Documents considered by the Committee on 13 November 2017 Contents

26Managing EU migration and security databases

Committee’s assessment

Legally and politically important

Committee’s decision

(a) Cleared from scrutiny

(b) Not cleared from scrutiny; further information requested; drawn to the attention of the Home Affairs Committee and the Committee on Exiting the European Union

Document details

(a) Commission report on the functioning of the European Agency for operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA)

(b) Proposed Regulation on the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice

Legal base

(a) —

(b) Articles 74, 77(2)(a) and (b), 78(2)(e), 79(2)(c), 82(1)(d), 85(1), 87(2)(a) and 88(2) TFEU, ordinary legislative procedure, QMV

Department

Home Office

Document Number

(a) (38882), 10873/17 + ADDs 1–2, COM(17) 346

(b) (38878), 10820/17, COM(17) 352

Summary and Committee’s conclusions

26.1The EU has established three centralised information databases which underpin cooperation on asylum, border management and law enforcement. The Eurodac database contains the fingerprints of individuals who have applied for asylum in the EU. The Visa Information System (VIS) contains information on individuals applying for short-stay visas to visit the Schengen area, including their fingerprints and facial images. The Schengen Information System (SIS II) contains information (“alerts”) on individuals (including fingerprints and photographs, where available) and objects likely to be of interest to border control and law enforcement authorities.

26.2A new EU Agency—eu-LISA—was set up in 2012 to oversee the operational management of these information systems and ensure effective, secure and continuous data exchange between Member States.405 Each system has its own founding instrument which contains detailed rules on the information that can be stored in each database, the purposes for which it may be used, and data protection requirements. The systems cannot communicate with one another through the exchange of data or sharing of information unless their founding instruments allow them to do so.

26.3The Regulation setting up eu-LISA provides that the Agency may be made responsible for the preparation, development and operational management of other large-scale EU information systems dealing with asylum, migration, civil and criminal law cooperation and cross-border police cooperation. A number of new information systems are envisaged. They include proposals for:

26.4Each proposal envisages an important role for eu-LISA in developing these new systems or tasks and ensuring overall operational management. The Commission also expects the Agency to be a crucial actor in implementing its ambitious plans to make existing and future EU information systems for security, border and migration management interoperable by 2020, a goal endorsed by EU leaders in June.411

26.5In document (a), the Commission reports the findings of an external evaluation of eu-LISA and makes a number of recommendations to amend the Agency’s founding Regulation. The changes are set out in document (b)—a proposed Regulation—which would repeal and replace the 2011 Regulation establishing eu-LISA.

26.6The proposed Regulation covers an array of existing or planned EU information systems. Some build on parts of the Schengen rule book on border control and visa policy which do not apply to the UK and are not open to UK participation. Others are subject to the UK’s Title V (justice and home affairs) opt-in or Schengen opt-out, meaning that the UK is able to decide whether or not to participate.

26.7As the following table shows, the UK is not entitled to participate in VIS, the border control elements of SIS II, the EES and the ETIAS. The UK currently participates in the Dublin Regulation, Eurodac database, ECRIS and the law enforcement aspects of SIS II. The Government has opted into new proposals to expand the Eurodac database but does not intend to take part in the new redistribution mechanism which is a key element of the Commission’s Dublin reform proposals. The Government has decided to participate in the Commission’s proposed reform of SIS II in so far as it concerns police cooperation. The Government has also stated that it intends to participate in a recent proposal to establish ECRIS-TCN.412

Information system

Schengen or non-Schengen

UK position

Visa Information System—VIS

Schengen

UK excluded

Schengen Information System—SIS II (border control component)

Schengen

UK excluded

Schengen Information System—SIS II (law enforcement)

Schengen

UK participates in existing SIS II and is also participating in the Commission’s proposal to strengthen the law enforcement component of SIS II

EU Entry/Exit System—EES

Schengen

UK excluded

European Travel Information and Authorisation System—ETIAS

Schengen

UK excluded

Eurodac

Non-Schengen

UK participates in the existing Eurodac database. The UK has opted into the Commission’s proposal to expand its scope

Dublin Regulation

Non-Schengen

UK participates in the current (Dublin III) Regulation. The UK has not opted into the proposed Dublin IV Regulation containing a new redistribution mechanism for asylum seekers

