Development of EU border police watchlist is “progressing well”

Watchlist

The watchlist is part of the European Travel Information and Authorisation System (ETIAS), which will require anyone who does not need a visa to travel to the EU to pay €7 and provide an extensive set of personal data that will be checked against a multitude of EU and international databases, and subjected to algorithmic screening to seek out potential security, immigration or health risks.

Those deemed to pose such risks can be denied travel authorisation, and thus be prevented from travelling to the EU – in effect, the system introduces “government permission to travel,” in the words of Edward Hasbrouck.

The watchlist will include data on people who are suspected of having committed or taken part in terrorist or other serious criminal offences, but also people who it is believed may commit such offences in the future – as highlighted in a study for the European Parliament, it is “future-oriented” and aims to “support decision-making on who is authorised to travel to the EU” on the basis of what someone may have done as well as what they may do.

According to the Europol report (pdf), which is an update on the preparation of the ETIAS:

“…watchlist related developments are progressing well. The internal technical tools to select, verify and assess the potential entries to ETIAS watchlist is taking shape, as well as the functionalities to manage (update, delete, review) the Europol entries in ETIAS watchlist.”

Europol as well as EU member state authorities will be able to enter information into the watchlist, and eu-LISA (the agency that manages the EU’s justice and home affairs databases) is developing a tool to allow assessment of whether data submitted should be included on the watchlist.

The European Commission recently adopted an implementing decision on “the technical specification of ETIAS watchlist,” but it has not been made public.

In an assessment of the draft decision, the European Data Protection Supervisor indicated that it may give the green light to multiple national watchlists, in contravention of the law.

Delays

The content of the Commission’s implementing decision remains unknown, and it is not clear when the watchlist, and the ETIAS system as a whole, will come into use.

The system – which is reliant on other large-scale databases currently under development, notably the Entry/Exit System (EES) – has been plagued by delays.

The Europol report pins the blame for those delays on eu-LISA, noting that the policing agency is “strongly dependent on eu-LISA’s provision of technical documentation and artefacts,” but there have been “delays” in providing them.

“This challenge is further amplified by the dependency on the integrated planning by eu-LISA which is impaired by the continuous issues with the delivery of EES,” says the Europol paper.

Frontex appears to share these views, with its own report on the development of ETIAS (pdf) saying that “main risks [are] the current lack of the Carrier and Traveller Support Tools due to the delays in their development by the eu-LISA.”

The database agency has passed the buck further along, saying in a January 2022 response to a parliamentary question on delays in the development of the EES that the contracted companies – IBM, Atos and Leonardo – “accumulated substantial delays in execution of the planned tasks.”

The response sets out the corporate consortium’s extensive failings: they “substantially underestimated the complexity of the work”; “the program team was not sufficiently staffed and was missing relevant expertise in key areas”; “internal coordination and planning… was not efficient”; and “quality of key deliverables did not meet requirements”.

In the meantime, a former Atos executive was given the top job at eu-LISA.. The official ETIAS website currently states that the system will come into use “from 2024”.

The article was first published by EDRi member Statewatch here.