Documents considered by the Committee on 12 September 2018 Contents

22Interoperable EU information systems for security, border control and migration management

Committee’s assessment

Legally and politically important

Committee’s decision

Not cleared from scrutiny; further information requested; drawn to the attention of the Home Affairs Committee and the Justice Committee

Document details

(a) Proposal for a Regulation establishing a framework for interoperability between EU information systems (police and judicial cooperation, asylum and migration)

(b) Proposal for a Regulation establishing a framework for interoperability between EU information systems (borders and visas)

Legal base

Articles 16(2), 74, 78(2)(e), 79(2)(c), 82(1)(d), 85(1), 87(2)(a) and 88(2) TFEU, ordinary legislative procedure, QMV

Department

Home Office

Document Numbers

(a) (39366), 15729/17 + ADDs 1–3, COM(17) 794; (b) (39368), 15119/17 + ADDs 1–3, COM(17) 793

Summary and Committee’s conclusions

22.1The Commission has proposed two Regulations which are intended to close the information gaps and “blind spots” which hinder effective cross-border security cooperation by making existing and planned new EU information systems in the field of migration and security interoperable so that information can be shared more rapidly. The first proposed Regulation on the interoperability of EU asylum and law enforcement information systems, document (a), covers two existing EU information systems (the Eurodac asylum database and the police cooperation parts of the Schengen Information System—SIS II) and one new EU information system which is expected to be agreed shortly (the European Criminal Records Information System for Third Country Nationals—ECRIS-TCN). It would also apply to a limited extent to Europol data and to certain Interpol databases (such as the Stolen and Lost Travel Document database). The UK participates in Eurodac and SIS II and has opted into the proposed ECRIS-TCN information system. In May, the Government informed us that it had decided to participate in the proposed Regulation.261 It considered that UK participation would “improve the overall system” as “the more states that participate and the more information shared, the stronger the system will be and the greater increase in security for all”.262

22.2The second proposed Regulation on the interoperability of EU border control and visa information systems, document (b), covers existing or proposed new EU information systems in which the UK is unable to participate as they are based on parts of the Schengen rule book dealing with border control and visas which do not apply to the UK. These are the border control provisions of SIS II, the Visa Information System (VIS), the EU Entry/Exit System (EES) and the European Travel Information and Authorisation System (ETIAS).

22.3The proposed Regulations have four operational objectives:

22.4The proposals would establish:

22.5The Commission anticipates that it may take until the end of 2023 to develop and test all the technical components needed to make EU border, migration and security information systems interoperable.265

22.6The Council agreed a “general approach” on the proposed Regulations in June, paving the way for trilogue negotiations with the European Parliament. Whilst the Government was “supportive” of the text agreed, the Minister for Policing and the Fire Service (Mr Nick Hurd) told us that a number of technical issues still needed to be clarified.266 He nonetheless anticipated that the proposals were likely to be adopted before the end of the year.

22.7When we last considered the proposed Regulations in July, we asked the Minister to explain whether the UK had voted for the general approach and whether the compromise text agreed made any substantive changes to the original Commission proposals.267 We noted that the benefits and costs that interoperable information systems would bring the UK were contingent on the timetable for adopting and implementing the proposed Regulations and on the outcome of negotiations on a post-exit transitional/implementation. We asked the Minister:

22.8We reiterated our concern that the provisions on cooperation with third (non-EU) countries were highly restrictive, stating that “personal data stored in or accessed by the interoperability components shall not be transferred or made available to any third country, to any international organisation or to any private party”.268 We asked whether the Government intended to press for changes to these provisions during negotiations and to explain how it envisaged overcoming these restrictions on third country access to data held in EU information systems once the UK leaves the EU and has third country status.

22.9In his letter of 28 August 2018, the Minister confirms that the Government abstained in the vote on the general approach. He says that “significant changes” have been made during negotiations within the Council which have “generally improved the quality of the drafting” and include the following changes sought by the UK:

22.10Once the proposed Regulations have been formally adopted, eu-LISA (the EU agency responsible for overseeing the development of the new interoperability framework) will work up a more detailed implementation plan which will inform the Government’s own technical planning. Whilst the Minister recognises that all the interoperability components are unlikely to be operational before the end of 2020 (when the transition/implementation period envisaged in the draft EU/UK Withdrawal Agreement will expire), he nonetheless expects to have “a good sense of which tools we will continue to participate in by the time we leave the EU in March 2019”. He anticipates that domestic implementation of the interoperability framework would cost around £2.9 million, with “ongoing running costs thereafter of £0.6 million”, but adds that actual expenditure will depend on the outcome of the UK’s exit negotiations.

22.11Finally, the Minister says that the UK has repeatedly raised concerns about the restrictive provisions on third country access to data held in EU information systems “as we believe there will be circumstances where Member States will need to share information with third countries for the prevention of terrorism and serious crime”. The Government has suggested that the Eurojust Regulation would provide “a suitable agreed precedent”.

