kom (2018) 0302 - Ingen titel

Europaudvalget 2018
KOM (2018) 0302
Offentligt

EUROPEAN

COMMISSION

Brussels, 16.5.2018

SWD(2018) 195 final

COMMISSION STAFF WORKING DOCUMENT

IMPACT ASSESSMENT

Accompanying the document

Proposal for a Regulation of the European Parliament and of the Council

amending Regulation (EC) No 767/2008, Regulation (EC) No 810/2009, Regulation (EU)

2017/2226, Regulation (EU) 2016/399, Regulation XX/2018 [Interoperability

Regulation], and Decision 2004/512/EC and repealing Council Decision 2008/633/JHA

{COM(2018) 302 final} - {SWD(2018) 196 final}

kom (2018) 0302 - Ingen titel

Table of contents

INTRODUCTION: POLITICAL AND LEGAL CONTEXT ............................................................... 5

1.1.

1.2.

1.3.

1.4.

1.5.

Visa Information System and the security of the Schengen area ...................... 5

Closing the information gap on long-stay visas and residence documents ....... 7

The VIS setup .................................................................................................... 8

VIS REFIT Evaluation .................................................................................... 10

Consequences for the VIS ............................................................................... 11

PROBLEM DEFINITION................................................................................................................... 12

2.1. What are the problems? ................................................................................... 12

2.2. What are the problem drivers? ........................................................................ 23

2.3. How will the problem evolve? ........................................................................ 24

WHY SHOULD THE EU ACT?......................................................................................................... 26

3.1. Legal basis ....................................................................................................... 26

3.2. Subsidiarity: Necessity of EU action .............................................................. 26

3.3. Subsidiarity: Added value of EU action .......................................................... 27

OBJECTIVES: WHAT IS TO BE ACHIEVED?................................................................................ 27

4.1. General objectives of the revised VIS proposal .............................................. 27

4.2. Specific objectives........................................................................................... 28

WHAT ARE THE AVAILABLE POLICY OPTIONS? ..................................................................... 29

5.1. What is the baseline from which options are assessed? .................................. 29

5.2. Description of the policy options .................................................................... 32

5.3. Options discarded at an early stage ................................................................. 38

WHAT ARE THE IMPACTS OF THE POLICY OPTIONS? ........................................................... 38

6.1. Assessment of policy options .......................................................................... 39

HOW DO THE OPTIONS COMPARE? ............................................................................................ 55

7.1.

7.2.

7.3.

7.4.

Copy of the travel document ........................................................................... 55

Fingerprinting of minors ................................................................................. 56

Long-stay visas and residence documents ...................................................... 58

Migration and security checks......................................................................... 63

Copy of the travel document ........................................................................... 64

Fingerprinting of minors ................................................................................. 65

Long-stay visas and residence documents ...................................................... 65

Migration and security .................................................................................... 66

REFIT (simplification and improved efficiency) ............................................ 66

PREFERRED OPTIONS..................................................................................................................... 64

8.1.

8.2.

8.3.

8.4.

8.5.

HOW WILL ACTUAL IMPACTS BE MONITORED AND EVALUATED? .................................. 67

ANNEX 1: PROCEDURAL INFORMATION ............................................................................................ 68

ANNEX 2: STAKEHOLDER CONSULTATION ....................................................................................... 70

ANNEX 3: WHO IS AFFECTED AND HOW?........................................................................................... 78

ANNEX 4: REFIT ........................................................................................................................................ 82

ANNEX 5: METHODOLOGY..................................................................................................................... 85

kom (2018) 0302 - Ingen titel

ANNEX 6: MONITORING AND EVALUATION...................................................................................... 90

ANNEX 7: EXECUTIVE SUMMARY OF THE STUDY ON STORING A SCANNED COPY OF

THE VISA APPLICANTS' TRAVEL DOCUMENT IN THE VISA INFORMATION

SYSTEM (VIS) ................................................................................................................................... 92

ANNEX 8: EXECUTIVE SUMMARY OF THE STUDY ON FEASIBILITY AND

IMPLICATIONS OF LOWERING THE FINGERPRINTING AGE FOR CHILDREN ................. 102

Analysis of the problems ............................................................................... 102

Objectives ...................................................................................................... 102

Policy options ................................................................................................ 102

Assessment of impacts .................................................................................. 103

ANNEX 9: EXECUTIVE SUMMARY OF THE LEGAL ANALYSIS ON THE NECESSITY AND

PROPORTIONALITY OF EXTENDING THE SCOPE OF THE VISA INFORMATION

SYSTEM (VIS) TO INCLUDE DATA ON LONG STAY VISAS AND RESIDENCE

DOCUMENTS .................................................................................................................................. 107

Context of the study ...................................................................................... 107

What is the problem?..................................................................................... 109

What are the objectives of the initiative? ...................................................... 112

Why an EU action? ....................................................................................... 112

What are the options to address the problem? ............................................... 113

Findings and conclusions of the study .......................................................... 114

The way forward/what are the next steps ...................................................... 118

ANNEX 10: CONSIDERATIONS ON THE USE OF BIOMETRIC DATA (TOPIC 3) .......................... 119

ANNEX 11: AVAILABLE POLICY OPTIONS OVERVIEW (PREFERRED OPTION IN BOLD) ....... 121

kom (2018) 0302 - Ingen titel

Glossary

Term or acronym

CFR

CVCA

ECRIS-TCN

Meaning or definition

EU Charter of Fundamental Rights

Country Verifying Certificate Authority

European criminal records information system

regarding third country nationals and stateless persons

EDPS

EES

EIS

ESP

ESPs

eu-LISA

European Union

European Data Protection Supervisor

Entry/Exit System

Europol data

European Search Portal

External Service Provider

European Agency for the operational management of

Large-Scale IT Systems in the area of freedom, security

and justice

European Travel Information and Authorisation System

EU readmission agreement

Database of False and Authentic Documents Online

EU Agency for Fundamental Rights

General Data Protection Regulation

High-level Expert Group

Impact Assessment

International Civil Aviation Organization

Justice and home affairs

Joint Research Centre

Law enforcement access

ETIAS

EURA

FADO

FRA

GDPR

HLEG

ICAO

JHA

JRC

LEA

kom (2018) 0302 - Ingen titel

LSV

MRTD

REFIT

SIRENE

Long-stay visa

Machine-readable travel document

Member State

Official Journal

Passive Authentication

Regulatory Fitness and Performance Programme

Residence card

Residence permit

Supplementary Information Request at the National

Entries

–

national single point of contact for SIS.

Schengen Information System

Stolen and Lost Travel Documents database

Third-country national

Travel document

Interpol's database of Travel Documents Associated with

Notices

Visa holder

Visa Information System

SIS

SLTD

TCN

TDAWN

VIS

kom (2018) 0302 - Ingen titel

1. I

NTRODUCTION

: P

OLITICAL AND LEGAL CONTEXT

1.1.

Visa Information System and the security of the Schengen area

The abolition of checks at internal borders of the states forming part of the

Schengen area

is one of the most valued achievements of EU integration. To uphold this achievement and

as a response to the increase of irregular migration to the EU and the threat to internal

security, in recent years

EU information systems for border management and security

have been considerably strengthened, new ones are being developed, and the

interoperability between them has been established

with the aim of creating a framework

for fast, seamless and systematic communication to face these challenges.

The common visa policy for short-stay visas is one of the Schengen area's

"flanking

measures"

(together with the harmonisation of the external border controls, enhanced

cross-border police cooperation, and the creation of the Schengen Information System

(SIS)) accompanying the establishment of a common area without checks at internal

borders. The common visa policy encompasses a set of harmonised rules

, allowing the

Member States

to mutually recognise short-stay visas issued.

As stated in the Commission Communication on the Delivery of the European Agenda on

Migration

, the EU's common visa policy is not only an essential element to facilitate

tourism and business, but also a key tool to prevent security risks and risks of irregular

migration to the EU.

Around 18 million applications for short stays are lodged with the Member States every

year by nationals of the over 100 countries around the world under visa obligation, and

more than 90% of them are issued a visa. In an area without internal border controls, the

risk of irregular migration and the risk to security and public order of one Member State

have an impact on the other Member States. This is why the decision to issue a visa is

a decision taken by national authorities, who should take into account not only their own

interests but that of all Member States. The VIS was established in 2004, following several

calls by the Council to have a common system to store visa data and it is operational since

2011. By January 2018, data on more than 52 million visa applications, with 52.27 million

facial-images and nearly 50 million fingerprint sets had been entered in the VIS.

In line with the April 2016 Communication on Stronger and Smarter Information Systems

for Borders and Security, the Commission proposed additional information systems in the

area of border management. The Entry/Exit System (EES) Regulation

will register entry,

COM(2017) 794 final and COM(2017) 793 final.

Visa Regulation (539/2001) laying down the common "visa lists" of countries whose nationals require a visa to

travel to the EU and those who are exempt from that requirement; Visa Code (Regulation 810/2009) establishing

the procedures and conditions for issuing short-stay visas; Regulation 1683/95 laying down a uniform format for

the visa sticker; and the VIS Regulation (767/2008) setting up the Visa Information System (VIS), in which all visa

applications and Member States' decisions are recorded, including applicants personal data, photographs and

fingerprints.

In this document, ‘Member States’ means Schengen Member States, i.e. EU Member States that are Schengen

members, as well as the Schengen Associated countries.

COM(2017) 558 final, p.15.

Figures from EU-Lisa.

Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an

Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing

the external borders of the Member States and determining the conditions for access to the EES for law

kom (2018) 0302 - Ingen titel

exit and refusal of entry information of third country nationals crossing the external

borders of the Schengen area, thus identifying overstayers. The EES Regulation also

amends the VIS Regulation and stipulates rules on interoperability between EES and VIS,

establishing a direct communication channel between the two systems for the use of border

and visa authorities. This will allow border authorities to verify the validity of the visa and

the identity of a visa holder directly against the VIS at the external borders. Consular

authorities will be able to consult the EES file of an applicant to verify the use made of

previous visas.

The Commission also presented a proposal for a European Travel Information and

Authorisation System (ETIAS)

aiming at a more efficient management of the EU’s

external borders, and improved internal security by introducing advance checks on all visa-

free travellers before their arrival at the external borders.

In December 2017, the Commission presented a proposal to ensure interoperability

between EU information systems for security, border and migration management

. The

proposal also seek to facilitate and streamline access by law enforcement authorities to

non-law enforcement information systems at EU level including the VIS, where necessary

for the prevention, investigation, detection or prosecution of serious crime and terrorism.

However, ensuring various information systems are interoperable is only the first step. In

order to make use of interoperability, concrete measures need to be taken to make

interoperable IT systems work together.

In addition to these legislative developments, in September 2017, the Commission

Communication on the Delivery of the European Agenda on Migration

acknowledged the

need to further adapt the common visa policy to current challenges, taking into account

new IT solutions and balancing the benefits of facilitated visa and visa-free travel with

improved migration, security and border management, and making full use of

interoperability. In this context, the Commission presented a Communication on adapting

the common visa policy to new challenges on 14 March 2018,

in parallel with a proposal

to amend the Visa Code.

The proposal to amend the Visa Code aims to simplify and

strengthen the visa application procedure, to make it easier for tourists and business

travellers to come to Europe with a visa while strengthening the prevention of security and

irregular migration risks, most notably by linking visa policy with the return policy. The

VIS fits into this context as the electronic processing tool supporting the visa procedure.

The March Communication also announced the work towards enhancing security by

revising the VIS and making full use of interoperability. It furthermore announced the

three main modalities in which enhanced security would be achieved: 1. by enhancing

checks in visa processing using interoperability; 2. by closing remaining information gaps

for borders and security through the inclusion of long-stay visas and residence documents

enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC)

No 767/2008 and (EU) No 1077/2011.

COM(2016)731 of 16.11.2016.

COM(2017) 794 final and COM(2017) 793 final.

Cited above.

COM(2018)251.

COM(2018)252.

kom (2018) 0302 - Ingen titel

in the VIS and 3. by addressing remaining information gaps in short-stay visa processing,

in respect of fingerprinting age of applicants and keeping copies of travel documents.

1.2.

Closing the information gap on long-stay visas and residence

documents

The Commission's April 2016 Communication on

Stronger and Smarter Information

Systems for Borders and Security

identified a need to address information gaps in the

EU's architecture of data management, including on third country nationals holding a long-

term visa. This Communication also signalled a shift from the principle of disconnected

databases towards their inter-operability in full compliance with fundamental rights. On the

other hand, the EU has also strengthened its data protection rules by adopting the General

Data Protection Regulation and the Data Protection Directive for the police and criminal

justice sector in 2016

. The new rules are based on principles of data protection by default

and by design (privacy and data protection as key considerations from the earliest stages of

development of any system).

On 10 June 2016, the Justice and Home Affairs (JHA) Council endorsed a roadmap to

enhance information exchange and information management

. One of the objectives was

to address the existing information gap in the documents issued to third-country nationals.

The Roadmap concluded that the fragmentation of information through different Member

States and systems is inefficient and could lead to errors when assessing a third-country

national’s situation and makes the border-crossing

procedure more difficult.

The Final Report of the High-Level Expert Group on Information Systems and

Interoperability (HLEG)

of May 2017 further described the existence of the information

gap at EU level and recommended the Commission to undertake, as a matter of priority,

a feasibility study on the establishment of a central EU repository containing information

on the documents which allow a TCN to stay for a longer period than the 90 days within

any 180 days allowed by the short-stay visa in a given Member State and whose issuance

falls under national competence.

In its Conclusions of 9 June 2017 on the way forward to improve information exchange

and ensure the interoperability of EU information systems

, the Council acknowledged

that new measures might be needed in order to fill the current information gaps for border

management and law enforcement, such as in relation to border crossings by holders of

long-stay visas, residence cards and residence permits. The Council invited the

Commission to undertake a feasibility study as a matter of priority for the establishment of

a central EU repository containing information on long-stay visas, residence cards and

residence permits, as recommended in the Final Report of the HLEG.

COM(2016) 205 final (see page 3).

Regulation (EU) 2016/679 (OJ L 119, 4.5.2016) and Directive (EU) 2016/680 (OJ L 119, 4.5.2016).

Roadmap to enhance information exchange and information management including interoperability solutions in the

Justice and Home Affairs area (9368/1/16 REV 1).

http://ec.europa.eu/transparency/regexpert/index.cfm?do=groupDetail.groupDetail&groupID=3435.

ST/10151/17.

kom (2018) 0302 - Ingen titel

The Report on the VIS Evaluation adopted in 2016

already included a recommendation

for further development of the VIS to include these documents.

In response, the Commission undertook a study to assess the need for a centralised EU

repository containing information on long-stay visas, residence permits and residence

cards, including its necessity, technical feasibility and proportionality. It analysed whether

including long-stay visas and residence documents in a central database was technically

feasible and desirable, compared to the creation of a new database to store data on these

documents. The study concluded that re-using the VIS structure to include these

documents would be the most feasible option in terms of IT security, ease of

implementation and cost-effectiveness.

The study also concluded on the need to further

analyse the necessity and proportionality of such a measure, which is done in this impact

assessment.

1.3.

The VIS setup

A comprehensive legal framework was adopted to establish the Visa Information System

(VIS) as a large-scale IT-system for exchanging short-stay visa data between Member

States

. The VIS was created for the purpose of processing data on short-stay visa

applications. The purpose, functionalities and responsibilities accompanying the VIS are

specified in the VIS Regulation and in a number of implementing acts

. The overall

objectives of the VIS are to improve the implementation of the common visa policy,

consular cooperation and consultation between central visa authorities by facilitating the

exchange of data between Member States on applications and on the decisions relating

thereto, in order to:



Facilitate the visa application procedure;

Prevent ‘visa shopping’;

Facilitate the fight against identity fraud;

Facilitate checks at external border crossing points and within the Member States’

territory;

Assist in the identification of any person who may not, or may no longer, fulfil the

conditions for entry to, stay or residence on the territory of the Member States;

Facilitate the application of the Dublin Regulation

;

Report from the Commission to the European Parliament and the Council the implementation of Regulation (EC)

No 767/2008 of the European Parliament and of the Council establishing the Visa Information System (VIS), the

use of fingerprints at external borders and the use of biometrics in the visa application procedure/REFIT Evaluation

COM(2016) 655 final.

Full report of the study can be accessed at DG HOME website.

Council Decision 2004/512/EC of 8 June 2004 (the VIS founding Decision) established the VIS as a system for

exchanging visa data between Member States; Regulation (EC) No 767/2008 of 9 July 2008 (the VIS Regulation)

laid down the VIS’s

purpose, functionalities and responsibilities, as well as the conditions and procedures for the

exchange of visa data between Member States to facilitate the examination of visa applications and related

decisions; Regulation (EC) No 810/2009 of 13 July 2009 (the Visa Code) set out the rules on the registration of

biometric identifiers in the VIS. Council Decision 2008/633/JHA of 23 June 2008 (the Law Enforcement Access

Decision) consequently laid down the conditions under which Member States’ designated authorities

and Europol

may obtain access to consult the VIS for the purposes of preventing, detecting and investigating terrorist offences

and other serious criminal offences.

For a full set of adopted acts see DG HOME online library.

Regulation 604/2013 establishing the criteria and mechanisms for determining the Member State responsible for

examining an asylum application.

kom (2018) 0302 - Ingen titel



Contribute to the prevention of threats to the internal security of any of the Member

States.

The variety of the purposes requires that the VIS is used by different authorities

(migration, law enforcement, and border control authorities) in full respect of access

safeguards. The VIS allows to verify that the person presenting a visa is indeed its rightful

holder, and that the visa is valid. Furthermore, by using VIS checks and issuance of visas

are made easier and abuses can be better detected. In addition, asylum authorities can

consult the VIS to determine the Member State responsible for the asylum procedures and

migration authorities can use it to identify unambiguously third country nationals subject to

a return procedure. Finally, law enforcement authorities (national and Europol) may

consult the VIS when there are suspicions of terrorism or serious criminal offences (see

Figure 1 below for VIS process and access).

The VIS central system was developed by the Commission and handed over to eu-LISA

in December 2012. It was gradually rolled out in all Member States' consulates around the

world between October 2011 and February 2016.

As one of the centralised EU information systems for security, border and migration

management, the VIS is an integral part of the Commission's new approach to the

management of data for borders and security

that seeks to ensure that border guards, law

enforcement officers, immigration officials and judicial authorities have the necessary

information at their disposal to better protect the external borders and enhance internal

security for the benefit of all citizens. To achieve that, there is a need to maximise the

benefits of existing information systems including the VIS, to develop the system to

address information gaps including on long-stay visas, residence permits and residence

cards, and improve the interoperability of EU information systems, in line with the April

2016 Communication on stronger and smarter information systems for borders and

security

and the call by the European Council of 23 June 2017 to improve the

interoperability between databases.

Such access must be necessary

for ‘the prevention, detection, or investigation of terrorist offences or other serious

criminal offences,’ it must be necessary in a specific case, and there must be reasonable grounds to consider that

consultation of VIS data ‘will substantially contribute

to the prevention, detection or investigation of any of the

criminal offences in question’ (Brouwer, 2010).

As provided by Regulation (EU) No 1077/2011 of the European Parliament and of the Council of 25 October 2011

establishing a European Agency for the operational management of large-scale IT systems in the area of freedom,

security and justice, OJ L 286, p. 1 of 1.11.2011.

COM(2017) 261 final (16.5.2017).

COM(2016) 205 final (6.4.2016).

European Council conclusions, 22-23 June 2017.

kom (2018) 0302 - Ingen titel

Figure 1: VIS process and access: current situation

1.4.

VIS REFIT Evaluation

As required by the VIS legal basis

and as part of the Commission’s REFIT programme,

in 2015, the Commission launched an evaluation of the system. The results of the

evaluation and the ensuing recommendations to improve the functioning of the system

were transmitted to the European Parliament and the Council on 14 October 2016.

Overall, the VIS evaluation showed that the system is effective in meeting its objectives, in

particular as regards simplifying and facilitating the visa application process, reducing the

administrative burden of national administrations, helping to fight fraud, facilitating at

external border crossing and within the territory of the Member States and identifying third

country nationals for migration or return purposes or examining asylum applications.

The evaluation also demonstrated a need to further develop the VIS in order to better

respond to new challenges in visa, border and security policies, including by seeking to

establish interconnectivity with existing and upcoming IT systems and exploring ways to

have information on national long-stay visas, including biometrics, registered in the VIS. It

also showed the need for improvements in particular in relation to the monitoring of data

quality and the production of statistics.

As regards the protection of personal data processed in the VIS, the evaluation found that

the VIS has a very good track record: inspections on the spot by the European data

Protection Supervisor

to monitor the lawfulness of the processing of personal data and

security audits of the VIS central system have not led to identify any data protection

concern. After five years of being in charge of the operation of VIS, eu-LISA has not

received any complaint related to data protection in VIS. VIS has been subject to two

auditing inspections by the EDPS

–

in 2012 and 2015. Furthermore, regular meetings

Article 50 of the VIS Regulation and Article 57(3) of the Visa Code.

COM(2016)655, SWD (2016) 327, SWD (2016) 328.

VIS Security audit, June 2012; VIS Inspection Report 2016; VIS Supervisory Coordination Group Activity Report

2015-2016; VIS Supervisory Coordination Group Report on access to VIS data subjects' rights, 2016.

kom (2018) 0302 - Ingen titel

(twice a year) of VIS Supervisory Coordination Group are held, where national data

protection authorities and the Commission are gathered to discuss data protection issues

arising from the activity of the VIS, providing a forum to raise any data protection

concerns.

1.5.

Consequences for the VIS

The migratory and security challenges faced by the EU in the recent years together with

the update of EU information systems for border management and security and the

development of new ones require the update of the VIS. A number of changes to be

introduced in the VIS stem directly from the 2016 evaluation. Most of them are of a

technical nature and serve to further align the system with the new legislative proposals in

this area, while not presenting a significant economic, social or fundamental rights impact.

Therefore a detailed assessment of the impact of these technical improvements is not

needed. These changes mainly concern: 1) improvement of data quality; 2) integrating the

VISMail functionality into the VIS; 3) centralising the consultation and representation

functions; 4) support for facial image recognition or with latent fingerprints and 5) set up

of a reporting and statistics engine based on VIS data. The study on all envisaged

technical

impacts

resulting from the VIS evaluation was carried out by eu-LISA between October

2016 and July 2017 and its input was factored into this impact assessment to the extent

relevant.

However, several issues identified in that evaluation report require not only a technical

analysis, but also a further analysis of relevant impacts. There are

four

such

key issues:

1. the experienced difficulties to complete procedures to return irregular migrants to

their countries of origin in case travel documents are missing;

2. the risks of irregular migration and visa fraud, including in particular for reasons of

trafficking in human beings and other abuse involving children

under 12 years old

when applying for a visa;

3. the difficulties regarding the verification of long stay visas and residence documents

and their holders, by border or migration authorities;

4. the information gap on checks for irregular migration and security risks when

processing visa applications.

In order to analyse them two studies were contracted. The first one addressed aspects 1 and

2 and the second one aspect 3. In addition, it also seems necessary to update the VIS to

take into account the evolution that took place after the 2016 evaluation regarding EU

information systems for border management and security. Therefore, in striving to align

the initiative with the recently adopted (EES), proposed (recast Eurodac proposal, ETIAS,

interoperability) or envisaged Commission proposals (ECRIS-TCN

), a possibility to

Apart from child trafficking, child protection phenomena also encompass other violations which could be addressed

under this section, such as children in possession of a visa subsequently gone missing, parental child abduction etc.

Due to the very nature of these phenomena, available data is very scarce, therefore as a methodological strategy the

study exclusively focused on trafficking as the phenomenon most feasible to quantify.

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL establishing a

centralised system for the identification of Member States holding conviction information on third country

kom (2018) 0302 - Ingen titel

enable

automatic consultation

of the other existing databases in the area of security and

borders for visa processing was raised, which is further analysed as problem 4. The

analysis builds upon the findings of ETIAS feasibility study, therefore no new studies were

contracted.

2. P

ROBLEM DEFINITION

2.1.

What are the problems?

2.1.1. Lack of travel document as evidence in return proceedings

Currently Member States have different national practices regarding the storing the travel

document presented when applying for a short-stay visa. Many of them require applicants

to submit hard copies of the bio data page (as a minimum) of the document, which are then

archived for an average period of 1-3

years in the consulates’ archives. However, national

authorities have no information regarding the existence of those copies kept by other

Member States and there are no EU-wide rules regulating their exchange. In the absence of

a valid travel document (or copy thereof), return proceedings for TCNs irregularly found

on EU territory and who entered the EU using a visa are slow and often unsuccessful.

The common EU rules governing return proceedings are stipulated in the Return

Directive

, which contains clear, transparent and common rules for the return and removal

of the irregularly staying migrants, while fully respecting the human rights and

fundamental freedoms of the persons concerned.

In the wake of the migration crisis of 2015, the numbers of irregular migrants in the EU

expected to return to their home country has grown considerably. In the six-year period of

2011-2016, 2 891 260 persons were ordered to leave, out of which 1 118 385 were returned

to third countries. This means that 1 772 875 persons were not returned, out of which 600

925 in 2015-2016 alone. It can be assumed that the majority of these persons remain in the

territory of the EU Member States.

Irregular migrants staying in the territory of the

Member States and waiting for return to their home country cause high costs for Member

States in terms of housing, food, medical expenses and related expenses, as well as

administrative costs, hampering in addition fast and effective procedures for legal

migration and asylum seekers. The failure to efficiently return migrants to their home

country is also an incentive for further irregular migration. The dangers along the road to

Europe are often disregarded by irregular migrants because they know that the risk of

being returned once in Europe is relatively low. The proposal to amend the Visa Code has

also pursued options on how to better link visa policy and return.

Among third country nationals (TCN) to be returned, there is a number of TCN who

overstayed their visa and became subject to return procedures. The total number of

nationals and stateless persons (TCN) to supplement and support the European Criminal Records Information

System (ECRIS-TCN system) and amending Regulation (EU) No 1077/2011.

Directive 2008/115/EC of the Council and the European parliament on common standards and procedures in

Member States for returning illegally staying third-country nationals.

Eurostat: Third-country nationals ordered to leave

–

annual data (rounded); Third-country nationals returned

following an order to leave

–

annual data (rounded).

kom (2018) 0302 - Ingen titel

detected overstayers at EU-level is estimated at around 294 000 cases across the EU, on

average.

Visa overstayers who no longer possess a travel document

Based on the data provided by the Member States, it is estimated that roughly 10 to 20% of

all visa overstayer return cases involve TCN visa holders who no longer possess, or fail to

produce their travel document on request. This amounts to an estimated 26 445

–

52 891

cases of missing travel documents (as of December 2017).

Stakeholder testimony

further suggests that a significant number of return decisions are

not executed

due the authorities’ inability to obtain satisfactory evidence proving the

nationality of the third country national in question. If it is estimated that between 60% to

75% of such return cases are not implemented on these grounds. This amounts to an

estimated 15 867 to 39 668 returns of visa overstayers that could not be executed, which

represents a high administrative burden for Member States.

The 2016 VIS evaluation revealed that 8 out of 26 Member States had never even accessed

the VIS for the purpose of identifying TCN for return. Furthermore, 3 out of the 19

responding Member States declared that they communicated VIS data to non-EU countries

or international organisations for the purpose of return. It has to be noted that non-EU

countries usually do not accept information extracted from VIS as

prima facie

evidence of

nationality for return purposes. Recent trends

showed an increased use of the VIS as an

instrument which provides a proof of identity necessary in a return procedure. However,

there is currently no mechanism in place to mutually inform and to exchange travel

document copies of TCN between Member States, when needed to complete a return

procedure in cases where the Member State which has to execute the return is different

from the Member State which issued the visa. The absence of such a mechanism means

that Member States have

both practical and legal

difficulties when exchanging travel

document copies to this end.

Supporting study by Ecorys: Feasibility and implications of lowering the fingerprinting age for children and on

storing a scanned copy of the visa applicants' travel document in VIS, based on 2014

–

2016 average data. It is

worth noting that the figure is in line with the figure on visa overstayers that was used in the 2016 Impact

Assessment report on the introduction of an Entry-Exit System, which estimated a stable annual average of

approximately 250.000 visa overstayers EU-wide - SWD(2016) 115 final.

Targeted stakeholder consultations conducted in the scope of the Ecorys study.

Calculations within the Ecorys study estimate additional annual costs of EUR up to 33.3m. For more see Annex II

to the study.

COM(2016) 655 final,

“Report from the Commission to the European Parliament and the Council on the

implementation of Regulation EC) No 767/2008 of the European Parliament and of the Council establishing the

Visa Information System (VIS), the use of fingerprints at external borders and the use of biometrics in the visa

application procedure/REFIT Evaluation,” Brussels: 14 October 2016.

kom (2018) 0302 - Ingen titel

Figure 2: Problem tree: storing a copy of the travel document in the VIS

Difficulties faced by Member States to acquire a copy of the travel document from the

diplomatic/consular representations of the issuing countries places a high burden on them

as they have to devote considerable time and resources to confirm the identity and

nationality of a TCN.

Not having a copy of the travel document means that it is

disproportionately difficult to carry out the return of TCNs issued return decisions in

practice. In this way, lack of travel document copies in VIS undermines the smooth

functioning of the EU return policy and, due to its role to prevent and respond to the risk of

irregular migration, indirectly also on the visa policy.

2.1.2. Lack of fingerprinting data allowing to identify minors

Current EU legislation on the visa application procedure for short-stay visas exempts

children under the age of 12 from providing fingerprints. This was mainly due to technical

limitations regarding fingerprinting children available at the time the provisions were set in

law.

However, the legislator requested the Commission in Article 57(4) of the Visa Code

to address in the future the issue of sufficient reliability for identification and verification

purposes of fingerprints of children under the age of 12. Without fingerprints it is more

difficult to unambiguously verify the identity of a child holding a visa at the border or

within the Schengen territory. This phenomenon is exponentially amplified by the fact that

a Schengen visa can go up to 5 years validity, which means that a child who applied with

12 years old can obtain a multiple entry visa with validity until the age of 17. On average,

children under 12 make up 10 to 15 % of visa applicants

, meaning that between 1.4 and

According to the stakeholders consulted in the scope of the Ecorys study, the return procedure may be delayed by 2

days during low-seasons, and up to 2 weeks during busier periods which brings additional annual costs of up to

EUR 12.7m. For detailed calculation see Annex II to the study.

Taking into account technologies available at the time, 12 years old was considered to be a reasonable minimum

age for automated fingerprint recognition.

For more details on the estimate methodology see Ecorys study, Chapter 4.1.2., p.109.

kom (2018) 0302 - Ingen titel

2.1 million new visas are granted to children under 12 each year. Out of this category, it is

estimated that between 0.7 and 1.05 million are children younger than 6 years.

On the other hand, based on available data

, it is estimated that on a yearly basis there

could be between 1 500 and 2 000 TCN children <12 victim of trafficking in the Schengen

area. Although there is no precise information possible on how many of these child

trafficking victims have travelled with a visa to the Schengen area or come from countries

subject to the visa obligation (but have tried and failed to obtain such a visa),

extrapolations can be made on the basis of information available regarding the main

countries of origin

of the trafficked children according to which it is likely that around

25 % of them went through the visa process (375-500 children on a yearly basis

Furthermore, a multiplying factor should be taken into account, given that with a MEV

valid for up to 5 years, the real scope of the problem is extended potentially to children up

to 17 years old. For this age group figures on children victims of trafficking climb up to

3200-4250

on a yearly basis. Taking all these factors into considerations, it can be

estimated that between 820-1000 trafficked children arrive with a visa which was taken

without fingerprints each year.

The Commission Report on the progress made in the fight against trafficking in human

underlined that traffickers exploit loopholes in enforcement or control and that tools, such

as the VIS can assist in identifying victims of trafficking in human beings and detecting

traffickers.

“When a person regularly requests a new visa or has been issued with a

multiple-entry visa and is travelling repeatedly with different 'other' persons (for example

other children), there could be a suspicion of trafficking. The biometric data in the VIS

makes it furthermore impossible for multiple persons (looking alike) to travel on the same

visa or passport.”

A typical case scenario of trafficking would entail a family with children applying for a

Schengen visa. A photo of the child (which does not have to be taken live) must be

presented with the application. The child may or may not be present, although the family

would have to present a breeder document

(e.g. birth certificate) proving the relation

between the child and the adult applicant(s). If a visa is issued (which could be valid for up

to 5 years), the family does not have to appear again in the consulate for the period during

which the visa is valid, and multiple travels to the EU are possible. Verification that the

children travelling with the family are the rightful holders of the visas are done at the

border only on the basis of visual inspection of the travel document, by checking that the

child in front of the border guard resembles to a reasonable degree to the child in the

Idem.

According to Commission's Report to the European Parliament and the Council on the progress made in the fight

against trafficking in human beings, SWD(2016) 159 final Nigeria, China, Albania, Vietnam and Morocco are the

top 5 source countries for trafficked TCN children.

Source: Eurostat data on trafficked children.

