EU: States slow to introduce legal changes easing biometric identity checks by police


Member states are making little progress in changing national laws to ease biometric identity checks by the police, one of the key aims of the EU's 'interoperability' initiative.

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.

Easing biometric identity checks

The poor state of preparations for implementing rules introduced in two 2019 laws is set out in a European Commission document sent to the Council of the EU and obtained by Statewatch.

See: NOTE from: Commission services to: Delegations: Implementation of interoperability: state of play on the implementation of the Entry/Exit System and the European Travel Information and Authorisation System (Council doc. 9085/21, LIMITE, 1 June 2021, pdf)

Under Article 20 of the interoperability rules, law enforcement and other officials will be able to use the Common Identity Repository (CIR, a huge, centralised biometric database able to hold up to 300 million records on non-EU nationals) for identity checks in the street, provided they have the technical means and legal possibility to do so.

The implementation of these rules is not necessarily desirable: by providing law enforcement officials with access to a vast pool of information on non-EU nationals, it is likely to exacerbate existing practices of racial and ethnic profiling. The interoperabiltiy intiative as a whole plays fast-and-loose with data protection rules, with data freely repurposed and used in ways that were not foreseen when it was collected.

The slow road

The document shows that many member states have not made much progress with the "necessary legal adaptations" that would permit Article 20 checks (the information contained in the document is reproduced below). However, two states - Slovakia and Spain - are marked as "N/A", which may indicate that they do not foresee the need for any changes. This may end up being the case for other states.

State State of preparation of Article 20 legal adaptations
Austria 10%
Belgium 0%
Bulgaria 30%
Croatia 100%
Cyprus 0%
Czechia 0%
Denmark 0%
Estonia 10%
Finland 50%
France 30%
Germany 10%
Greece 0%
Hungary 0%
Iceland 0%
Ireland Not participating
Italy 20%
Latvia 85%
Liechtenstein 100%
Lithuania 5%
Luxembourg 10%
Malta 10%
Netherlands 35%
Norway 0%
Poland 15%
Portugal 50%
Romania 25%
Slovakia N/A
Slovenia 60%
Spain N/A
Sweden 20%
Switzerland 80%

The document also shows that less than half of the states participating in the interoperability initiative (including both EU and Schengen Associated Countries) have finished assessing whether the introduction of 'Article 20 checks' requires changes to national legislation.

Thirteen have done so: Croatia, France, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Portugal, Romania, Slovenia, Spain and Switzerland.

The assessments of a further 12 are "ongoing": Austria, Belgium, Cyprus, Czechia, Denmark, Estonia, Finland, Germany, Hungary, Italy, Poland and Sweden.

Belgium, Iceland and Norway have not yet begun their assessments, while for Greece and Slovakia the table in the Commission document merely includes a "?".

Deadline 2023

The upbeat tone of the Commission's report appears to be an attempt to mask an over-ambitious process that is slipping behind schedule.

The intention is to have the majority of the new and revamped "interoperable" databases - which relate to border crossings, "travel authorisations" (a form of visa for those who do not require a visa), Schengen visas, asylum-seekers and irregular migrants, criminal records on non-EU nationals and police and border agency data - up and running by the end of 2023.

On the Entry/Exit System (EES, a centralised database of all border crossings by non-EU citizen set up with the purpose of detecting "overstayers") the Commission says:

"A majority of Member States planned to perform their compliance testing activities at the very last possible time slot. This was mitigated to some extent to have a more even distribution for the time slots but it remains a matter of concern as it indicates that several national implementation projects for the Entry/Exit System will be completed at the very last moment."

This has implications for other components of the "interoperability architecture", such as the European Travel Information and Authorisation System (ETIAS):

"Any delay for the implementation of the Entry/Exit System would hamper the start of operation of the European Travel Information and Authorisation System and initiate a domino effect having negative consequences on reaching the end-2023 target date. There is a risk that this could result in severe adverse consequences on the protection of the external borders and ensuring European internal security, including the fight against terrorism and organised crime." [emphasis in original]

And it seems that the ETIAS is suffering from delays of its own:

"While the entry into operation of this system follows that of the Entry/Exit System, there are similar delays in procurement procedures and in setting up the relevant national units. Again, these should be advanced according to the given schedule."

A colour-coded table showing national progress in setting up ETIAS components is a sea of red, as is a separate table giving an overview of the extent to which national governments plan to provide training on using the new systems.

The revamping of older systems appears to be progressing more swiftly. On the Schengen Information System, for which new rules came into force in December 2018, the Commission states:

"The deployment of the fingerprint functionality, the Schengen Information System Automated Fingerprint Identification System, is a success. In 2020, Member States carried out half a million fingerprint searches. At the end of 2020, 30 % of the alerts on persons contained fingerprints (compared to 17 % in 2019). Nevertheless, there is still an unequal use. Some Member States) still need to deploy the search functionality in their national system. It is important that this is done as soon as possible in order to safeguard an equal level of internal security within Schengen."

See: NOTE from: Commission services to: Delegations: Implementation of interoperability: state of play on the implementation of the Entry/Exit System and the European Travel Information and Authorisation System (Council doc. 9085/21, LIMITE, 1 June 2021, pdf)

Further reading

Find out more about the dangers of the EU's interoperability initiative in the Statewatch Database

Image: Daniel Pink, CC BY 2.0

Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.


Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error