The eu-LISA Bits & Bytes

eu-LISA's Digital Newsletter

The eu-LISA Bits & Bytes provides an overview of the Agency's recent progress and the state-of-play on the development and management of the large-scale IT systems that govern the Schengen Area's internal security.

In this issue:

… and more.

Past & future editions

Large-Scale IT Systems' Evolution and Outlook

The Agency's main priorities in 2020 were to continuously design and develop the new systems (EES, ETIAS, ECRIS-TCN), adapt the existing systems to the requirements stemming from the applicable regulations and ensuring a high level of performance and availability of these existing large-scale IT systems (Eurodac, SIS, VIS).

For a refresher on what the large-scale IT systems are and do, see our dedicated portal: Discover eu-LISA

Systems' availability untouched
eu-LISA managed to ensure high level performance and availability of SIS, VIS, Eurodac and their sub-systems during the pandemic. Further than that, measures were taken to mitigate risks related to the implementation of the new systems (EES, ETIAS, ECRIS-TCN) and interoperability components.

The development of EES, ETIAS, ECRIS-TCN and the interoperability architecture is on track. In parallel, the Agency is upgrading SIS, adapting VIS to meet the EES Regulation requirements and waiting for the recast of VIS and Eurodac regulations to be adopted (the new Eurodac recast regulation is issued in the Migration and Asylum Pact).

In 2020, the Automated Fingerprint Identification System functionality (AFIS) was introduced to SIS, enabling law enforcement and border authorities to improve identity checks and ensure better coordination.

In September 2020, the European Commission presented a new proposal for the Eurodac recast as one of the cornerstones of the EU Pact on Migration and Asylum. The upgraded system will be operated and developed by eu‑LISA. In line with the proposal, Eurodac is to be fully reshaped into a European database to support the EU's policies on asylum, resettlement and irregular migration.

The new Eurodac system is a platform for information exchange between Member States, containing comprehensive data concerning asylum seekers and irregular migration. Eurodac is essential for the successful implementation of the Pact as a whole and for the ability of Member States to improve efficiency of migration and asylum management policies in EU.

Once implemented, it will bring a number of tangible benefits for the migration and asylum authorities in the Member States, in particular:

Focus on applicants rather than applications to determine responsibility for asylum claims;
Include new categories of persons for whom data (biometric and alphanumeric data) will be stored;
Allow its use to improve the identification of irregular migrants and to deter unauthorized movements to other Member States (secondary movements);
Contribute to preventing asylum shopping;
Improve registration, playing a determining role in countering trafficking of human beings, with a decisive contribution to the protection of minors and other categories of vulnerable persons;
Facilitate relocation and better monitoring of returnees;
Track support for voluntary departure and reintegration;
Enable to draw up new statistics to support decision-making and improve analytical capabilities of relevant national authorities and EU Agencies

The new Eurodac will also be an important building block in the new interoperability architecture for internal security and border management. It will have a strong, positive effect on situational awareness and decision-making in Member States, providing relevant depersonalized information to the Common Repository for Reporting and Statistics (CRRS) for analytical purposes.

eu-LISA is operating the Schengen Information System (SIS), which has fundamental role in the EU’s internal security. Ongoing work with the system upgrade (the SIS recast) will provide better tools for border and law enforcement authorities in the fight against crime and terrorism. The strengthened SIS will contain new categories of alerts (persons and objects) and more biometric data. It will include preventive measures on vulnerable persons, as well as return decisions and entry bans, and enable more effective information sharing for counter-terrorism purposes.

The upgrade brings following improvements:

Information sharing: New categories of alerts, ensuring more reliable information is available to Member States;
Biometrics: SIS will contain palm prints, fingerprints, facial images and DNA samples;
Counter-terrorism: More information will be shared on persons and objects involved in terrorism-related activities;
Vulnerable persons: Preventive alerts to protect missing persons, children at risk of abduction, potential victims of trafficking or gender-based violence;
Irregular migration: Return decisions and entry bans will be shared to enhance their effective enforcement;
Enhanced access for EU Agencies: Europol will have access to all alert categories, while Frontex operational teams will be able to access SIS to carry out their tasks at hotspots;
SIS Automated Fingerprint Identification System (AFIS) to perform cross-European fingerprint-based searches.

AFIS became mandatory for all Member States at the end of 2020. The solution, developed by eu‑LISA, is a major milestone in the fight against crime, as it enables law enforcement and border authorities to improve identity checks and ensure better coordination. A number of Member States are already actively using the SIS AFIS functionality and checking person alerts on the basis of the fingerprints stored in SIS.

eu-LISA is in charge of the operational management and development of the Visa Information System (VIS). It is a system for the exchange of visa data among Schengen Member States. As such, it connects consulates in non-EU countries and all external border crossing points of Schengen States. Currently, VIS processes data and decisions relating to applications for short-stay visas to visit or to transit through the Schengen Area. The system can perform biometric matching, primarily of fingerprints, for identification and verification purposes. VIS will be adapted to meet the provisions of the EES Regulation and its new version will enter operations together with EES, in line with the targets set at political level.

