52014DC0365

1.       Introduction

The 2010 Internal Security Strategy (ISS)[1] was defined to enable the European Union to respond to existing and emerging threats to the security of European society, its citizens and organisations in the EU.

The Strategy aims at identifying the challenges to the EU internal security in the context that many of today's security challenges are cross-border and cross-sectoral in nature and that no single Member State is able to respond effectively to these threats on its own. The Strategy also identifies common principles and guidelines – fully respecting fundamental rights – underpinning a European Security Model, and aimed at further developing common tools and policies by using a more integrated approach.

The Commission Communication on "EU Internal Security Strategy in Action"[2] identifies five main strategic objectives to be pursued by the EU and its Member States to be more effective in preventing and fighting serious and organised crime, terrorism and cybercrime, in strengthening the management of our external borders and in building resilience to natural and man-made disasters. Specific actions were to be undertaken at EU level, as well as at national and international levels.

The Commission reported in 2011[3] and 2013[4] on the implementation of the ISS and adapted the actions and recommendations to new developments. The reports focus on efforts undertaken at EU level and inform on progress achieved, and current and future challenges.

In its latest Communication the Commission concludes that "the next and last report on implementation of the ISS will be presented in mid-2014. The report will assess whether the objectives of the ISS have been met and also consider future challenges within the field of internal security".

In line with those conclusions, and building on the assessments made in the two previous reports, this third and final Report on the ISS 2010-2014 has a two-fold aim. Firstly, it assesses the actions implemented under the five ISS strategic objectives since 2010. Secondly, it identifies possible future challenges, cross-cutting objectives and emerging threats in view of a renewed Internal Security Strategy, in line with the Commission Communication on “An Open and Secure Europe: Making it Happen”[5], which presents proposals for the future EU agenda of HOME Affairs.

In preparing this Report, the Commission has taken account of the resolution by the European Parliament on the second ISS report[6].

2.       Key achievements in the implementation of the ISS 2010-2014

Fostering European internal security has taken on a new impetus in recent years, through the implementation of the ISS and targeted strategies.

The five strategic objectives under the ISS 2010-2014 are (1) disruption of international criminal networks, (2) prevention of terrorism and addressing radicalisation and recruitment, (3) raising levels of security for citizens and businesses in cyberspace, (4) strengthening security through border management and (5) increasing Europe's resilience to crises and disasters.

Since 2010, significant progress has been made under these objectives, as shown by the Commission's two ISS reports and this Report. The ISS 2010-2014 has been the backbone of EU internal security initiatives in the last years. It has contributed to further enhancing the capabilities of the EU, its Member States, and other stakeholders and to reinforcing operational cooperation among Member States. It also contributed to a more cross-sectorial approach at all levels.

Several challenges had to be faced in the implementation of the Strategy. The financial crisis, and the resulting budgetary constraints, in Europe somewhat hampered the availability of resources. New technologies provided new opportunities for security stakeholders but at the same time created new threats including the fast growing threat of cybercrime and the need to formulate a comprehensive approach to counter it. Allegations of large-scale intelligence collection programmes, although not direcly related to law enforcement cooperation, sparked in an intense debate on the conditions under which security should be achieved. This led to a reinforced resolve to safeguarding mutual trust, defining more inclusive security policies and the need to strengthen the integration of fundamental rights into internal security policies. Finally, on the external dimension of security, the EU was confronted with the effects of regional conficts and major political changes such as the Arab Spring, conflicts in Sub-Saharan Africa and the conflict in Syria; these have had an impact on the EU's internal security.

Those challenges confirmed the need for the ISS, which has been effectively implemented, both through general initiatives and through initiatives relating to each of its five specific objectives.

Legislation and cooperation mechanisms now provide common tools to better protect European societies and economies from serious and organised crime. Increased law enforcement and judicial cooperation has proved essential for responding to common threats such as trafficking in human beings, terrorism, cybercrime and corruption.

Considerable efforts were undertaken to enhance application of the multidisciplinary and integrated approach – one of the key objectives of the ISS – in view of addressing increasingly complex security challenges. Initiatives were carried out to have different stakeholders joining forces and develop and consolidate synergies between policies and actions.

The Standing Committee on Internal Security (COSI), created by the Lisbon Treaty, became operational in 2010. COSI is progressively becoming the centre of gravity of the integrated, multiagency operational approach on EU internal security. COSI should become more operational, in terms of coordinating the work of Member States, the Commission and EU agencies. Its further liaising with the EU's Political and Security Committee (PSC) would better link the external and internal dimension of internal security.

2.1.      Objective-specific main achievements over the period 2010-2014

2.1.1.   Objective 1: Disrupt international crime networks

The ISS defined three key actions: 1) to identify and dismantle criminal networks, 2) to protect the economy against criminal infiltration, and 3) to confiscate criminal assets.

To that end much effort was undertaken to further develop intelligence led policing and to increase the cooperation between law enforcement authorities and with other authorities. The best example is the development and implementation of the EU Policy Cycle against serious and organised crime.[7] EU Member States,  supported by EU institutions and agencies, determine – primarily on the basis of the Europol Serious and Organised Crime Threat Assessment (SOCTA)[8] – priorities[9], set strategic objectives in multiannual plans and develop annual operational plans, which are carried out.

JHA agencies were reinforced, leading to increased operational support by Europol[10] and Eurojust[11] in investigations including joint investigation teams (JITs)[12], strategic and operational analyses as well as proposals for new legal bases[13] for both agencies. Dedicated cross-border law enforcement networks were further developed and were (financially) supported, as were joint investigation teams (JITs). EU funding, in particular the financial programme "Prevention of and Fight against Crime (ISEC)", helped Member States to strengthen their cross-border cooperation.

