The Role of Frontex in Enforcing ETIAS

By Ariana, Beatrice and Elsa

Due to increasing global mobility and security challenges, Europe has reinforced its border management strategies. The European Border and Coast Guard Agency, commonly known as Frontex, is essential to this policy. Frontex is in charge of assisting the Member States in managing the European Union’s external borders. On this subject, a new system will be implemented: the European Travel Information System (ETIAS). This new system contributes to fortifying the external European borders, and Frontex has a significant role in its implementation.


Photo: European Travel to Become Payable: EU Introduces ETIAS. Source: Collage The Gaze

The European Travel Information and Authorization System (ETIAS): a brief explanation 

What is ETIAS?  

ETIAS was introduced by Regulation 2018/1240. This new European travel authorization system will be implemented in 2025. It will be completed via an online application that will cost €7 for people aged 18 to 70.  

This travel authorization will impose on travelers the obligation to provide personal data, including the level of education, occupation, the address of the first intended stay, and prior convictions for criminal or terrorist offenses. This data will assess the risk of the threats above and create an ETIAS watchlist concerning people at risk of committing or having committed a terrorist offense.

This new electronic authorization system is intended to apply to visa-exempt visitors from third countries traveling to a Member State of the European Union or the Schengen area (except Ireland) for less than 90 days.  



European Travel Information and Authorisation System (ETIAS): In a nutshell

What is the goal of implementing ETIAS?

The European Commission aims to strengthen controls at the external borders to preserve freedom of movement within the internal market and, more generally, the Schengen area.  

The establishment of ETIAS answers several objectives. This system has been designed to reinforce security at the borders, especially against terrorism and irregular immigration. By conducting security risk assessments of visitors before their arrival at the border, the goal is to prevent potential threats, even potential epidemic threats, from entering the Schengen area.

Moreover, this system aims to support the objectives of the Schengen Information System (SIS), the platform Schengen area members utilize to exchange real-time data on individuals and objects of interest. ETIAS will contribute to preventing, detecting, and investigating terrorist offenses and serious criminal activities.

Finally, the other purpose of ETIAS is to streamline border management to facilitate legitimate travel.   

How will ETIAS work?

ETIAS is an automated IT system that performs tasks or processes automatically without continuous human intervention. ETIAS will use artificial intelligence (AI) to analyze applications from third-country nationals wishing to stay in the Schengen area for less than 90 days. Nationals from the 60 countries covered by ETIAS will have their applications automatically analyzed by various European databases, such as Frontex or Europol, to ensure they do not constitute a threat. Applicants will mostly receive an answer in less than an hour, but it could take up to a month. Frontex has stated that, on average, 97% of applications would receive rapid authorization. Regarding the remaining 3%, these applications will be reviewed manually by the ETIAS Central Unit. Frontex is responsible for setting up and operating this Central Unit.

ETIAS, THE ELECTRONIC TRAVEL AUTHORISATION FOR EUROPE

 The Role of Frontex…

Frontex, created in 2004, is one of the most critical European agencies. Its relevance has grown over the years and, with a budget of over 845 million euros in 2023, plays a crucial role in enforcing EU borders policy. This European agency provides support to Member States in their efforts to control and secure the external borders of the Schengen. Therefore, it is logical that Frontex plays a pivotal role in enforcing ETIAS.  

…in enforcing ETIAS

According to Article 7 of the ETIAS Regulation, Frontex is responsible for setting up and operating the ETIAS Central Unit. This Unit is within Frontex’s organization and manages ETIAS.





Frontex

First, concerning online application provided by the travelers. During the processing of the data sent by the applicant, if there is a hit, the ETIAS Central Unit will have the responsibility to cross-check the information of the person in question against the information contained in the Central System. Information encloses in the Central System include other EU information systems, Europol, and Interpol data. This will allow the Central Unit to determine whether the applicant is welcome in the Schengen area.

Frontex is further tasked with performing audits of the processing of applications to safeguard fundamental rights in this process. In doing this, Frontex agents will have to examine how the continental Unit manages online applications’ fundamental rights, such as the right to privacy and non-discrimination. The ETIAS central unit must respect these rights throughout the data analysis process but also subsequently regarding their storage.

Frontex officials are responsible for ensuring the data entered in application files is up to date. The Central Unit is tasked with publishing an annual activity report containing statistical data on ETIAS’s functioning and general information on its activities, activities, and concerns. The report is made to the European Parliament, the Council, and the Commission.

One of the most critical tasks of Frontex is that it is charged with defining, revising, and deleting, as well as assessing risk indicators to ensure the security of Europe’s borders, according to Article 33 of the ETIAS Regulation. These risk indicators are listed in Recital 27 of the ETIAS regulation and relate to threats regarding security, irregular immigration, or high epidemic risks. The risk indicators are based on the factors provided by the ETIAS online application, which include nationality, residence, education, and employment status. Those criteria have been chosen to avoid discrimination. Applications will be automatically checked against this list of risk indicators. If a hit is triggered, the Central Unit cross-checks this(/these) hit(s) against other databases and, depending on the result, either issues a travel authorization or refers the case to a competent Member State authority, who will manually process the information and either grant or refuse the travel authorization. This meticulous process ensures that ETIAS balances security concerns with respect for individual rights and non-discrimination principles.

