Brussels, 20.12.2007

COM(2007) 838 final

 

Proposal for a

COUNCIL REGULATION

on the tests of the second generation Schengen Information System (SIS II)

(presented by the Commission)

EXPLANATORY MEMORANDUM

1)      Context of the proposal ·        Grounds for and objectives of the proposal The Council entrusted the Commission with the development of the second generation Schengen Information System (SIS II) by Regulation (EC) No 2424/2001 and Decision 2001/886/JHA. The objective of this proposal, and a proposal for a Council Decision on the same subject, is to lay down provisions on the tests to demonstrate that SIS II can work in accordance with the technical and functional requirements set out in the SIS II legal instruments and the non-functional requirements such as robustness, availability and performance.

·        General context On the basis of two legal instruments[1] governing the development of the SIS II, draft measures were taken following the regulatory procedure referred to in Article 5(3) of Council Decision 1999/468/EC, laying down the procedures for the exercise of implementing powers conferred on the Commission: "Article 4 The measures necessary for the development of SIS II concerning the following matters shall be taken in accordance with the regulatory procedure: (c) technical aspects which have serious financial implications for the budgets of the Member States or which have serious technical implications for the national systems of the Member States". There are very few elements of an information technology project which are as costly and time-consuming as testing. The testing of SIS II is a major technical aspect with serious cost and technical implications for the Member States. The Commission was therefore obliged to propose comitology decisions in accordance with the regulatory procedure. Since the proposed test decisions did not receive a favourable opinion in the SIS II comitology Committee, the Commission has to submit to the Council without delay, a proposal relating to measures to be taken and inform the European Parliament.

·        Existing provisions in the area of the proposal   - Council Regulation (EC) No 2424/2001 of 6 December 2001 on the development of the second generation Schengen Information System (SIS II) as amended by 1988/2006 of 21 December 2006; - Council Decision 2001/886/JHA of 6 December 2001 on the development of the second generation Schengen Information System (SIS II) as amended by Council Decision 2006/1007/JHA; - Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second generation Schengen Information System (SIS II); - Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second generation Schengen Information System (SIS II); - Regulation (EC) No 1986/2006 of the European Parliament and of the Council of 20 December 2006 regarding access to the Second Generation Schengen Information System (SIS II) by the services in the Member States responsible for issuing vehicle registration certificates; - Commission Decisions 2007/170/EC and 2007/171/EC of 16 March 2007 laying down the network requirements for the Schengen Information System.   ·        Consistency with the other policies and objectives of the Union Not applicable.   2)      Consultation of interested parties and impact assessment ·        Consultation of interested parties   Consultation methods, main sectors targeted and general profile of respondents Presidency of the Council and Member States representatives were consulted within the framework of the SIS II Committee. Following the unfavourable opinion of the SIS II Committee, discussion with the current and incoming Presidency as well as with Member States invited by the current Presidency has taken place.   Summary of responses and how they have been taken into account When submitting this proposal the Commission has taken into account the outcome of the discussions with the Presidency as well as with other Member States invited by the Presidency.   ·        Collection and use of expertise   Member States' experts were consulted extensively and three rounds of written comments were organised. Agreed changes have been incorporated in the documents. Following an unfavourable opinion of the SIS II Committee, the Commission has modified its proposal to better address the concerns of Member States.

·        Impact assessment An impact assessment is not required for this proposal for a Council Regulation which is not included in the 2007 Work Programme of the Commission. The submission of this proposal follows from the provisions laid down in Article 5 of Council Decision 1999/468/EC laying down the procedures for the exercise of implementing powers conferred on the Commission.

3)      Legal elements of the proposal

·        Summary of the proposed action The objective of the proposal is to lay down the way in which SIS II tests are conducted in order to assess whether SIS II can work in accordance with the technical and functional requirements as defined in the SIS II legal instruments as well as with the non-functional requirements such as robustness, availability and performance.

·        Legal basis The draft Regulation has its legal basis in Council Regulation (EC) No 2424/2001[2] on the development of the second generation Schengen Information System (SIS II), and in particular Article 4(c) and Article 5(3) thereof.