Comprehensive policy frameworks on different criminal phenomena were established and are providing guidance for cooperation between all stakeholders. The EU Drugs Strategy 2013-2020[14] gave renewed direction in the area of the fight against drug trafficking, including on the shifting dynamics in illicit drug markets. Through the legislative proposals on new psychoactive substances the rapidly evolving threat of new drugs is being addressed[15]. Furthermore, the first EMCDDA – Europol Drugs Markets Report published in January 2013 was a major step in identifying emerging trends and fostering synergies across agencies[16].

The EU's policy addressing trafficking in human beings – having a comprehensive and multidisciplinary approach (the four Ps: prevention, protection, prosecution, partnerships) – is reflected in the 2011 Directive on preventing and combating trafficking in human beings and protecting its victims[17]. The EU Strategy towards the Eradication of Trafficking in Human Beings 2012-2016[18], adopted by the Commission and endorsed by the Council[19], is now being implemented. An EU Civil Society Platform against trafficking in human beings was set up in 2013 and contains more than 100 organisations.

On 13 December 2011 the Directive on combating the sexual abuse and sexual exploitation of children and child pornography[20] came into force harmonising criminal offences and providing minimum sanctions. It also aims to combat child pornography on-line and sex tourism.

The profit-driven motivation of crime was provided with important counter-measures such as setting up Asset Recovery Offices (AROs) in Member States and their cross-border cooperation[21], the proposal for the 4th Anti Money Laundering Directive[22] together with the Fund Transfer Regulation[23] and agreement on a new Directive on the freezing and confiscation of the proceeds of crime[24]. An EU broad reporting mechanism on and assessment of corruption led to the first EU Anti-Corruption Report[25] in February 2014. This Report explains for each Member State what anti-corruption measures are in place, which ones are working well, what could be improved and how. It calls for stronger integrity standards and suggests improvements in control mechanisms in the domain of public procurement.

Aware of the threat the illegal use of firearms poses to the security of citizens a Commission Communication[26] set out a number of ways the EU can help Member States bolster their efforts to reduce the threat. The EU ratified the UN Firearms Protocol[27].

Increased risks of counterfeit and substandard goods need to be reduced in view of the financial repercussions on the licit economy, government budgets and citizens' health. This led to a new set of measures such as the adoption of the EU Customs Action Plan to combat Intellectual Property Rights infringements[28] for the years 2013-2017 as well as EU action to fight cigarette smuggling[29].

The Directive regarding the European Investigation Order in criminal matters establishes a common mechanism in the European Union for obtaining any type of evidence in criminal matters[30]. Judicial authorities may for example ask their counterparts in other Member States to interview witnesses, to carry out a house search, or to monitor bank accounts. The measure also introduces automatic mutual recognition of investigation orders and limits the grounds for refusal by another Member State to execute the order.

Considerable progress was made in the area of cross-border law enforcement information exchange. Existing initiatives, such as the Prüm Decision[31] and the Swedish Initiative[32] were gradually implemented by Member States. Law enforcement authorities received strictly regulated access to certain information systems e.g. the EURODAC database containing fingerprint data[33]. The Commission tabled a Communication on the European Information Exchange Model (EIXM) in December 2012[34]. The Commission closely cooperates with Member States and Europol to support the implementation of EIXM.

The Commission presented a proposal for a Directive to regulate the processing by Member States on EU passenger name record (PNR) data for law enforcement purposes[35]. It is important that the proposed Directive be finally adopted.

Increased training of the law enforcement community was undertaken by the EU agencies to strengthen individual and common capabilities[36]. The Commission presented the European Law Enforcement Training Scheme (LETS) as a new training approach[37]. It is based on four learning strands[38] and is aimed at training different types of law enforcement officials (police, border guards, customs) of all ranks, including exchange programmes.

2.1.2.   Objective 2: Prevent terrorism and address radicalisation and recruitment

Three key actions were identified in 2010: 1) empower communities to prevent radicalisation and recruitment, 2) cut off terrorists’ access to funding and materials and follow their transactions, and 3) protect transport.

As regards cooperation with communities, local authorities and civil society, the Commission has taken various actions. The Commission established in September 2011 the Radicalisation Awareness Network (RAN[39]), empowering local practitioners to address problems of radicalisation and recruitment. In January 2014, the Commission adopted the Communication on preventing radicalisation to terrorism and violent extremism[40]. The proposed actions include measures to prevent and build resilience as well as to help radicalised individuals disengage and de-radicalise. In parallel the Commission published a Collection of best practices and approaches identified by the RAN.

The Commission reacted to the pressing phenomenon of foreign fighters travelling to conflict zones (in particular Syria) through different actions, including the development of best practice guidelines by the RAN.

The Commission closely followed the implementation of the EU-US Terrorism Tracking Financing Programme (TFTP[41]) concluded in 2010. The TFTP, increasingly used also by the EU and Member States, proved to be a valuable tool enabling the identification and tracking of terrorists and their support networks across the world[42].

Important efforts were undertaken to ensure safety and security by protecting and detecting dangerous goods such as explosives and CBRN agents with the continued implementation of two action plans[43] and the Regulation on the marketing and use of explosives precursors[44]. A new approach to implementing the European Programme for Critical Infrastructure Protection (EPCIP)[45] has begun which focuses on prevention, preparedness, response and in particular on interdependencies between sectors.

Risk assessment activities in the field of aviation security have been extended to a wide set of passenger-related risks.[46] The methodology, jointly designed with Member States experts and the EU Intelligence Centre provides a reference framework for future work in this area. The Airpol network and the Commission also continued to develop EU guidance on airport soft target protection.