In December 2020, political consensus was reached between the European Parliament and the Council on the upgrades of the system. The VIS recast will enable eu‑LISA to implement following functionality improvements:

Enhanced security checks across all databases: with interoperability in place and with the provision envisaged in the forthcoming VIS Recast Regulation, all visa applications recorded in the system will be automatically checked against all other EU information systems. This obligatory cross-check will detect applicants using multiple identities and identify anyone posing a security or non-compliance risk;
Better data and information exchange: Currently, no information is held at EU level on long stay visas and residence permits. The upgraded VIS database will extend its scope to include such information. This will allow competent authorities to quickly determine whether a long-stay visa or a residence permit used to cross the Schengen Area’s external borders is valid and in the hands of its legitimate holder, thus closing an important security gap;
More efficient return procedures: Copies of the applicant's travel document will also be included in the VIS database. This measure, coupled with the authorisation for Frontex teams to access VIS, will facilitate the identification and readmission of people subject to a return procedure who do not have travel documents, thereby increasing the efficiency of the EU's return policy;
Strengthened capacity to prosecute and prevent crime: Law enforcement authorities and Europol will have a more structured access to VIS for the prevention, detection or investigation of terrorist offences or other serious crimes, under strict conditions and in full respect of the EU's data protection rules. Access to VIS will be also opened to law enforcement authorities for the purpose of searching for or identifying missing or abducted persons and victims of trafficking;
Schengen Consultation and Ex-post notification procedures: Currently, these procedures are supported via VIS Mail, a mechanism allowing Member States to consult and notify each other on issuing Schengen visas, or limited territorial validity visas. With the Recast, the functionalities currently supported by VIS Mail will be integrated into the revised VIS, to allow automation and efficient services towards the third country nationals that are subject to visa requirements.

Implementation of the Entry-Exit System (EES) is one of the top priorities of eu‑LISA. It will be an automated IT system for registering travellers from third-countries - both short-stay visa holders and visa exempt travellers - each time they cross an EU external border. The system will register the person's biographic and biometric data (live fingerprints and facial images) and the date and place of entry and exit, in full respect of fundamental rights and data protection rules

In 2020, major efforts were undertaken by eu‑LISA to ensure the implementation of EES at the fastest possible pace and to mitigate the impact of the COVID-19 pandemic to planned activities at central and national levels. On 14 December 2020, the JHA Council decided to shift the go-live of the EES by 2 months (May 2022) in order to absorb the COVID-19 related impacts and to allow more preparation time for the Member States.

eu-LISA continues the implementation of the signed Framework Contract for the EES Central System, currently in the development and central testing phases. The testing of national systems with the EES Central System will be launched in 2021. Installation of National Uniform Interfaces (NUI) is ongoing and most Member States are well on track.

The tender for the shared Biometric Matching System (sBMS), was concluded in April 2020. The requirements are being finalised and the system entered the development and testing phase in October 2020.

As another structural part of the EES, the Web Services project has been contractually launched in September 2020, by signing two specific contracts, aimed at the creation of services for Carriers (air, land and sea) and for Third-Country Nationals.

The detailed EES implementation plan has been continuously monitored and refined in close collaboration with Member States, in the context of the EES-ETIAS Advisory Group (EES-ETIAS AG) and other eu‑LISA governing bodies (Management Board, Programme Management Board). The performance of the EES contractor is continuously monitored and contractual possible risk management approaches are being applied with respect to delivery times and the quality of deliverables.

The active development of the European Travel Information and Authorisation System (ETIAS) will start in 2021. It will be a largely automated IT system created to provide a travel authorisation for third-country nationals exempt from visa requirements, enabling consideration of whether their presence on the territory of the Member States does not pose or will not pose a security, illegal immigration or a high epidemic risk. A travel authorisation constitutes a decision indicating that there are no factual indications or reasonable grounds to consider that the presence of a person on the territory of Member States poses such risks. Thus, a travel authorisation will not require more information or place a heavier burden on applicants than a visa does. Holding a valid travel authorisation will be a new entry condition for the territory of Member States.

The development of ETIAS remains untouched by the COVID-19 pandemic. The eu‑LISA Management Board adopted the Tender Specifications in September 2020 and the contract will be in place in the coming months. The go-live of ETIAS is planned in the end of 2022.

