Author: Student posts

By Arailym, Patrick and Sondra

The road to what might be called regulatory maturity is often a long one. In EU cybersecurity regulation, a culture of vertical and horizontal collaboration is optimistic but seemingly ineffective. It likely leaves the European Union Agency for Cybersecurity (ENISA) feeling somewhat envious of the centralised enforcement powers recently vested in the Anti-Money Laundering Authority (AMLA). How feasible would it be for ENISA to follow in AMLA’s footsteps? This blog post examines whether there is regulatory space, or even a solid legal basis for such an evolution. Due to the differing contexts of financial crime prevention and cybersecurity, the limits of an analogy between the trajectories of the two agencies will become clear.

What is ENISA?

ENISA – the European Union Agency for Cybersecurity, previously known as the European Network and Information Security Agency, was established in 2004 by Regulation No 460/2004. It was reformed by Regulation No 526/2013, which was later repealed by the Cybersecurity Act.

The Cybersecurity Act granted ENISA a permanent mandate along with increased responsibilities, transforming it from a “Cinderella” agency into a key cybersecurity entity in the EU. ENISA aims to achieve a high common level of cybersecurity across the Union. Its main tasks include:

• Supporting EU legislation implementation and the development of EU-wide cybersecurity standards
• Enhancing operational cooperation and coordination among Member States, Union institutions and private sector actors
• Managing cybersecurity certification schemes to increase trust in information and communication technology (ICT)

                                   Photo credits: ENISA website

The Emergence of AMLA

The evolution of the EU’s anti-money laundering framework has seen notable advancements, starting from the initial anti-money laundering Directive (AMLD1) in 1990 to the latest updates with AMLD6, Anti-Money Laundering Regulation (AMLR), and Anti-Money Laundering Authority Regulation (AMLAR). This development signifies an expanding regulatory focus that originally targeted drug trafficking in the 1990s, evolving into a robust framework that addresses intricate financial crimes like cyber-enabled money laundering. A significant shift occurred with AMLD3, which embraced risk-based approaches for customer due diligence (CDD). The enactment of AMLD4 improved transparency by creating mandatory central registers for beneficial ownership information, a refinement further augmented by AMLD5 (2018), which required public accessibility. The recent introductions of AMLR, AMLAR, and AMLD6 establish centralised oversight while adapting to technological advancements by creating a unified supervisory body across the EU, effectively standardising anti-money laundering initiatives among member states and confronting new technological hurdles. This evolution exemplifies direct enforcement and is a new form of functional spillover that arises from internal pressure and functional necessity, rather than from external crises. This indicates that achieving the established policy goals necessitates the expansion and uniform application of EU law. Below, we delve into why and how direct enforcement is essential for ENISA to attain a high common level of cybersecurity throughout the EU.

Why should ENISA follow the same trajectory as AMLA?

The increasing frequency and sophistication of cyber threats pose significant risks to economic activities, public services, and citizens’ privacy. In recent years, the EU has implemented several legislation addressing cybersecurity, such as the Cybersecurity Act, NIS 2 Directive, Cyber Resilience Act, and Cyber Solidarity Act.

These legislations have expanded ENISA’s capacities, but they are insufficient for the EU’s ambition to enhance cybersecurity across the Union, as the success of EU cybersecurity policies relies on implementation by Member States. For example, the NIS 2 Directive has so far been transposed by only four Member States, prompting the European Commission to open infringement proceedings against 23 Member States. This presents a real risk of fragmentation across the EU, which hinders effective cybersecurity. From a functional spillover perspective, the increasing cybersecurity threats and divergent approaches among Member States suggest that ENISA’s role may need to evolve beyond its original advisory and coordinative function towards enforcement powers.

The situation facing ENISA mirrors AMLA’s earlier context – both agencies emerged in response to fragmented national practices and cross-border threats that require unified, robust responses. However, while AMLA was granted limited enforcement powers due to the ineffectiveness of the previous decentralised approach and the lack of cooperation among national AML/CFT supervisors, ENISA remains confined to coordination and advisory functions. To some extent, one could argue that ENISA’s case resembles AMLA, and granting ENISA enforcement powers would ensure compliance with EU cybersecurity standards and achieve a high common level of cybersecurity across the Union.

However, this might be an impossible mission or one that lies in the fairly distant future… Direct enforcement for the wandering ENISA faces a steep climb, blocked by the EU’s limited competences in security matters, an area still fiercely guarded by the Member States.

How this trajectory can be beneficial

As referred to above, the sole competence of Member States in matters of public and national security (recognised under Article 4(2) TEU) currently limits ENISA’s ability to gain direct enforcement powers; there is, however, precedent for derogation from the national security exemption, as can be observed in the Privacy International case (paragraph 44) in relation to the e-privacy Directive.

For now though, we must not jump ahead but instead envisage some preliminary steps that may take ENISA some distance down AMLA’s beaten path. A prerequisite of any centralisation is an unequivocal delineation of the agency’s role in a crowded regulatory environment. The elaboration of the EU cybersecurity landscape in recent years has led to a blurring of the lines between the competences of the entities involved, particularly with the emergence of several networks and centres at the EU level aiming to prepare for, respond to, or analyse cybersecurity threats and incidents. Although the notion of collaboration seems to be favoured in EU cybersecurity policy, the lack of exclusive specialisation on ENISA’s part would undermine any future enforcement remit for the agency. Thus, policymakers should pinpoint the tasks and responsibilities the execution of which would allow ENISA to contribute most optimally to the improvement of EU cybersecurity. This prioritisation of tasks would enable ENISA to enhance its operational efficiency, and ultimately its reputation, potentially paving the way for a transition to a more substantively empowered role.

By Maria, Guilherme, Emilie and Chris

Source: https://www.cedefop.europa.eu/en

Still Relevant After 50 Years: A Reality Check for Cedefop

Cedefop turns 50!

In a world where labour markets are evolving rapidly, driven by digital transitions, demographic shifts, and green ambitions, it is vital that EU education and skills development is set up for success. Marking its 50th anniversary in 2025, the European Centre for the Development of Vocational Training (Cedefop) has been a cornerstone of EU cooperation in education and skills development. Some critics might question the effectiveness of Cedefop, pointing to its lack of enforcement powers as a barrier to achieving its goals. But when one looks at these goals, the role of Cedefop remains relevant and important in achieving the mission to enhance cooperation and knowledge-sharing among Member States in the field of vocational education and training (VET).

Is ‘soft power’ enough to shape the future of work?

Cedefop’s mandate is broad, and it relies solely on soft powers to achieve this. The term ‘soft power’ usually describes an ability to influence others through shared values, consensus, and cooperation, rather than through legislation or formal authority.

In practice, Cedefop has focused on two main goals: enhancing transparency in qualifications and facilitating transferability of learning outcomes across Member States. These goals support freedom of movement for learners and workers, so that credentials in one country are understood and accepted in another. This naturally raises the question about whether Cedefop has effectively fulfilled these goals.

When outcomes are seen as beneficial, rather than being forced, there is generally less pushback from governments and other actors. For many EU countries, vocational education and training has a direct influence on efforts to reduce unemployment, especially for people who may lack skills relevant to changing labour markets.

This figure shows the support from EU citizens to the statement: “Vocational education and training play an important role in reducing unemployment in your country”.

The skills puzzle: solving labour gaps through EU cooperation

Zooming into cooperation, there is still room for improvement. Cedefop’s effectiveness in VET partly depends on how closely it works with Member States, social partners, the European Commission, and the European Parliament. By gathering data and sharing knowledge, Cedefop encourages different national and EU-level actors to align strategies in addressing skills mismatches.

During the European Year of Skills 2023, particular emphasis was placed on upskilling and reskilling, lifelong learning, and fostering both innovation and competitiveness. These aims also support people and businesses in meeting green and digital objectives. Recognising the importance of collective efforts, and in celebrating 50 years of activity, Cedefop joined the  Eurofound, the European Agency for Safety and Health at Work (EU-OSHA), the European Training Foundation (ETF) and the European Labour Authority (ELA), in hosting a major event. This gathering highlighted how the five agencies contribute to enhancing skills development.

In discussions with the Parliament and Commission, Cedefop presented its latest report: Skills in transition – the way to 2035. The report’s key message was that Europe is facing urgent labour shortages, especially in science, technology, engineering, mathematics (STEM) and IT fields. Green and digital transitions are rapidly reshaping Europe’s labour market. To remain competitive and resilient, Europe needs well-targeted policy decisions and a fresh approach to skill-building.

Navigating duplication risks and collaborative leadership

Questions arise about overlapping responsibilities between EU agencies. Cedefop, Eurofound, and EU-OSHA share certain priorities, including improving working conditions and aligning skills with the needs of evolving economies. Nevertheless, Cedefop’s soft-power strategies continue to offer added value. It promotes collaboration by disseminating research, guiding Member States on reskilling, and working closely with other agencies to produce policy recommendations that address real-world challenges. Together, they act as “political entrepreneurs,” pushing Europe’s skills agenda forward.

Still, as Cedefop cannot compel countries to adopt its insights, progress depends on politicians and policymakers embracing them. This reality often leads to uneven outcomes; some countries quickly integrate Cedefop’s recommendations, while others may hold back. Another common concern is “duplication risk,” where different agencies might be seen as doing the same work. Cedefop’s defenders point out that each EU agency has a specific focus: Cedefop zeroes in on vocational training, Eurofound studies broader social and work conditions, and EU-OSHA looks at safety and health. Where their work converges, they aim to coordinate rather than compete.

Inconsistent Adoption of Cedefop’s Recommendations Across EU Member States

Cedefop has made recommendations for improving access to skills development and adult learning, particularly for marginalised groups. One approach Cedefop endorses is the use of financial assistance for vulnerable learners. However, the adoption of these recommendations has been far from uniform across EU Member States, with progress varying widely.

For example, Germany offers support through the National Skills Strategy for low-qualified adults who may otherwise struggle, and France has a similar program, Compte Personnel de Formation, allowing individuals, including those from disadvantaged backgrounds, to access training. Both initiatives align with Cedefop’s goals at making upskilling more accessible.

In contrast,  Bulgaria remains in the early stages of reforming their VET system. Although there are positive indications, reforming VET can take time as it often faces challenges like legislative changes and budgetary allocations which slow the pace of progress. Romania records one of the lowest levels of adult learning participation in the EU, raising concerns about whether people there can adapt to ongoing economic and technological changes.

These discrepancies highlight the need for a more consistent approach to improving skills development across Europe. However, they also indicate that responsibility does not rest with Cedefop. Given the number of EU citizens who agree that VET plays an important role in reducing unemployment, it should be clear there is incentive to work with Cedefop in improving VET.

Shaping the future

Cedefop’s impact is greatest when stakeholders recognise the tangible benefits and engage with Cedefop’s contributions to VET development. By continuing to promote advancements to VET systems, Cedefop reinforces its central role in building a competitive, forward-looking EU workforce. These efforts show that lacking enforcement powers does not necessarily limit an agency’s ability to make a difference.

Even if Cedefop’s goals remain aspirational, its contributions to policy debates and collaborative initiatives show that progress is possible despite the constraints of soft power. With half a century of experience rooted in research, collaboration, and policy, Cedefop remains committed to making VET and skills development accessible to everyone, always keeping a future-oriented perspective.

In the end, the lack of direct enforcement powers reflects the EU’s decision to preserve Member State sovereignty over education. As labour markets continue to evolve, vocational education will likewise transform, and a central EU-level body devoted to coordinating these changes seems likely to remain important. It is still an open question whether exclusive reliance on soft powers is the most effective long-term strategy for shaping vocational education, training, and skills policies, but the work of Cedefop over the past 50 years provides plenty of evidence that such an approach can achieve significant results.

www.wordsandquotes.com

By Alexandra, Helena, Gennaro and Isabella

“Eco-friendly”.“Sustainable”.“Natural” These words are everywhere — on packaging, websites, and ad-campaigns. But are they always representing the truth? Being an environmentally friendly business is increasingly popular, but not every company does what it claims to do. In fact, many companies use misleading green claims, just to appear sustainable when in reality they are not. This act of pretending is what we call greenwashing. It threatens real progress on climate goals. In this post, we break down what greenwashing is, its impact, how to recognize it, and an example of how the EU is ‘fighting back’.

What is Greenwashing?

Greenwashing refers to the practice of misleading consumers about the environmental practices of a company or the environmental benefits of a product or service. This can involve false claims, exaggerations, vague language, selective disclosure, and even visual manipulation like overusing green colors or nature imagery.

It is a practice of making misleading and false claims, convincing the public to think that the company is contributing to the protection and preservation of the environment.

But it’s not just about outright lies — it can also involve greenhushing, or the omission of relevant environmental harms while promoting minor or unrelated “green” efforts.

“In 2021, 42% of the online claims from various businesses were exaggerated, false or deceptive” according to a screening conducted by the European Union and National Consumer Authorities.

Greenwashing can take many different forms, but it usually happens when a company seeks to promote its products or services. Businesses use misleading labels, or unclear language, such as calling their product “eco-friendly” without explaining what it actually means. Some produce false data to improve their image, or selectively highlight one “green” effort to look good, while hiding their other practices that are harmful to the environment. Others rely on misleading visuals and graphics, such as using pictures of nature or overusing the color green.

Our Role in the Green Fight: A practical Guide

So how can you, as a consumer, spot greenwashing? Here is a breakdown of some tips that may be useful:

1. Start by checking for reliable third-party certifications, such as the EU Ecolabel. Be cautious of fake or self-invented eco-labels, which companies may use to simulate credibility. For example, in the “Six Sins of Greenwashing” report TerraChoice, 2007 highlights common deceptive tactics, including “the sin of the imaginary friend”, using fake third-party endorsements.

2. Be cautious of vague and unclear terminology

Terms like “eco-friendly” or “green” without clear explanations or evidence might signal greenwashing. Genuine sustainable brands usually specify exactly why and how their products or services are environmentally friendly.

3. Look beyond attractive slogans and carefully evaluate transparency

Real sustainability means companies provide thorough and detailed information about their overall environmental impact—not just selectively highlighting one minor positive action. Furthermore, truly sustainable businesses back up their environmental claims with solid evidence and detailed reports. Information about emissions or resource usage should be easily accessible and clearly documented. But this isn’t mandatory yet. Full supply chain disclosure is not required until the Corporate Sustainability Due Diligence Directive (CSDDD) comes into force. Finally, remember that visuals can also be deceptive. Overusing green colors or nature-themed imagery might make products appear more sustainable than they actually are. Such tactics are common strategies used to distract consumers from examining the company’s true environmental impact.

Moreover, consumers often lack the climate literacy needed to interpret sustainability reports, even when made available. A recent study shows that more information doesn’t necessarily lead to better understanding or choices.

Still, the abovementioned three quick steps have been summarized below: 

When Green Turns Grey: How Greenwashing Harms the EU

The consequences of greenwashing are felt at every level—from individual consumers to the broader European economy and regulatory frameworks.

Environmental Consequences

Greenwashing has severe environmental consequences, undermining the progress towards the European Green Deal and the Paris Agreement goals to transition to a low carbon economy. It diverts attention and resources from genuinely sustainable initiatives, as consumers become disillusioned and may allow companies to prosper by pretending that they’re green—without doing the work.

Consumer Deception

Greenwashing not only impacts the environment—it also misleads consumers. When companies falsely claim to be “green” or “eco-friendly,” it becomes more challenging for people to distinguish which products or brands are truly sustainable. As a result, the meaning of these terms becomes weaker and more confusing. Additionally, when consumers realise that despite their efforts, they were misled by a company it also erodes their trust. They may feel discouraged, frustrated, skeptical or even stop trying to make environmentally responsible choices which may halt meaningful change.

Distorts Financial Markets

Greenwashing isn’t just bad PR—it’s bad for markets. Investors may want their money to align with their environmental values. But when companies falsely market their goods or operations as “green”, trust disappears. This creates uncertainty, discourages sustainable investing, and destabilizes financial markets. As a result, capital may flow to undeserving companies, while those that are truly working towards sustainability struggle to compete. In the long run, this risks destabilising efforts to fund the green transition – an effort that relies not only on central banks, but also on public investment, private capital markets, and citizen engagement. According to European Commission estimates, achieving the EU’s 2030 climate and energy targets will require additional annual investments of approximately €620 billion, mobilised through a combination of national budgets, EU funding instruments (such as InvestEU and the Innovation Fund), and private financing.

From Claims to Consequences: The EU’s Legal Response to Greenwashing

Among the many legislative instruments adopted by the EU in the context of the “Green deal”, one of the most recent is the Greenwashing Directive which amends the Unfair Commercial Practice Directive (UCPD) and is central for consumers. It introduces specific rules on companies’ sustainability claims, with the aim to contribute to the EU’s green transition by empowering consumers to make informed purchases using reliable sustainability information about products and traders.  The Directive includes a list of claims that are in any event considered “unfair” and prohibited, such as the use of “sustainability” labels that are not based on an independent, third-party certification scheme. This Directive is a noteworthy advancement as it will have a significant impact on how companies communicate their environmental efforts, thereby increasing safeguards for consumers.

However, even more ambitious is the Green Claims Directive which goes a step further by introducing detailed requirements for the substantiation and verification of voluntary environmental claims. Under this proposal, companies will be required to carry out scientific assessments and undergo third-party verification before making environmental claims about their products or services.

…So, the next time you see a product labeled “green,” ask yourself: is it really? Together, through awareness and accountability, both policy and public pressure can turn the tide against greenwashing – for good.

_{Balancing Security Requirements and Fundamental Rights Protection}

By Rebekah, Miruna, Mihai and Vesa

The EU Commission’s 2023 proposal to increase Europol’s authority, especially concerning the systematic processing of biometric data, aims to improve security regarding serious crimes. However, it also raises serious legal concerns for individuals. This blog post critically explores the tension that biometric data poses between increasing surveillance power and fundamental rights under the Charter, which questions: Can this expansion of enforcement powers be justified under the principles of necessity and proportionality, or does it risk going too far?

The Commission proposed a complementary Regulation for Europol regarding migrant smuggling and trafficking in human beings. The proposal aims to improve the coordination between Europol and the Member States regarding sharing information. This entails Member States providing Europol with citizens’ data to effectively address crimes.

