Interoperability – Building Digital Resilience for the EU Justice and Home Affairs Community
The event focused on the paradigm shift introduced by interoperability, one of the EU Justice and Home Affairs domain’s top priorities, and reflected on aspects pertaining to its technical implementation. The panellists explored how the JHA community can benefit from an enhanced focus on innovation and technology as well as on the potential influence of innovation and the latest technological solutions to policy-making at EU and national levels. Possible implications from the COVID-19 pandemic on the acceleration of of digital transformation, as well as benefits and possibilities for the law enforcement sector stemming from the new information architecture were also discussed. We welcomed high-level representatives of EU Institutions and Agencies as well as practitioners from the Member States and other interested parties at our largest-ever event. More than 600 participants reflected on the opportunities, challenges and perspectives being brought forth from building digital resilience for the JHA community through interoperability. Thank you all for your time and valuable contributions!
Opening Remarks
10:05 – 10:20
Ylva Johansson, Commissioner for Home AffairsIn her opening address Commissioner Johansson expressed her appreciation for the excellent work done by eu-LISA, noting that when the Commission has questions related to ICT, it often turns to eu-LISA for help. In turn, when eu-LISA designs technical solutions, it contacts the Commission to ensure that they are in line with EU law. Such cooperation ensures that proposals of legal instruments are waterproof, not only digitally, but politically and legally. The Commissioner noted that Europe in general relies on eu-LISA as a backbone of the Schengen Area to make the freedom of movement possible.
The pandemic has reminded Europeans of what life would be like without freedom of movement and without Schengen. Commissioner Johansson emphasised that freedom of movement can only work if there is trust, trust that criminals and terrorists can be stopped. The IT systems managed by eu-LISA provide this trust. The area of internal security is moving from the physical to the virtual world, and sharing a common external border means sharing information.
Currently the law enforcement community in Europe can share data via the Schengen Information System (SIS), the Visa Information System (VIS) and Eurodac. In addition to these, eu-LISA is building three new systems – ECRIS-TCN, EES and ETIAS. The systems eu-LISA manages and designs support the Commission’s efforts to better share information and share better information. The Commission is currently preparing the proposals concerning three instruments crucial for the law enforcement community: updating the Prüm Decisions, which allow for the automated checking of DNA, of fingerprints and of license plates; updating the Advance Passenger Information (API) Directive; and implementing the Passenger Name Record (PNR) Directive. Ms Johansson noted that at the moment, 22 percent of passengers are not checked against the Schengen Information System, a situation she called a significant security gap. Interoperability ties all of these initiatives and systems together. The aim should be full interoperability by the end of 2023. The Commissioner welcomed the progress made by Member States and eu-LISA in this project, despite the virus, and she wished everyone a successful conference.
Monique Pariat, Director-General, Directorate General for Migration and Home Affairs
Director-General Pariat thanked eu-LISA and noted that the Agencies and Member States are currently focused on the full implementation of the new information architecture in the JHA domain by the end of 2023. She recalled various milestones of this project, including the Entry/Exit System and ETIAS becoming operational in 2022. In addition, several interoperability components, such as the European Search Portal, Common Identity Repository, Multiple Identity Detector and the shared Biometric Matching Service, shall be developed by 2022 and 2023. Ms Pariat stressed the importance of keeping these deadlines so that Europe delivers the architecture that is demanded by regulations, and noted that recent attacks in Germany, Austria, and France underscored this need. Work must be continued to achieve these objectives, even during the COVID-19 pandemic. She noted that eu-LISA’s commitment to deliver on these challenges is commendable. Ms Pariat also linked the work to the Security Union Strategy. As artificial intelligence has been increasingly misused for digital, political and physical attacks as well as surveillance, the need for cybersecurity has heightened with interoperability. Greater cybersecurity and interoperability ensure the resilience of future systems.
Panel I – Long journey from silos to interoperability – what lies ahead?
10:20 – 11:30
Panel discussion
Kai Schollendorf, Head of Division, Directorate-General for Public Security, Federal Ministry of the Interior, Building and Community, Germany
Olivier Onidi, Deputy Director-General, Directorate-General Migration and Home Affairs, European Commission
Jeroen de Graaf, Programme Director Borders and Security, Ministry of Justice and Security, The Netherlands
Krum Garkov, Executive Director of eu-LISA
Moderator: Joe Lynam
The moderator opened the first panel by introducing the speakers. The initial question about the long journey from silos to interoperability, and what lies ahead was addressed to Kai Schollendorf.
Mr Schollendorf began his talk with the example of international air travel. Travellers wish to travel from A to B and acquire air tickets for this purpose, he noted. From the traveller’s perspective, their trip should take place without queues or the requirement for many forms. Airlines have recognised this and implemented simplified boarding at some airports, called seamless or biometric boarding. He highlighted that in the future, passengers will be able to verify their identity via a smartphone using biometric data. He raised the question of whether the JHA community could expand the feature of seamless boarding into seamless travelling. In future, he suggested, passengers could travel through airports using their biometric data, checking in their luggage, and, after security checks, travel on to any further journey only using biometric facial recognition.
The moderator thanked Mr Schollendorf and introduced Olivier Onidi from DG Migration and Home Affairs.
Mr Onidi thanked the conference organisers and pointed out that it has been a long, tedious journey to achieve interoperability. He said there is a short journey in front of the community to now achieve it. Mr Onidi stated that despite the pandemic, he does not see challenges in getting projects implemented by the 2023 deadline. The interoperability project creates a strong bond that federates the EU Member States in not only creating a common architecture but in reviewing the way procedures and the operational reality at borders are being conceived. Not only will there be capacity to have right information at the borders or on the streets, but interoperability will also support a fundamental change in how to provide border controls and security for public spaces. This is the main added value of interoperability, Mr Onidi concluded.