According to figures from

Eurostat Report on Trafficking in Human Beings,

2% of victims of trafficking are under

12, whereas 17% are in the 12-17 age range. Using the same extrapolation logic, the number of potential victims of

trafficking is substantially higher if this age range is taken into consideration.

Commission Report to the European Parliament and the Council on the progress made in the fight against

trafficking in human beings, SWD(2016) 159 final.

Abundant evidence has been gathered by the Commission from Scheval Report and Local Schengen Cooperation

Reports, in particular from sub-Saharan Africa, on false applications involving fraudulent breeder document and the

low reliability of breeder documents issued in many third countries subject to visa obligation.

kom (2018) 0302 - Ingen titel

passport in which the visa is affixed. Thus, while the travel document could be genuine and

the visa genuinely obtained, a trafficker could travel multiple times bringing different

children to EU territory without being detected at borders.

In case the child is later on found by authorities as a victim of trafficking, it would be

impossible to retrieve the information regarding the true identity, country of origin and

real family of the child, since identifications against the VIS (or other systems) are not

possible on the basis of facial image only, especially when the facial image initially stored

in the system is based on a scanned photograph.

As regards missing children (i.e. in case of a genuine family arriving as bona fide

travellers but where the child, for various reasons, might go missing during the stay in the

territory), the search, although legally possible through SIS alerts

on missing persons, is

not effective in practice because only alpha-numeric identity data could be included in the

alert (name, surname, place and date of birth, nationality

), and which, depending also on

the age and maturity of the child, would not be sufficient to allow identifying the child in

case found by the authorities.

Due to the lack of fingerprints for TCN children under 12, VIS benefits to prevent visa

fraud and facilitate checks at external borders and within the territory of the Member States

or asylum examination do not extend to all children. This is a loophole which can be used

by fraudsters and traffickers and does not contribute to ensure the protection of TCN (<12

years of age at the time of applying for a visa) children at risk of abuse, either from

trafficking with the help of a visa, or in case they are found in Schengen territory in a

situation where their rights may be or have been violated (through trafficking, missing

children, unaccompanied minors applying for asylum).

2.1.3. Lack of sufficient information on long-stay visas and residence documents

The issuance of long stay visas and residence documents is not fully harmonised at EU

level, since only for certain categories of third-country nationals admission conditions and

procedures are regulated under EU law.

Such authorisations give the right to the holder to

stay and move freely within the entire Schengen territory for 90 days in any 180-day

period

, provided they fulfil the entry conditions set out in the Schengen Border Code.

Residence documents include residence permits

–

issued to third country nationals for

stays longer than 90 days in 180 days for reasons varying from study, research, work, to

family reunification by third country nationals, and residence cards

–

issued to third

country nationals who are family members of mobile EU citizens (i.e. those who have

exercised the right to free movement).

By April 2018, nearly 70,000 missing children were reported in the SIS (although it is impossible to know the

nationality, whether EU or TCN).

Pursuant to Article 20(3) of Regulation (EU) No 515/2014.

This is the case in respect of rules on family reunification, long term residence, for the admission of seasonal and

highly skilled workers, Intra-Corporate Transferees, students, researchers and trainees with university degrees. For

more information,

see the dedicated site.

Article 21 Schengen Convention provides the mutual recognition of these documents as documents allowing free

movement within the Schengen area for 90 days in any 180 days (i.e. similar to a Schengen short-stay visa).

As defined under Article 2(16) of Regulation 399/2016 on a Union Code on the rules governing the movement of

persons across borders (Schengen Borders Code).

Issued under Article 21 TFEU, concerning the freedom of movement of EU citizens. Mobile citizens are those EU

citizens who are residing in another EU member state than their own.

kom (2018) 0302 - Ingen titel

Currently, only TCN who applied for short-stay visas are in the VIS, as it is a centralised

mechanism at EU level containing short-stay visa applications and visas issued. Long-stay

visas, residence permits are residence cards are not contained in any EU system.

The lack of a centralised mechanism at EU level enabling Member States to exchange

information on these documents and their applicants or holders result in a two-fold

problem:

1. authorities at borders others than of the Member State who issued a document have

difficulties to effectively and efficiently verify the authenticity of these documents

in connection with their rightful owner, or to fully ascertain the identity of the

person holding them. Identity and document fraud are the major risks in this respect

(as elaborated further down).

2. Member States do not have access to nor can exchange, in an effective and efficient

manner, information enabling them to properly check whether the person is not a

threat to the security of the Member States before or when the person reaches the

external border (see further below).

Visa-exempt TCNs

coming for short stays

TCNs’

entries and exits

in and out of Schengen,

coming for short stays

Future systems

TCN who reside in the EU,

coming for a long stay

or who often cross the

external borders

EES

ETIAS

Asylum seekers and

some categories of

irregular migrants

Eurodac

SIS

Current systems

VIS

Visa-required TCNs

coming for short stays

Law enforcement

and border controls

Figure 3: Information gap on a category of third-country nationals

From a

border-control point of view and for checks carried out within the territory

the Member States, it is crucial to be able to ascertain the authenticity and validity of the

documents and the legitimate relation with the holder. Currently, this is done, for the

documents provided with security features, by verifying these elements. Of the three types

of documents (long-stay visas, residence permits, residence cards), only some residence

permits and residence cards issued in a residence permit format have a chip

, which

allows electronic verification and the possibility to verify the bearer identity

. Frontex

observes that both the quantity and quality of fraudulent residence documents (2546

The check that the residence permit belongs to the bearer is done by reading the facial image from the chip of the

document and comparing it with the one of the bearer. In case of failure or doubt, the stored fingerprints can be

accessed. However, the information on the chip needs to be checked on its authenticity which can be done by

exchanging cryptographic certificates between Member States.

However, to achieve a high level of security of checks, MS would need to systematically exchange the Country

Verifying Certificate Authorities (CVCA), which currently is only partially done. Furthermore, there is no evidence

showing that Member States use the fingerprints stored in the residence permits issued by another Member State to

carry out identity verification at borders.

kom (2018) 0302 - Ingen titel

detections in 2017 on both permits and cards) circulating in the EU have increased in

recent years.

Moreover, an unsuccessful document authentication procedure based exclusively on

verifying the security features of the document does not automatically establish a fraud

case, and because it implies further second line checks, does not help to carry out a smooth

and fast border check procedure.

In addition, while many residence permits and long-stay visas formats are harmonised, and

for the residence cards measures to harmonise and secure them are under way

, this is not

yet the case for all these documents.

Thus, the visual inspection of the document’s security

features is made difficult by the different formats and

–

for some documents

–

the rarity

with which they appear at certain border-crossing points, in addition to the heterogeneous

use of security features.

The border guards have different tools to gather information to assess the validity of

a document, some automated (SIS and SLTD for lost, stolen, misappropriated and

invalidated documents), others to be used at second-line border checks (like the FADO

for images of authentic and forged documents). However, the information provided by

these systems is very limited and the objective of border checks cannot be achieved on this

basis in an efficient and effective manner. The SIS (which is the only EU centralised

databased used at borders) does not provide information on previous fraud attempt(s) by an

applicant and cannot provide information on documents that have not been reported as

stolen or lost, it does it include information on withdrawn documents, nor any information

on long stay visas.

In case of a doubt concerning the document or its holder, border guards have to rely on

bilateral contacts with the issuing Member States, via communication channels like

SIRENE

, the Police and Customs Cooperation Centres National Contact Centre (NCC),

phone, emails or fax

, which is limited by inherent constraints like language barriers and

waiting times for the traveller,

who sometimes runs the risk of being wrongly denied

entry or passage.

Moreover, the issuance of a residence document constitutes the enactment of a right

established under legal migration or freedom of movement legislation to enter and stay on

the territory of the Member States. The document is thus also a material proof that the right

exists, but it is not to be confused with the right A person may lose the document or the

document may expire (as it is the case with the validity of a residence card), but this is not

equivalent to the holder losing the right enacted by that document. However, in case of

The European Commission 2018 Work Programme includes the legislative initiative to harmonise and secure the

residence documents. The idea of such harmonisation is considered both in the contracted study and in this report

as covered by option (3.2) “Further harmonise and secure long-stay visas and residence documents”. COM(2018)

212 final, 17 April 2018.

The FADO is a public register of images of typical authentic or forged travel and identity documents as well as

information on security and forgery techniques that Member States can check online.

Which is limited to providing supplementary information in case of a SIS alert.

In the questionnaire of the 2017

Feasibility Study to include in a repository documents for Long-Stay visas,

Residence and Local Border Traffic Permits - Phase1:

Analysis of Options, 2017, Member States explained that

these procedures are used after an examination of the security features of the document at second-line border check.

For illustration purposes, an example from the public consultation can be given where a TCN described the

embarrassing experience of how their residence document was called into question by suspicious border guards on

the count of never having encountered such document before.

kom (2018) 0302 - Ingen titel

expiry, loss or theft, the person cannot prove its right to enter, stay or move freely within

the territory of the Member States, and currently existing systems to be checked at borders

and within the territory cannot provide evidence to support the person ascertain its rights in

such cases.

Ultimately, this situation leads to

inefficient border-crossing procedures,

which are not

in the spirit of freedom of movement of bona fide TCN who have a right to enter and

reside in the territory of a Member State (Article 21 of TFEU and Directive 2004/38).

Consulted Member States

complained about these procedures as being time-consuming

and inefficient. For the large majority (80%) the lack of shared information on these

documents was a hurdle to their day-to day activities and as such

creates administrative

burden.

The absolute majority of respondents to the open public consultation also perceive the

identified information gap as leading to problems in the management of external borders

and irregular migration within the EU

. The lack of centralised storage of data on these

documents renders them more likely to be tampered with, thus more susceptible to being

misused. In order to be able to assess whether the person could pose a

threat to the

security of the Member States

or whether he or she could be an identity fraudster, it is

important to have access to relevant information on the previous applications made by that

person and which were rejected by other Member States on grounds of national security or

because of established fraudulent claims (of identity or documents). When a TCN applies

for a short stay visa, a full picture of the history of movements, enabling to assess security

and migration risks, including fraud, is possible by connecting information from either VIS

or (in the future) ETIAS with EES, ETIAS, Eurodac and VIS. However, there is no similar

possibility if the same TCN applies for a long stay document, as this information is not

connected with any central system. Information is not flowing either from the short stay

history of a person into a long stay assessment, nor vice versa. Apart from checking

national systems, the only EU-level exchange of information migration authorities have at

their disposal is the SIS for alerts on entry bans. There is no tool to share information on

applications and reasons for refusal for long stay applicants, which might lead to identity

fraud or security risks. This also affects negatively the efficiency of checks against the

integrated IT systems for borders, i.e. checks against the border and security systems using

interoperability is not possible if the information on the document is not present in at least

one of these systems.

Criminals are taking advantage of this loophole in the information exchange between

Member States. Consultations with Europol and national law enforcement authorities

revealed that due to the lack of information sharing between Member States on long stay

documents, combined with the lack of checks between the various centralised systems, the

exact size of the security risk posed by TCN holders of long stay visas or residence

documents is difficult to measure. However, individual national authorities provided

Member States were consulted as part of the supporting study carried out by PwC, see the Executive Summary,

Annex 9.

Open public consultation on sharing information at EU level on long-stay visas and residence document feedback

(see Annex 2).

kom (2018) 0302 - Ingen titel

information

on cases involving serious criminality by TCN going through various legal

migration/asylum/residence statuses in the territories of Member States, which indicate that

the phenomenon is real and raises serious concerns

Stakeholder testimony:

In one such case

a TCN applied for asylum in Austria. His claim was rejected and he

received an entry ban (recorded in the SIS) after several convictions for drug dealing and

serious property crimes in Austria and other Member States. His biometrics and DNA were

recorded by the Austrian police on that occasion. Three years later a DNA hit against his

data was obtained in a rape case and a European Arrest Warrant, registered in the SIS,

was issued on his name.

The same TCN, under a different identity, applied for and successfully obtained a

Schengen visa from another Member State, with the help of which he travelled regularly

from Nigeria to the EU territory. Since SIS, VIS and Eurodac are not currently

interoperable and checks are not systematically launched to the other IT systems when a

visa application is lodged, the identity fraud could not be detected and the visa was issued,

although an arrest warrant was present in the SIS.

Later on the TCN married an Austrian national and obtained a residence permit on the

basis of his status as family member of an EU national. The residence document was

issued without problems as there are no compulsory checks against EU databases as part

of the issuance procedure for these documents.

The TCN was finally apprehended by the Austrian police when he was reported by his wife

for aggravated domestic violence. Based on fingerprints taken at that time and checked

against the Austrian police files, the link with the previous entry ban and arrest warrant

issued years before could finally be established.

In addition to the two main problems identified above, this information gap

and the

persisting fraud problem that comes with it can create spill over effects in the form of blind

spots in the border-management security framework, thus ultimately creating increased

risks for internal security and irregular migration. According to Frontex’s 2017 Annual

Risk Analysis

, smugglers frequently provide migrants with fraudulent travel and identity

documents. Fraud is used by organised crime as a means for a series of related serious

See Annex 2: Stakeholder consultation.

See also the phenomenon of

marriages of convenience.

Available statistics support the fact that marriages of

convenience do occur, but it is not yet possible to fully quantify this across all (Member) States and certainly not in

a comparable manner. In 2010, the EU-27 total of permits issued for family reasons was 747 785, some 510 305 (or

68.2% of the total) of which were issued to a third-country national joining with a third-country national. With

regard to the identified cases of marriages of convenience, and noting that in many cases no distinction between

those occurring between third-country nationals and those occurring between a third-country and an EU national

was possible, residence permits refused or revoked by a (Member) State ranged, in 2011, from 5 up to 990, and in

2010 again from 5 up to 1 360. In terms of marriages of convenience detected in other ways by a (Member) State,

this varied, in 2011, from 5 to 130 and, in 2010, from again 5 up to 425. Suspected marriages of convenience in a

(Member) State ranged in 2011 from 1 740 down to 35 (Misuse

of the Right to Family Reunification,

European

Migration Network,2012).

Source: Ministry of Interior

–

Criminal Intelligence Service, Austria.

Currently, Member States can use alerts stored in the Schengen Information System (SIS) to inform other Member

States of lost, stolen, misappropriated or invalidated residence documents and the European Image Archiving

System (FADO) to detect counterfeit documents at the borders. However, these systems do not constitute a positive

list of issued documents.

Risk Analysis for 2017,

Frontex, page 22.

kom (2018) 0302 - Ingen titel

offences, notably for terrorism, trafficking in human beings, migrant smuggling or drug

and firearm trafficking

. Smugglers are supported by criminal networks with access to

expert counterfeiters who, financed by the strong demand, have set up print shops.

Figure 4: Problem tree

–

long stay documents

Problems

Fraud

Consequences

Problem Driver

Fragmentation of

the information

Operational difficulties at the

borders

2. Security and migration risks

3. Administrative burden

Difficulties in gathering

information to perform an

assessment

of the TCN’

situation

4. Lengthy border-crossing procedures

5. Lack of statistics

Finally, this gap also entails costs for the society as people obtaining residency through

fraudulent means make wrongful use of social security benefits or gain unjustified access

to the labour market.

2.1.4. Lack of sufficient checks on migration and security risks when processing visa

applications

Currently the visa procedure is not taking into account the possibilities offered by available

large-scale IT systems nor interoperability between them. For instance, when assessing a

visa application, SIS is checked as part of the risk assessment for irregular migration

pursuant to the Visa Code. However, only the checks against alerts for the purpose of

refusing entry are currently done because this is an automatic ground for refusal under the

Visa Code. In practice, Member States' implementation of SIS and other national databases

checks depend on the technical availability and national arrangements in any case, varying

from direct access to SIS in consulates to consultations of national police authorities, who

themselves carry out a number of checks for migration or security risks purposes, including

larger checks against SIS categories, as well as SLTD, TDAWN, as well as a number of

national migration and security databases. However this remains in all cases a manual non-

automated operation.

This leads to different checks carried out by each Member State, which creates an uneven

playing field for visa applicants who are subject to more or less stringent checks,

depending on each Member State and consequently could lead to undetected security risks

and granting a right to enter the territory to (see

case on page 21 also relevant for this

problem).

This problem is worsened by the fact that in some third countries e.g. West Balkan,

Caucasus countries but also in some EU countries the legal change of personal data, either

family or first names, is rather easy and cheap administrative procedure. International

criminals convicted or wanted for arrest in EU can change their names and get new

identities. It is therefore cheaper for them to legally change identity than to use alias

identities and forged documents. They can obtain genuine biometric travel documents,

See

Eures-Crim projet

(for instance a drug criminal network of TCN with Spanish residence permits operating in

Belgium).

Communication from the Commission to the European Parliament and the Council on an “Action Plan To

Strengthen The European Response To Travel Document Fraud” of December 2016.

kom (2018) 0302 - Ingen titel

which do not yield any hit against previously known identities for irregular migration or

criminal acts carried out with alpha-numeric data only.

Furthermore, this situation does not ensure the same minimum level of checks against

large-scale databases in the field of border and security to which visa free TCNs

–

who in

principle pose lower risks in terms of security or irregular migration

–

will be submitted

through ETIAS

, nor those to which EU nationals are currently subject when crossing an

external border

, both at entry and exit.

Moreover, the current system of checks during the visa examination is no longer adequate

for the new layered border management strategy comprising a number of large-scale IT

systems, as illustrated in Figure 5, which depicts the role that different IT systems currently

have for visa-required (VIS) and visa-exempt travellers (ETIAS), in combination with the

upcoming EES, as part of EU integrated border management.

Not having the possibility of direct, seamless and efficient checks of other databases adds

to the burden of visa application processing, making it more cumbersome. In this way it is

hampering the functioning of the common visa policy.

Figure 5: Place of VIS in the EU layered border management strategy

Article 18 of the proposal for ETIAS Regulation (see footnote 7) provides for the automated processing of all

applications for an ETIAS authorisation against all centralised databases mentioned under the current measure.

Article 28 of the same proposal provides for screening rules along similar conditions as those provided under the

current measure, although tailored for the particular situation of visa free TCN.

As of 7 April 2017 systematic checks against relevant databases are carried out on all EU citizens who are crossing

the EU's external borders (http://www.consilium.europa.eu/en/press/press-releases/2017/03/07/regulation-reinforce-

checks-external-borders/)

kom (2018) 0302 - Ingen titel

2.2.

What are the problem drivers?

2.2.1. Lack of travel document as evidence in return proceedings

Two main drivers were identified in the course of the study.



Driver 1: The absence of a legal framework allowing Member States to

exchange/transfer information on travel documents of TCN subject to return.

Currently, EU legislation

–

including in the areas of visa policy and migration

–

does not

provide for the storage of digital copies (i.e. scanned pages) of the visa applicants’ travel

document in a centralised European system, nor for making them available to other

Member States. Member States may, however, establish such an obligation in their

national legislation.

In practice, many Member States systematically require applicants to

submit such copies of the bio data page (as a minimum), which are stored in paper or

digital format by the individual Member States (i.e. there is no central storage of travel

documents associated to the visa).



Driver 2: Insufficient (or non-existent) and/or slow cooperation of third countries

in return procedures in the absence of a (copy of) the travel document

The consensus view among consulted stakeholders is that the degree to which third

countries cooperate in this field is critically dependent on the quality of relations between

the third country and the returning Member State, or the EU more broadly. Bilateral return

agreements between Member States and countries of origin and EU readmission

agreements (EURAs) are one of the tools that can be used to ensure cooperation with

countries of origin for the effective and smooth implementation of return decisions.

However, even in the context of EURAs and bilateral readmission agreements, Member

States face practical challenges to their implementation in the absence of valid travel

documents which can prove the nationality of the person to be returned.

In particular,

Member States have reported that third countries often do not issue travel documents to

enable the readmission / return, do not reply within deadlines or they require different

levels of evidence to confirm a person without travel documents as their national.

2.2.2. Lack of fingerprinting data allowing to identify minors

The lack of a legal basis allowing to collect fingerprints from children under 12 and check

with these data was identified as the main driver behind this problem. Competent

authorities are having difficulty to identify or verify the identity of some of the third

country nationals below 17 who enter or try to enter the EU territory using a short stay visa

because the EU legal framework does not allow for collecting fingerprints for TCN visa

applicants under 12.

Only three Member States were identified as not having formulated the obligation (within the Ecorys study

stakeholders consultation).

European Migration Network, Synthesis Report for the EMN Focussed Study 2014

–

Good practices in the return

and reintegration

of irregular migrants: Member States’ entry bans policy and use of readmission agreements

between Member States and third countries, 2014.

Ibid. See also the national reports of Austria and Greece in support of the EMN 2014 study: “Austria’s return

policy: application of entry bans policy and use of readmission agreements,” p. 52; “EMN Readmission Report

Greece,” p.21, amongst others.

kom (2018) 0302 - Ingen titel

The inclusion of biometric identifiers, comprising the facial image and ten fingerprints in

the VIS is provided for in Article 13(2) of the Visa Code. However, children under 12 are

exempt from this obligation to have their fingerprints taken. Therefore, competent

authorities have difficulties to identify and/or verify the identity of third country nationals

under the age of 17 (taking into account the possible 5-year validity of the visa) who enter

or have tried to enter the EU using a visa. Current legislative framework does not

correspond to the technological progress either

–

taking fingerprints of children under 12

was not technically feasible at the time of the adoption of the original VIS legal act, as will

be demonstrated later when presenting the rationale for policy options.

2.2.3. Lack of sufficient information on long-stay visas and residence documents

The identified problem driver has to do with the lack of and fragmentation of the

information on long-stay and residence documents.

Data on long-stay visas and residence documents are kept at national level. They allow

border guards to check the information on a document presented against these systems and

a match occurs when the document is valid and issued by the same Member State.

However, border guards and migration authorities have no fast and systematic access to

information on documents issued by another Member State. The available data is partial

and scattered in different systems and tools (SIS, SLTD, FADO, bilateral contacts between

Member States etc.) which leads to lengthy procedures to collect all the necessary data for

the day-to-day activities of national authorities. Member States and the respondents to the

public consultation

confirmed this: 86% agreed with the identified information gap that

leads to problems in management of external borders and irregular migration within the

EU.

2.2.4. Lack of sufficient checks on migration and security risks when processing visa

applications

The problem stems from the changed security and migratory context

legislative

developments, such as ETIAS and new technical feasibility stemming from

interoperability. Furthermore, the outcome of the Schengen evaluation shows that Member

States would welcome the security cross-check against other applications as a way of

enhancing security. This also leads to difficulties when assessing irregular migration and

security risk in the process of issuing short-term visas. It also leads to less stringent, less

harmonised and less evidence-based assessment of these risks because of the impossibility

to use automated database-searching.

2.3.

How will the problem evolve?

2.3.1. Lack of travel document as evidence in return proceedings

Return of a TCN to the country of origin or to another country of transit requires an

individual assessment of the person's situation and in particular an unequivocal

establishment of his nationality. In the absence of solid proof such as a travel document,

third country authorities are usually unwilling to confirm that a TCN subject to return is

their national, which further hampers cooperation in return procedures. As regards TCN

Open public consultation on sharing information at EU level on long-stay visas and residence documents feedback

(see Annex 2).

kom (2018) 0302 - Ingen titel

subject to a visa, their identity and nationality could currently be established on the basis of

a biometric match against the VIS, which is however not an acceptable evidence for third

countries. These two factors: no systematic obligation for storage and the unwillingness of

third countries to accept VIS data instead of copy of travel document lead to the problem

of difficult returns and accrued additional costs. This, in turn, leads to hampering of the

return and indirectly of the common visa policy.

Based on forecast data on future trends in visa applications, it is estimated that, in the

absence of further action at EU level, the proportion of visa overstayers in 2019 will

increase to more than 350 000, between 30 000 to 60 000 of which will find themselves in

return proceedings without valid travel documents.

It can be assumed that the political

pressure to enforce return decisions will grow accordingly.

2.3.2. Lack of fingerprinting data allowing to identify minors

In the continuous absence of fingerprinting from the visa application procedure and

consequently of the means to verify the identity of a TCN child going up to the age of 17

years, the identified problems will continue and might even grow, as networks of irregular

migration and trafficking could become increasingly aware of the existing gap and would

try to

exploit it.

As organised criminal networks are increasingly professionalising and modernising their

modus operandi

and there are no indications of a reversal in migration trends

, the number

of children that are at risk of being trafficked will probably remain high or even increase.

Under the assumption of the continuation of the current scenario, it is expected that the

trafficking of TCN children (<17 and who therefore potentially entered with a visa

obtained without fingerprints, thus making their subsequent identification nearly

impossible) into the EU using genuine visas will remain high

–

or may even rise further

due to the increasing number of applications and the involvement of organised criminal

networks, which are becoming more professional.

2.3.3. Lack of sufficient information on long-stay visas and residence documents

The risks for internal security and irregular migration created by the information gap

regarding long stay visas and residence documents may increase with the existing and

ongoing strengthening of border checks for other categories of travellers (e.g. ETIAS for

short-stay visa-exempt travellers and EES for all short stay visitors, combined with the

existing VIS for short-stay visa holders). This has an impact on overall security and safety

of the Schengen Area, as well as the freedom of movement. These developments could

motivate irregular travellers to look for other, less secure types of documents that would

still allow them to enter the Schengen area and move across Member States. This

phenomenon has already been observed with ID cards, whereby fraudsters target less

secure EU ID cards for intra-Schengen movements

(fraud

based on the ‘weakest link’

approach).

For more information see Chapter 3.1 of Ecorys study.

Eurostat reported

that 4,7 million immigrants immigrated to one of the EU-28 Member States in 2015. An

estimated 2.4 million citizens came from non-member countries, around 19.000 were labelled stateless.

Europol (2016). Situation Report Trafficking in human beings in the EU.

Risk Analysis for 2017,

Frontex, page 23.

kom (2018) 0302 - Ingen titel

2.3.4. Lack of sufficient checks on migration and security risks when processing visa

applications

If all the envisaged proposals are finally adopted and subsequently implemented (EES,

ETIAS, interoperability proposal), it would lead to an asymmetric situation where

automated checks would be mandatory for visa-free TCN in ETIAS against all EU

information systems

and other databases

, whereas for visa required TCN

–

who are

considered, in general, to pose a higher irregular migration or security risk, which is why

they need a visa to enter the EU, there is no possibility of automated checks. This would

have an impact on a better assessment of migration and security risks when deciding on an

application, and would create a less favourable treatment for visa-free TCN in comparison

with TCN under visa obligation, as well as lead to additional administrative burden for

Member States when trying to overcome the lack of direct means to properly assess

migration and security risks.

3. W

HY SHOULD THE

ACT

3.1.

Legal basis

The current legal basis of the VIS is provided in Article 77 (2) (a) and (b), Article 87(2)(a)

and Article 88(2)(a). Similar to other recent proposals in the area of IT systems for security

and borders, Article 16(2) could be added in the revised VIS Regulation, as a horizontal

principle. Article 74, and Article 77(2)(c) and (d) of the Treaty on the Functioning of the

European Union can be added to the legal basis for amending the VIS Regulation. Article

78(2), and Article 79(2) (c), and (d) correspond to ancillary objectives of the VIS and

could also be added.

3.2.

Subsidiarity: Necessity of EU action

The objectives of the revised VIS Regulation, to set up a common system and common

procedures for the exchange of visa data between Member States, cannot be sufficiently

achieved by the Member States and can therefore, by reason of the scale and impact of the

action, be better achieved at EU level. The further improvement of these common

procedures and rules on the exchange of data consequently requires EU action.

The problems elaborated in the previous sections are unlikely to disappear in the near

future and they are directly related to the current provisions of the VIS. Amendments of the

VIS legal framework and related legislation are only possible at EU level. By reason of the

scale, effects and impact of the envisaged actions, the fundamental objectives can only be

achieved efficiently and systematically at EU level. As regards in particular the copy of the

travel document and fingerprinting of minors, the subsequent analysis of the option will

further demonstrate how non-EU action cannot sufficiently address the problem, as they

require a solution through a centralised storage and access to data that none of the MS

taken individually can achieve. As regards in particular the problem of long-stay visas and

ETIAS Central System, Schengen Information System (SIS), Visa Information System (VIS), Entry/Exit System

(EES). Interoperability with Eurodac for the purpose of the automated processing of ETIAS applications against

Eurodac is pending adoption of the recast Eurodac proposal.

Europol data, Interpol databases (SLTD, TDAWN).

For more information on this please see relevant section in the executive summaries of supporting studies in

Annexes 7, 8 and 9.

kom (2018) 0302 - Ingen titel

residence documents, more than 90% of the Member States consulted considered necessary

an EU legislative response to address the information gap. As regards migration and

security checks, it relies by its nature on an immediate access to all other MS information,

which can only be achieved through EU action.

The initiative will further develop and improve the rules in the VIS, which implies the

highest degree of harmonised rules that cannot be solved by Member States acting alone

and can only be addressed at EU level.

3.3.

Subsidiarity: Added value of EU action

As described in the baseline scenario(s) below, the continued application of the current

legal framework is not going to lead to resolving these problems.

Regarding taking fingerprints for visa applicants under 12, the Member States cannot

unilaterally decide on changing the system because the VIS Regulation is already

stipulating a number of rules.

National action is possible, and desirable, to try to obtain better cooperation of third

countries on matters of return of irregular migrants. Nevertheless, it is unlikely that any

such activities will achieve the same effect as making the travel document available in VIS

for duly justified purposes.

Regarding long-stay visas and residence documents, it is unlikely that national action

would address the problem; Member States could act on an individual basis, by

strengthening their documents, their issuance process, document checks at border-crossing

points or by reinforcing or systematising bilateral cooperation. However, this approach has

inherent limitations, as will be explained further below.

Regarding automated checks of other databases, Member States are free to develop

solutions to consult both their national, as well as EU and international databases.

However, harmonising those rules at EU level seems preferable in order to enable Member

States to apply the common Schengen rules in a coordinated way.

4. O

BJECTIVES

: W

HAT IS TO BE ACHIEVED

This section lists the general and specific objectives any initiative should have to address

the above-mentioned problems faced by Member States and visa applicants.

4.1.

General objectives of the revised VIS proposal



Contribute to the implementation of the common visa policy;



Facilitate the checks at EU external borders and the subsequent movement within the

area without internal borders;



Improve security within the EU and at its borders;



Improve the management of the Schengen external border.

For more information on this please see relevant section in the executive summaries of supporting studies in

Annexes 7, 8 and 9.

kom (2018) 0302 - Ingen titel

4.2.

Specific objectives

The specific objectives are defined for each area for which problems and problem drivers

were described.

4.2.1. For copy of the travel document



Contribute to improving the identification and return of third country nationals that do

not, or no longer fulfil the conditions for entry to, or stay on the territory of the Member

States in accordance with the Return Directive.



Improve the efficiency of the VIS for the purposes of facilitating return procedures.

Achieving these objectives would lead to lowering administrative burden for Member

States

–

with positive impacts in terms of cost savings for Member States public authorities

(in terms of housing, food, administration and related expenses), better acceptance of the

EU migration policy by the European public and a deterrent effect on potential future

irregular migrants, thus reinforcing EU common visa policy.

4.2.2. For fingerprinting of minors

Two specific objectives are defined:



Better achieving the VIS objectives in relation to the facilitation of the fight against

fraud, facilitation of checks at external border crossing points and facilitation of the

application of the Dublin II Regulation.



Strengthen the prevention and fight against children's rights abuses, such as trafficking,

in particular the identification/verification of identity of TCN children who are found in

Schengen territory in a situation where their rights may be or have been violated

(through trafficking).

4.2.3. For long-stay visas and residence documents

Figure 6: Schematic representation of the specific objectives

4.2.4. For migration and security checks

Making full use of interoperability, granting fast, seamless and systematic access to other

IT systems in the area of migration, border management and security would contribute to

lowering the burden for Member States and contributing to the objective of a more secure

common visa policy by facilitating and improving the assessment of the risk of irregular

kom (2018) 0302 - Ingen titel

migration and security in the visa procedure (while following the rules stipulated by the

Visa Code).

5. W

HAT ARE THE AVAILABLE POLICY OPTIONS

5.1.

What is the baseline from which options are assessed?

General considerations concerning data protection aspects

Data protection is closely linked to respect for private and family life protected by Article

7 of the Charter. This is reflected by Article 1(2) of the General Data Protection

Regulation

, which indicates that the EU protects fundamental rights and freedoms of

natural persons and in particular their right to the protection of personal data. It has also to

be noted that the Court of Justice of the EU

has stated that the right to the protection of

personal data is not an absolute right, but must be considered in relation to its function in

society

The GDPR, and, where relevant, Directive (EU) 2016/68054 apply to the processing of

personal data carried out for the purpose of processing the visa application by the Member

States and by the EU institutions, bodies and agencies involved, respectively.

According to the Commission Communication of July 2010 on information management in

the area of freedom, security and justice, data protection rules should be embedded in any

new instruments relying on the use of information technology. This implies the inclusion

of appropriate provisions limiting data processing to what is necessary for the specific

purpose of that instrument and granting data access only to those entities that ‘need to

know’. It also implies the choice of appropriate

and limited data retention periods

depending solely on the objectives of the instrument and the adoption of mechanisms

ensuring an accurate risk management and effective protection of the rights of data

subjects.