ECRIS-TCN will allow the central authority of a Member State to promptly and efficiently find out whether and which other Member States store criminal records information on a third-country national or stateless person, so that the existing ECRIS communication channels can be used to request criminal records information from the relevant Member States. Once it becomes operational, the system will facilitate the access of judges, prosecutors and other relevant judicial authorities to comprehensive information on an individual’s criminal history, no matter in which Member State that person was convicted in the past.

Efficient exchange of criminal records information is instrumental in combating cross-border crime. The system will contribute to implementing the principle of mutual recognition of sentences and judicial decisions in a common area of justice and security where people move freely - i.e. the Schengen Area. ECRIS-TCN is scheduled to be ready in conjunction with the roll-out of the components required to implement interoperability.

Despite the COVID-19 pandemic, the development of ECRIS-TCN is on track. At central level, the preparation phase is nearing completion and the procurement phase will commence in 2021. eu‑LISA successfully took over the ECRIS RI management from the European Commission in April 2020. ECRIS-TCN technical specifications (TTS) are in finalisation. The go-live of ECRIS-TCN is at the end of 2022.

eu-LISA is in charge of the development of new interoperable architecture for information management in the Justice and Home Affairs area. Interoperability between information systems will allow the systems to complement each other, help facilitate the correct identification of persons and contribute to fighting identity fraud. The regulations establish the following interoperability components:

A European search portal, which would allow competent authorities to search multiple information systems simultaneously, using both biographical and biometric data;
A shared biometric matching service, which would enable the searching and comparing of biometric data (fingerprints and facial images) from several systems;
A common identity repository, which would contain biographical and biometric data of third-country nationals available in several EU information systems;
A multiple-identity detector, which checks whether the biographical identity data contained in the search exists in other systems, to enable the detection of multiple identities linked to the same set of biometric data.

eu-LISA continues with the implementation of EES, ETIAS and the new interoperability architecture at the highest possible pace, having as an overall objective to achieve full implementation of the new interoperability architecture by the end of 2023.

The development of interoperability components has not suffered any major impact from the COVID-19 pandemic. The formal review of technical specifications was finalised.

The tender documentation preparation is ongoing and the contract is to be concluded in the first quarter of 2021. Work is ongoing with all interoperability components and relevant technical specifications (TTS): European Search Portal (ESP), Shared Biometric Matching Service (sBMS), Common Identity Repository (CIR), Multiple-Identity Detector (MID), Central Repository for Reporting and Statistics (CRRS).

The interoperability architecture should be fully operational by the end of 2023.

Digital criminal justice and eu-LISA
eu-LISA took over the maintenance of the ECRIS Reference Infrastructure, the application for ECRIS system, in April 2020 and, in parallel, is developing ECRIS-TCN. While the ECRIS is a decentralised system, ECRIS-TCN will be the first centralised IT system in the judicial domain that eu LISA has the mandate to develop and operate. As proposed by the European Commission on 2 December 2020, e-CODEX (e-Justice Communication via Online Data Exchange), an IT tool for cross-border cooperation, will be entrusted to the Agency as of 1 July 2023. eu LISA stands ready to take over the responsibility for maintaining e-CODEX. The Agency has the required technical expertise to ensure efficient management of the IT infrastructure behind e-CODEX, as well as sufficient experience in managing a variety of governance structures, enabling the full involvement of Member States and the European Commission.

eu-LISA Annual Conference 2020

On 26 November, eu-LISA hosted its 7^th Annual Conference, Interoperability - Building Digital Resilience for the EU Justice and Home Affairs Community, a fully virtual event, organised in cooperation with the German Presidency of the Council of the European Union.

The live broadcast, via a dedicated online platform, reached an even broader audience than our habitual face-to-face conferences, thus facilitating the same level of interaction with participants, all able to ask questions, comment, participate in polls and network.

More than 500 registered participants, including high-level representatives of EU Institutions and Agencies as well as practitioners from Member States and industry representatives, reflected on the opportunities, challenges and perspectives being brought forth from building digital resilience for the JHA community through interoperability.

Discussions focused on the digital transformation of the JHA area and the long-term vision for this process, the opportunities that technology and innovation are bringing to the internal security and border management domains, as well as on the implications of the COVID-19 pandemic on the acceleration of digitalisation in this area.

The benefits and possibilities for the law enforcement and border management communities stemming from the new information architecture and challenges of redesigning the Member States' business processes were also discussed. While embracing the novel solutions offered for improving internal security, the importance of ensuring the fundamental rights throughout this process was stressed.

The event was opened by European Commissioner for Home Affairs Ylva Johansson, who unfortunately could not attend the event live, but addressed participants in a video message:

Two panels tackled two very important questions: "Long journey from silos to interoperability – what lies ahead?" and "The new information architecture in JHA domain: endless possibilities?" and also posed a couple of flash polls to the audience:

One of the key takeaways from the event is that digitalisation in the JHA area has become more important than ever, as it contributes directly to resilience. In the current pandemic situation, it has become particularly evident how indispensable the ability to have fast access to information is; how important it is to ensure business continuity.