But what kind of data does an agency such as Europol need to process? Europol processes biometric data. The EU has defined biometric data as personal information that can be attributed to unique human physical characteristics, such as facial features and fingerprints. Biometric data has been used by law enforcement authorities in the EU through technological advancements to surveil citizens in public spaces. Citizens have raised concerns that the EU provides law enforcement authorities with the right to interfere with citizens’ fundamental rights and freedoms.

How does Europol’s processing of biometric data place it at the center of fundamental rights concerns?

When Europol becomes involved with biometric data, it is concerned about being thrown into the deep end of some of the EU’s most sensitive fundamental rights. Article 7 of the Charter protects our private and family life, while Article 8 gives us a fundamental right to personal data protection. These two fundamental rights are shaped by how the EU needs to handle individuals’ privacy and data protection in practice. Europol is not subject to different rules and must also respect them.

Biometric data became significant with the establishment of the GDPR and the Law Enforcement Directive. This is because biometric data falls under a “special category” of data due to its sensitivity, which means it cannot be handled lightly. Europol can only process this type of data when it is necessary for law enforcement, like preventing or solving serious crimes, and even then, only with solid legal safeguards as outlined by the respective regulations.

Over the years, the Court has made it clear that interfering with fundamental rights is only allowed if it is in accordance with the principles of necessity and proportionality. That means that Europol needs to provide justification for why biometric data is truly essential for carrying out their work and ensure they are not over-collecting or casting too wide a net.

Because without tight rules and accountability, data processing can start to look a lot like surveillance. And that is especially concerning when the individuals being monitored are not even suspects, just non-suspect individuals who might get caught in the digital sweep.

Enhancing security but challenging privacy?

Proponents argue that allowing Europol to process biometric data is crucial in modernising law enforcement and bolstering our security. They claim that by tapping into advanced technologies, such as AI-powered facial recognition systems and machine learning algorithms, Europol can quickly identify and track criminal networks involved in migrant smuggling and human trafficking. This, they argue, helps prevent crimes before they escalate. For everyday citizens, this might mean faster responses during emergencies and more efficient coordination between national police forces across the EU; at the same time, it also raises legitimate concerns regarding individual privacy and data protection.

This approach is similar to the rationale behind the landmark ruling, where the Court underscored the need for a careful balance between state security and individual rights. While that case focused on mass data retention, it highlights the broader principle that privacy interference must be necessary and proportionate.

However, without mandatory measures like independent oversight by the European Data Protection Supervisor (EDPS), robust data retention rules, and enforceable accountability mechanisms, the 2023 proposal risks creating a surveillance apparatus that goes far beyond its intended scope.

How can Europol balance security requirements with fundamental rights, then? 

In contrast to the previous framework, the proposal mandates that Member States consistently provide Europol with biometric data, with no clear limitations on volume, purpose or retention.

The EDPS has raised concerns, stressing that mass collecting of biometric data such as fingerprints or facial scans without proper safeguards and guidelines could interfere with fundamental rights under the Charter. Such concerns have also been raised by citizens as, according to a survey conducted by the EU Agency for Fundamental Rights, only 17% of Europeans are willing to provide their facial photographs to public authorities for identification purposes. The findings also reveal significant differences among the Member States in countries such as Germany and Austria, who show greater resistance to the sharing and processing their biometric data, while others, such as Portugal and Spain, show a more open approach.  Additionally, the  Biometrics Institute’s 2023 Industry Survey found that 54% of participants consider privacy and data protection significant challenges when developing biometric technologies.

As Europol’s powers expand, how do we protect our fundamental rights?

A path forward should come with precise safeguards, not shortcuts. In balancing Europol’s powers on processing large sensitive data such as biometric data with fundamental rights, it is necessary to amend the Europol Regulation by adding more explicit criteria on how biometric data is collected, stored and used. Furthermore, provisions guaranteeing more transparency to avoid misuse of such data or profiling individuals with no criminal links. Lastly, carrying out an independent fundamental rights impact assessment before adopting new powers defines when biometric data can be used and how long it should be strictly limited to migrant smuggling and human trafficking. 

Hence, with clearly defined safeguards in place, the EU and law enforcement agencies, such as Europol, could strike a balance between technological developments and the protection of fundamental rights.

By Yasemin, Lanqin, Exuan and Shuhua

Money laundering is a global crime that undermines economies and causes corruption, crime and terrorism. The European Union (EU) has long implemented international standards and legislative frameworks to combat money laundering and terrorist financing within its territory. However, the scandals highlight that the legislative frameworks without the right enforcement cannot overcome the problem. This blog post shows why the enforcement model should align in terms of the anti-money laundering (AML) industry and whether the creation of the new Anti-Money Laundering Authority (AMLA) can better enhance this mission.

Spotlighted dilemma and its extended approach

Money laundering is the process of hiding funds from illegal activities because criminals want their money to look clean. This is generally divided into three steps. First, criminals put the illicit gains into the financial system. Then, they move money around to hide its origin. Finally, they bring the money back as if it had been earned legitimately. Money laundering is very threatening, which helps to support crimes such as terrorism, fraud, and corruption, and reduces people’s trust in banks and financial systems.

Over the past decade, many money laundering scandals have occurred in the EU. In 2018, Denmark’s largest bank- Danske Bank, was involved in a huge money laundering case in which $236 billion was laundered through its Estonian branch. Lately, Rabobank is about to face prosecution because it failed to prevent money laundering. From the Danske Bank scandal to the recent Rabobank case, there are not isolated failures but symptoms of weaknesses in the EU’s decentralized AML enforcement structure.

Now, the EU has decided to fight back with a new EU agency- AMLA (the proposal was tabled in 2021, and the regulation was adopted in 2024). Through EU-level supervision, AMLA will support national supervisors and financial intelligence units (FIUs), and enhance cooperation and coordination among member states. But there is another question: Does this new EU agency fit the industry it supervises?

National enforcement wasn’t enough

The current AML mechanism is based on national authorities, with European Banking Authority (EBA) advice and policy-setting. Financial intelligence units (FIU) collect unusual transactions from entities with an obligation to report, analyse them and share them with law enforcement and security agencies as necessary, and exchange information with FIUs worldwide. The concern is that the ‘insufficient detection of suspicious transactions and activities by FIUs, particularly in cross-border cases, limits their capacity to suspend transactions and to disseminate relevant information to competent authorities’. Due to a lack of coordination and information sharing among FIUs, cross-border suspicious transactions are often not identified and responded to in a timely manner’.