User Influencing and a Pragmatic Role for Competition Authorities

Over the past decade, user influencing practices have gained prominence in academic and digital policy debates in Europe. These practices include dark patterns, dark nudges, sludge, and highly personalised processes such as hypernudging. In essence, they rely on manipulating users’ cognitive and environmental constraints to steer their behaviour in a predictable manner. Growing empirical evidence of harms have triggered regulatory responses in the recent Digital Services Act, Digital Markets Act, Artificial Intelligence Act, and Data Act. In addition, the enforcement guidance documents were updated to sharpen the application of EU data protection and consumer laws to capture these practices. In this blog post, I focus on European competition law as an alternative instrument that has so far been largely overlooked in user influencing debates. As user influencing may lead to distortion of competition and consumer harm, competition authorities should take a more active, yet pragmatic, role in addressing these challenges.

Continue reading “User Influencing and a Pragmatic Role for Competition Authorities”

Google – a natural monopoly?

I. Introduction

In the vast landscape of technology, Google stands out as a global giant, operating the world’s largest search engine, Google Search. The sheer influence and market power of this tech behemoth has sparked debates over whether Google qualifies as a natural monopoly, which would mean that it could be subjected to ex-ante, utility-like regulation combined with separation. This contribution delves into the ongoing discourse surrounding Google’s classification as a natural monopoly, analyzing contrasting perspectives, exploring potential regulatory approaches, and analyzing their impact on enforcement. The argument built below leans on an in-depth literature review to offer insights into the complex realm of regulating a tech giant like Google. Finally, for its analysis, this contribution focusses on Google Search as it is Google’s main service and the debate on the classification of Google as a natural monopoly has been related to this service specifically.

Continue reading “Google – a natural monopoly?”

Preparing the European Union for a Geoengineering Future: Exploring the Interplay of EU and International Law in Geoengineering

Introduction

Geo-Engineering (GE) is an attempt to intervene in the Earth´s climate system. It refers to “the deliberate large-scale intervention in the Earth’s climate system to counteract man-made climate change”. Solar Radiation Management (henceforth GE), is to mitigate global warming by reducing solar radiation reaching the Earth’s surface through techniques such as stratospheric aerosol injection, aiming to cool the planet by reflecting a portion of incoming sunlight. This could have significant levels of risk concerning its impact on the global climate system, natural ecosystems, weather patterns, biodiversity and human rights, therefore having heterogenous externalities. So far, only the legally binding London Convention / London Protocol (LC/LP) and the Convention on Biological Diversity (CBD) regulates the fertilization of oceans to promote CO2-binding algae, another type of GE. Other regulation on GE is lacking.  In June 2023 the European Commission (EC) published their intention to “support international efforts to comprehensively assess the risks and uncertainties of such climate interventions and promote discussions on a potential international framework for their governance, including research into related aspects”.

This blogpost highlights the EU´s potential leading role in the evolving landscape around GE regulation and gives recommendations how the EU can leverage existing mechanisms to address the complexities possible GE regulation entails.

Continue reading “Preparing the European Union for a Geoengineering Future: Exploring the Interplay of EU and International Law in Geoengineering”

Effectiveness and Procedural Protection in Cross-Border GDPR Enforcement

Enforcement of the General Data Protection Regulation (Regulation 2016/679 or GDPR) is organized mainly alongside decentralized procedures, where national supervisory authorities (SAs) are responsible for monitoring and supervising the diverse market of small and large data controllers and processors. Since processing often has a transnational character, enforcement becomes a transnational affair too. Therefore, the GDPR lays down a (complex) cooperation mechanism according to which national SAs in different Member States shall coordinate the outcome of enforcement procedures, in order to address violations together – potentially with involvement of the European Data Protection Board (EDPB) too. While this procedure was, from the outset, infamous for its complexity, concerns regarding under-enforcement of cross-border cases now seem to materialize in practice. This blogpost highlights a number of recommendations that aim to increase the effectiveness of cross-border GDPR enforcement and the protection of data subjects within these procedures. 

Continue reading “Effectiveness and Procedural Protection in Cross-Border GDPR Enforcement”

Not so flexible? The instrumental usage of soft law in EU telecommunications regulation

What is ‘instrumental usage’ of soft law and why does it matter?

At the hand of a case study in the telecom sector, this blogpost maintains that soft laws can erode the principles of accountability and vertical division of powers when used instrumentally/strategically by enforcers. An example of such strategic use will be the instance when, due to its ineffectiveness, a soft law instrument is converted/leveraged into hard law. The working definition of instrumental use coined by this author is as follows: deploying soft law in order to obtain enforcement outcomes that are consistent with an enforcer’s own vision of the ‘correct’ modus operandi of EU (utility) regulation (and away from public interest/public good considerations).  

