WHITE PAPER A EUROPEAN APPROACH TO BORDER MANAGEMENT

November 2009 Version 1.0 Border Control Working Group - BORDER MANAGEMENT subWG

Table of Contents
Executive Summary ............................................................................................ 3 Introduction........................................................................................................ 4 Gaps and Needs .................................................................................................. 5 Proposals for a Change: EOS recommendations .................................................. 9
Recommendation 1 Create a public-private EU Border Checks Task Force to examine ways and means to develop a harmonised approach to EU border checks and prepare the introduction of a one-stop integrated border control concept ................ 9 Recommendation 2 Create an EU funded Programme to design, develop and implement an Integrated Management system for regulated Borders, leveraging on the suggestions of the EU Border Checks Task Force .............................................. 10 Recommendation 3 Design & Development of a EU architecture for Border checks, consisting of EU Reference Solutions and Building Blocks .......................................... 11 Recommendation 4 Support the interoperability and the standardisation of border management tools and processes in order to foster the efficiency of the process of information sharing between MS................................................................................ 12 Recommendation 5 Support progressive implementation of EU Integrated Border Management activities and of an EU architecture for Border checks with components of EU Reference Solutions .......................................................................................... 12

Roadmap .......................................................................................................... 113 About EOS 15

EOS competence ................................................................................................. 17 ANNEX Annex Annex Annex Annex I - Background 19 II - Current Tools for Border Checks in the European Union 19 III Main EU legislative measures............................................................. 25 IV Border crossing points and border crossing .......................................... 26

EOS White Paper on Border Management Version 1.0 November 2009

Page | 2

Executive Summary
The free movement of people and goods across European internal borders is one of the greatest achievements of European integration. While Member States remain responsible for controlling their own borders, an European policy for Integrated Border Management is critical to harmonize the diverse legislation corpus, operational approach and technical capabilities. Since the Schengen Treaty (1985) several large scale programmes have paved the way towards the creation of an integrated approach for the management of the EU Borders, for instance, Schengen Information System (SIS) I and II, and the Visa Information System (VIS). Although national sovereignty is a critical consideration there remain opportunities to increase the number of common initiatives, as proposed in the EC communications (February 2008) for the next steps in border management in the European Union. The integrated management of EU Borders will increasingly rely upon the exchange of information (both for checks and surveillance) with increasing needs for coordination and interoperability between national systems and networks, possibly leveraging common information system architectures and procedures. Similar large scale IT systems have been deployed, overcoming significant political and technical hurdles, in other non-EU countries (e.g. US). However, in the complex EU scenario, implementation issues may be even larger given the variety of cultural and legal differences as well as the non-trivial technical and operational constraints linked to the existence of different legacy systems and networks. In addition, the matter of sovereignty and local points of intense operational activity, provide constraints that need to be overcome to achieve any successful integrated approach. A one-stop border control system should aim to improve interoperability between Member States and allow them to seamlessly share information, whilst at the same time provide the flexibility to allow border agencies to apply local rules and deploy resources to tackle their own priorities as well as EU-wide issues. In order to improve the security of border management in Europe and facilitate the legitimate free movement of people and goods, EOS recommends: 1 The creation of a public-private EU Border Checks Task Force to examine ways and means to develop a harmonised approach to EU border checks and prepare the introduction of a one-stop integrated border control concept 2 The creation of an EU funded Programme to design, develop and implement an Integrated Management system for regulated Borders, leveraging on the suggestions of the EU Border Checks Task Force 3 To support the design & development of an EU architecture for Border checks, consisting of EU Reference Solutions and Building Blocks 4 To enhance the interoperability and the standardisation of border management tools and processes in order to foster the efficiency of the process of information sharing between MS 5 To support progressive implementation of EU Integrated Border Management activities and of an EU architecture for Border checks with EU Reference Solutions

EOS White Paper on Border Management Version 1.0 November 2009

Page | 3

Introduction
Passenger flows at the external borders of the EU have been steadily growing, a trend likely to continue for the foreseeable future, and combined with the increasing mobility of EU citizens this is presenting enormous challenges for Members States (MS). Despite the vast majority of citizens being granted entry in compliance with existing rules, a significant element of the illegal immigration problem is due to overstayers exceeding their visit time limit. Europe is, and will continue to be, the worlds most important tourist destination1. Every year around 300 million citizens cross the EUs external border: 160 million are EU c itizens, 60 million are third country nationals (TCN) who did not require visas and the remaining 80 million are third country nationals who did . The passenger flows at the external borders of the EU have been growing and will continue to increase in the future. To appreciate the overall yearly movement across EU27 external borders, data3 from Member States show that there were 878 million in 2006. This will challenge every MS in their objective of facilitating legitimate travel and trade while protecting their economies and societies against the threat of organised crime, illegal immigration and terrorism. The largest number of EU crossings occur at airports, with land borders being the next most recurrent. The EU currently has 1792 external borders points, of which 665 are air based (major airports), 871 sea borders and only 246 are land borders. While borders need to remain open for trade, the movement of people and regional cooperation need to be effectively closed to unlawful activities. This means that the design of integrated border management solutions is critical when it comes to harmonizing the diverse legislation corpus, operational approach, financial solidarity and technical capabilities across the MS. To cope with these issues, the Council adopted in June 2002 a plan for the management of the EU external borders, a holistic approach for the integrated management of external borders (see also Annex III). The implementation of this European Integrated Border Management Strategy consists of the following dimensions (according to the definition given by the EC): Border Control (checks and surveillance) as defined in the Schengen Borders Code, including risk analysis and crime intelligence Detection and investigation of cross border crime Four-tier access control model (measures in third countries; cooperation with neighbouring countries; border control; control measures within area of free movement, including return) Inter-agency co-operation for border management (border guards, customs, police, national security, etc.) and international cooperation
2

World Tourist Organisation (WTO): Vision 2020 Volume 4 pag.48. 'Tourism' also includes travelling for the purposes of improving one's professional qualifications and health. 2 The figure was calculate by adding the number of trips of EU residents outside EU27 with the number of Third Country Nationals travelling to EU27 3 Member States do not record such movements in a coherent manner, so the rates are based on estimations or samples.

