The Schengen Entry/Exit System: biometrics to facilitate smart borders


​Last updated 02 April 2018

​​​In view of migratory pressures and terrorist attacks suffered by Europe over the last few years, border management has become a priority for the European Commission.


Entry-Exist System

​It is true that the Visa Information System (VIS) has been operational since 2015 in Member State consulates, and its consultation is now compulsory for visa-holders entering the Schengen area.

In addition, since February 2013, the concept of Smart Borders has been introduced.  It's an ambitious package of legislative measures drawn up in consultation with the European Parliament.

The Entry/Exit System, in particular, will create a unified information system for recording data on the entry and exit movements of short-stay Third Country Nationals crossing the external borders of the EU.

The new Entry Exit System to be operational in 2020

Adopted and then signed on 30 November 2017 by the European Council, it will be used in conjunction with the European Passenger Name Record (PNR) Directive which, from 25 May 2018, will collect data on air passengers.

Schengen countries Based on the principle that the majority of visitors are "bona fide", the EES will radically change the Schengen Borders Code with the double objective of: 

  • making borders smart by automating checks and controls on legitimate visitors while strengthening methods for combating irregular migration
  • creating a central register of cross-border movements.

In other words, external border management is being modernized.

Because it improves the quality and efficiency of checks and controls in the Schengen area, the common database of the EES should help to reinforce homeland security and the fight against terrorism and serious crime.

Systematic identification of people 'overstaying' in the Schengen area is one of its major challenges.

We will see why facial biometrics in particular is the technical winner of the EES initiative. And no longer just in airports, as is currently the case but also in all ports of entry.

In this web report, we will examine the following six topics:

  • What the Entry Exit System is
  • How the 2006 Schengen Borders Code is impacted
  • How its access is highly regulated
  • Why facial biometrics becomes key for the EES
  • How EES contributes to the fight against identity fraud
  • Where Gemalto fits in the picture.

Let's dig in.

EES: a powerful prevention and detection mechanism

Criminal activities such as human trafficking, migrant smuggling and trafficking of goods are made possible by illegal border crossings.

They are largely facilitated by the absence of any system for recording entry/exit movements in Europe.

Yes you read that right.

And the route to identity fraud is unfortunately a well-traveled one: "standard" checks on entering the Schengen area, followed by destruction of identity documents with a view to committing malevolent acts, knowing that authentication without an ID is impossible.

So the good news is that although the EES is aimed at "bone fide" visitors, in the long term, the system will act as a powerful means of preventing and detecting terrorist activities or other serious criminal offenses.

The data stored in the new register for five years – including for people turned back at borders – mainly consists of:

  • names,
  • passport numbers,
  • 4 fingerprints
  • and photos.

It will be accessible to border and visa granting authorities as well as Europol.

The system will be made available to investigating authorities as it will allow consultation of cross-border movements and access to travel history data. All of this will be carried out with the strictest respect for the human dignity and integrity of the person.

The mechanism is very clear on this point: the competent authorities cannot discriminate against persons on grounds of sex, color, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion.

Investigations must also not discriminate against membership of a national minority, property, birth, disability, age or sexual orientation.

Reappraisal of the Schengen Borders Code

Given the expected growth in the number of Third Country Nationals visiting the Schengen area (887M by 2025), the challenge is now to make border checks faster and simpler.

This is a particularly ambitious initiative as it will require reappraisal of the famous Schengen Borders Code which requires thorough checks, made manually by Member State authorities at entry and exit points, without the possibility of automation.

In addition, the Schengen Borders Code has no provisions on recording of cross-border movements. The current procedure requires only that passports be stamped with dates of entry and exit.

This is the sole method available to border guards when calculating whether a right to stay has been exceeded.

It's not easy when stamps are poorly printed and placed randomly throughout the passport book. Besides, stamp can be counterfeited, and there is not electronic record in any database.

Another problem is that regular visitors and people living near borders have to replace their passports every 2 to 3 months because they run out of space for new stamps!

Let's admit it.

The whole process is archaic given the potential offered by information technologies.

The 2013 package consisted of three proposals:

  • Creation of an automated Entry/Exit system (EES)
  • A Registered Traveler Program (RTP) to allow pre-vetted regular visitors to benefit from facilitation of border checks
  • Amendment of the Schengen Borders Code

Withdrawal of the RTP initiative

Proving to be too complex to implement in the 28 Member States (soon to be 27!), the RTP initiative was eventually withdrawn and replaced by an ambitious Entry/Exit System (EES) for short-stay visitors (no more than 90 days in any period of 180 days).