To face crises when they occur, such as the terrorist acts in Norway, Burgas and Toulouse, Member States were supported by Europol, Eurojust, IntCen and by law enforcement platforms such as ATLAS. The EU ATLAS network, consisting of special intervention forces in 28 EU Member States, continued to develop capabilities. In April 2013, it conducted successfully joint exercises in response to a simulated coordinated terrorist attack in nine Member States[47].

2.1.3.   Objective 3: Raise levels of security for citizens and businesses in cyberspace

The ISS defined three key actions: 1) building capacity in law enforcement and the judiciary, 2) working with industry to empower and protect citizens, and 3) improving capability for dealing with cyber attacks.

The SOCTA underlines how profit-driven cybercrime enables many different types of crime. Also, European citizens showed awareness about the threat in a Special Eurobarometer on Cyber Security[48], 76% of EU residents found that the risk of becoming a victim of cybercrime has increased in the last twelve months. Measures were put into place to respond to this threat.

The EU adopted the directive on attacks against information systems[49], which harmonizes the criminal law of Member States on these offences – e.g. illegal access to information systems, illegal system and data interference and illegal interception – and facilitates cooperation between law enforcement authorities.

The Cybersecurity Strategy for the EU[50], adopted in February 2013, sets out a vision to make the EU the safest online environment in the world. It was welcomed by the Council[51] and European Parliament[52]. It emphasises inter alia public-private sector cooperation in increasing prevention and resilience. The Commission has made a first report on progress achieved and is still working to complete the actions in the Strategy. The Commission also proposed a Directive on network and information security[53] which aims to strengthen national resilience and to increase cooperation on cyber incidents.

The European Cybercrime Centre (EC3) at Europol was launched in early 2013. The EC3 is becoming a focal point for cybercrime-related issues and has been cooperating with Member States, Eurojust and third countries on a number of successful investigations[54]. It also works with the private sector through advisory groups on internet security and financial services. The Commission continued to promote the Budapest Convention on cybercrime as the framework for international cooperation to counter cybercrime and as a model for national laws.

The Commission and the USA cooperated to initiate in 2012 a Global Alliance against Child Sexual Abuse Online[55], which currently brings together 53 countries dedicated to improve victim identification, to prosecute perpetrators more successfully, to increase awareness and to reduce the number of child sexual abuse images available online.

In view of rapidly growing cybercrime much remains to be done. Nonetheless, these measures already contribute to a safer online environment for citizens and businesses.

2.1.4.   Objective 4: Strengthen security through border management

The ISS identified four key actions: 1) exploit the full potential of EUROSUR, 2) enhance the contribution of Frontex at the external borders, 3) undertake common risk management for movement of goods across external borders, and 4) improve inter-agency cooperation at national level.

EU activities to fulfill these key actions were undertaken with the objective of safeguarding fundamental rights, freedoms such as free movement of persons within the Schengen area and free circulation of goods and services within the internal market while reinforcing EU internal security. This was done by exploiting the synergies between border management policies on persons and on goods, as well as by addressing migration management and the fight against crime in combination when implementing the integrated border management strategy. With measures to enhance the knowledge of border guards, customs, police and other authorities of the situation on the ground, at sea and in the air, a stronger basis now exists to determine and take proportionate and effective measures at EU borders. An important measure is the entry into force at the end of 2013 of EUROSUR[56], a multipurpose system to detect and prevent cross-border crime as well as to contribute to saving migrants' lives at the external borders of the Schengen area.

Another measure is the entry into force of the new Schengen governance legislation[57]. It is designed to improve evaluation and monitoring, to provide the necessary support to Member States and to remedy possible weaknesses to maintain the mutual trust within the Schengen area.

The various analyses of Frontex and the introduction of the second generation Schengen Information System (SIS II)[58] provide additional contributions to enhanced knowledge. SIS II includes enhanced functionalities to support information analysis.

Free movement of persons is aided by the introduction of the Visa Information System (VIS)[59] and the Smart Border Package[60] which consists of legislative proposals for an Entry/Exit System (EES) and a Registered Traveller Programme (RTP), both of which are currently being discussed.

The swift import and export of goods and the protection of the internal market is currently being addressed by the development of an initiative for supply chain security and risk management[61].

To have the capabilities in place to support EU Member States, Frontex has been reinforced through the adoption of its revised legal basis[62]. Frontex has provided increased operational support to Member States under high migratory pressure, for example at the Greek-Turkish border and the Aegean sea. Through actions in the framework of the EU Taskforce for the Meditterranean[63] comprehensive support is provided to protecting the lives of migrants and further to alleviate the burden of the most affected Mediterranean EU Member States.

2.1.5.   Objective 5: Increase Europe's resilience to crises and disasters

The ISS identified four key actions: 1) make full use of the solidarity clause, 2) develop an all hazards approach to threat and risk assessment, 3) link the different situation awareness centres, 4) develop a European Emergency Response Capacity for tackling disasters.

To ensure an effective and efficient response to crises essential questions (who is responsible for what, when, where and how) had to be answered, and a cross-sectorial approach had to be ensured.

This led to the joint proposal[64] of the Commission and the EEAS for a Council Decision on the implementation of the solidarity clause introduced by the Lisbon Treaty (Art. 222 TFEU) which is currently being discussed with Member States. The solidarity clause will provide an umbrella response framework for situations "if a Member State is the object of a terrorist attack or the victim of a natural or man-made disaster".

The adoption of the new EU Civil Protection Mechanism[65] by the Council on 17 December 2013 contributes to setting up a European Emergency Response Capacity. It is based on pre-committed Member States assets and better planning and will be assisted by the Emergency Response Coordination Centre, which started operating in May 2013.