Mr Lynam thanked Mr Onidi and introduced Jeroen de Graaf from the Dutch Ministry of Justice and Security.
Mr de Graaf introduced himself by noting that he is responsible for the implementation of interoperability architecture and regulations regarding borders and internal security in the Netherlands. In the past, data was organised within silos, yet the new regulations have built a horizontal system, instead of a vertical one, creating challenges from the organisational and operational side. He stressed that these changes are not only being made from the IT standpoint but to benefit citizens. Success can only come when people on the ground can work using these IT tools and achieve the required results. Achieving interoperability will take a lot of effort and requires political, financial and IT support, Mr de Graaf concluded.
Mr Lynam thanked Mr Graaf and introduced Krum Garkov, Executive Director of eu-LISA.
Mr Garkov began by saying that interoperability is not a random initiative, but rather it is the EU response to the undergoing transformation of internal security, border management and migration management. On one hand it is dependent on digital technologies and data management systems, but its efficiency depends on information exchange. The old silo approach can no longer address the challenges of today nor prepare for the challenges of tomorrow, said Mr Garkov. However, interoperability is a paradigm shift, moving from border, migration and internal security management based on physical assets towards operations based on digital assets. Interoperability is not just a technical initiative, but a big transformation programme for the JHA domain. It will change how practitioners work in the future. He said that the success of these initiatives will depend on the trust that authorities will be able to build in society, and on people´s belief that the smart systems put in place will be used for legitimate purposes and will contribute to the security and safety of EU citizens, while safeguarding individual rights and personal data.
In the ensuing discussion, the moderator asked how innovation could better support the policy objectives and needs of practitioners in the JHA domain.
Mr Schollendorf responded that innovation could support practitioners, particularly in the biometrics sector. Biometrics will be able to speed up border controls, speed up business processes, and will offer many new opportunities in the JHA sector in both border management and immigration management, as well as for the police.
Mr de Graaf agreed with Mr Schollendorf that innovative technologies like big data, artificial intelligence (AI) and robotics can change lives. AI in particular can offer opportunities but also has a downside in respect to privacy, the rule of law, and freedom of movement. He mentioned the issue of generating deep-fake messages as a downside of using innovative systems. Authorities will have to take into consideration the balance between innovation, automation, and personal data. From a public policy perspective, deploying and developing digital tools has to go forward, but fundamental rights should also be safeguarded. Mr de Graaf suggested taking an incremental approach to develop innovation and see how it impacts rights.
The moderator put the same question to Mr Onidi, specifically mentioning the issue of deep-fakes.
Mr Onidi agreed that criminals are increasingly using technology and said that there is an important responsibility to ensure that authorities develop the right tools to provide additional layers of security to citizens. At the same time innovation is also a fundamental aspect that needs to be rolled out to make the lives of citizens easier, he said. One way of doing that is to facilitate mobility by using biometrics and other tools to check travellers at borders. Mr Onidi called the interoperability project an eye-opener on the necessity to collectively build up and roll out technology in the JHA domain of the EU. He noted that in multiple initiatives, including the Security Union Strategy, Counterterrorism Agenda, and the reform on Schengen, there is a strong embedded technology aspect. One major obstacle, Mr Onidi noted, is the conflict between privacy and fundamental rights and some of the technology that is needed to achieve interoperability. Mr Onidi said that using a dedicated framework such as AI, and ensuring that framework is used to create more security will also enhance trust in authorities and in these tools. Mr Onidi highlighted that EU Agencies, such as eu-LISA, are critical to achieving that.
The moderator thanked the speakers and continued by asking Mr Garkov about his vision for the future of the JHA area. He referred specifically to biometric boarding.
Mr Garkov answered that current initiatives are milestones of the journey but not the journey itself. Interoperability architecture will create many new opportunities. He noted that the new Security Union Strategy is focused on building a new ecosystem for security in the EU, and that interoperability will be a building block in this regard. He also stated that it is important not to limit discussions to the Home Affairs domain only. The Justice domain should also be digitalised at the same pace as Home Affairs. In addition, there should be synergies with customs and the digital single market. As such, the interoperability journey will continue, but will require not only technology innovation but political vision as well.
The same question was put to Mr de Graaf.
Mr de Graaf started by saying that authorities in the Netherlands strongly believe that the use of digital technologies, not only in the field of law enforcement and immigration, but also in economic affairs will lead to a more secure and prosperous Europe. This, however, should be implemented by providing opportunities for research, innovation, operational use, and combining those together, while at the same time addressing all relevant aspects such as transparency, accountability, reliability, and oversight to achieve common European goals. It is important to consider a human-centred approach for all these efforts, Mr de Graaf noted, keeping in mind that the target groups are employees and staff members, but also designers, and there is a need to support them in their innovation. To get things right, the community will have to experiment a lot and convince the public that the new technologies can be secure, better, and faster.
Mr Lynam then gave the floor to Mr Schollendorf, referring to Mr de Graaf’s point about human-centred technology and the German concerns about sharing personal data. He asked about how the German authorities are considering how technology works and how it works with human beings.
Mr Schollendorf supported Mr de Graaf’s concept of a human-centred approach. He noted that while he favours seamless travel and the uptake of biometrics, this does not mean that GDPR or the Charter of Fundamental Rights should not be respected. Legal instruments should be further developed. He noted that registration for hotels was digitised in Germany last year. Though the public was concerned about data protection, he found such technologies can make lives better, easier, and allow us to devote time to more important things than paperwork and presenting passports.
