Interoperability between EU information systems through the lens of impact assessment – what does the evidence say?


Katharina Eisele1
Policy analyst, European Parliamentary Research Service (EPRS)


“Better what?” Better regulation and better law-making in the EU

In 2015, in an effort to design EU policies and laws that achieve their objectives at minimum cost, the European Commission promoted its Better Regulation Agenda. At that time, better regulation was included in the portfolio of the Commission’s first Vice-President, Frans Timmermans – a step demonstrating the importance attached to the topic and its overarching relevance for all European Commission services.

What is better regulation? “Better regulation is not about regulating or deregulating. It is a way of working to ensure that political decisions are prepared in an open, transparent manner, informed by the best available evidence and backed by the comprehensive involvement of stakeholders”, as the Commission explains in its 2017 Better Regulation Guidelines. Better regulation covers the whole policy cycle: from planning, adoption, design, implementation, application, to evaluation and revision – stretching from ex-ante impact assessment to ex-post evaluation.  

The topic is of high relevance for the EU legislator too. Under the 2016 Interinstitutional Agreement on Better Law-Making, the three main EU institutions, meaning the European Commission, the European Parliament (EP) and the Council committed to improve the way the EU legislates and to ensure that legislation better serves citizens and businesses in the EU.

Promoting evidence-based policies: Let’s assess the impacts first

According to the Organisation for Economic Co-operation and Development (OECD), improving the evidence-base for regulation through regulatory impact assessment is one of the most important regulatory tools available to governments. The aim is to improve the design of regulations by assisting policy makers to identify and consider the most efficient and effective regulatory approaches, including the non-regulatory alternatives before they make a decision. Today, almost all OECD countries require regulatory impact assessment for the development of both primary laws and subordinate regulation.2

Indeed, also in the EU, the three main EU institutions agreed on the positive contribution of impact assessments in improving the quality of Union legislation. But, what are impact assessments exactly?

Impact assessments should cover the existence, scale and consequences of a problem and the question whether or not Union action is needed. They should map out alternative solutions and, where possible, potential short and long-term costs and benefits, assessing the economic, environmental and social impacts in an integrated and balanced way and using both qualitative and quantitative analyses. The principles of subsidiarity and proportionality should be fully respected, as should fundamental rights.”3

Thus, in essence impact assessments are studies, which aim to underpin Commission initiatives. More specifically, the Commission committed to carry out impact assessments of its legislative and non-legislative initiatives, which are expected to have significant economic, environmental or social impacts.4 Rules on how to conduct an impact assessment are to be found in the Commission’s Better Regulation Guidelines, and its accompanying Toolbox.

Empowering the European Parliament

In recent years, the European Parliament has become increasingly interested and engaged in impact assessment work. In 2012, the EP’s Bureau established a dedicated Directorate for Impact Assessment and European Added Value. Since November 2013, this Directorate is part of the European Parliament’s Directorate-General for Parliamentary Research Services (DG EPRS).5

The Ex-Ante Impact Assessment Unit, one unit within this Directorate, routinely synthesises and evaluates the strengths and weaknesses of Commission impact assessments in short briefings called “initial appraisals”. The purpose is to inform parliamentary committees in a timely fashion about the rationale and evidence-base of a Commission proposal, and thus to support the EP to take full account of the Commission’s impact assessments, as set out in the 2016 Interinstitutional Agreement on Better Law-Making. In addition, the unit provides more in-depth impact assessment-related services upon request by parliamentary committees.6 These could, for instance, take the form of a complementary or substitute impact assessment (if the Commission did not prepare an impact assessment itself) or an impact assessment of EP amendments.

The goal is to empower the European Parliament in its scrutiny role as a co-legislator in the EU legislative process vis-à-vis the Commission as the EU executive.

Interoperability between EU information systems for security, border and migration management: what evidence does the impact assessment provide?

On 12 December 2017, the European Commission submitted its interoperability proposals on (1) borders and visa; and on (2) police and judicial cooperation, asylum and migration to the EP’s Committee on Civil Liberties, Justice and Home Affairs (LIBE). These proposals were accompanied by a Commission impact assessment (IA), the quality of which I appraised in my EPRS initial appraisal. In my analysis I concluded that the Commission made an effort to build its case for this initiative. However, I also found that the Commission impact assessment displays several weaknesses as detailed below.

Problem definition, objectives and options

Importantly, the impact assessment would have benefited from a clearer problem definition, which forms the foundation of every impact assessment. In the present case, it seems that the problems that the Commission identifies are self-inflicted in the sense that the EU introduced the various information systems with their different access rules in “separate silos” itself in the first place (IA, p. 11). It seems that the reason for introducing the information systems in ‘separate silos’ was in particular based on the principle of purpose limitation.

In addition, it would have been useful if the Commission had provided indications or estimations regarding the scale of the problem of multiple identities/identity fraud; alternatively, if that was not possible, the Commission could have explicitly stated so. Contrary to what the Commission has suggested in the past,7 interoperability has different dimensions, including technical, legal and political ones.8

The general objectives of the initiative of improving the management of the Schengen external borders and to contribute to EU internal security, combines migration management and security aims. However, as emphasised by the European Data Protection Supervisor (EDPS), repeatedly referring to migration, internal security and the fight against terrorism almost interchangeably brings the risk of blurring the boundaries between migration management and the fight against terrorism.