National risk assessments in line with the 2010 Commission Guidelines[66] are being developed. In April 2014 the Commission issued the first overview of natural and man-made disasters in the EU covering information for 12 major natural and man-made risks contained in some 17 national risk assessments prepared by Member States. The contents are complemented by information on related EU policies and the results of relevant EU funded research actions[67].

The Decision on serious cross-border threats to health[68] will contribute to reinforcing EU risk management capacity in the public health area.

EU-level cooperation between multi-sector and sector-specific centres in the Commission and relevant agencies was reinforced in view of supporting Member States. This cooperation was aided by a new framework to exchange classified information[69].

A more flexible and scalable response at EU political level in case of major crises is now possible through the Integrated Political Crisis Response (IPCR) arrangements[70] adopted by the Council on 13 June 2013.

2.1.6.   Respect of fundamental rights in the implementation of the ISS

A cornerstone of the ISS is the respect and safeguarding of the rights and freedoms of EU citizens and those residing or staying in the EU. This was undertaken against the background of the Treaty of Lisbon, and the requirement to ensure the effective implementation of the EU Charter of Fundamental Rights[71]. To that end, the Commission adopted the Strategy for the effective implementation of the Charter of Fundamental Rights by the European Union[72] and subsequently monitored its implementation including through annual reports[73].

The Commission developed operational guidance on taking account of fundamental rights in its impact assessments[74]. It also provided access to information about legal remedies in all EU Member States through its new e-Justice portal[75]. It undertook with the Council of Europe important steps to bring about the EU’s accession to the European Convention on Human Rights (ECHR)[76]. Bearing in mind the need to provide protection of personal data (Article 8 of the Charter) the Commission proposed in 2012 its EU data protection package[77]. This legislation, currently being discussed, will have effects on the ways in which EU internal security will be ensured.

These more institutional developments were accompanied by other practically oriented efforts further to integrate fundamental rights in the EU security domain. For example, the EU Agency for Fundamental Rights (FRA) produced a number of opinions[78] and reports[79] on issues ranging from data protection, radicalisation to hate crime and extremism which impact on the internal security areas and developed practical tools for public officials[80]. FRA presented in December 2013 the fundamental rights based police training manual[81], which complements a handbook on discriminatory ethnic profiling issued in 2010[82].

With the adoption of the Schengen evaluation mechanism in 2013[83], the respect of fundamental rights by the law enforcement community in Member States – when applying the Schengen acquis – will be monitored[84].

EU measures to protect victims of crimes aim at further protecting the rights of every citizen. Examples are the adoption of a Directive establishing minimum standards on the rights, support and protection of victims of crime[85]; the Regulation on mutual recognition of protection measures in civil matters[86]; and the Directive on the European Protection Order[87].

Finally, good progress has been made in developing a European area of justice based on mutual recognition and mutual trust. The EU has already adopted three Directives on procedural rights for suspects and accused persons. They are aimed at the right to interpretation and translation in criminal proceedings[88], the right to information in criminal proceedings and on information on the charges[89] and on the right of access to a lawyer and the right to have a third party informed upon deprivation of liberty and to communicate with third persons and with consular authorities while deprived of liberty[90].

3.       Challenges ahead

The EU and its Member States will be confronted with several challenges in the coming years. Europe is gradually pulling out of an economic and social crisis that has left its traces and made our societies more vulnerable and susceptible to racism and xenophobia. It is part of a globalized and interconnected world where people mobility and the transport of goods is expected to further increase. The EU will be faced with demographic changes, further urbanisation, increasingly diverse societies and shortages on the labour market. Europe will also be faced with the possible consequences of political instability in different parts of the world and in its immediate neighbourhood in particular. Events like the Arab Spring, the present crisis in Syria as well as the situation in Ukraine call for appropriate responses. Particular attention will be needed to address these challenges.

The implementation of the measures mentioned in Chapter 2 of the present Communication, both at legislative and operational level, has provided the EU and its Member States with reinforced tools to better protect European societies and economies. Mechanisms for multi-agency operational responses to security threats have been set up, a more coherent and aligned working method for different operational services (police, public prosecutors, border guards, customs, as well as intelligence services and military, where appropriate) on cross border security threats has been established, Cross border multiagency operational actions by Member States' authorities, supported by EU agencies, were stepped up and led to operational results.

The Commission Communication on "Open and Secure Europe: Making it Happen" has already identified those areas of internal security policies where further efforts are still required by the EU and its Member States to pursue an effective implementation of the ISS. The present Chapter focusses on the challenges that have to be tackled in the years to come.

Implementation of legislation and consolidation of these achievements, as well as enhanced practical cooperation will be priorities for future work.

Monitoring and evaluation of the effectiveness of legislation and policies will allow EU actions to be adjusted. Prevention, detection and investigation require increased and effective information sharing between Member States' law enforcement authorities and judicial authorities, with relevant EU agencies and among EU agencies themselves using existing EU instruments to the full.

The citizen-centred approach should remain a guiding principle for EU internal security and for the opportunities and challenges that lie ahead. The Commission, the High Representative of the Union for Foreign Affairs and Security Policy, the European Parliament, the Member States, EU agencies, dedicated expert security related platforms and many others will have to join forces more strongly to be able to respond in an effective manner to a changing environment.

As described more in detail in Chapter 4, the Commission considers that the EU should develop an updated version of the Internal Security Strategy, reviewing the actions under each current objective for 2015-2020.

