Schengen Information System (SIS)

The SIS has been in place since 1995. The second generation of SIS (SIS II) was introduced in 2013. The SIS II has additional functionalities, such as the possibility to add fingerprints and photographs to alerts. On 7 March 2023, the new SIS entered into operation and is expanded with new alerts, improved data and wider functionalities.

Content of the SIS

Competent national authorities, such as police and border guards, may enter and consult alerts on persons and objects in a single common database. These persons and objects can be found anywhere in the EU and the Schengen area during border checks, police checks or checks by investigative services.

Is someone going on a trip, for example by plane? Then they may have to deal with passport control by the border control authority. In the Netherlands it is the Royal Marechaussee. Is this person registered in the SIS? Then the border control authority will receive a signal. This may mean, for example, that they are not allowed to leave or enter the Schengen area.

Users of the SIS

These organisations use the SIS:

• The National Police;
• The Public Prosecutor’s Office;
• Border surveillance organisations (in the Netherlands: the Royal Marechaussee, Seaport Police and Customs); 
• Immigration authorities, such as in the Netherlands the Immigration and Naturalisation Service (IND).

Data in SIS

SIS contains alerts on persons or objects falling within one of these categories:

• Refusal of entry or residence: alerts on persons from third countries who are not entitled to enter or stay in the Schengen area.
• Persons wanted for arrest: alerts on persons subject to a European arrest warrant or an extradition request (Switzerland and Liechtenstein).
• Missing persons: alerts to detect missing persons (including children) and to protect them if it is lawful and necessary.
• Requested persons: alerts to identify the place of residence or residence of persons sought to cooperate in criminal proceedings, such as witnesses.
• Persons and objects for discreet or targeted checks: alerts to obtain information on persons or property in order to prosecute criminal offences and to prevent threats to public or national security.
• Objects for criminal proceedings: alerts on objects (e.g. vehicles, travel documents, registration plates and industrial equipment) sought to seize and use as evidence in criminal proceedings. Alerts on travel documents may also be issued specifically aimed at preventing their holder from travelling.

As of 7 March 2023, SIS also includes alerts on:

• Return decisions: alerts on persons from third countries against whom return decisions have been issued by the Schengen countries.
• Children: alerts to prevent children from being abducted by their parents, family members or guardians or from disappearing.
• Vulnerable persons: alerts to protect vulnerable persons (adults or children) against illegal transfer abroad or to prevent them from travelling without the necessary consent.
• Persons and objects for investigation checks: additional alerts to obtain information on persons or property in order to prosecute criminal offences and to prevent threats to public or national security.
• Unknown wanted persons: alerts containing only finger and palm traces of a perpetrator of a criminal offence found at the scene of a terrorist offence or other serious criminal offence under investigation. These alerts are issued to identify the offender in accordance with national law.

Personal data in SIS

In addition to general identification data, such as name and date of birth, fingerprints and photographs, the introduction of the new SIS will increase the number of data types. From 7 March 2023, this data will also be stored in SIS:

• Palm prints, finger marks and palm marks. This data can be used for biometric examinations and to confirm someone’s identity.
• DNA profiles of persons reported missing or of their parents, grandparents or siblings. This data can be used to confirm someone’s identity.

Supervision of SIS

With the arrival of the new SIS, monitoring will take place via a coordinated monitoring platform. This is the Coordinated Supervision Committee (CSC). The CSC is part of the European Data Protection Board (EDPB) and meets several times a year in Brussels. The CSC consists of the national data protection authorities and the European Data Protection Supervisor (EDPS). The Dutch Data Protection Authority (AP) participates in the CSC on behalf of the Netherlands.

The AP is responsible for monitoring the processing of personal data in the national part of the SIS (N.SIS). This section consists of national data systems that are connected to Central SIS. Each Member State transmits alerts via its (own) N.SIS.

The oversight of the AP includes:

• Inspections of organisations processing data in N.SIS;
• Periodic audits; 
• Handling complaints or requests for mediation.