In this respect, the VIS revision is based on data protection by design and by default

. The

importance of the concepts of data protection by design and by default

was repeatedly

highlighted by the European Data Protection Supervisor regarding the e-Privacy reform

Safeguards are already part of the current VIS setup, namely:

Data protection is embedded into the design and architecture of the existing VIS and

apply to all new functionalities added to it.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of

natural persons with regard to the processing of personal data and on the free movement of such data, and repealing

Directive 95/46/EC (General Data Protection Regulation).

Court of Justice of the EU, judgment of 9.11.2010, Joined Cases C-92/09 and C-93/09 Volker und Markus Schecke

and Eifert [2010] ECR I-0000.

In line with Article 52(1) of the Charter, limitations may be imposed on the exercise of the right to data protection

as long as the limitations are provided for by law, respect the essence of the right and freedoms and, subject to the

principle of proportionality, are necessary and genuinely meet objectives of general interest recognised by the

European Union or the need to protect the rights and freedoms of others.

In the meaning of Article 25 of the General Data Protection Regulation.

A recent Eurobarometer survey showed that almost 90 % of EU citizens indeed agree on the importance of data

protection by default settings. TNS Political & Social at the request of the European Commission, ‘Flash

Eurobarometer 443

— July 2016, ‘e-Privacy’ Report, EN’ (December 2016), at p. 43.

European Data Protection Supervisor, Opinion 6/2017, EDPS Opinion on the Proposal for a Regulation on Privacy

and Electronic Communications (ePrivacy Regulation).

kom (2018) 0302 - Ingen titel

Specified purposes should be clear, limited and relevant to the circumstances (purpose

specification); the collection of personal information is limited to that which is

necessary for the specified purposes (collection limitation); the collection of personally

identifiable information is kept to a strict minimum (data minimisation); the use,

retention, and disclosure of personal information is limited to the relevant purposes

(use, retention and disclosure limitation).

It is important to note that the safeguards currently present in VIS (baseline scenario)

will

also

be part of the revised VIS, for any of the proposed options.

Each of the proposed measures will be assessed against the following three criteria:

(a) Whether they meet an objective of general interest;

(b) whether they are necessary;

When assessing these criteria, a series of principles are taken into account under the terms

of the GDPR, including respect of the data minimisation principle (Article 5(1)(c)),

according to which access to personal data must be adequate, relevant and limited to what

is necessary in relation to the purposes for which they are processed, data accuracy (Article

5(1)(d)) and purpose limitation (Article 5(1)(b)), according to which data is to be collected

for specified, explicit and legitimate purposes and not further processed in a manner that is

incompatible with those purposes.

For the purpose of understanding the ensuing data protection considerations, it is important

to clarify the scope of current data processing in the VIS:

- the VIS processes and stores data from the application form,

which includes

biographical information of the person;

- picture

- fingerprints

- decision of Member States on the application, i.e. visa issued, visa refused, visa

revoked or annulled.

No information is stored on supporting documents (secure messaging system VISMail is

used to exchange additional information, upon request).The

VIS setup already includes a

robust set of data protection safeguards,

such as limited and strictly controlled access to

the data (Article 6), limited retention period with clear deletion deadlines (Article 23),

advanced data deletion in case the data subject has acquired the nationality of a Member

State (Article 25), responsibility for the use of data (Article 29), rights to request

amendments and deletion of data and obligations for the Member States to do so in case of

unlawfully or erroneously processing (Articles 24 and 38), strict data security rules (Article

32), strict embargo on transfer to third countries (Article 31)

–

except for very limited

situations in case of return (further explained in section 2.1.1), strict rules on the liability in

case of misuse of data (Article 33), detailed rules on keeping of records (Article 34), self-

monitoring by Member States (Article 35), cooperation between Member States to ensure

the right to data protection of the applicants is upheld (Article 39), right to effective

remedy in respect of the personal data (Article 40), as along with a supervisory framework,

According to Annex I to the Visa Code.

kom (2018) 0302 - Ingen titel

both by National Supervisory Authorities (Article 41) and by the European Data Protection

Supervisor (Article 42).

5.1.1. Copy of the travel document

The current divergent approaches taken by Member States regarding the collection and

storage of copies of visa applicants’

travel documents during the visa application procedure

and the possibility of making them available to other Member States will continue. This

would lead to an increased backlog of TCN under return procedure, with increased

administrative burden and costs for Member States. The TCN under return procedure will

remain in limbo, often in administrative detention. The inefficiency of the return policy

will lead more TCN staying irregularly in the territory of the Member States. .

5.1.2. Fingerprinting of minors

Current VIS rules regarding taking fingerprints from children under 12 remain unchanged.

Technological progress and available means are not taken into account, while the risk of

children right's abuses, such as trafficking of children, remains insufficiently addressed,

given the available possibilities. Relevant authorities would continue to have challenges

both to identify or verify the identity of young children and to offer appropriate protection

if case of suspected trafficking, and to use more effective means enabling to detect and

fight against trafficking networks.

5.1.3. Long-stay visas and residence documents

In the current situation Member States do not share information prior to or upon issuance

of a long stay document. SIS is the only system required to be checked in respect of a TCN

applying for a visa or residence document, but only as regards refusals of entry and stay

(i.e. entry bans). However, no means are in place to check whether the holder of the

document is not a threat to the security of the Member States other than the one that issued

the visa or residence document.

Current inefficient border-crossing procedures will continue. In case of doubt on the

document or the bearer (i.e. document unknown to the border guard due to the non-uniform

format, expired document, document with non-functioning chip or simply a document

holder who lost the document), there are no rapid and effective means at the border to

verify the identity of the traveller. This has consequences on the waiting time for the

traveller with negative consequences on the right to move freely of bona fide TCN who

have a right to enter and reside in the territory of a Member State (Article 21 of TFEU and

Directive 2004/38). Consulted Member States

complained about these procedures as

being time-consuming and inefficient. For the large majority (80%) the lack of shared

information on these documents was a hurdle to their day-to day activities and as such

create administrative burden.

5.1.4. Migration and security checks

As regards the assessment of the irregular migration and security risks at the time of

application, Member States will continue to rely on national checks and on existing

Member States were consulted as part of the supporting study carried out by PwC, see the Executive Summary,

Annex 9.

kom (2018) 0302 - Ingen titel

bilateral exchange of information on a case-by-case basis. Member States would still have

to check SIS (manually), as there would be no possibility of automated checks and,

depending on their national rules, check their national or other international databases. A

full assessment of the risks is not possible, which leads to both an uneven playing field for

the applicant (i.e. conditions are more or less stringent, depending on the Member State of

application) and security gaps are possible, depending on checks carried out by Member

States.

5.2.

Description of the policy options

5.2.1. Copy of the travel document

Policy options to address the problem of lack of travel documents for return should ensure

that the Member States' need for a travel document to certify the identity and nationality of

a TCN is covered in each individual case.



Option 1.0

–

Status quo

–

this situation corresponds to the baseline situation described

above.



Option 1.1

–

Include a digital copy of the travel document in the central VIS

(centralised)

Under this option, the digital copy of the visa applicants’ travel document would

systematically stored in the VIS system. The competent authorities for identification

(and/or verification within the territory) and return

–

namely migration and return

authorities

–

and which already have access to search the system using the fingerprints of

the apprehended TCN, would be able to retrieve this copy, subject to strict access rules.

Article 2(e) of the VIS Regulation foresees that one of the objectives of VIS is ‘to assist in

the identification of any person who may not, or may no longer, fulfil the conditions for

entry to, stay or residence on the territory of the Member States.’ Article 31(2) enables the

Member States to transfer or to make available a limited set of these data to a third country

for the purpose of proving the identity of third-country nationals for the purpose of

return.

Thus, although not explicitly defined in Article 2, when taken together, these

provisions foresee that the VIS can be used to facilitate both the identification of the

irregular migrant and the return itself.



Option 1.2

–

Include a digital copy of the travel document in national visa systems

(decentralised)

Under this option the digital copy would be stored in the national visa systems (NS-VIS) of

the Member States with which the application for a visa was lodged. When a VIS hit is

obtained in respect of a TCN subject to return procedure, the MS responsible would submit

a request to the MS that owns the data. In this scenario, a fast and secure channel of

communication must exist between the Member States' authorities allowing them to send

The Regulation allows the designated competent authorities to transfer the following data from the visa application

file: first name, surname and former surname (if applicable); sex, data, place and country of birth; current

nationality and nationality at birth; type and number of the travel document, the authority which issued it and the

date of issue and of expiry; residence; and in the case of minors, the surname and first name(s) of

the applicant’s

father and mother.

EMN Ad-Hoc

Query on COM AHQ on Member States’ Experiences with the use of the Visa Information System

(VIS) for Return Purposes.

Requested by COM on 18th March 2016. 24 responses were provided

kom (2018) 0302 - Ingen titel

the request and receive the information. This channel could be ensured by the existing

VISMail facility within the VIS.

In addition to the main options, two additional sub-options were defined regarding the

scope of the data to be stored in VIS:



Sub-option A

–

Storage of biographical page only

This sub-option will involve the incorporation of the standardised MRTD size 3 data

page.



Sub-option B

– Storage of all used pages of the applicant’s travel document

Another approach would be to scan and store a digital copy of all used visa pages of the

applicants’ travel document, i.e. those containing visa stamps and stickers. Blank pages

and any other pages in the TD (i.e. annotations, the back-side of the biographic data page,

the page adjacent to the data page) would not be stored in VIS.

The two sub-options can be applied to both Option 1.1 and Option 1.2 described above.

5.2.2. Fingerprinting of minors

Policy options to address this problem should ensure that children having obtained

a Schengen visa before they were 12 years old have their verification of identity correctly

made at the border or within the territory, or are correctly identified in case found victims

of trafficking or other forms of abuse. The reason for taking fingerprints stems from the

fact that misidentification is more likely when based exclusively on alphanumeric data.

Adding fingerprints to the file reduces the likelihood of misidentification to virtually zero.

By storing fingerprints in the VIS the system provides a secure link to the identity to the

visa applicant through biometrics. This applies to adults as well as children. Consultations

with stakeholders that technological developments, including on the collection and use of

biometrics, could contribute and should be used to enhance the protection of children. A

majority of the respondents also consider fingerprinting children applying for a short-stay

visa necessary or useful to address or prevent trafficking or other forms of abuse



Option 2.0

–

Status quo

–

this situation corresponds to the baseline situation

described above.

Option 2.1

–

Lowering the fingerprinting age to 6 years

Under this scenario, fingerprints will be taken from every visa applicant from 6 years of

age and above, thereby effectively increasing the group of applicants by adding the age-

group of 6 to 11 year-old.

This option is based on technological progress: in 2013 the European Commission’s Joint

Research Centre (JRC)

carried out a study on the question whether or not automated

fingerprint recognition for children is possible with recognition rates similar to those

According to ICAO standards, this is the page onto which the issuing State or organisation enters the personal data

relating to the holder of the document as well as the data concerning the issuance and validity of the machine

readable travel document (MRTD).

Open public consultation feedback (see Annex 2).

It is worth noting that Option 2.1. is also in line with the proposal for a revised EURODAC Regulation, which

would lower the fingerprinting age from 14 to 6.

JRC (2013). Fingerprint Recognition for Children.

kom (2018) 0302 - Ingen titel

reached for adults. The JRC study concluded that fingerprint recognition of children aged

between 6 and 12 years is achievable with a satisfactory level of accuracy under

appropriate conditions. One such condition would be, for example, to ensure an

appropriate level of training of operators to acquire high quality images.



Option 2.2

–

Lowering the fingerprinting age including all ages

Under this scenario, fingerprints would be taken from visa applicants of all ages thereby

effectively increasing the group of applicants by adding the age-group of 0 to 11 year-old.

In the same JRC study evidence is presented from other studies that it is feasible to take

reliable fingerprints of children even younger than 6, although this would have an impact

on the reliability of the fingerprints and be more challenging in terms of technical and

procedural requirements.

5.2.3. Long-stay visas and residence documents

The policy options to address the identified problem should ensure that verifications of the

irregular migration and security risks for a TCN applying for a long stay visa or residence

document, verifying the entry conditions at external border, as well as any subsequent

exchange of information on the person are done in an efficient and effective manner.



Option 3.0

–

Status quo

–

corresponds to the baseline situation described above

Option 3.1.a

–

Improve the exchange of bilateral information on a case-by-case

basis

Non-legislative options:



This would mean strengthening the ways MS currently exchange information in case of a

doubt on long-stay or residence documents at a border check or during an application

process. The main means of collaboration are via phone, fax, email and through existing

networks; SIRENE, national liaison offices, Police and Customs Cooperation Centres

(PCCC), National Contact Centre (NCC), etc.). However, this would overload already busy

communication networks, like SIRENE, while not meeting the policy objectives. Since

stakeholders described it as burdensome and inefficient, this option did not meet

sufficiently the objectives to be further assessed.



Option 3.1.b

–

Improve the feeding and use of information in the SIS as regards

alerts on withdrawn long-stay and residence documents

This option would entail improving the amount and quality of data fed into the SIS. Article

38.2(e) of Council Decision on the establishment, operation and use of the second

generation Schengen Information System (SIS II)

requires MS to log “issued identity

papers such as passports, identity cards, driving licenses, residence permits and travel

documents which have been stolen, misappropriated, lost or invalidated''. Although

undoubtedly beneficial, this option would not make the exchange of information

systematic and would only focus on SIS alerts. Since it does not contribute to the objective

of addressing the lack of cooperation and information exchange at time of issuance it is

also discarded from further analysis.



Option 3.1.c

–

Promote the use of security features for the documents containing

a chip: Passive Authentication and Extended Access Control

kom (2018) 0302 - Ingen titel

This option would promote the necessity among MS to perform the systematic

authentication of the content of the electronic chip of the documents that have a chip. Even

if used at its full extent and in combination with the harmonisation of residence cards,

would not have any benefits for long-stay visas (since they do not contain a chip). As well

as the previous option, it cannot address the objective of cooperation and information

exchange at time of issuance and it only partially addresses the objective of fast and

effective border controls. This is why it was not further assessed.

Legislative options:



Option 3.2

–

Further harmonise and secure long-stay and residence documents

Residence permits

and long-stay visas

are already issued in harmonised format

throughout the Schengen area. Both legal bases have been reinforced in 2017. In practice,

this sub-option would mean strengthening the format and security features of the remaining

residence cards

issued without the harmonised format of residence permit. During the

adoption of Regulation 380/2008, Member States committed

100

to use the uniform format

for residence permits for residence cards. However, some Member States still do not apply

this approach (7/25).

101



Option 3.3

–

Create an interconnection between national databases that would

allow all MSs to query each other’s relevant national databases

This option entails setting up a distributed database

102

system by interconnecting the

existing national databases of long stay visas and residence documents. A distributed

database system would allow all MS to query each other’s relevant databases when

assessing a long-stay visas or residence document together with the identity of a document

holder at an external border crossing point (at second line border check).



Option 3.4.A and 3.4.B

–

Integration in the VIS

This option is the integration of data on long-stay visas, residence permits and residence

cards from national systems into the VIS. Whether to store data or not on applications

differentiates the two sub-options analysed 3.4.A (without data on rejected applications) or

3.4.B (with data on rejected applications, which would allow to support future assessment

procedures).

Long-stayers as a category are now the only TCN category not covered in any of the IT-

systems (as was already illustrated with ''missing piece of the puzzle'' in Figure 3, section

2.1.3). By including the category of documents in VIS would ensure they are included in a

EU IT-system, under a comparable regime for the same TCN for documents issued either

under visa-free conditions (the category of TCN whose data will already be in ETIAS, and

Regulation (EU) 2017/1954 of the European Parliament and of the Council of 25 October 2017 amending Council

Regulation (EC) No 1030/2002 laying down a uniform format for residence permits for third-country nationals

(amended in 2017).

98 Council Regulation (EC) No 1683/95.

99 A further harmonisation on long-stay visas (e.g. change of format of the sticker and addition of a chip) and

residence permits has been deemed not feasible and therefore not discussed in this study.

100 Council Document of 11 June 2008 (13.06), PV/CONS 26 JAI 188, 8622/08 ADD 1.

101 CSES study.

102 For more information see the supporting study ''Legal analysis on the necessity and proportionality of extending the

scope of the Visa Information System (VIS) to include data on long stay visas and residence documents'', chapter

.3.1,3, p. 34.

kom (2018) 0302 - Ingen titel

EES) and visa-required (TCN coming for a short-stay, whose data is already in VIS, as

well as EES). Since long-stayers are not covered by EES, VIS would be the

only system

where their data could be checked.

5.2.4. Migration and security checks

For visa-free travellers, the ETIAS proposal stipulates automatic consultation of ''the data

present in a record, file or alert registered in the ETIAS Central System, the Schengen

Information System (SIS), [the Entry/Exit System (EES)], the Visa Information System

(VIS), [the Eurodac], [the European Criminal Records Information System (ECRIS)], the

Europol data, the Interpol Stolen and Lost Travel Document database (SLTD) and the

Interpol Travel Documents Associated with Notices database (Interpol TDAWN)''.

The same principle could by analogy be applied to checks on visa required travellers

through VIS by extending its possibility to query additional databases. In this respect,

several options exist:



Option 4.0

–

Status quo

In this option the current situation of uneven and manual checks against other non-

connected systems would persist. Depending on which Member State is doing the checks,

the visa applicants would be checked against different national and European databases. As

compared to visa-free travellers, fewer checks will be carried out against centralised

European databases.



Option 4.1

–

Systematic and automated check against available databases

(ETIAS model)

Since the VIS is also part of the legal framework setting up interoperability, technical

possibilities have opened up to explore the practical communication between various

databases in a fast, seamless and systematic manner by authorised users. In fact, after the

interoperability proposal was presented, this is the first time that this framework is applied

to an EU policy line. In this way, the option 4.1 is building on the benefits opened by the

interoperability proposal.

VIS automated database check would follow the same logic as ETIAS. When verifying and

assessing the information submitted by applicants, the system would automatically cross-

check each application against each of the above mentioned systems (also illustrated in

Table 1 below), as well as a dedicated watchlist and would consist of data related to

persons who are suspected of having committed or taken part in a criminal offence or

persons regarding whom there are factual indications or reasonable grounds to believe that

they will commit criminal offences.

In this option, the interoperability components will be used. The risk assessment based on

checks against databases will be performed in an automated manner using the

interoperability component (European Search Portal).

kom (2018) 0302 - Ingen titel

Table 1: Databases to be checked for the purpose of VIS risk assessment

Risk assessment

Security

Serious / cross border

crime

Migration

Entry bans / return

decisions

Refusal of entry

Selection criteria

Databases

SIS

ETIAS

SLTD

TDAWN

EES

104

103



105

106

VIS Components

Screening

Rules

Candidate databases for future integrations

ECRIS

EIS

Watchlist

EURODAC



Option 4.2

–

Automated cross-checks + screening rules

In addition to automated cross-checks of other databases (option 4.1), automated

processing through introducing screening rules in VIS could be envisaged, analogous to

the ones used in ETIAS. The screening rules is a new tool, which would be an algorithm

enabling the comparison of data in the applications for a short stay visa with specific risk

indicators. The screening rules would thus contain on the one hand data analytics rules, and

on the other specific values provided by Member States as well as statistics generated from

other relevant border management and security databases. This would enhance risk-

assessment capability and in particular to allow for the data-analytics method to be applied.

The screening rules would not contain any personal data and would be based on statistics

and information provided by Member States concerning risk indicators or threats,

abnormal rates of refusal or overstay by certain categories of TCN and public health risks.

As was stated for the option 4.1, this option is also about applying the interoperability

framework, building even further on the benefits opened by the interoperability initiative.

103 According to ongoing discussions, return decisions could be stored in the SIS in the future.

104 ETIAS would be checked for applicants coming from a country which has just changed visa regime.

105 The assessment of ECRIS is based on the current situation. Should the system evolve into ECRIS-TCN, the

assessment could have to be repeated.

106 The assessment of Eurodac is based on the current situation. Should Eurodac evolve into a case-management

system, the assessment would be repeated.

Implementation

complexity

Data protection

Irregular stay

(overstay)

Relevance

terrorism

kom (2018) 0302 - Ingen titel

5.3.



Options discarded at an early stage

Copy of the travel document

Regarding travel documents, the option of incorporating a digital copy of the travel

document in another system, e.g. EES, was discarded, because there are no other large-

scale IT systems, existing or planned, which could be used to obtain the same result in

respect of the same target population.



Long-stay visas and residence documents

Option 3.1.a

–

Improve the exchange of bilateral information on a case-by-case

basis.

Option 3.1.b

–

Improve the feeding and use of information in the SIS as regards

alerts on withdrawn long-stay and residence documents

Option 3.1.c

–

Promote the use of security features for the documents containing

a chip: Passive Authentication and Extended Access Control

Three non-legislative options were discarded early on:

To sum up, while acknowledging their benefits, none of the non-legislative options would

fully support the objective of exchange of information, therefore they would not reduce the

fragmentation of the information available on TCNs during the issuance process of a new

document

107

6. W

HAT ARE THE IMPACTS OF THE POLICY OPTIONS

A summary of different impacts (including fundamental rights, social impacts and

economic impacts) can be found in Annex 3.

A detailed consideration on the available data, categories impacted by the envisaged

measures and general considerations on data protection are presented in Annex 5.

107 See supporting study Legal analysis on the necessity and proportionality of extending the scope of VIS to to include

data on long stay visas and residence documents (chapter 3.2.1.) for in-depth explanation.

kom (2018) 0302 - Ingen titel

6.1.

Assessment of policy options

6.1.1. Copy of the travel document

Economic costs and benefits

Two cost estimates were provided during the study

108

on all relevant costs (both one-off

and recurrent, as well as recurrent compliance costs) from the options and their sub-

options. Eu-LISA estimates the one-off

cost for the central system (option 1.1) between €

3,3

– 4 m, while the study places it above €

5 m. For the decentralized system (option 1.2)

the study suggests it would entail costs as high as € 200 m. As regards operational costs,

eu-LISA

places them at around € 375,000 –

560,000 / year.

As shown in the following table, the measures will also produce several important

economic benefits for consulates as well as Member States’ migration and return

authorities. If implemented, they would reduce administrative burden for processing return

cases, reduce delays in the procedure and eliminate inefficient procedures involved with

retrieving, scanning, zipping and coding hard copies. In fact, both options would be very

feasible in practice, since the vast majority Member States are already storing copies of

travel document

–

the options would simply impose a harmonised rule on such storing.

Such a change of administrative procedures would in many cases lead to simplification of

storing (digital storage). Furthermore, rules on the retention of the travel document (which

currently vary among Member States which store copies of it) would be harmonised, which

implies moderate changes in national administrative practices.

The identified economic benefits are primarily driven by the choice of main option. While

Option 1.1 (centralized storage) performs marginally better compared to Option 1.2

(decentralized storage), both options would

significantly reduce inefficiencies associated

with the current procedures,

reflected in significant cost savings (reflected in Table 2

below).

Table 2: Summary of benefits of the policy options

Option 1.1

–

Centralised

Consulates

Cost savings from time spent on responding

€ 0,7m – € 2,8 m

to supporting document requests

(€ 366 – € 1.462 per consulate)

Migration and return authorities

Cost savings from time spent on retrieving

€ 3,2 –

12,7 m

TD copy

Cost savings from reduced delays in return

procedures

Daily costs of delays reduced by

up to 14 days

€ 46,3 m –

92,6 m

€ 6,7 m –

21,4 m (if 50%

improvement)

€ 10,0 m –

32,1 m (if 75 %

improvement)

€ 57,5 m –

132,2 m

€ 60,8 m –

142,9 m

Option 1.2 - Decentralised

€ 0,7 – € 2,8 m

(€ 366 – € 1.462 per

consulate)

€ 3,0 –

12,3 m

Daily cost of delays reduced by

up to 13,5 days; costs incurred

for delays of �½ day

€ 44,6 –

89,3 m

€ 6,6 m –

21,3 m (if 50%

improvement)

€ 9,9 m –

31,9 m (if 75%

improvement)

€ 55,6 m –

128,3 m

€ 58,9 m –

139,0 m

Cost savings from executing a higher

proportion of return decisions, in less time

Total benefits (50 % improvement)

Total benefits (75 % improvement)

108 Further details on the estimates can be found in the Ecorys study (chapter 3.6.2) and in the annexed eu-Lisa study

(p. 79) respectively.

kom (2018) 0302 - Ingen titel

In terms of the impact on duration and timeliness of return proceedings, both options

would significantly reduce the waiting time of migration and return authorities during the

process of confirming the identity of TCNs.

Under Option 1.1, the delays will be

effectively eliminated, resulting in a delay reduction of up to 14 days.

Option 1.2 would

have a slightly lower impact as Member States’ authorities may still be required to wait for

several hours before receiving a reply from the responsible national authority for storing

the travel document. The potential benefits to be realised from both options will be

sufficiently substantial to offset the costs incurred to implement and comply with the

respective options,

especially for option 1.1 (centralised storage).

Policy impacts

Whereas the baseline scenario could not achieve any of the two objectives, the storage of

visa applicants’ travel documents in VIS will improve the implementation of the objective

of facilitating returns of TCNs who have been issued with a return decision. Both Option

1.1 and Option 1.2 will enable Member States to obtain the necessary evidence for proving

the nationality of TCN visa overstayers who have been issued with return decisions, but

who lack a valid travel document, to equal effect. Moreover, the VIS is the only EU

instrument storing data on TCN outside the EU borders, i.e. in the country of origin or

another country where the person applies for a visa, therefore the only EU instrument that

could provide, in a systematic manner, the necessary data to achieve the stated policy

objectives in this case. No other measure is currently available at EU level enabling

authorities to obtain a copy of the TCN's travel document.

As regards the change of return effectiveness, the copy of the

TCN’s travel document will

be extremely useful as a means of evidence for the third country regarding the identity and

nationality of the person to be returned and thus sufficient for facilitating the return. As

return effectiveness hinges also on external factors, such as general cooperativeness of

third countries on return, the actual impact is not easy to measure.

Table 3: Effectiveness in meeting the objectives

Objective

Option

Specific objective I: assist in

the identification and return

of TCN

Specific objective II:

efficiency of VIS in return

procedures

1.0 Baseline

1.1 Digital copy of the travel

document in the central VIS

1.2 Digital copy of the travel

document in national systems

–

Biographical page only

–

All used pages

Based on inputs provided during the stakeholder consultation, the contracted study

cautiously assumed that the proportion of effectively executed returns of TCN visa

kom (2018) 0302 - Ingen titel

overstayers without travel documents will increase by 50% to 75% as a result of the

proposed options.



If the proportion of effectively executed returns increases by 50%, then the benefit is an

additional 7.934 to 19.834 TCNs returned compared to the current situation.



If the proportion increases by 75%, then benefit is an additional 11.900 to 29.751

persons returned.

These considerations are reflected in considering the scoring of the options for meeting the

objectives in Table 3 (above).

Table 4: Estimated benefits for the implementation of returns

Impact on the implementation of returns: Additional returns of TCNs without travel documents

Estimated

number of

Number of additional returns:

returns not

Scenario of 50% improvement

Scenario of 75% improvement

% improvement

implemented

Lower Upper

Lower

Upper

Lower

Upper

+ 7.934

+ 19.834

+ 11.900

+ 29.751

15.867 39.668

50%

–

75%

TCNs returned TCNs returned TCNs returned TCNs returned

Fundamental rights impacts

The

storage of a digital copy of the visa applicants’

travel document in the central VIS

(Option 1.1) or national VIS (Option 1.2) can have a positive impact for the right to asylum

(Article 18 CFR) and the protection of the principle of

non-refoulement

(Article 19 CFR)

by providing designated authorities which already have access to the VIS with access to

additional evidence to prove an asylum seekers’ identity. The sub-options

could be useful

to asylum authorities for verifying the identity of a person in need of international

protection (sub-option A) or for the assessment of merits of asylum cases (sub-option B).

The existing safeguard which bans the transfer of personal data to third countries if that

person has requested international protection continues to apply (Article 31(3)), mitigating

the risk of serious harm for asylum applicants or their families.

Sub-options A and B would create an interference with the right to privacy and family life

(Article 7 CFR) and the right to the protection of personal data (Article 8 CFR), as it

involves the processing of personal data and access to these data by public authorities.

Sub-option A implies the processing, of nearly the

same amount and type of personal

data as is processed in the current situation, merely stored in a different format.

The

additional category of data is limited to the personal (national) identification number of the

document holder. This additional information does not further affect the privacy of the

person, and for this reason the limitation to the right to privacy is modest. With respect to

the right to data protection, storing a copy of the passport involved further data processing

of the image of the document; however, it does not extend the information already

available to authorities and the existing rules and conditions of access to this information.

Sub-option B involves the processing of a larger amount of new data, consisting in images

of used visa pages in addition to data in sub-option A, for all TCNs under visa obligation.

Both sub-options meet the objective of enhancing the return rate of TCN under visa

obligation and do not go beyond what is necessary to achieve this objective.

kom (2018) 0302 - Ingen titel

Existing safeguards, including prohibiting the further processing of these data by

authorities as well as to prevent unauthorised access and unlawful sharing with third

parties should limit any potential negative impacts implied by both sub-options. As regards

sub-option B, additional safeguards should explicitly prohibit the sharing of these data with

third parties, given that it is not foreseen to positively contribute to the objective of

facilitating return.

For both option 1.1 and 1.2 risks with regard to purpose limitation and accessibility of

personal information can be mitigated by introducing strict safeguards against unauthorised

access.

6.1.2. Biometric data of minors

Economic costs and benefits

In terms of costs, the one-off costs are higher for option 2.2 (taking fingerprints of all

children) than for option 2.1 (lowering the fingerprinting age to 6). This is due to the fact

that taking fingerprints of children younger than 6 is likely to require a new, different type

of scanners and software.

Table 5: Overview cost-benefits option 1 and 2

Option 1 (6-12 years)

One-off costs

Child- friendly equipment

Increased size of biometric

samples in VIS- BMS costs

Training costs (ESPs, Consulates)

Operational costs

Workload and administrative

burden

No costs

Increased cost by 4.4 %

€ 138 175

€13 002 000

increased costs by 8.8 %

€ 138 175

Range

from € 208 832 to € 1 044

264

Option 2 (all ages)

Range from €52 208 to €261 066

Costs for Member State authorities and opportunity costs

Impacts on TCN visa applicants

Less than one minute additional

(not related to fundamental

waiting time per child

rights)

Impacts for Member States’ visa

No costs/ savings

authorities

Impacts for Member States’

authorities dealing with missing

children/ unaccompanied children

Savings unknown

Less than two minutes additional

waiting time per child

No costs/ savings

Savings unknown

Policy impacts

Taking fingerprints of children under 12 would support border authorities in detecting

identity fraud as it would help them to ascertain whether the child present at the border is

the child that has been granted a visa, which means options 2.1 and 2.2 would satisfy the

VIS objectives. However, the JRC study on fingerprints concluded that the reliability of

fingerprints is lower for children under the age of 6. This is reflected in the scoring of

whether the measures would meet the objectives (lowering the fingerprinting age to all

ages thus scores lower since fingerprint reliability cannot be guaranteed).

kom (2018) 0302 - Ingen titel

Fingerprints constitute a child protection safeguard since collecting and storing them

facilitates the identification of traffickers and trafficking networks, as the file of the child

in the VIS is linked to that of the parent/adult that accompanied the child. However, as

already mentioned in the Eurostat Report on Trafficking in Human Beings, only 2% of

victims of trafficking are under 12 years old. On the other hand, 17% of victims are in the

12-17 age range and this much more significant percentage of victims can already be

helped if fingerprinting is lowered under 12 years, to take into account the 5-year

maximum duration of the validity of the visa (i.e. the 12 to 17 age range for visa holders,

corresponds to a potential range of applicants between 7 and 12 years of age). These two

factors taken together: lower reliability of fingerprints for children under 6 and relatively

lower number of children which could be helped with this measure means that options 2.1

and 2.2 would satisfy the objective of fighting child trafficking to a different degree

–

reflected in the scoring:. option 2.2. is less effective in fighting child trafficking than

option 2.1.

The prevention of identity fraud is raised by several consulates consulted as part of the

supporting study as the main potential benefit of the proposed measure, which means

stakeholders recognize it as a positive measure.

Table 6: Effectiveness in meeting the objectives

Objective

Option

2.0 Baseline

2.1 Lowering the fingerprinting age

to 6 years

2.2 Lowering the fingerprinting age

to all ages

Specific objective I: VIS

objectives (fraud, checks,

Dublin regulation)

+/0

Specific objective II: Fight

against child trafficking

+/0

Under the baseline scenario the fingerprints of each incoming TCN child are not checked

nor verified at Schengen entry ports, which means that the baseline scenario 2.0 does not

help to meet either of the objectives (neither with VIS objectives nor with the fight against

trafficking).