3.1.      Thematic Challenges

3.1.1.   Serious and Organised Crime

Overall, organised and serious cross-border crime continues to pose a great threat to the EU's internal security, causing grave harm to victims and to society at large. In 2013 Europol estimated that 3 600 Organised Crime Groups are active in the EU. Europe’s security remains at risk from the penetration of the licit economy by organised criminal groups. The economic crisis and resulting changes in consumer demand have also led to shifts in criminal markets. International trade routes and the freedom of movement within the EU lead to a shift in trafficking routes across a number of commodities (e.g. heroin, trafficking in human beings). Illicit drugs remains the market with the highest number of Organised Crime Groups involved (approximately one third). Economic crimes, and fraud in particular, have increased significantly and fraud is largely facilitated by the availability of enhanced communication and technological tools which enable online targeting of individuals and companies.. A number of threats, such as synthetic drugs and cybercrime, are growing despite the efforts made at national, EU and international level to tackle them. Others, such as trafficking in human beings and cocaine trafficking, while not growing as significantly are likely to remain a serious challenge for the EU in the coming years.

In the SOCTA 2013, Europol also identified two emerging threats, which will need to be followed-up in the years to come: environmental crime and energy fraud.[91]

The Commission will inter alia continue to work on the following actions, in cooperation with all relevant actors:

- Implement the EU Policy Cycle against serious and organised crime 2014-2017;

- Assess how organised crime invests in the economy and identify the vulnerabilities of the licit economy for crime such as corruption and money laundering;

- Follow up the first EU anti-corruption report including its country chapters and thematic chapter on public procurement and prepare for the second report to be published in 2016;

- Support the rapid adoption of legislation such as the 4th Anti-Money Laundering Directive, aimed at addressing financial and economic crimes and inter alia preventing the misuse of the financial system by disguising the origin of criminal proceeds or channelling money for terrorist purposes;

- Consider proposing a directive on criminalisation of Money Laundering introducing a certain level of approximation of definitions and sanctions based on art. 83(1) TFEU;

- Implement the 2013-2020 EU Drugs strategy and support the rapid adoption of the legislation on new psychoactive substances;

- Implement the EU Strategy towards the Eradication of Trafficking in Human Beings 2012-2016. With a view to achieving this, the mandate of the EU Anti Trafficking Coordinator should be prolonged;

- Monitor the transposition and implementation of the Directive on preventing and combating trafficking in human beings and protecting its victims;

- Monitor the transposition and implementation of the Directive on sexual exploitation and the abuse of children;

- Examine the need for a comprehensive EU strategy to protect children against sexual crimes;

- Follow up the Communication to tackle gun-related crime, while safeguarding the legal sale and ownership of firearms. This could include reviewing existing EU legislation on the sale and transfer of firearms within the EU;

- Support enhanced cooperation in the review and enforcement of export control policy, in order to strengthen the capacity of law enforcement, customs, and export control authorities to detect and prevent cross-border trafficking of strategic and high-risk items. To that end, the Commission will support the exchange of information and good practices, and the development of an EU-wide capacity-building programme and training for the above-mentioned actors;

- Further its assessment on the scope of environmental crime and energy fraud and consider measures to address them.

3.1.2.   Cybercrime

The threshold for committing cybercrime has decreased in the past few years, making it easier for anyone to become a cybercriminal. No technical skills are necessary, as the relevant tools are available online in user-friendly versions at reasonable prices. Digital currencies and online platforms facilitate many forms of serious and organised crimes. The number of cyber-attacks is likely to increase in the coming years, despite the important measures that have been taken to improve the capabilities to fight cybercrime and strengthen cyber security. Hence the operational capacity to fight cybercrime has to increase. The under-reporting of cybercrime by victims, the complicated tracking of cyber criminals data, concerns regarding mutual legal assistance on cybercrime and jurisdiction in cyberspace, need to be addressed.

The Commission will inter alia continue to work on the following actions, in cooperation with all relevant actors:

- Implement the EU Cybersecurity Strategy;

- Further support to the work of the European Cybercrime Centre (EC3) at Europol;

- Further assist Member States in developing their own capabilities to fight cybercrime. (national cybercrime centres);

- Support the adoption of the proposed Directive laying down measures to ensure a high common level of network and information security across the EU and pursue the new mandate of ENISA;

- Support the adoption and application of the Budapest Convention on Cybercrime;

- Support, develop and enlarge the Global Alliance against Child Sexual Abuse Online;

- Develop further together with EC3 the cooperation with partners outside the EU and with the private sector to strengthen the response.

3.1.3. Terrorism, Radicalisation and Crisis Management

Over the past years several terrorist attacks have taken place, mostly by individuals or smaller groups but with severe consequences. During 2012, there were more than 200 completed or failed terrorist attacks in the European Union[92]. The Boston marathon and the Nairobi Shopping mall attacks in 2013 demonstrated that radicalized individuals and organized terror groups look not only at traditional targets but increasingly seek to strike soft targets. There is also a worrying trend with young people going to other countries such as Syria to become foreign fighters. On return, a few of them could pose a serious security threat to the EU. The threat from terrorism and violent extremism will pose a serious challenge to the EU in the coming years.

The Commission will inter alia continue to work on the following actions, in cooperation with all relevant actors:

- Orient its preventive activities in line with the Communication on Preventing Radicalisation to Terrorism and Violent Extremism;

- Continue support to the work of the Radicalisation Awareness Network and create a European Knowledge Hub to facilitate the exchange of practices and expertise, to steer research and support stakeholders in their efforts to prevent radicalisation to terrorism and violent extremism;

- Support better training and development of interoperable forces to respond to terrorist attacks including addressing the need for common equipment if necessary;

- Implement the new approach to the detection and mitigation of CBRN-E risks at EU level;

- Further developing risk assessment capability in the area of aviation security and as appropriate in other priority domains, for example customs;

- Implement the new approach to the European Programme for Critical Infrastructure Protection (EPCIP) and the four pilot cases;

- Support preparedness capacity by establishing a modular crisis management exercises programme.