Mr Lynam noted that it will be difficult for the European Commission to manage Member States that want new laws on data sharing versus those who are concerned about data privacy, and gave the floor to Mr Onidi for comments.
Mr Onidi said that DG Home Affairs shares the concern about data protection and underlined that interoperability and personal data rights are not in opposition. When the technology is deployed, when it is explained and developed in full transparency and dialogue, such as the involvement of the EU Agency for Fundamental Rights (FRA), citizens will have an understanding and a growing level of confidence. He said that easier processing at borders might help to support trust in the new systems as travellers see the benefits. It is about seamless borders, better protection of public spaces, better use of the cyber dimension, and also about the potential to equip those who provide security to citizens with the same tools that criminals are using. The framework of data protection does not block these advances, he said.
Mr Lynam then asked Mr Garkov how the COVID-19 crisis had impacted digital transformation in the Justice and Home Affairs domain.
Mr Garkov said that one of the positive side effects has been that it accelerated digital transformation, not only in the JHA domain, but in general. It forced all JHA Agencies to rethink their operational models and procedures and embed more digital technologies in order to continue working and to deliver their objectives and daily tasks. Mr Garkov believes this trend will continue after the crisis and will be a key enabler of acceleration of digital transformation.
Mr Lynam then asked a question posed by the audience: “Many airlines are asking for health certificates to travel. Would it be possible to find a standard rapid test to automate laboratory tests so we share that information in applications when we travel to offer seamless travel to citizens?”
Mr de Graaf found the question very relevant. He said there is an enormous acceleration of new ways of performing in these times. He noted the Dutch government has tried to support those initiatives. IATA is working on a common health passport one can travel with. He said it will be inefficient to have several health passports and not to accept each other’s.
Mr Lynam asked Mr Schollendorf if COVID-19 accelerated digital transformation in the JHA domain.
Mr Schollendorf agreed that the pandemic has accelerated transformation. He noted that people might be apprehensive about sharing fingerprints and therefore facial imaging could be considered as an alternative. The changes brought by the pandemic will help to develop technologies. Common standards will also be found that will help to trigger new innovation and technologies.
There is no turning this back, nor any need to turn this back. After the pandemic, we will still see those benefits, he said.
Mr Lynam continued by asking Mr Schollendorf if working from home made designing future interoperability better.
Mr Schollendorf answered that it changed the way people work, as they have been more used to working in a common space and providing and receiving immediate feedback. Therefore, it has been difficult to work remotely. Technology can help by providing better chat functions and teams will soon work at the same pace as they did before, Mr Schollendorf suggested.
Mr Lynam then asked Mr Onidi if the COVID-19 crisis had accelerated digital change in the JHA area.
Mr Onidi pointed out that in general, all teams in all Member States have been good at adjusting, even though they have lost time. They have also seen how criminals have skilfully exploited cyberspace, which has pushed law enforcement and judicial authorities to accelerate modernisation in response to this. This has caused authorities to turn to the EU for mutual forms of technical assistance and decisive joint analysis in order to help Member States’ authorities in this regard. There has also been a call for developing digitalisation in the sense that there is less contact with people due to the pandemic. Also related to COVID-19, authorities understand that if they reopen, they will need to digitise travel locator forms, testing results, and digitalise procedures at borders to limit the spread of the virus.
The moderator continued with a question from the audience: “How is the EU ensuring interoperability with globally deployed and utilised systems?”
Mr Onidi said that this is the next step, but that first there is a need to organise within the EU, as well as within the modernised Schengen Area. There is a need for a comprehensive travel facilitation programme to harmonise procedures within the EU and internationally. He continued by saying that the work done by organisations like SITA, Amadeus and IATA is critical because it gives authorities a good overview of the concepts and tools that are being developed outside of the EU.
Mr Lynam then asked Mr Garkov the same question about interoperability in global context.
Mr Garkov said there is a need for interoperability to be successful in Europe before looking further afield. He noted that interoperability comes with clear standards from a technical point of view. When it is deployed and operational in Europe, there will be no obstacle to extend interoperability further and make it global. The main challenges are not technologies, but gaining the trust and political will to enable data exchange and to operationalise that through respective legislation.
Mr Lynam then put another question from the audience to Mr de Graaf: “Is there a harmonised or shared definition for digital resilience within the EU’s JHA community?”
Mr de Graaf said that he was not aware if there was one, and if it is lacking at European level it should be created. He pointed out that there are several security regulations in the Netherlands.
Mr Lynam then asked a question from the audience about the high error rate of facial recognition technology and bias toward darker skinned men and women, and the implications for fundamental rights.
Mr Schollendorf said that these issues need to be taken seriously and solutions need to be found. He said that systems are not often biased, but the data used to train them is not comprehensive. He acknowledged that there are difficulties in achieving this, but said it is worth trying to take the systems and make them work.
Mr Lynam thanked the panel and closed the morning session. 
Panel II – The new information architecture in the JHA domain: endless possibilities?
