The Schengen Information System (SIS) is a governmental database maintained by the European Commission. The SIS is used by 31 European countries to find information about individuals and entities for the purposes of national security, border control and law enforcement since 2001. A second technical version of this system, SIS II, went live on 9 April 2013.[1] An upgraded Schengen Information System entered into operation on 7 March 2023.[2]
Information in SIS is shared among the institutions of countries participating in the Schengen Agreement Application Convention (SAAC). The five original participating countries were France, Germany, Belgium, the Netherlands, and Luxembourg. Twenty-two additional countries joined the system since its creation: Spain, Portugal, Italy, Austria, Greece, Finland, Sweden, Switzerland, Denmark, Iceland, Norway, Estonia, the Czech Republic, Hungary, Latvia, Lithuania, Malta, Poland, Slovakia, Slovenia, Liechtenstein, Croatia, Bulgaria and Romania. Among the current participants, Iceland, Liechtenstein, Norway, and Switzerland are members of the European Free Trade Association but not of the European Union.
Although Ireland and the United Kingdom operate a Common Travel Area and had not signed the Schengen Agreement Application Convention (when the United Kingdom was still an EU member), they had the right to take part in Schengen co-operation under the terms of the Treaty of Amsterdam. Ireland joined the law enforcement aspect on 1 January 2021 and has "full operational capacity" since March 2021.[3] [4] As a consequence of Brexit, the UK lost access to the system on 31 December 2020. (UK law enforcement did 571 million searches in the database in 2019 alone[5]) and does not expect to regain any access before 2027 at the earliest.[6]
SIS information is stored according to the legislation of each participating country. There are more than 46 million entries (called "alerts") in SIS, most about lost identity documents.[7] Person alerts make up around 1.9 percent of the database (about 885,000 records). Each alert contains information such as: name, date of birth, gender, nationality, aliases, arms or history of violence, the reason for the alert and the action to be taken if the person is encountered. SIS does not record travellers' entries and exits from the Schengen Area.[8] [9] [10] [11]
On 25 March 1957, the Treaty of Rome was completed. On 3 February 1958, the economic union of the Benelux countries was formed. Both agreements aimed to enable the free movement of people and goods across national borders. The Benelux countries, as a smaller group, were able to quickly implement the agreement. The European Communities' focus was on economic integration. It was not until the agreement of Saarbrücken was completed on 13 July 1984, that border controls between France and Germany were eased.
On 14 June 1985, France, Germany and three of the Benelux nations completed the Schengen Agreement. Border controls on people and goods between these nations were gradually relaxed. On 19 June 1990, the initial five nations were joined by Spain, Portugal, Italy, Greece, Austria and five Nordic Passport Union countries: Denmark, Finland, Iceland, Norway and Sweden.
On 21 December 2007, the Schengen border-free zone was enlarged to include Estonia, the Czech Republic, Hungary, Latvia, Lithuania, Malta, Poland, Slovakia and Slovenia.
On 1 January 2023, the Schengen border-free zone was enlarged to include Croatia.
SIS was created to maintain European security after 25 March 2001 when border security between fifteen nations was relaxed. The SIS requires Schengen nations to respect the legal force of the information it contains. It also requires the nations to respect the privacy and personal freedom of the people whose data is held according to national data laws. SIS's information processing system must be permanently connected to member nations' databases and must be updated in real-time.
These commitments are supplemented by consultation procedures between the member nations. Discussions may take place about issues such as confirmation of information, variation of actions directed by SIS, questions of residency, and international warrants for arrest.
SIS is controlled by an authority composed of representatives of the member nations. Personal data protection is a key responsibility. At a technical level, the participating countries adopted a data-processing star architecture made up of a central site containing the reference database, known as C-SIS, for which the responsibility is entrusted to the French Republic by the CAAS, and a site by country, known as N-SIS, containing a copy of the database.
The type of data about people kept in SIS includes: requests for extradition; undesirability of presence in particular territory; minor age; mental illnesses; missing person status; a need for protection; requests by a judicial authority; and suspected of crime. The SIS also keeps data referring to lost, stolen and misappropriated firearms, identity documents, motor vehicles and banknotes.
France is responsible for management of SIS and uses an automated system of data updates which occur every five minutes. The SIS automatically directs data to queries arriving via large national databases. Each member nation has an office responsible for SIS communications. SIS also has a function called "Supplementary Information Request at the National Entry" (SIRENE). The SIRENE office records a "hit" on a SIS data record and forwards further information to assist investigations.
In addition to SIS and SIRENE, the Schengen convention ensured police co-operation and legal mutual assistance. Police of member nations can cooperate to prevent and identify crime (article 39); to continue surveillance across borders (article 40); to pursue across borders in certain circumstances (article 41); and to share information that is significant for the repression or the prevention of in flagrante delicto or threats to order and public safety (article 46). This allows execution of criminal judgements and extraditions where a national attempts to take refuge in another territory.
In November 2011, SIS1 was renewed for a second time. The main reason for renewal was to connect more nations.
In 2007, while developments were in progress, Portugal had offered the use of a version called "SISone4ALL" developed by SEF (Portugal's Border and Foreigners Service) and Critical Software.[12]
On 15 October 2010, Bulgaria and Romania joined SIS II for law enforcement cooperation.[13]
On 9 April 2013, SIS II went live.[1] [14]
On 27 June 2017, Croatia joined SIS II for law enforcement cooperation.[15]
On 1 August 2018, Bulgaria and Romania gained full access to SIS.[16]
On 1 January 2021, Ireland joined the law enforcement aspect, with full access to SIS for law enforcement purposes from 15 March 2021.[17]
On 3 May 2022, the European Parliament approved a proposal to give Cyprus full access to SIS. The proposal still needs to be endorsed by the Council of the European Union.[18]
On 1 January 2023, Croatia gained full access to SIS with joining the Schengen border-free zone.
On 25 July 2023, Cyprus gained full access to SIS.[19] [20]
In 2023, the UK was negotiating to rejoin SIS II, with access unlikely before the 2027/2028 fiscal year.
Use of the Schengen Information System is limited to members of the European Union and signatories of the Schengen Agreement Application Convention. While still a member of the EU but not of the Schengen Agreement, the United Kingdom had limited access to the SIS. This access ceased from 1 January 2021.[21] In June 2020, the Security and Intelligence subcommittee of the House of Lords, on hearing evidence by Home Office Minister James Brokenshire, expressed concerns that failure of the (post-Brexit) trade negotiation between the United Kingdom and the EU could lead to worrying delays in access to counter-terrorism intelligence.[22]
In 2023 the United Kingdom gaining access to EU datasets was stated to be at "a very early stage", and was not expected to be completed before the 2027/2028 financial year.[23]