3.1.4.   Strengthen Border Security

The creation of the Schengen area, allowing people to travel without being subject to checks, is a fundament of the European construction. Free movement brings significant benefits to the European economy. A further increase of numbers of people coming to the EU is expected, especially those using air travel. The import and export of goods will further increase. Abuses should be prevented and situations where a Member State is not fulfilling its obligations to control its section of the external borders should be tackled effectively, while ensuring that appropriate solidarity mechanisms are in place to support those Member States that face increased pressure due to their geographical location, and the patterns of travel flows and migratory routes.

The Commission will inter alia continue to work on the following actions, in cooperation with all relevant actors:

- Support the adoption of the proposed EU Smart Borders Package consisting of a European Entry/Exit System and a Registered Travellers Program;

- Continue its support together with EU-LISA to an effective operation of SIS II;

- Explore the feasibility of establishing a European System of Border Guards;

- Devise a strategy and action plan for the security of the supply chain and risk management, and contribute to its implementation.

3.2.      Cross-cutting objectives

3.2.1. Strengthening the link between EU internal and external security

As EU security depends on external factors, the ISS 2010-2014 stressed the importance of ensuring coherence and complementarity between the internal and external aspects of EU security policies. To this end, important steps were undertaken and need to be followed-up, for example the EU Cybersecurity strategy, the strategy for security and development in the Sahel[93], the approach on strengthening the EU's Response on preventing radicalisation to terrorism and violent extremism, as well as steps towards a European Union maritime security strategy[94]. The EU also works towards a global convergence of views to strengthen the international non-proliferation regime for weapons of mass destruction.

The conflicts in Mali, Libya and Syria generate effects that have an impact on the security of the EU, such as the increasing threat of foreign fighters and terrorist radicalisation. Europe’s security further remains at risk from the diversification and increasing penetration of international organised crime in the economy, corruption, financial crime, and cybercrime.  Finally EU security is indirectly affected by other phenomena such as man-made and natural disasters; political and social changes in the EU neighbourhood; as well as divergent approaches by countries around the world on the way in which security should be ensured.

European internal security also means acting beyond EU borders and in cooperation with third country partners. Internal security issues should be more systematically addressed as part of EU external policies, linking to EU assistance and cooperation programmes. There is a need to reinforce the dialogue and cooperation to support institutional reforms, the rule of law and security sector reforms. There should also be more consistent help to third countries requesting assistance in law enforcement capacity-building, by offering training, or sharing knowledge and good practice.

The cooperation of law enforcement and judicial authorities with third countries and with international organisations should be driven by EU security needs and common assessment of security challenges with a view to meeting the goals identified in the ISS. This will also require an intensified implementation of the Common Security and Defence Policy (CSDP) – Freedom, Security & Justice (FSJ) roadmap in particular to facilitate operational cooperation and information sharing between EU agencies and CSDP missions. Moreover, the implementation of the Law Enforcement Training Scheme (LETS) would directly contribute to this goal of strengthening links between CSDP and FSJ through the development of a proposal for a common curriculum for compulsory pre-deployment training of all law enforcement officers participating in CSDP civilian missions. It would also benefit capacity building in the countries where such missions are deployed.

Existing passenger name record (PNR) agreements with third countries provide another opportunity to further strengthen international law enforcement cooperation and to increase the security gains for the EU and Member States.

Dialogue on EU security needs and common security challenges will be particularly important with EU candidate and potential candidate countries, countries participating in the EU neighbourhood policy, strategic partners, as well as countries facing complex democratic transitions.

The EU should further develop its relations with international organisations, such as UN, Council of Europe, Interpol and the Global Counter Terrorism Forum (GCTF). It should also be more active in multilateral forums to promote its best practices and take the necessary steps to accede to a number of international treaties in key areas related to internal security.

3.2.2. Strengthening the respect of fundamental rights as part of a citizen-centred approach

Fundamental rights must form an integral part of internal security policies. Fundamental rights reinforce the EU internal security by safeguarding and increasing trust among citizens and between citizens and governmental institutions. In this respect the Commission will continue to monitor the implementation of the legislative framework on combating certain forms of racism and xenophobia[95]. Consequently, all European institutions shall promote the effective application of the EU Charter of Fundamental Rights and of secondary legislation addressing specific rights.

The recent judgment of the European Court of Justice on the Data Retention Directive has underlined the importance of the respect of fundamental rights as an integral element of internal security policies.

To safeguard citizens' rights, officials should be supported through simple, efficient and practical tools such as handbooks and training curricula which enable the correct application of fundamental rights in their day-to-day work. It furthermore requires that the Fundamental Rights Agency (FRA) should be in a position to contribute to the development of EU policies in internal security and criminal matters. Cooperation with human rights institutions should be enhanced. More broadly an increased dialogue with third countries, international organisations, the private sector and civil society is essential. These efforts should be accompanied by legal remedies available which keep pace with trends both in security measures and in technological innovations.

3.2.3 Strengthening the role of research, funding and training

The dual feature of technological developments (opportunities versus threats) requires a comprehensive approach in which, internal security concerns and fundamental rights, policies need to fully benefit from research. A good example in 2013 was the initiative on strengthening the internal security authorities' involvement in security-related research and industrial policy[96]. The EU will need to continue mobilising the tools essential for security preparedness and resilience, using notably its research and innovation programme Horizon 2020 and bearing in mind the societal aspects related to internal security.