We should not stop here. We need to take advantage of modern technology, including interruptive ones, to facilitate and secure the life of European citizens. The Schengen Area needs to develop further, with a view to ensuring faster and more efficient border crossing. Artificial Intelligence will be a game-changer when processing vast amounts of data and looking for security gaps. The question is not "whether", but "when and how" to apply AI-based technologies.
Krum Garkov, Executive Director

Photo Gallery

Screenshots by eu-LISA

Discover more on the Conference Website

New Pact on Migration and Asylum

– The New Eurodac –

On 23 September 2020, the European Commission proposed a new Pact on Migration and Asylum that sets out improved and faster procedures throughout the asylum and migration system, as well as a balance in the principles of fair sharing of responsibility and solidarity. This is crucial in rebuilding trust between Member States and confidence in the capacity of the European Union to manage migration. This comprehensive approach comprises:

A strong external dimension including "win-win" external partnerships with third countries of origin and transit;
Effective border management, obtained by establishing legal pathways and integration, since the intention is not to build a "fortress Europe";
A fresh start to solidarity and responsibility sharing - to integrate asylum and migration management in the same framework, leaving the Dublin Regulation behind.

One of the key focal points with regard to border, migration and asylum management is Eurodac. Once the Eurodac legal basis, COM(2020) 614, will be adopted, eu-LISA will be one of the key actors in its implementation. The Agency will be responsible for transforming the existing Eurodac into a new and modernised large-scale IT system.

Eurodac is envisaged to become a fully-fledged database for registering asylum applications and applicants. By counting applicants, the proposed revised Eurodac will contribute to more effective migration and asylum management and will help to limit secondary movement in Europe.

The new Eurodac will provide precise figures on how many applicants/ first-time applicants there are in the EU. Furthermore, there will be more accurate and complete data available, including information about the Member State responsible for the asylum claim, shifts of responsibility, a rejected application or a previously granted Assisted Voluntary Return and Reintegration.

In terms of functionality and technical changes, the Eurodac proposal provides a completely new toolbox in support to Member States. The new system will include further categories of persons for whom data should be stored, allow the collection of alphanumeric data along with biometric data, facilitate the identification of irregular migrants, and enable new statistics that could support decision-making and analyses on migration and asylum management.

Eurodac is an important component of a larger security infrastructure and will need to function within the interoperability framework between EU information systems. The objective is to reach full interoperability of IT systems by the end of 2023.

eu-LISA Industry Roundtable 2020

From 3-5 November, eu-LISA hosted its first-ever fully digital industry event, the 2020 Industry Roundtable, Data Quality and Interoperability: Addressing the Capability Gaps through Standardisation.

Over three separate afternoons, the event focused on the challenges pertaining to data quality and access to data in the context of the new information architecture for internal security, border and migration management.

This year's edition brought together over 320 participants from more than 90 organisations and 35 countries, representing international border management and security industries, EU Member State authorities, EU Institutions and JHA Agencies as well as representatives from NGOs and Academia.

Day 1
Biometric Data Acquisition

The discussion focused on the challenges in using automated face recognition systems, as opposed to humans (e.g. border guards). While new technologies (such as deep learning) may outperform humans in face recognition, both humans and machines have problem with some common aspects.

Other points covered during the debate:

EU policy-making bodies and Member States should look into functional criteria and standards, whereas technical criteria should be left to the industry;
The need to carefully assess the quality threshold, in order to be able to deliver performance (e.g. ensure fast flow of travellers);
The need to look also into fusion between facial and fingerprint recognition;
The industry has developed and is also currently working on technical solutions for quality biometrics acquisition in challenging environments (such as moving trains);
The pandemic has introduced a new challenge: facial masks, but there are some solutions and ideas on how to tackle this since recognition algorithms can be retrained.

Day 2
Ensuring Data Quality

“There is only one way for quality input” was the conclusion of the first discussion panel: and that is only by ensuring it at the acquisition stage (i.e. when the photo is taken). Therefore, the more restrictions you impose in the acquisition context, the more you limit the variability of conditions, the better quality you obtain in the end. The quality of data used is also vital when it comes to AI - and specifically training AI-based systems.

The International Air Transport Association (IATA) presented their vision for an end-to-end biometric (touchless) passenger journey. A person's identification data is stored only on their electronic device (smartphone), and is shared only when needed with authorised parties, thus avoiding any GDPR concerns.