For instance, in the Netherlands, Dutch banks are required to report unusual transactions to the FIU-Nederland. DNB supervises the effective fulfilment of the banks’ compliance obligations under the Anti-Money Laundering and Counter-Terrorist Financing Act (Wwft) and the enforcement of sanctions. In 2024, the recent Dutch AML cases, including Volksbank and Rabobank, indicate weaknesses in national enforcement, like a dysfunctional system that generates alerts about customers and their transactions and inadequate action following an alert.

Besides, ‘the application of AML/CFT rules across EU is both ineffective and insufficient’ is hard to ignore according to the impact assessment. There are differences in the formulation and enforcement of AML regulations among member states, leading to unclear rules and inconsistent standards, which affects the uniformity and effectiveness of the entire framework. Besides, the inconsistency of regulatory resources and methods across countries has left some industries and subjects in the regulatory blind spot for a long time, especially in the non-financial sector.

Europe’s new watchdog: AMLA

As one manifestation of the AML’s enforcement model transferring from prominently relying on member states’ authorities to the institution at the EU level, AMLA is further empowered to deal with challenges such as the lack of effectiveness and insufficiencies of the contemporary AML framework.

As an integrated system composed of itself and national authorities, AMLA is entrusted with more direct and indirect supervision powers compared to the more advisory or policy-making role assumed by EBA. For instance, in terms of governing selected obliged entities in the financial sector, national supervisors participate in selecting, listing, and reviewing the entities by the joint supervisory teams in charge of AMLA. Meanwhile, AMLA can exercise direct supervision, such as by adopting binding decisions and especially pecuniary administrative sanctions. In terms of governing non-selected obliged entities, while AMLA enforcement power relies on member states, in which national supervisors retain full responsibility and accountability for direct supervision, AMLA actively coordinates national authorities to help them increase their enforcement effectiveness. With these powers entrusted, AMLA is expected to enhance AML enforcement through the centralization of certain tasks, responsibilities and powers within such a central authority. Nevertheless, diversity and disparity in AML enforcement among member states still have chances to occur.

The Industry Matters: AMLA ensures the security of the industry and consumers

Money laundering is not just a local issue; it is international. The threat of money laundering and financial crime is cross-border and involves high risk. Because of these characteristics of money laundering, prevention needs to be a priority before non-compliance occurs. If it is detected, authorities need to move faster and take effective action.

However, there has to be the right enforcement mechanism to prevent it. Because good laws can only be better implemented with the right hands. If the regulated industry is highly concentrated and international, as previously pointed out with the recent scandals, national authorities may fail to implement such successful rules. Unmatching the enforcement model with the regulated industry can create problems not just for the market actors but also for the safety and trust of EU citizens.

To illustrate this challenge, consider the analogy of housing design. Imagine living in a detached house with a concrete exterior and buying quality paint perfect for your walls. It might be the ideal solution for your home alone, but what if it is part of a larger complex? Suddenly, it might not fit in with everything else. The best results will not come from acting alone but from a shared decision to harmonize the whole complex. It is the same with anti-money laundering enforcement; it cannot be expected to work effectively if each Member State paints its own house, because the regulated AML industry is not a house but an integrated complex. AMLA is a new EU agency that ensures that Member States are on the same page when it comes to supervising money laundering. Its centralized powers and EU-wide reach aim to sustain a better and risk-free industry in the future.

The EU is moving AML enforcement to Brussels by establishing a centralized enforcement model: AMLA. With AMLA stepping into the role of Europe’s central watchdog, the EU is aligning its enforcement with the regulated industry characteristics. The next challenge will be ensuring AMLA’s effectiveness and adaptability in a fast-evolving risk landscape.

By Elaine, Gersi, Joris and Leonoor

The Asylum Crisis 

Granted with a new mandate following the adoption of Regulation (EU) 2021/2303 on 19 January 2022, the European Union Agency for Asylum (EUAA) has transitioned into a full-fledged agency. Its goal is to improve the functioning of the Common European Asylum System (CEAS). As the successor of the European Asylum Support Office (EASO), the EUAA is tasked with upholding and promoting respect for fundamental rights within the European Union’s (EU) asylum system. 

Fundamental rights are particularly relevant in the CEAS. This is especially so, given that migrants and asylum seekers often find themselves in a vulnerable position. This can be due to for example their lack of resources, and poor living and material conditions. Following the mass influx of refugees on the EU’s shores leading to the asylum crisis of 2015, a reform of the CEAS was needed to create ‘a more humane, fair, and efficient European asylum policy’. In light of this, the EUAA has implemented a more robust fundamental rights strategy. This strategy contains several safeguards.  

One of these safeguards is the new Fundamental Rights Officer (FRO). The FRO portraits the enforcement of, and adherence to fundamental rights within the EUAA. In this blog post it will be argued that, as follows from the 2022 Ombudsman initiative, the FRO adds value to the workings of the EUAA. This is because the FRO aids the Agency in several ways within the field of fundamental rights. 

François Deleu: the man for the job 

Following the new fundamental rights strategy, Article 49 Regulation 2021/2303 requires the Management Board of the Agency to install a FRO. The FRO is appointed to design a new Fundamental Right Strategy, manage a new complaints mechanism, and contribute to the Agency’s Monitoring Mechanism. Appointed in May 2023, François Deleu is the first to take on this task.  

“I will develop and uphold a robust Fundament Rights Strategy that will build on what is already in place, ensuring that the respect for fundamental rights is central to all the Agency’s growing activities” ~ François Deleu 

While the FRO works independently, Deleu collaborates with the Agency’s Consultative Forum of Civil Society Organisation to create the new Fundamental Right Strategy. The Consultative Forum has an advisory function: it is established to exchange information with relevant civil society organisations and bodies operating in the field of asylum. This includes the European Union Agency for Fundamental Rights and the European Border and Coast Guard Agency (Article 50 Regulation 2021/2303). Together, the FRO and Consultative Forum aim to ensure that the Fundamental Right Strategy is properly reflected in the Agency’s workings. They also work towards preventing breaches of the Charter of Fundamental Rights of the European Union (Charter). 

