an essential part of first line risk-assessment. It would do so by replacing the current system of stamping passports with an electronic registry of the dates and places of third country national admitted for short stays. While the main purpose of the system would be to monitor respect of the authorised stay of third country nationals, the system would also contribute to optimising border check procedures and enhance the security at the moment of the crossing of the external borders. '[4]

The 2008 impact assessment assessed a wide range of policy options and identified the setting up of an entry/exit system as the preferred option. This impact assessment looks again at the overall problem definition as relevant for that conclusion in the light of developments since 2008 with regard to border control aspects, irregular migration, and technological developments, at European as well as national level.

1.3. Summary of overall problems related to border control and irregular migration

· Absence of any electronic means for recording travel movements of third-country nationals admitted for a short stay; · The very limited value of national systems for such purposes in an area without internal border control between 26 countries; · The absence of means for identifying persons detected within the territory without travel documents who cannot be identified using the VIS; · The absence of any information of who is on EU territory and who complies with the maximum allowed short stay of three months per six months; · The complexity and slowness of the current stamping obligation, which does not guarantee that the border guard can assess the authorised stay at the border check of the traveller; · The absence of information on nationalities and groups (visa exempt/required) of travellers overstaying; · The absence of information that can support random checks within the territory to detect irregularly staying persons.

1.4. Summary of overall problems related to law enforcement aspects

· Lack of information on the travel and cross-border movements of suspect persons; · Difficulties in detecting persons subject to an alert who use different identities to cross the borders; · Difficulties identifying a suspect having destroyed his or her travel documents.

1.5. Fundamental rights issues

An EES would, due to the personal data involved, in particular have an impact on the right to the protection of personal data, enshrined in Article 8 of the Charter of Fundamental Rights of the European Union. An EES would need to guarantee the right to an effective remedy before a tribunal (Article 47 of the Charter) for challenging a notification of an overstay, for example in cases of forced overstay, errors or when a migrant has a legal right to stay.

Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data[5] and the Regulation (EC) 45/2001 would apply to the processing of personal data carried out for the purpose of an EES respectively by the Member States and by the EU institutions, bodies and agencies involved. Negative impacts of sharing personal data have to be minimised by appropriate technical safeguards against misuse, clear legal limitations for access, including purpose limitations and data retention periods which are as short as possible.

According to the Commission Communication of July 2010 on information management[6], data protection rules should be embedded in any new instruments relying on the use of information technology. This implies the inclusion of appropriate provisions limiting data processing to what is necessary for the specific purpose of that instrument and granting data access only to those entities that ‘need to know.’ It also implies the choice of limited data retention periods depending solely on the objectives of the instrument and the adoption of mechanisms ensuring an accurate risk management and effective protection of data subjects' rights.

The system would have to comply with data protection principles and the requirements of necessity, proportionality, purpose limitation and quality of data. All safeguards and mechanisms should be in place for the effective protection of the fundamental rights of travellers particularly the protection of their private life and personal data. Third-country nationals must be made aware of these rights.

1.6. Subsidiarity

Under Articles 74 and 77(2) of the Treaty on the Functioning of the European Union (TFEU), the Union has the power to adopt measures relating to the crossing of the external borders of the Member States. Under Articles 82 (1)(d) and 87(2)(a) TFEU the Union also has the power to adopt measures to strengthen police and judicial cooperation by collecting, storing, processing, analysing and exchanging relevant information.

No Member State alone is able to cope with irregular immigration and with combating international terrorism and serious crime. A person may enter the Schengen area at a border crossing point in a Member State where a national register of entry/exit data is used, but exit through a border crossing point where no such system is used. The monitoring of compliance with EU rules on authorised stays can therefore not be done by Member States acting alone. Third-country nationals who enter the Schengen area are able to travel freely within it. In an area without internal borders, action against irregular immigration should in principle be undertaken on a common basis. Considering all this the EU is better placed than Member States to take the appropriate measures.

2. Objectives of the Entry/Exit System

The general policy objectives are, in order of priority:

· To counteract irregular immigration;

· To contribute to the fight against terrorism and serious crime and ensure a high level of internal security.

The specific objectives are:

· To enhance the efficiency of border checks through monitoring of the rights to authorised stay at entry and exit, and to improve the assessment of the risk of overstay;

· To monitor compliance with the authorised stay of persons within the territory;

· To generate reliable information to allow the EU and Member States to make informed policy choices concerning visa and migration;

· To identify and detect irregular immigrants, especially overstayers, also within the territory and to increase the possibilities for return;

· To identify and apprehend terrorist and criminal suspects crossing the external borders;

· To generate information that would reduce the identification and verification gap concerning third country nationals that are not covered by the Visa Information System (VIS) and that would contribute to the apprehension of terrorist and criminal suspects.