Natural Language Processing (NLP) technologies are especially useful in circumstances where biometrics of an individual are not available, or the use of biometric identification is not feasible, to ensure rapid and precise identification of persons on watch lists, for example.

Day 3
Access To Data

Discussions and presentations touched upon privileged user access, potential breaches and the zero-trust policy to defend against such breaches.

Language itself can pose a number of challenges when it comes to biographic data: names of individuals, names of cities/ countries are pronounced differently in different languages; geographical changes can also be recorded differently, for instance birth location; transcription makes it even more complex. Therefore, a multi-cultural name matching solution could be considered.

In addressing data quality, we must consider three main aspects: organisation (e.g. data governance framework), data flows and data quality management architecture supporting data quality processes.

Photo Gallery

Screenshots by eu-LISA

Discover more on the Roundtable Website

e-VISA Pilot

The EU common visa policy is an essential part of the Schengen acquis and one of the most valued achievements of EU harmonisation. It is a tool to facilitate tourism and business, while preventing security risks and risk of irregular migration to the EU.

The migration and security challenges faced in recent years in combination with the rapid global technological developments incentivise authorities to improve the security of the visa process, while making it more user-friendly for travellers and consulates. Indeed, at a national level, some Member States are already looking at the digitalisation of the visa processing, e.g. through online portals.

The March 2018 Commission Communication on visa policy took up the debate on digitalisation of visa processing. As an outcome of the Communication, a feasibility study on digital visas was announced along with the intention to assess various options as well as the promotion of pilot projects, which would prepare the ground of future legislative proposals.

In September 2019, the 'Study on the feasibility and implications of options to digitalise visa processing' was completed. This study analysed the feasibility of digitalising the visa application process, using a Schengen application portal, as well as the digitalisation of the (current) physical sticker, by using biometrics. The study also recommended a two-phased pilot project for the Schengen application portal.

Following its new Establishing Regulation, eu‑LISA was requested to provide advice and support to the Commission for this new system, by way of studies and testing. Subsequent to informing the Management Board of the request, eu‑LISA set out in Q3/ 2020 with its partners and stakeholders, to launch a pilot project on the development of such a portal.

The pilot Development, test and analysis reports of a prototype of the EU online visa application portal corresponds to the first phase of the pilot project. In particular, this first phase looks to:

Design, develop and test a customer-friendly, secure and interactive online visa application portal prototype, usable by applicants and Member State representatives; and
Conduct an analysis of the budgetary and legal requirements as well as the implications, costs and challenges of developing such a portal at the EU level.

"Prototype" should not be understood as the final, fully operational product of the online visa application portal. A prototype refers to an early, scaled down version of the final product in order to bring to life a preliminary interactive version of the online visa portal. User testing is important for a prototype as it gives the user an idea of how the final product can look in terms of design, feel and means of interactions by providing some features as operational and others as visualisation

In this context, the focus will be on the following phases:

IMAGINE: understand the Schengen visa process, target groups and their current journey, design the AS-IS journey and imagine the TO-BE online visa application journey
DELIVER: with the inputs from the Imagine phase, create the wireframes of the portal's clickable mock-ups and implement them by delivering an interactive prototype using agile methodologies
RUN: run and conduct usability tests through different simulations and incorporate results in a final report.

As the use of Artificial Intelligence (AI) has been a hot topic over the past years, eu‑LISA recently published a detailed study on the prospects and opportunities of using AI in the operational management of large-scale IT systems. In order to leverage and merge these two studies, one of the features of the e‑VISA portal will be a chat bot/ virtual assistant that could be used to answer questions about the interactive electronic application form that users will need to fill out.

AI Monitoring Report • Report Factsheet

The firm intention is to have the e‑VISA portal delivered to its stakeholders by Q3/ 2021, less than one year after its inception and to demonstrate eu‑LISA's added-value to its stakeholders and the business at large.

See more below

AI Initiatives at eu-LISA

In addition to the chat bot foreseen for the e‑VISA pilot, eu‑LISA is involved in a number of projects that, amongst their components, foresee the use of Artificial Intelligence/ Machine Learning (ML). The implementation of AI-based solutions in the EU JHA domain requires large-scale efforts, and thus a collaborative approach and a flexible governance structure. The Agency is in favour of a phased approach, that does not imply huge investments from the beginning, and creating synergies between the different JHA domains (migration, asylum, law enforcement, etc.), thus avoiding a silo approach. This will also facilitate the possibility of capitalising on existing IT investments.

eu-LISA is clearly open to discussion and eager to focus on the changes, benefits and opportunities brought about by these technologies. Applying AI in a lawful, ethical and technologically robust manner is imperative. The Agency firmly believes in the creation of common AI capabilities that will allow internal and external synergies, as well as JHA domain communities to develop, test, and explore solutions for the future.