The FRO is designed as a response to the 2019 Ombudsman decision on maladministration in the practice of the EASO. The FRO therefore manages a complaints mechanism created for individuals who may have suffered a violation of their fundamental rights by an expert employed by the EUAA. The FRO moreover contributes to the Agency’s Monitoring Mechanism of Member States’ asylum systems. The FRO does so by ensuring that this mechanism takes fundamental rights concerns into account.  

Organisational structure of the EUAA 

A Slow Start… 

Following the 2021 revamping of the EUAA framework, the European Ombudsman opened a new strategic initiative. In this initiative, the Ombudsman posed 16 questions to the Agency. This included questions on how the EUAA complies with its fundamental rights obligations and how it ensures accountability for potential violations. These questions related to the renewed protection offered by the 2021 Regulation. It therefore raised attention to the FRO. What followed was a back-and-forth correspondence between the Agency and the Ombudsman.  

It should be mentioned here that the Ombudsman does not issue legally binding decisions. However, its reports are valuable in assessing the Agency’s compliance with its fundamental rights obligations. This follows from its mandate of investigating ‘instances of maladministration in the activities of the Union institutions, bodies, offices or agencies’ (Article 228(1) TFEU).  

At the time of the investigation, Deleu had not yet been appointed. One of the questions therefore rested on when the Agency anticipated this position to become operational. In the Agency’s initial reply of 11 July 2022, it walked through the appointment procedure for the FRO. The reply highlighted that certain steps like kick-starting the selection process were taking longer than expected. This could be owed to the “extensive consultations” held with all involved stakeholders. These consultations were needed to ensure that the necessary attention to detail was afforded in the selection of candidates. 

The Ombudsman later expressed disappointment in February of 2023 that the position remained vacant more than a year after the 2021 Regulation came into force. It urged the Agency to fill this position as “a matter of urgency”, because of the need to operationalise the Agency’s other fundamental rights mechanisms. In this way, the FRO can be seen as the catalyst for all EUAA fundamental rights mechanisms.  

 …But a Promising Future 

As mentioned, the FRO position was eventually filled in 2023. At the time of writing, Deleu now holds office for nearly a year. So, what can be said for this new development?

At the end of June 2023, the Agency replied to the Ombudsman observations. In the reply, the Ombudsman was informed of this long anticipated appointment. Also, it was stated that the fundamental rights strategy was expected to be adopted in March/April 2024. At the time of writing, it can therefore be expected any day. 

Additionally, the response addressed recommendations for the FRO to review all operational plans signed between the Agency and EU Member States. It highlighted that Deleu had already reviewed plans with Spain, Bulgaria and Lithuania since entering office. Here, the value of the FRO can be seen through its direct involvement in scrutinising Member State plans. 

In July of 2023, the EUAA also published its Annual Report about asylum in the EU. In the Annual Report, it discusses its newly developed escalation process. This process is outlined under Article 18(6)(c) of the 2021 Regulation. It stipulates that the Agency’s Executive Director can suspend or terminate asylum support teams in a Member State that is violating fundamental rights or international protection obligations. This is done after consultation with the FRO. 

An overview of the EUAA's timeline (made by the authors of this post)  

A Well-Rounded Appointment 

As a final note, the recruitment process’ emphasis on maintaining the FRO’s independence towards the Executive Director should be highlighted. This is important due to the weight placed on independence in the FRO’s mandate. The selection committee for the post therefore included external stakeholders, like the European Commission Directorate-General for Migration and Home affairs. So, while the position is appointed internally, individuals from outside the Agency have a say in deciding the next FRO. Based on the selection procedure, a list of candidates is sent to the Management Board, which ultimately takes the final decision. Ultimately, it is therefore an internal decision with external input.  

The importance attributed to the FRO in the Ombudsman initiative has now been shown. The office’s essential role in upholding the new framework’s mechanisms is also evident. Hence, the FRO can be seen to hold great added-value for the Agency, with further-untapped potential. 

By Ariana, Beatrice and Elsa

Due to increasing global mobility and security challenges, Europe has reinforced its border management strategies. The European Border and Coast Guard Agency, commonly known as Frontex, is essential to this policy. Frontex is in charge of assisting the Member States in managing the European Union’s external borders. On this subject, a new system will be implemented: the European Travel Information System (ETIAS). This new system contributes to fortifying the external European borders, and Frontex has a significant role in its implementation.

Photo: European Travel to Become Payable: EU Introduces ETIAS. Source: Collage The Gaze

The European Travel Information and Authorization System (ETIAS): a brief explanation 

What is ETIAS?  

ETIAS was introduced by Regulation 2018/1240. This new European travel authorization system will be implemented in 2025. It will be completed via an online application that will cost €7 for people aged 18 to 70.  

This travel authorization will impose on travelers the obligation to provide personal data, including the level of education, occupation, the address of the first intended stay, and prior convictions for criminal or terrorist offenses. This data will assess the risk of the threats above and create an ETIAS watchlist concerning people at risk of committing or having committed a terrorist offense.

This new electronic authorization system is intended to apply to visa-exempt visitors from third countries traveling to a Member State of the European Union or the Schengen area (except Ireland) for less than 90 days.  

European Travel Information and Authorisation System (ETIAS): In a nutshell

What is the goal of implementing ETIAS?

The European Commission aims to strengthen controls at the external borders to preserve freedom of movement within the internal market and, more generally, the Schengen area.  

The establishment of ETIAS answers several objectives. This system has been designed to reinforce security at the borders, especially against terrorism and irregular immigration. By conducting security risk assessments of visitors before their arrival at the border, the goal is to prevent potential threats, even potential epidemic threats, from entering the Schengen area.

Moreover, this system aims to support the objectives of the Schengen Information System (SIS), the platform Schengen area members utilize to exchange real-time data on individuals and objects of interest. ETIAS will contribute to preventing, detecting, and investigating terrorist offenses and serious criminal activities.

Finally, the other purpose of ETIAS is to streamline border management to facilitate legitimate travel.   

How will ETIAS work?

ETIAS is an automated IT system that performs tasks or processes automatically without continuous human intervention. ETIAS will use artificial intelligence (AI) to analyze applications from third-country nationals wishing to stay in the Schengen area for less than 90 days. Nationals from the 60 countries covered by ETIAS will have their applications automatically analyzed by various European databases, such as Frontex or Europol, to ensure they do not constitute a threat. Applicants will mostly receive an answer in less than an hour, but it could take up to a month. Frontex has stated that, on average, 97% of applications would receive rapid authorization. Regarding the remaining 3%, these applications will be reviewed manually by the ETIAS Central Unit. Frontex is responsible for setting up and operating this Central Unit.