12:15 – 13:25
Rob Rozenburg, Head of Police Cooperation and Information Exchange Unit, DG Migration and Home Affairs, European Commission
Adriano Silvestri, Programme Manager in the Asylum and Migration, Technical Assistance and Capacity Building Unit, FRA
Jürgen Ebner, Deputy Executive Director, Governance Directorate, Europol
François Laruelle, Head of ETIAS and Interoperability Task Force, Frontex
Dieter Schürmann, State Director of Criminal Investigation of the State North Rhine-Westphalia
Birgit Sterzenbach, Senior Police Officer, State Police of North Rhine-Westphalia, Germany
Sören Clerton, Deputy Police Commissioner, Sweden
Moderator: Joe Lynam
Mr Rozenburg began by stating that, when looking at interoperability from a business perspective, the goal is obtaining more certainty about the identity of a person. He noted that Europe has all kinds of information in all kinds of systems, but what border guards and migration authorities really need to know is if that person standing in front of them is who they claim to be, or if they are using a false identity. In recent years a lot of progress has been made to achieve this goal. Existing systems have been strengthened, new systems have been built and they have been made interoperable, but there are remaining gaps that will need to be addressed in the coming years. One example, he pointed out, is Advanced Passenger Information (API) which could be better used in the future by linking it to other information sources, such as Passenger Name Record (PNR). By linking API with PNR, the quality of PNR data will improve, especially when linked to the Common Identity Repository and Multiple Identity Detector. Another example, said Mr Rozenburg, is Prüm, which is used by Member States to exchange data regarding fingerprints, DNA and vehicle registration. The community needs to contemplate connecting the Prüm exchange mechanism to some of the interoperability components. Mr Rozenburg concluded by stating that both API and Prüm are in DG HOME’s Work Programme for 2021.
Mr Lynam then gave the floor to Mr Adriano Silvestri to provide FRA’s view on human rights-related challenges that the new information architecture may bring.
Mr Silvestri highlighted three points in his contribution. First, he said he was happy to see that fundamental rights were being discussed during the conference on interoperability. He noted that the architecture of these large-scale IT systems is regulated by EU law, and everything regulated by EU law has to respect the provisions of the Charter of Fundamental Rights. His second point was that we should not see fundamental rights as an obstacle to interoperability and the new way of working. In his third point, he highlighted fundamental rights-related challenges. These included improving data quality; empowering the data subject who might be affected by wrong data to effectively get mistakes fixed; helping migrants in vulnerable situations who might be reticent to report information to law enforcement; risks of discrimination; and a general need for transparency.
Mr Lynam then asked Mr Jürgen Ebner if the data silos would be broken up by a new interoperability approach.
From a technology perspective, Mr Ebner said he had no doubt the old data silos will be broken, but that the success of new tools will depend on the technical solutions that are prepared and how they will be used by the end users. It is all about bringing the right information at the right time to the right person, so that the police officer, investigator, or analyst has access to the information needed to perform their jobs. The new technology should serve this perspective.
Mr Lynam continued by giving the floor to Mr François Laruelle to address the same question: “Would silos be broken up by a new interoperability approach?”.
Mr Laruelle began by noting that there is no definitive answer as the question is more complicated than a mere yes or no choice. The interoperability regulations and the interoperability components developed by eu-LISA were certainly necessary measures but not a guarantee that the silos would be broken. To achieve this, a revision and redesigning of business processes with the full understanding of the capabilities of the new architecture is needed. In addition to the technical implementation, applying those new business processes should be done in a smart way. The data should be presented to end users in a way that makes their tasks easier and helps them perform the optimised number of tasks. Implementing interoperability is not a mere IT-activity; the end users of the systems shall receive training and should understand this to be a new instrument for their work and embrace these new capabilities. Mr Laruelle suggested that after the initial period of usage of the interoperability instruments, an assessment will be needed to determine which use-cases have been missed and need to be added to the package.
Continuing the discussion, Mr Lynam enquired from Mr Dieter Schürmann if the benefits of new information architecture outweigh the challenges of redesigning business processes at the national and EU levels.
Mr Schürmann noted that German police officers currently enquire at headquarters in order to get valid information, and in most cases they do not receive the information needed. He recalled that Anis Amri, the Tunisian national responsible for the 2016 Berlin Christmas market attack, used 15 to 20 different identities, and was able to move from Germany to the Netherlands and then to Italy before he was apprehended. Looking to the future, authorities will be able to more quickly process their searches and obtain higher quality data. To achieve this objective, requiring a change to the national IT systems architecture, will be a challenge, but it is worthwhile for the reasons of efficiency that have been mentioned.
Mr Sören Clerton replied to the same question by stressing the importance of creating a user-friendly system, that is easy to use for the ordinary policeman. All uniformed officers in Sweden have smartphones and can check car registrations with them, but the new interoperability system will add to the possibilities. Using biometric data is key, as without it, it is very difficult to state the identity of persons, since many people have a number of identities.
Mr Lynam then asked Ms Birgit Sterzenbach to highlight the key findings of her Masters thesis on interoperability.
Ms Sterzenbach noted that the aim of her thesis was to provide an overview of comprehensive measures and innovations of EU information systems deriving from the new regulations. Her research question focused on the added value of new interoperability regulations in the field of combating terrorism and other serious crimes for law enforcement authorities in North-Rhine Westphalia. Her research outlined that legal, technical and organisational levels of interoperability are closely linked, are complex, and pose a number of challenges. Ms Sterzenbach focused on four problem areas: data quality, data protection requirements, technical challenges, and national requirements and challenges. She said data quality is a crucial requirement for police work as well as from the perspective of affected persons. The interoperability regulations provide several rules to enhance data quality, including the implementation of the shared Biometric Matching Service (sBMS) and the Multiple Identity Detector (MID). Beyond that, eu-LISA is responsible for establishing automated data quality mechanisms and procedures for data systems. Only data that fulfil minimum quality standards may be entered into the systems. Ms Sterzenbach said she came to the conclusion that EU-wide standardisation of data quality is the most effective way to guarantee data quality in all systems.
Mr Lynam put a question to Ms Sterzenbach on how one protects fundamental rights in this context.
Ms Sterzenbach acknowledged criticism, arguing that with interoperability the purpose limitation will be removed, but said that EU legislation has put in place security measures to ensure that law enforcement authorities have access only to relevant data. These measures include privacy by design, privacy by default, and a two-stage “hit/no hit” procedure. Requesting Member States also only receive messages that data is available and additional information is only transmitted with the normal means of mutual legal assistance.