EOS White Paper on Border Management Version 1.0 November 2009

Page | 4

The challenge is to strike an appropriate balance between the free movement of travel and trade within Europe and the state-of-the-art border control & management systems to efficiently combat illegal migration, organised crime and terrorism with modern approaches. Border Control is defined as the activity carried out at a border, in accordance with and for the purposed of the Schengen Borders Code, in response exclusively to an intention to cross or the act of crossing that border, regardless of any other consideration, consisting of border checks and border surveillance. It is hence composed of two major axes: Integrated Management of the EU external borders (checks) 4 Registered Traveller scheme Electronic System of Travel Authorisation Entry/Exit system for third country nationals

Integrated European Surveillance System

The EC took the first steps towards a new border management strategy in February 2008, with the plan for setting up an Entry-Exit System (EES) and a Registered Travellers Programme (RTP) at the EUs external borders. An additional major milestone has been recently been achieved with the setting up of a dedicated Regulatory Agency responsible for the long term operational management of the large scale IT systems proposed by the Commission 5 (June 2009). Border Management consists of the verification of people, vehicles and goods at regulated land or maritime check points to determine if their movement is authorised 6. This involves identity checks and searches against various databases of known individuals that should be apprehended or denied entry to the territory along with advanced analytical techniques to identify those high risk people, goods and vehicles. The value and importance of comprehensive EU border instruments and programmes are in principal established however the relevant political, legal, technical and operational steps that need to be taken to better face the challenges posed by globalisation, evolving security threats and mobility require further effort.

Gaps and Needs

The free movement of people and goods across European internal borders is one of the greatest achievements of European integration. While Member States remain responsible for controlling their own borders, an European policy for Integrated Border Management is critical to harmonize

As defined in the EC Communications Preparing the next steps in border management in the European Union, COM(2008) 69 of February 2008. 5 The core mission of the Agency would be to fulfill the operational management tasks for Schengen Information Systems II (SIS II), Visa Information System (VIS) and EURODAC, keeping the systems functioning in a 24*7*365 basis; The Agency will also be responsible to adopting the necessary security measures, reporting, statistics, training, research activities and, upon EC request, the implementation of the monitoring of pilot schemes 6 New tools for an integrated European Border Management Strategy, MEMO 08/05; Preparing the next steps in border management in the European Union, COM(2008) 69 final

EOS White Paper on Border Management Version 1.0 November 2009

Page | 5

the diverse legislation corpus, operational approach and technical capabilities, and needs a strong integrated EU border strategy. According to the Communication of 13 February 20087, the Commission acknowledges a series of shortcomings: The data contained in travel documents are transmitted, at the request of the Member State of destination, as required by a Directive of 29 April 2004 on the obligation of carriers to transmit passenger data but cannot be used to prevent a person from arriving at the border crossing point of that State; The EU's all-or-nothing consular approach to visas means that either all nationals of a NonEU Member Country are subject to the visa requirement or they are not. Those who are not are not subject to any checks before they arrive at the destination Member State; With the exception of Non-EU Member Country nationals covered by the Local Border Traffic Regulation, Community law does not allow for simplifying checks for frequent travellers to the Schengen area, notably those holding multiple-entry visas; Since the dates of movement of Non-EU Member Country nationals across the external borders are not recorded, there is no way of systematically detecting overstayers; Given some practical difficulties such as illegible stamps on travel documents, it is unsure whether border authorities could determine an individual's length of stay. Moreover, there are no means for Member States to share any data that may be collected.

The above issues are the reason why the Commission has highlighted the need to develop a new Integrated Border Management strategy with key programmes such as the Registered Traveller Programme, Automated Gates, an Entry/Exit System and the Electronic System of Travel Authorisation (ESTA). Any improvements should be organized around two levels: a) Operational and Technical Challenges; b) Political Challenges.

Operational and Technical Challenges

Issues for the implementation of existing measures (SIS, VIS II) The VIS and SIS II systems are not yet fully operational. Their successful implementation is needed to provide the foundations for the deployment of an entry / exit system and to comprehensively assess relevant operability and reliability issues. The information on how these systems will be integrated and how they interact within the existing framework may still be regarded as an open issue. Up to now, the systems have been developed

COM (2008) 69 final: Preparing the next steps in border management in the European Union