ETIAS, THE ELECTRONIC TRAVEL AUTHORISATION FOR EUROPE

 The Role of Frontex…

Frontex, created in 2004, is one of the most critical European agencies. Its relevance has grown over the years and, with a budget of over 845 million euros in 2023, plays a crucial role in enforcing EU borders policy. This European agency provides support to Member States in their efforts to control and secure the external borders of the Schengen. Therefore, it is logical that Frontex plays a pivotal role in enforcing ETIAS.  

…in enforcing ETIAS

According to Article 7 of the ETIAS Regulation, Frontex is responsible for setting up and operating the ETIAS Central Unit. This Unit is within Frontex’s organization and manages ETIAS.

Frontex

First, concerning online application provided by the travelers. During the processing of the data sent by the applicant, if there is a hit, the ETIAS Central Unit will have the responsibility to cross-check the information of the person in question against the information contained in the Central System. Information encloses in the Central System include other EU information systems, Europol, and Interpol data. This will allow the Central Unit to determine whether the applicant is welcome in the Schengen area.

Frontex is further tasked with performing audits of the processing of applications to safeguard fundamental rights in this process. In doing this, Frontex agents will have to examine how the continental Unit manages online applications’ fundamental rights, such as the right to privacy and non-discrimination. The ETIAS central unit must respect these rights throughout the data analysis process but also subsequently regarding their storage.

Frontex officials are responsible for ensuring the data entered in application files is up to date. The Central Unit is tasked with publishing an annual activity report containing statistical data on ETIAS’s functioning and general information on its activities, activities, and concerns. The report is made to the European Parliament, the Council, and the Commission.

One of the most critical tasks of Frontex is that it is charged with defining, revising, and deleting, as well as assessing risk indicators to ensure the security of Europe’s borders, according to Article 33 of the ETIAS Regulation. These risk indicators are listed in Recital 27 of the ETIAS regulation and relate to threats regarding security, irregular immigration, or high epidemic risks. The risk indicators are based on the factors provided by the ETIAS online application, which include nationality, residence, education, and employment status. Those criteria have been chosen to avoid discrimination. Applications will be automatically checked against this list of risk indicators. If a hit is triggered, the Central Unit cross-checks this(/these) hit(s) against other databases and, depending on the result, either issues a travel authorization or refers the case to a competent Member State authority, who will manually process the information and either grant or refuse the travel authorization. This meticulous process ensures that ETIAS balances security concerns with respect for individual rights and non-discrimination principles.

By Yanfui, Ana, Clara and Sebastian

As the European Union agency for “European integrated border management”, Frontex is the centre for border control activities at the EU’s external borders, sharing intelligence and expertise with all Member States and with neighboring non-EU countries affected by migratory trends and cross-border crime. It plays an active role in return operations. Under Article 3 of Directive 2008/115, return decisions are taken when the stay of the third-country national is declared illegal, which occurs when the person does not fulfill the requirements of that Member State, not carrying the required visa or residence permit.

Regarding the critics to Frontex, according to a report from 2020, Frontex faces two main challenges concerning pushbacks: accountability and transparency. These issues have become increasingly visible in recent years. Nevertheless, the protection of Fundamental Rights has still not been sufficiently improved. This is particularly paradoxical, as this topic has been the subject of countless publications in the legal literature and the EU legislator is also aware of the problematic situation, given that the protection of Fundamental Rights is mentioned more than 230 times in the corresponding Regulation. In the context of this blogpost, we will show where the greatest deficits exist regarding transparency and accountability, and thus where the greatest need for legislative action exists. To wake up the legislator and ultimately to push the legislator to real sustainable action, we will suggest that the Ombudsman could take on a decisive role. 

When Borders Become Barriers: The Unintended Consequences of Europe’s Approach to Border Control

In February, the sinking of a vessel carrying 59 refugees from Turkey to Italy was blamed on Greece. With regards to Frontex, it has cooperated in protecting the coast, which made refugees decide on circumventing the Greek islands and taking the more life-risking approach by attempting to reach Italy. Consequently, both Greece and Frontex have been accused of taking part in those deaths, and we still lack information on their participation in this incident during their border protection activity.

Unfortunately, this is only one of numerous examples in which migrants coming in seek of asylum are subject of violence, detained, stripped, confiscated of their belongings, and pushed back to their territory.

No transparency in reality

Despite being an extremely regulated agency, the observable deficits in Frontex’s way of functioning raise doubts about its role as a border control agency. The lack of transparency and accountability in Frontex’s activities has been subject to debate since the Agency was created, with several calls demanding a solution to this issue at a national and European level, with no significant changes to this date.

When Frontex does not meet its transparency obligations, holding it effectively accountable for its actions is further complicated by the non-accessibility of all information. Even though a transparency mechanism can be found in Regulation 1049/2001 -to which Frontex is subject to- access to Frontex’s documents remains highly restricted on account of the nature of the information they contain. This cult of secrecy is further increased by the requisites prescribed in the Regulation: To access Frontex’s documents the person must be a citizen of the European Union. This reduces many potential information requests, as those primarily affected by Frontex’s actions do not meet this requirement.

Moreover, from an accountability point of view much has been reviewed and promised yet no noticeable changes can be seen. Being an EU Agency, Frontex is bound by the Charter, which consequently shields migrants from refoulement and collective expulsions. It also prohibits the conduction of push backs, as well as any sort of participation in them and the omission of acting against them. At first sight, the law is clear, and the system should work. Yet it is still extremely complicated to hold Frontex accountable when it does not comply with said obligation, even when tools created with significant effort such as the ‘individual complaint mechanism’ exist. The reason is not surprising: Frontex’s is formed by multiple actors from quite diverse backgrounds which makes it particularly challenging to allocate responsibility in case of wrongdoing, specifically in the context of pushbacks.

