The Visa Information System (VIS)
The Visa Information System (VIS) is a system for the exchange of visa data between the Member States of the European Union and associated countries. The purpose of VIS is to improve the European visa policy, consular cooperation and consultations between the central visa authorities. Furthermore, the VIS shall ease the visa application procedure, simplify checks at external border crossing points, avoid visa shopping and facilitate the fight against fraud.
The legal basis for VIS is Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation).
Architecture of VIS
The VIS consists of a central Visa Information System (CS-VS), a national system (N-VIS) in each Member State and of a communication infrastructure that links the central Visa Information System to the national systems.
While the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA) is responsible for the operational management of the central Visa Information System and the communication infrastructure that links the central system to the national systems, each Member State is responsible for the development, operation and maintenance of its own national system.
Each Member State has to designate a national authority which is responsible to connect the national system to the Visa Information System and for the proper functioning and security of the national system. In Austria the national VIS authority is the Federal Ministry of the Interior.
Use of VIS Data
Each Member State shall ensure that the data are processed lawfully, and in particular that only duly authorised staff has access to data processed in the VIS for the performance of their tasks.
The data are entered into the VIS by the competent visa authorities of the Member States. When an application is found admissible as set out in the Visa Code, the visa authority creates the application file which is based on the application form. The application file includes for instance the name, date and place of birth, information regarding the intended stay, a photo and the fingerprints of the applicant. When a visa is issued, the visa authority adds additional data such as the type of the issued visa, the territory to which the visa holder is allowed to travel or the validity of the visa. Even when a visa is refused, annulled or revoked or even extended or where the visa authority representing another Member State is forced to discontinue the examination of the application, the application file is supplemented by additional data.
The competent visa authority may consult the VIS for the purpose of examining applications and decisions to issue, refuse, extend, annul or revoke a visa, or to shorten a visa’s validity period. Furthermore, authorities responsible for carrying out checks at external borders and within the national territories may search the VIS for the purpose of verifying the identity of the person and/or the authenticity of the visa and/or whether the person meets the requirements for entering, staying in or residing within the national territories. In addition, asylum authorities also have access to search the VIS for determining the Member State responsible for the examination of an asylum application and to examine an application for asylum.
The Datenschutzbehörde as national supervisory authority of Austria monitors the lawfulness of the processing of personal data in Austria in the N.VIS. It ensures that an audit of the data processing operations in the N.VIS is carried out at least every four years.
The European Data Protection Supervisor checks that the personal data processing activities of the Management Authority are carried out in accordance with the VIS-Regulation. Furthermore, he ensures that an audit of the Management Authority's personal data processing activities is carried out at least every four years. A report of such audit is sent to the European Parliament, the Council, the Management Authority, the Commission and the National Supervisory Authorities.
The National Supervisory Authorities and the European Data Protection Supervisor cooperate actively in the VIS SCG. They exchange relevant information, support each other, and meet each other at least twice a year.