EOS White Paper on Border Management Version 1.0 November 2009

Page | 6

independently to each other; therefore it has been difficult to fully exploit potential synergies, resulting in higher costs and lower efficiencies. Additional measures and functionally may be required to determine whether an Entry-Exit System (in conjunction with other proposed IT systems) would lead to a reduction in illegal immigration. At the moment, no relevant information is recorded electronically for entry / exit events at border crossing across MS. This leads to difficulties in automatically determining whether a Third Country National (TCN) has the right to remain in the Schengen area. This inconsistency is likely to affect overall border control performance. The current border checks still largely involve manual processes and as such, are not providing satisfactory solutions to deal with ongoing traffic growth and the changing and complex security environment. The passport approach lacks homogeneity: EU citizens are being migrated to ICAO compliant electronic passports, in contrast with many TCN travellers. Neither is there consistency regarding the current biometric data that is held on EU citizens passports and across TCNs, which leads to contradictions and vulnerabilities in terms of facilitating border crossings due to the different verification practices that need to be applied to deal with the different categories of travellers. Biometrics, Background Checks and Intelligence Biometric technologies offer a mean of identifying individuals. A relatively simple application in border management is to check that the person using a passport or visa to enter the country is the same person it was issued to. This is useful to robustly enforce immigration rules and to guard against low-level identity or document fraud. Moreover, biometrics is used in several EU programs related to the flux of persons entering the Schengen Space such as VIS/BMS, EURODAC but also the future Entry/Exit program related to regular visa holders that overstay in the Schengen space after expiration of their visa. One of the potential difficulties that should be overcome is related to the use biometric records shared between Member States accompanied by decoding biometric templates that are held in an encrypted form on passport chips and databases, and with sharing and managing the necessary cryptographic keys. A step further in this area is to be able to perform more comprehensive checks to understand who is the person attempting to cross the border and what risks might they pose on entry to the country. This requires automated risk analysis based on a wide range of information sources including immigration, crime and intelligence records. This is related to some deeper Background Checks and Intelligence that needs deeper EU cooperation between the MS authorities in charge of the information gathering. The key challenges are: Agreeing on the technical standards for the use of biometrics in the context of border control the use of for instance, fingerprints, facial and iris to enable inter-operability of biometric data across Member States, providing sufficient recognition probability and minimum false alarm rate for an individual.

EOS White Paper on Border Management Version 1.0 November 2009

Page | 7

Interoperability of encrypted biometrics data and public key sharing and handling in the 27 MS. Building common procedures and rules of biometric checks in the different MS and agreeing on sharing of biometrics data. Different level of privacy issues sensitiveness related to the creation, the handling and of the destruction concerning of biometrics data in different MS.

Political and Legal Challenges

Data Privacy, Protection and Management Issues Modern effective border management inevitably involves the collection of large amounts of personal data on travellers. This is to help manage the immigration and asylum systems and to prevent crime by identifying criminal suspects or fugitives. This is probably the most controversial aspect of border management as any large official database raises popular concerns about the socalled Big Brother state and the misuse of official data. This concern has led to the evolution of a comprehensive range of data protection legislations at national and EU level, governing the collection, storage and sharing of personal data held by governments and commercial organizations. In general these laws ensure data is: a) only gathered by governments when justified by public policy; b) only stored for as long as is necessary before being destroyed; c) is not shared more widely than strictly necessary. These laws have not eliminated public concern about state databases. This concern probably reflects a general mistrust of governments a mistrust which varies in strength around the EU, as a result of Member States recent history and culture. This mistrust means the development of data handling systems must include clear and transparent safeguards for personal data.

Governance and Administrative Issues Challenges driven by technology should be progressively addressed by MS, which should reinforce their coordination efforts between public administrations. Today, political constraints to an integrated solution remain high due to their sovereignty considerations Current checks procedures and policies remain inconsistent between Members States and some local issues (activities in Dover, UKs Channel tunnel or Canary Islands) require unique methods to tackle their issues. Political constraints to an integrated solution due to the sovereignty considerations of Member States. Over a number of years, a fragmented landscape of systems and processes has been developed. Policies and checks can vary between Member States. Local issues such as activity around Dover and the channel tunnel in the UK and activity in the Canary Islands, Spain require unique methods to tackle these issues.
EOS White Paper on Border Management Version 1.0 November 2009

Page | 8

An one-stop integrated border control solution would need to find the right balance between greater interoperability, seamless intelligence sharing between MS, and the flexibility required to allow border agencies to apply the right profiles and deploy the resources to respond effectively to local priorities as well as EU-wide issues.

Proposals for a Change: EOS recommendations

The EUs policies are being continuously developed and strengthened to better respond to the new threats and trends and to take advantage of new technologies to provide Europe with the tools to bring its border management into the 21st century. We believe that the improved management of passengers, vehicles and goods movements should take full advantage of a rapidly evolving technology landscape. In this context, we welcome the creation of the new dedicated Agency to deliver and operate the large scale IT systems within DG JLS, since common management will bring relevant synergies and economies of scale to the current systems. We believe that by integrating and complementing the various activities supported in the past and currently being supported at the EU and national level that the proposals will fully benefit from important ongoing work and the successful deployment of new applications and services that have emerged. In support of the EU-wide border management policy objectives we propose the following recommendations to foster Integrated Border checks across the EU.

Recommendation 1 Create a public-private EU Border Checks Task Force to examine ways and means to develop a harmonised approach to EU border checks and prepare the introduction of a one-stop integrated border control concept

Create a publicprivate EU Border Checks Task Force, to examine ways and means for the introduction of a one-stop integrated border control concept as a fundamental step to achieving the envisaged one-stop Entry / Exit system, the Registered Traveller Programme etc. This advisory group, should provide support to the European Commission (DG JLS, FRONTEX, etc.) and concerned Member States Administrations with the following actions: 1.1 development an EU-wide integrated vision, (encompassing all issues linked to the checks and controls carried out to people and goods), coordinating the existing and envisaged networks and systems in a clear and strategic scenario; proposal of architectures and envisage solutions (composed of building blocks based on innovative technologies) to satisfy, within the limit of legal environments and a common technical frame, regulatory requirements for the control of people and

1.2

EOS White Paper on Border Management Version 1.0 November 2009

Page | 9

goods, removing unnecessary barriers to their mobility; re-using existing infrastructure and capability where possible; 1.3 analysis of available and future technologies (e.g. advanced identification such as biometric technologies, passport swipes and image recognition for People; Automatic Number Plate Recognition (ANPR) for Vehicles; RFID for goods) to strengthen ID authentication processes and secure data handling etc. for the creation of harmonised and interoperable systems, always in the strict respect of MSs sovereignty; promotion of greater cooperation between Member States by enabling seamless intelligence sharing through interoperable systems and supported by the harmonisation of rules applied to border checks, while maintaining appropriate data protection and privacy.

