IT systems to fight crime and secure EU borders
Authorities across the EU share information through large-scale IT systems to protect citizens, fight crime, and secure borders.
Schengen information system (SIS)
Law enforcement authorities across the EU use the Schengen information system (SIS) to enter or consult alerts about wanted or missing people and objects. The system contains nearly 86.5 million alerts and authorities consulted it almost 35 million times a day in 2022.
The SIS also provides instructions to authorities on how to react when a person or object is found, such as:
- arresting a wanted person
- protecting a vulnerable missing person
- seizing an illegal or stolen object
In November 2018, the EU adopted new rules to upgrade the Schengen Information System.
The upgraded version became operational in March 2023 and includes:
- new categories of alerts
- biometrics such as palm prints
- fingermarks
- DNA records for missing persons
Automated data exchange for police cooperation
The goal is to reinforce, streamline and facilitate the exchange of information between member states and with Europol and to provide EU law enforcement authorities with enhanced tools to fight crime.
Increased number of data categories
The new framework – often referred to as Prüm II – allows law enforcement authorities to consult national databases of other member states for data such as:
- DNA
- fingerprints
- vehicle registration data
This new law adopted on 26 February 2024 allows police authorities to search:
- facial images
- police records
Searches across all categories to find missing persons or identify human remains will also be possible, if allowed by national law. If the database search results in a positive match, the country in question has to provide within 48 hours, the relevant data to the inquiring police authority:
- name
- date of birth
- criminal offence linked to the data
Modernisation of the IT-system
The new Prüm law will:
- modernise the technical infrastructure that underpins the exchange of information
- see a router put in place by eu-LISA to facilitate the establishment of connections between member states and Europol in order to retrieve data
The router will consist of a search tool and a secure communication channel. The law enforcement authority that is searching for a match will submit its data (e.g. a fingerprint) to the router. The router will dispatch this request for a query to the databases of all other EU member states and Europol.
For automated searches of police records indexes, member states and Europol will use the European Police Records Index System (EPRIS).
Bigger role for Europol
Under the new rules, Europol will also be able to:
- search national databases to cross-check information it has received from third countries
Visa information system (VIS)
The visa information system, which has been operational since 2011, is a database to facilitate the short-stay visa procedure.
The system helps visa, border, asylum and migration authorities to check third-country nationals who need a short-stay visa to travel to the Schengen area. Authorities can use the VIS to perform biometric matching to identify people and prevent identity theft or fraud.
In response to changing migration and security challenges, in May 2021 the EU adopted a new regulation to improve the system. The new rules:
- further strengthen the security of the short-stay visa procedure
- include long-stay visas and residence permits in the same database
- ensure interoperability between the VIS and other relevant EU systems and databases
System to manage European asylum applications (Eurodac)
The Eurodac database contains the fingerprints of asylum applicants registered in EU member states and associated countries. This database serves the implementation of the Dublin regulation. It helps to:
- verify whether an applicant has previously claimed asylum in another member state
- check whether an applicant has previously been apprehended when entering European territory unlawfully
- determine which member state is responsible for examining an asylum application
As part of its legislative proposals to reform EU asylum rules, the Eurodac regulation has being revised.
EU-wide IT systems for security and migration (infographic)
European travel information and authorisation system (ETIAS)
The Council adopted the regulation establishing the European travel information and authorisation system (ETIAS) in September 2018. This IT system will be used to carry out advance checks on visa-exempt travellers and deny them travel authorisation if necessary.
It will be similar to existing systems in place in the US, Canada and Australia, among others, and it will bring several benefits, such as:
- improved internal security
- better prevention of illegal immigration
- reduced public health risks and delays at borders
ETIAS will be developed by eu-LISA and will start operations in the last quarter of 2026.
This is the EU agency that manages the large-scale IT systems in the area of freedom, security and justice.
Entry/exit system
The entry/exit system (EES) is a new EU-wide digital border management system that records the entry and exit of non-EU nationals crossing the Schengen area’s external borders for short stays. It replaces the old system of manual passport stamping with fast and secure biometric checks.
As of 12 October 2025, the EES will be progressively deployed across external Schengen borders over a six-month period. At least one border crossing point in each participating country must be operational at launch. During this period, not all crossings or travellers will be registered via the EES, and passport stamping will continue.
The system is expected to be fully implemented by 10 April 2026.
EES was built by eu-LISA, together with member states.
- With start of operation of new EES border control system the EU will strengthen border security and increase efficiency for travellers (press release, 11 October 2025)
- Border management: Council gives green light to progressive start of Entry/Exit system (press release, 18 July 2025)
- Entry/exit system (eu-LISA)
European criminal records information system (ECRIS)
The European criminal records information system (ECRIS) was set up in 2012. It enables EU member states to easily share information on criminal convictions.
Most of the information exchanged concerns EU citizens because the system lacks an efficient way to process data on third-country nationals.
In April 2019, the EU adopted new rules to improve ECRIS. The reformed system will include a centralised database with information on convictions of third-country nationals and stateless persons.
Passenger name record data
Organised crime and terrorist activities often involve international travel. In 2016, as a response to the abolition of internal border controls under the Schengen Convention, the EU adopted the passenger name record (PNR) directive.
PNR data is personal information provided by passengers, which is collected and held by air carriers. It includes information such as the name of the passenger, travel dates, itineraries, seats, baggage, contact details and means of payment.
The PNR directive regulates the transfer of such data to member states’ law enforcement authorities and how the data is processed for the prevention, detection, investigation and prosecution of terrorist offences and serious crime.
The PNR system complements the already existing tools to fight cross-border crime and harmonises member states’ legal provisions, avoiding legal uncertainty and security gaps, whilst at the same time safeguarding data protection.
EU agency in charge of large-scale IT systems (eu-LISA)
eu-LISA is the EU agency responsible for managing the large-scale IT systems used for the EU’s border management, migration and law-enforcement cooperation policies.
In November 2018, the Council adopted new rules to strengthen the agency’s mandate. The new rules aim to further develop the agency’s capacity to contribute to border management, law-enforcement cooperation and migration management in the EU.
The agency will also have a vital role in implementing new IT architecture in the area of justice and home affairs.
Thanks to its broader mandate, eu-LISA will be able to:
- develop and operate new systems, such as the recently adopted entry/exit system and ETIAS
- contribute to the development of interoperability solutions
- provide support to member states at their request
- play a greater role in research, pilot projects and testing activities
eu-LISA currently manages the following IT systems:
- the visa information system
- the Schengen information system
- EURODAC
eu-LISA is currently developing the following IT systems:
- the entry-exit system
- ETIAS
- ECRIS-TCN system
Interoperability of EU information systems
EU information systems used by authorities to fight crime, control borders and manage migration flows are not interlinked. They are fragmented, and there is a risk of information gaps developing as a result.
The EU is currently looking at ways to better collect and share information in order to:
- make the data accessible to border guards through relevant EU databases
- improve criminal investigation and prosecution
In May 2019, the Council adopted two regulations establishing a framework for interoperability between EU information systems that help manage borders, security and migration. The new rules establish:
- a European search portal, that will allow authorities to search multiple information systems simultaneously
- a shared biometric matching service to search and cross-check biometric data
- a common identity repository, storing the identifying data of non-EU citizens
- a multiple identity detector that will alert authorities when biometric data indicates identity fraud
This new interoperability architecture will be deployed from mid-2024 until the end of 2026 and provide a single interface for searches, as well as a biometric matching service to facilitate identification.
Last review: 6 March 2025