Enhancing political attention as the way forward in addressing the non-accessibility hurdle

The main changes needed to improve accessibility are more or less obvious. The right of access to information must be made more effective by also granting it to non-EU citizens. In addition, the requirements for refusing the right to information on public security grounds must be made more stringent, so that this straightforward way of denying access is no longer available. Since the EU legislator, despite frequent and repeated criticism, has so far not genuinely chosen to strengthen the fundamental rights protection at the expense of less effective border protection, the question arises how the legislator can be pushed to such legislative changes.

For this purpose, the European Ombudsman should be involved to a greater extent by receiving complaints about Frontex activities. The broad mandate from Art. 228 (1) TFEU would allow the Ombudsman to deal with such complaints, to make them public and to enter into an accountability dialogue with Frontex. It is true that here, too, only natural persons residing within the EU can file a complaint, which will probably never be the case in practice regarding persons who have been pushed back. However, legal persons located within the EU can also file corresponding complaints and thus draw the attention of the Ombudsman to deficiencies in the work of Frontex at the border. Such legal persons are non-governmental organizations (NGOs), most of which have a registered office within the EU. These could serve here as a spokesperson for the third-country nationals who have been pushed back. The Ombudsman can then forward the submitted complaints to the European Parliament through so-called special reports, which would ensure that the issue is debated and thus gains political attention.

Even if an EU institution would not be obliged to comply with the Ombudsman’s recommendations, it can be pressured towards compliance through public ‘naming-and-shaming’. Even if immediate changes would fail to materialize due to the lack of far-reaching powers of the Ombudsman, the Ombudsman’s activities and demands could prepare the ground for later secondary legislation changes by increasing political pressure by highlighting the deficiencies to the public. The Ombudsman’s ability to persuade the legislator to amend the legislation has been proven, for instance, by the introduction of the complaint mechanism in Art. 111 of the Frontex Regulation, which was ultimately also based on the suggestion of the Ombudsman.

By Juliette, Ahmed, Katrin and Tom

(Source: European Commission, Migration and Home Affairs, available at: https://home-affairs.ec.europa.eu/agencies_en)

The shared administration, intended as the division of tasks between national authorities and Frontex regarding the protection of the European external borders, has changed over time with the enlargement of Frontex’s powers. This has raised issues of responsibility when a Fundamental Right (hereinafter FR) violation occurs. One possible solution for Frontex to escape this issue is the use of Article 46 of Regulation 2019/1896 (hereinafter the Regulation). We argue that this Regulation lacks a real distinction of responsibility between Frontex and the national authorities. This lack is then profitable to violations of FR because it is hard to sanction and prevent violations if it is not possible to correctly identify a “guilty party”.

Evolution of Frontex’s enforcement powers and shared administration

The recent evolution of Frontex, the European and Coast Guard Agency (EBCG) by the most recent Regulation illustrates a remarkable development in the EU’s institutional landscape with the transformation of Frontex into a new type of organisation equipped with direct decision-making powers. In fact, while the original operational mandate was limited to the planning, coordinating and evaluating the operations, this all changed with the new Regulation which created the permanent staff of the Agency whose executive powers are exercised under the command and control of the Member State hosting the operation. The permanent new staff of Frontex is a new resource to support national border management authorities in exceptional circumstances and in day-to-day operations. This novelty changed the very basic principle and former division of tasks between the Agency and the Member States, according to which the implementation of EU policies, such as the application of the Schengen Borders Code rules, was strictly the responsibility of national border guards or border police.

This increase in Frontex’s mandate and the modified shared administration do not include a specific accountability system between the national authorities and Frontex when the operations are wrongly conducted. The only important addition of the new Regulation is the Article 46 which provides Frontex with the possibility to suspend, terminate or not launch activities especially when there is a risk of a FR violation. This possibility exists when the dignity of its own actions, in the sense of upholding FR, cannot be guaranteed adequately. Frontex has already invoked Article 46 once in the case of Hungary in 2021. While this was an important step, the invocation only occurred after five years of pressure from the Fundamental Rights Officer and a CJEU ruling. This phenomenon clearly shows that Frontex is not prone to withdraw its actions by invoking Article 46.

Fundamental Rights violations

Frontex is required by law to ensure that human rights are upheld during operations under both EU and international law. Nevertheless, OLAF discovered that Frontex repeatedly took active actions to ensure that the human rights crimes that were occurring would not be seen, documented, investigated, or accounted for. More specifically, it demonstrates how Frontex misled the European Commission and Parliament as well as how the Fundamental Rights Officer was side-lined and internal reports on human rights abuses were distorted. Frontex was aware of FR violations by the national authorities and sometimes even participated in it. The EU Agency failed to address and effectively follow up on these violations as to prevent similar foreseeable violations in the future.

Some authors have proposed that Frontex should be held responsible both directly and indirectly, especially concerning the misuse of Article 46 when FR are violated. However, the CJEU has not ruled on this matter yet.

Lack of effective responsibility mechanism under the Regulation of 2019

Hence, while direct enforcement powers of Frontex have grown, methods for holding Frontex accountable and responsible for its actions and violations of FR have not. In the existing system, any wrongdoing by Frontex can effectively be concealed due to its reliance on national authorities who oversee the actions of Frontex’s staff during ground operations.

However, even if Frontex is dependent on the command of national authorities, this does not alleviate the European and Coast Guard Agency from the obligation to respect FR as prescribed in Article 3, paragraph 2 of the Regulation.

Also, as stated above, Article 46 gives the possibility for Frontex to suspend, terminate or not launch activities especially when there is a risk of FR violation. Nevertheless, notwithstanding the numerous reports filed by the Fundamental Rights officer, Frontex did not make use of Article 46 in the 2021 crises affecting the eastern borders of the EU. Frontex was aware of the ground-breaking legislative amendments of the alien’s laws in Lithuania at the time of their deployment. As a matter of fact, these amendments were in complete breach of the European Convention of Human Rights (ECHR) considering that they introduced limitations on accessing asylum procedures; extended the use of detention (up to six months); and restricted individuals’ access to information, interpretation, medical care and legal aid. It is only in July 2022, following a CJEU’s decision which concluded that the above-mentioned amended Lithuanian migration and asylum laws were in breach of EU law, that Frontex decided to terminate its operations when it could have triggered Article 46 much earlier.

It can thus be argued that the lack of real distinction of responsibilities between Frontex and the national authorities, combined with the practice of Frontex to not rely on Article 46, further worsens the underlying tension between the protection of FR and the protection of the external borders of the EU.