·        Subsidiarity principle

The objective of the proposed action, namely to lay down provisions on SIS II tests, cannot be achieved by the Member States individually.

The SIS II is necessary for the implementation of common policies of the European Union.

The proposals, therefore, comply with the subsidiarity principle.

·        Proportionality principle The proposal complies with the proportionality principle because Member States are competent as regards the implementation of the SIS II national systems.

·        Choice of instruments

Proposed instruments: a Council Regulation and a Council Decision for the purposes of matters falling within the Treaty establishing the European Community and the Treaty on European Union, respectively.

Since a Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaty establishing the European Community other legal instruments would not be adequate to achieve the objective.

4)      Budgetary implication

Completion of the SIS II tests will not require additional financial resources other than those already foreseen in the PDB (Preliminary Draft Budget) 2008.

 

Proposal for a

COUNCIL REGULATION

on the tests of the second generation Schengen Information System (SIS II)

THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty establishing the European Community,

Having regard to Council Regulation (EC) No 2424/2001[3] on the development of the second generation Schengen Information System (SIS II), and in particular Article 4(c) and Article 5(3) thereof,

Having regard to the proposal from the Commission[4],

Whereas:

(1)       The development of the second generation Schengen Information System (SIS II) has been entrusted to the Commission pursuant to Council Regulation (EC) No 2424/2001[5] and Council Decision 2001/886/JHA[6] of 6 December 2001 on the development of the second generation Schengen Information System (SIS II). The network requirements for SIS II development are established by Commission Decision 2007/170/EC[7] and by Commission Decision 2007/171/EC[8].

(2)       The second generation Schengen Information System (SIS II) has been established by Regulation (EC) No 1987/2006 of the European Parliament and of the Council[9] and by Council Decision 2007/533/JHA of 12 June 2007[10] on the establishment, operation and use of the second generation Schengen Information System.

(3)       It is necessary to conduct tests in order to assess whether SIS II can work in accordance with the technical and functional requirements as defined in the SIS II legal instruments.

(4)       Tests should also assess non-functional requirements such as robustness, availability and performance.

(5)       It is necessary for the Commission to test that the Central SIS II can be connected to the national systems of the Member States whereas Member States participating in SIS 1+ should make the necessary technical arrangements to process SIS II data and exchange supplementary information.

(6)       It is necessary to clarify further the tasks to be performed with regard to the completion of the SIS II tests by the Commission and the Member States.

(7)       It is necessary to set out the requirements for the definition, development and application of the test specifications and how the tests shall be validated.

(8)       The Committee assisting the Commission during the development, referred to in Article 5 of Council Regulation No 2424/2001, has not delivered a favourable opinion on the draft measures of the Commission in implementation of Article 4 (c) of Council Regulation No 2424/2001. In accordance with Article 5(3) of Council Regulation No 2424/2001 read in conjunction with Article 5(6) of Council Decision of 28 June 1999 laying down the procedures for the exercise of implementing powers conferred on the Commission (1999/468/EC)[11], the Commission therefore submitted to the Council a proposal relating to the measures to be taken and informed the European Parliament.

(9)       In accordance with Articles 1 and 2 of the Protocol on the position of Denmark annexed to the Treaty on European Union and the Treaty establishing the European Community, Denmark does not take part in the adoption of this Regulation and is not bound by it or subject to its application. Given that this Regulation builds upon the Schengen acquis under the provisions of Title IV of Part Three of the EC Treaty, Denmark shall, in accordance with Article 5 of the said Protocol, decide, within a period of six months after the adoption of this Regulation, whether it will implement it in its national law.

(10)     This Regulation constitutes a development of provisions of the Schengen acquis in which the United Kingdom does not take part, in accordance with Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis[12]; the United Kingdom is therefore not taking part in its adoption and is not bound by it or subject to its application.

