In an international tariff context and divisions, in which multilateralism is being questioned, the European Union remains a showcase of cooperation between countries. Perhaps one of the most visible examples of this cooperation is the Schengen area or the elimination of internal borders between EU countries. Since the initial agreement was signed between Belgium, France, Germany, the Netherlands and Luxembourg in 1985, the territory it covers has changed several times, to the total of 29 countries (25 EU and four non-EU) it covers today. But the free movement of people would not be possible without a network to ensure that it would not be used for criminal purposes. Thus the Schengen Information System, or SIS, was born in 1995 and will be 30 years old in 2025.
“The system serves as a technological safeguard to compensate for the absence of internal border controls,” explains Lucas González Ojeda, acting director of the European Commission Representation in Spain. “The introduction of the SIS was an important step in reinforcing internal security, while at the same time allowing the free movement of people and goods within the Schengen area.” González Ojeda highlights four advantages since its deployment: it improves security by facilitating rapid access to a database of criminal activities, missing persons and stolen goods and facilitates a uniform response among the states involved. In the same vein, it facilitates cross-border cooperation in both crime and irregular migration management. It also served to lay the groundwork for a wider exchange of data within the EU. Finally, it brings economic and social benefits by ensuring safe mobility and better integration.
CE. Lucas González Ojeda, director en funciones de la Representación de la Comisión Europea en España
“The system serves as a technological safeguard to compensate for the absence of internal border controls.”
Lucas González Ojeda
“Whenever people talk about Schengen, they always think of it as the free movement of people,” reflects Diego López Garrido, director of Fundación Alternativas.”But the Schengen information system is a security system, which guarantees that the free movement of borders is viable. If this were not the case, we would return to the Europe of borders.” The SIS ensures real-time cooperation between the national authorities of the 30 countries participating in the security framework — one more, as Ireland is also included. It does this through a triple structure. On the one hand there is the central system, with a joint database physically located in Strasbourg, with information on people and objects. Each member country also has national systems and SIRENE offices for requesting information complementary to the national entry, operational 24/7 and responsible for the exchange of information and coordination between agencies. There is also the network that links everything together.
Since 2013, the European agency eu-LISA has been in charge of its management and development, responsible not only for ensuring that it works at all times, but also that it is a robust and interoperable system with all the databases involved. Although it may appear to be a complicated structure, it maintains an agile operation. “You can fight criminal activity very quickly,” defends Garrido. “It has become an instrument of enormous security efficiency.”
Development
In the 30 years it has been in operation, the SIS has undergone two updates since that first model that showed basic functionalities with limited information. In 2013, the second-generation SIS, or SIS II, was implemented, which adapted to new technologies by incorporating more information into alerts, such as fingerprints or photographs, as well as increased security. Ten years later, in 2023, SIS-RECAST, which is still in force today, came into operation. This new version introduces changes derived from the updates of the European Regulations governing the Schengen area, which result in increased cooperation between countries, increasing access to more competent national authorities, such as migration authorities. In addition, it adopts new ways of locating and identifying wanted persons, as well as additional tools and categories of extra alerts, and reinforces controls at external borders.
The evolution of the system has included other updates. For example, while fingerprint storage comes into effect with SIS II, 2018 sees the launch of an automatic fingerprint identification system (AFIS) that allows identification solely by this route. With SIS-RECAST, this model adds additional biometric data, such as prints and palm prints or DNA profiles of missing persons or their relatives. “The revamped SIS reflects the EU’s shift towards a modern digitized and interoperable border management framework,” Ojeda summarizes. Its development “is part of wider EU digital initiatives and the EU interoperability framework between large-scale IT systems,” even though the technology used since its inception remains similar. “No cloud computing or AI technology is used at the moment,” he explains. However, these are options that will be considered when discussing the future of the SIS.”
SIS challenges
“Technological development means that Schengen has been modernized,” says Garrido, who advances one of the system’s controversies. “There is a privacy problem that affects human rights,” as the new versions incorporate sensitive biometric information. Garrido defends the need for “no unnecessary data affecting people’s privacy and, above all, absolute security”. He alludes to the current debate on whether the Schengen system is going too far in data collection and the need to ensure that its use is limited to certain tasks, for example, fighting crime. Precisely, Ojeda qualifies as one of the challenges ahead for the SIS “the balance between innovation and privacy: as emerging technologies, such as AI, are being explored, their integration must respect the requirements of the GDPR and respect ethical standards.”
Fundación Alternativas. En la imagen, Diego López Garrido, director de la Fundación.
“There is a privacy problem that affects human rights.”
Diego López Garrido
The need to safeguard data privacy goes hand in hand with its protection. Although no infrastructure is ever 100% shielded, the Schengen information system maintains “a complete set of safeguards,” in Ojeda’s words. This is designed to make access difficult, maintain the privacy of the information handled and ensure a swift reaction to possible events. It employs access controls and encryption, with role-based permissions and multi-factor authentication; regular independent audits and assessments; and collaboration with ENISA — the European Cybersecurity Agency — and national authorities for rapid response to incidents. In addition, of course, to compliance with the General Data Protection Regulation.
The SIS seeks to make progress in cyber-resilience through tools such as infrastructure replication. With regulations such as NIS-2 or DORA, resilience is becoming the key word in the sector, a response to the rapid technological evolution, also in cybercrime. For Ojeda, another of the keys to the future lies precisely in the adaptation of SIS to emerging criminal threats. “The system must remain agile to adapt to police needs and keep up to date from a technological perspective,” he concludes.
No Responses