European Criminal Records and Information System—extension to third country nationals (ECRIS-TCN)

Non-Schengen

UK participates in ECRIS and has opted into a supplementary proposal extending ECRIS to third country national offenders

26.8The Minister for Policing and the Fire Service (Mr Nick Hurd) considers eu-LISA to be an effective Agency and supports most of the changes proposed by the Commission. He confirms that, until negotiations on the UK’s exit from the EU are concluded, the Government will “continue to negotiate, implement and apply EU legislation”. He notes that the Estonian Presidency is aiming to secure a general approach on the proposed Regulation by the end of the year so that trilogue discussions with the European Parliament can begin in 2018. The Minister describes the complex interplay between the UK’s Title V (justice and home affairs) opt-in Protocol and Schengen Protocol which determine whether the UK is able to participate in the proposed Regulation. In order to participate, the Government would need to:

26.9The UK has participated in eu-LISA since it began operating in 2012. We accept that the changes proposed by the Commission to the Agency’s founding Regulation are essentially technical and, for that reason, we are not recommending a debate on the opt-in and opt-out decisions to be taken by the Government. We nevertheless consider that the purpose of the changes—to ensure that the EU’s main asylum, border management and security information systems are managed to a consistently high standard—is important. The potential impact of these systems on British citizens is likely to be even greater once the UK leaves the EU since many of them will mainly contain data on third country (non-EU) nationals. Effective operational management and a high level of data quality and accuracy are therefore in the UK’s interests while it remains a member of the EU and when it leaves.

26.10Recital (45) of the proposed Regulation seeks to clarify the conditions governing the UK’s participation. The UK’s Title V opt-in Protocol applies to those parts of the proposal concerning the Eurodac database, the proposed extension of the European Criminal Records Information System to include third country national offenders within the EU (ECRIS-TCN), and the automated system for registering and monitoring asylum applicants and reallocating responsibility contained in the proposed Dublin IV Regulation. We ask the Minister to explain whether the Government’s decision not to participate in the proposed Dublin IV Regulation has any legal or policy implications for this opt-in decision.

26.11The Minister indicates that the UK is entitled to opt out of those parts of the proposed Regulation concerning the law enforcement aspects of SIS II. We ask him whether it would be legally or practically feasible for the UK to do so, given that the Government has decided to participate in the Commission’s recent proposal to strengthen the SIS II law enforcement Regulation.413 In relation to the legal feasibility, does the Court of Justice’s reluctance to accept partial participation of the UK (and Denmark) in a measure (in that case EU participation in the Chicago Convention) affect the position?414

26.12The Government accepts the Commission’s analysis that a further Council Decision based on Article 4 of the Schengen Protocol would be necessary to secure the UK’s participation in the proposed Regulation. The Decision would require the unanimous agreement of the Council. Does the Minister consider this to be a realistic prospect, in light of the UK’s decision to leave the EU in March 2019 and the possibility that negotiations may not be concluded in time? Can he confirm that the Council Decision would need to be adopted before the Regulation?

26.13Recital (45) of the proposed Regulation makes clear that UK participation would, in any event, only continue until the date on which the UK leaves the EU, but adds that “this is without prejudice to any provisions of the withdrawal agreement” concluded as part of the UK’s Article 50 exit negotiations. Does the Minister expect the withdrawal agreement to include arrangements for UK participation in, or access to, any of the information systems managed by eu-LISA, or would this be a matter for a future relations agreement between the EU and the UK or a separate “strategic agreement” establishing a framework for future security, law enforcement and criminal justice cooperation with the EU?415 How soon will negotiations on these and other information sharing mechanisms begin and when does the Government intend to provide further details of its negotiating objectives?

26.14Article 38 of the proposed Regulation only makes provision for the participation in eu-LISA of third countries that have entered into agreements with the EU associating them with the implementation, application and development of the Schengen rule book and the Dublin/Eurodac system. How does the Government intend to approach Article 38 in negotiations? As drafted, does the Minister accept that it would preclude UK participation in eu-LISA following the UK’s exit from the EU? Would the UK’s exclusion from eu-LISA have wider implications for UK participation in the information systems managed by the Agency post-Brexit?