(11)     This Regulation constitutes a development of provisions of the Schengen acquis in which Ireland does not take part, in accordance with Council Decision 2002/192/EC of 28 February 2002 concerning Ireland's request to take part in some of the provisions of the Schengen acquis[13]; Ireland is therefore not taking part in its adoption and is not bound by it or subject to its application.

(12)     This Regulation is without prejudice to the arrangements for the United Kingdom's and Ireland's partial participation in the Schengen acquis as respectively defined by the Council Decision 2000/365/EC of 29 May 2000[14] and Council Decision 2002/192/EC of 28 February 2002[15].

(13)     This Regulation constitutes an act building on the Schengen acquis or otherwise related to it within the meaning of Article 4(2) of the 2005 Act of Accession.

(14)     As regards Iceland and Norway, this Regulation constitutes a development of provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis[16], which fall within the area referred to in Article 1, point G of Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of that Agreement.

(15)     As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement signed between the European Union, the European Community and the Swiss Confederation concerning the association of the Swiss Confederation with the implementation, application and development of the Schengen acquis, which falls within the area referred to in Article 1, point G of Council Decision 1999/437/EC read in conjunction with Article 4 (1) of Council Decision 2004/860/EC on the signing, on behalf of the European Community and on the provisional application of certain provisions of that Agreement[17].

HAS ADOPTED THIS REGULATION:

Article 1

The specifications relevant to the SIS II tests, in particular their scope and objectives, their requirements and their process shall be as set out in the Annex.

Article 2

This Regulation shall enter into force on the third day following its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaty establishing the European Community.

Done at Brussels,

                                                                       For the Council

                                                                       The President

                                                                      

ANNEX

1.           Scope of SIS II tests

The SIS II tests shall demonstrate that SIS II Central System (CS-SIS), the SIS II Communication Infrastructure and the interface towards the SIS II National Systems (N.SIS II) can work in accordance with the technical and functional requirements set out in the SIS II legal instruments.

The SIS II tests shall also demonstrate that SIS II can work in accordance with the non-functional requirements such as robustness, availability and performance.

2.           Process, scope and organisation of SIS II tests

The sequence of tests, their objective, scope and organisation shall be articulated as follows.

The first phase of tests shall address testing of the connectivity and resilience of the SIS II Communication Infrastructure.

The second phase of tests shall address testing of the Central SIS II without N.SIS II.

The third phase of tests shall address testing of the Central SIS II with some N.SIS II and testing of the compliance of each national system with the specifications described in the reference version of the Interface Control Document (ICD).

The Test Advisory Group[18] established by the SIS II Committee is competent to report on the results of the tests to the SIS II Committee. The Test Advisory Group shall identify, categorise and describe any issue it detects and propose options for solutions. The Commission services and the Member States' experts shall provide all necessary information for the Test Advisory Group to perform its task.

2.1.        Test documentation

The Commission shall define the detailed specifications of the tests. The Commission shall make available to the Member States involved the draft and finalised test specifications and the provisions for the management and coordination of the tests within a schedule agreed with the Member States' experts.

2.2.        Coordination of the tests

All tests set out in the test documentation shall be coordinated by the Commission. For doing so the Commission shall work in close cooperation with the Test Advisory Group composed of representatives of the Commission and Member States' experts. Ad-hoc experts may be consulted by the Test Advisory Group.

The Test Advisory Group shall meet regularly and shall, in particular address issues relating to the schedule and the timing of the tests, and shall propose solutions to any difficulties that emerge during the running of the tests.

2.3.        Running the tests

The Commission shall execute the tests, together with the Member States involved on the basis of the test specifications and in accordance with the schedule agreed by the Commission together with Member States' experts, and demonstrate that the test results are as foreseen in the test specifications.

For the N.SIS II compliance tests, each Member State, with the support of the Commission, shall be responsible for running and ensuring the smooth performance of the tests within the agreed schedule.

2.4.        Validation of the tests

The Test Advisory Group shall report on the results of the tests to the SIS II Committee. The Test Advisory Group shall identify, categorise and describe any issue it detects and propose options for solutions. The Commission services and the Member States experts shall provide all necessary information for the Test Advisory Group to perform its task.