Mr Lynam asked Mr Adriano Silvestri if the “hit/no hit” procedure reassured concerns about fundamental rights.
Mr Silvestri started by noting that the interoperability regulation mentions data protection 41 times, fundamental rights 15 times, and non-discrimination seven times. He said this was evidence that the regulation contains safeguards on how to apply new technologies in a way that respects the Charter and more specifically the protection of personal data. He also noted that as yet there is no comparison possible with regard to the impact of the new regulations on the fundamental rights of individuals, but that the Commission has put the instruments in place to evaluate any impact on an ongoing basis.
Mr Lynam drew a question from the audience about future interconnection with the intelligence community and put it to Mr Rob Rozenburg.
Mr Rozenburg noted that a lot of information is in the remit of the national legislation of Member States, or in the remit of Europol. He said there are existing mechanisms to cooperate in that field, but the data included in the IT systems of the JHA domain is a different type of data, not so much connected to the investigations. Referring to the previous question, he noted the tendency to equate fundamental rights with data protection, but said this equivalence was wrong as data privacy typically falls under the right of security, which is just one right outlined in the Charter. On the question on silos, he agreed that on the technical and operational side, silos could and should be broken, but when it concerned the legal basis, silos also serve the objectives of data protection. All these systems will be kept separate, as they all have their own separate legal instruments that by themselves support the objective of data protection.
Mr Lynam continued the discussion by asking Mr Clerton if the new identity management is key to success in improving internal security.
Mr Clerton said it was one important key factor. By creating an interoperable system linked to other EU systems, law enforcement will be provided with more possibilities. Using biometric data could also assist police and other law enforcement agencies in protecting the EU against criminals and terrorism. Mr Clerton said he looked forward to having the new identity management tool available, and stressed once more that it must be user friendly and that law enforcement must be informed of the advantages of using it.
Mr Lynam posed the same question about the new identity management to Mr Ebner.
Mr Ebner was convinced that proper identity management is key for successful work by law enforcement, in both the preventive and investigative aspects. In the past, multiple identities were used and not detected in some terrorist cases. Mr Ebner also pointed out that by interconnecting these systems, the hits will increase, resulting in an increased flow of necessary information. The community therefore needs to consider automation tools.
The moderator continued with a question addressed to Mr Laruelle enquiring about the requirements the private technology industry should fulfil in the creation of digital identities for travel so they could be shared with and accepted by Frontex.
Mr Laruelle replied that Frontex will ultimately need to have documents that are legal, supported by rules of law in issuing countries, and in line with European legislation.
Mr Lynam then asked Mr Schürmann a question received from the audience about the way interoperability will impact law enforcement, especially with regard to the cross-border sharing of data.
Mr Schürmann gave an assurance that interoperability will improve cross-border data exchange quickly. In Germany, authorities are focused on people involved with radical Islam, some of whom might be preparing to be assassins. These individuals of focus often move between Germany, the Netherlands, and Belgium, but authorities currently lack linked information systems, a problem solved by cross-border data exchange.
Mr Lynam then asked Mr Rozenburg a question from the audience: “When can we expect to merge the API and PNR directives and what parts of Prüm could be relevant for interoperability?”
Mr Rozenburg said he does not believe the legal instruments of API and PNR will ever be merged as they serve their own purposes and have their own rules and safeguards. However, they should be combined at the technical and operational level, and DG Home Affairs is currently conducting an impact assessment in this respect. By the middle of next year, there may be a proposal put forth by the Commission on this matter.
Closing remarks
13:25 – 13:35
Günter Krings, Parliamentary State Secretary, Federal Ministry of the Interior, Germany
Mr Krings opened his remarks by stressing that Europe has common values but also common dangers. Neither viruses nor criminals stop at national borders, he said, adding that within the Schengen Area, national security efforts are currently not enough. Instead, close cooperation between all authorities at the European Union level is needed. The aim should be that every police officer and every immigration and visa authority knows who is coming to Europe and who is staying here. Recent events had demonstrated how multiple identities are used for terrorist attacks and organised crime. He continued by confirming that his Ministry has been active in ensuring that information on identity can be combined in a European core data system, despite some critical voices in the Parliament. He added that just getting political approval though is not enough. The infrastructure developed for interoperability also needs to be implemented efficiently. Creating efficient information systems does not mean throwing as much information as possible into the largest possible pile. Instead it means making sure that the right information is available at the right time to the right persons in the appropriate circumstances. He said that the current discussion around the implementation of the EU interoperability regulations was an important step in dissolving data silos as a product of the 20th century while respecting data privacy. However, this shift requires public trust. The purpose of innovation is to meet people’s needs. The Parliamentary State Secretary concluded that a new system can do away with silos while creating even higher data privacy standards.
Krum Garkov, Executive Director of eu-LISA
Mr Garkov expressed his thanks to the speakers, to the participants of the Conference, as well as to eu-LISA staff and to the German Presidency of the Council for running the event. He summarised that the discussion had explored the long-term vision of digitalisation of the JHA area, as well as the benefits that implementing interoperability between the large-scale IT systems will bring. He specifically highlighted four takeaways from the Conference. First, that digitalisation in the JHA area is more important than ever, especially in the context of the ongoing COVID-19 pandemic. Second, that the community must take advantage of new technologies such as AI, big data, and analytics. Third, AI will be a game-changer when processing large amounts of data, and that the question should not be if but when and how to ethically and legally apply AI. Finally, Mr Garkov said that the implementation of interoperability is not the final destination for the community but just a milestone along the way. He noted the need for the new information architecture to be extended into the justice and customs domains. The Executive Director concluded by thanking all of the Member States as well as the EU institutions and JHA Agencies for their efforts in implementing interoperability in the JHA domain. He summed up by giving a reminder on the goal of implementing the new information architecture by the end of 2023.
Interoperability – Building Digital Resilience for the EU Justice and Home Affairs Community
Opening Remarks
10:05-10:20
Ylva Johansson, Commissioner for Home Affairs
In her opening address Commissioner Johansson expressed her appreciation for the excellent work done by eu-LISA, noting that when the Commission has questions related to ICT, it often turns to eu-LISA for help. In turn, when eu-LISA designs technical solutions, it contacts the Commission to ensure that they are in line with EU law. Such cooperation ensures that proposals of legal instruments are waterproof, not only digitally, but politically and legally. The Commissioner noted that Europe in general relies on eu-LISA as a backbone of the Schengen Area to make the freedom of movement possible. The pandemic has reminded Europeans of what life would be like without freedom of movement and without Schengen. Commissioner Johansson emphasised that freedom of movement can only work if there is trust, trust that criminals and terrorists can be stopped. The IT systems managed by eu-LISA provide this trust.
The area of internal security is moving from the physical to the virtual world, and sharing a common external border means sharing information. Currently the law enforcement community in Europe can share data via the Schengen Information System (SIS), the Visa Information System (VIS) and Eurodac. In addition to these, eu-LISA is building three new systems – ECRIS-TCN, EES and ETIAS. The systems eu-LISA manages and designs support the Commission’s efforts to better share information and share better information. The Commission is currently preparing the proposals concerning three instruments crucial for the law enforcement community: updating the Prüm Decisions, which allow for the automated checking of DNA, of fingerprints and of license plates; updating the Advance Passenger Information (API) Directive; and implementing the Passenger Name Record (PNR) Directive. Ms Johansson noted that at the moment, 22 percent of passengers are not checked against the Schengen Information System, a situation she called a significant security gap. Interoperability ties all of these initiatives and systems together. The aim should be full interoperability by the end of 2023. The Commissioner welcomed the progress made by Member States and eu-LISA in this project, despite the virus, and she wished everyone a successful conference.
Herbert Reul, Minister of the Interior of North-Rhine Westphalia, Germany
Minister Reul thanked eu-LISA for organising the conference and emphasised its importance in the framework of the German EU Council Presidency 2020. In this context, considering the federal system of Germany, the Länder play a significant role in the internal security domain. Mr Reul noted that the two interoperability regulations adopted in May 2019 triggered an enormous administrative, technical and legislative need for action. He recalled recent terrorist attacks in Germany, France and Austria as highlighting the need for the fulfilment of these regulations. The Minister said the regulations are ambitious, as is the timetable for implementing interoperability by the end of 2023, but maintained they are necessary, and that the resulting increased safety will justify the efforts. The identity of third country nationals entering the EU must be verified effectively and without lengthy procedures, by keeping the interference in the freedom of movement to a minimum. Furthermore, the practitioners must be provided with fast and uncomplicated tools with real added value to ensure internal security. Minister Reul thanked the JHA community for its commitment to implementing interoperability and stressed that people expect the authorities to act consistently to ensure security in Europe.
Monique Pariat, Director-General, Directorate General for Migration and Home Affairs
Director-General Pariat thanked eu-LISA and noted that the Agencies and Member States are currently focused on the full implementation of the new information architecture in the JHA domain by the end of 2023. She recalled various milestones of this project, including the Entry/Exit System and ETIAS becoming operational in 2022. In addition, several interoperability components, such as the European Search Portal, Common Identity Repository, Multiple Identity Detector and the shared Biometric Matching Service, shall be developed by 2022 and 2023. Ms Pariat stressed the importance of keeping these deadlines so that Europe delivers the architecture that is demanded by regulations, and noted that recent attacks in Germany, Austria, and France underscored this need. Work must be continued to achieve these objectives, even during the COVID-19 pandemic. She noted that eu-LISA’s commitment to deliver on these challenges is commendable. Ms Pariat also linked the work to the Security Union Strategy. As artificial intelligence has been increasingly misused for digital, political and physical attacks as well as surveillance, the need for cybersecurity has heightened with interoperability. Greater cybersecurity and interoperability ensure the resilience of future systems.
Krum Garkov, Executive Director of eu-LISA
Mr Garkov welcomed attendees and noted that the virtual conference had allowed the accommodation of close to 500 participants, something that would not have been possible in a physical event. He pointed out that the pandemic has changed the way people in society interact and communicate and has made them more reliant on digital technologies. He referenced European Commission’s President Ursula von der Leyen’s recent State of the Union address, in which she said that a next-generation EU is being built. Mr Garkov stressed that digital transformation is an essential building block of this next-generation EU. The digital platforms that eu-LISA is building for Justice and Home Affairs (JHA) will increase the resilience and agility of Member States. Such platforms require efficient and reliable IT solutions, high quality actionable data, and high cybersecurity standards, not to mention mutual trust. eu-LISA contributes to the European project in two main ways: as the digital engine of Schengen and safeguarding freedom of movement.
In the coming months, the utmost priority will be to recover from the impact of the COVID-19 pandemic. In terms of its work in the JHA domain, Mr Garkov said that eu-LISA has been a key player in digital transformation and is in the midst of implementing a new integrated information architecture for internal security and border management that should be in place by the end of 2023. He acknowledged the work as regards interoperability as one of the most complex and ambitious projects in the EU in the last decade. He also noted eu-LISA’s prominent role in the new EU Security Union Strategy and the New Pact on Migration and Asylum. Mr Garkov acknowledged the challenges in implementing changes, but said they could be accomplished with political support, the redesign of business processes, by building capabilities at national and EU levels, and by building trust in society. Mr Garkov thanked the Member States, the European Commission, the European Parliament, the Council Presidency as well as Frontex and Europol for the excellent and transparent cooperation in delivering the JHA community’s common objectives, and wished everyone an inspiring conference.
Panel I – Long journey from silos to interoperability – what lies ahead?
10:20 – 11:30
Panel discussion
Kai Schollendorf, Head of Division, Directorate-General for Public Security, Federal Ministry of the Interior, Building and Community, Germany
Olivier Onidi, Deputy Director-General, Directorate-General Migration and Home Affairs, European Commission
Jeroen de Graaf, Programme Director Borders and Security, Ministry of Justice and Security, The Netherlands
Krum Garkov, Executive Director of eu-LISA
Moderator: Joe Lynam
The moderator opened the first panel by introducing the speakers. The initial question about the long journey from silos to interoperability, and what lies ahead was addressed to Kai Schollendorf.
Mr Schollendorf began his talk with the example of international air travel. Travellers wish to travel from A to B and acquire air tickets for this purpose, he noted. From the traveller’s perspective, their trip should take place without queues or the requirement for many forms. Airlines have recognised this and implemented simplified boarding at some airports, called seamless or biometric boarding. He highlighted that in the future, passengers will be able to verify their identity via a smartphone using biometric data. He raised the question of whether the JHA community could expand the feature of seamless boarding into seamless travelling. In future, he suggested, passengers could travel through airports using their biometric data, checking in their luggage, and, after security checks, travel on to any further journey only using biometric facial recognition.
The moderator thanked Mr Schollendorf and introduced Olivier Onidi from DG Migration and Home Affairs.
Mr Onidi thanked the conference organisers and pointed out that it has been a long, tedious journey to achieve interoperability. He said there is a short journey in front of the community to now achieve it. Mr Onidi stated that despite the pandemic, he does not see challenges in getting projects implemented by the 2023 deadline. The interoperability project creates a strong bond that federates the EU Member States in not only creating a common architecture but in reviewing the way procedures and the operational reality at borders are being conceived. Not only will there be capacity to have right information at the borders or on the streets, but interoperability will also support a fundamental change in how to provide border controls and security for public spaces. This is the main added value of interoperability, Mr Onidi concluded.
Mr Lynam thanked Mr Graaf and introduced Krum Garkov, Executive Director of eu-LISA.
Mr Garkov began by saying that interoperability is not a random initiative, but rather it is the EU response to the undergoing transformation of internal security, border management and migration management. On one hand it is dependent on digital technologies and data management systems, but its efficiency depends on information exchange. The old silo approach can no longer address the challenges of today nor prepare for the challenges of tomorrow, said Mr Garkov. However, interoperability is a paradigm shift, moving from border, migration and internal security management based on physical assets towards operations based on digital assets. Interoperability is not just a technical initiative, but a big transformation programme for the JHA domain. It will change how practitioners work in the future. He said that the success of these initiatives will depend on the trust that authorities will be able to build in society, and on people´s belief that the smart systems put in place will be used for legitimate purposes and will contribute to the security and safety of EU citizens, while safeguarding individual rights and personal data.
In the ensuing discussion, the moderator asked how innovation could better support the policy objectives and needs of practitioners in the JHA domain.
Mr Schollendorf responded that innovation could support practitioners, particularly in the biometrics sector. Biometrics will be able to speed up border controls, speed up business processes, and will offer many new opportunities in the JHA sector in both border management and immigration management, as well as for the police.
Mr de Graaf agreed with Mr Schollendorf that innovative technologies like big data, artificial intelligence (AI) and robotics can change lives. AI in particular can offer opportunities but also has a downside in respect to privacy, the rule of law, and freedom of movement. He mentioned the issue of generating deep-fake messages as a downside of using innovative systems. Authorities will have to take into consideration the balance between innovation, automation, and personal data. From a public policy perspective, deploying and developing digital tools has to go forward, but fundamental rights should also be safeguarded. Mr de Graaf suggested taking an incremental approach to develop innovation and see how it impacts rights.
Mr Schollendorf supported Mr de Graaf’s concept of a human-centred approach. He noted that while he favours seamless travel and the uptake of biometrics, this does not mean that GDPR or the Charter of Fundamental Rights should not be respected. Legal instruments should be further developed. He noted that registration for hotels was digitised in Germany last year. Though the public was concerned about data protection, he found such technologies can make lives better, easier, and allow us to devote time to more important things than paperwork and presenting passports.
Mr Lynam noted that it will be difficult for the European Commission to manage Member States that want new laws on data sharing versus those who are concerned about data privacy, and gave the floor to Mr Onidi for comments.
Mr Lynam then put another question from the audience to Mr de Graaf: “Is there a harmonised or shared definition for digital resilience within the EU’s JHA community?”
Mr de Graaf said that he was not aware if there was one, and if it is lacking at European level it should be created. He pointed out that there are several security regulations in the Netherlands.
Mr Lynam then asked a question from the audience about the high error rate of facial recognition technology and bias toward darker skinned men and women, and the implications for fundamental rights.
Mr Schollendorf said that these issues need to be taken seriously and solutions need to be found. He said that systems are not often biased, but the data used to train them is not comprehensive. He acknowledged that there are difficulties in achieving this, but said it is worth trying to take the systems and make them work.
Mr Lynam thanked the panel and closed the morning session.
Panel II – The new information architecture in the JHA domain: endless possibilities?