The operational objectives are:

· To create entry and exit records of third country nationals crossing the external borders;

· To automatically calculate the authorised stay and issue an alert when there is no exit record on the expiry of the third country national's authorised stay;

· To delete the EES data upon expiry of the retention period;

· To generate information on the size and trends of movements across the external borders, especially with regard to irregular immigration;

· To inform third country nationals of their rights and to implement effective appeal procedures.

3. Policy options

The problem definition and the consultation of stakeholders show that the key issues to decide are which data to be processed in the system and for which precise purpose. The retention period needs to be chosen as a function of the choices made with regard to these two issues, that is, the shortest possible retention period needed to fulfill the purpose. The four policy options are therefore the following:

1)           An entry/exit system with alphanumeric data for the purpose of border control and migration management;

2)           Same as policy option 1, with the addition of biometric data;

3)           Same as policy option 1, with the purpose of the system extended to also include the fight against terrorism and serious crime;

4)           Same as policy option 1, with the addition of biometric data and with the purpose of the system extended to also include the fight against terrorism and serious crime (so a combination of policy options 2 and 3).

Once the preferred policy option has been identified – in other words, what the system will do – a choice needs to be made how to implement the system technically.

The retention period in relation to the policy options would be the following:

· For an entry/exit system set up on the basis of either policy options 1 or 2, as a general rule 6 months, while for travellers who have not exited the territory within the authorised stay the period would be 5 years, and for participants in the RTP a period equivalent to the time they are granted access to the system;

· For an entry/exit system set up on the basis of either policy options 3 or 4, the retention period would be five years for all travellers.

4. Comparison of options and identification of the preferred policy option 4.1. Comparison of options

Table 1 – Comparative assessment of the policy options

Objective/policy option || Baseline (Policy option 0) || Policy option 1 || Policy option 2 || Policy option 3 || Policy option 4

Policy objective: To counteract irregular immigration || 0 || √√ || √√√ || √√ || √√√

Policy objective: To fight against terrorism and serious crime || 0 || 0 || 0 || √√ || √√√

Impact on fundamental rights || 0 || -√ || -√√ || -√√ || -√√√√

Impact on border management || 0 || 0 || 0 || 0 || 0

Table 1 summarises the assessment of impacts. The following comparison and identification of the preferred option will also take into account the following criteria:

· Effectiveness – the extent to which options achieve the objectives of the proposal;

· Efficiency – the extent to which objectives can be achieved at least cost;

· Coherence – the extent to which options are coherent with overarching objectives of EU policy.

A difficulty revealed by the assessment of the impacts of each policy option is the lack of available data, which notably influences the possibility for comparing the effectiveness of policy options 1-4. The assumption that a system with biometrics will have a higher impact on counteracting irregular migration, and that as a consequence policy options 2 and 4 would be more effective, is influenced by the share of persons not subject to the visa obligation that overstay, and this exact number is not known. The negative impact on the border management process of verifying biometrics of this group of travellers can only be fully assessed when the VIS is fully implemented. Equally for assessing the impact of giving access for law enforcement purposes comprehensive data is yet missing, as the input provided by Member States' experts so far has mainly remained general and experiences of access for law enforcement purposes to the VIS are not yet available. It can be noted that entry/exit data can be necessary for the prevention, detection or investigation of terrorist offences or other serious offences in case they involve international travel. Furthermore, the positive impact on the objective of detecting and identifying terrorist and criminal suspects is higher for a system with biometrics.

Assessing the preferred option with regard to the inclusion of biometric data must start from the core purpose of the system, related to border control and migration management. On that basis option 2 has the highest positive impact on counteracting irregular migration. The potential negative impacts on the border management process could be managed through a transitional period, whereby the system would operate based on alphanumeric data for the first three years and subsequently on the basis of alphanumeric and biometric data.

On that basis, with regard to access for law enforcment purposes, the total negative impact on fundamental rights of option 4 could be seen as potentially disproportionate, also taking into account the need for a much longer retention period.

An evaluation after a period of 2 years, taking also into account the experiences of the implementation of the VIS with regard to access for law enforcement purposes and overall experiences with regard to operating the EES, would allow for returning to the question of law enforcement access on the basis of more complete data and information to assess the impacts in more detail.