Fingerprints contribute to the subsequent identification and verification of the identity of

TCN children who were <12 when applying for the visa, on Schengen territory, hereby

allowing for family unity within and outside the Schengen area, verifying the family

relationship, Dublin and asylum examination (i.e. VIS objectives).

kom (2018) 0302 - Ingen titel

Moreover, the VIS is the only EU instrument storing data on TCN children of nationalities

subject to a visa obligation, and collecting these data outside the EU borders, i.e. in the

country of origin or another country where the person applies for a visa. Hence the VIS is

the only means to ensure, in a systematic manner, that the necessary data to achieve the

stated policy objectives of the visa policy. No other instrument is currently available at EU

level enabling authorities to perform identifications on TCN children or to provide such

information in case needed for identifying victims of trafficking or launching SIS alerts on

missing children.

Fundamental rights impacts

Both options 2.1 and 2.2 should have an overall positive impact on the protection of

fundamental rights. Fingerprints would assist in protecting children against trafficking and

in identifying children who have gone missing, or who are abducted or became victims of

human traffickers. It would also facilitate reuniting these children to reunite with their

family members (but only if it is in their best interest).

Although the existing VIS legal basis has no explicit purpose in regard to protecting

children, VIS procedures and the application of the VIS should, like all EU actions, in all

times respect the best interests of children as stipulated in Article 24 of the EU Charter of

Fundamental Rights. Explicit safeguards in this respect will be added in the Visa Code and

the VIS Regulation as regards carrying out the application procedure for children. These

safeguards are part of both proposed options (against the benchmark of the baseline

scenario

–

which already contains strong safeguards, as explained in section 5.1).

FRA provided insights into the impact on children

109

in relation to the proposal for a

revised Eurodac Regulation, which also provides a lowering of the fingerprinting age for

children in the asylum process to 6 years of age, which is why the comments are valid for

this proposal as well. FRA reminded that, as is stated in the Article 3 of the United Nations

(UN) Convention on the Rights of the Child, for all actions and decisions concerning

children, the child’s best

interests must be a primary consideration. Children are an

extremely vulnerable group and the storage of biometric data could have both positive and

negative impacts, therefore lowering the age can only be justified if it explicitly pursues a

child protection objective and sufficient safeguards are in place.

Both option 2.1 and 2.2 will also have an impact on the rights to human dignity and

privacy and personal data protection. It concerns the collection and storage of further

sensitive data (fingerprints) of a particularly vulnerable group in a large scale IT system.

However, fingerprints are the only means to unambiguously identify a child and, in this

way, to better prevent child related abuses using visa, such as using false identities to

traffic children into the EU.

Furthermore, the processing of fingerprint data for children will be subject to the strict

safeguards, which already exist for the processing of biometric data of TCN visa applicants

above the age of 12.

As described earlier, cases of children entering or attempting to enter the EU on a visa who

are victims of child trafficking or other abuses, could be detected by a more complete

109 See

http://fra.europa.eu/en/opinion/2017/impact-proposal-revised-eurodac-regulation-fundamental-rights.

kom (2018) 0302 - Ingen titel

information file in the VIS. This objective requires that the relevant or designated

authorities would need access to search and process the data stored in VIS. Child

protection authorities currently do not have access to the VIS.

Fingerprints must be taken in full respect of human dignity and in a manner that is

appropriate to the child’s age and maturity. A provision

to the Visa Code could be included

explicitly requiring that fingerprints be taken in a child-friendly and child-sensitive manner

by personnel who have been specifically trained to collect biometric data from children.

6.1.3. Long-stay visas and residence documents

Economic costs and benefits

The Feasibility Study

110

already looked at the feasibility of different options for storing

long-stay documents and assessed IT-security, ease of implementation, management and

costs of different options, namely a decentralised and centralised database (corresponding

to options 3.3 and 3.4a/b). It concluded that a central repository as part of the VIS would

score higher in all the criteria, especially at technical and operational levels. The impact

that the repository (option 3.4.a / 3.4.b) would have on the existing VIS is low when

considering the data model, services and overall capacity. The eu-LISA study on the

technical and budgetary impacts of the VIS developments estimated an on-off cost of 10-

12M€ for the repository.

Economic costs and benefits of further harmonisation (option 3.2)

are analysed in more detail in the IA for residence document harmonisation by DG

JUST.

111

Policy impacts

With non-legislative options already discarded for not meeting the proposed objectives, all

retained options would meet the general objectives, as seen below in Table 7. Whereas, the

baseline scenario 3.0 meets neither of the two specific objectives, further harmonisation of

documents (option 3.2), would help to strengthen checks at external borders / in the

territory, but it would not be helpful with improving security though better information

exchange, which is reflected in the scoring. In fact, the objective of information exchange

can only be achieved if there is a data-base of documents, which means that only options

3.3, 3.4.a/3.4.b meet this objective, as is reflected in the Table 7 below.

110 See Feasibility Study, page 8.

111 See IA on ID cards and residence documents, chapter 6.2.

kom (2018) 0302 - Ingen titel

Table 7: Effectiveness in meeting the objectives

Objective

Option

Specific objective 1: Strengthen

checks

Specific objective 2: Information-

exchange

3.0 Baseline

3.2 Further

harmonisation

3.3 Decentralised

database

3.4.a Store data on

issued documents

3.4.b Store data on

applications

112

Impact on fundamental rights

Impacts on fundamental rights mainly focus on data protection and are assessed for the

options and sub-options that meet the two main policy objectives (non-legislative options

were already discarded for not meeting the proposed objectives, as was the case with the

baseline scenario). Therefore, the analysis focuses only on options 3.2, 3.3, 3.4.a and 3.4.b.

Table 8: Analysis of impacts on fundamental rights (against Articles of EU Charter of Fundamental Rights )

Article 2

Article 7

Article 8

Article 45(2)

Policy options

(life)

(privacy)

(p.data)

(freedom of movement)

Option 3.2 Further

0 to -

(if residence cards are included)

harmonisation

0 (if they are not)

Option 3.3 Decentralised

(if residence cards are included)

database

0 (if they are not)

Option 3.4 Include long-

stay documents in the VIS

Sub-option a): Store data

(if residence cards are included)

on issued documents

0 (if they are not)

Sub-option b): Store data

---

(if residence cards are included)

on applications

0 (if they are not)

Option 3.2 (further document harmonisation) would have a limited impact on personal data

protection, as it would not significantly change data processing as compared to the

baseline. The situation is different for the options which entail collecting and storing data

in a database.

Whether to store data or not on applications differentiates the sub-options 3.4.a (without

rejected applications) and 3.4.b (with data on rejected applications) (see Figure below). In

order to understand the impact of data processing, it is important to explain which data will

112 Except on residence cards, whose sole requirement for issuing is a proof of a family link with a mobile EU citizen.

kom (2018) 0302 - Ingen titel

be collected. The following categories of data will be collected: biographical data of the

holder or applicant, travel document data, decision data, issued document data.

Figure 7: Dataset for long stay visa/ residence permit file

Biographical data

1. First name

2. Last name

3. Date of birth

4. Nationality

5. Sex

Decision data

12. Previously issued documents

(short - stay visa, long - stay visa, residence permit)

Document data

6. Travel document (passport) number

7. Type of document

(long - stay visa, residence permit or residence card)

13. Rejected applications

(only sub - option b)

14. Authority that took the decision

15. Date and time of the decision

16. Reasons for the negative decision

(only sub - option b)

8. Document number

9. Issuing MS

10. Validity period

11. Status

(valid/extended/withdrawn)

In the case of option 3.4.b, the data stored upon

applying for a long-stay document

would

be a combination of the biographical and travel document data presented above and would

also include: the fact that an application for a certain type of document was lodged, when,

where and with which Member State authority.

Figure 8: Dataset for residence card file

Document data

Biographical data

1. First name

2. Last name

3. Date of birth

4. Nationality

5. Sex

6. Travel document (passport) number

7. Type of document

(long-stay visa, residence permit or residence card)

8. Document number

9. Issuing MS

10. Validity period

11. Status (valid/extended/withdrawn)

Residence cards are a special case: as regards the residence card file, information will only

be stored upon issuing the document (i.e. the residence cards). Authorities responsible for

issuing these documents (consulates or legal migration authorities) would have access to

introduce and store data upon application/ issuance (of the residence card), and

subsequently to amend, and update the file. Border authorities and authorities responsible

for checks within the territory, would only have access to check with the data provided by

the person and would not have access to carry out modifications of the personal data.

The table 9 below summarises the processing applicable to the options.

Table 9: Data processing

Option

3.3 Decentralised

database

3.4.a Store data on

issued documents

Collection

√

Storage

√

Access

√

Transfer

113

√

Deletion

√

113 To a third-country or international organisation - in line with what currently exists for VIS data, exceptional

transfer of some data could take place for the prevention, detection and investigation of terrorism or other serious

criminal offences. In such case, the same conditions and safeguards that currently exist in the VIS would apply.

kom (2018) 0302 - Ingen titel

3.4.b Store data on

applications

√

Option 3.3 would have an impact on data protection, as it would add an additional access

to existing data

114

(and thus more processing, and more risks of unlawful access to or use

of the data).

Option 3.4.a would have a stronger impact on data protection, as, in addition to access, it

entails the collection and storage of data.

115

Finally, option 3.4.b would have a slightly stronger impact on data protection compared

with option 3.4.a as it involves the processing of application data in addition to issued

document data. It would thus entail the processing of a larger dataset.

Both options 3.4.a and 3.4.b entail more risks to data than option 3.3 as they rely on

a central database (the VIS) for storage.

116

However, it also has to be taken into account

that while more data is at risk, the likelihood of a breach is smaller as there is only one

system to protect and monitor. This consideration should nevertheless be qualified, as both

option 3.4.a and 3.4.b propose a limited dataset: as per the current proposal, they would

entail the processing of 16, 11 respectively, data items, most of which are based on the

document dataset. The dataset does not encompass the special categories of data that are

considered as particularly sensitive.

117

The “reason for the negative decision” might,

if left

as a free text field, reveal data related to private life or sensitive data on rare occasions.

The use of a drop-down menu, tick boxes or another technical feature of the form will

prevent this as an additional safeguard. The reasons for the negative decision should be

provided in a manner that is limited to allowing the designated authority to achieve the

purpose of carrying out the assessment of security and irregular migration checks (through

verifications on whether the person is registered in the system with previous refusal due to

identity or document fraud or for being a threat to the national security of one or more

Member States), subject to the existing limitations in law. Additional safeguards will be

included to ensure that the use of the data is fully in line with applicable legislation in the

field of legal migration or freedom of movement, as applicable, at either EU or national

level, notably that a previous refusal of a document should not automatically lead to a new

refusal and that each application should be considered on its own merits.

Options 3.3 and 3.4 would not affect the right of the individuals to access their personal

data, rectification and objection. No derogation to the general data protection regime of

Member States or of the VIS Regulation would be created. All existing provisions and

114 According to the European Court of Human Rights and the European Court of Justice, access and use of personal

data by the authorities

constitute a further interference with the right of privacy. See EDPS (April 2017) “Assessing

the necessity of measures that limit the fundamental right to the protection of personal data: A Toolkit”,

page 11.

See also and

Weber and Saravia v. Germany no. 54934/00, paragraphs 76 to 79,

115 Indeed, distinct processing operations may constitute separate limitations on the right to personal data protection

and when applicable

with the right to privacy. See EDPS (April 2017) “Assessing

the necessity of measures that

limit the fundamental right to the protection of personal data: A Toolkit”,

page 11.

116 From a data protection perspective, it is considered that central databases

create a “single point of failure” and an

addition attractiveness for hacking considered the amount of data stored in a single place. On the other hand,

consulted stakeholders mentioned that decentralised storage (having multiple, small databases only containing a

subset of information) could be seen as more vulnerable than central storage of all data.

117 Article 9 of the General Data Protection Regulation (GDPR).

kom (2018) 0302 - Ingen titel

safeguards would apply, including for option 3.3 the ones present in the current VIS

Regulation, among which Article 38 (Right of access, correction and deletion).

Options 3.3, 3.4.a and 3.4.b would not affect the right of the individuals to access their

personal data, rectification and objection. No derogation to the general data protection

regime of Member States or of the VIS Regulation would be created. All existing

provisions and safeguards would apply, including for option 3.3.

Only a limited data set would be collected, at most, on about 22 million documents

118

(including residence cards). It must be taken into account that this figure does not represent

net new sets of

personal data

as compared to what is already registered in the EU large

scale IT systems for borders and migration:

As regards TCN under a visa obligation, depending also on the regime in place in each

Member State, there is a high likelihood that a person applying for a residence

document has already access the territory of the Member States with a short stay visa in

order to apply for the residence document. In those cases, these persons are already

registered in the VIS.

As regards a visa-free TCN, with the entry into operations of ETIAS the data of each

person travelling for a short stay to EU will be registered (except fingerprints). With

the entry into operations of EES, the data of all visa free TCN entering the EU territory,

including biometric (live facial image and four fingerprints), will also be registered in

this system, with the exception of holders of residence cards (who are exempted from

registration in the EES as in their respect the obligation of stays on the territory not

exceeding 90 days in any 180 days does not apply).

The above considerations also imply that for the persons applying for a long stay document

(visa or residence permit), the personal data is already recorded in a centralised database,

VIS and in the future ETIAS and EES, and therefore creating the file for the long stay

application will entail reusing personal data, including biometrics, where available, from

existing records.

Right to life

(Article 2 CFR): options 3.2, 3.3 and both sub-options under 3.4 may have a

positive impact on the right to life by increasing security. The extent of the link between

long-stay and residence documents fraud and the right to life of EU residents is difficult to

assess, due to limited data available.

Option 3.2 would have a positive impact on the right to life, as it would reinforce the

security of the EU through making long-stay and residence documents more secure;



Options 3.3 and 3.4.a would have a similar positive impact on the right to life, as they

would both reinforce the security of the EU through the access of border guards, law

enforcement and migration authorities to long-stay and residence document data. This

positive impact may be more significant than the one of option 3.2 since the options

would create a “white list” of valid documents

adding another level of security on top

of existing security features;

118 Numbers taken from the previous study on the extension of the VIS. Currently there are an estimated 22 million

documents in circulation (19 million residence permits, 2 million long-stay visas and an amount of residence cards

not exactly known but estimated at 1 million).

kom (2018) 0302 - Ingen titel



Option 3.4.b would have, compared to options 3.3 and 3.4.a, a more significant positive

impact on the right to life, as it would further reinforce EU residents’ security via the

consideration, during the issuance process of long-stay visas or residence permits, of

relevant information linked to the person’s previous applications.

Similarly, access by law enforcement authorities for preventing terrorism and other serious

criminal offences could also have a further positive impact on this right.

Right to privacy

(Article 7 CFR):



Option 3.2 would have a limited impact on the right to privacy, as it would not

significantly change data processing as compared to the baseline;

Option 3.3 would have a more significant negative impact on the right to privacy than

3.2, as it entails additional access to and use of existing data by public authorities

119

;

Option 3.4.a would have a more significant negative impact on the right to privacy

than 3.3, as the option entails the storing, access and use by a public authority of data

related to private life

120

Option 3.4.b would have a more significant negative impact on the right to privacy than

3.4.a, as the option entails the same processing by public authorities as 3.4.a, but for a

larger dataset.



Right of freedom of movement and of residence

(Article 21 TFUE, Directive 2004/38,

and Article 45.2 CFR)

121

: options 3.2, 3.3, and 3.4 (both sub-options) would have a

positive impact on this right if residence cards are included in their scope. It would lead to

facilitation and time savings during external border checks (and internal ones, when they

are exceptionally carried out as border guard would more easily recognise the validity of

the residence card.



Option 3.3 would have a slightly more significant, positive impact on the right than 3.2,

as the check to the database would also solve issues related to technical problems in

reading the chips and thus prevent lengthy second-line checks in such cases;

Option 3.4 (both sub-options) would have a more significant, positive impact on the

right than 3.3, as the check to a central database would be quicker than a check to a

decentralised one, therefore time and convenience as facilitation gained would be more

important.



As regards the inclusion of TCN members of family of a mobile EU citizen (i.e. of

residence cards data), it must be underlined that this impact assessment treats the situation

of all categories of TCN in a non-discriminatory manner. The distinction made between

family members of mobile EU nationals and the other TCN, family members of an EU

119 See Digital Rights Ireland, paragraph 35, available at the following

link.

120 EDPS (April

2017) “Assessing

the necessity of measures that limit the fundamental right to the protection of

personal data: A Toolkit”,

page 11. The European Court of Human Rights has further specified that “data related to

private life” should not be interpreted

restrictively and encompasses business and professional activity. Within the

proposed dataset, the reason for the negative decision on an application could contain such information (e.g. the

person employment, family, health situation has changed). See European Court of Human Rights, Amann v.

Switzerland [GC], no. 27798/95, § 65, available at: https://hudoc.echr.coe.int/eng#{"itemid":["001-58497"]}

Article 45.2: “Freedom of movement and residence may be granted, in accordance with the Treaty establishing the

European Community, to nationals of third countries legally resident in the territory of a Member State”.

kom (2018) 0302 - Ingen titel

national or not, is driven by the difference in the residence document that is issued, i.e. a

card for the first category, a permit for the second. The difference between these two

categories of documents comes from the different conditions of issuance, i.e. based on EU

legislation which distinguishes between the conditions applied to issuing residence permits

to family members of EU nationals in general (the Family Reunification Directive), and the

conditions applied to issuing cards to family members of mobile EU nationals (Directive

38/2004).

However, this initiative is without prejudice to the conditions or grounds of issuance of

these documents. Instead, it focuses on two objectives (faciliting checks at borders and

ensuring the security of the Schengen area) which stem from the conditions of crossing an

external border to which all TCN, irrespective of the reasons for which a document of

residence was issued to them, are subject.

There is currently no mechanism in place to exchange information among Member States

enabling them to assess at borders and even before a residence document is issued, whether

the person could pose a security risk or is an identity fraudster, as the current assessment is

based exclusively on national information. Hence, if this category of TCN was left outside

the scope of this initiative, the information gap and thus the security gap identified in the

problem definition would be reduced, but not closed and advantage of this could be taken

in order to obtain an easier, less checked and more comprehensive (due to extensive rights

attached to it) access to enter, freely move and reside in the EU territory.

Considerations on biometric data in option 3.4

Adding biometric data, and particularly fingerprints, to the data set to be accessible in the

database would have the advantage of allowing identification of the bearer of the residence

permit, residence card or long-stay visa

122

with a level of certainty much higher than as it

would be without (relying solely on visual identification and/or identification based on

biographical data). It would thus ensure that these documents are solely used by the

genuine bearer. Border guards, law enforcement or migration authorities would be able to

detect cases of multiple identities across systems using biometrics in line with the

interoperability proposal recently tabled by the Commission

123

and similarly to what

already happens for short stay travellers whose biometrics are collected in the EES and

VIS.

However, the collection and storage of long-stay

travellers’

biometric data

by Member

States is currently

not harmonised.

While some Member States collect and store

fingerprints in national databases, some other Member States delete the biometric data

from their databases after placing it on a residence permit or a card. Therefore,

while for

some persons biometric data is available, for some others it is not.

The number of

fingerprints may also vary depending on the Member State. Due to this situation, collecting

biometric data from national databases to store them in the EU database would lead to

122 According to the 2017 Feasibility study (p.33), there is no EU legislative provision for the collection of biometric

data for long-stay visas. Some MSs collect fingerprints (a variable number depending from the MS) and facial

image. However, in some cases no biometrics are collected at all or they are deleted shortly after the issuance of the

document (e.g. after 90 days).

123 COM(2017) 794.

kom (2018) 0302 - Ingen titel

differences in the collected data set depending on the person and the Member State that

collects it.

According to the strict necessity principle in data protection, if the system can achieve the

objectives without biometric data for some persons (e.g. when they are not available, as

some Member States have not stored them in a database), it means that biometric data is

not strictly necessary. However, given that biometrics of most of the TCN affected by this

measure are or will be available in the central EU databases and that with the proposed

Shared BMS of the interoperability proposals there would be no technical issue in handling

different types and different combinations of biometrics, the impact on data protection is

significantly limited. The system could work with just storing the minimum denominator

of biometrics per documents (e.g. two fingerprints and facial image for residence permits,

facial image for long stay visa and residence cards).

6.1.4. Migration and security checks

Economic costs and benefits

The budgetary impact of this measure could be estimated on the basis of extensive existing

analysis of the similar measure in ETIAS. However, it must be taken into account that

significant differences exist: there are no setup costs for the VIS, which is already up and

running. Costs to be taken into account would include the search interface to other systems

to be developed. In option 4.1 the interoperability platform will be reused. This will reduce

the overall cost in a consistent manner and would avoid natural redundancies of

heterogeneous elements.

Based on similarities with ETIAS (although for a size of the population of about half that

of ETIAS)

–

and taking interoperability development costs as already incurred, a high level

estimate would place the investment for the central system (eu-LISA implementation) for

implementing option 4.1 (automated and systematic checks against multiple databases) at €

10 m. Regarding the business impacts for the MS, the interface and process for the ETIAS

may be reused, thus significantly limiting the costs and complexity for MS integration.

Both option 4.1 and 4.2 (automated cross-checks + screening rules) would entail similar

costs from this perspective.

Policy impacts

The legitimate public interest of ensuring a high level of security is positively affected by

the implementation of automated data-base check. A better and more accurate

identification of the security risk of TCN crossing the external border of the Schengen area

supports the detection of cross border criminality, and it more generally facilitates the

identification of persons whose presence in the Schengen area would pose a security,

migration or public health threat. It would thus contribute to improving the security of the

citizens present in the Schengen area and enhancing internal security in the EU.

Benefiting from interoperability proposal, it would be illogical to enable such cross-checks

for visa-exempt TCN, yet choose not to use it for visa required TCN, who by definition

come from countries with a higher migratory-security risk for the EU. Thus, the proposed

measure, for both options 4.1 and 4.2, is rebalancing a potential unbalanced treatment

kom (2018) 0302 - Ingen titel

between visa-exempt travellers and visa-required travellers, whereas option 4.0 (the

baseline) does not meet this objective.

Table 10: Effectiveness in meeting the objectives

Objective

Option

4.0: Baseline

4.1: Automated cross-checks

4.2: Automated cross-checks and screening rules

Migration and security assessment

Fundamental rights impacts

The proposed measure (for options 4.1. and 4.2 which entail taking action) has an impact

(positive, negative or both) on each of the following fundamental rights: right to liberty

and security (Article 6 of the Charter), the protection of personal data (Article 8 of the

Charter), the right to non-discrimination (Article 21 of the Charter), and the right to an

effective remedy (Article 47 of the Charter).

As mentioned by FRA in its report on interoperability

124

: "Receiving the full picture about

a person contributes to better decision-making. To this end, safeguards need to be in place

to ensure the quality of the information stored about the person and the purpose of the data

processing. Such safeguards should prevent unauthorised access and unlawful sharing of

information with third parties. To ensure the right to an effective remedy, practical

possibilities to rebut a false assumption by the authorities and to have inaccurate data

corrected need to be in place." At the same time, this measure guarantees non-

discriminatory checks for all short stay visa applicants, irrespective of the Member State

with which they are applying

–

which is currently not the case. The VIS Regulation already

contains guarantees ensuring information for the person who submitted an application and

effective remedies (as explained in section 5.1 in the baseline description).

The proposed measure aims at enhancing security and irregular migration checks, hence

contributing to the legitimate public interest of ensuring a high level of security. As such, it

can contribute to the protection

of people’s right to life (Article 2 of the Charter). A better

and more accurate identification of the security risk posed by TCN applying for a visa

allowing them to cross the external border and move freely within the Schengen area

facilitates the identification of persons whose presence in the Schengen area would pose a

security threat. This way the proposed measure would contribute to improving the security

of the citizens present in the Schengen area and enhancing internal security in the EU.

The proposed checks against a number of migration and security databases do not entail

collecting new data from the applicants, however they entail new processing, by checking

their bio-data, in particular biometrics, against a number of large-scale databases which

were previously not part of the compulsory checks in the visa procedure. However, these

checks are currently either already done by national authorities (SIS, Eurodac, SLTD,

124

Fundamental rights and the interoperability of EU information systems: borders and security,

Report by the EU

Agency for Fundamental Rights.

kom (2018) 0302 - Ingen titel

TDAWN) within the consulates (at an uneven or ad-hoc basis) or at borders (compulsory),

or will become compulsory checks in the future (ETIAS). The only new system that will be

checked against is ECRIS-TCN, which is however included as a compulsory check for

ETIAS applicants.

Given the purpose of the visa examination procedure which entails an assessment of the

security and migratory risk of the visa applicant, and that all the above mentioned

databases respond to this purpose, the processing against databases will be limited to what

is necessary to attain the objective of ensuring a high level of security of the visa

processing. The checks will be carried out with a limited sub-set of biographical data

together with fingerprints, thus limiting significantly the possibility of false matches.

Moreover, the searches will be foreseen so as to return an informative result to the visa

processing authority. They will not trigger an automatic refusal of the visa and cannot,

taken alone, constitute a reason for refusal.

The search results will not be stored, therefore no possible breach of its integrity or of the

confidentiality of the data subject could take place. The measure is also subject to the

purpose limitation principle, as the data that will be used for these checks will not be

further processed in a manner that is incompatible with the stated purposes. The envisaged

data processing is therefore adequate, relevant and not excessive in relation to the purposes

defined. Finally, all existing VIS safeguards regarding the right of the data subject,

including the right to access, deletion and the effective remedy will apply to this procedure

as well.

As regards the screening rules, they are devised on the exact same conditions as those

applied in ETIAS to visa free TCN. They do not entail processing of personal data, only a

check against a number of statistical indicators, based on a model customarily used in

migratory and risk assessments (e.g. Frontex annual risk assessment). Specific safeguards

ensuring that the right to non-discrimination

based on a person’s race, colour, ethnic or

social origin, genetic features, language, political or any other opinions, religion or

philosophical belief, trade union membership, membership of a national minority,

property, birth, disability, or sexual orientation will be expressly provided. To ensure the

supervision of the set up and application of the screening rules and in particular of the non-

discrimination principle, the specific risk indicators on the basis of which the screening

rules will be developed, will be defined, established, assessed ex ante, implemented,

evaluated ex post, revised and deleted based on the appraisal and recommendations of the

Fundamental Rights Guidance Board established by the ETIAS Regulation, and which is

composed of

the

Fundamental Rights Officer of the European Border and Coast Guard

Agency, a representative of the consultative forum on fundamental rights of the European

Border and Coast Guard Agency, a representative of the EDPS, a representative of the

European Data Protection Board and a representative of the Fundamental Rights Agency.

In terms of proportionality, limitations to privacy and data protection brought about by

options 4.1 and 4.2 (which is similar to 4.1 in terms of data protection impact, as the

screening mechanism does not entail processing personal data) preserve the essence of the

rights.

kom (2018) 0302 - Ingen titel

7. H

OW DO THE OPTIONS COMPARE

The options for all four problems analysed will be scored for their effectiveness in meeting

the objectives; the efficiency (the result of striking a balance between costs and benefits);

their social impact and impact on fundamental rights

–

given the fact that the measures

involve a trade-off between fundamental rights impacts and gains in other terms (i.e.

security); and lastly for their coherence with overarching EU policies.

7.1.

Copy of the travel document

Efficiency and effectiveness

Both Option 1.1 (centralised storage of travel document copy) and Option 1.2

(decentralised storage), as well as their sub-options, can contribute to the identified

objectives of general interest, though Option 1.1 performs moderately better and in a far

more cost-efficient manner than Option 1.2. This is reflected in the scoring for cost

efficiency and effectiveness in meeting the objectives, in Table 11 below.

Beyond improvements that would be achieved by sub-option A

–

which would already be

sufficient for the identified purposes of facilitating return procedures, sub-option B would

translate into an improvement when it comes to proving the travel history, which is

important for VIS's ancillary purposes in return and asylum procedures.

Social impacts and fundamental rights

The analysis of impacts fundamental rights (section 6.1.1.) showed that the all proposed

options would have a positive effect on asylum procedures (to identify persons in need of

international protection).

In terms of negative effects on fundamental rights, storing a copy of the travel document

would entail further processing of personal data. These considerations are also reflected in

the scoring for fundamental rights in the Table 11 below.

Necessity and proportionality

For options 1.1, Option 1.2 and Sub-option A the measure would be demonstrably suitable

with respect to achieving its purpose, therefore both options satisfy the proportionality test.

The travel document data page is precisely what is required by third country authorities as

proof of nationality in the absence of a valid travel document.

While both options will achieve the same level of effectiveness in fulfilling the objectives,

Option 1.1 achieves a higher level of efficiency (timeliness, cost-efficiency and security).

Furthermore, Option 1.2 (decentralised storage) cannot necessarily be considered as less

intrusive given that the same information would ultimately be made available to the

designated return authorities in all Member States. No matter which technical architecture

is selected, the measure is intended to enable a Member State’s authority to access data

stored by (an)other Member State during the visa procedure.

As to the proportionality of the sub-options, the scope of personal data to be stored under

sub-option A is both relevant and necessary for the stated purposes of facilitating returns.

The intrusiveness of the proposed sub-option is in itself very modest, as the same data are

already entered in VIS in the current situation, albeit in a different format.

kom (2018) 0302 - Ingen titel

As regards sub-option A, assuring that appropriate safeguards prevent against the

processing of these new data, the interference on the right to privacy and the protection of

personal data would not be greater than the current VIS system, for which no complaint on

data protection has been registered to date

125

, and adequate safeguards have been put in

place. By contrast, the data implied by sub-option B is more intrusive and it would not

substantially contribute to the explicit objective of the measure, which is to facilitate the

return of TCNs without a valid travel document. Since sub-option B is more intrusive and

no more effective for achieving the identified objectives it could be concluded that the

processing of these data is considered disproportionate

if it were to be stored centrally.

Therefore, the necessity and proportionality of a measure involving storage

–

either

at central level (Option 1.1) or decentral level (Option 1.2)

–

of a digital copy of the

data page of the visa applicants’ travel document in the VIS system would be

justified.

Coherence

All proposed options and sub-options are coherent with other EU policies also in particular

the return policy, as well as the asylum policy. They are also fully coherent with the visa

policy and the proposal amending the Visa Code.

126

Table 11: Overall comparison of policy options (1)

Option

Coherence

Effectiveness in

meeting the

objectives

Social impacts

and

fundamental

rights

Efficiency

(economic costs

and benefits

1.0

1.1

Baseline

Digital copy of the

travel document in the

central VIS

Biographical page only

+++

-/+

--/+

All used pages

Digital copy of the

travel document in

national systems

Biographical page only

All used pages

1.2

-/+

---/+

7.2.

Fingerprinting of minors

Efficiency and effectiveness

As stated when describing the impacts in the section 6.1.2, lowering the fingerprinting age

of children in VIS meets the objectives, which is why both option 2.1 and 2.2 are

125 See COM(2016) 655 final, page 12.

126 COM(2018)252, Return of migrants is analysed here as a part of visa policy.

kom (2018) 0302 - Ingen titel

considered to be effective. Option 2.1 is more effective because research shows that the

fingerprints of children

under

the age of 6 are not as reliable as fingerprints of the children

above the age of 6. This scientific finding, coupled with the fact that there is a relatively

low number of children affected by abuse of rights phenomena (including trafficking) in

this age group (i.e. meaning below the age of 11 years, taking into account the maximum

period of validity of a granted visa), means that the option 2.2. is less effective in meeting

the objectives, which is reflected in the score for effectiveness in Table 12 below.

From the description of the costs/benefits in section 6.1.2, results that option 2.1 (lowering

fingerprinting age to 6) involves much less economic costs than option 2.2 (including all

ages), which is fully reflected in the rating of efficiency in the Table 12 below.

Social impacts and fundamental rights

The analysis of fundamental rights impacts (section 6.1.2) showed that the measure

includes a trade-off between positive and negative impacts: it would have a positive impact

for the protection of the fundamental rights of children, protecting them against human

trafficking or protecting the right to family life by reuniting trafficked children with their

family members. However, storing such sensitive personal data of a vulnerable age-group

would naturally also entail negative impacts, as was duly stated in the analysis. However it

was considered that the positive impacts outweigh the negative ones. The rating of the

fundamental rights in Table 12 reflects these considerations.

Necessity and proportionality

From a data protection point of view, both options are found to be appropriate, strictly

necessary and not excessive for the objective of border checks, by providing the only

means available to allow an unambiguous identification of the child at the border or within

the territory, both to prevent trafficking but also allowing to identify and return to the

family children that had gone missing or were found victims of trafficking.

Option 2.1

–

Taking into account the immense positive impact for protecting the right to

family life and best interests of the child, this option can be considered a proportional

measure under specified purposes and given the strict conditions and safeguards existing

on data protection ensuring that the fingerprints are only accessed under the visa and

border procedures provided by law and otherwise only used to protect children from

trafficking or identify and protect trafficked children and missing children.

Option 2.2

–

Since all children are entitled to protection, this option would have a positive

impact with regards to the protection of all TCN children under 6 having applied for a visa.