1.4

EOS, via its Members, would act as the advisory on industrial issues to this Task Force , for further discussion regarding the development of systems which, in time, will form the backbone for implementing critical European border policy objectives, helping defining the best solutions industrially feasible and cost effective with respect to the agreed requirements.

Recommendation 2 Create an EU funded Programme to design, develop and implement an Integrated Management system for regulated Borders, leveraging on the suggestions of the EU Border Checks Task Force
Whilst acknowledging and supporting the development of programmes already established 8 to facilitate the move to an integrated border management, EOS suggests an alliance of all relevant parties (EC, EP, MS, and Industry) to foster develop and implement an architecture enabling a pan European Border Checks roadmap leading to an effective Integrated Boarder Management system. A central theme of the Programme should be to foster the notion of automation for all border clearance. The Integrated Management of EU Borders will increasingly rely on the exchange of information (both for checks and surveillance), thus requiring solutions for the increasing needs for coordination and interoperability between national (ICT) systems and networks, possibly leveraging on common information system architectures and procedures. 2.1 This Programme should therefore target the design, development and implementation of architectures and EU Reference solutions (with interoperable building blocks based on innovative technologies), leveraging on the suggestions of the EU Border Checks Task Force that satisfy, within the limits of the legal environments and of a common technical framework, regulatory requirements for the control of people and goods, avoiding unecessary constraints to their mobility.

Registered Traveller Programme (RTP), Entry/Exit System (EES), Customs Security Programme (CSP), Authorised Economic Operators (AEO)

EOS White Paper on Border Management Version 1.0 November 2009

Page | 10

Recommendation 3 Design & Development of an EU architecture for Border checks, consisting of EU Reference Solutions and Building Blocks
Increased coordination and more comprehensive funding efforts for design and development activities for an EU approach on Integrated Border Management can be reached through a dual Top-Down / Bottom-Up approach: it will indeed have the potential to enhance European capabilities and provide for a common border checks picture.

Top-Down approach: 3.1 Development of a harmonised architecture for integrated border management allowing the progressive integration of future national systems, while driving the development of EU Reference Solutions9 (composed of Building Blocks), fitting the requirements of the global Architecture. Design, develop and validate common and interoperable EU Reference Solutions (consistent with the Global Management Architecture), including not only technology standards for interoperability, but also best practices, policies, common requirements and coordinated procurement approaches. Engage with the end-users (front-line officers) in the individual Member States to ensure that individual agencies and the front-line officers views are included in the design of specific solutions and to enable business processes to be adapted to take advantage of these new solutions.

3.2

3.3

This course of action would require the EU to take an enterprise architecture approach 10 and would require industry-wide collaboration to leverage the whole community to create the architectural framework within which in-service and future operational systems could be progressively introduced and federated. Indeed, an EU Reference Solution which individual MS would then be able to use as a core template solution or use for the purpose of integration testing would promote interoperability. Standardisation, testing, certification and quality processes should continue to be based on common EU policy requirements.

Bottom-Up approach 3.4 3.5 Development of Building Blocks (composing EU Reference Solutions) in EU R&D activities (biometry, trusted procedures, intelligence tools, etc.). Increased coordination and cross fertilisation of existing (and future) initiatives through an explicit clustering mechanism that aggregates all relevant EC activities (FP7, ESRIF outlook, MS R&D programmes etc.). Such clustering would better
and validated following common operational when needed, interoperability or compatibility processes and IT infrastructure reflecting the model

European Reference Solutions: technologies and capabilities developed needs, criteria and EU security strategies, for specific missions to increase, of solutions. 10 Enterprise architecture is the organizing logic for business / operational integration and standardization requirements of the organisations operating

EOS White Paper on Border Management Version 1.0 November 2009

Page | 11

allow capability gaps to be tackled, identify technological challenges and address the needs for an Integrated Border Management. We would favour the new regulatory Agency being responsible for this approach.

Recommendation 4 Support the interoperability and the standardisation of border management tools and processes in order to foster the efficiency of the process of information sharing between MS
In developing Europes architecture for border management, the sharing of data and information is highly likely to be key issues in tackling the security threats . Interoperability, connectivity and synergy between different systems and databases will be critical to provide national agencies and authorities with the information required to accomplish their institutional duties. To reinforce the current EC initiatives and enhance th e effectiveness and efficiency of the EUs border checks activities whilst ensuring interoperability between the different national authorities, we recommend that the EU: 4.1 4.2 Develop minimum / optimum technical requirements for interoperability purposes and specification of common technologies for performing border checks; Develop uniform technology standards regarding the storage, exchange and sharing of data with well defined compatible interfaces allowing valid exchange of data; Proof of interoperability standards through pilot projects that enable individual Member States to focus on solutions for their specific challenges while still meeting the interoperability commitments required for EU-wide integrated border management.