26.15We ask the Minister to inform us of the Government’s opt-in and opt-out decisions at the earliest opportunity and to indicate whether it intends to request a further Council Decision based on Article 4 of the Schengen Protocol to enable the UK to participate in the proposed Regulation. We are content to clear the Commission’s evaluation report—document (a)—from scrutiny. The proposed Regulation—document (b)—remains under scrutiny. We draw this chapter to the attention of the Home Affairs Committee and the Committee on Exiting the European Union.

Full details of the documents

(a) Commission report on the functioning of the European Agency for operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA): (38882), 10873/17 + ADDs 1–2, COM(17) 346.

(b) Proposed Regulation on the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, and amending Regulation (EC) 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) 1077/2011: (38878), 10820/17, COM(17) 352.

Background

26.16eu-LISA was established in 2012 to provide a uniform and stable environment for the operational management of three large-scale information systems (VIS, SIS II and Eurodac) and to create efficiencies through the pooling of technical expertise. It is based in Tallinn, Estonia but the systems it manages are operated from a technical site in Strasbourg (with a back-up site in Sankt Johann im Pongau, Austria).

Document (a)—the Commission’s evaluation report

26.17Based on the findings of an evaluation carried out between December 2012 and September 2015, the Commission concludes that eu-LISA is “a well performing and increasingly important Agency” but its functioning remains a “work in progress”.416 It anticipates that there will be increasing demand for eu-LISA’s resources and technical expertise as EU information systems evolve against a backdrop of unprecedented migration and security challenges. The Commission makes clear that the Agency’s primary focus must remain on its “core business”—the operational management of existing and planned EU migration and security information systems—but says that some limited changes to its founding Regulation are necessary to increase eu-LISA’s flexibility to respond to new needs, including enhancing the interoperability of EU information systems.

Document (b)—the proposed Regulation

26.18The proposed Regulation would repeal and replace eu-LISA’s original founding Regulation and make a number of changes to reflect the recommendations in the Commission’s evaluation report and wider legislative and policy developments concerning the EU’s migration and security information systems. The Commission considers these changes to be “essentially technical”. As they would expand eu-LISA’s tasks, it says that an additional €78 million (£69 million) of funding would be needed from the EU budget to cover the period from 2018 to 2020. The Commission makes clear that Member States are responsible for the data that are entered in the systems and for their own national interfaces.

26.19The changes proposed would:

26.20The proposed Regulation includes provisions on third country participation in eu-LISA which would only apply to countries that have entered into agreements associating them with the implementation, application and development of the Schengen and Dublin/Eurodac rule book (currently Iceland, Norway, Liechtenstein and Switzerland) on the basis of an association agreement concluded with the EU. These agreements should contain detailed rules on participation in the Agency, including financial contributions, staffing, and voting rights within eu-LISA’s Management Board.418

26.21The proposed Regulation cites as its legal base eight Articles in the Treaty on the Functioning of the European Union (TFEU) covering administrative cooperation between Member States, external border controls, visas, asylum, illegal immigration, and police and judicial cooperation in criminal matters. The UK’s participation in these areas of EU activity is determined by two Protocols annexed to the EU Treaties. The first (Protocol 19) deals with UK participation in Schengen measures; the second (Protocol 21) with UK participation in non-Schengen areas of justice and home affairs cooperation.

26.22According to the Commission’s analysis, the provisions of the proposed Regulation relating to the borders component of SIS II, VIS, EES and ETIAS would not apply to the UK unless the UK submitted a request to the Council asking to take part in these provisions under Article 4 of the Schengen Protocol. Such a request would require the unanimous approval of the Council. By contrast, the UK would be automatically bound by the provisions of the proposed Regulation which relate to the law enforcement component of SIS II, as the UK participates in this component of SIS II.419

26.23Protocol 21 would govern the provisions of the proposed Regulation relating to Eurodac, the Dublin IV Regulation and ECRIS-TCN as they are all non-Schengen instruments. Under this Protocol, the UK would be entitled to opt into the proposed Regulation to the extent that it applies to these information systems. As explained earlier in this chapter, the UK has opted into the new Eurodac proposal and participates in the existing Dublin III Regulation, but has not opted into the proposed Dublin IV Regulation. The UK has opted into a proposal to update ECRIS and a further proposal extending its scope to third country national offenders in the EU.420