However, there are several limitations: the number of potentially affected (i.e. trafficked)

children appears to be relatively low, for this age group there is less reliability of the

fingerprints taken and there would be significantly higher practical hurdles in carrying out

fingerprinting in a child-friendly and adequate manner for very young children. This

hampers the overall effectiveness of the measure: the effectiveness of the measure for all

children from 0 to 12 years is lower than for children between 6 and 12 alone. In

conclusion, whereas taking fingerprints of children below the age of 6 would still meet the

policy objective to a certain degree, it appears to be less proportionate in view of the

technical limitations it entails, as well as the relatively low number of children targeted in

this age group.

kom (2018) 0302 - Ingen titel

In light of these considerations, the data collected under option 2.1 is relevant and needed

to contribute to the first objective of improving the implementation of the common visa

policy, whereas the option 2.2 does not reach this threshold.

Coherence

Both proposed options are coherent with other EU policies

–

namely the visa policy, and

also respect for the principle of primary consideration of the best interests of the child,

which should be taken into account in all EU action. Additionally, option 2.1 presents full

coherence with the recent Eurodac proposal which provides for lowering the fingerprinting

age for children in asylum procedure or found in irregular migration process from the

(current) 14 years of age to 6 years. Taken together, the data registered in the VIS

(covering children arriving on EU territory as part of a regular migration process) and

Eurodac (covering children arriving with irregular flows or seeking asylum) cover to a

very large extent the spectrum of third country national children arriving on EU territory

and that could be identified in case they are found as victims of trafficking or other forms

of abuse or who had been reposted as missing. To complement this framework, the SIS

that contains alerts on missing persons (including children) could be fed with identity

information, including biometrics, from the VIS, to support the search operations, in case

the child that had gone missing is a TCN under visa obligation.

Table 12: Overall comparison of policy options (2)

Effectiveness in

Option

Coherence

meeting the

objectives

2.0 Baseline

2.1

Lowering the

fingerprinting age

to 6 years

Lowering the

fingerprinting age

all ages

Social impacts

and fundamental

rights

Efficiency

(economic costs

and benefits

++/-

+++

+/0

2.2

7.3.

Long-stay visas and residence documents

Efficiency and effectiveness

Effectiveness:

Ultimately, sub-option 3.4.b (Integrate in the VIS) is the only option that

fully addresses the second objective (i.e. information exchange), as storing data on

documents and applications would offer migration authorities a complete picture on the

situation of the TCN applying for a new document. It would be effective regarding false

documents, including forged documents, as in these cases the information in the database

would differ from the information in the document presented to the border guard. And

would be effective regarding letting migration authorities know of security issues

encountered by other Member States with previous applications or use of the document by

the TCN.

Concerning Option 3.3 (the distributed database), it would allow improving security within

the EU and provide border guards and officers carrying checks within the territory access

to a “white list” of valid documents. However, its complexity and difficulty of

kom (2018) 0302 - Ingen titel

implementation, together with the difficulties in delivering high performance searches with

such setup, would reduce its effectiveness in addressing the policy objectives.

While taking into account the upcoming Commission proposal to further harmonise the

format of the residence cards, the Option 3.2 (further harmonisation of the format) would

meet the general and the specific objectives related to checks at external border as it will

make it more difficult to forge or counterfeit the document - and thus improve security

within the EU. This option would also make it easier for border guards to recognise valid

residence document. However it does not meet the specific objective of exchanging

information between Member States on third-country national holders of, or applying for,

long-stay and residence documents, and cannot fully address the problem at borders

either.

127

These considerations are reflected in the scoring of options for effectiveness in

Table 13 below.

Efficiency

Option 3.2

–

Further document harmonisation scores positively for efficiency in

securing borders128, albeit limited to the documents that are subject to harmonisation and

contain security features. However, for this option it must be emphasized that the objective

of facilitating the exchange of information for enhancing the security of the Schengen area

is not met (which is reflected in the score given to this option for effectiveness).

Option 3.3

–

creating a decentralised database

–

will be complex and overly costly to

implement, due to major difficulties deriving from the different governance, legal basis,

languages and technical solutions used across national systems. These difficulties could

delay implementation by several years. Moreover, it would not leverage on the existing

infrastructure of the VIS.

Option 3.4

–

(either sub-option a/b) offers significant advantages and a much better cost-

benefit. In particular, only this option would allow ''triangular verification'' (person <=>

document <=> system), which has proven to be a successful approach for the efficient

tackling of unlawful use of documents through the correct assessment of (i) their validity

and authenticity and of (ii) the identity of the holder. It provides a higher level of security

than reinforcing the security of documents, as it cannot be affected by material damage

(e.g. broken chip in a residence document) or loss of the document. This approach also

allows accurate identification (in particular if biometrics are stored in the central database

–

as explained in section 6.1.3 in the consideration on biometrics) in a less cumbersome

manner than using fingerprints stored in the chip. Overall, this option would have

a positive societal impact both on EU citizens who would benefit of the additional security

of the Schengen Area, and on TCNs who would benefit of an automated and potentially

faster border crossing. Furthermore, this option is supported by the public consultation:

a majority of the respondents who consider that an EU solution should be given to address

the identified information gap would also support a repository of long stay visas and

127 As described by Frontex: by making documents secure, fraudsters start targeting the previous steps i.e. breeder

documents.

128 Based on the assessment included in the IA of the DG JUST proposal.

kom (2018) 0302 - Ingen titel

residence documents as part of the already existing Visa Information System, while

respecting the principle of separation of data and access rights by the various authorities

129

Table 13: Overall comparison of policy options (3)

Option

3.0

3.2

3.3

3.4.a

Baseline

Further format

harmonisation

Distributed database

Coherence

Effectiveness in

Social impact

meeting the

and fundamental

objectives

rights

Efficiency

(economic costs

and benefits)

+++

+/-

+++

0/-

+/---

+/--

++/---

Extend the VIS with

documents data

Extend the VIS with

3.4.b documents and

application data

130

Additional benefits of VIS stem from the fact that it is already used and well known by

Member States

131

and it serves similar business processes. As part of the new

interoperability platform, the inclusion of data in the VIS opens the possibility for

detection of multiple identities of TCN applying for one of these documents, and to police

identity checks within the territory. With this option, MS would be able to benefit of its

search services offered centrally, in a proven, controlled and highly performing manner. It

would maximise the re-use of existing infrastructure, including benefitting from ancillary

services such as logging, reporting, data quality, statistic extractions, access control etc.

For border checks:

The central system would be consulted by border guards to verify the

documents arriving at the borders against a centralised system and the travel document of

the holder (triangular verification). It would simplify the administrative burden, by

enabling fast, electronic checks via the central system. It would also reduce the need of

bilateral exchanges triggered by doubts on the documents. It would also help efficiently

implement the future Carrier Gateway of EES and ETIAS

–

in the absence of these

documents in the system, the gateway would give a false negative as a short stay visa or an

ETIAS travel authorisation would not be found for that traveller, thus generating confusion

for the carriers, adding to the administrative burden of procedure and potential negative

consequences for the TCN that would then have the burden of proof that they do not

require them.

For migration and security assessment:

By centralising information, this option would

mitigate the information gap and support the cooperation among MS during the assessment

of new applications, by enabling them to perform upstream checks on the applicant, in

129 Open public consultation feedback (see Annex 2).

130 "application data" refers to whether a person has applied for a document and what was the outcome of the

application process.

131 As regards the particular case of residence cards, which give a right of free movement not only within the Schengen

area but in all MS, additional access to the VIS will need to be provided, for the purpose of storing the cards and

checking those issued by other MS, also to Bulgarian, Croatia, Cyprus, Ireland, Romania and the UK (to be noted

that Bulgaria, Croatia and Romania have already built the national VIS in the preparations to become part of the

Schengen area, although they do not have legally the right to access the system for the purpose of processing short-

stay visas until a Council Decision on lifting the internal border controls with these countries is taken. Hence, new

access to VIS repository on cards would be limited to Ireland and Cyprus.

kom (2018) 0302 - Ingen titel

particular to assess irregular migration and security risks e.g. by accessing information on

previous applications in other Member States, the use made of previously issued

documents, or to use VIS's interoperability to other databases to perform basic security

checks and detect identity fraud. Additionally, the information on long-stay and residence

document holders could support the examination of asylum applications and determining

the MS responsible for such applications (similarly to what is already done for short-stay

visas in the VIS

132

). Furthermore, the stakeholders' consultation confirmed the need for

developing a shared EU repository that would contribute to reducing identity and

document fraud, combatting irregular migration, and preventing, detecting and

investigating terrorist offences and other serious criminal offences

133

Social impact and fundamental rights

In terms of social impacts and fundamental rights there is a trade-off between increased

security for the society and impact on fundamental rights (namely through processing of

personal data): by helping to increase security of the EU through information-exchange,

the options which meet the objective of information exchange (options 3.3, 3.4.a and 3.4.b)

also score high for their social impacts, whereas option 3.2 and the baseline 3.0 do not

meet the security objective, so they score much less in terms of benefits on social impacts.

As analysed in greater detail in section 6.1.3 under impacts on fundamental rights, the

options which include putting personal data in a repository (3.3., 3.4.a/b) will have an

impact on fundamental rights. However, already existing and proposed safeguards will

minimise these impacts, as is explained in more detail in the next section on the necessity

and proportionality of the options. These considerations are reflected in the scores in

Table 13. It is important to note that option 3.4.b (centralised repository, with data on

applications) scores best in terms of trading off positive social impacts and impacts on

fundamental rights (on the other hand, option 3.2 of document harmonisation entails less

impacts on fundamental rights, but positive social impacts are all minimized as well).

Necessity and proportionality

In an area without internal borders, no Member State alone is able to cope with irregular

immigration and to cover for the risks to the security of this area, including international

terrorism and serious crime. A person may enter the Schengen area using a document

issued under national competence by one Member State and circulate freely to the territory

of the other Member States. A comprehensive verification of the compliance with EU rules

on crossing external borders therefore cannot be ensured by Member States acting alone.

While Member States will retain fully their current competence in issuing long stay visas

and residence documents in accordance with national legislation and applicable EU law, in

particular data protection rules, storing data on these documents in the VIS would allow

Member State authorities to access data on third-country nationals who cross the EU

external border with a document issued by another Member State in an easy, safe, secure

and streamlined manner, as well as use the data stored on previous applications to take

informed decisions on whether the person could be a threat to the security of the Schengen

area or an identity or document fraudster.

132 Articles 21 and 22 of Regulation (EC) No 767/2008.

133 Open public consultation feedback (see Annex 2).

kom (2018) 0302 - Ingen titel

By reusing the VIS technical setup and infrastructure, the investments necessary are kept to

a minimum and will only entail connections between the national systems and the VIS. As

regards the former, the national visa systems are already fully interconnected to the VIS,

for the issuance of short stay visas. Therefore, only connection of national systems will

only be necessary in those cases and for those Member States that have separate national

systems for managing residence documents. Therefore the preferred option is also

proportionate in terms of costs, taking into account the benefits the system will provide to

all Member States in managing the common external border and protecting the area

without internal borders.

As regards fundamental rights, including the protection of personal data, the preferred

option based on a VIS solution, whose concept is driven by the

privacy by design,

proportionate in terms of the right to protection of personal data in that it does not require

the collection and storage of more data and for a longer period than is currently the case for

the same categories of affected TCN in similar processes

–

short stay visas, ETIAS, EES

–

and absolutely necessary to allow the system to function and meet its objectives, including

what a border guard currently sees when checking a long-term visa, residence card or

permit presented at the border. Only personal data that is adequate and relevant for the

purposes of the processing would be collected and processed

134.

Similar to what happens today with all existing EU information systems, the rights of the

TCN applying for these documents are affected to a limited extent

135

. These limitations are

necessary to achieve the general and specific objectives described in section 4 and so are

necessary and proportionate. They will however be accompanied by all the safeguards and

mechanisms required for the effective protection of the fundamental rights of TCN

concerned, in particular the protection of their private life and personal data will be

foreseen and implemented.

Thus, the limitation is justified as the advantages outweigh the disadvantages caused with

respect to the exercise of fundamental rights; therefore, the limitation is deemed

proportionate.

Coherence

All options (except the discarded status quo baseline 3.0) are coherent with the overarching

objectives of EU policies at least to some extent. Option 3.2 on further harmonising the

residence documents is fully coherent with existing and upcoming developments in the

area of harmonising documents and securing them

136

. Option 3.3 on the decentralised

database is coherent with the general efforts to increase the cooperation between national

administrations. Option 3.4 is fully coherent with the EU policy on the gradual

introduction of an integrated management system for external borders and on the checks to

which persons crossing external borders are subject. Moreover, this option is also coherent

134 Biographical and document data would be used to compare with the data of the presented document and to detect

forged, counterfeited and stolen blank documents. Decision data would be used by migration authorities to inform

their decisions during the application process. Data generated by the repository would be used to structure the

database.

135 The CJEU established the criteria for justification of such interference in the context of Regulation 2252/2004 in

Case C-291/12 Schwarz v Stadt Bochum, ECLI:EU:C:2013:670.

136

COM(2018) 212 final, 17 April 2018.

kom (2018) 0302 - Ingen titel

with the EU policies in the field and return and asylum, respectively. This is reflected in

scoring in the Table 13.

7.4.

Migration and security checks

Efficiency and effectiveness

Both proposed options meet the objectives of conducting robust migration/security

assessment, whereas the baseline scenario does not guarantee that this objective is

uniformly met (as analysed in section 6.1.4). These considerations are reflected in the

scoring for effectiveness in Table 14 below. Both proposed options are building upon the

costs undertaken for the interoperability proposal (as mentioned in section 6.1.4), which is

reflected in their score for cost efficiency in Table 14.

Social impact and fundamental rights

In terms of social impacts and fundamental rights there is a trade-off between increased

security (due to more thorough security assessments of TCN) and negative impacts on

fundamental rights of the TCN (since their personal data would be subject to new types of

processing). Achieving the goal of increased security prevails in this case, since all

appropriate safeguards will in place to limit the negative impacts on fundamental rights (as

explained in the description of the baseline scenario and further developed below in the

section on necessity and proportionality). These considerations are reflected in the score

for social impacts and fundamental rights in the Table 14.

Necessity and proportionality

The assessment of whether additional systems should be queried during the assessment of

a visa application and whether such searches are proportionate and necessary as part of

migration and security risk assessment reveals that the measure is needed to properly

assess migratory risk and fraud and to ensure a level playing field across Member States. It

is not a disproportionate measure since at least the same amount of checks would need to

be carried out on visa applicants as would be done for visa free travellers under ETIAS and

very similar to the systematic checks upon entry and exit to which

every

EU citizen is

currently subject.

The VIS will be interoperable with other police, judicial and immigration systems in order

to cross-check information contained in VIS against information recorded in these systems.

From a data-protection point of view, it can be noted that cross-checking data available in

the VIS with all information contained in other systems may not be relevant for the VIS

purposes. Therefore as an additional safeguard, provisions will be added to the VIS

Regulation defining precisely with which set of limited data a search will be launched

against other systems, and include biometrics in order to obtain the most accurate answer

and avoid false positives. The Visa Code provisions in this respect will define precisely

which information in other systems is relevant to the purposes of these checks and

therefore which types of data will have to be returned by the checks, in order to strictly

limit the cross-check of VIS data with this information. The existing safeguards in the VIS

Regulation and the Visa Code in respect of data processing, fundamental rights and

purpose limitation will apply (i.e. the information obtained will be strictly used for the

kom (2018) 0302 - Ingen titel

purpose of checking whether the conditions of entry as set out in Article 21(3) of the Visa

Code, while refusal of a visa must strictly correspond to one of the grounds laid down in

Article 32 Visa Code).

Coherence

The proposed options 4.1 and 4.2 are using synergies created by the interoperability logic;

therefore it is fully coherent with other EU existing legislation and proposals in the area of

border management. A similar mechanism has been proposed

137

to support the processing

of the ETIAS authorisation for visa-free TCN. The introduction of the automated checks

and screening rules for TCN subject to a visa obligation would therefore ensure that at

least the same level of checks done for visa free TCN and thus ensure coherence between

the regime applicable to the two categories of TCN by EU policies.

By enabling authorities to have readily available and streamlined security and migration

information on the applicant during the examination procedure, the mechanism of

automated checks accompanied by screening rules enables the detection of any irregular

migration or security risk early on in the process and thus contributes to the prevention of

irregular migration and security risks on EU territory and is thus also coherent with the EU

policies in these areas.

Furthermore, views from stakeholders support the introduction of options 4.1 and 4.2.

During regular Schengen evaluations, Member States and border management authorities

stated they would welcome automatization of the security cross-check against other

applications in order to facilitate the border check procedure while enhancing security;

additionally to this, introducing screening rules in VIS would allow for an advanced risk

assessment

138

Table 14: Overall comparison of policy options (4)

Effectiveness in

Option

Coherence

meeting the

objectives

4.0 Baseline

4.1 Automated

cross-checks

4.2 Automated

cross-checks and

screening rules

Social impacts

and fundamental

rights

Efficiency

(economic costs

and benefits

+++

++/--

++/-

8. P

REFERRED OPTIONS

8.1.

Copy of the travel document

The preferred option to emerge from this study is

Option 1.1.A

–

Centralised storage of a

digital copy of the bio-data

page of the visa applicants’ travel document in the VIS.

The contracted study concluded that sub-option B is more intrusive and no more effective

for achieving the identified objectives and that as a result, the processing of the additional

137 Agreed in trilogues between EP, Council and Commission during March 2018.

138 Schengen Evaluation Report, presented by the Commission in October 2016.

kom (2018) 0302 - Ingen titel

data (all used passport pages) was considered disproportionate if it were to be stored

centrally.

8.2.

Fingerprinting of minors

The preferred option is

Option 2.1

–

Lowering the fingerprinting age to 6 years.

Option 2.1 (lowering fingerprinting age to 6

–

thus covering visa holders as of 11 years of

age, which is at the start of the age segment, 12 to 17 years of age, which is the most

affected by trafficking and other abuse of rights phenomena) contributes to the policy

objectives as identified; it facilitates the protection of these children while traveling with a

visa and after arrival in the Schengen area, while attaining necessity and proportionality

thresholds.

8.3.

Long-stay visas and residence documents

Option 3.4.b

–

Extend the scope of the VIS to include long-stay visas and residence

documents

–

Store also data on all applications

is the preferred option since it satisfies

the criteria of necessity and proportionality, while also meeting the criteria of coherence,

effectiveness and efficiency more than any other alternative. While option 3.2

–

further

harmonisation of residence documents

–

is not the preferred option for this IA, the analysis

carried out recognises its significant contribution to the achievement of the specific

objective related to an increased security at borders. Ideally, all documents allowing a TCN

to cross the external border, stay and/or reside in the territory of the Member States should

be harmonised, to facilitate border checks. Exchanging information on TCN applying an

entry and residence document ensures upstream verification of the person and its bona fide

intentions, while harmonisation of the issued documents ensures downstream proper

verification at the border or within the territory. Therefore, important synergies exist

between these two options, taking into account in particular the Commission legislative

initiative to harmonise and secure the residence cards, which would advance significantly

the further harmonisation of documents and thus further contribute to the objective of an

increased security at borders.

Through facilitating the systematic and better exchange of information among Member

States on TCNs holding or applying for long stay visas and residence documents, the

second specific objective would result in

enhancing the internal security of the

Schengen area,

thus closing the identified information gap. When records of long-stay or

residence documents are placed in a central system and accessible to all relevant Member

State authorities, each Member State would be able to make a more precise and impartial

assessment of the security risk, based on the records found in the system while checking

TCNs at the border crossing points or assessing the application.

139

The second specific objective also presents a dimension of

support to fraud detection

linked to obtaining authentic documents on the basis of false breeder documents,

140

better information exchange between Member States could help identify these cases and

118 As regards residence cards, it must be noted that application data will not be stored, as the sole requirement for

issuing this document is a proof of a family link with a mobile EU citizen.

119 E.g. birth, marriage and death certificates.

kom (2018) 0302 - Ingen titel

pass the information to all Member States. Currently if a person tries to apply to a long-

stay visa or residence document in one MS with falsified application documents, there is

no systematic ways for other MS to know about the situation of this TCN.

In addition, facilitating the better and systematic exchange of information among MS

would also minimize administrative burden and overcome the language barrier when

contacting another MS to verify authenticity of the TCN’s document..

8.4.

Migration and security

The preferred

Option is 4.2

–

Automated cross-checks + screening rules

This option meets

the objectives by allowing for proper migratory and security checks for TCN to be

conducted uniformly across the EU. Furthermore, the option puts the recently proposed

interoperability initiative to practical use, by making interoperable IT-systems work

together. The selected option is necessary and proportionate to meet the objectives, since

the trade-off between negative impacts on fundamental rights and the gains in terms of

improved security is offset by tight safeguards (already existing and newly developed as

part of the proposed option).

8.5.

REFIT (simplification and improved efficiency)

The 2016 REFIT evaluation of the Visa Information System (VIS) looked into the legal

framework of the VIS and examined whether this instrument is fit for purpose, delivers on

its objectives at reasonable cost, is relevant, coherent and has EU added value. The

evaluation shows that the VIS was effective in meeting its objectives.

The evaluation concluded that the

VIS meets its objectives and functions well.

The VIS’s

benefits were found to outweigh its costs, and the system remains relevant and continues to

have EU added value. No specific problems of regulatory changes were identified, or

administrative burden that needs to be cut. The Report recommended that the

VIS be

maintained and further developed

to respond to the new challenges in visa, border and

migration policy.

The measures proposed by the Commission under the present initiative entail both

measures addressing the problems identified in the evaluation, as well as new initiatives,

that extend the scope of the VIS beyond its current application (see notably topics 1 and 3

addressed under the present IA).

As regards the costs and benefits provided by the measures analysed by the current IA,

they are presented in the tables in section 2 of annex 3. As regards the benefits, for a vast

number of areas impacted, these are non-quantifiable by nature and so figures could not be

provided.

As regards the costs for additional technical measures which will be dealt with by the

proposal but which were not identified with a major economic, social or fundamental rights

impact (and are thus not analysed by this IA), an estimate of the costs entailed for the

central system to operate the proposed modifications was made by eu-LISA in its 2017

"study on VIS developments" and are presented in the tables in Annex 4.

kom (2018) 0302 - Ingen titel

9. H

OW WILL ACTUAL IMPACTS BE MONITORED AND EVALUATED

The Commission will ensure that systems are in place to monitor the functioning of the

VIS and evaluate its main policy objectives. Four years after the start of the application of

the revised VIS Regulation and every four years after, the Commission will submit a report

to the European Parliament and to the Council. The report will present an overall

evaluation of the functioning of the system, including its direct and indirect impacts and

practical implementation on fundamental rights. It should examine results achieved against

objectives, assess the progress with respect to the four main problem areas, and assess the

continuing validity of the underlying rationale and any implications for future options.

The table in Annex 6 provides a list of operational objectives, its detailed performance

indicators, sources and methods for data collection. The monitoring will be facilitated

through three main channels. The proposal is introducing a central repository of data for

the purposes of reporting and statistics which will allow for collecting data without causing

an additional administrative burden. The monitoring indicators are essentially expected to

be collected on an ongoing basis by the systems or technical components themselves. This

will provide precise data on detected use of fraudulent documents, system security checks

and successful hits, and identification for the purpose of a return/readmission procedure.

Secondly, Member States and Europol will prepare annual reports on the effectiveness of

access to VIS data for law enforcement purposes containing information and statistics on

the consultation including the type of terrorist or serious criminal offence, the number of

requests for access to the VIS and cases which have ended in successful identification,

including child TCN. In addition to this, consultations with stakeholders, such as

FRONTEX and Member States' visa-issuing authorities, will compliment monitoring

activities at the EU level and provide the Commission with their input on the impact of the

proposed policy measures.

kom (2018) 0302 - Ingen titel

ANNEX 1: P

ROCEDURAL INFORMATION

Lead DG, Decide Planning/CWP

references

The lead DG is Directorate-General for Migration and Home Affairs (DG HOME). The

Decide Planning reference is 2017/HOME/208. The initiative is mentioned in the

Commission Work Programme for 2017

–

COM(2016) 710 final, Annex 2, N

18. Visa

Information System, and in the Commission Work Programme for 2018

–

COM(2017) 650

final, Annex 1, N

20. Delivering on the EU Agenda on Migration.

Organisation and timing

Work to prepare the draft proposal and the impact assessment began in 2017. The

Interservice Steering Group for the impact assessment was composed of the representatives

from JUST, SG and SJ. Several meetings were held between 15 March 2017, and 15

March 2018 to discuss the ToRs, interim and final reports of the individual studies, as well

as the draft COM IA Report, with numerous written consultations in between.

Consultation of the RSB

The draft Impact Assessment was submitted to the Regulatory Scrutiny Board on 16 March

2018. The Board examined the Impact Assessment on 28 March and delivered its opinion

on XXX.

Evidence, sources and quality

This initiative builds on the evaluation of the VIS

141

which analysed its performance as

a system, its implementation in practice and the extent to which it has reached its policy

objectives, including its added value to the common visa policy. On the basis of this

evaluation, the Commission issued recommendations regarding the need for revision or

extension of the VIS functions. Despite the very good performance of the common system

for storing, processing and exchanging visa data, the evaluation demonstrated a need to

further develop the system in order to respond to new challenges in visa, border and

security policies. The evaluation further demonstrated a need for a number

of improvements in particular in relation to monitoring of data quality and production of

statistics.

In order to collect widespread evidence, two open public consultations were launched by

the Commission. The Schengen evaluation and monitoring mechanism consisting of the

on-site visits and questionnaires also provided the Commission with valuable first-hand

evince and the opportunity to carry direct stakeholder consultations right at the borders, the

in-depth knowledge has been exploited wherever possible. Additional specific data,

141 Report from the Commission to the European Parliament and the Council on the implementation of Regulation

(EC) No 767/2008 of the European Parliament and of the Council establishing the Visa Information System (VIS),

the use of fingerprints at external borders and the use of biometrics in the visa application procedure (COM(2016)

655 final).

Evaluation of the implementation of Regulation (EC) No 767/2008 of the European Parliament and Council concerning

the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS

Regulation) (SWD(2016) 328 final); Executive Summary (SWD(2016) 327 final).

kom (2018) 0302 - Ingen titel

including opinions and testimonies of directly involved stakeholders, were collected in the

scope of studies carried out by external contractors.

A specific study was commissioned in order gather additional data on the necessity,

proportionality and implications of lowering the fingerprinting age of children and of

storing a digital (i.e. scanned) copy of the travel document in the VIS. Findings of the

study on technical feasibility of all possible VIS developments carried out by eu-LISA

during November 2016 and February 2017 were also taken into account. Furthermore,

a Feasibility study on Integrated Border Management (IBM) for persons not recorded in

EES and a study on legal analysis on the necessity and proportionality of extending the

scope of the VIS to include data on long stay visas and residence documents have been

conducted.

The data collection process was designed to meet the information needs; however, several

limitations were encountered in the data collection process, which have implications for

the ensuing analysis. While Member States collect various data on two topics under

investigation, methods and definitions can differ significantly across Member States, thus

making data difficult to compare. Moreover, where collected, the data generally do not

distinguish between cases of TCNs who have entered on a visa and those who have entered

the EU via irregular channels. Also available data often do not distinguish between the

different age categories.

For the quantification of key impacts, a methodology was developed to assess the main

changes that can be expected from the proposed measures relative to a continuation of the

baseline scenario. The quantitative analysis was, however, conducted separately for each

policy area, and therefore the presented quantification does not include considerable cost

reduction aspects, such as economies of scale and potential investment overlaps, which

would finally result from implementing the combination of preferred policy options.

The calculation of costs incurred by the different stakeholders is mostly based on

a simplified estimation model relating to assumptions on the amount of time that might be

reasonably taken to perform the additional activities, which would be required to comply

with the proposed changes. The evidence base underlying these assumptions draws from

the results of the in-depth interviews with

Member States’ competent authorities and

consular staff, in combination with available statistics.

kom (2018) 0302 - Ingen titel

ANNEX 2: S

TAKEHOLDER CONSULTATION

In preparation of the revision of the Visa Information System legal basis and the

accompanying Impact Assessment, the Commission services conducted directly and

indirectly through its contractors a number of surveys and consultations. The objectives

were to gather and analyse views, experience and suggestions for better practice from the

main stakeholders in order to tackle the identified problem drivers in the most

comprehensive manner. Additionally, findings of the previous studies, documents referring

to one of the four policy aspects covered in this Impact Assessment, related consultations

and Schengen evaluation have been taken into account. The summary of the stakeholder

consultations is presented bellow following the four respective policy aspects.

The European Commission also launched two open public consultations on (1) lowering

the fingerprinting age for children in the visa procedure from 12 years to 6 years and

(2) extending the scope of the Visa Information System to include data on long stay visas

and residence documents for a period of 12 weeks. The consultations were conducted

through an online questionnaire published on the internet in all EU official languages, with

the exception of Gaelic. The results of the open public consultations are summarized

below.

The Inception Impact Assessment was published on the European Commissions' webpage

on 28 March 2017 with the feedback period from 29 March 2017 to 26 April 2017. No

feedback was received.

Stakeholders

In the course of the study on lowering the fingerprinting age for children and on storing

a digital copy of the visa applicants' travel document in VIS

142

, a number of interviews

were conducted with following entities:



EU Agency of Fundamental Rights (FRA)

European Data Protection Supervisor (EDPS)

eu-LISA (and VIS Advisory Working Groups)

Europol

Frontex (EBCG)

Missing Children

The study team also performed field visits to 4 third countries. Interviews were carried out

with consulates of the pre-selected Schengen States. The following four countries were

visited:



The mission to Rabat, Morocco took place from 13

–

15 November, 2017. A total

of 9 interviews were carried out with a combination of MS consulate staff, ESPs

and the EU Delegation.

142 Feasibility and implications of lowering the fingerprinting age for children and on storing a scanned copy of the

visa applicants' travel document in the Visa Information System (VIS).

kom (2018) 0302 - Ingen titel



The Nigeria mission took place from 26

–

29 November 2017. A total of 6

interviews were carried, including with 4 consulates, one ESP and the EU

Delegation to Abuja.

The mission to Moscow, Russia took place from 4

–

6 December, 2017. A total of 8

interviews were carried out, including 6 with consulate representatives, 1 with

immigration liaison officers and 1 with the EU Delegation.

The mission to Istanbul, Turkey took place from 20

–

23 November, 2017. A total

of 7 interviews were carried out with consulate officials and one ESP.



In addition to the field visits, an intensive interview programme in 8 Schengen Member

States (BE, DE, EL, ES, FR, IT, LT, PL) was conducted in order to gather the necessary

inputs. Consulted stakeholders represented departments responsible for managing National

VIS connection, ESPs (where relevant), migration authorities

143

, consular affairs

departments

144

, border police authorities, return authorities, law enforcement authorities

dealing with terrorism and/or serious crime, National Data Protection Authorities,

Ministry/department of the rights of the child, Anti-trafficking authorities, and

Ombudsperson for Children.

The

results of the stakeholder consultation revealed that Member States’ authorities

overwhelmingly agree that if digital copies of scanned travel documents were

systematically available and accessible to the relevant authorities, it would:

(i)

(ii)

(iii)

greatly reduce the

burden to confirm this category of TCNs’ identity and

facilitate the return process;

reduce delays associated with ad hoc communications and exchange between

Member States’ authorities and the consulates; and

eliminate inefficient procedures involved with retrieving, scanning, zipping and

coding hard copies.

An annual average of 1,100 to 17,445 visa overstayers was detected in the consulted

Member States between 2014 and 2016.

145

As a percentage of visas issued, the 6 Member

States for which data was available indicate a rather consistent average of 2%. Indeed, one

Member State estimates that the number of detected overstayers represents just 40% of all

visa overstayers (i.e. the undetected population). According to stakeholders interviewed,

around 90% of visa overstayers eventually become subject to return proceedings, and it is

estimated that 10% to 20% of these cases involve TCNs without travel documents at the

time of apprehension; and that more than half will not be executed due to Member States’

inability to obtain satisfactory evidence to prove the nationality of the third country

national in question.

According to interviewed Member States’ authorities, the effort involved in confirming the

identity of TCNs who no longer possess a valid travel document, or who fail to produce it

on request, can be significant in the current situation. In such cases, Member States need to

143 Typically: department of Interior Ministry (e.g. DE), Security/Justice (NL) or Work (FR).

144 Typically: department from MFA.

145 MS responses: Belgium, France, Germany, Greece, Lithuania and Poland.

kom (2018) 0302 - Ingen titel

obtain a digital copy of the visa holders’ travel document that provided the basis for

issuing the visa from the issuing Embassy. Regardless of which route of communication is

utilised, interviews with Member States and Consular officials indicate that the average

response time on the part of the consulates varies and is highly dependent on the workload

at the respective consulate. As a result, return procedures may be delayed by 2 days during

low-seasons, and up to 2 weeks during busier periods. Whereas the proposed policy

options would effectively eliminate this step enabling Member States to directly or

indirectly search in the VIS for the required documents.

