What is the Schengen Information System (SIS)

SIS is a large-scale IT system, set up as a compensatory measure for the abolition of internal border checks, and intends to ensure a high level of security within the area of freedom, security and justice of the European Union, including the maintenance of public security and public policy and the safeguarding of security in the territories of the Member States. SIS is already implemented in all EU Member States, with the exception of Cyprus[1] , and in four Associated States: Iceland, Liechtenstein, Norway and Switzerland.

SIS is an information system that allows national law enforcement, judicial and administrative authorities to perform their legal tasks by sharing relevant data. With regard to the European agencies, they have read-only access; i.e. the possibility to search and consult SIS but not to update or delete the data or the alerts. EUROPOL has access to all categories of alerts stored in SIS[2] , while EUROJUST[3] has access to specific alerts in the field of police and judicial cooperation, and the European Border and Coast Guard (FRONTEX)[4] has limited access to SIS for certain teams and for specific purposes.

Legal basis

In 2018, SIS legal framework went through a significant revision primarily to enlarge its purposes, to add certain categories of alerts, and to expand the authorities with granted access to SIS data. The new legal framework was adopted on 28 November 2018 and published on 7 December 2018[5].

It consists of three new regulations, covering three areas of competence:

• Regulation (EU) 2018/1860[6] (“SIS Regulation on the use of SIS for the return of illegally staying third-country nationals”)[7] ,

• Regulation (EU) 2018/1861[8] (“SIS Regulation in the field of border checks”)[9] ,

 • Regulation (EU) 2018/1862[10](“SIS Regulation in the field of police and judicial cooperation”), as amended by Regulation (EU) 2022/1190[11].

 SIS will become, in the near future, interoperable with five other EU-large scale systems[12] , pursuant to the full application of the Interoperability Regulations[13]. This fact, among other things, will have an impact on the exercise of data subjects’ rights in this context.

Categories of information processed (alerts)

SIS contains two broad categories of information: alerts on persons and alerts on objects. With regard to alerts on persons, SIS covers the following categories of data subjects:

• third country nationals subject to refusal of entry or stay in the Schengen area or subject to return procedures,

• persons wanted for arrest for surrender or extradition purposes (in the case of associated countries),

• missing persons (including vulnerable persons who need to be prevented from travelling, e.g., children at high risk of parental abduction, children at risk of becoming victims of trafficking in human beings, and children at risk of being recruited as foreign terrorist fighters),

• persons sought to assist with a criminal judicial procedure,

• persons subject to discreet, inquiry or specific checks,

• unknown wanted persons who are connected to a crime (e.g. persons whose fingerprints are found on a weapon used in a crime),

• information on third-country nationals of interest to the Union (so-called "information alerts").

 These last two alerts are brand new in SIS, introduced by SIS Recast. While other alerts have been considerably modified by the new legal framework, such as the alert on missing persons or the alert on discreet or specific checks.

With regard to the alerts on objects, SIS stores data on objects sought for the purpose of seizure or use as evidence in criminal proceedings, or subject to discreet or specific checks. Such objects include vehicles, boats, firearms, identity documents stolen, misappropriated, lost or invalidated, bank notes, credit cards, blank documents, and as a new category “objects of high value” (e.g., items of information technology, which can be identified and searched with a unique identification number).

The categories of personal data processed

When the alert concerns a person (with the exception of unknown wanted person), the information must always include: surname, date of birth, reason for the alert, gender, a reference to the decision giving rise to the alert, basis for the decision for refusal of entry and stay (when applicable), the action to be taken, last date of the period for voluntary departure if applicable, whether return is accompanied by an entry ban. If available, the alert may also contain information such as, any specific, objective, physical characteristics not subject to change; the place of birth; photographs; fingerprints; nationality(ies); whether the person concerned is armed, violent or has escaped; the authority issuing the alert; links to other alerts issued in SIS in accordance with Article 48 of Regulation (EU) 2018/1861 or Article 63 of Regulation (EU) 2018/1862.

When the alert concerns unknown wanted persons, only dactyloscopic data may be processed, either complete or incomplete sets of fingerprints or palm prints, which due to their unique character and the reference points contained therein should enable accurate and conclusive comparisons on a person's identity[14].

 

[1] Information dated from October 2022. Croatia is connected to SIS with some limitations that are expected to be overcome in 2024. Ireland operates SIS for law enforcement purposes only.

[2] Article 35(1) of the Regulation (EU) 2018/1861 and Article 48 (1) of Regulation (EU) 2018/1862.

[3] Article 49 (1) of the Regulation (EU) 2018/1862.

[4] Article 36 (1) of the Regulation (EU) 2018/1861 and Article 50 (1) of the regulation (EU) 2018/1862.

[5] Initially, they were supposed to become fully applicable by 28 December 2021(Article 20 of Regulation 2018/1860, Article 66 (2) the Regulation 2018/1861 and Article 79 of Regulation 2018/1862); however due to delays in the implementation of the new functionalities of the system, the new regulations only became fully applicable since 7 March 2023.

[6] The Regulation (EU) 2018/1860 of the European Parliament and of the Council of 28 November 2018 on the use of the Schengen Information System for the return of illegally staying third-country nationals, OJ L 312, 7.12.2018, p. 1.

[7] The SIS regulation for return is applicable to all Member States and associated Schengen States, with the exception of Ireland.

[8] The Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006, OJ L 312, 7.12.2018, p. 14.

[9] The SIS Regulation in the field of border checks applies to all Schengen States.

[10] Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU, OJ L 312, 7.12.2018, p. 56.

[11] Regulation (EU) 2022/1190 of the European Parliament and of the Council of 6 July 2022 amending Regulation (EU) 2018/1862 as regards the entry of information alerts into the Schengen Information System (SIS) on third-country nationals in the interest of the Union, OJ L 185, 12.7.2022, p. 1.

[12] VIS, Eurodac, EES, ETIAS and ECRIS-TCN

[13] Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA, OJ L 135, 22.5.2019, p. 27;

[14] According to the definition provided by Article 3 (13) of Regulation (EU) 2018/1862.