1. AI for the sBMS and biometric matching: Within the shared Biometric Matching Service (sBMS), the Agency is currently implementing a deep learning solution for biometric matching capabilities. The sBMS architecture was designed from the ground up with the utmost consideration for security aspects regarding access control and separation of data.

2. AI for the CRRS: The Common Repository for Reports and Statistics (CRRS), foreseen as part of the Interoperability architecture, will create centralised capabilities for reporting and analytics based on a central data repository and data lakes. There is a unique opportunity to exploit AI's potential to increase benefits from the CRRS deployment, as this allows:

The use of natural language interfaces to query the CRRS, making access to appropriate and relevant information easier for users;
The use of a chat bot for user-generated customised reports;
The use of data quality tools and standards (UMF), reducing the overall preparation time of new solutions without duplicating costs.

3. AI Test Lab establishment The Agency will establish an AI Test Lab to facilitate the development and implementation of AI-based solutions in a way that is sustainable and with a view to further strengthening internal AI capabilities. The test lab could also support the testing of AI solutions by the Member States, in addition to eu‑LISA's own. This would be a welcome opportunity for the Agency and its stakeholders to further develop their learning curves and build on one another's experiences.

4. Impact assessment of hosting a data space for law enforcement In June 2020, eu‑LISA provided a first substantial contribution to a study on the requirements of data spaces for law enforcement purposes. A preliminary impact assessment on the creation and hosting of a centralised AI-enabled data space was carried out. eu‑LISA has recently continued the analysis with a view to extending the requested impact assessment to cover the option of a federated (against a fully centralised) solution. The analysis and discussion are ongoing.

eu-LISA prepares for engagement in the implementation of parts of the EU Framework Programme for Research and Innovation

With the entry into force of the revised establishing Regulation, the Agency's research mandate has been extended to include the opportunity to contribute to the implementation of parts of the EU Framework Programme for Research and Innovation. To put this into practice, the Agency has been collaborating with the Commission on preparing a working arrangement, defined as Terms of Reference. These Terms of Reference foresee the involvement of the Agency in the identification of priorities for research and innovation projects, in the areas related to the operational management of the large-scale IT systems entrusted to the Agency, as well as the possibility to engage with the projects throughout their lifecycle. We aim to sign the Terms of Reference with the Commission in Q1 of 2021. As a first step, eu-LISA has already supported the European Commission in the evaluation of research proposals submitted within the scope of the H2020 Security call for 2020 project proposals. We are very much looking forward to the opportunity to get involved in research and innovation activities aimed at making the Union safer and more secure.

EU Innovation Hub for Internal Security

In October 2019, Europol presented a proposal to establish an Innovation Hub at Europol. The EU Innovation Hub would act as an observatory for new technological developments, drive innovation, and ensure effective alignment and cooperation between relevant actors in the development of new technological solutions for internal security. Along with other JHA agencies, eu-LISA has been an active supporter of and contributor to this initiative from the very beginning. eu-LISA recently volunteered to support the development of the Hub by devising operational and financial frameworks, as well as proposing a methodology for a priority-setting process at the Hub. The Agency is committed to this initiative and will continue to support this important project in the coming months and years.

Standardisation Roadmap

In recent years, the EU has faced a number of challenges in the areas of internal security and migration, in particular terrorist attacks and migration crises. Addressing these challenges requires effective, efficient and reliable access to information. An important step in this direction was the development of the Roadmap for standards for data quality to enhance information exchange and information management, including Interoperability solutions, in the Justice and Home Affairs domain.

This Roadmap builds on the work done thus far in the area of data quality, with regard to data stored in the large-scale IT systems. eu-LISA has already taken several steps to support Member States in improving the quality of data by implementing a number of initiatives:

Improved reporting and quality checks at the source;
Implementation of quality checks and monitoring at a central level;
Process analyses and improvement;
Training activities aimed at supporting the improvement of data quality.

The Central Repository for Reporting and Statistics (CRRS) - a key Interoperability component - will enable effective and efficient reporting on data quality, replacing the reporting systems currently in place within each of the systems. CRRS will remove the need for direct access to information in the systems, enabling comprehensive analysis of anonymised data and reporting.