Continue reading “Not so flexible? The instrumental usage of soft law in EU telecommunications regulation”

The Jean Monnet Network on enforcement of EU law (EULEN): results and conclusions

By the Network members

The Jean Monnet Network on enforcement of EU law (EULEN) was launched in September 2019. This ERASMUS+ project has been funded for four years; it came to an end in September 2023. This blog post offers a recap of the network’s departing points, results and conclusions. The EULEN network aims at developing further, including holding an annual conference with a call for papers (to be announced in due time), in order to contribute to research and practice in the field of enforcement of EU law.     

 

Continue reading “The Jean Monnet Network on enforcement of EU law (EULEN): results and conclusions”

A “bi-partite” AI Liability framework: Compensatory measures to enforce compliance with preventive measures

Redefining Liability

 

Current regimes and traditional notions of liability, in Europe and elsewhere, have been challenged by the emergence of Artificial Intelligence (AI) and its specific features. On one side, the combination of the features of openness, data-drivenness and vulnerability, enables the harm of further categories of protected interests – such as privacy, confidential information, cybersecurity, etc. – which in turn challenges the notion of damage. On the other side, the characteristics of autonomy, unpredictability, opacity, and complexity, impact the notions of causation and duty of care. All these features render liability assessments difficult, unless AI systems are adequately governed.

 

So far, the EU’s liability framework has only been partially harmonized. For instance, the current Product Liability Directive (Directive 85/374/EC, “PLD”), implemented into Member State law, dates back to 1984 and fails to encompass AI-related harm. Fragmentation in the EU’s existing liability regime call for its revision, to catch up with the rapid changes brought by AI. This is what the proposed framework on AI liability, which can be defined as “bi-partite”, aims to achieve.

 

The proposed AI Act, part of the Commission’s 2021 AI package – and coupled with the proposed Machinery Regulation – constitutes preventive, ex-ante measures adopting a risk-based approach to govern AI systems. Gaps in redress mechanisms under the AI Act, and doubts surrounding its surveillance authority system and AI auditing ecosystem, raise questions regarding the regulation’s enforcement. To face the scenario where a lack of compliance generates damages, the ex-ante legislation has been complemented by two proposals for compensatory, ex-post measures: the revised Product Liability Directive (“revised PLD”) and AI Liability Directive (“AILD”). We look into how the revised PLD and the AILD contribute to the enforcement of the preventive measures, by pushing for compliance with the obligations they introduce.

 

Continue reading “A “bi-partite” AI Liability framework: Compensatory measures to enforce compliance with preventive measures”

EU-law in practice: Compliance of the Netherlands with EU-law 2010-2020

As a member of the EU, the Netherlands is obliged to implement and comply with EU law.  The European Commission investigates non-compliance of EU-law, for example by means of a formal infringement procedure. The Dutch ministry of Foreign Affairs informs parliament every three months about infringement procedures, and cases before the Court of Justice of the EU (CJEU). However, not much is known about what happens behind the scenes. For example, how often are there EU Pilot procedures, i.e. informal pre-infringement procedures? And do informal procedures help to resolve possible non-compliance and prevent the Commission from starting a formal procedure? A 2018 report by the European Court of Auditors makes an inventarisation of enforcement instruments of the Commission, but it does not provide empirical evidence. On 15 June 2023 the Netherlands Court of Audit published the report EU-law in practice. It examined all formal and informal procedures between the Commission and the Netherlands regarding incorrect or incomplete implementation of EU-law (2010-2020). It also investigated government coordination regarding compliance with EU-law, and what lessons were drawn from closed procedures. In addition, nine cases were analysed to determine how procedures were conducted in practice, and to understand the problems that arose. The nine cases included such topics as the enforcement of Water Framework Directive, Corona Flight Vouchers, Residence Permit Fees for third-country nationals and the European Arrest Warrant. In this post the main results of the report are discussed.

Continue reading “EU-law in practice: Compliance of the Netherlands with EU-law 2010-2020”

The CJEU Judgment in C-46/21 P, Aquind v ACER: Boards of Appeal as expert mechanisms of conflict resolution to conduct a ‘full review’ of contested decisions.

On 9 March 2023, the European Court of Justice delivered its long-awaited judgment in the Aquind-case shedding light on the intensity of review conducted by the boards of appeal of European Union agencies. This case concerned the Board of Appeal of the European Agency for the Cooperation of Energy Regulators (ACER) which limited itself to assessing manifest errors of assessment in its decision-making. The Court struck down this limited approach; the ACER Board of Appeal consists of both legal and technical experts and therefore must, in principle, conduct a full review of the agency’s decision. This judgment is significant as it relates to the quality of (quasi-)judicial control of administrative decision-making. This blog post aims to discuss this judgment and its implications for the system of judicial review in the EU.

Continue reading “The CJEU Judgment in C-46/21 P, Aquind v ACER: Boards of Appeal as expert mechanisms of conflict resolution to conduct a ‘full review’ of contested decisions.”