The final outlay is well below that initially forecast by the Commission in 2013. Instead of the estimated billion euros which also included an RTP component, the revised proposal of a single EES will cost "only" €480 million as singled out by the EES regulation proposal.

This ambitious initiative is being implemented after a technical study conducted in 2014, followed by a prototyping phase led by the eu-LISA agency in 2015, which resulted in withdrawal of the RTP project and a switch of focus to the EES program.

ESS Schengen 

Centralized architecture managed by eu-LISA

The key body of the EES is eu-LISA, the European agency for the operational management of large-scale IT systems, which is headquartered in Tallinn, with an operational site in Strasbourg and a back-up site in Sankt Johann im Pongau (Austria).

The agency will be responsible for the following four tasks:

  1. Development of the central system
  2. Implementation of a National Uniform Interface (NUI) in each Member State
  3. Secure communication between the EES and VIS central systems
  4. Communication infrastructure between the central system and National Uniform Interfaces.

Each Member State will be responsible for the organization, management, operation and maintenance of its existing national border infrastructure and of its connection to the EES.

Schengen system

Optimized border management

With the new mechanism, all Third Country Nationals will be treated equally, whether or not they are visa-exempt.

Simply stated: the VIS already records visitors requiring visas. And the aim of the EES is to create a database for all others.

Member States will therefore be able to identify any irregular migrant or visitor who has crossed borders illegally, and to facilitate their expulsion if applicable.

The process can be assisted or automated, for instance visitors could authenticate themselves at a self-service terminal under supervision of a border guard, which will display the following information:

  • Date, time and border crossing point, in replacement of manual stamps
  • Notification of refusal of entry if applicable
  • Maximum authorized length of stay
  • Notification of overstay if applicable
biometric entry exit

For the authorities of Member States, this is a revolutionary step up from the inadequacies of the current system.

There's more.

The possibility of compiling powerful statistics is already being anticipated, as is better management of granting or refusal of visas on the basis of cross-border movements, in particular through information such as:

  • Overstays per country
  • History of cross-border movements per country

Schengen visa 

The Visa Information System (VIS) has been operational since 2015

biometric entry-exit system 

EES: highly regulated access

But one thing's for sure.

Access to the EES is highly regulated.

Each Member State must notify eu-LISA of the law enforcement agencies authorized to consult data for the purposes of preventing, detecting or investigating terrorist offenses and other serious crimes.

Europol, which plays a key role in crime prevention, will be included in the law enforcement agencies authorized to access the system within the framework of its tasks.

In contrast, EES data cannot be transferred or made available to any third country, international organization or any private entity established in or outside the European Union.

Of course, in the case of investigations to identify a Third Country National, and prevention or detection of terrorist offenses, exceptions may be made.

Proportionality and privacy

Against a legislative backdrop where privacy is held as a major priority, the volume of personal data recorded in the EES will be significantly reduced, i.e. 26 data items instead of the 36 originally planned in 2013.

The mechanism will be negotiated between the European Data Protection Supervisor (EDPS) and the national authorities responsible for applying the new regulation.

The data collected will be limited to minimum information such as: last name, first name, travel document and visa references, facial image and four fingerprints.

The date, time and border check location will be recorded for each visit. This data will be stored for a period of five years, and not the 181 days as proposed in 2013.

This will allow border guards and consular posts to analyze the travel history of applicants when issuing new visas.

EES: privacy by design

The European Commission proposal has been drawn up on the basis of "privacy by design" principles.

From a legal standpoint, the proposal is measured with regard to the right to protection of personal data; in other words, the data collected and stored, and its period of retention, are strictly limited to what is necessary for the system to function and meet its objectives.

The EES will be a centralized system through which Member States cooperate with each other, hence the need for a common architecture and operating rules.

EES Privacy

Given the need of uniform processes governing border checks and access to the system, only a regulation could be chosen as a legal instrument, without the possibility of adaptation to national legislation.

Secure Internet access to a web service hosted by eu-LISA will allow Third Country Nationals to check their remaining authorized length of stay at any time.

Carriers such as airlines, will also be able to use this function to check whether their passengers are authorized to enter the EU.

Facial biometrics 

Facial biometrics: key weapon of the EES

The EES results in radical changes to the Schengen Borders Code as it will be used to register the biometric data of all Third Country Visitors, whereas only those requiring a visa are recorded in the VIS today.

In terms of biometric identifiers, under the old system 10 fingerprints were planned. The new one combines four fingerprints and a portrait for facial recognition on entry, although either of these are acceptable for exit.