The key principles and objectives of the implementation Roadmap are:

Improving the Quality of Biometric and Alphanumeric Data

Ensure high biometric sample quality across all systems using biometric data
- Elaboration of shared good practices and the definition of standard processes and workflows to ensure acquisition of high-quality biometric data;
- Adoption of good practices, standardised processes and workflows for biometric data acquisition by the relevant Member State authorities;
- Elaboration of common staff training materials and methodologies for the end users of biometric equipment for the purpose of enrolment, identification and verification.
Ensure the quality of equipment used by Member State authorities is sufficient to comply with the requirements of the central systems. Organise campaigns aimed at updating obsolete equipment for biometric data acquisition.
Further develop the universal message format (UMF) into the standard message format for data exchange in the JHA area. The Interoperability Regulations define UMF as the standard to be used in the development of EES, ETIAS, the ESP, the CIR and the MID. Currently, UMF serves the purpose of data exchange for law enforcement purposes. To ensure that UMF can be universally applied to data exchange in the JHA area, it needs to be further extended to include data categories and data fields used in border management and migration.
Improve the knowledge and skills of staff responsible for data entry into the central systems. eu-LISA has been organising training activities on data quality issues, pertaining to the systems currently in place, since 2017. This effort now needs to be continued and extended to cover the new systems and the components of the Interoperability architecture. As part of its training mandate, eu-LISA will continue the development and delivery of training events focusing on improving data quality for the staff of Member State authorities and JHA Agencies.
Improve the quality of data provided through manual input. Manual data entry is one of the key challenges to the quality of alphanumerical data entered into the central systems. To address this, the development, endorsement and implementation of standardised solutions is necessary. These include:
- Standardised transliteration schemes and/ or standardised automated solutions for transliteration;
- The application of standards to particular data fields;
- The development of common approaches to data input/ validation rules within interfaces, standard architectures and/ or devices.

Creation of a Reference Catalogue of Devices and Solutions for the Acquisition of Data and Access to Information in the Central Systems

Establish a well-structured and coordinated approach for the development of a reference catalogue of devices and solutions for the acquisition of data and access to information
- Definition and adoption of a set of technical and user requirements that equipment needs to meet in order to be included in the catalogue;
- Collection of data on devices that are either 'in use', 'tested' or otherwise have proven to be of support to the operational business processes of relevant JHA agencies and Member State authorities;
- Establishing a testing lab for technical equipment and solutions used in the acquisition of data and for accessing information (including the testing of alphanumeric/ biometric matching algorithms);
- Timely re-engineering of business processes related to the new systems and interoperability components on the level of Member States to enable testing of equipment and solutions in real-life environments and business processes.

Strengthening Cybersecurity through Standards

Safeguarding the integrity, security and resilience of infrastructures, networks and services
- Improve the resilience and protection of services and infrastructure in terms of enhanced boundary protection, resilience of infrastructure through modern compute technologies, web service and cloud security as well as token based access control mechanisms;
- Develop a raised common level of network and information systems security, through the development of standard architecture models and artefacts, the adoption of common security control frameworks (European Commission Security Policy Framework, NIST 800-53, ISO 27002). The promotion of identities as the new security perimeter, enforcing zero trust and continuous validation concepts, and incorporating security by default as well as security by design principles will also be part of said developments. Last but not least, enhancing the confidentiality of communication infrastructure leveraging standardised encryption mechanisms will also be included.
Strengthen the ability to prevent, discourage, deter and respond to malicious cyber activity
- Enhance the Security Operations Centre (SOC) capacity, by applying common operational patterns, developing common standard ways to measure and accredit eu-LISA SOC performance;
- Enhance security incident detection and response capabilities by developing common standards on incident response through situational awareness sharing, improving security-monitoring capability, leveraging real time audit and security testing activities (pen testing) and improving cyber threat intelligence through common sources.
Strategic, operational and technical cooperation at European Member State level
- Develop a common collaborative approach to risk management through the use of common cybersecurity standards and the preparation of common security artefacts;
- Promote technical cooperation through threat intelligence and situational awareness sharing, leveraging the operation of collaborative supporting platforms (Cooperation Platform);
- Develop cybersecurity awareness and training activities.

Season's Greetings

Innovation guides and enables us to keep working for...

A Safer Europe, 24/7

Interoperability

Border Management

Secure Travel

End of Year Statement

Looking back at 2020, I describe it with one word - exceptional. It taught us to expect the unexpected and to handle uncertainty better. COVID-19 forced us to change our daily routines and operating model to a new reality. I am proud to say that, despite the challenges, the Agency showed high resilience, agility and focus on its mission – to contribute to the efforts of the Member States to make Europe safer.

Looking ahead at 2021, our journey goes on. We will continue to be the IT engine of the Schengen Area and an enabler in the practical implementation of freedom of movement – an EU citizen's fundamental right - as we persist in our efforts to accelerate digital transformation in the JHA domain.

Wishing you a happy and successful 2021 !

