The Schengen Information System (SIS)
The Schengen Information System (SIS) is a large-scale information system that supports external border control and law enforcement cooperation in the Schengen States. The SIS enables competent authorities, such as police and border guards, to enter and consult alerts on certain categories of wanted or missing persons and objects.
A new version of the Schengen Information System started operating on 7 March 2023.The SIS legal framework consists primarily of three EU Regulations (see links below).
Architecture of SIS
The SIS consists of a central system (“Central SIS”), a national system (the "N.SIS") in each Member State and of a communication infrastructure that links the central system to the national systems.
While the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA) is responsible for the operational management of the central Schengen Information System and the communication infrastructure that links the central system to the national systems, each Member State is responsible for the development, operation and maintenance of its own national system.
Each Member State has to designate a national authority which shall have central responsibility for its national system. This authority is responsible for the smooth operation and security of its national system and has to ensure the access of the competent authorities to SIS. Moreover, the national authority has to ensure compliance with the provisions of the SIS Regulation. In Austria, the national SIS authority is the Federal Ministry of the Interior.
Each Member State has to designate a SIRENE Bureau. Supplementary information relating to SIS alerts are exchanged in accordance with the provisions of the “SIRENE Manual” and by using the communication infrastructure.
Use of SIS Data
Authorities responsible for border control and other police and customs checks within the Member State concerned can access alerts. However, users are only able to access data that are required for the performance of their tasks.
Before issuing an alert, Member States have to determine whether the case is relevant enough to warrant the entry of the alert in SIS. These alerts are only kept for the time required to achieve the purposes for which they were entered. A Member State issuing an alert has to review the need to keep it within three years of its entry in SIS.
A Member State issuing an alert is responsible for ensuring that the data are accurate, up-to-date and lawfully entered into SIS. Only the Member State issuing an alert is authorised to modify, add to, correct, update or delete data that it has entered. If a Member State other than that issuing an alert obtains evidence suggesting that an item of data is incorrect, it has to inform the Member State that issued the alert as soon as possible. The Member State that issued the alert has to check the communication and, if necessary, correct or delete the data in question without delay.
The Austrian Data Protection Authority as national supervisory authority of Austria monitors independently the lawfulness of the processing of personal data in the N.SIS. It ensures that an audit of the data processing operations in the N.SIS is carried out at least every four years.
The European Data Protection Supervisor is responsible for monitoring the processing of personal data by eu-LISA and for ensuring that it is carried out in accordance with the Regulations. Furthermore, the EDPS carries out an audit of the processing of personal data by eu-LISA in accordance with international auditing standards at least every four years. A report of such audit is sent to the European Parliament, the Council, eu-LISA, the Commission and the National Supervisory Authorities.
The National Supervisory Authorities and the European Data Protection Supervisor cooperate actively in the SIS SCG. They exchange relevant information, support each other, and meet each other at least twice a year.
Data subjects’ rights regarding SIS data
- Regulation (EU) 2018/1860 of the European Parliament and of the Council of 28 November 2018 on the use of the Schengen Information System for the return of illegally staying third-country nationals
- Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006
- Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU