Europe’s main border database, the Second Generation Schengen Information System (SIS II), is designed to prevent undocumented migrants and suspected criminals from traveling freely between Schengen nations. However, private audits and findings by Bloomberg and Lighthouse Reports highlight a troubling level of negligence.

SIS II, which was introduced in 2013, assists law enforcement and border officials by quickly identifying persons of interest, such as suspected terrorists. In 2023, it was enhanced to include deportation decisions.

In 2024, the European Data Protection Supervisor identified thousands of weaknesses in SIS II as “high” risk, noting the “excessive number” of administrator accounts that could be easily exploited by insiders. However, specialists pointed out that the software’s flaws put personal information, such as fingerprints and photographs, at serious risk.

And how will the arrival of EES affect all this? The EES system is scheduled to start in October 2025, and will interact directly with the SIS II system. The two systems are designed to complement each other and cooperate as follows:

Cross-checking: When a person enters the Schengen Area, the EES records the data and officers can check it in the SIS to see if there are active alerts (e.g., arrest warrant, entry ban).

Increased accuracy: EES provides biometrics and accurate entry and exit data, which increases the reliability of SIS alerts.

Automation: Systems are interconnected, enabling smart borders with automated checks that query both databases.

Immigration and judicial decision support: Combined SIS and EES information helps make better informed decisions on deportations, visas, asylum, etc.

As a result, the combination of SIS + EES allows the EU to strengthen external border control, improve internal security, detect people with false identities or criminal records. Prevent “asylum shopping” or irregular movements within the Schengen area.

As for the initial concern of loss of data security, EES greatly helps to alleviate the security breaches of SIS II with supervision and control at the national level, where each member country has the data protection authority that oversees the use of EES.

At the European level the European Data Protection Supervisor (EDPS) supervises the system at the EU level. Even so, data protection in the EES is robust and well regulated, although it remains a challenge due to the large scale of the system and the sensitivity of the data.