26.24The proposed Regulation includes a recital which makes clear that UK participation would, in any event, cease once the UK leaves the EU, but adds that this is “without prejudice to any provisions of the withdrawal agreement”.421

The Minister’s Explanatory Memorandum of 20 July 2017

26.25The Minister first explains the complex interplay between the UK’s Title V (justice and home affairs) opt-in Protocol and Schengen Protocol which determine whether the UK is able to participate in the proposed Regulation:

“The situation is complicated by the fact that we participate (or would be entitled to participate) fully in some of the IT systems that eu-LISA manages, are excluded from participation in some others and participate only partially in another (SIS II).

“The UK would normally be excluded from participating in the Regulation to the extent that it governs the management of systems building on the border and visa aspects of the Schengen acquis (the border control aspects of SIS II, the VIS, the EES and the ETIAS). This is because we do not take part in these aspects of the Schengen acquis, so are excluded from measures that build upon them.

“However, as Recital 45 envisages, a Council Decision under Article 4 of Protocol 19 to the Treaties (the Schengen Protocol) would enable the UK to participate fully in the adoption of the Regulation, and therefore in the management of the Agency, albeit subject to restrictions on voting when the Management Board is considering matters that relate to the border control aspects of SIS II, the VIS, the EES or the ETIAS.”422

26.26Article 4 of the Schengen Protocol entitles the UK to “request to take part in some or all of the provisions of the Schengen acquis”. Any request must be agreed unanimously by the Council. The Minister recalls that a separate Council Decision based on Article 4 of the Schengen Protocol was adopted in 2010 to authorise UK participation in the Regulation establishing eu-LISA in 2011.423 A separate Decision was needed as the Agency’s founding Regulation could not be partially applicable to the UK—all of its provisions, including those establishing eu-LISA’s responsibility for the operational management of information systems in which the UK did not participate, had to apply to the UK. The 2010 Decision authorised UK participation in eu-LISA’s founding Regulation “to the extent that it relates to the operational management of the Visa Information System (VIS) and the parts of the second generation Schengen Information System (SIS II), in which the United Kingdom does not participate”.424

26.27The Minister continues:

“A similar decision could extend this participation to cover the Agency’s role in relation to the ETIAS and the EES, meaning the UK could fully participate in the measure. This would avoid the need for separate Regulations (and possibly separate configurations of the Management Board) dealing with the management of systems in which we do and do not participate.”425

26.28He accepts that a further Council Decision based on Article 4 of the Schengen Protocol would be necessary to ensure the UK’s full participation in the proposed Regulation, as the earlier 2010 Decision only covers VIS and the borders aspects of SIS II. He adds:

“A Council Decision to this effect would not result in the UK’s participation in other aspects of the Schengen acquis in which we do not wish to participate, i.e. visas and management of the EU external border, but only in eu-LISA itself and its functioning.”426

26.29The Minister says the Government will consider whether to seek a further Council Decision and undertakes to keep us informed of developments. If the Government does seek to participate in the proposed Regulation, he does not anticipate that any changes to domestic law will be needed.427

26.30He notes that the UK will be automatically bound by those parts of the proposed Regulation dealing with the police cooperation and law enforcement elements of SIS II unless the Government notifies the Council that it wishes to opt out. The three month period for notifying an opt-out decision begins from the date on which the last language version of the proposed Regulation is published.

26.31Three of the information systems for which eu-LISA will be responsible—Eurodac, the Dublin IV corrective allocation mechanism and ECRIS-TCN—are not Schengen-building measures. The UK’s Title V opt-in Protocol therefore applies. The Minister explains:

“To the extent that the provisions of the Regulation relate to these measures, they will only apply to us if we notify the Council, within three months of the publication of the last language version of the proposal, that we wish to opt in.”428

26.32He continues:

“The Government is committed to taking all opt-in and opt-out decisions on a case-by-case basis, putting the national interest at the heart of the decision making process. In taking the decisions required by the proposed Regulation, the Government will consider, in particular, the desirability of maximising our influence over the design and operation of the IT systems that we take part in (Eurodac, the police and judicial cooperation aspects of SIS II and, if we opt in, ECRIS-TCN).

