Small steps to big brother: the development of the Visa Information System and the Schengen Information System II is back on track

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.

The Visa Information System (VIS) and the second-generation Schengen Information System (SIS II) are two of the more ambitious IT systems being developed by the European Union. The key purpose of both systems is to permit the state surveillance and/or detection of particular persons or items and, in particular, non-EU nationals.

The VIS is a system designed to provide the relevant authorities of each Member States access to information on applications made for, and conditions attached to, visas granted for EU Member States. The aim is to facilitate visa applications; prevent 'visa shopping'; help combat fraud; facilitate checks at external and internal borders; assist in identifying any person no longer eligible for entry, stay or residence in EU territory; facilitate the application of the Dublin II regulation on determining which state is responsible for an asylum application; and last - but certainly not least - the system will "contribute to the prevention of threats to the internal security of any of the Member States." [1]

The information to be entered into the VIS includes alphanumeric data such as the applicant's name, age, gender, address, destination and duration of stay, and much more. The VIS is capable of holding up to 70 million records, and further identification will be provided through the inclusion of a photograph and the ten fingerprints of every applicant. [2]

SIS II, meanwhile, is intended to act as an upgrade to the original Schengen Information System. The second-generation system will be used for the same reasons as the first, which is to to ensure that 'competent authorities' are able to access information about persons wanted for arrest for extradition purposes; third-country nationals who should be refused entry to the Schengen area; missing persons; witnesses; persons and vehicles to be subjected to surveillance; objects sought for the purposes of seizure or use of evidence. [3] SIS II now requires the capacity for between 70 and 100 million alerts. It seems likely that the new system will move beyond its 'reporting' function, to enable its use for investigative work. This development, with potentially enormous implications, occurred without any input from the national or European parliaments or civil society organisations. [4]

Perhaps unsurprisingly for such large-scale IT projects, both have been subject to significant delays and setbacks. Recent reports, however, indicate the timetables for both systems are now fixed. If so, the VIS will come into use as of October this year, with SIS II following in early 2013.

The Visa Information System

The recently published progress report by the Commission on the development of the Visa Information System notes that at the "the project is in line with the new global schedule." 2010 saw numerous technical and organisational problems, with the main contractor fined €7.6 million for the delays incurred in 2009. [5] It seems that the central VIS database is already functioning (and has been since June 24th), and 11th October 2011 has been set as the "go-live" date for Member States' systems. [6] This of course may be pushed back. It seems there is still at least one hoop through which the Commission and the Member States need to leap before the national systems can be put into operation.

North Africa is the "first region of deployment" for the VIS, and all the consulates of every Member State must:

"[N]otify the Commission that they have made the necessary technical and legal arrangements to collect and transmit alphanumeric and biometric data for all applications in the first region." [7]

A mission to obtain "information about the level of preparedness in Member State consulates" was dispatched to Cairo last December, which found that "technical training session and communication efforts need to be intensified." [8] A number of similar missions will therefore be undertaken in other North African cities in the months leading up to October, in order to try and meet the current deadline for the launch of the system. It has been EU policy to make North Africa the testing bed for the VIS since at least 2005, [9] and with the area considered "high risk" six years ago, work on the VIS will likely have taken on a new urgency since the uprisings in Tunisia and Egypt, and the outbreak of war in Libya. A range of new initiatives have been announced in recent months, and are in many ways aimed at stemming the flow of undesirable migrants from the region. [10] If the VIS can be made to function as intended, it will play a significant role in these initiatives.

The Schengen Information System II

The highly controversial second-generation SIS has gone through a number of crises. One recent, in-depth study suggests that the entire project is "considerably over-budget and with no guarantee of completion," [11] and that its development has been marked by secrecy, a lack of scrutiny, and a logic driven by "(in)security" [12] The Commission has recently published its own figures, claiming that of €172,353,855 committed to the project, only €80,731,252, or just under 47% of the total, has been spent. Perhaps notably, these figures only cover the period from 2002 until the end of 2010. [13] The same report contained optimistic statements regarding the likelihood of the system entering into operation on time. With the revised "global schedule" now "an integral part of the contract", extensive testing will take place over the next 30 months, leaving the system "ready for entry into operation during the first quarter of 2013." [14]

Yet a "contingency plan" remains in place. An agreement between the Commission and France exists that would permit the use of a technical solution based on a development of the SIS1+ system, should SIS II fail its "second milestone tests". [15] SIS1+ is itself a rehash of the original SIS, and was developed due to delays in the development of SIS II. It it becomes necessary to use this backup, the French authorities may have to issue a new call for tender by the French authorities, as the contractual basis for this has expired.