To meet the internal security tasks, adequate and targeted EU funding is essential. The EU's Internal Security Fund aims precisely at supporting actions addressing such internal security challenges, as well as information exchange and training, in all ISS priority areas. It will be crucial to ensure complementarity between Member States' national funding programmes (shared management) and Union Actions (transnational actions or actions of particular interest to the Union) funded directly by the Commission (direct management)[97].

Forging a common law enforcement cooperation culture is essential to build mutual trust and understanding and to support practical cooperation. Training at EU level is essential to meet these aims and will contribute to enhancing and approximating the quality and standards of law enforcement. The European Law Enforcement Training Scheme (LETS) should be fully implemented in the years to come, to the benefit of a high number of officials of all ranks of law enforcement, border guards and customs officers.

4.       Way ahead

The five strategic objectives chosen in the ISS 2010-14 remain valid and should therefore be confirmed for the renewed ISS. Building upon the positive assessment on the implementation of the first ISS, the EU should develop an updated version of the ISS in full cooperation between the Commission, Member States and the European Parliament. Focus should be on reviewing the actions under each objective for 2015-2020 and identifying new actions to address the emerging threats and evolving challenges.

The renewed ISS should reinforce the integration of fundamental rights within internal security and make the link between internal and external security even more operational. It should also consolidate and encourage more synergies between Home Affairs and other policy areas related to internal security. To this end, a stronger action will be needed to consolidate interactions between policies and actions, involving the different actors, such as public authorities, citizens, civil society and the private sector. To support such a multidisciplinary and integrated approach, an EU Internal Security Consultative Forum animated by the Commission together with Member States, European Parliament, EU agencies, representatives of civil society, academia and of the private sector could be considered.

In line with the Conclusions of the Commission Communication “An Open and Secure Europe: Making it Happen” as well as with the forthcoming strategic guidelines of the European Council in the area of internal security, and taking into due account the views expressed by the European Parliament in its Resolution on the second ISS report (2013/2636(RSP)), the Commission is planning to present a Communication on the renewal of the Internal Security Strategy. The Commission will prepare this Communication after consulting relevant stakeholders, including through a High-Level Conference that will take place in autumn 2014, with the participation of Member States and of the European Parliament, as well as representatives of civil society, academia and the private sector.

[1] Internal Security Strategy for the European Union: Towards a European Security Model, 5842/2/2010.

[2] COM(2010) 673.

[3] COM(2011) 790.

[4] COM(2013) 179.

[5] COM(2014) 154.

[6] 2013/2636(RSP).

[7]  Council conclusions of 8-9.11.2010.

[8]  Drawn up by Europol with the contributions of Member States, EU JHA agencies and key third countries.

[9]   Council conclusions of 6-7.6.2013. Summarised the EU priorities for the period of 2014 – 2017 are to tackle: 1) illegal/irregular immigration; 2) trafficking in human beings; 3) counterfeit goods violating health, safety and food regulations and sub-standard goods; 4) excise fraud and Missing Trader Intra Community (MTIC) fraud; 5) synthetic drugs production and trafficking; 6) cocaine and heroin trafficking; 7) cybercrimes (on-line and payment card fraud, online child sexual exploitation, and cyber-attacks); 8) risk of firearms to the citizen and illicit trafficking in firearms; 9) organised property crime committed by mobile organised crime groups.

[10] By the end of the third quarter of 2013, Europol had facilitated the exchange of over 220 000 operational messages and over 13 500 cases had been initiated (an increase of 15% compared to the same period in 2012). Europol provided support to Member States’ EMPACT-related operations, the publication of the SOCTA 2013 and through the assistance provided by the EMPACT Support Unit (ESU).

[11] In 2013, Eurojust had 639 closed cases and 937 ongoing cases of which 257 related to organised crime.

[12] In 2013, 34 JITs in total received (financial) support from Eurojust, Europol formally participated as a member   in 35 JITs and in 9 other JITs provided systematic operational support.

[13] COM(2013) 173, COM (2013) 535.

[14] 17547/12.

[15] Council Decision 2005/387/JHA.

[16] http://www.emcdda.europa.eu/publications/joint-publications/drug-markets

[17] Directive 2011/36/EU.

[18] COM(2012) 286.

[19] Council conclusions of 25.10.2012.

[20] Directive 2011/93/EU.

[21] Cross-border asset tracing requests through SIENA (used by 20 Member States) have increased from 475 in   2012 to over 2 000 in 2013. The response times to such requests have also shortened.

[22] COM(2013) 45.

[23] COM(2013) 44.

[24] OJ L 127, 29.4.2014, p. 39.

[25] COM(2014) 38.

[26] COM(2013) 716.

[27] OJ L 89, 25.3.2014, p.7.

[28] OJ C 80, 19.3.2013, p. 1.

[29] COM(2013) 324, Council conclusions of 10.12.2013.

[30] OJ L 130, 1.5.2014, p. 1.

[31] 2008/615/JHA.

[32] 2006/960/JHA.

[33] Regulation (EU) No 603/2013.

[34] COM(2012) 735.

[35] COM(2011) 32.

[36] In 2013, CEPOL, the European Police College, provided training to more than 8200 participants[36] in over 100 different training activities.

[37] COM(2013) 172.

[38] Strand 1: Basic knowledge of the EU dimension of Law Enforcement, Strand 2: Effective bilateral and regional cooperation, Strand 3: EU thematic policing specialism, Strand 4: Civilian missions and capacity-building in third countries.