To address the objectives defined in the impact assessment, the Commission considered  three  policy  options,  including  the baseline option. This range of options appears limited.

Impacts, stakeholder consultation and quality of data and research

The impact assessment analyses successively social and economic impacts, the impact on public services, the impact on fundamental rights, and safeguards. The Commission considers that “the major social impact will be the improvement of border management and increased internal security within the European Union. The new facilities will streamline and expedite access by national authorities to the required information and identification of third-country nationals. (…) The new facilities are also expected to generate increased public trust by ensuring that their design and use increases the security of European citizens” (IA, p. 29). The Commission’s reasoning is rather general, and the causal link between interoperability, increased security and increased public trust, which the Commission anticipates, appears to lack more concrete explanations and evidence.

More specific information in the IA concerning possible unintended consequences or side effects of the proposed measures, risk management by eu-LISA, but also on the sensitive issue of biometrics (technically, in terms of data errors and legally, in terms of fundamental rights) would have been desirable.

The Commission organised a number of stakeholder activities and a public consultation, to which feedback was, however, very limited. According to the Commission, stakeholders overall appeared to support the initiative. It is unfortunate that the Commission does not provide more detailed information as to which stakeholders favoured which options.

The impact assessment is underpinned by the work of the high-level expert group on information systems and interoperability, and also by three supporting feasibility studies. It appears that two of these feasibility studies (on a shared biometric matching service, prepared by eu-LISA, and on a common identity repository, prepared by PricewaterhouseCoopers, are now available online, whereas none of the studies was fully available in February 2018).

The Commission’s Regulatory Scrutiny Board (RSB) appraises the quality of impact assessments. The RSB issued an opinion marked “positive with reservations” on 8 December 2017, despite identifying “significant shortcomings” in the draft impact assessment report. The fact that the impact assessment was published on 12 December 2017 might be indicative of the rush in which it was prepared, but also begs the question as to how the substantial comments of the RSB could possibly have been addressed in the final IA report within three working days.

Concluding remarks

Better law-making has received increasing attention in recent years in Europe. The previous European Commission under President Juncker made better regulation and ex-ante impact assessment a priority. According to the OECD, regulatory impact assessment is one of the most important regulatory tools available to improve the evidence-base for regulation.

In the last decade, the European Parliament built own impact assessment capacities, which are now part of its in-house research service, the European Parliamentary Research Service (EPRS). Not only do its services routinely appraise the Commission’s impact assessments, but they also undertake impact assessment and evaluation on request of the parliamentary committees. The objective is to empower the EP in its scrutiny role as EU co-legislator.

In my EPRS initial appraisal on the interoperability between EU information systems I appraised the quality of the Commission impact assessment, which accompanied the two interoperability proposals. My overall appraisal of this Commission impact assessment is rather critical due to several weaknesses as outlined above. In particular, the causal link between interoperability, increased security and increased public trust, which the Commission anticipates, appears to lack more concrete explanations and evidence.

Despite the sensitivity and complexity of this dossier, the European Parliament was fast to agree on the interoperability rules in February 2019, and officially adopted them on 16 April 2019. The two interoperability regulations were published in the Official Journal on 22 May 2019 (for more information on the legislative process, see EPRS briefing – EU legislation in progress of June 2019).  

In this case, the Commission had prepared an accompanying impact assessment. However, the Commission has published legislative proposals without impact assessments in recent years in a considerable number of cases, especially in the sensitive field of justice and home affairs. The European Parliament criticised the lack of impact assessments in its Report on the interpretation and implementation of the Interinstitutional Agreement on Better Law-Making of 14 May 2018.

The European Parliament’s LIBE Committee considered impact assessments necessary in some cases where the Commission did not present accompanying impact assessments, and therefore requested the EPRS to prepare EP substitute impact assessments of a targeted format. This was for example the case for the proposed Return Directive (recast) or the European Commission package of ETIAS consequential amendments. The latter impact assessment ties in with the topic of interoperability of EU information systems, concluding that the European Travel Information and Authorisation System (ETIAS) consequential amendments are not technical, but entail interferences with the rights to respect for private life and to protection of personal data.

While impact assessments can never be a substitute for political decision-making, they are a tool to help the three main EU institutions reach well-informed decisions.

1. Dr Katharina Eisele is a policy analyst in the European Parliamentary Research Service (EPRS) in Brussels. The opinions expressed in this document are the sole responsibility of the author and do not represent an official position of the European Parliament. The analysis is based on my EPRS initial appraisal of the Commission’s impact assessment on interoperability between EU information systems for security, border and migration management, which was published in February 2018.
2. OECD Regulatory Policy Outlook 2018, OECD Publishing (2018), Paris.
3. 2016 Interinstitutional Agreement on Better Law-Making, OJ L 123/1, 12.5.2016, para. 12.
4. Ibid., para. 13.
5. See W. Hiller, European Parliament work in the fields of Impact Assessment and European Added Value, Activity Report for 2018, European Parliament 2019.
6. Ibid., pp. 17-30; EPRS publications, including initial appraisals, are publicly available on the EP think tank website.
7. Communication on improved effectiveness, enhanced interoperability and synergies among European databases in the area of Justice and Home Affairs, COM(2005) 597, European Commission, 24 November 2005, p. 3.
8. See European Data Protection Supervisor, Reflection paper on the interoperability of information systems in the area of Freedom, Security and Justice, 17 November 2017, p. 6