4.3

Recommendation 5 Support progressive implementation of EU Integrated Border Management activities and of an EU architecture for Border checks with components of EU Reference Solutions
5.1 Further support the implementation at national level of Border Management systems and the roll-out of the EU visa policy and secure information exchange tools with the already adopted databases and EU systems ( VIS and SIS II). Create of a series of pilot projects to prove the feasibility and viability of solutions (possibly EU Reference Solutions) to address specific border management gaps (e.g. mobile biometrics, network-based risk targeting and intelligence approaches, land border data capture) and to apply lessons learnt prior to committing to large scale EU-wide implementation. Focus on the benefits of integrated border management to citizens, businesses and endusers to develop a prioritised region-by-region implementation plan, providing via

5.2

5.3

EOS White Paper on Border Management Version 1.0 November 2009

Page | 12

the proposed Integrated Border Management approach, front-line officers with more effective tools to make better informed decisions to secure borders. 5.5 Implement a framework for acquiring comprehensive and accurate pre-departure and pre-arrival passenger, vehicle and goods information, expanding the use of EU_PNRs (Passenger Named Record) and the acquisition of Third Country data under the Customs Security Programme (CSP), in compliance with data privacy legislation.

Roadmap
To support and foster the development of EU-wide Integrated Border Management, we propose the following set of actions for the consideration of the EC, the newly appointed Agency and, where appropriate the individual MS. Short term measures at EU level [2010-12] o Create a Public Private Dialogue (EU Border Checks Task Force) alongside relevant stakeholder (MS, EC, new Regulatory Agency, EU Agencies, Industry, etc) to form a broad alliance and strong cooperation based on trust. o Promote feasibility studies on the design and implementation of automated border clearance. o Foster and develop minimum requirements for Border Checks technologies; o Promote the introduction of land Entry / Exit solutions. o Proposal for constant co-operation to further develop on interoperability standardization issues, in terms of technology, language and doctrine. and

o Further encourage Research and Development activities related to Border Management, especially on identity management, biometrics, interoperability, data distribution, developing and validating EU Reference Solutions. o Provide the new European Commission, the European Parliament and Member States with the means to justify the creation of an EU Programme for an Integrated Border Management (Checks) and consequent financial support to be envisaged in the 2014 2020 EU financial perspectives.

Medium term measures at EU level [2013-16] o Proposal for the necessary policies and regulations to have an EU consistent record of the entries and exit of travellers across the Schengen area. o Proposals for the necessary policies and criteria to create an interoperable EU RTP: Definition, design and build of a common RTP architecture across EU. o Promote the creation of a pilot project to weight the required functionalities, the notion of automation for all border clearance, carry out biometric verifications and explore Entry/ Exit functionality.

EOS White Paper on Border Management Version 1.0 November 2009

Page | 13

o Promote the development of interoperable systems between neighbouring countries, tested by means of pilot projects implemented by basin. These pilot projects will pursue the objective of assessing the technical feasibility of an integrated RTP and Entry / Exit Systems.

Long term measures at EU level [2016-20] o Foster the deployment of automated border clearance across EU and Third countries according to the proposed architectures and solutions. o Introduce the newly developed components in which EU Reference Solutions will be implemented incrementally across Europe. o Introduce the newly developed components in which EU Reference Solutions will be implemented incrementally across Europe, updating and integrating the existing systems, while adding new components.

EOS White Paper on Border Management Version 1.0 November 2009

Page | 14

About EOS
The European Organisation for Security EOS was created in July 2007 by European private sector suppliers and users from all domains of security solutions and services. EOS has today 34 members, representing 12 European Countries. EOS focuses on the market side, and seeks to develop close relationships with the main public and private actors. The main objective of EOS is the development of a consistent European Security Market sustaining the interests of its Members and satisfying political, social and economic needs through the efficient use of budgets and the implementation of available solutions in priority areas, in particular with the creation of main EU Security Programmes. To develop the security market we: support the development of civil security & resilience systems and related services with innovative European approaches that can be used in the global security market; support the effective implementation of existing / future solutions and services (developing interoperable and consistent architectures, interfaces, innovative methodologies and / or common procedures, best practices, pilot projects, etc) focusing resources on market priorities. In order to achieve these objectives, and believing in the benefit of an effective dialogue between all relevant stakeholders, EOS welcomes any suggestions and comments to its White Paper.

HOW TO REACT TO THE WHITE PAPER Reactions to this White Paper may be sent directly to [email protected] Alternatively, you could post your comments to: European Organisation for Security (EOS) 270 Avenue Tervuren Bruxelles 1150

EOS Members

EOS White Paper on Border Management Version 1.0 November 2009

Page | 15

EOS Border Management sub - Working Group Participants This White Paper is a collective endeavour of the EOS Border Management sub - Working Group during the last 2 years, with the participation of: SAGEM Scurit BAE Systems - Detica ALTRAN ALTRAN ALTRAN ALTRAN ALTRAN BAE System Detica BUMAR BUMAR CEA EADS EADS EDISOFT ENGINEERING ENGINEERING FINMECCANICA/SELEX SI FINMECCANICA/SELEX S.I. FINMECCANICA/SELEX S.I. G4S HAI IBM IBM INDRA INDRA INDRA SAGEM SMITHS HEIMANN SMITHS HEIMANN SMITHS DETECTION SMITHS DETECTION THALES THALES EOS EOS Krassimir Nefyn Jean-Philippe Cecile-Liv Pascale Silke Mathias Ben Edward E. Monika Frdric Julien Robert Antonio Giuseppe Dario Gustavo Eugenio Francesco Mike Evangelos Peter Gerardo Sonia Carlos Javier Jean Marc Nicolas David Caroline Magnus Yves Lionel Hugo Luigi Krastev Jones Perin Mller Lardin Nikolay Julien Bridge Nowak Swiech Laurent Feugier Havas Sousa Paladino Avallone Scotti di Uccio Creso Frau Clarke Ladis Stremus Zuliani Gracia Anadon De Miguel Warleta Suchier Dumay Delfanne Persson Ovilius Lagoude Le Cle Ganet Senoko Rebuffi WG Support WG Supervision WG Chairman / WP Editor WP Editor

EOS White Paper on Border Management Version 1.0 November 2009

Page | 16

EOS competence
A list of EOS Members competences/ areas of knowledge relevant to the domain is the following (based in Staccato Taxonomy) Technologies-Components 109 110 111 112 113 114 115 116 117 118 Opto-electronics: Laser, optics and related devices Sensor Technology and Components Electronic components Signal processing technologies Information technologies Artificial Intelligence & Decision support Simulation tools and technologies Computing Technologies Information Security Technologies Communication technologies

Equipments and sub systems 200 201 202 203 204 205 219 Sensor Equipments Signal Protection Identification equipment Biometric equipment CBRN protection and decontamination equipment Navigation, guidance, control and tracking Physical access control and Electronic Authentication Equipment

Systems-Services Functions 300A 301A 302A 303A 304A 306A 307A 308A 300A 311A 312A Risks assessment, modelling and impact reduction Risks and vulnerabilities assessment Risk reduction Protection Exercise and simulation, training Identification Localization Surveillance Intelligence Interoperable secured communications (Security systems architecture) Crisis Operations / Management C3I

Design-Manufacturing 300B 301B 302B 303B 304B 305B 306B Operating Environment Knowledge & Modelling Technology Systems Engineering and Design Management Systems Certification and Failure Investigation Systems Engineering and Integrated Systems Design Manufacturing and fabrication technology Software design validation and maintenance Simulation and design tools

EOS White Paper on Border Management Version 1.0 November 2009

Page | 17

307B 308B

Installations and Facilities Ergonomic and Human factors

Integrated platforms and systems and HFs 407 408 411 412 413 415 416 Identity management systems Integrated Surveillance Systems C2, Information and intelligence systems Networks and information security systems Communication Systems Equipped Personnel Integrated systems of systems

Mission Capabilities 500A 501A 502A 503A 504A 507A 508A 509A 510A 511A 512A Preserve the functioning of the State Ensure Identification and control of goods and people Ensure and Maintaining Law and Order Ensure Economic Security Protection of citizens (goods and people) Control and surveillance of areas Protection of areas and infrastructures Protection of networks Protection of environment (before, during and after) Security of transport Crisis management

EOS White Paper on Border Management Version 1.0 November 2009

Page | 18

Annexes
Annex I - Background
Border Management consists of the verification of people, vehicles and goods at regulated land or maritime check points11. It involves identity checks and information searches against various databases of known persons to be either apprehended or denied entry to the territory and the use of advanced techniques for identifying the high risk. The passenger flows at the external borders of the EU have been growing and will continue to increase in the future, posing a challenge to every MS. Two main objectives have been defined by the EC: ensuring the smooth crossing of passengers and guaranteeing the internal security of the Schengen area. Due to the huge number of people crossing Europe every year, this is, undoubtedly, a daunting task. In this context, the EC has also proposed an integrated European Border Management Strategy (EBMS). The concept of an EBMS involves combining control mechanisms and the use of tools based on the flows of persons towards and into the EU. It comprises measures taken at the consulates of Member States in third countries, measures in cooperation with neighbouring third countries, measures at the border itself, and measures taken within the Schengen area. In addition, the EC has proposed new tools for EBMS which included the introductions of an EES, allowing the electronic recording of the dates and exit of Third Country Nationals (TCN) in and out the Schengen area, the introduction of automated border crossing facilities for EU citizens and certain TCN and the introduction of an Electronic Travel Authorisation system (ETAS) 12. Travellers from certain third countries are subject to visa obligations. A first check of whether they fulfil the conditions of entry and stay takes place in conjunction with the visa application at the consulates of MS in third countries. TCN requiring a short stay visa will be checked against the Visa Information System (VIS), on which EC and European Parliament (EP) reached a rollout agreement. The VIS objective is to verify the authenticity of the visa and the identity of the holder by biometrics means. According to the Schengen Borders Code, TCN are subject to a thorough check for the length of stay and checked against the Schengen Information System (SIS) to verify they do not represent a threat to public policy, public health or internal security.

Annex II13 - Current Tools for Border Checks in the European Union
The Border Control covers two types of activities: Border Surveillance and Border Checks. The Schengen Convention and the Schengen Borders Code define three types of external borders: air borders (airports), sea borders and land borders (rail and road); The authorities responsible for border checks vary depending of the MS, but normally are border guard, police and customs. The variety may mean different types of border checks systems.
11

New tools for an integrated European Border Management Strategy, MEMO 08/05; Preparing the next steps in border management in the European Union, COM(2008) 69 final 12 A definition and scope of the mentioned tools may be found in Annex I 13 COM (2008) 69 final, SEC (2008) 154,

EOS White Paper on Border Management Version 1.0 November 2009

Page | 19

Checks might be divided in three parts: pre border, tirst line border and second line border. 1. Pre border checks are carried out before the TCN gets into a MS with the objective of transmitting information on passengers before their arrival at the Border Check Point. The compulsory information submitted by carriers to the Border Check authorities is based on Advanced Passenger Information (API) and Passenger Name Record (PNR), the latest restricted to air borders. 2. First line checks are the activities undertaken by the national authorities for border checks on the entry and exit of any traveller crossing the Schengen area. Targeted to EU citizens and TCN, the checks mainly cover controlling and verifying the validity of the visa and the required stamping of travel documents. Whilst EU citizens are guaranteed free EU movement and minor, if any, checks, TCN are subject to thorough checks. 3. Second line checks takes place when an officer identifies an abnormality during the first line check and further thorough checks are needed.

There are currently three large scale information technology (IT) systems in the area of DG JLS whose operational management has been entrusted to the EC: SIS II, VIS and EURODAC. Following an impact assessment to study the different options for the Management of SIS, VIS and EURODAC, the EC has created a new Agency whose core mission will be to fulfil the operational management of those systems, keeping them functioning on a 24*7*365 basis. The new Agency will be also responsible for the management of security, statistics and reporting while also meeting diverse needs such as training, research or even the implementation of pilot schemes.

EOS White Paper on Border Management Version 1.0 November 2009

Page | 20

Schengen Information System (SIS) and SIS II

The Schengen Information System (SIS) is a computer network for the collection and exchange of information relating to immigration, policing and criminal law for the purpose of law enforcement and immigration control. The SIS contains data (alerts) on persons and objects which are necessary for the purpose of maintaining the Schengen territory an area of security and justice. The SIS currently stores around 15 million records including, roughly, 11 million ID Documents, 1.5 million Vehicles, 1 million persons, 400.000 blank documents, 300.000 firearms and 250.000 banknotes. The system was designed to cope with 18 MS (15 MS, Iceland, Norway and one in reserve). Due to technology obsolescence, a second technical version is in preparation (SIS II) which will include new types of data. The setting-up of the second-generation SIS is an absolute prerequisite for the involvement of the new Member States in the area without internal frontiers. SIS II and SIS share the same technical concepts. SIS II will facilitate the exchange of information on persona and objects between national authorities responsible for border controls and other customs and police checks. SIS II will benefit from developments in the field of IT and allow the introduction of new functionalities such as the possibility to include biometric data. SIS contributes to the implementation of the provisions on the free movement of persons (Title IV of the Treaty) and to the judicial cooperation in criminal matters and police cooperation (Title VI of the Treaty). This information is shared among the participating countries of the Schengen Agreement Application Convention (SAAC). Although the Republic of Ireland and the United Kingdom, have not signed the SAAC, they take part in the Schengen co-operation under the terms of the Treaty of Amsterdam, which introduced the provisions of Schengen Acquis into the European Union. Schengen Acquis allows the United Kingdom and Ireland to take part in all or part of the Schengen arrangements. Ireland and the United Kingdom will use the SIS for law enforcement purposes. They will not have access to the Article 96 data, because they do not intend to remove the border controls between themselves and the rest of Europe. European citizens still have the right of free movement to the UK but they must pass through a border control point unlike in the rest of the Schengen signatories where these have been abolished between the Schengen countries. In 2006, Ireland implemented Directive 2004/38/EC, E.U free Movement of Persons directive as Irish Statutory Instrument S.I 656/2006

Visa Information System (VIS)

VIS is a system for the exchange of visa data between Member States in order to: a) improve internal administration with regard to the common visa policy and thus prevent European visa shopping;

EOS White Paper on Border Management Version 1.0 November 2009

Page | 21

b) contribute to the fight against internal terrorism and c) fight against illegal immigration.

It consists of a Central Visa Information System (CS VIS) with an interface in each MS which provides a connection to the relevant central authority of each MS. It will be the IT based instrument for supporting the implementation of the common visa policy and facilitating effective border control by enabling authorised national authorities to enter and update visa data, including biometric data and to consult it electronically. It will be based on a centralised architecture and a common technical platform with SIS II. Once the full functionalities of VIS can be exploited the system will store biometrical data (photograph and ten fingerprints) on up to 70 million people concerning visas for visits to or transit through the Schengen Area as well as written information such as the name, address and occupation of the applicant, date and place of the application, and any decision taken by the Member State responsible to issue, refuse, annul, revoke or extend the visa. SIS and VIS are being developed by the EC, which is also entrusted with their operational management.

EURODAC

Eurodac is a fingerprint database that stores and compares the fingerprints of asylum applicants and illegal immigrants and allows Member States to determine the State responsible for examining an asylum application according to Dublin II Regulation. The EURODAC collects data for any asylum applicant over 14 years of age and comprising: fingerprint and control images, data of the application, the Member State where the asylum application is filled and the gender of the applicant. EURODAC has been developed by the EC and it is responsible for operating the Central Unit and ensuring the security of data transmission.

SISone4ALL

Due to delays in the SIS II deployment, Portugal offered a modified version of its SIS 1+ system to new Member States. The Czech Republic, Estonia, Hungary, Latvia, Lithuania, Malta, Poland, Slovakia, and Slovenia accepted the Portuguese proposal and use the new system until the SIS II deployment. This version, named SISone4ALL, which was developed by SEF (Portugal's Border and Foreigners Service) and Critical Software Technologies, was deployed in 2007 and allowed the adherence of participant new Member States to be on schedule. Switzerland has now also decided to join Schengen using SISone4ALL before SIS II deployment.

EOS White Paper on Border Management Version 1.0 November 2009

Page | 22

Biometric Matching System (BMS)

The Biometric Matching System (BMS) is an information search engine that can match biometric data. It can be seen as a subsystem of the VIS as each fingerprint image stored in the VIS is linked to a biometric template stored in BMS. MS never directly communicate with BMS. The BMS system design structure follows a Service Oriented Architecture that allows it to provide biometric matching services to other systems such as SIS II and EES.

Entry/Exit System (EES)

The Entry/Exist System (EES) is a central conceptual part of the Commissions Communication on preparing the next steps in border management in the European Union. The EES would technically enable the electronic recording of entry and exit information of third-country nationals admitted for a short stay to the Schengen area. For both visa holders and visa exempt nationals it allows consultation of the data stored by the relevant authorities. The system would generate an alert or notification when the legal entitlement of a third-country national to stay in the Schengen area has expired and there is no record in the system that the individual has left the territory. The EES would build on the technical infrastructure put in place by central authorities and Member States to accommodate the VIS and associated Biometric Matching System (BMS). If consensus is reached, EES could become operational around 2015.

Registered Traveller Programme (RTP)

The Registered Traveller programme (RTP) aims to facilitate border checks for third-country nationals, who have voluntarily chosen to pre-enrol their biographic and biometric data, and have undergone a vetting procedure according to pre-defined criteria. Due to the chronological decoupling of the introduction of data introduction and travel, registered travellers would be able to use automated facilities at certain border crossing points where available, allowing for expedited border checks while maintaining a high level of security. The technical infrastructure of RTP would also build on the pre-existing structures put in place by central authorities and Member States for the establishment of BMS and VIS.

Electronic System of Travel Authorisation (ESTA)

The European Commission will examine the possibility of introducing an electronic system of travel authorisation. Such a system would apply to third-country nationals not subject to the visa requirement who would be requested to make an electronic application supplying, in advance of

EOS White Paper on Border Management Version 1.0 November 2009

Page | 23

travelling, data identifying the traveller and specifying the passport and travel details. The data could be used for verifying that a person fulfils the entry conditions before travelling to the EU, while using a lighter and simpler procedure compared to a visa. The Commission intends to launch a feasibility study in 2008 that analyses the practical implications and Electronic System of Travel Authorisation. The result of the study should be presented to the European Parliament by the end of 2009.

Passenger Name Record

PNR is a proposal of the Commission for persons arriving by air, essentially equivalent to the information contained in the flight reservation. This information is also translated just before or in relation with boarding to law enforcement authorities. This system would apply to all Member States as it is not linked to the Schengen cooperation as such. The transmission of PNR data takes place for the purpose of preventing terrorism and organised crime, not for border checks.

EOS White Paper on Border Management Version 1.0 November 2009

Page | 24

Annex III Main EU legislative measures

Council Decision 2002/463/EC, of 13 June 2002, adopting an action programme for administrative cooperation in the fields of external borders, visas, asylum and immigration (ARGO Programme) Council Decision 2004/512/EC of 8 June 2004 establishing the Visa Information System (VIS) Council Regulation 2007/2004/EC of 26 October 2004 establishing a European Agency for the Management of Operational Cooperation at the External Borders of the Members States of the EU Council Decision 2004/867/EC of 13 December 2004 amending Decision 2002/463/EC Council Regulation 2252/2004/EC of 13 September 2004 on standards for security features and biometrics in passports and travel documents issued by Member States Council Regulation (EC) No 562/2006 of the EP and the Council of 15 March 2006 establishing a Community Code on the rules governing the movement of persons across borders (Schengen Borders Code) Decision No 895/2006/EC of the EP and the Council of 14 June 2006 introducing a simplified regime for the control of persons at the external borders based on the unilateral recognition by the Czech Republic, Estonia, Cyprus, Latvia, Lithuania, Hungary, Malta, Poland; Slovenia and Slovakia of certain documental as equivalent to their national visas for the purposes of transit thought their territories Decision No 896/2006/EC of the EP and the Council of 14 June 2006 establishing a simplified regime for the control of persons at the external borders based on the unilateral recognition by the Members States of certain residence permits issued by Switzerland and Liechtenstein for the purpose f transit thought their territory Council Regulation (EC) No 1932/2006 of 21 December 2006 amending Regulation EC No 539/2001 listing the third countries whose nationals must be in possession of visas when crossing the external borders and those whose national are exempt from the requirement

EOS White Paper on Border Management Version 1.0 November 2009

Page | 25

Annex IV

14

Border crossing points and border crossing

MEMBER STATES BELGIUM CZECH REP DENMARK GERMANY ESTONIA GREECE SPAIN FRANCE ITALY CYPRUS LATVIA LITHUANIA LUXEMBOURG HUNGARY MALTA NETHERLANDS AUSTRIA POLAND PORTUGAL SLOVENIA SLOVAKIA FINLAND SWEDEN ICELAND NORWAY ROMANIA BULGARIA TOTAL

LAND BORDERS 2 0 0 0 7 11 4 9 0 0 16 29 0 27 0 0 0 29 0 57 4 26 0 0 1 23 11 256

SEA BORDERS 6 0 133 119 39 53 32 42 108 7 9 2 0 1 3 12 2 19 22 3 1 66 60 25 76 10 11 871

AIR BORDER 6 19 38 131 7 29 31 108 50 3 4 4 1 10 4 9 70 20 8 3 8 24 31 5 25 13 5 665

TOTAL 14 19 171 250 53 93 67 193 158 9 29 35 1 38 7 21 72 68 30 63 13 116 91 30 102 46 27 1792

14

List of border crossing points referred to in Article 2 (8) of Regulation (EC) No 262/2006 of the European Parlament and of the Council of 15 March 2006 establishing a Community Code on the rules governing the movement of persons across borders

EOS White Paper on Border Management Version 1.0 November 2009

Page | 26