Statewatch News online: Schengen Information System Article 99 report

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.

Schengen Information System Article 99 report:
33,541 people registered in SIS for surveillance and checks

- Massive discrepancy among member states use of SIS for surveillance
- France and Italy responsible for 83 % of all Article 99 alerts
- Schengen data protection authority demands more checks and balances

In December 2007 the Schengen Joint Supervisory Authority on data protection (JSA) produced a report on the use of the Schengen Information System (SIS) for surveillance purposes. While statistics have been produced in the past, the JSA's report sheds the first detailed light on participating states' use of the controversial Article 99 records since the SIS went online in 1995.

Art. 99 of the Schengen Convention (as amended) provides for participating states to enter persons into the SIS for the purposes of surveillance by creating 'alerts' (SIS records) on those they want to keep tabs on. If a suspect then comes into contact with another SIS state - either at an external border or during police check on the SIS (a 'hit') - that state is directed to conduct 'discreet surveillance' or 'specific checks' on the person and report back to the state that issued the alert. The reports may include 'the fact that the person reported or the vehicle reported has been found; the place, time or reason for the check; the route and destination of the journey; persons accompanying the person concerned or occupants of the vehicle; the vehicle used; objects carried; the circumstances under which the person or the vehicle was found' (Article 99(4), Schengen Convention). This supplementary data is exchanged through the 'Sirene bureaux' (Supplément d'Information Requis a l'Entrée Nationale), the national contact points established for the purposes of exchanging detailed information under the Schengen Convention.

The intelligence gathering function in SIS is only supposed to be used in connection with 'extremely serious' criminal offences and for the prevention of 'serious threats' to public safety. Specifically, art. 99 alerts may only be created:

(i) where there are real indications to suggest that the person concerned intends to commit or is committing numerous and extremely serious offences;
(ii) where an overall evaluation of the person concerned, in particular on the basis of offences committed hitherto, gives reason to suppose that he [sic] will also commit extremely serious offences in future;
(iii) where concrete evidence gives reason to suppose' surveillance is 'necessary for the prevention of a serious threat by the person concerned or other serious threats to internal or external State security (Article 99, Schengen Convention).

The Schengen Convention did not define the term 'extremely serious offences'.

Statistics on Article 99

The JSA's report shows that there are massive discrepancies in the use of art. 99 SIS among the participating states. Three states - France, Italy and Spain - have entered tens of thousands of alerts while other states have entered very few or none (Greece and Ireland). A JSA report of 2005 (see Statewatch analysis), found similar discrepancies in the use of Article 96 SIS - persons to be refused entry to the Schengen area - with Italy and Germany responsible for 77 per cent of a total of 778,886 art. 96 'alerts' registered by 2003.

A total of 33,541 art. 99 'alerts' were entered in the SIS on 1 October 2006, more than double the total reported in September 2003 (16,378 'alerts', see Statewatch analysis). By January 2008, the total had fallen slightly to 31,577 alerts (Council doc. 5441/08, 30.1.08), possibly as a result of the JSA's critical findings. Of the 33,541 art. 99 'alerts' considered in the JSA report, 70 per cent (23,591) were for discreet surveillance. Italy was responsible for almost of half (48 %) of these alerts (11,604). France was responsible for a further 40 per cent (9,615), as well as 65 per cent of the total of 'specific checks' alerts (see further below). It appears that the JSA's report may only include detailed figures relating to persons included in the SIS under art. 99. It is important to point out that states can also register vehicles for discreet surveillance and specific checks. France, for example, has issued 745 art. 99 alerts on vehicles.

The JSA's report suggests that the broad scope for the authorities in France and Italy to enter art. 99 alerts may have contributed to the disproportionately high totals. In Italy, alerts can be entered by police, Carabinieri, finance police, customs and prison officers. In France alerts may be added by the police, central intelligence and counter-espionage agencies, border police, judicial authorities and French interior ministry - all they have to do is tick a Schengen box when creating records on national intelligence databases. In contrast, alerts can only be entered by public prosecutors in Luxembourg and the Netherlands and by the Ministry of Public Order in Greece.

The report also shows significant discrepancies in the use of the 'specific checks' alerts, which totalled 9,950. France (6,493), Spain (2,142) and prosecutors in the Netherlands (1,135) were responsible for the vast majority of these alerts (98 %). Italy (100) and Belgium (80) were the only other states to have used this provision. Again the discrepancy can be explained by the divergent interpretation and implementation of the SIS rules in the member states. Austria, Hungary, Luxembourg, Sweden and Portugal do not even have a legal basis for alerts requiring specific checks while a court order in required in Norway and Iceland.

