Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second generation Schengen Information System (SIS II)

CHAPTER I GENERAL PROVISIONS

Article 1 Establishment and general purpose of SIS II

A second generation Schengen Information System (‘SIS II’) is hereby established.

The purpose of SIS II shall be, in accordance with this Regulation, to ensure a high level of security within the area of freedom, security and justice of the European Union, including the maintenance of public security and public policy and the safeguarding of security in the territories of the Member States, and to apply the provisions of Title IV of Part Three of the Treaty relating to the movement of persons in their territories, using information communicated via this system.

Article 2 Scope

This Regulation establishes the conditions and procedures for the entry and processing in SIS II of alerts in respect of third-country nationals, the exchange of supplementary information and additional data for the purpose of refusing entry into, or a stay in, a Member State.

This Regulation also lays down provisions on the technical architecture of SIS II, the responsibilities of the Member States and of the management authority referred to in Article 15, general data processing, the rights of the persons concerned and liability.

Article 3 Definitions

For the purposes of this Regulation, the following definitions shall apply:

‘alert’ means a set of data entered in SIS II allowing the competent authorities to identify a person with a view to taking specific action;
‘supplementary information’ means information not stored in SIS II, but connected to SIS II alerts, which is to be exchanged:
1. in order to allow Member States to consult or inform each other when entering an alert;
2. following a hit, in order to allow the appropriate action to be taken;
3. when the required action cannot be taken;
4. when dealing with the quality of SIS II data;
5. when dealing with the compatibility and priority of alerts;
6. when dealing with rights of access;
‘additional data’ means the data stored in SIS II and connected with SIS II alerts which are to be immediately available to the competent authorities where a person in respect of whom data has been entered in SIS II is located as a result of searches made therein;
‘third-country national’ means any individual who is neither:
1. a citizen of the European Union within the meaning of Article 17(1) of the Treaty;
  nor
2. a national of a third country who, under agreements between the Community and its Member States on the one hand, and these countries, on the other, enjoys rights of free movement equivalent to those of citizens of the European Union;
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly;
‘processing of personal data’ (‘processing’) means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

Article 4 Technical architecture and ways of operating SIS II

SIS II shall be composed of:

a central system (‘Central SIS II’) composed of:
- a technical support function (‘CS-SIS’) containing a database, the ‘SIS II database’;
- a uniform national interface (‘NI-SIS’);
a national system (the ‘N.SIS II’) in each of the Member States, consisting of the national data systems which communicate with Central SIS II. An N.SIS II may contain a data file (a ‘national copy’), containing a complete or partial copy of the SIS II database;
a communication infrastructure between CS-SIS and NI-SIS (the ‘Communication Infrastructure’) that provides an encrypted virtual network dedicated to SIS II data and the exchange of data between SIRENE Bureaux as referred to in Article 7(2).

SIS II data shall be entered, updated, deleted and searched via the various N.SIS II systems. A national copy shall be available for the purpose of carrying out automated searches in the territory of each of the Member States using such a copy. It shall not be possible to search the data files of other Member States' N.SIS II.

CS-SIS, which performs technical supervision and administration functions, shall be located in Strasbourg (France) and a backup CS-SIS, capable of ensuring all functionalities of the principal CS-SIS in the event of failure of this system, shall be located in Sankt Johann im Pongau (Austria).

CS-SIS shall provide the services necessary for the entry and processing of SIS II data, including searches in the SIS II database. For the Member States which use a national copy, CS-SIS shall:

provide the on-line update of the national copies;
ensure the synchronisation of and consistency between the national copies and the SIS II database;
provide the operations for initialisation and restoration of the national copies.

Article 5 Costs

CHAPTER II RESPONSIBILITIES OF THE MEMBER STATES

Article 6 National Systems

Article 7 N.SIS II Office and SIRENE Bureau

Article 8 Exchange of supplementary information

Article 9 Technical compliance

Article 10 Security – Member States

Article 11 Confidentiality – Member States

Article 12 Keeping of records at national level

Article 13 Self-monitoring

Article 14 Staff training

CHAPTER III RESPONSIBILITIES OF THE MANAGEMENT AUTHORITY

Article 15 Operational management

Article 16 Security

Article 17 Confidentiality – Management Authority

Article 18 Keeping of records at central level

Article 19 Information campaign

CHAPTER IV ALERTS ISSUED IN RESPECT OF THIRD-COUNTRY NATIONALS FOR THE PURPOSE OF REFUSING ENTRY AND STAY

Article 20 Categories of data

Article 21 Proportionality

Article 22 Specific rules for entering, verification or search with photographs and fingerprints

Article 23 Requirement for an alert to be entered

Article 24 Conditions for issuing alerts on refusal of entry or stay

Article 25 Conditions for entering alerts on third-country nationals who are beneficiaries of the right of free movement within the Community

Article 26 Conditions for entering alerts on third-country nationals subject to restrictive measures

Article 27 Authorities having a right to access alerts

Article 27a Access to data in SIS II by Europol

Article 27b Access to data in SIS II by the European Border and Coast Guard teams, teams of staff involved in return-related tasks, and members of the migration management support teams

Article 28 Scope of access

Article 29 Retention period of alerts

Article 30 Acquisition of citizenship and alerts

CHAPTER V GENERAL DATA-PROCESSING RULES

Article 31 Processing of SIS II data

Article 32 SIS II data and national files

Article 33 Information in the event of non-execution of an alert

Article 34 Quality of the data processed in SIS II

Article 35 Distinguishing between persons with similar characteristics

Article 36 Additional data for the purpose of dealing with misused identity

Article 37 Links between alerts

Article 38 Purpose and retention period of supplementary information

Article 39 Transfer of personal data to third parties

CHAPTER VI DATA PROTECTION

Article 40 Processing of sensitive categories of data

Article 41 Right of access, correction of inaccurate data and deletion of unlawfully stored data

Article 42 Right of information

Article 43 Remedies

Article 44 Supervision of N.SIS II

Article 45 Supervision of the Management Authority

Article 46 Cooperation between National Supervisory Authorities and the European Data Protection Supervisor