Our Conclusions

22.12The Minister confirms that all the components needed to make existing and planned EU information systems in the field of migration and security interoperable are unlikely to be operational before 31 December 2020, the date on which the transition/implementation period envisaged in the draft EU/UK Withdrawal Agreement will expire and EU law cease to apply to the UK. He nonetheless anticipates that the UK will continue to participate in some EU justice and home affairs tools post-exit (and post-transition) and expects to have “a good sense of which tools” by March 2019. We ask the Minister to identify these tools, and the mechanisms envisaged for securing continued UK participation in them, at the earliest opportunity.

22.13We welcome the Government’s active engagement on the provisions in this (and other proposed EU legislation) determining the conditions for data-sharing and data access with third countries, given the possibility that these will provide the basis for future EU/UK cooperation in the absence of a comprehensive post-exit agreement on law enforcement and criminal justice cooperation. We note the Government’s preference for the Eurojust model. We ask the Minister to set out the key features of the Eurojust model (including any changes agreed in recently concluded negotiations on a successor Eurojust Regulation) and explain how they would apply to the proposed Regulations which encompass a range of EU migration and security information systems.

22.14As requested in our earlier Report, we would welcome details of any significant changes proposed by the European Parliament, the Government’s position on the proposed changes and progress reports on trilogue negotiations once they are underway. Meanwhile, the proposed Regulations remain under scrutiny. We draw this chapter to the attention of the Home Affairs Committee and the Justice Committee.

Full details of the documents

(a) Proposal for a Regulation establishing a framework for interoperability between EU information systems (police and judicial cooperation, asylum and migration): (39366), 15729/17 + ADDs 1–3, COM(17) 794.

(b) Proposal for a Regulation establishing a framework for interoperability between EU information systems (borders and visas) and amending Council Decision 2004/512/EC, Regulation (EC) No 767/2008, Council Decision 2008/633/JHA, Regulation (EU) 2016/399 and Regulation (EU) 2017/2226: (39368), 15119/17 + ADDs 1–3, COM(17) 793.

Background

22.15The proposed Regulations encompass six centralised EU information systems, of which three (Eurodac, SIS II and VIS) are already operational and three are “on the brink of development” (the EES, ETIAS and ECRIS-TCN). With the exception of SIS II, the remaining five information systems are “exclusively focussed on third country nationals”, meaning that post-exit, they are likely to include the data of British citizens.269 A new EU Agency—eu-LISA—was set up in 2012 to oversee the operational management of large scale justice and home affairs information systems and will be responsible for making the systems interoperable.270 Each system has its own founding instrument which contains detailed rules on the information that can be stored in each database, the purposes for which it may be used, and data protection requirements. The systems cannot communicate with one another through the exchange of data or sharing of information unless their founding instruments allow them to do so.

22.16The table shows which of the existing or proposed EU information systems are open to UK participation.

Information system

Schengen or non-Schengen

UK position

Visa Information System—VIS

Schengen

UK excluded

Schengen Information System—SIS II (border control component)

Schengen

UK excluded

Schengen Information System—SIS II (law enforcement)

Schengen

UK participates in existing SIS II and is also participating in a Commission proposal to strengthen the law enforcement component of SIS II

EU Entry/Exit System—EES

Schengen

UK excluded

European Travel Information and Authorisation System—ETIAS

Schengen

UK excluded

Eurodac

Non-Schengen

UK participates in the existing Eurodac database. The UK has opted into the Commission’s proposal to expand its scope

European Criminal Records and Information System—extension to third country nationals (ECRIS-TCN)

Non-Schengen

UK participates in ECRIS and has opted into a supplementary proposal extending ECRIS to third country national offenders

Previous Committee Reports

Thirty-fifth Report HC 301–xxxiv (2017–19), chapter 5 (11 July 2019) and Sixteenth Report HC 301–xvi (2017–19), chapter 9 (28 February 2018).


261 See the letter of 30 May 2018 from the Minister for Policing and the Fire Service (Mr Nick Hurd) to the Chair of the European Scrutiny Committee.

262 See the Minister’s letter of 28 June 2018 which is summarised in our Thirty-fifth Report HC 301–xxxiv (2017–19), chapter 5 (11 July 2018).

263 See p.4 of the Commission’s explanatory memorandum accompanying document (a).

264 This service would not apply to the European Travel Information and Authorisation System—ETIAS—as it will not contain biometric data.

265 See the timeframe set out on p.96 of the Commission’s legislative financial statement attached to document (b).

266 See the Minister’s letter of 28 June 2018 which is summarised in our Thirty-fifth Report HC 301–xxxiv (2017–19), chapter 5 (11 July 2018).

267 The Council press release issued on 14 June 2018 states that Coreper endorsed a negotiating mandate on behalf of the Council.

268 Article 48 of the original Commission proposals.

269 See p.5 of the Commission’s explanatory memorandum on document (a),

270 See Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, as amended by Regulation (EU) No 603/2013 establishing Eurodac.




Published: 18 September 2018