Krum Garkov, Executive Director

Happenings

Upcoming & Past Events

Feb 10-11
Border Security Conference 2021

eu-LISA will present the latest EES developments at SMI's 14^th Annual Border Security Conference, scheduled to take place online.
Feb 2-3
Virtual Conference on Facial Recognition in Criminal Investigations

The TELEFI conference aims to facilitate information exchange on organisational, technical and legal aspects of facial recognition as used in criminal investigations.
Dec 8-10
"Digitalisation of Justice - Interconnection and Innovation" and "Migration 4.0: The Digital Transformation of Migration Management" Online Conferences

eu-LISA's Executive Director was a panellist at the two online conferences organised by the German Presidency of the Council of the European Union.
Nov 24
eu-LISA's 25^th Management Board Meeting

It is now the 3^rd time that the Board's meeting was held fully online. The Board adopted the Agency's Single Programming Document for 2021 to 2023, outlining all the programme- and project-based activities that eu-LISA is to perform to meet its strategic goals.

Read more
Nov 20
eu-LISA and EU JHA Agencies Put Focus on Digitalisation

The Heads of JHA Agencies came together for a virtual annual meeting, where they had a first exchange on Artificial Intelligence and digital capacity building, training tools and innovative learning. "At eu-LISA we firmly believe in the creation of common Artificial Intelligence capabilities that will allow internal and external synergies, as well as JHA domain communities to develop, test, and explore relevant solutions for the future", said eu-LISA Executive Director Krum Garkov.

Read more
Nov 12
FRA and eu-LISA: We Cooperate to Prepare a Better Future

Common goals are the foundation for cooperation between eu-LISA and FRA for the benefit of citizens who gain from innovative technologies as much as from ensured respect for fundamental rights and data protection. The two Agencies signed a multiannual Cooperation Plan, which sets out activities that will provide benefits through joint actions.

Read more
Oct 16
Bilateral Meeting between eu‑LISA and Portuguese Presidency of the EU Team

As part of its cooperation strategy his the EU Council presidencies, eu‑LISA met up with the Portuguese team that will managed the upcoming presidency to provide expertise on topics related to the JHA IT architecture.
Oct 13-15
eu-LISA at the European Security Summit

In his keynote speech, Krum Garkov, Executive Director of eu‑LISA, presented the Agency's involvement and contribution to the cybersecurity field.

Recordings of the event
Sep 30
Smart Borders Explained Conference

Executive Director Krum Garkov presented eu‑LISA's angle on the ESS and the EU Smart Borders programme in a webinar organised by Vision-Box.
Sep 28
eu-LISA to extend its Strasbourg site

eu-LISA, Eurometropol, the Strasbourg City Magistrate and the French Ministry of the Interior formalised a land transfer that will host the extension of our Agency's operational site in Strasbourg.

Read more
Sep 16/23
State of the Union Address

The new Pact on Migration is of particular interest to eu‑LISA and its stakeholders as the current and future IT systems run by the Agency can have a positive impact and provide lasting support to Member States as they handle migration and asylum matters.

Read more and even more
Sep 9
eu-LISA and EASO Sign a Three-Year Cooperation Plan

The two European Union Agencies have signed a multiannual Cooperation Plan, which sets out actions and activities that will enhance the cooperation and highlight the results of both parties from 2020 to 2022.

Read more
Aug 27
Estonian Information System Authority Visits eu‑LISA

A delegation from the Estonian Information System Authority (RIA / Riigi Infosüsteemi Amet) and CERT-EE (Computer Emergency Response Team Estonia) visited the Agency's headquarters in Tallinn.

Read more

eu-LISA - The Schengen Area Information Engine

The European Union Agency eu-LISA became operational in 2012 to manage large-scale information systems in the area of freedom, security and justice. Today, we are at the forefront of Europe's information-driven border management and internal security, facilitating the implementation of one of EU citizens' fundamental rights - the right to free movement within the Schengen Area.

The headquarters of eu-LISA are in Tallinn, Estonia, whilst its operational centre is in Strasbourg, France. There is also a technical business continuity site for the systems under management based in Sankt Johann im Pongau, Austria, and a Liaison Office in Brussels, Belgium.

Photo Gallery

Photo Gallery

AI Initiatives at eu-LISA

Season's Greetings

Border Security Conference 2021

Virtual Conference on Facial Recognition in Criminal Investigations

"Digitalisation of Justice - Interconnection and Innovation" and "Migration 4.0: The Digital Transformation of Migration Management" Online Conferences

eu-LISA's 25th Management Board Meeting

eu-LISA and EU JHA Agencies Put Focus on Digitalisation

FRA and eu-LISA: We Cooperate to Prepare a Better Future

Bilateral Meeting between eu‑LISA and Portuguese Presidency of the EU Team

eu-LISA at the European Security Summit

Smart Borders Explained Conference

eu-LISA to extend its Strasbourg site

State of the Union Address

eu-LISA and EASO Sign a Three-Year Cooperation Plan

Estonian Information System Authority Visits eu‑LISA

eu-LISA's 25^th Management Board Meeting