The face is now the key to opening border crossings. The technology involved has progressed significantly over the last few years and supports traditional fingerprinting methods.

Although the European Commission is no longer using the RTP principle, it is present in all but name.

But we're jumping ahead. Here's the process.

  • Four fingerprints will still be taken at the first check to verify that the traveler is not already listed in the EES or VIS.
  • In the absence of a signal, the border authority will create a file, making sure that the photograph in the Machine Readable Travel Document corresponds to the live facial image taken of the new visitor.
     
  • When they next cross a border, it is their face that will determine whether or not they are let in.

Smile, you're in Europe! The time-consuming (and falsifiable) stamps on passports will be replaced by access to the EES.

Biometrics are therefore the big winners of the EES initiative. And no longer just in airports, as is currently the case.

Particularly busy sea terminals and land border posts will become the first clients of the famous eGates currently reserved only for air travelers.

Smart borders

Frontex, as the agency helping EU countries and Schengen associated countries manage their external borders, is helping harmonize border controls across the EU.

The mission of the European Border and Coast Guard Agency is to facilitate and render more effective the application of existing and future European Union measures relating to the management of external borders.

As such, the agency is providing technical support and expertise to facilitate cooperation between border authorities in each EU country. They have already published "Guidelines for Processing of Third‑Country Nationals through Automated Border Control" and will play a key role in analyzing and defining the capability needs in border control and in supporting the Member States in development of these capabilities.

EES and the fight against identity fraud

The EES mechanism is complex and ambitious as it will make border crossing faster whilst also making checks and controls more robust.

Procedures for welcoming Third Country Nationals to Europe will be much improved thanks to eGates and self-service kiosks.

In terms of migration policies and prevention of malevolent acts, it will now be possible to immediately identify people who fail to comply with entry conditions and to access their travel history.

It should also be remembered that the EES will be a powerful tool in the fight against identity fraud, particularly within the Schengen area, as each visitor will have been recorded on their arrival at an external border.

Biometric entry exit 

Gemalto and identity: more than 20 years' experience

Where do we fit in?

Gemalto with its recent acquisition of Cogent Systems, is particularly interested in the EES initiative which is hugely dependent on biometrics and checking of travel documents.

Identification and authentication of people are two areas in which Gemalto has excelled for more than 20 years. The company contributes to more than 200 government programs in 80 countries on these issues.

It has the expertise to meet the objectives of the EES initiative, in particular through:

  • Exploiting the latest technologies to authenticate travel documents, identify travelers through biometric recording operations and checks, and assess risk with access to watch lists at all border checkpoints.
  • Reducing costs through process automation and optimization while deploying new technologies to reinforce security and offer passengers greater convenience.
  • Optimizing the tasks of border guards who will supervise these devices, allowing them to focus their attention on suspicious cases.
  • Reducing waiting times after registration in the EES database. This factor is not insignificant for people who live near borders and regular visitors who will be able to devote more time to productive activities!

Self-service registration terminals and automatic or semi-automatic borders could be deployed in the next few years, with the aim of speeding up border checks and making access to the Schengen area more welcoming. These automatic and biometric terminals are already being deployed in the Paris airports of Orly and Charles de Gaulle (New PARAFE smart gates) and facial recognition will be operational from April 2018.

Biometric gates Paris

New PARAFE biometric smart gates at Roissy – September 2017

Gemalto has recognized expertise in integrated border management and contributes in particular to two major migration management systems.

  • Gemalto biometric identification systems are a central component of the American data management system IDENT (formally US-VISIT). This biographic and biometric database contains information on more than 200 million people who have entered, attempted to enter or exited the United States of America. The US biometric entry-exit tracking system​​ has many similarities with the European EES.
  • Gemalto has been a supplier to the biometric Eurodac (European Dactyloscopy) system since its inception. It's the largest multi-jurisdictional Automated Fingerprint Identification System (AFIS) in the world, with 32 affiliated countries. The Eurodac system is a database containing the fingerprints of asylum seekers for each Member State and of people apprehended when attempting to cross borders illegally.

biometrics Gemalto

To thwart attempted document fraud, Gemalto has developed sophisticated equipment to check authenticity of documents through comparison with the models in circulation. Their validity is also checked by connecting to the Interpol database of Stolen and Lost Travel Documents (SLTD) or to national watch lists.

For border control, in addition to its biometric smart gates, Gemalto offers its document reader ​portfolio coupled with document authentication software, fingerprint scanners, biometric authentication equipment and software such as advanced face identification​, thanks to its Gemalto Cogent portfolio, one of the pioneers in biometric technology.

To find out more, please do not hesitate to contact us.