Moreover, in the experience of several authorities interviewed, the consulates' and border

authorities' staffs are not immune to making mistakes when it comes to translations. These

problems are multiplied in the event of court proceedings, or if other Member States

require the information. Three Member States indicate that personal data used for a query

does not always return any matches because the TCN received a visa in another Member

State using different personal data. The consultations also revealed further unnecessary

administrative burdens related to the current practice of retrieving, scanning, zipping and

coding hard copies. The workload associated with each request may vary depending on the

number of archived files at the consulate, the accessibility of the files, etc. For example,

one Member State indicated that the paper copies are not destroyed by the diplomatic

representations, but rather continue to pile up, thus adding to an increasingly cumbersome

retrieval process.

As for lowering the fingerprinting age for children, according to the interviewed Member

States' authorities the main benefits of the proposed policy measure reside in

unambiguously identifying these children allowing for:

(i)

(ii)

(iii)

(iv)

family unification of children found unaccompanied with parents, family or

care givers within and outside the Schengen area;

verifying the family relationship between a child and adults presenting

themselves as parents or guardians;

determining which Member State is responsible for examining an application

for international protection under the Dublin Regulation; and

preventing visa fraud or irregular migration involving children.

In the current legislative context it was impossible for interviewed stakeholders to have

readily available data on this phenomenon; however, stakeholders' testimonies did reveal

example cases and suggested potential benefits of the proposed initiative.

A general statement of one Member States' authority summarised the initiative as

following:

“the optimization of identification procedures for children at risk, irrespective

of where they are located, has decisive impact, on the one hand for the protection of

children on the other hand for the prevention of further victimization and ultimately the

consolidation of the sense of security among the public”.

Field visit in Morocco did not allow to obtain conclusive information on the issue of

lowering the age for taking fingerprints. Interviewees in Turkey noted that the proposed

measure would have more impact when fingerprints were taken and checked at Schengen

borders.

kom (2018) 0302 - Ingen titel

On the contrary, lowering the fingerprinting age of children was unanimously considered a

positive measure by all consulates and interviewees during the field visit in Nigeria, and

apparently would not take much additional effort as it may take one to a few minutes per

child to process the fingerprints. The necessary equipment is already available. It would

not be necessary to create separate booths for this purpose, as experience shows that

children are generally excited to ‘do what the adults do’ and want to give their fingerprints

eagerly.

The interviewees in Russia were not aware of cases of child trafficking, smuggling, or

related trends of TCNs who enter the EU on a Schengen visa, all but one Member State are

in favour of the measure. As one interviewee noted,

the Member States should not be

reluctant to increase the arsenal of tools available for the purposes of protecting children;

thus, various databases, authorities and countries shall be coordinated to be effective.

Example case indicated by two interviewees:

A family of three from the North Caucasus applies for a Schengen visa in a Schengen

Consulate. The family consists of the two parents and their 4 year old child. The family

travels to the EU and, before the Schengen visa expires, the parents return to their country

of origin, yet leave the child with extended family residing in one of the Member States.

The child then applies for asylum / residence as an unaccompanied minor, whose identity

cannot be established via the VIS because fingerprints were not taken (and the parents did

not leave the passport with the family, or they fail to produce it on request). After some

time, once the residency is granted, the parents apply for a family reunification visa and

move to the Schengen Member State to receive permanent resident status. It is expected

that this type of case is an increasing phenomenon, based on the observations of the

interviewees; however none have concrete statistics to back this up.

In the course of feasibility study on including additional documents into the VIS

146

stakeholders were consulted via a questionnaire sent to the Member States in May 2017.

The questionnaire was divided into five sections: a general set of questions on the current

situation at external borders, the main added value for the repository and its main uses and

four sets of questions focusing on the documents

analysed (“as-is” situation, national

repository, situation at the borders, data included…). 17 Members States answered to the

survey; additionally, another 21 answers to a European Migration Network survey sent in

April 2017 were also taken into account.

All Member States answered that the repository would be useful/very useful, in particular

for border control purposes.

146 Integrated Border Management (IBM) - Feasibility Study to include in a repository documents for Long-Stay visas,

Residence and Local Border Traffic Permits, Phase: Analysis of Options.

kom (2018) 0302 - Ingen titel

Table 1: Answers from MS about the possible objectives for the repository

Objectives of the repository

1.a

1.b i)

1.b ii)

2.a

2.b

Facilitate border checks

Authentication of the document

Determining that the TCN is the rightful owner of the

document

Identification of the document’s holder using biometric data

Assess migration risk

Access to the history of

issued/withdrawn documents

valid

and

previously

Importance

147

3.75/4

3.8/4

3.7/4

3.1/4

3.3/4

3.4/4

Access to the history of denied applications

Support investigating a serious and organised crime

Additionally, on the utility to include the different documents in the repository,

the Member States replied the following:

Table 2: Preliminary table summarising the MS questionnaire on the added value of the documents

Documents

Long-stay visas

Residence permits

Residence cards

Local Border Traffic Permit

Average score

148

3.7/4

3.9/4

3.8/4

2/4

One Member State also included an additional objective in the questionnaire:

support to

the decision-making process for asylum authorities.

These authorities could use the

biometric data to check if a TCN applying for asylum is known as a holder of a document

issued by another country. This practice is of common use with the information contained

in the VIS (art. 22 of the VIS Regulation), so reusing the system would allow for this

objective to be met with less implementation complexity.

The questionnaire from January 2018 revealed that all Member States have detected cases

of false/counterfeit/forged long-stay visas, residence permits and residence cards issued by

other Member State; documents and impostors being mostly counterfeit. Visual inspection,

verification of the documents' security features and checks against SIS are the most

common ways to check its authenticity at the border; whereas, only 5 out of 16 Member

States use passive authentication to verify residence permits and only 6 out of 13 residence

cards. When it comes to contacting other MS, the most common tools are National Contact

147 From 1 to 4; 4 being the best score.

148 From 1 to 4; 4 being the best score.

kom (2018) 0302 - Ingen titel

Points (11/12), emails (11/12), followed by telephone (7/12), SIRENE (6/12); some

Member States noted that they contact the issuing embassy if necessary. Additionally,

some Member States argued that the major obstacles of contacting other MS are the

language barrier and poor reachability between some Member States. The majority of

responding MS (12 out of 15) noted that there is the lack of shared information on the

long-stay visas, residence permits and residence cards that hurdle day-to-day activities; this

is mostly seen for border control checking residence permits and for processing a new

application of long-stay visas and residence permits.

A majority of responding Member States (13 out of 16) answered that an EU legislative

response is needed for the extension of the VIS to long-stay visas, residence permits and

residence cards, two MS noted that that a non-legislative response at EU level would

suffice (better use of existing tools), and one MS abstained. The proposed legislative

option to extend the scope of the VIS to include long-stay visas and residence documents

was rated highest score by the responding Member States.

The Schengen evaluation and monitoring mechanism consisting of the on-site visits and

questionnaires provides the Commission with the first-hand evince on weaknesses of the

Schengen acquis application by Member States and direct stakeholder consultation right at

the borders. One of the main findings of the evaluation presented by the Commission in

October 2016 was the low quality and insufficient scope of data in VIS. Moreover,

verifying authenticity of the TCNs' documents and performing systematic security and risk

checks against other applications and national databases revealed to be an additional

administrative burden; especially concerning the current migration flows and security

situation at the external borders. The Member States and border management authorities

would therefore welcome automatization of the security cross-check against other

applications in order to facilitate the border check procedure while enhancing security;

additionally to this, introducing screening rules in VIS would allow for an advanced risk

assessment.

kom (2018) 0302 - Ingen titel

Open public consultation

The European Commission launched an open public consultation on lowering the

fingerprinting age for children in the visa procedure from 12 years to 6 years on 17 August

2017 which closed on 9 November 2017 and attracted a total of 25 responses.

15 respondents replied as individuals and 10 in their professional capacity or on behalf of

an organisation.

The respondents didn't agree whether children should be submitted to the same procedures

when applying for a Schengen visa as adults; however, 60% of respondents would support

lowering the fingerprinting age

149

. A majority of respondents consider fingerprinting

children applying for a short stay visa, by helping with their identification, necessary or

useful to address or prevent

–

trafficking, child abduction, children going missing, irregular

migration, visa fraud, and identity fraud. More than a half of respondents would consider

specific or additional protection safeguards in place when collecting, biometric/fingerprint

data of third country national children

150

. Finally, the majority of respondents agree that

technological developments, including on the collection and use of biometrics, could

contribute to and should be used to enhance the protection of children

151

Table 3: To what extent do you consider that fingerprinting children applying for a short stay visa, by helping

with their identification, is necessary or useful to address or prevent?

Number of

replies (n=25)

Necessary and

very useful

Useful

Very useful, but

it can be

achieved

Not useful

through other

means

Child

trafficking

Child abduction

Children going

missing

Irregular

migration

Visa fraud

Identity fraud

The open public consultation on extending the scope of the Visa Information System (VIS)

to include data on long stay visas and residence documents was opened from 17 November

2017 to 09 February 2018. The consultation attracted a total of 28 replies out of which 19

149 Open public consultation feedback: 24% as of birth, 36% as of 6, 20% as of 12, 20% as of 18 (n=25).

150 Open public consultation feedback: 52% yes, 36% no, 12% no views (n=25).

151 Open public consultation feedback: 44% fully agree, 36% partly agree, 4% neither, 16% partly disagree (n=25).

kom (2018) 0302 - Ingen titel

respondents replied as individuals and 9 in their professional capacity or on behalf of an

organisation.

86% of respondents agreed with the identified information gap

152

(i.e.

currently Member

States do not share information on long stay visas and residence documents they issue with

other Member States)

that leads to problems in management of external borders and

irregular migration within the EU. A majority of respondents noted that it is necessary to

share the data contained in long-stay visas, residence permits and residence cards among

Member States authorities in order to allow their verification at the border and within the

territory of the Member States. A shared EU repository is necessary first and foremost to

combat irregular migration according to the most of respondents (92%), followed by better

informing visa and migration authorities for an authorization to enter EU territory by

a third-country national (89%).

Full sharing of information between Member States' authorities in order to enable them to

check their authenticity and validity was selected as the most appropriate mean to address

the gap by 55% of respondents, better cooperation between national authorities by 29%,

and reinforcing security features of the documents by 9%. As for a proper EU tool to

address the identified gap, 52% respondents support a repository of long stay visas and

residence documents as part of the already existing VIS, followed by 35% respondents in

favour of storing long stay visas in the VIS, together with short stay visas and creating

a separate new instrument to store residence documents. Furthermore, the stakeholders

consultation revealed that the public considers a shared EU repository necessary for

reducing identity and document fraud

153

, combatting irregular migration

154

, better

informing visa and migration authorities as to the history of previous documents for an

authorization to enter EU territory by a third-country national

155

, and preventing, detecting

and investigating terrorist offences and other serious criminal offences

156

152

Open public consultation feedback: 61% fully agree, 25% agree to an extent, 11% mostly don't agree, 3% don’t

agree at all (n=28).

153 Open public consultation feedback: 75% fully agree, 4% agree to an extent, 7% mostly do not agree, 4% do not

agree at all, 4% do not know (n=28).

154 Open public consultation feedback: 83% fully agree, 9% agree to an extent, 4% mostly do not agree, 4% do not

agree at all (n=23).

155 Open public consultation feedback: 75% fully agree, 11% agree to an extent, 4% do not agree at all, 4% do not

know (n=28).

156 Open public consultation feedback: 61% fully agree, 18% agree to an extent, 7% mostly do not agree, 4% do not

agree at all (n=28).

kom (2018) 0302 - Ingen titel

ANNEX 3: W

HO IS AFFECTED AND HOW

1. Practical implications of the initiative

1.1.

Including a copy of the travel document in the VIS

Who?

Citizens/Consumers

How?

The additional time that would be spent per applicant / application for

scanning the copies may result in longer wait times and fewer appointment

slots per day.

Consulates and ESPs will be required to carry higher workload per

application. The consulates will, however, benefit from the reduced number of

supporting documents assistance requests.

Migration and return authorities will benefit from the reduced workload

associated with contacting the consulates and obtaining the digital copy of the

visa applicants' travel document. As a consequence, the return procedure will

be more cost and time-efficient.

Businesses

1.2.

Administrations

No direct implications.

Lowering the fingerprinting age for children

Who?

Citizens/Consumers

How?

Children will be required to provide fingerprints; additional time needed for

taking the fingerprints might bring negligible additional costs to their parents.

In the current situation, children already need to join their parents at the

consulate or the ESP in order to apply for a visa for them.

Consulates and ESPs will bear additional costs resulting from higher workload

per applications.

Member States' authorities dealing with trafficked/missing children will

benefit from higher efficiency when identifying/verifying TCN

unaccompanied children found in the Schengen area.

Administrations

Businesses

No direct implications.

Change in travel behaviour, and hence impact on businesses in the travel and

tourism industry, is expected to be negligible.

1.3.

Repository of long-stay visas and residence documents

Who?

How?

Third country nationals who are holders of the concerned documents will

benefit from smooth a quick border checks.

Border management and law enforcement authorities will have an access to

data on concerned documents and therefore will be able to verify its

authenticity and status in a time efficient manner.

Citizens/Consumers

Administrations

kom (2018) 0302 - Ingen titel

Migration and consular authorities will be able to better consult the history of

applicants' documents and/or decisions on applications in other Member

states.

Businesses

1.4.

No direct implications.

Migration and security checks for when processing applications of visa required TCN

Who?

Citizens/Consumers

Administrations

Businesses

How?

Visa applicants will benefit from a faster visa application procedure.

Migration and consular authorities will benefit from automatic checks of other

databases which are currently conducted manually.

No direct implications.

2. Summary of costs and benefits

The tables below summarise the costs and benefits for the preferred option. Given the lack

of available data, the tables have been filled to the extent possible.

I.a Overview of Direct Benefits

–

Preferred options

Description

Amount

Comments

Migration and return authorities will not be

required to contact the consulates when

obtaining copies of travel documents.

Consulates will benefit from the reduced

number of supporting document assistance

requests from migration and return

authorities.

(€ 366 – € 1,462 per consulate)

Combatting identity theft

Not quantifiable due Administration will be provided with an

to the scarcity of data effective tool to verify identity of children.

Not quantifiable due The proposed measure will have a restrictive

to the scarcity of data impact on traffickers coercing children to

travel on a visa not theirs.

Not quantifiable due Authorities dealing with trafficked/missing

to the scarcity of data children will be able to identify/verify TCN

unaccompanied children more effectively.

the

border Not quantifiable due Border management and law enforcement

to the scarcity of data authorities will benefit from facilitated

document checks.

Savings in administrative costs

€ 3,2 m – € 12,7 m

(Migration and return authorities)

Savings in administrative costs

€ 0,7 m – € 2,8 m

(Consulates)

Reduction of child trafficking

Protection of children

Improvement

management

kom (2018) 0302 - Ingen titel

Reduced workload

security screening

to Not quantifiable due Consulates and migration authorities will

to the scarcity of data primarily benefit from the automatic checks

against other databases.

I.b Overview of Indirect Benefits

–

Preferred options

Description

Reduced

delays

procedures

Amount

return

€ 46,3 m – € 92,6 m

Comments

Reduced delays in return procedure will help

to decrease cost related to pre-removal

detention centres, subsistence and other

relevant costs.

The proposed measures will provide a

reliable means to systematically present

evidence of a TCN visa overstayers’

nationality, thus facilitating the execution of

return decisions.

Executing a higher proportion of

€ 6,7 m – € 32,1 m

return decisions

Family (re)unification

Not quantifiable in A record stored in the VIS might help to

principle

reunite

children

who

are

found

unaccompanied in the Schengen area with

parents, family or care givers.

Verifying the parental/ guardian Not quantifiable in Fingerprints of children in the VIS would

relationship

principle

allow for verifying the claimed relationship

between a child and adults presenting

themselves as parents or guardians.

Facilitating Dublin and asylum Not quantifiable due Taking fingerprints of children might

examination

to the scarcity of data facilitate the application of the Dublin

Regulation, which determines the Member

State responsible for processing an asylum

claim.

Right to move and reside within Not quantifiable in Third country nationals will benefit from

the EU

principle

smooth and quicker border checks.

Facilitated

procedure

visa

application Not quantifiable due Visa applicants and consulates will benefit

to the scarcity of data from more efficient security screening and

thus faster procedure.

Not quantifiable in Societies at large will benefit from higher

principle

security resulting from more effective

protection of external borders.

Higher security

kom (2018) 0302 - Ingen titel

The quantitative analysis was conducted separately for each policy area. The bellow

presented overview of costs does not therefore take into account considerable cost

reduction aspects, such as economies of scale and potential investment overlaps, which

would finally result from implementing the combination of preferred policy options.

II. Overview of costs

–

Preferred option (thousands EUR)

Citizens/Consumers

Preferred options

Direct costs

1.1.A

Indirect costs

Direct costs

2.1

Indirect costs

Direct costs

3.4.B

Indirect costs

Direct costs

4.2

Indirect costs

10,100

–

12,120

10,000

2,400

–

3,600

3,000

44.6

–

223

One-off

Recurrent

Businesses (ESPs)

One-off

6,708

Recurrent

5,250

Administrations

One-off

3,325

–

4,000

147.4

Recurrent

375

–

560

7.6

–

kom (2018) 0302 - Ingen titel

NNEX

4: REFIT

Baseline

records

100M

One-time cost

from € 4,030,000.00

to € 4,840,000.00

from € 17,265,000.00

to € 20,715,000.00

from € 5,250,000.00

to € 6,300,000.00

from € 6,090,000.00

to € 7,310,000.00

from € 1,500,000.00

to € 1,800,000.00

from € 3,325,000.00

to € 4,000,000.00

from €

10,100,00.00

to 12,120,000.00

from € 800,000.00

to € 960,000.00

from € 1,390,000.00

to € 1,670,000.00

Maintenance

for 1 year

from € 320,000.00

to € 480,000.00

from € 1,850,000.00

to € 2,780,000.00

from € 630,000.00

to € 945,000.00

from € 535,000.00

to € 800,000.00

from € 120,000.00

to € 180,000.00

from € 375,000.00

to € 560,000.00

from € 2,400,000.00

to €3,600,000.00

from € 65,000.00

to € 100,000.00

from € 110,000.00

to € 165,000.00

–

Integration of VIS

Mail into VIS

–

Support for facial

image recognition

–

Searching with latent

fingerprints

–

Reporting and

statistics engine

–

Data quality

indicators

–

Central storage of

scanned passports

–

Support for the

national visa

–

Monitoring of service

health and availability

–

Remaining changes

100%

35%

25%

40%

60%

30%

10%

40%

50%

10%

100%

20%

80%

55%

15%

30%

80%

20%

100%

*Table with summary of estimated costs provided in the feasibility study on "VIS Evolutions" of

July 2017 by eu-LISA.

As regards the benefits for implementing these measures, they are non-quantifiable and

summarised in the table below:

Description

Comments

Possibility to store copies of the travel document in the VIS Cutting the high administrative burden for return and

(discussed as

problem 1)

consular authorities in return procedures.

Lowering the age limit for collecting fingerprints of children Lowering the age limit, whilst providing for robust

to 6 years of age (discussed as

problem 2)

fundamental rights safeguards and protection measures,

would enable easier access for child protection authorities to

an age group that is at a high risk of trafficking.

Information on national long-stay visas registered in the VIS Border management and law enforcement authorities will be

(discussed as

problem 3)

able to verify the authenticity and status of these documents

in a more time efficient manner, alleviating the

administrative burden for them.

Migration and consular authorities will be able to better

consult the history of applicants' documents and/or decisions

on applications in other Member states, alleviating the

administrative burden when performing such checks.

Interconnections between the various systems (discussed as Cutting the administrative burden for authorities performing

problem 4)

checks on migration and security risks by using existing

interoperable IT-systems more efficiently.

kom (2018) 0302 - Ingen titel

Possibility for eu-LISA to use anonymised (alphanumeric Improved performance as a result of testing will benefit all

and) FP for testing purposes (similar to Article 5

Operational

end-users of the system.

management

of Eurodac Proposal

157

)

Extended responsibility of eu-LISA in generating/ publishing

the statistics for each system as well as on data quality

reports, including transfer of statistics reporting obligation on

visas from COM to eu-LISA, by establishing a central data

repository/warehouse.

Change of the VIS back-up system into active/active

Easier access to reliable statistics for all stakeholders

concerned, replacing the current system of manual gathering

and processing of annual statistics by COM and MSs.

Providing MS, COM and EU agencies with more

information for better evidence-based decision making.

Updating the legislative framework: by enhancing the

, Shared backup infrastructure, centralised system continuity business continuity aspect of the system, possible risks for

all stakeholders will be mitigated.

management

Measures improving the data quality

Rules aimed at improving quality would ultimately help all

authorities that are using VIS as end-users, most notably by

reducing the risk of error and not having to resort to

cumbersome manual procedures; costs related to managing

complaints from data owners or paying fines related to data

errors will be reduced.

Integration of VIS Mail into the VIS, also with regards to Reducing the administrative burden by enabling a quick and

necessary messages/notifications

reliable way for MS to get informed through VIS if certain

visas are granted.

Possibility to search in the VIS/BMS with latent (partial) The new functionality would enable a new service (flat FP

fingerprints

search for wanted individuals) leveraging on an already

existing system

–

without impacting current workflows and

without affecting system performance, resulting in a net gain

for end-users.

Obligation for the MS to register the authorities in the VIS Strengthening oversight: Currently, a list of authorities

(Consular posts, central authorities etc.) with access to the having had an access to the VIS in the previous day is

VIS.

generated when such an authority is not registered in the

VIS. By compelling MS to register (undeclared) authorities

the necessary MS oversight on the national authorities

having access to the VIS would be further strengthened,

without creating undue administrative burden.

Establish reliable communication channels between the Providing reliable communication channels between BCP

border crossing point and the visa issuing authorities.

and the visa issuing authorities to swiftly address cases

where doubts exist on the visa data when crossing a border,

thus eliminating the need for ad hoc cumbersome channels

and reducing the administrative burden for the authorities

concerned.

Enforce the obligation for a border guard to report simply and Digital solutions will make the reporting burden as light as

electronically a false match based on fingerprints (false possible, while keeping its effectiveness.

negative authentication, false positive identification)

Extend access to full VIS file to asylum authority to use in Updating the legislative framework in order to provide the

asylum examination

competent authorities with access to the data they need,

which will lead to cuts in administrative costs.

By implementing fingerprint

and

facial image matching in a

single system, rather than two separate systems, the overall

infrastructure footprint (and hence investment) is

Improving the quality of facial images to enable biometric considerably lower since computing resources for face and

matching

fingerprint recognition are shared. Multimodal identification

will increase overall system accuracy, thus presenting a net

Multi-modal searches with biometrics

157 COM(2016) 272 final

kom (2018) 0302 - Ingen titel

benefit for end-users.

Facial image recognition (searches) for law enforcement By updating rules for access by law enforcement authorities

authorities.

to VIS data, with substantial safeguards, a contribution is

made to efficient investigations in Member States.

Prior consultations carried out on persons holding more than Updating the legislation to respond to practical needs of

one current nationalities

consular authorities.

Improvement of alphanumeric search for the different end Introducing flexible search profiles matching the

users

requirements of the different user groups (consulates, border

control, law enforcement agencies) will make it easier for

them to use the system, resulting in saved time and more

efficient use.

Integration in the VIS of the list of recognized travel Cutting the administrative burden for the border control

documents

authorities by providing an easier-to-use and up-to-date way

to check recognized travel documents. Cutting the

administrative burden for the Commission services

–

currently in charge to keeping the lists up to date.

Interoperability with EURODAC to allow checks by Cutting the administrative burden for authorities performing

consulates during the visa application process

checks on migration and security risks by stipulating

interoperability rules with existing IT-systems.

kom (2018) 0302 - Ingen titel

NNEX

5: M

ETHODOLOGY

1. Available data

A general caveat has to be stated regarding data collection. Both studies reported

difficulties in finding reliable data because of scarcity of readily available data. Most

notably, the number of TCN children that accessed the EU territory with a visa and who

subsequently became victims of trafficking or other forms of abuse cannot be quantified

precisely. Similarly, there are no figures currently available and no processed to collect

that on third country nationals that accessed the EU territory legally and who subsequently

became irregular. This is why extrapolations and assumptions were used when complete

data was not at hand, as duly noted in the supporting studies and in this report.

The following assumptions were used calculating the costs of the policy options.

Storing a copy of the travel document



Additional servers:

Option 1

–

Number of entries within the 10 year period would

approximately double; estimate based on the Smart Border study

158

;

Option 2

–

Estimates based on interview feedback with relevant

stakeholders

159

;

Additional VIS storage

–

Assumed storage cost is EUR 1,200 / 1 TB;

Sub-option A requires additional 1100 TB storage;

Sub-option B requires additional 4160 TB storage;

Scanning equipment

–

Estimated cost of one new scanning system is EUR 2,500;

Consulates

–

1881 consulates;

EPSs

–

2,683 VFS Global and TLS Contact application centres;



Sub-option B assumes that 20-30% of ESPs will require more than

one additional scanner;

Training and awareness raising

–

Based on interviewee feedback and findings

from relevant studies

160

;

System operational cost

Option 1

–

The current operational cost of the VIS infrastructure is EUR

35 m. in FY2017

161

;

Option 2

–

Estimates based on interview feedback with relevant

stakeholders;

Workload impact

–

Consulates handle approximately 10% of applications

themselves (1.76m.) whereas the remaining 90% are outsourced to ESPs (15.8m.);

Consulates

–

the labour costs is EUR 26 / hour;



Sub-option A requires additional 40 s / application;



158

https://ec.europa.eu/home-affairs/sites/homeaffairs/files/what-we-do/policies/borders-and-visas/smart-

borders/docs/smart_borders_costs_study_en.pdf.

159 Detailed calculation in Annex 3 to the Feasibility and implications of lowering the fingerprinting age for children

and on storing a scanned copy of the visa applicants' travel document in the (VIS).

160 ETIAS Feasibility Study, 2016; Impact Assessment Report on the Introduction if the EES, 2016.

161

http://www.eulisa.europa.eu/AboutUs/Finance/EULISA%20Budgets/eu-LISA%202017%20Initial%20Budget.pdf.

kom (2018) 0302 - Ingen titel



Sub-option B requires additional 190 s / application;

ESPs

–

the labour cost is EUR 17 / hour;



Sub-option A requires additional 70 s / application;



Sub-option B requires additional 220 s / application.

Table 1: Summary of investment (one-off) and recurrent compliance costs (thousands EUR)

Costs (thousands EUR)

One-off costs

Additional servers

Additional VIS storage

Scanning equipment: Consulates

Scanning equipment: ESPs

Training and awareness raising

Recurrent operational costs

System operational cost (10 years ret.)

Workload impact: Consulates

Workload impact: ESPs

35,000

3,875

5,250

35,000

5,750

16,500

16,000

–

33,000

3,875

5,250

16,000

–

33,000

5,750

16,500

5,000

1,320

4,703

6,708

161

5,000

4,992

4,703

7,244

–

7,512

161

244,000

–

414,000

1,320

4,703

6,708

161

244,000

–

414,000

4,992

4,703

7,244

–

7,512

161

Option 1.A

Option 1.B

Option 2.A

Option 2.B

Lowering the fingerprinting age for children

Child-friendly equipment

–

Assumed cost is EUR 3,000 / 1 new system;

Consulates

–

1,651 consulates

162

;

ESPs

–

2,683 VFS Global and TLS Contact application centres;



Additional VIS storage

–

Assumed storage cost is EUR 1,200 / 1 TB;

Option 1 requires additional increase of storage by 4,4%, i.e. 7.7 TB;

Option 2 requires additional increase of storage by 8,8%, i.e. 15.4 TB;



Training and awareness raising

–

Based on interviewee feedback and findings from

relevant studies

163

;



System operational costs

–

Assumed increase in operational costs is 4,4%, 8,8%

respectively;



Workload impact

–

The number of children applicants is estimated 0.7-1.05m.

with the average of 875,000; consulates handle approximately 10% of applications

themselves (1.76m.) whereas the remaining 90% are outsourced to ESPs (15.8m.);

Option 1 requires additional 0.2-1 min.;

Option 2 requires additional 0.4-2 min.



162 Number of consulates in non-Schengen countries in 2016.

163 ETIAS Feasibility Study, 2016; Impact Assessment Report on the Introduction if the EES, 2016.

kom (2018) 0302 - Ingen titel

Table 2: Summary of investment (one-off) and recurrent compliance costs (EUR)

Costs (EUR)

One-off costs

Child-friendly equipment: Consulates

Child-friendly equipment: ESPs

Additional VIS storage

Training and awareness raising

Recurrent operational costs

System operational cost

Workload impact: Consulates

Workload impact: ESPs

1,540,000

7,583

–

37,941.50

44,625

–

223,124.50

3,080,000

30,332

–

151,766

178,500

–

892,498

9,240

138,175

4,953,000

8,049,000

18,480

138,175

Option 1

Option 2

2. Assessment criteria

In line with the better regulation guidelines on impact assessments, the methodology

underpinning the present report and its supporting studies focused on the significant social,

economic, and fundamental rights impacts. Depending on each problem area scrutinised by

the present study, the exact categories of persons and processes impacted by the foreseen

measure could vary. This is why the impact of the measure will be examined separately

under each problem area, to take account of its specificity.

The VIS concerns mainly two types of actors: visa applicants and Member States'

authorities and hence these are the two categories most impacted by the envisaged

measures. These impacts in turn can have broader consequences for the societies of EU

Member States and the EU's external relations.

3. Categories impacted by the envisaged measures

The first group which is directly affected are applicants for a short stay visa, i.e. third-

country nationals who are under the visa requirement and who apply for a short-stay visa at

one of the Schengen consulates. As regards checks against migration and security

databases, applicants will experience any change in the checks that they are subject of

when applying only indirectly. As regards the travel document, the obligation currently

exist for them to present it in a consulate and most MSs consulates already make copies of

it, therefore this change will not be immediately experienced by the applicant. However, if

this is to be used as evidence of nationality and identity in a return procedure, the impact

on the person will be direct. As regards the possibility to lower the fingerprinting age for

children, this will have a direct impact on children under 12 and their families. The family

member(s) accompanying the child will have to be physically present in a consulate with

the child at least for the first application, in order to submit fingerprints.

Under the proposed measure to include data on long stay visas and residence permits and

their holders, a new category of data subjects will be added to the VIS. The impact on this

category of TCN will not be direct, as the procedure to apply for these documents will not

kom (2018) 0302 - Ingen titel

be changed. However, they will be indirectly impacted by the fact that their data will be

placed in a centralised database and checked against other databases in an automated

manner.

The second group directly affected are Member States' authorities, mainly consulates in

third countries as the visa-issuing authorities, as well as border, migration (including

return), asylum (including Dublin) and in some cases law enforcement authorities. These

authorities are directly impacted by all four measures. Additionally, the measure to extend

the VIS to long stay visas and residence document may require access by authorities that

currently are not involved in the VIS process (authorities issuing residence permits or

cards, depending on national organisation). If the VIS is to be used for identifying children

victims of trafficking or contribute to preventing this phenomenon, anti-trafficking

authorities and child protection authorities may also be granted access.

There are further consequences on the society at large. Reinforced migration and security

checks will impact the integrity of the visa processing and consequently the security of the

Schengen area. Similarly, increased leverage for the EU readmission policy and better

return rates will improve migration management, and thus the reliability and credibility of

the EU migration policy. As many people travel to the EU to visit their family members,

the protection of family life

164

will also be indirectly affected by increased or reduced

possibilities for travel.

Ultimately, the cumulative effect of changes on the categories of TCN and the number of

checks performed will have positive or negative impact on the EU's relations with third

countries and the EU's image in the world. This is particularly relevant regarding the link

between visa policy and readmission policy.

4. Summary of possible impacts of the policy options

The following table summarises the possible impacts of the policy options:

Table 4: Possible impacts of policy options

Economic impacts



Social impacts

Fundamental rights

impacts



Costs for public authorities (visa authorities/consulates):



direct (equipment, procurement to implement new etc.)



indirect (enforcement costs)

benefits

for

public

authorities

(visa/border/migration/asylum/police authorities):



Reduced administrative burden



cost savings

integrity and security of Schengen area

external relations/image of EU

right to dignity (Article 1 CFR);

right to liberty and security (Article 6 of the Charter),

respect for private and family life (Article 7 of the Charter),

protection of personal data (Article 8 of the Charter),

right to asylum and protection of the principle of non-

164 Articles 7, 9 and 33 of the Charter of Fundamental Rights of the European Union.

kom (2018) 0302 - Ingen titel



refoulement (Articles 18 and 19 of the Charter) and protection

in the event of removal, expulsion or extradition (Article 19

of the Charter),

the right to non-discrimination (Article 21 of the Charter)

the rights of the child (Article 24 of the Charter)

the right to an effective remedy (Article 47 of the Charter).

The different possible interventions in the three problem areas are not likely to all have

noteworthy impacts in all of the above-mentioned areas. Therefore the assessment for each

problem area is focused on the fields where the different policy options are likely to have

significant impacts. A selection of the most relevant impacts will be established for each

problem area. However, given its significant impact on persons subject to VIS procedure

and the horizontal nature of its principles, the following sub-section will focus in particular

on the data protection aspects, which will thereafter be specifically analysed under each

policy option.

kom (2018) 0302 - Ingen titel

NNEX

6: M

ONITORING AND

VALUATION

Specific objectives

Contribute to assisting in the

identification and return of third

country nationals that do not, or

no longer fulfil the conditions for

entry to, or stay on the territory of

the Member States in accordance

with the Return Directive.