[39] http://ec.europa.eu/dgs/home-affairs/what-we-do/networks/radicalisation_awareness_network/index_en.htm

[40] COM(2013) 941.

[41] OJ L 195, 27.10.2010, p.5.

[42] COM(2013) 843.

[43] http://ec.europa.eu/dgs/home-affairs/what-we-do/policies/crisis-and-terrorism/securing-dangerous-material/index_en.htm

[44] Regulation (EU) No 98/2013.

[45] SWD(2013) 318.

[46] This work followed upon the outcome of the 2012 Nicosia Conference on "Aviation Security against Terrorist Threats" which was endorsed by the Council.

[47] IP/13/335.

[48] Special Eurobarometer 404 of November 2013.

[49] Directive 2013/40/EU.

[50] JOIN(2013) 1.

[51] Council conclusions of 25.6.2013.

[52] P7_TA(2013)0376. Table on implementation presented at the occasion of the High-Level Conference one year after adoption of the Strategy: http://ec.europa.eu/digital-agenda/en/news/eucybersecurity-strategy-high-level-conference-0

[53] COM(2013) 48.

[54] https://www.europol.europa.eu/sites/default/files/publications/ec3_first_year_report.pdf

[55] http://ec.europa.eu/dgs/home-affairs/what-we-do/policies/organized-crime-and-human-trafficking/global-alliance-against-child-abuse/index_en.htm, http://ec.europa.eu/dgs/home-affairs/what-we-do/policies/organized-crime-and-human-trafficking/global-alliance-against-child-abuse/docs/global_alliance_report_201312_en.pdf

[56] Regulation (EU) No 1052/2013 establishing the European Border Surveillance System (Eurosur).

[57] Regulation (EU) No 1053/2013; Regulation (EU) No 1051/2013.

[58] Regulation (EC) No 1987/2006.

[59] Regulation (EC) No 767/2008.

[60] COM(2013) 95, COM(2013) 97.

[61] COM(2012) 793, 8761/3/13.

[62] Regulation (EU) No 1168/2011.

[63] 17409/13.

[64] JOIN(2012) 39.

[65] OJ L 347, 20.12.2013, p.924.

[66] SEC(2010) 1626.

[67] SWD (2014)134 final.

[68] Decision 1082/2013/EU.

[69] Council Decision 2013/488/EU.

[70] http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/EN/genaff/137614.pdf

[71] In the case of EU Internal Security the following articles of the EU Charter of Fundamental Rights are in particular relevant: Articles 1 to 26, 37, 38, 45, 46 and 47 to 54.

[72] COM(2010) 573.

[73] http://ec.europa.eu/justice/fundamental-rights/charter/application/index_en.htm

[74] SEC(2011) 567.

[75] https://e-justice.europa.eu/home.do?action=home&plang=en&sufix=7

[76] On 5.4.2013 the 47 Council of Europe member states and the EU finalised the draft accession agreement of the EU to the ECHR. The EU Court of Justice is expected to give its opinion on the text in spring 2014.

[77] COM (2012) 9, COM (2012) 10, COM (2012) 11.

[78] Available at http://fra.europa.eu/en/publications-and-resources/opinions.

[79] Available at http://fra.europa.eu/en/publications-and-resources.

[80] See FRA (2013), Joining up fundamental rights. Toolkit for local, regional and national public officials.

[81] http://fra.europa.eu/en/publication/2013/fundamental-rights-based-police-training-manual-police-trainers

[82] FRA (2010), Towards More Effective Policing, Understanding and preventing discriminatory ethnic profiling: a guide.

[83] See footnote 57.

[84] 10597/13.

[85] Directive 2012/29/EU, OJ L 315, 14.11.2012, p. 57.

[86] (EU) No 606/2013.

[87] 2011/99/EU.

[88] Directive 2010/64/EU

[89] Directive 2012/13/EU

[90] Directive 2013/48/EU

[91] A specific threat assessment "Environmental crime in the EU" was published in 2013, which focused on the two most widespread offences, trafficking of illicit waste and trafficking of endangered species with the involvement of organised crime.  The EU is considered as a major destination and transit country for trafficked endangered species and illegal waste is being trafficked within the EU and to destinations outside the EU. Specialised organised crime groups are active in this crime area. Further steps will need to be determined on the basis of: a) various instruments; b) coordinated existing enforcement actions on environmental crime involving several bodies/agencies - Europol, Eurojust, Interpol and UNODC; c) the recent Commission Communication on wildlife trafficking including a stakeholder consultation, as well as d) efforts of EnviCrimeNet to elaborate a strategy and operational actions.

SOCTA highlighted Missing Trader Intra-Community (MTIC) fraud exploiting the electricity and gas markets (energy fraud) similar to a scheme targeting carbon credit trading uncovered in recent years. Organised criminal groups are already involved in alternative energy (wind and solar) and waste management businesses, which they use to launder proceeds of crime.

[92] Europol indicated in its 2013 Terrorism Situation & Trend Report (TE-SAT) that in 2012 17 people died as a result of terrorist attacks in the EU; 219 terrorist attacks were carried out in EU Member States; 537 individuals were arrested in the EU for terrorist related offences; court proceedings for terrorism charges were concluded in relation to a total of 400 individuals.

[93] http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/EN/foraff/141577.pdf

[94] JOIN 2014(9)

[95] See Report from the Commission on the implementation of Council Framework Decision 2008/913/JHA on combating certain forms and expressions of racism and xenophobia by means of criminal law of 27 January 2014 (COM(2014) 27 final).  

[96] http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/jha/137399.pdf

[97] Other EU funds are also relevant depending on their objectives, scope and conditions, see: http://ec.europa.eu/budget/mff/index_en.cfm