The SIS is the most widely used and largest information sharing system for security and border management in Europe that allows the competent authorities of participating Member States to enter and consult alerts on persons or objects.
In March 2023 a new legal framework came into force. The SIS is composed of a central system ("Central SIS II"), a national system (the "N.SIS II") in each Member State (the national data systems that will communicate data with the Central SIS II), and a communication infrastructure between the central system and the national systems providing an encrypted virtual network dedicated to SIS II data and the exchange of data, including supplementary information between the authorities responsible for similar data exchanges (SIRENE Bureaux).
The system establishes communication amongst most EU member states and the Schengen associated countries and provides end-users with access to real time information. It is a vital factor in the smooth running of the Schengen area. It contributes to the implementation of the provisions on returns, border control, the free movement of persons and to police and judicial cooperation in criminal matters.
Legal Basis
The system assists the competent authorities in Europe to preserve internal security in the absence of internal border checks. The scope of SIS is defined in three legal instruments:
• Regulation (EU) 2018/1860 of the European Parliament and of the Council of 28 November 2018 on the use of the Schengen Information System for the return of illegally staying third-country nationals
• Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006
• Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU
Personal data processed in the SIS
Pursuant to the provisions of the SIS legal framework, information in the form of alerts concerning persons, objects, vehicles and documents is processed. When the alert concerns a person, the information includes:
• Identification data: Data required to identify the person sought and other information relevant for the end user carrying out a search. The alert may also include data on misused identity victims (where applicable).
Identification documents: Data describing the identification document of the person who is the subject of the alert – a copy of the document can be attached.
• Alert reason: A ‘reason for the alert’, describing, in a structured way, why the person is sought.
• Required action: An ‘action to be taken’, describing, in a structured way, what the officer must do when the person is found.
• Case information: Information about the case e.g., authority authorising the entry of the alert, the case reference number etc. The copy of the European Arrest Warrant (EAW) of a person wanted for arrest is also attached to alerts for arrest for surrender
• Information on objects related to persons: Data on objects entered in SIS to locate a person who is the subject of an alert, for example the vehicle used by the person sought.
• Photographs: Photographs of the person who is the subject of the alert.
• Fingerprints and palm prints: Dactyloscopic data (fingerprints and/or palm prints) for the person who is the subject of the alert
• Fingermarks and palmmarks: Dactyloscopic data (fingermarks and/or palmmarks) discovered at crime scenes.
• DNA profile: DNA profile of the person who is the subject of the alert or family members (only in case of missing persons who need to be placed under protection).
The SIS legal framework lays down the reasons where an alert containing personal data may be issued on the system, with respect to different categories of persons.
Such are retained until the purpose for which they were issued is fulfilled. Nevertheless, Member States are obliged to review the need to keep an alert periodically.
List of alerts and the respective periodic review period:
| Alerts on persons who are subject to a European Arrest Warrant or other warrant for surrender (Norway and Iceland)/Extradition Request (Switzerland and Liechtenstein) (Persons wanted for arrest). |
Article 26 |
5 years |
|---|
| Alerts to find missing persons, including children, and to place them under protection if lawful and necessary (Missing persons). |
Points (a) and (b) of Article 32(1) |
5 years |
|---|
| Alerts to find out the place of residence or domicile of persons sought to assist with criminal judicial procedures (for example witnesses, persons summoned to appear in Court or who are to be served with a criminal judgment or serve a penalty involving deprivation of liberty) (Persons sought to assist with a judicial procedure). |
Article 34 |
3 years |
|---|
| Alerts for the identification of unknown persons wanted in relation to terrorist offences or other serious crimes under investigation (Unknown wanted persons). |
Article 40 |
3 years |
|---|
| Alerts to prevent children at risk from being abducted or going missing (Children at risk of being abducted by parents, relatives, or guardians). |
Points (c) of Article 32(1) |
1 year |
|---|
| Alerts for the protection of vulnerable people (adults or children) from being taken unlawfully abroad or to prevent them from travelling without the necessary authorisations (Vulnerable persons whose travel must be prevented). |
Points (d) and (e) of Article 32(1) |
1 year |
|---|
| Alerts to obtain information on persons or related objects for the purposes of prosecuting criminal offences and for the prevention of threats to public or national security (Persons and objects for discreet, inquiry or specific checks). |
Article 36 |
1 year |
|---|
| Alerts on objects (for example vehicles, travel documents, number plates and industrial equipment) being sought for seizure or use as evidence in criminal proceedings, and Alerts on travel documents for preventing the holders of such documents from travelling (Objects for seizure or use as evidence in criminal procedures). |
Article 36 and 38
Articles 26, 32, 34, and 36 (if linked to an alert on a person) |
10 years
the same review period of the linked alert on the person
|
|---|
What are your rights in relation to your personal data processed in the SIS?
The SIS legal framework lays down the rights of persons in relation to the personal data processed in the system and which could be exercised in accordance with the national law of the respective country. In Malta, the applicable laws are the Data Protection (Processing of Personal Data by Competent Authorities for the Purposes of the Prevention, Investigation, Detection or Prosecution of Criminal Offences or the Execution of Criminal Penalties).
Regulations (Subsidiary Legislation 586.08) and the GDPR when the processing is conducted for other purposes.
Any person has the right to:
- request access to personal data relating to him/her entered in the SIS
- request the correction of factually inaccurate personal data relating to him/her or the deletion of his/her personal data in the case of unlawfully stored information
- the right to lodge a complaint with the Information and Data Protection Commissioner (IDPC) or to request verification of lawfulness of the processing
In order to facilitate the exercise of your rights and to be able to handle request more efficiently, you are solicited to use the model letters found on the left side of this page.
For more information about your rights and how to exercise them
click here.