Improve efficiency of the VIS for

the purposes of facilitating return

procedures.

Key Performance Indicators

Copy of the travel document

Number of cases of identity /

nationality proven regarding TCN

visa overstayers who lack or fail

to produce a copy of their travel

document upon apprehension

Return rate of third country

nationals in a return / readmission

procedure

Lower administrative burden for

Member

States

return

procedures

Cost savings for Member States

public authorities; e.g for

housing, food, administration and

related expenses related to return

procedures policy

Lowering the fingerprinting age

Better meeting the VIS objectives

(facilitation of the fight against

fraud, facilitation of checks at

external border crossing points,

facilitate the application of the

Dublin II Regulation).

Support with the prevention and

fight against child trafficking, and

with the identification/verification

of identity of TCN children.

Number of cases of child

trafficking TCN <17 discovered

through VIS

Number of cases of a VIS file

being used in asylum procedures

for TCN <17 (Dublin II)

Rating by relevant authorities

whether the change is helpful for

combatting child trafficking

Any additional costs incurred by

consulates and ESP

Annual report from Member

States and Europol to the

Commission

Survey among Member States

Method of data collection/source

Eurostat statistics, SIS statistics

on return (eu-LISA)

Survey among Member States

and ESP

Repository of long-stay visas and residence documents

Facilitate and strengthen checks

at external border crossing points

within the territory of the

Member States.

Number of checks performed at

external border-crossing points

Percentage of long stay visa and

residence document sent for

second line checks

Border guards’ satisfaction

Number of frauds detected at the

border for LSV and residence

documents

Migration

officers’

rating

whether the system is helpful in

the assessment

Number of cases in which fraud

was detected and reported during

the issuance process

eu-LISA statistics

Survey among Member States

eu-LISA statistics

Enhance the internal security of

the Schengen Area by facilitating

the exchange of information

among MS on TCNs holders, or

applying for long stay and

residence documents.

Survey among Member States

eu-LISA statistics

kom (2018) 0302 - Ingen titel

Contribute to the prevention

detection and investigation of

terrorist offences or of the serious

criminal offences.

Number of cases where previous

history

documents

applications was checked

Number of investigations that

accessed data

Survey among Member States

Annual report from Member

States and Europol to the

Commission

eu-LISA statistics, annual report

from Member States and Europol

to the Commission

Survey among Member States

Number of successful hits

Gather statistics to support

evidence-based European Union

migration policy making.

Quality and usefulness of the

statistics extracted

Security checks for when processing applications of visa required third country nationals

Implementing the same procedural

standard

other

constitutive system-elements of the

visa policy, thus lowering the

burden for Member States and

contributing to the objective of a

common visa policy.

System statistics (number

cross-checks, number of hits)

eu-LISA statistics

Rating by relevant authorities

regarding usefulness of the

change

Survey among Member States

kom (2018) 0302 - Ingen titel

NNEX

7: E

XECUTIVE

UMMARY OF THE

TUDY ON

TORING A

CANNED

OPY OF THE

ISA

PPLICANTS

' T

RAVEL

OCUMENT IN THE

ISA

NFORMATION

YSTEM

(VIS)

Article 2(e) of the VIS Regulation (EC) No 767/2008 foresees that one of the objectives of

VIS is ‘to assist in the identification of any person who

may not, or may no longer, fulfil

the conditions for entry to, stay or residence on the territory of the Member States.’ Article

31(2) enables the Member States

–

via the designated competent authorities for carrying

out checks at external border or within the territory of the Member States are allowed to

access certain VIS data for verification and identification purposes (specified in Article 19

and 20)

–

to transfer or to make available a limited set of these data to a third country for

the purpose of proving the identity of third-country nationals for the purpose of return.

165

Thus, although not explicitly defined in Article 2, when taken together, these provisions

foresee that the VIS can be used to facilitate both the identification of the irregular migrant

and the issuing of travel documents for return.

166

In its report on the implementation of VIS of October 2016, the European Commission

found that the use of VIS in return procedures has so far been limited, whereas recent

trends underline an increased need to use this instrument which provides a proof of identity

necessary in a return procedure.

167

1. Analysis of the problems

Under topic 1, two main problems are identified as contributing to a situation in which

Member States face high barriers to complete return procedures regarding third country

nationals who overstay their visa and fail to produce a valid travel document on request.

These two problems are:

Problem 1:

In the absence of a valid travel document (or copy thereof), return proceedings

for TCNs who entered the EU using a visa are slow and often unsuccessful;

Problem 2:

Delays in the return process result in increased costs and administrative

burdens realised by the Member States.

Although visa applicants, and subsequent visa holders, are under strong obligation to

establish their identity by presenting a valid travel document during both the application

process and upon entry to the EU, Member States report that many TCNs visa overstayers

165 The Regulation allows the designated competent authorities to transfer the following data from the visa application

file: first name, surname and former surname (if applicable); sex, data, place and country of birth; current

nationality and nationality at birth; type and number of the travel document, the authority which issued it and the

date of issue and of expiry; residence; and

in the case of minors, the surname and first name(s) of the applicant’s

father and mother.

166 EMN Ad-Hoc

Query on COM AHQ on Member States’ Experiences with the use of the Visa Information System

(VIS) for Return Purposes. Requested by COM on 18th March 2016. 24 responses were provided:

https://ec.europa.eu/home-affairs/sites/homeaffairs/files/what-we-

do/networks/european_migration_network/reports/docs/ad-hoc-queries/ad-hoc-queries-

2016.1042_com_ahq_on_member_states_experiences_with_the_use_of_the_visa.pdf.

167

COM(2016) 655 final, “Report from the Commission to the European Parliament and the Council on the

implementation of Regulation EC) No 767/2008 of the European Parliament and of the Council establishing the

Visa Information System (VIS), the use of fingerprints at external borders and the use of biometrics in the visa

application procedure/REFIT Evaluation,” Brussels: 14 October 2016:

https://ec.europa.eu/home-

affairs/sites/homeaffairs/files/what-is-new/work-in-

progress/initiatives/docs/gmige/report_from_commission_en.pdf.

kom (2018) 0302 - Ingen titel

who become subject to a (forced) return are no longer in possession of their travel

document, or fail to produce it upon request. In such cases, the sending Member State must

file an application for a replacement travel document, or

laissez-passer,

either with the in-

country diplomatic representation of the country of origin, or directly with the competent

authorities of the country of origin, pending the positive identification of the foreign

national in question. Most third country diplomatic representatives only issue an

emergency travel document once the identity and nationality of the TCN can be verifiably

proven by the sending Member State. Notably, the authorities of the majority of third

countries currently do not accept the information that can be extracted from the VIS as

sufficient evidence to verify the

person as one of ‘their’ nationals, and they request a

scanned copy of the TCN’s travel document as proof. In this context, Member States can

prove nationality by providing a scanned copy of the TCN’s travel document that provided

the basis for issuing the Schengen visa.

Indeed, in the absence of a valid travel document, the scanned copy of a former visa

holders’ travel document is key to being able to prove the nationality of a TCN. This is

particularly necessary for facilitating returns to traditionally non-cooperative countries of

origin in respect of readmission of their nationals. In the current situation, the process by

which Member States obtain the travel document copy is hampered by the absence of a

legal framework allowing Member States to exchange or transfer such information, as well

as the slow or non-existent cooperation on the part of third country authorities. While the

effectiveness of the measure ultimately depends on the willingness of third countries to

cooperate with the Member States, the evidence suggests that the measure would make it

more difficult for third countries to deny return, as both the information in VIS, as well as

copies of the travel documents would be available.

The study estimates that the total number of visa holders becoming irregular migrants by

overstaying their visa is approximately 294 000 persons per annum. According to

stakeholders interviewed for this study, around 90% of visa overstayers (i.e. 264 453) will

become subject to return proceedings, and we estimate that 10% to 20% of these cases

involve TCNs without travel documents at the time of apprehension; and that more than

half will not be executed due to Member States’ inability to obtain evidence to prove the

TCN’s nationality.

On this basis, the number of return decisions concerning TCNs who entered the territory

on a visa, and that could not be implemented due to missing travel documents, is estimated

between 15 867 to 39 668 casesError!

Reference source not found.

in chapter

Error!

Reference source not found..

This represents roughly 13% to 33% of effective returns of

visa-required third country nationals.

168

While the actual number of estimated cases is low,

based on our calculations, the impact of undetected cases is potentially high. Indeed, one

Member State estimates that the number of detected overstayers represents just 40% of all

visa overstayers (i.e. the undetected population). Moreover, according to migration officers

168 Based on the three-year average (2014

–

2016) of effective returns of nationals from visa-required third countries.

kom (2018) 0302 - Ingen titel

that have run simultaneous searches of VIS against EURODAC for asylum searches, about

30-35% of asylum seekers can be identified using the VIS.

169

2. Objectives

The

general objectives

of the proposed adaptations to the VIS system are the following:

Contribute to assisting in the identification and return of third country nationals that do not,

or no longer fulfil the conditions for entry to, or stay on the territory of the Member States

in accordance with the Return Directive.

Improve efficiency of the VIS for the purposes of facilitating return procedures.

The

specific objectives

of the proposed measure may be formulated as follows:



Facilitate that Member States’ authorities are able

to confirm the identity and prove

the nationality of TCN visa overstayers who lack or fail to produce a copy of their

travel document upon apprehension



Improve the return rate of third country nationals found in a return / readmission

procedure

3. Policy options

The following policy options were investigated:

Option 0. Baseline (no change)

Option 1. Include a scanned copy of the travel document in the central VIS (centralised)

Option 2. Include a digital copy of the travel document in national visa systems

(decentralised)

In addition to the main options, two additional sub-options were defined regarding the

scope of the data to be recorded in VIS:

Sub-option A. Storage of biographical page only

Sub-option

B. Storage of all used pages of the applicant’s travel

document

The two sub-options can be applied to both Option1 and Option 2 described above.

4. Assessment of impacts

Economic Costs

Table 1 and Table 2 present an overview of all relevant costs (both one-off and recurrent,

as well as recurrent compliance costs) from the options and their sub-options. The cost

estimations are based on various sources (experience of related initiatives, stakeholder

consultation) and derive from a number of assumptions, which have been detailed in

Chapter 3.5.1 and in Annex III.

169 Commission Staff Working Document, XXX (2017), Impact Assessment accompanying the document for a

proposal for a Regulation of the European Parliament and the Council establishing interoperability between

European Union information systems for security, border and migration management.

kom (2018) 0302 - Ingen titel

Table 1

Summary of investment (one-off) and recurrent compliance costs (millions)

Option 1

Option 2

Sub-option A

Sub-option B

Investment and operational costs

One-off costs (m)

Additional servers. VIS databases

Additional VIS storage

Scanning equipment: Consulates

Scanning equipment: ESPs

Training and awareness raising

Total one-off costs

Recurrent operational costs (m)

Operational cost 10 year retention

Total recurrent costs

Workload impacts: Costs to scan, prepare

and transfer the TD copies(m)

Consulates

ESPs

Total additional workload costs

Total investment and recurrent compliance

costs (m)

€5

€ 0,2

€ 5,2

€ 244 – € 414

€ 1.3

€ 4,7

€ 6,7

€5

€ 4,7

€ 7,2 –

7,5

€ 16,9 –

17,2

€ 0,2

€244,2-

414,2

€ 12,7

€ 35

€ 16 – € 33

€ 16 –

€ 40,2

€ 260,2 –

447,2

€ 3,9

€ 5,3

€ 9,1

€ 21,9

€ 5,8

€ 16,5

€ 22,3

€ 39,1 –

39,5

Source: Ecorys calculations based on data provided during stakeholder interviews.

Note: Calculations may not add up due to rounding.

Table 2 Summary of additional workload-related costs

Costs to TCNs

Visa fees (per TCN)

Opportunity costs (per TCN)

Total costs to TCNs

€ 0,60

€1–€5

€ 1,89

€ 2,89 –

5,89

Option 1

Option 2

Sub-option A

Sub-option B

Source: Ecorys calculations based on data provided during stakeholder interviews.

Note: Calculations may not add up due to rounding.

Both options and the two sub-options require some one-off costs, both to implement the

proposed change and to train the relevant personnel and raise awareness along the chain of

stakeholders.

One-off investment costs are significantly higher for Option 2 than for Option 1, as the

former would involve the expansion or setting up of national systems. The study notes,

however, that since the history of previous applications can be easily checked in the VIS,

no new copies are requested from the applicant if documents have already been submitted

during a previous application, and if that document has not yet expired and been replaced

with a new one. This suggests that required investments in storage capacity under Option 2

may be substantially lower than the calculations suggest. The study was unable to collect

kom (2018) 0302 - Ingen titel

data enabling an accurate estimation of the investments required at national level due to the

late inclusion of this option in the analysis. Regarding the sub-options, the technical

infrastructure to be added at ESPs and consulates is limited to a document scanner

connected to a computer.

On-going compliance costs are summarised as follows:

Costs incurred by visa authorities and ESPs stem from the additional time spent to (a)

make the scanned copy of the travel document, (b) transfer the data to the consulate and (c)

to transfer the data (digitised copies) from the consulate to the NS-VIS. The costs are

driven by the choice of sub-option; the main options do not affect the workload of the

consulates and ESPs. Thus, the costs for consulates and ESPs are substantially higher

under sub-option B compared to both sub-option A and the current situation (baseline

scenario).

Costs incurred by third country nationals are similarly driven by the two sub-options. In

the event that sub-option B is implemented, ESPs and consulates may pass additional

workload costs onto the TCNs in the form of increased visa service fees charged to

applicants. Given that the average service fee charged to applicants today is approximately

€ 25,00, the average fee increase will range from € 1,00 to € 5,00 per applicant under sub-

option B. By contrast, sub-option A would result in only a marginal increase in the

workload of ESPs relative to the current situation, therefore the ESPs are unlikely to

increase the service fee levied on visa applicants. Visa applicants may additionally

experience increased wait time at the application centres due to the increase in time spent

by ESP personnel for receiving each application. The identified opportunity costs are,

however, minor compared to the current situation.

Economic benefits

As shown in Table , the measures will produce several important economic benefits for

Consulates (and ESPs, as a result of the additional visa fees) as well as Member States’

migration and return authorities. Implementation of a measure to systematically include

scanned

copies of visa applicants’ travel document in the VIS, which would be either

directly or indirectly searchable and accessible to the relevant authorities, will:



Greatly reduce the burden to confirm this category of TCNs’ identity and facilitate

the return process while facilitating the likely cooperation on the part of third

country authorities to issue an emergency travel document to return their nationals;

Reduce delays associated with ad hoc communications and exchange between

Member States’ authorities

and the consulates; and

Eliminate inefficient procedures involved with retrieving, scanning, zipping and

coding hard copies.



The identified economic benefits are primarily drive by the choice of main option (Option

1 and Option 2). While Option 1 performs marginally better on these objectives compared

to Option 2, both measures will significantly reduce inefficiencies associated with the

current procedures.

kom (2018) 0302 - Ingen titel

Table 3 Summary of benefits of the policy options

Option 1

Consulates

Cost savings from time spent on responding to supporting

document requests

Migration and return authorities

Cost savings from time spent on retrieving TD copy

Cost savings from reduced delays in return procedures

€ 3,2 –

12,7 m

Daily costs of delays reduced by up to 14

days

€ 46,3 m –

92,6 m

€ 3,0 –

12,3 m

Daily cost of delays reduced by up to

13,5 days; costs incurred for delays of �½

day

€ 44,6 –

89,3 m

Cost savings from executing a higher proportion of return

decisions, in less time

Total benefits (50 % improvement)

Total benefits (75 % improvement)

€ 6,7 –

21,4 m (if 50% improvement)

€ 10,0 –

32,1 m (if 75 % improvement)

€ 57,5 m –

132,2 m

€ 60,8 –

142,9 m

€ 6,6 –

21,3 m (if 50% improvement)

€ 9,9 –

31,9 m (if 75% improvement)

€ 55,6 –

128,3 m

€ 58,9–

139,0 m

€ 0,7 – € 2,8 m

(€ 366 – € 1.462 per consulate)

€ 0,7 – € 2,8 m

(€ 366 – € 1.462 per consulate)

Option 2

The saved costs for consulates from the reduced number of supporting document assistance

requests is estimated to range between € 0,7 million to € 2,8 million across all Schengen

consulates worldwide. The impact is the same across both main options.

The saved costs for migration and return authorities from the reduced workload associated

with contacting the consulates and obtaining the scanned copy of the via applicants’ travel

document is valued higher under Option 1 than under Option 2. This is due to the fact that

under Option 2, Member States will still need to request the information from the national

authorities responsible for storing the scanned copy, a procedure that would require an

estimated 15 minutes or less to carry out. Option 1 is therefore marginally more efficient

than Option 2.

The cost savings from executing a higher proportion of returns (in less time) will also

increase under both of the main options. The benefits are only marginally lower under

Option 2, due to the remaining workload associated with making requests to the storing

authority, as shown in Table 3 (lower benefit from slightly less efficient procedures). The

full impact is difficult to estimate with any accuracy as it is wholly dependent on the

cooperativeness of the third country authorities.

In terms of the impact on duration and timeliness of return proceedings, both options

would significantly reduce the wait time imposed on migration and return authorities

during the process of confirming the identity of TCNs. Under Option 1, the delays will be

effectively eliminated, resulting in a delay reduction of up to 14 days. Option 2 would have

a slightly lower impact as Member

States’ authorities may still be required to wait for

several hours before receiving a reply from the responsible national authority for storing

the travel document. The potential benefits to be realised from both options will be

sufficiently substantial to offset the costs incurred to implement and comply with the

respective options.

kom (2018) 0302 - Ingen titel

Policy impacts

The storage of visa applicants’ travel documents in VIS will improve the implementation

of the objective of facilitating returns of TCNs who have been issued with a return

decision. Both Option 1 and Option 2 will enable Member States to Member States to

obtain the necessary evidence for proving the nationality of TCN visa overstayers who

have been issued with return decision, but who lack a valid travel document, to equal

effect. This is because both options entail the systematic collection and storage of the visa

applicants’ travel document that provided the basis for issuing the Schengen visa in VIS. In

both cases, however, the effective change is highly dependent on the third country in

question.

The experience of Member States to date indicates that there is a direct correlation between

the rate of effective returns based on VIS matches combined with a copy of the travel

document on the one hand, and the level of historical cooperation with the given country of

origin on the other. In other words, if a return is theoretically feasible (due to positive

confirmation of identity), and the country in question is typically cooperative in dealing

with returns, then

the information in the VIS matches coupled with a copy of the TCN’s

travel document will be extremely useful and sufficient for facilitating the return.

However, if the country in questions is non-cooperative on returns in general, Member

States have few recourses to compel the return.

Based on inputs provided during the stakeholder consultation, the study cautiously assumes

that the proportion of effectively executed returns of TCN visa overstayers without travel

documents will increase by 50% to 75% as a result of the proposed options.

If the proportion of effectively executed returns increases by 50%, then the benefit is an

additional 7.934 to 19.834 TCNs returned compared to the current situation.

If the proportion increases by 75%, then benefit is an additional 11.900 to 29.751 persons

returned.

Table 4 Estimated benefits for the implementation of returns

Impact on the implementation of returns: Additional returns of TCNs without travel documents

Estimated number

of returns not

implemented

Lower

Upper

50%

–

75%

Number of additional returns: Scenario A

(50% improvement)

Lower

+ 7.934

TCNs returned

Upper

+ 19.834

TCNs returned

Number of additional returns: Scenario B

(75% improvement)

Lower

+ 11.900

TCNs returned

Upper

+ 29.751

TCNs returned

% improvement

15.867

39.668

Fundamental rights impacts

In accordance with the Charter of Fundamental Rights of the EU, to which EU Member

States and institutions are bound when they implement EU law (Article 51(1) CFR), the

identified benefits of the proposed measure must be balanced with the obligation to ensure

that any corresponding interferences with fundamental rights are limited to what is strictly

necessary to genuinely meet the objectives of general interest pursued, subject to the

principle of proportionality (Article 52(1) CFR).The study does not look at all fundamental

rights issues arising from the proposed changes to the VIS Regulation. This analysis

kom (2018) 0302 - Ingen titel

focuses on the possible (negative and positive) impacts of the proposed measure for the

following fundamental rights of the CFR:

Right to asylum and protection of the principle of non-refoulement (Article 18 and 19)

Rights to non-discrimination (Article 21)

Right to effective remedies (Article 47)

Rights to the protection of privacy and personal data (Article 7 and 8).

The proposed measure brings both risks and opportunities with respect to fundamental

rights. The storage of a scanned copy of the visa applicants’ travel document in the central

VIS (Option 1) or national VIS (Option 2) can have a positive impact for the right to

asylum (Article 18 CFR) and the protection of the principle of non-refoulement (Article 19

CFR) by providing designated authorities access to additional evidence to prove an asylum

seekers’ identity.

The sub-options could in fact be useful to asylum authorities for

verifying the identity of a person in need of international protection (sub-option A) or for

proving the escape route that the person used (sub-option B), which is important in an

assessment of merits for asylum cases. The existing safeguard which bans the transfer of

personal data to third countries if that person has requested international protection

continues to apply (Article 31(3)), mitigating the risk of serious harm for asylum applicants

or their families.

The proposed measure would create an interference with the right to privacy and family

life (Article 7 CFR) and the right to the protection of personal data (Article 8 CFR), as it

involves the processing of personal data. The limitation is modest under sub-option A, as

the only additional category of personal data that could potentially be stored relative to the

current situation is the personal identification number of the document holder. In fact, the

measure implies the processing of nearly the same amount and type of personal data as is

processed in the current situation, merely stored in a different format (i.e. the scanned copy

of the travel document, as opposed to an entry in the VIS file based on information

submitted as part of an application form). Safeguards prohibiting the further processing of

these data by migration and return authorities as well as to prevent unauthorised access and

unlawful sharing with third parties should limit any potential negative impacts implied by

the sub-option. By contrast, sub-option B involves the processing of a large amount of new

personal data, which would affect the entire population of TCNs under visa obligation. The

data is not currently stored into VIS, therefore new safeguards would need to establish the

purpose of the data processing. Such safeguards should explicitly prohibit the sharing of

these data with third parties given that it is not foreseen to positively contribute to the

objective of facilitating return.

Regarding the data protection impact of the main options, whereas Option 1 involves the

central storage of the scanned travel document copy, Option 2 involves implies storage at

national level. This means that the Member State which entered the data would own the

data, and thus be responsible for sharing its data with the requesting Member State

following a positive “hit”. Option 2 may include less risks with regard to purpose

limitation and accessibility of personal information serving as an additional safeguard

against unauthorised access.

kom (2018) 0302 - Ingen titel

The measure has no impact on the right to an effective remedy as currently provided in

Article 40 of the VIS Regulation. The measure would also not affect the right to non-

discrimination, as it does not discriminate on any of the grounds established in Article 21

CFR.

Necessity and proportionality

The proportionality test requires demonstrating that the measure would be suitable with

respect to achieving its purpose. The answer for Option 1, Option 2 and Sub-option A is

affirmative, as the travel document data page is precisely what is required by third country

authorities as proof of nationality in the absence of a valid travel document. A separate

question is whether the measure can be made more targeted to reduce its interference on

the right to privacy and data protection. In addition to what is explained in the description

of fundamental rights impacts (chapter 3.4.3), the measures analysed are targeted to TCN

travellers to the EU who are under visa obligation.

Regarding the choice of main option, while both options will achieve the same level of

effectiveness, Option 1 achieves a higher level of efficiency (timeliness and cost-

efficiency). Furthermore, Option 2 (decentralised storage) would not be considered as less

intrusive given that the same information would be made available to the designated

authorities in all MS. No matter which technical architecture is selected, the measure is

intended to enable a Member State’s authority to access data stored by (an)other Member

State during the visa procedure.

To answer the question as to the proportionality of the sub-options, it is relevant to

distinguish between the personal data stored in the data page of one’s travel document and

the information that can be derived from the visa stamps and stickers affixed to the

documents’ visa pages. The scope of personal data to be stored under sub-option

A is both

relevant and necessary for the stated purposes of facilitating returns. The intrusiveness of

the proposed sub-option is in itself very modest, as the same data are already entered in

VIS in the current situation, though accessible in a different format. The only category of

data not currently collected and stored in VIS from visa applicants, which in some cases

may be present in the data

page of a visa applicants’ travel document, is the of national

personal identification number. Assuring that appropriate safeguards prevent against the

processing of these new data, the interference on the right to privacy and the protection of

personal data would not be greater than the current VIS system, for which no complaint on

data protection has been registered to date (COM(2016) 655 final, page 12), and adequate

safeguards have been put in place. By contrast, the data implied by sub-option B is

substantially more intrusive and it will not contribute to the explicit objective of the

measure, which is to facilitate the return of TCNs without a valid travel document. The

study concludes that sub-option B is more intrusive and no more effective for achieving the

identified objectives. As a result, the processing of these data is considered

disproportionate.

The analysis undertaken in the preceding sections suggest that it is possible to justify the

necessity and proportionality of a measure involving storage

–

either at central level

(Option 1) or decentral level (Option 2)

–

of a scanned copy of the data page of the visa

applicants’ travel document in the VIS system.

100

kom (2018) 0302 - Ingen titel

5. Comparison of options

The preferred option to emerge from this study is Option 1, sub-option A: centralised

storage of a scanned copy of the bio-data

page of the visa applicants’ travel document in

the VIS.

Both Option 1 and Option 2, in combination with sub-option A, will achieve the roughly

the same level of effectiveness in terms of their contribution to the objective of facilitating

the return of TCNs visa overstayers who lack valid travel documents. Option 1 achieves a

marginally higher level of efficiency (timeliness and cost-effectiveness) than Option 2,

particularly in terms of: reducing the burden to Member States to confirm this category of

TCNs’ identity and facilitating the cooperation of Member States to issue ETDs for their

return; reducing delays associated with ad hoc communications between Member States

and their consulates; and by eliminating inefficient procedures involved with retrieving,

scanning, zipping and coding hard copies of travel documents.

While Option 1 performs only marginally better on these objectives compared to Option 2,

both measures will significantly reduce inefficiencies associated with the current

procedures. Moreover, the costs under Option 1 and the sub-options are, however,

expected to be broadly compensated in the first year of implementation, whereas Option 2

will be compensated within 3 to 5 years by the expected cost savings and delay cost

reductions at the level of Member States (also to be realised under Option 1). By contrast,

while sub-option B is slightly more costly than sub-option A, it does not provide any added

value for achieving the policy objective relative to sub-option A. Therefore sub-option B

can be discarded.

From a fundamental rights perspective, in additional to the fundamental rights impacts

described above, the main potential benefit of Option 2 vis-à-vis Option 1 is that the travel

document copy would be stored nationally and therefore access by the designated

migration or return authority in one Member State would be subject to the authorisation

granted by the Member State that entered the data into VIS. However, similar results could

be obtained under Option 1, by using a restricted authorizations regime. Moreover, in

terms of privacy impacts and the degree of intrusiveness, Option 2 (decentralised storage)

would not be considered as less intrusive given that the same information would be made

available to the designated authorities in all MS.

By ensuring that accessibility to the copies of travel documents in VIS is limited for the

purposes as currently provided in 15, 16, 18, 19 and 20 VIS Regulation, amending Article

31 (2) to limit transfer of travel document copies to third countries for the purpose of

facilitation return procedures, Articles 18, 19 and 20 VIS Regulation, and establishing

adequate safeguards to ensure rights to privacy and data protection are respected, Options 1

and 2, and sub-Option A pass the test of proportionality.

101

kom (2018) 0302 - Ingen titel

NNEX

8: E

XECUTIVE

UMMARY OF THE

TUDY ON

EASIBILITY AND

MPLICATIONS OF

OWERING THE

INGERPRINTING AGE FOR

HILDREN

Analysis of the problems

Current EU legislation on the visa application procedure for short-stay visas exempts

children under the age of 12 from the provision of fingerprints. Without fingerprints it is

more difficult to unambiguously verify the identity of a TCN child (<12) at the border or

within the Schengen territory. In relation to this root cause 2 problems have been

formulated that the introduced adaptation might be able to address.

Problem 2.1:

sub-optimal achievement of various objectives of the VIS set out in Article 2

of Regulation (EC) No 767/2008), in particular as regards to the prevention of visa fraud,

to facilitate checks at external border crossing points and within the territory of the

Member States, and to facilitate the application of the Dublin II Regulation.

Problem 2.1:

sub-optimal provision of appropriate protection to TCN (<12) children,

either from trafficking with the help of a visa , or in the case they are found in Schengen

territory in a situation where their rights may be or have been violated (trafficking, missing

children, unaccompanied minors applying for asylum).

Objectives

In relation to the defined problems, two objectives of the proposed second adaptation can

be defined.



Better meeting the various VIS objectives (facilitation of the fight against fraud,

facilitation of checks at external border crossing points, facilitate the application of the

Dublin II Regulation,)



Support with the prevention and fight against child trafficking, and with the

identification/verification of identity of TCN children who are found in Schengen

territory in a situation where their rights may be or have been violated (trafficking,

missing children, unaccompanied minors applying for asylum).

Policy options

The following policy options were investigated.

Option 0. Baseline (no change)

The VIS Regulation (Article 9(6)) requires Member States to enter the fingerprints of

applicants in the VIS. The inclusion of 10 fingerprints and a facial image is arranged

through Article 13(2) of the Visa Code. Biometric matching of fingerprints constitutes the

main method for of identification and verification. Children under the age of 12 are

currently exempt from the obligation to provide fingerprints. In the case the measure to

take fingerprints of children under the age of 12 would not be introduced relevant

authorities continue to have challenges to identify and verify the identity of young children

and to offer appropriate protection.

102

kom (2018) 0302 - Ingen titel

Option 1. Lowering the fingerprinting age to 6 years

Under this scenario, fingerprints will be taken from every visa applicant from 6 years of

age and above, thereby effectively increasing the group of applicants by adding the cohort

of 6 to 11 year-olds.

In 2013 the European Commission’s Joint Research Centre (JRC) carried out a study on

the question whether or not automated fingerprint recognition for children is possible with

recognition rates similar to those reached for adults. The study concluded that under

appropriate conditions, fingerprint recognition of children aged between 6 and 12 years is

achievable with a satisfactory level of accuracy. One such condition would be, for

example, to ensure an appropriate level of training of operators to acquire high quality

images.

Option 1 is also in line with the proposal for a revised EURODAC Regulation, which

would lower the fingerprinting age from 14 to 6. The JRC study and recent developments

related to the protection of children in irregular migration were at the basis of this proposal.

Option 2. Lowering the fingerprint age including all ages

Under this scenario, fingerprints will be taken from visa applicants of all ages thereby

effectively increasing the group of applicants by adding the cohort of 0 to 11 year-olds.

In the JRC study evidence is presented from other studies that it is feasible to take reliable

fingerprints of children even younger than 6, although this may result in stronger technical

and procedural changes (see paragraph 4.4.2 for detailed explanation). These indications,

combined with the fact that all children have the same rights, including rights to protection,

result in the inclusion of option 2.

Assessment of impacts

Economic costs and benefits

Three main categories of economic costs and benefits were included in the analysis:

(i)

(ii)

the investment or set-up costs (one-off costs) induced by modifications in

procedures and legal changes and;

the impacts in terms of workload and administrative burden (operational costs),

which may have a net positive or negative economic impact for the involved

stakeholders;

opportunity costs for TCN children and parents resulting from additional

waiting time at the visa application centres and costs incurred by authorities in

the Schengen area.

(iii)

The one-off costs are higher for option 2 than for option 1. This is first of all because

taking fingerprints of children younger than 6 is likely to require a new, different type of

scanner and software. Further investigation into the technical feasibility is recommended.

Secondly, as the size of biometric samples to be included in in the case of the second

option is larger, more is requested in terms of storage of the system and the capacity of the

BMS. The expected training costs are estimated to be the same for some options.

103

kom (2018) 0302 - Ingen titel

With regards to operational costs, again the costs are expected to be higher for option 2

than for option 1. Not only are prints to be taken from double the number of children, but

also the time that it takes to capture a print is expected to be longer.

As for the third category of costs/ savings, the fingerprinting time of the youngest age

group is expected to be higher, resulting in more additional waiting (/higher opportunity

costs) time for a child under 6 and its family than for children aged 6-12. For member state

authorities no impacts are expected for Member States’ visa authorities.

It is expected that

the adaptation to the age limit might save Member States’ authorities dealing with

trafficked/ missing children considerable time identifying children. The specific impacts

are unknown but it seems logic to assume that total benefits are higher in the case of option

two as this option affects more children.

Policy impacts

Taking fingerprints of young children could support border authorities in detecting identity

fraud as it would help them to ascertain whether the child at the border is the child that has

been granted a visa. In addition, it facilitates also the identification of traffickers and

trafficking networks.