“We will inform the Parliamentary Scrutiny Committees as soon as the last language version of the proposed Regulation is published.”429

26.33Turning to the substance of the proposed Regulation, the Minister “welcomes the majority of the changes to eu-LISA’s operation and governance”, adding:

“Since its establishment in 2012, eu-LISA has been an effective Agency that has managed Eurodac, SIS II and VIS well. We therefore support the extension of the Agency’s remit to EES, ETIAS and ECRIS-TCN.”430

26.34He notes that a number of the changes are intended to give effect to recommendations made by a High Level Group of Experts (HLEG) in their report examining EU information systems and interoperability431 but makes clear that:

“The proposed Regulation does not […] give eu-LISA authority to build any of the specific IT solutions (a European Search Portal, shared biometric matching service and common identity repository) envisaged in the HLEG report and the Commission’s response. The Commission is likely to bring forward further legislation, either in the autumn or early next year, to authorise eu-LISA to develop these.”432

26.35The Minister:

26.36He notes that the proposed Regulation establishes the headquarters of the Agency as well as the location of the technical site where the IT system is based and the backup site (as did the original 2011 Regulation founding eu-LISA), and comments:

“The Government has no desire to change the location of the Agency or of its systems but notes that Article 341 of the Treaty on the Functioning of the European Union provides that the seats of EU institutions shall be determined by common accord of the Governments of the Member States, rather than being specified in the legislation establishing an Agency. We will raise this point in the negotiations.”435

26.37The Minister says that negotiations on the proposed Regulation began in July. The Estonian Presidency hopes to secure a general approach within the Council by the end of the year so that trilogue discussions with the European Parliament can commence early next year.

Previous Committee Reports

None on this document.


405 See Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, as amended by Regulation (EU) No 603/2013 establishing Eurodac.

406 See our Third Report HC 71–ii (2016–17), chapter 14 (25 May 2016).

407 See our Twenty-fifth Report HC 71–xxiii (2016–17), chapter 12 (11 January 2017), Thirty-first Report HC 71–xxix (2016–17), chapter 12 (8 February 2017), Thirty-fifth Report HC 71–xxxiii (2016–17), chapter 7 (15 March 2017) and Fortieth Report HC 71–xxxvii (2016–17), chapter 18 (25 April 2017).

408 See chapter (38886) of this Report.

409 Our Sixth Report HC 71–iv (2016–17), chapter 1 (15 June 2016) provides a more detailed overview of the proposed corrective allocation mechanism.

410 See our Sixth Report HC 71–iv (2016–17), chapter 2 (15 June 2016).

411 See the Conclusions of the June 2017 European Council.

412 See chapter 22 (38886) of this Report.

413 See chapter XX (38426–8) of this Report.

414 Opinion 1/15 26 July 2017

415 See the Government’s future partnership paper, Security, law enforcement and criminal justice published in September.

416 See p.13 of the Commission report.

417 The Commission cites as an example assistance given by eu-LISA in 2016 to the Greek authorities to increase the server capacity of Eurodac within a migration reception centre “hotspot”.

418 See Articles 17(4), 20(3), 23(2) and (6) and 38 of the proposed Regulation.

419 See recital (45) of the proposed Regulation.

420 Ibid. See chapter 22 (38886) of this Report.

421 Ibid.

422 See paras 25–7 of the Minister’s Explanatory Memorandum.

423 See Council Decision 2010/779/EU concerning the UK’s request to take part in some of the provisions of the Schengen acquis relating to the establishment of a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice.

424 See recitals (8) and (9) and Article 1 of the 2010 Decision.

425 See para 28 of the Minister’s Explanatory Memorandum.

426 See para 29 of the Minister’s Explanatory Memorandum.

427 See para 15 of the Minister’s Explanatory Memorandum.

428 See para 31 of the Minister’s Explanatory Memorandum.

429 See paras 32–3 of the Minister’s Explanatory Memorandum.

430 See para 34 of the Minister’s Explanatory Memorandum.

431 See the final report published by the High Level Expert Group in May 2017.

432 See para 37 of the Minister’s Explanatory Memorandum.

433 See para 41 of the Minister’s Explanatory Memorandum.

434 See para 43 of the Minister’s Explanatory Memorandum.

435 See para 47 of the Minister’s Explanatory Memorandum.




20 November 2017