The results of the SIS II tests shall be validated by the Commission. Where the test documentation divides the tests into separate phases the Commission shall inform the Member States of the results of each phase before the start of the following phase.

The validation of the N.SIS II compliance tests shall take into account a report, prepared by an expert appointed by the Member States, containing a detailed analysis of the test results and conclusions as to the validation of the Member States' national systems.

2.5.        Tests of the communication infrastructure

The objective of this test exercise shall be to demonstrate that the communication infrastructure of SIS II up to the uniform national interface (NI-SIS) can work in accordance with the requirements laid down in the Commission Decision 2007/170/EC and Commission Decision 2007/171/EC. The scope of this test includes testing the connectivity and the resilience of the SIS II communication infrastructure between CS-SIS and each NI-SIS, between the Central Unit and the back-up Central Unit, as well as the resilience of the Local National Interfaces (LNI) and, where applicable, the Back-up Local National Interfaces (BLNI).

2.6.        Central SIS II and national compliance tests

The objective of the whole set of Central SIS II tests shall be to test that the Central SIS II meets the functional and non-functional specifications defined in the reference version of the ICD (Interface Control Document) and the DTS (Detailed Technical Specifications).

The objective of the N.SIS II Compliance test shall be to ensure the compatibility of each N.SIS II with the CS-SIS and to verify the compliance of the National Systems with the reference version of the Interface Control Document and the Detailed Technical Specification. The compliance tests for the N.SIS II may run in parallel with the tests of the Central SIS II.

After the successful completion of the SIS II tests, the Commission shall inform Member States' experts within the framework of the SIS II Committee that the test results of the communication infrastructure and of the Central SIS II tests are as foreseen in the test specifications.

After the successful completion of the SIS II tests, the Commission shall set up a migration environment for the Central SIS II. This environment shall be stable and suitable to be used for migration.

3.           Reference version of the Interface Control Document (ICD) and Detailed Technical Specification (DTS) versions for testing

The Central SIS II and the national systems (N.SIS II) in each of the Member States shall be tested against the same specifications.

The DTS prepared by the Commission shall define the functional and non-functional specifications of the Central SIS II.

The ICD prepared by the Commission shall define the interface between the Central SIS II and the national systems. It shall contain the technical specifications of the system-to-system interactions in terms of data items and messages passed, protocols used as well as timing and sequencing of events.

Specifications, as provided in the ICD and DTS, shall be stable for a given period and the timing of update of both systems shall be laid down in a release plan that shall define the reference version for a given test phase.

Issues found during the test campaigns shall be reported, analysed and solved in accordance with a release management and associated change management plan. The release plan and associated change management plan shall be made available by the Commission, taking into account the opinion of Member States' experts.

4.           Declaration of success of SIS II tests results

The successful completion of all test phases described above shall qualify SIS II in respect of technical and functional requirements that are based on the SIS II legal instruments. The set of test use cases and test scenarios defined for all the tests shall ensure a sufficient coverage of scenarios.

The SIS II tests shall ensure that the Commission has made the necessary technical arrangements for allowing Central SIS II to be connected to the N.SIS II of the Member States concerned.

At the end of the whole series of tests, in accordance with the mandate conferred upon it[19], the Commission shall declare the successful completion of SIS II tests.

The declaration of success of SIS II test results by the Commission referred to above shall be without prejudice to the subsequent validation of the proposed test result of a comprehensive test of SIS II by the preparatory bodies of the Council[20].

In order to facilitate this process, the Commission shall provide regular updates on the status of the project to the preparatory bodies of the Council, and shall provide specific information on the results of the tests including the related discussions with the Member States' experts taking place within the framework of the SIS II Committee.

The Commission and the Member States shall, within the framework of their respective competences, and in particular the mandate conferred upon the Commission[21], organise any additional tests or actions necessary to ensure that the validation process to be performed by the preparatory bodies of the Council can be complete.