Number of Article 99 alerts in Schengen Information System on 1 October 2006



Specific checks

Total # alerts
































































Use of SIS by intelligence services

Under the original 1990 Schengen Convention, the intelligence services were required to consult the other SIS states beforehand if they wanted to enter an art. 99 alert. This restricted the use of the SIS by secret agencies obviously unwilling divulge intelligence on who they want placed under surveillance and why. In 2005 the EU amended the SIS rules, removing the prior consultation requirement for the intelligence agencies (see SEMDOC website).

However, it was not until after the JSA had examined had examined the SIS in October 2006 that the first article 99(3) alert was entered by the Danish intelligence services. The JSA report also notes that the intelligence services in half of the existing SIS states - Belgium, Germany, Hungary, Italy, Luxembourg, Netherlands and Portugal - do not have direct access to the SIS. However, in practice the police may simply be entering 'alerts' on their behalf. "It seems that Article 99(2) is used instead of Article 99(3)", suggests the JSA.

Problems identified by the report

The JSA identifies a number of problems with the current rules on art. 99 SIS. Primarily, it is suggested that the scope for entering persons under art.99 could be restricted in order to address the wide discrepancies in usage to date. States do not keep statistical records on the grounds for the creation of art. 99 alerts, so there is no way of checking whether the alerts actually relate to "extremely serious offences" or "serious threats to internal or external State security". In response to the JSA questionnaire, Italy and the Netherlands replied that its authorities were "mostly using" an "an overall evaluation of the person concerned, in particular on the basis of offences committed hitherto" as grounds for the creation of art. 99 alerts, rather than "real indications" or "concrete evidence" of an actual threat. The JSA also suggests that some states may be issuing art. 99 alerts on persons who are merely suspected of association with criminals. This is clearly illegal under the current rules.

Second, the report identifies a number of problems relating to the inspection of SIS files by national data protection authorities. Again there are wide discrepancies among the SIS states. Encouragingly, the JSA reports that some mistakes in the use of art. 99 were discovered and rectified during the course of its research. Spain, for example, had entered alerts in error under art. 99 SIS instead of art. 96 (on refusal of entry to the Schengen area). The Portuguese data protection authority found a fictitious alert which was immediately deleted and a reference to race (in manual files) which was illegal. In the Netherlands:

"terrorism related alerts were found and the alerting authority was unable to provide specific information to enable the DPA to verify whether the alerts were up to date, lawfully or unlawfully processed, retained within applicable time limits and still necessary."

The need for ongoing, meaningful supervision of this kind speaks for itself. However, in Italy, where data protection supervisors suggest that in-depth investigation is necessary to examine the disproportionate number of art. 99 alerts, this requires the examination of police files and criminal courts records across the country. The use of the SIS by intelligence services poses further problems, since data protection authorities will not usually be able to conduct any checks whatsoever on specific records. In France, for example, the law was changed in 2007 to exempt files held by the counter-espionage services (DST) from any inspection by data protection supervisors.


The JSA cites "a clear need" for new rules:

"Especially the basic principle that Article 99 data are accurate, up to date and lawful should be better ensured by developing formal and written procedures on a national level"

The JSA also recommends:

  • the adoption of a clear definition of the types of crime that can lead to art. 99 alerts and a uniform interpretation of the term "serious crime";
  • six-monthly inspections and better control by national data protection authorities;
  • harmonisation of the list of authorities in the member states with access to the SIS;
  • better organisation of procedures and authorities responsible for ensuring data quality, accuracy and legality;
  • a clearer prohibition of art. 99 alerts on suspect's contacts.

The development on SIS II, the second generation Schengen Information System, poses further questions, since the new system will increase the amount of personal data that can be included in individual records (including biometric data) and allow the linking of SIS records for the first time.

Ben Hayes of Statewatch comments:

"The massive discrepancies in the current use of the SIS by certain member states are unacceptable. There is clear need to restrict the scope for entering alerts and improve significantly the arrangements for supervision and control.

Instead of 'harmonising' the use of SIS II and encouraging more surveillance, the EU should impose much stricter limits to ensure it is only used when justified as absolutely necessary. This demands far more robust mechanisms for accountability and control than we have at present".

See Article 99 inspection: Report of the Schengen Joint Supervisory authority on an inspection of the use of Article 99 alerts in the Schengen Information System (18 December 2007)

Statewatch News online | Join Statewatch news e-mail list | Download a free sample issue of Statewatch bulletin

© Statewatch ISSN 1756-851X. Personal usage as private individuals/"fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.

Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.


Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error