12:15 – 13:25
Rob Rozenburg, Head of Police Cooperation and Information Exchange Unit, DG Migration and Home Affairs, European Commission
Adriano Silvestri, Programme Manager in the Asylum and Migration, Technical Assistance and Capacity Building Unit, FRA
Jürgen Ebner, Deputy Executive Director, Governance Directorate, Europol
François Laruelle, Head of ETIAS and Interoperability Task Force, Frontex
Dieter Schürmann, State Director of Criminal Investigation of the State North Rhine-Westphalia
Birgit Sterzenbach, Senior Police Officer, State Police of North Rhine-Westphalia, Germany
Sören Clerton, Deputy Police Commissioner, Sweden
Moderator: Joe Lynam
Mr Lynam then gave the floor to Mr Adriano Silvestri to provide FRA’s view on human rights-related challenges that the new information architecture may bring.
Mr Silvestri highlighted three points in his contribution. First, he said he was happy to see that fundamental rights were being discussed during the conference on interoperability. He noted that the architecture of these large-scale IT systems is regulated by EU law, and everything regulated by EU law has to respect the provisions of the Charter of Fundamental Rights. His second point was that we should not see fundamental rights as an obstacle to interoperability and the new way of working. In his third point, he highlighted fundamental rights-related challenges. These included improving data quality; empowering the data subject who might be affected by wrong data to effectively get mistakes fixed; helping migrants in vulnerable situations who might be reticent to report information to law enforcement; risks of discrimination; and a general need for transparency.
Mr Lynam then asked Mr Jürgen Ebner if the data silos would be broken up by a new interoperability approach.
From a technology perspective, Mr Ebner said he had no doubt the old data silos will be broken, but that the success of new tools will depend on the technical solutions that are prepared and how they will be used by the end users. It is all about bringing the right information at the right time to the right person, so that the police officer, investigator, or analyst has access to the information needed to perform their jobs. The new technology should serve this perspective.
Mr Lynam continued by giving the floor to Mr François Laruelle to address the same question: “Would silos be broken up by a new interoperability approach?”.
Mr Laruelle began by noting that there is no definitive answer as the question is more complicated than a mere yes or no choice. The interoperability regulations and the interoperability components developed by eu-LISA were certainly necessary measures but not a guarantee that the silos would be broken. To achieve this, a revision and redesigning of business processes with the full understanding of the capabilities of the new architecture is needed. In addition to the technical implementation, applying those new business processes should be done in a smart way. The data should be presented to end users in a way that makes their tasks easier and helps them perform the optimised number of tasks. Implementing interoperability is not a mere IT-activity; the end users of the systems shall receive training and should understand this to be a new instrument for their work and embrace these new capabilities. Mr Laruelle suggested that after the initial period of usage of the interoperability instruments, an assessment will be needed to determine which use-cases have been missed and need to be added to the package.
Continuing the discussion, Mr Lynam enquired from Mr Dieter Schürmann if the benefits of new information architecture outweigh the challenges of redesigning business processes at the national and EU levels.
Mr Schürmann noted that German police officers currently enquire at headquarters in order to get valid information, and in most cases they do not receive the information needed. He recalled that Anis Amri, the Tunisian national responsible for the 2016 Berlin Christmas market attack, used 15 to 20 different identities, and was able to move from Germany to the Netherlands and then to Italy before he was apprehended. Looking to the future, authorities will be able to more quickly process their searches and obtain higher quality data. To achieve this objective, requiring a change to the national IT systems architecture, will be a challenge, but it is worthwhile for the reasons of efficiency that have been mentioned.
Mr Sören Clerton replied to the same question by stressing the importance of creating a user-friendly system, that is easy to use for the ordinary policeman. All uniformed officers in Sweden have smartphones and can check car registrations with them, but the new interoperability system will add to the possibilities. Using biometric data is key, as without it, it is very difficult to state the identity of persons, since many people have a number of identities.
Mr Lynam asked Mr Adriano Silvestri if the “hit/no hit” procedure reassured concerns about fundamental rights.
Mr Silvestri started by noting that the interoperability regulation mentions data protection 41 times, fundamental rights 15 times, and non-discrimination seven times. He said this was evidence that the regulation contains safeguards on how to apply new technologies in a way that respects the Charter and more specifically the protection of personal data. He also noted that as yet there is no comparison possible with regard to the impact of the new regulations on the fundamental rights of individuals, but that the Commission has put the instruments in place to evaluate any impact on an ongoing basis.
Closing remarks
13:25-13:35
Günter Krings, Parliamentary State Secretary, Federal Ministry of the Interior, Germany
Mr Krings opened his remarks by stressing that Europe has common values but also common dangers. Neither viruses nor criminals stop at national borders, he said, adding that within the Schengen Area, national security efforts are currently not enough. Instead, close cooperation between all authorities at the European Union level is needed. The aim should be that every police officer and every immigration and visa authority knows who is coming to Europe and who is staying here. Recent events had demonstrated how multiple identities are used for terrorist attacks and organised crime. He continued by confirming that his Ministry has been active in ensuring that information on identity can be combined in a European core data system, despite some critical voices in the Parliament. He added that just getting political approval though is not enough.
The infrastructure developed for interoperability also needs to be implemented efficiently. Creating efficient information systems does not mean throwing as much information as possible into the largest possible pile. Instead it means making sure that the right information is available at the right time to the right persons in the appropriate circumstances. He said that the current discussion around the implementation of the EU interoperability regulations was an important step in dissolving data silos as a product of the 20th century while respecting data privacy. However, this shift requires public trust. The purpose of innovation is to meet people’s needs. The Parliamentary State Secretary concluded that a new system can do away with silos while creating even higher data privacy standards.