Work designed to ensure the smooth functioning of the system is ongoing, with "data cleansing" for the purposes of shifting from SIS to SIS II named as a priority of the Polish Presidency. [16] Particular attention is being paid to Article 96 alerts, which deal with "aliens for whom an alert has been issued for the purposes of refusing entry" to the Schengen area. [17] The Presidency's questionnaire to Member States on cleansing data related to Article 96 alerts puts this more directly: those listed under Article 96 are simply "unwanted persons." [18] An EU Entry/Exit System, considered an essential part of the EU's 'smart borders' program, seeks to overcome some of the limitations of the SIS regarding those individuals considered unwanted. If developed it would:

"[R]ecord the time and place of entry and length of authorised stay. In case someone would overstay the period allowed, an alert would be transmitted to the competent authorities that could take further steps." [19]

It would thus help to clear up some of the 'loose ends' left trailing by the current system.

Scrutiny and surveillance

As of yet, there is no agreement on establishing an Entry/Exit System. However, both the VIS and SIS II will soon come under the scrutiny of the newly-established EU Agency for Large-Scale IT Systems, which, pending an agreement between the Council and the Parliament currently scheduled for October, is intended to start work in the summer of 2012. This new agency will also be responsible for Eurodac, the database containing the fingerprints of applicants for asylum in the EU. While this will provide greater scope for oversight of the use of the systems, it can do nothing to question the assumptions upon which they are based.

Along with the surveillance of air (and possibly land and sea) travel through Passenger Name Record (PNR) data; plans for an EU Registered Traveller Programme; an EU entry/exit system to record border crossings by third country nationals; an electronic system of travel authorisation; the European external border surveillance system (EUROSUR); and the strengthening of FRONTEX, the VIS and SIS II are meant to complement the EU's plan for what it calls integrated border management. [20] What this adds up to is a system of border management that looks an awful lot like a high-tech, high-security system designed to stringently police the movement of persons and reinforce the ability of the European Union to protect itself from outsiders deemed unnecessary and unwanted. Such plans are also characterised by high degrees of risk.

Most importantly, attempts by migrants to cross the European border involve increasingly high-risk strategies, adding to the numbers of deaths in the Mediterranean and elsewhere. [21] SIS II and the VIS are both intended to reinforce both the internal and external aspects of border control. The faith placed in information technology by state authorities is also risky, permitting as it does increased reliance on the workings of highly complex computer systems. The individuals operating them may not necessarily adhere to fundamental rights standards, [22] and as demonstrated by the years of development that have gone into the VIS and SIS II, plans for such large-scale systems are frequently delayed by unforeseen technical and political issues. However, if recent reports emanating from the Commission are to be believed, then it may not be too long before these two systems, long-desired by EU institutions, working groups, and agencies within the European Union, finally begin to function.


[1] Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation), Recital 5
[2] Regulation (EC) No 767/2008, Article 9
[3] Convention implementing the Schengen Agreement of 14 June 1985 between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and French Republic on the gradual abolition of checks at their common borders, Articles 95-100
[4] Ben Hayes, From the Schengen Information System to SIS II and the Visa Information System (VIS): the proposals explained, May 2005, p.3; see also the highly critical report by the House of Lords' European Union Committee, Schengen Information System II (SIS II), March 2007; and, more recently, Joanna Parkin, The Difficult Road to the Schengen Information System II: The legacy of 'laboratories' and the cost for fundamental rights and the rule of law, April 2011
[5] European Commission, Report on the development of the Visa Information System (VIS) in 2010, COM(2001) 346 final, 14 June 2011
[6] Presidency, VIS - state of play, 8164/11, 24 March 2011, p.2
[7] Working Party on Frontiers, Summary of discussions, 6885/11, 1 March 2011
[8] Report on the development of the Visa Information System (VIS) in 2010, p.4
[9] Draft Council Conclusions on the consular roll out for the Visa Information System (VIS), 14917/05, 24 November 2005, p.3
[10] Marie Martin, "A radically changing political landscape in the Southern Mediterranean?" The Dialogue for Migration, Mobility and Security with the Southern Mediterranean Countries, July 2011
[11] The Difficult Road to the Schengen Information System II, p.30
[12] Ibid., p.3
[13] European Commission, Progress report on the development of the Second Generation Schengen Information System (SIS II), July 2010 - December 2010, COM(2011) 391 final, 29 June 2011, p.8
[14] Ibid., p.4
[15] Ibid., p.5
[16] Polish delegation, Data cleansing, 8916/11, 15 April 2011
[17] Convention implementing the Schengen Agreement of 14 June 1985, Article 96
[18] Polish delegation, Article 96, 8918/11, 11 April 2011, p.10
[19] Informal meeting of the Justice and Home Affairs Ministers, 18-19 July 2011, p.1
[20] Next steps in border management in the EU, accessed 15:14, 27 July 2011
[21] UNITED for Intercultural Action, List of 15551 documented refugee deaths through Fortress Europe, 16 June 2011
[22] Schengen Joint Supervisory Authority, Report on the follow-up of recommendations concerning the use of Article 96 alerts in the Schengen Information System, 13 December 2010

Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.


Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error