The Schengen Information System (SIS)
The Schengen Information System (SIS) is a large-scale information system that supports external border control and law enforcement cooperation in the Schengen States. The SIS enables competent authorities, such as police and border guards, to enter and consult alerts on certain categories of wanted or missing persons and objects.
The legal basis for SIS is Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second generation Schengen Information System (SIS II).
Architecture of SIS
The SIS consists of a central system (“Central SIS II”), a national system (the "N.SIS II") in each Member State and of a communication infrastructure that links the central system to the national systems.
While the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA) is responsible for the operational management of the central Schengen Information System and the communication infrastructure that links the central system to the national systems, each Member State is responsible for the development, operation and maintenance of its own national system.
Each Member State has to designate a national authority which shall have central responsibility for its national system. This authority is responsible for the smooth operation and security of its national system and has to ensure the access of the competent authorities to SIS II. Moreover, the national authority has to ensure compliance with the provisions of the SIS Regulation. In Austria, the national SIS authority is the Federal Ministry of the Interior.
Each Member State has to designate a SIRENE Bureau. Supplementary information relating to SIS II alerts are exchanged in accordance with the provisions of the “SIRENE Manual” and by using the communication infrastructure.
Use of SIS Data
Authorities responsible for border control and other police and customs checks within the Member State concerned can access alerts. However, users are only able to access data that are required for the performance of their tasks.
Before issuing an alert, Member States have to determine whether the case is relevant enough to warrant the entry of the alert in SIS II. These alerts are only kept for the time required to achieve the purposes for which they were entered. A Member State issuing an alert has to review the need to keep it within three years of its entry in SIS II.
A Member State issuing an alert is responsible for ensuring that the data are accurate, up-to-date and lawfully entered into SIS II. Only the Member State issuing an alert is authorised to modify, add to, correct, update or delete data that it has entered. If a Member State other than that issuing an alert obtains evidence suggesting that an item of data is incorrect, it has to inform the Member State that issued the alert as soon as possible. The Member State that issued the alert has to check the communication and, if necessary, correct or delete the data in question without delay.
The Austrian Data Protection Authority as national supervisory authority of Austria monitors independently the lawfulness of the processing of personal data in the N.SIS. It ensures that an audit of the data processing operations in the N.SIS is carried out at least every four years.
The European Data Protection Supervisor checks that the personal data processing activities of the Management Authority are carried out in accordance with the VIS-Regulation. Furthermore, he ensures that an audit of the Management Authority's personal data processing activities is carried out at least every four years. A report of such audit is sent to the European Parliament, the Council, the Management Authority, the Commission and the National Supervisory Authorities.
The National Supervisory Authorities and the European Data Protection Supervisor cooperate actively in the SIS II SCG. They exchange relevant information, support each other, and meet each other at least twice a year.