Your rights if you are in SIS

Are you (possibly) registered in SIS? In principle, you have the right to access your data. You also have the right to request that your data be corrected or deleted.

Right of access

You have the right to obtain access to your personal data. This means that you can ask if you are registered in the SIS. And if so, which personal data of you are included in the SIS and for what purpose.

You can request access in any Schengen country. You will then write a letter to the national authority responsible for data in SIS. In the Netherlands, this is the National Police.

Do you live outside the Schengen area? Please contact the consulate of a Schengen country in the country where you live.

Make a request in the Netherlands

In the Netherlands, please ask for information by sending a letter or e-mail to:

National Unit National Police
Staff privacy desk
PO Box 100
3970 AC Driebergen
E-mail: jz.le@politie.nl

You can use our example letter of access to SIS for this purpose.

Please note:

• You must send a copy of your ID. You can choose to make your passport photo and your citizen service number (BSN) or personal identification number invisible.
• Does a legal representative submit the request for you? Then you should also send a written authorisation.

Response to request

Do you make a request for access in the Netherlands? You will receive a reply to your request within 6 weeks. This period may be extended by 4 weeks. You will be notified in writing.

Are you making a request in another country? Then it depends on the rules of this country when you get an answer.

Refusal of request

Your request for access to your data may only be refused if this is necessary, for example, to perform the police task properly, to protect the rights and freedoms of others or because of state security.

Right to rectification or deletion

Are the data about you not correct in the SIS? Or is your data wrongly in the SIS? You have the right to request the rectification or deletion of your data.

You can request correction or deletion in any Schengen country. You will then write a letter to the national authority responsible for data in SIS. In the Netherlands, this is the National Police.

Do you live outside the Schengen area? Please contact the consulate of a Schengen country in the country where you live.

Make a request in the Netherlands

In the Netherlands you can request correction or deletion by writing or e-mailing a letter to:

National Unit National Police
Staff privacy desk
PO Box 100
3970 AC Driebergen
E-mail: jz.le@politie.nl

You can use our example letter correction/deletion SIS for this.

Please note:

• You must send a copy of your ID, such as your passport or ID card. Your photo and citizen service number (BSN) or personal identification number can be shielded.
• Does a legal representative submit the request for you? You must also send a written authorisation. 
• The National Police Unit will let you know how your request will be handled.

If you do not agree with the decision to your request

Have you requested access to, or correction or deletion of your personal data in the SIS? But are you not satisfied with the decision (answer) to your request? Or have you not received a response? Then you can go to court in any Schengen country.

You can request access, correction or deletion of your data from the court. You can also claim compensation for the (unjustified) alert of your data in the SIS.

The time limit within which you can go to court depends on the rules of the country in which you do so.

In the Netherlands, you must do this within 6 weeks after the decision has been sent to you. You can seek advice on this procedure with a lawyer or, in The Netherlands, the Legal Help Desk.

Mediation by AP

In the Netherlands, you can also choose to ask the Dutch Data Protection Authority (AP) to mediate before you go to court. To do this, please send a letter to the AP within 6 weeks after the decision has been sent to you. Or if the time limit within which you should have received a response has expired. You can use our example SIS mediation letter for this purpose.

In addition, you have the right to lodge a complaint with the AP, if you believe that the processing of your personal data in SIS is unlawful.

More information

You can find more information about the exercise of your privacy rights in relation to SIS in The Schengen Information System - a guide for exercising data subjects’ rights: the right of access, rectification and erasure.

Question about SIS?

Do you have an individual question about SIS? For example, do you know that someone with the same name as you is registered in SIS and are you wondering what the consequences are? Please contact the authority responsible for SIS at national level as soon as possible. In the Netherlands you can contact:

National Unit National Police
Staff privacy desk
PO Box 100
3970 AC Driebergen
E-mail: jz.le@politie.nl