The need to give access for law enforcement purposes to the system as well as the retention period could therefore be reconsidered when the entry/exit system is evaluated after a period of 2 years. In summary, the preferred option is therefore policy option 2, with an evaluation to be foreseen after two years of operation, after which an assessment will be made whether to move to policy option 4. Any such change (i.e. to policy option 4) with regard to law enforcement purposes, and/or changing the retention period will require a new legislative proposal from the Commission.

4.2. Technical implementation

Overall the centralised approach is the most efficient and cost-effective solution. It is also coherent with the development and management of other IT systems in the field of migration, ie Eurodac, the VIS, and the SIS/SIS II.

4.3. Preferred option

The preferred solution for an EES is to start with a system based on policy option 2 and assessing the need to move to policy option 4 after two years of operation:

· The EES would at first operate as a centralised database containing alpha numeric data only and without access by law enforcement authorities. The data retention period for ordinary cases would be 6 months and in case of overstay 5 years. · After three years of operations, the EES would operate with alphanumeric and biometric data (the latter as concerns persons not subject to the visa obligation). · After two years of operations, the EES would be evaluated. At this time the issue of the access for law enforcement purposes as well as the retention period would be reconsidered. · However, in order to grant law enforcement authorities access to the data generated by the entry/exit system in a second phase, the necessity and proportionality of the use of this data must be clearly demonstrated with solid evidence and the access must be combined with appropriate safeguards and limitations.

4.4. Costs of the preferred option

Table 2 – Costs for the preferred option

|| One time development cost at central and national level. (3 years of development) (in EUR million) || Yearly operational cost at central and national level (5 years of operation) (in EUR million) || Total costs at central and national level  (in EUR million)

Centralised system biometrics added later || 183 (MS 146 EU 37) || 88 (MS 74 EU 14) || 623

The Commission's proposal for the next multi-annual financial framework (MFF) includes a proposal of 4,6 billion EUR for the Internal security Fund (ISF) for the period 2014-2020. In the proposal, 1,1 billion EUR is set aside as an indicative amount for the development of an EES and an RTP assuming development costs would start from 2015, and covering 4 years of operation. Moreover, outside the scope of the ISF, a separate amount of 822 million EUR is set aside for the management of existing large scale-IT systems (Schengen Information System II, Visa Information System and EURODAC).

The Commission envisages entrusting the implementation tasks for these systems to the Agency for the Operational Management of Large-Scale IT-Systems in the area of Freedom, Security and Justice established by Regulation (EU) N° 1077/2011 of the European Parliament and the Council.[7] Providing financial support for national development costs would ensure that difficult economic circumstances at national level do not jeopardise or delay the projects.

Cost savings could also be achieved if the entry/exit system is built together with the registered traveller programme, compared to the situation in which both systems would be built totally independently. The main cost savings come at the central level (EU) from reduced costs for hardware, software and infrastructure and at Member States' level from administrative and office space cost savings.

5. Monitoring and evaluation

The Commission shall ensure that systems are in place to monitor the functioning of the entry/exit system and evaluate them against the main policy objectives. Two years after the system starts operations and every two years thereafter, the Management Authority should submit to the European Parliament, the Council and the Commission a report on the technical functioning of the system. Moreover, two years after the entry/exit system starts operations and every four years thereafter, the Commission should produce an overall evaluation of the system including on fundamental rights impacts and on examining results achieved against objectives and assessing the continuing validity of the underlying rationale and any implications for future options. The first evaluation should focus on whether access for law enforcement purposes should be granted and whether the retention period should be extended and would be accompanied by legislative proposals as appropriate. The Commission should submit the reports on the evaluation to the European Parliament and the Council.

[1]               COM (2008) 69 final.

[2]               SEC(2008) 153 and Preparatory study to inform an Impact Assessment in relation to the creation of an automated entry/exit system at the external borders of the EU and the introduction of a border crossing scheme for bona fide travellers ('Registered Traveller Programme') made by GHK and Entry/Exit Technical Feasibility study made by Unisys. Studies are published on the website:         http://ec.europa.eu/home-affairs/doc_centre/borders/borders_schengen_en.htm

[3]               COM(2011) 680 final

[4]               COM(2011) 680 final

[5]               OJ L 281, 23.11.1995, p.31

[6]               COM(2010) 385 final.

[7]               OJ L 286, 1.11.2011, p.1.