The prevention of identify fraud is raised by several consulates as the main potential

benefit of the proposed adaptation. However, no information is available to state the actual

size of the problem.

A necessary precondition to achieve the full potential effectiveness of entering fingerprints

of TCN children (<12) for the prevention of trafficking of TCN children (<12), is having

fingerprints of each incoming TCN checked and verified at Schengen entry ports. At the

moment such checks are not consistently executed.

The adaptation could also contribute to the Identification and verification of the identity of

TCN children <12 on Schengen territory, hereby allowing for:



Family unification within and outside the Schengen area



Verifying the familiar relationship



Dublin and asylum examination

Fundamental rights impacts

Both options under investigation could have positive fundamental right impacts. The

adaptations could assist in the prevention of children being trafficked and in identifying

children who have gone missing, or who are abducted or became victims of human

traffickers, thereby enabling these children to reunite with their family members (but only

if it is in their best interest). Also, it could support the execution of the Dublin Regulation.

The proposal of lowering the age of fingerprinting children, whether it being option 1 or 2,

will also have an impact on the rights to human dignity and privacy and personal data

protection. Fingerprints must be taken in full respect of human dignity and in a manner that

is appropriate to the child’s age and maturity. It is advised to include a provision to the

Visa code explicitly requiring that fingerprints be taken in a child-friendly and child-

sensitive manner by consulate officials or ESP personnel who have been specifically

trained to collect biometric data from children.

104

kom (2018) 0302 - Ingen titel

With regards to privacy and personal data protection, as children are a particularly

vulnerable group, the pursued objectives of data processing must be clearly identified to

assess whether these measures are appropriate, proportionate and fully address the problem

at stake. The processing of fingerprint data for children will be subject to the same

safeguards and purpose limitations as exist for the processing of biometric data of TCN

visa applicants above the age of 12. The existing safeguards ensure the strict purpose limits

of the data processing. The safeguards continue to prevent unauthorised access and

unlawful sharing of this information to third parties.

As described in the problem analysis there are cases of children entering or attempting to

enter the EU on a visa who are victims of child trafficking, or have gone missing. Such

cases could be detected by a more complete visa policy. This objective requires that the

relevant or designated authorities would need access to search and process the data stored

in VIS. Child protection authorities currently do not have access to the VIS. If they should

be granted access this should be specified in the VIS Regulation. A difference must be

made between the use of children data in the interest of children, (such as with the

objective of protecting children, for example against human trafficking or re-unification

with parents), and its use for objectives that could possibly be in their detriment.

Necessity and proportionality

Lowering the fingerprinting age of children in VIS may have a positive impact for the

protection of the fundamental rights of children, protecting them against child trafficking

or protecting the right to family life by reuniting missing children with their family

members. Considering this objective of tracing or identifying missing children in Europe,

the proposed measure, may complement the existing tool in SIS II for the reporting of

alerts on missing persons.

The necessity and proportionality of the proposed measure of lowering the fingerprinting

age to children of 6 year old

(option 1),

or to include all ages

(option 2)

depends on the

size of the problem, with other words on the number of TCN children under 12 who after

their visa application are found to be involved in visa fraud, and the number of TCN

children (<12) who have gone missing in the Schengen area.

Between 1.4 and 2.1 million children under 12 are traveling into the Schengen area with a

uniform visa each year, half of them are presumably younger than 6 years old. There are no

numbers available on identity theft after a visa has been granted (as currently there is no

possibility to verify identity at border crossings). With regards to victims of trafficking,

taking the latest Eurostat data into account each year they are expected to be around 375-

500 TCN victims under 12 year old to be found each year. Studies and expert opinions

suggest, the lower the age the lower the share of victims. In 2015 it was estimated by

Europol that, at least 10 000 unaccompanied minors went missing (age unspecified). But it

is not known if they have a VIS record. Interviewed stakeholders believe this number to be

marginal. One remark: with regards to both trafficking and missing children numbers it

may be expected that the number of factual cases is a higher than the number of known

cases.

Option 1.

Although the number of potentially affected children appears to be low, taking

into account the positive impact for protecting the right to family life and best interests of

105

kom (2018) 0302 - Ingen titel

the child, this option can be considered a proportional measure under specified purposes,

strict conditions and safeguards, ensuring that the fingerprints are only accessed and used

to protect children from trafficking or identify and protect missing children. Considering

the data protection impact and the right to information included in Article 37 VIS

Regulation, taking into account that children (generally) have no impact on the decision of

their parents, strict time limits must be applied to ensure that their data are no longer stored

than for what is strictly necessary. Sufficient safeguards must be provided to ensure that

the fingerprint are taken in a child friendly manner, not only at the time of collection

during the visa application, but also within the EU territory for the purpose of

identification of the child and the comparison of the fingerprints with data in VIS or other

databases. ESP’s should be bound by the same standards and ensure the protection of the

rights and best interest of the child when taking fingerprints.

Option 2.

All children are entitled to protection, and this option may have a positive

impact with regards to the protection of all TCN children with a visa. However, for this age

group there are practical problems with regards to the accurate collection of their

fingerprints. Further investigation is preferred but it is to be expected that investments in

scanners and software need to be made. This, in combination with the even smaller number

of children below the age of 6 that are at risk of human trafficking or go missing this

option could be concluded to lack both necessity and proportionality.

Comparison of options

The preferred option to emerge from this study is Option 1: lowering the fingerprinti

ng age to

6 years.

Both options contribute to the policy objectives as identified in section 4.3. The policy

impacts achieved by the options are in essence the same, they both facilitate in various

ways in the protection of these children while traveling with a visa and after arrival in the

Schengen area, but the main difference is that the number of children affected by the

second option could be larger as it is encompassing all children.

However, the evidence currently available indicates that the group of children under 6 that

is likely to be affected by the proposed adaptation is very small. This, in combination with

the needed additional investigations into the feasibility of taking accurate fingerprints of

this younger age group, and the presumed substantial investment costs that are associated

with the purchase of new tailored machines result in the conclusion that necessity and

proportionality are lacking.

106

kom (2018) 0302 - Ingen titel

NNEX

9: E

XECUTIVE

UMMARY OF THE

EGAL

NALYSIS ON THE

ECESSITY AND

ROPORTIONALITY OF

XTENDING THE

COPE OF THE

ISA

NFORMATION

YSTEM

(VIS)

NCLUDE

ATA ON

ONG

TAY

ISAS AND

ESIDENCE

OCUMENTS

Context of the study

General context

The fragmentation of information through different MSs and systems is inefficient. It could

lead to errors when assessing a third-country

national’s situation and makes the border-

crossing procedure difficult. These challenges have already been identified and described

by the European Commission, which published in April 2016 a Communication on

Stronger and Smarter Information Systems for Borders and Security

170

in which it commits

to working to enable a

better use of the data collected.

On 10 June 2016, the Justice and Home Affairs (JHA) Council endorsed a

roadmap to

enhance information exchange and information management.

It included an action

plan listing 50 actions to be undertaken by different stakeholders. Action 50 set an

objective to address the

existing information gap in the (travel) documents of third-

country nationals.

The Final Report of the

High-Level Expert Group on Information Systems and

Interoperability

of May 2017 identified an information gap at EU level concerning three

types of documents: long-stay visas, residence permits and residence cards. The Report

recommended the Commission to undertake, as a matter of priority, a feasibility study on

the establishment of a "central EU repository containing information on long-stay visas,

residence cards, and residence permits".

The High-Level

Expert Group’ sub-group

on new systems further discussed the idea of

such a database. It concluded that there were a number of similarities (in terms of desired

functionalities, purpose and uses) with the database on short-stay visas: the Visa

Information System (VIS). Hence, the VIS could potentially be extended to include long-

stay and residence documents. In this respect, the Report on the VIS Evaluation (2016)

171

also included a recommendation for further development of the system to include these

documents.

In line with the High-Level

Expert Group’s recommendation, a first feasibility study was

undertaken

172

. It analysed whether including long-stay and residence documents in a

central database was technically feasible and desirable, compared to the creation of a new

dedicated database to store data on these documents. It concluded that re-using the VIS

170 Available

at:

http://www.eulisa.europa.eu/Newsroom/News/Documents/SB-

EES/communication_on_stronger_and_smart_borders_20160406_en.pdf (see page 3).

171 Report from the Commission to the European Parliament and the Council the implementation of Regulation (EC)

No 767/2008 of the European Parliament and of the Council establishing the Visa Information System (VIS), the

use of fingerprints at external borders and the use of biometrics in the visa application procedure/REFIT Evaluation

COM(2016) 655 final.

172 Feasibility Study to include in a repository documents for Long-Stay visas, Residence and Local Border Traffic

Permits - Phase1: Analysis of Options, 2017.

107

kom (2018) 0302 - Ingen titel

structure to include these documents would be the best option. The study also concluded

on the need to carry out further research and consultations on the

necessity and

proportionality of such a measure.

Objective and scope of the study

The European Commission’s Directorate-General

for Migration and Home Affairs (DG

HOME) commissioned this study, with the aim of analysing the

necessity

and

proportionality

of including data on long-stay visas and residence documents in the VIS.

As required by the necessity test, the study identified other options that could potentially

also address the problem, using the input collected during stakeholder consultations. More

specifically, the study aims at answering the following questions:



What is the

problem

to be addressed?



What are the

objectives

of the initiative?

What are the legislative and non-legislative

options

that can be considered? How do

they

compare?

What are the

impacts

on fundamental rights? Are they

proportionate

(does any other

option achieve the objectives with less interference on the rights of the data subjects)?

The scope of the study does not cover and is without prejudice to MSs' and EU’s

competence to define the conditions of issuing long-stay and residence documents. The

assessed measure would only address issues related to the lack of shared information on

these documents at the borders and during the processing of a new application.

Approach and methodology of the study

To achieve its aim, the study follows the guidance provided in the

Better Regulation

Guidelines

and Toolbox, in particular Tool 28

173

. It follows the instructions given in the

EDPS Toolkit for assessing the necessity of the measure as regards its impact on the right

to data protection.

The study used two main data collection tools:



Desk research

including, among others, the Treaties, the VIS and the SIS legal bases

and relevant case law;

Stakeholder consultations:

consultations with the European Commission (including

two meetings with the relevant Directorates-General), one interview with Frontex and

one interview with eu-LISA were carried out. In addition, a questionnaire was sent to

MSs. Finally, the study also took into account the results of the public consultation

carried out by the Commission between November 2017 and February 2018.

173

“Fundamental Rights & Human Rights”.

108

kom (2018) 0302 - Ingen titel

What is the problem?

Problems

Fraud

Consequences

Problem Driver

Fragmentation of

the information

Operational difficulties at the

borders

2. Security and migration risks

3. Administrative burden

Difficulties in gathering

information to perform an

assessment

of the TCN’

situation

4. Lengthy border-crossing procedures

5. Lack of statistics

Figure 1 Problem definition

Problem driver: fragmentation of the information on long-stay and residence

documents

For short-stay visas (stays in the EU of less than 90 days within a period of 180 days),

there is a common format in all Schengen Member States and their application and

issuance procedures have been harmonised. Information on these documents and their

applications is stored in the VIS. The system is used by migration authorities and border

guards, as well as national and European law enforcement authorities under special

conditions. It provides reliable information on the authenticity and validity of short-stay

visas and on applications, including those handled by other MSs.

Long-stay and residence documents are not fully harmonised, and in the case of residence

cards, their format can differ from one issuing Member State to another. Moreover, there is

no systematic exchange of information on these types of documents between Member

States, which lead to operational difficulties at the borders and during the issuance process.

Border guards and migration authorities have no fast and systematic access to information

on documents issued by another Member State. The available data is partial and scattered

in different systems and tools (SIS, SLTD, FADO, bilateral contacts between MSs…)

which leads to lengthy procedures to collect all the relevant data for the day-to-day

activities of national authorities.

Member states and the respondents to the public consultation confirmed these issues: 86%

agreed with the identified information gap that leads to problems in management of

external borders and irregular migration within the EU.

Problem: operational difficulties at

the border and during the assessment of TCNs’

situations

From a border-control point of view, and during checks carried out within the territory of

the MSs, it is crucial to ascertain the authenticity and validity of the documents. The holder

of a long-stay or residence document can enter the Schengen Area via any external border-

crossing points, and not all these documents possesses the same, strong security features.

Of the three documents, only residence permits and residence cards issued in a residence

permit format have a chip

174

, thus allow electronic verification through Passive

Authentication (using the respective country cryptographic certificate). In addition, while

174 The check that the residence permit belongs to the bearer is done by reading the facial image from the chip of the

document and comparing it with the one of the bearer. In case of failure or doubt, the stored fingerprints can be

accessed. However, the information on the chip needs to be checked on its authenticity which can be done by

exchanging cryptographic certificates between MSs (this topic is further discussed in section 3.1.2).

109

kom (2018) 0302 - Ingen titel

residence permits and long-stay visas format are harmonised, this is not the case for

residence cards. Thus, the visual inspection of document’ security features is made difficult

by the different formats and

–

for some documents

–

the rarity with which they appear at

certain border-crossing points, in addition to the heterogeneous use of security features.

Lastly, the border guards have different tools to gather information to assess the validity of

a document, some automated (SIS and SLTD for lost, stolen, misappropriated and

invalidated documents), others to be used at second-line border checks, like the FADO for

images of authentic and forged documents. However, the information contained in the

systems is not always sufficient (in terms of both quality and quantity). The SIS does not

provide information on previous fraud attempt(s) by an applicant and cannot provide

information on documents that have not been reported as stolen or lost. Border guards

ultimately have to rely on bilateral contacts with the issuing Member States, via

communication channels like SIRENE, but also by phone or emails. Consulted

MS complained about these procedures as being time-consuming and inefficient. For the

large majority (80%) the lack of shared information on these documents was a hurdle to

their day-to day activities.

From a migration assessment point of view, it is important to have information on relevant

elements of the situation of a person to assess accurately whether the applicant would pose

a migration or a security risk. In addition to checking national systems, the only EU-level

exchange of information migration authorities have at their disposal is the SIS for alerts on

entry bans. There is no dedicated tool to share information on applications and reasons for

refusal, which might be linked to migration or security risks.

Consequences: fraud, security and migration risks, administrative burden and lack of

statistics

This situation leads to five main consequences:

Administrative burden:

as migration and border control authorities have to go

through different procedures in different systems and tools to gather an incomplete

picture on the TCN and her/his document. The bilateral exchange of information is the

last resource they use, which has different inherent constraint: language barriers and

long waiting times.

Lengthy border-crossing procedures:

the above-mentioned issues at borders directly

impacts the journey of bona fide TCNs holding long-stay or residence documents, who

suffers

delays

and who

risk being wrongly denied entry or passage.

When there is a

doubt on a document, the further checks and bilateral contact between MS are carried-

out at second-line border check, which means that the TCN has to wait at the borders

for his/her situation to be clarified. Ultimately, this situation can lead to the

infringement of the

Freedom of Movement

of bona fide TCN who reside in the

territory of a Member State (Article 21 TFEU and Directive 2004/38) if they are not

allowed to cross the internal (during an ad hoc check) or external borders due their

document not being trusted.

Document fraud:

the information gap can create blind spots in the border-

management framework and foster fraud on less secured documents. This is especially

important when considering the existing and ongoing strengthening of border checks

for other categories of travellers (e.g. mandatory checks of EU citizens at external

110

kom (2018) 0302 - Ingen titel

borders, ETIAS for short-stay visa-exempt travellers, VIS for short-stay visa holders

and EES for all short-stay visitors). This reinforcement of security and border

management measures could motivate people with ill intentions to look for other,

less

secure types of documents

that would allow them to enter the Schengen Area and

move across Member States. This phenomenon has already been observed with ID

cards, whereby fraudsters target less secure EU ID cards for intra-Schengen

movements

175

(fraud

based on the ‘weakest

link’

approach).

In addition, obtaining authentic documents based on

false application documents

(birth, marriage and death certificates) is one of the biggest challenges in terms of fraud

as it is very difficult to detect. This type of fraud is increasingly attractive for

fraudsters, as the document become more secure. Better information exchange between

MSs during the application process could help identify more cases

176

Table 1: Fraudulent documents

–

Fronex Risk Analzsis for 2017

Security and migration risks:

the fraud problem inevitably leads to a security issue

for the EU. Fraud is used by

organised crime

as a mean for a series of

related serious

offences,

notably for terrorism, human trafficking, migrant smuggling or drug and

firearm trafficking

177

In addition, forged documents are the gateway used by irregular migrants to enter and

move within

the EU. According to Frontex’s 2017 Annual Risk Analysis, smugglers

frequently provide migrants with fraudulent travel and identity documents. The agency

observes that both the quantity and quality of fraudulent documents circulating in the

EU have increased in recent years

178

. In fact, smugglers are supported by criminal

networks with access to expert counterfeiters who, financed by the strong demand,

have set-up print shops

179

Lack of statistics:

as observed in the 2017 study

180

, the analysis of fraud related to

long-stay and residence documents is particularly complex due to a lack of available

data on the problem. On the one hand, and as explained above, any statistic on

175

Frontex,

Risk

Analysis

for

2017,

page

23,

http://frontex.europa.eu/assets/Publications/Risk_Analysis/Annual_Risk_Analysis_2017.pdf

176 Europol funded the development of a handbook on the detection

of false application or “breeder” documents. It

contains samples and short descriptions of European ID documents and breeder documents. It is not used as much

as it should be according to the EC Communication on Action plan to strengthen the European response to travel

document fraud.

177

Communication from the Commission to the European Parliament and the Council on an “Action Plan To

Strengthen The European Response To Travel Document Fraud” of December 2016, COM(2016)790.

178

Ibid, p. 22.

179

Ibid.

180 Feasibility Study to include in a repository documents for Long-Stay visas, Residence and Local Border Traffic

Permits - Phase1: Analysis of Options, 2017.

111

kom (2018) 0302 - Ingen titel

detection of forgeries is bound to underestimate the actual size of the problem as the

successful fraudsters go undetected. On the other hand, there is a shortage of statistics

at EU level concerning this category of TCNs:



The data is kept at national level in MSs’ information systems;

Eurostat does not have statistics on long-stay visas and the statistics on residence

permits are limited;

Frontex data does not distinguish between residence permits and residence cards

and sometimes does not distinguish the fraud between Schengen (short-stay) and

long-stay visas. Similarly, frauds on the breeder documents are complex to quantify

as the data is kept at national level.

What are the objectives of the initiative?

General objectives

In line with the problem defined above, the study identified the following general

objectives, validated by the European Commission:

II.

III.

To improve security within the EU and at its borders;

To facilitate TCNs’ right to move and reside freely within the EU;

To improve the management of the Schengen external border.

Specific objectives

Two main specific objectives and two ancillary ones supplement the general objectives:

Figure 2: Policy objectives

Why an EU action?

To address the problem, MSs could act on an individual basis, by strengthening their

documents, their issuance process, document checks at border-crossing points or by

reinforcing or systematising bilateral cooperation.

However, this approach has inherent limitations:



Its benefits are automatically dependent on the number of MSs committed to

the initiative(s).

The more MSs that implement individual actions, the more secure

112

kom (2018) 0302 - Ingen titel

the EU territory. The action of all MSs would therefore achieve greater benefits

–

which EU action would necessarily entail, but which is unlikely without it

181

;



Part of the problem cannot be solved without the coordination of all MSs.

There is currently no way for one MS to know if other MSs possess relevant long-

stay information on a person without contacting each one of them. This process

would be overly cumbersome and lengthy, and is therefore infeasible;

Differences in MSs’ security levels may lead to weak points for the Schengen

Area.

For example, some MSs, on their own initiative, may continue to implement

policies towards harmonising long-stay documents by gradually phasing out

problematic ones and introducing improved security features based on international

standards. However, this approach would still result in a situation where the

security of documents would be inconsistent: documents from some MSs would

still be less secure than documents from others, therefore constituting a weakness

for the security of the Schengen Area as a whole;

Additional difficulties may arise from uncoordinated actions.

For example, the

different bilateral cooperation processes are likely to abide by different rules.

Systemising them would increase workload and possibilities for confusion for

border guards, thus increasing the possibility of mistakes.



Therefore,

Member States alone cannot adequately address the problem:

they can, at

best, partially address it. More than 90% of the MS consulted considered necessary an EU

legislative response to address the information gap.

What are the options to address the problem?

The study identifies five options, some of them including sub-options that could potentially

address the problem.

Table 2: Policy options

No action

Option 1:

No policy change / “do nothing”

Non legislative action

Option 2:

Improve the current exchange of information

and checks

2a Improve the exchange of bilateral information on a case-by-case basis

Improve the feeding and use of information in the SIS as regards alerts on withdrawn long-stay

2b and residence documents

182

(improve amount/quality of information fed into the system) (e.g.

whether a residence permit was stolen, invalidated, misappropriated or lost)

Promote the use of security features for documents containing a chip: Passive Authentication

and Extended Access Control)

Legislative action

Option 3:

Further harmonise and secure long-stay visas and residence documents (e.g. security

features)

Option 4:

Create an interconnection between national databases that would allow all MSs to query

181 As mentioned in footnote 23, the United Kingdom, Ireland and Denmark would not be bound by EU action in the

area of freedom, security and justice.

182 Council Decision 2007/533/JHA, article 38.2(e)

113

kom (2018) 0302 - Ingen titel

each other’s

relevant national databases

Option 5:

Extend the scope of the VIS to include long-stay visas and residence documents

Store data on issued documents (including biographical data provided for in the document) and

the document’s history (withdrawn, renewed,

etc.)

Also store data on all applications (e.g. the fact that an application has been lodged, when,

where, by which MS, for what type of document, main reason for refusal if refused, etc.);

Findings and conclusions of the study

Impact on fundamental rights

The study assesses the impacts on fundamental rights of the

options and sub-options that

meet the two main policy objectives.

Therefore, the

analysis focuses on options 4, 5.a

and 5.b.

Necessity

The table below summarises the assessment,

on a scale of “----” (strong negative impact)

to “++++” (strong positive impact).

Table 3: Analysis of impacts on fundamental rights

Policy options

Option

decentralised

database

Article 2

Article 7

Article 8

Article 45(2)

(if residence

cards are

included)

0 (if they are

not)

Option 5: Include

long-stay documents

in the VIS

Sub-option a): store

data

issued

documents

(if residence

cards are

included)

0 (if they are

not)

Sub-option b): store

data on all applications

---

(if residence

cards are

included)

0 (if they are

not)

114

kom (2018) 0302 - Ingen titel

As shown above, options 4, 5.a and 5.b have negative impacts on the right to privacy and

the right to data protection. The rights to privacy, to personal data protection and to

freedom of movement are not absolute and may be limited, provided the limitations are:



Provided for by law;

Respect the essence of the rights;

Meet objectives of general interest or the need to protect the rights and freedom of

others;

Necessary;

Proportionate

183

All options would meet the three general objectives, but to a different extent, as

summarised by the table below.

Table 4: Effectiveness in meeting the objectives

Objective

Option

General

objectiv

e I:

security

General

objective II:

freedom of

movement

+ (if residence

cards are

included)

0 (if they are

not)

(if residence

cards are

included)

0 (if they are

not)

(if residence

cards are

included)

0 (if they are

not)

(if residence

cards are

included)

0 (if they are

not)

General

objective

III:

manageme

nt of

border

Specific

objective

strengthe

n checks

Specific objective

2: information-

exchange

3: further

harmonise

and secure

decentralise

d database

5.a: store

data on

issued

documents

5.b: store

data on all

applications

183

EDPS (April 2017) “Assessing the necessity of measures that limit the fundamental right to the protection of

personal data: A Toolkit”, page 4

115

kom (2018) 0302 - Ingen titel

The policy objectives to be achieved cannot be addressed by less intrusive measures than

option 5.b. Other less intrusive measures were considered but they do not reach the

objectives at all or only partially. The more intrusive measure, option 5.b, is therefore

considered as necessary.

Proportionality

The limitations to fundamental rights brought about by option 5.b are proportionate to the

desired aim, as demonstrated below.

The limitation would bring about significant advantages:

limiting the rights would

enable the general and specific objectives to be met.

It would also entail some

disadvantages as it would negatively affect the right to data protection:

option 5.b

entails collecting, storing and accessing 17 data items related to issued long-stay

documents issued and applications. It relies on the VIS, a central database, for storage.

This limited data set would be collected, on about 22 million people

184

(including residence

cards).

However, this limitation on the right to data protection is minor and strictly limited

to what is necessary

to achieve the objectives. The data set does not encompass the

special categories of data that are considered particularly sensitive, and contains little data

that would yield information on a person’s

private life. The “reason for the negative

decision” might, if left as a free text field, represent a risk to privacy or reveal personal

sensitive data (e.g. health data) on rare occasions. The use of a drop-down menu, tick

boxes or another technical feature in the form could prevent this. This limited data set

would be collected, at most, on about 22 million people

185

(including residence cards).

Only personal data that is adequate and relevant for the purposes of the processing would

be collected and processed

186

. This data set does not go beyond what a border guard

currently sees when examining a long-term visa, residence card or permit presented at the

border.

Thus, the limitation is justified as the

advantages outweigh the disadvantages

caused

with respect to the exercise of fundamental rights;

it is proportionate

to the desired

objectives as it reaches a fair balance between them and the fundamental rights at stake (in

this case data protection).

Comparison of options: coherence, effectiveness and cost-benefit

For each of the options and sub-options, the study analysed the following criteria (in

addition to impact on fundamental rights, necessity and proportionality):



Coherence:

is the option coherent with the overarching objectives of EU policies?

All options except option

1 (“do nothing”) are coherent with the overarching

objectives of EU policies.

184 Amount of residence

cards for ≈1

million people.

185

Amount of residence cards for ≈1

million people.

186 Biographical and document data would be used to compare with the data of the presented document and to detect

forged, counterfeited and stolen blank documents. Decision data would be used by migration authorities to inform

their decisions during the application process. Data generated by the repository would be used to structure the

database.

116

kom (2018) 0302 - Ingen titel



Effectiveness:

does the option meet the objectives?

Sub-option 5.b is the only option that fully addresses the second objective, as

storing data on documents and applications would offer migration authorities a

complete picture on the situation of the TCN applying for a new document.



Efficiency:

do the benefits of the option outweigh its costs?

Efficiency was analysed for the options and sub-options that meet the two main

policy objectives (4, 5.a and 5.b).

Option 4

–

creating a decentralised database among all MSs with different data sets,

technical standards and access rights (due to the variable geometry of the topic of

legal migration)

–

is likely to be

very expensive and time-consuming to

implement

and pose major difficulties deriving from the different governance,

legal basis and technical solutions used across national systems. Option 5 (either

sub-option) offers significant advantages and a much better cost-benefit.

The table below summarises the assessment of each option against the criteria.

Table 5: Comparison of policy options

Coherence Effectiveness Efficiency

1 No change

Improve existing: bi-lateral exchange of

2a information

Improve existing: use of the SIS

Improve existing: use of the electronic

2c document authentication

3 Further document harmonization

187

4 Distributed database

Extend the VIS with documents data

+++

Extend the VIS with documents and

+++

188

5b application data

Best-scoring option

Option 5b “Extend the scope of the VIS to include long-stay

visas and residence

documents

–

Store also data on all

applications” is the preferred option for the following

reasons:



Necessity:

There is no equally effective but less intrusive measure available: thus, the

measure is necessary;

Option

187 The option scored positively for efficiency at securing the borders in term of efficiency based on the assessment

included in the IA of the DG JUST proposal. However, the benefits cover only one of the two objectives in scope

for this legislative initiative. As explained through the study and in particular in section 3.2, this option will not

help MS cooperation, nor the exchange of information to strengthen the issuance process.

188 Not the full application data, but only whether a person has applied for a document and what was the outcome.

117

kom (2018) 0302 - Ingen titel



Proportionality:

The measure’s impact on fundamental rights, including data

protection and privacy, is limited while it brings significant advantages: the measure is

proportionate;

Coherence, effectiveness and efficiency:

The measure meets the criteria more than

any other alternative. In particular, option 5 would allow

triangular verification

(person->document->system), which has proven to be a successful approach for the

efficient tackling of unlawful use of documents through the correct assessment of (i)

their validity and authenticity and of (ii) the identity of the holder. It provides a higher

level of security than just reinforcing the documents, as not only would work even

when the chip cannot be read or verified, but it would also strengthen the application

process. The system could be consulted easily at the border by scanning the passport,

thus simplifying the process at the border.

Should the collection of fingerprints be harmonised across MS for all documents, these

could be stored centrally further strengthening the EU against identity frauds, just like

what is done for short stay travellers whose biometrics are collected in the EES and

VIS. Finally, a central system setup would be able to leverage on the tools introduced

with the recent interoperability legislative proposal and benefit in terms of efficient use

of the information available.



Overall, this option would have a positive societal impact both on EU citizens who would

benefit of the additional security of the Schengen Area, and on TCNs who would benefit of

a potentially faster border crossing. .

The way forward/what are the next steps

This study is a

first step

towards the possible future adoption and implementation of the

measure. The European Commission will present an

impact assessment building

on the

work carried out during the study.

The

final option, sub-option, design and set-up to be retained depend on political and

policy decisions.

Based on these decisions, the European Commission is expected to

present legislative amendments to the VIS.

118

kom (2018) 0302 - Ingen titel

NNEX

10: C

ONSIDERATIONS ON THE

SE OF

IOMETRIC

ATA

(

TOPIC

When coupled with biometric information, border checks are even more secure. Indeed,

the

triangular verification

(person->document->system) supported by biometrics has

proven to be a successful approach for the efficient tackling of unlawful use of documents

through the correct assessment of their

validity

and

authenticity

and of the

identity

of the

holder.

Falsification techniques evolve very quickly and criminal networks are increasingly

specialised, developing new forms of forgery (manipulation of anti-forgery devices and

techniques to circumvent biometric checks). As imposter fraud and fraudulent acquisition

of authentic documents are increasing and counterfeiting slightly decreasing, the triangular

verification is a better-equipped technique to deal with the new trends in document fraud.

As observed by Frontex

189

, “the

roll-out of the VIS and the obligation as of October 2014

for border-control authorities to check the fingerprints of all relevant visa holders are

likely to reduce the number of Schengen visa

impostors in the future and (…) increase the

likelihood of frauds of other types of travel documents”.

Figure 1: Triangular verification

Lastly, the inclusion of biometric data in the VIS could allow for the

identification of

undocumented TCNs,

in cases in which they entered the Schengen Area via a long-stay

or residence document before overstaying.

It is, however, important to note some shortcomings in terms of biometric data available

for long-stay and residence documents. These documents are nationally issued, as opposed

to short-stay

“Schengen” visas, with issuance process has been fully harmonised at EU

level. Although the regulations on the harmonisation of long-stay visas and residence

permits set a minimum biometric data to be collected, the situation very much differs from

one Member State to another. In fact, not all Member States collect and store biometrics

and even when they do, a different number of fingerprints is collected with different

quality criteria. This means that to enable such a use-case, the way the documents are

issued would have to be harmonised to include the requirements of capturing and storing

biometric identifiers according to common standards.

189 Annual Risk Analysis 2015

119

kom (2018) 0302 - Ingen titel

Nevertheless, knowing MS collect biometric data for long-stay visas and residence permits

(as laid down by the harmonised formats of these documents) and considering the technical

capabilities for the proposed Share BMS, it would be

technically feasible to work with

the limited set of biometric data

as currently contained in the documents (only with facial

image for instance). The limitations observed are based on data protection considerations.

In light of the technical feasibility, of the potential benefits stemming from the use of

biometrics to fight frauds and to establish a person centric storage of information, the

inclusion of biometrics could be considered after a period of assessment

120

kom (2018) 0302 - Ingen titel

NNEX

11: A

VAILABLE POLICY OPTIONS OVERVIEW

(

PREFERRED OPTION IN

BOLD

)

Copy of the travel document

Option 1.0

Option 1.1

Status quo

Include a digital copy of the travel document in the central VIS

(centralised)

Option 1.2

Sub-option A

Sub-option B

Fingerprinting of minors

Option 2.0

Option 2.1

Option 2.2

Status quo

Lowering the fingerprinting age to 6 years

Lowering the fingerprinting age including all ages

Include a digital copy of the travel document in national visa systems

(decentralised)

Storage of biographical page only

Storage of all used

pages of the applicant’s travel document

Long-stay visas and residence documents

Option 3.0

Option 3.1.a

Non-legislative

Option 3.1.b

Status quo

Improve the exchange of bilateral information on a case-by-case basis.

Improve the feeding and use of information in the SIS as regards alerts on

withdrawn long-stay and residence documents

Promote the use of security features for the documents containing a chip:

Passive Authentication and Extended Access Control

Further harmonise and secure long-stay and residence documents

Create an interconnection between national databases that would allow all

MSs to query each other’s relevant national databases

Integration in the VIS

–

without data on rejected applications

Integration in the VIS

–

with data on rejected applications

Option 3.1.c

Option 3.2

Legislative

Option 3.3

Option 3.4.A

Option 3.4.B

Migration and security checks

Option 4.0

Option 4.1

Option 4.2

Status quo

Systematic and automated check against available databases (ETIAS model)

Automated cross-checks + screening rules

121