The Schengen Information System – SIS 

Each participating state has the ability to enter data regarding missing or wanted persons and objects together with an alert requesting certain measures to be taken if that person or object is encountered.

The purpose of the Schengen Information System is to ensure justice, public order and a high level of security while safeguarding free movement within the Schengen area.

The Schengen area consists of most EU Member States as well as Iceland, Lichtenstein, Norway and Switzerland.

The data are stored in a central database

The data collected are stored in a central database managed by the EU Agency for Large IT-Systems (eu-LISA) and accessible by competent authorities in each participating state.

The personal data are limited and only contains information necessary to identify a person and to determine the required action. In many cases supplementary information is necessary to assist another participating state’s requested action.

Rules and regulations of the Schengen Information System

The Schengen Information System is mainly governed by three EU-regulations that are directly applicable in all participating states.

• Regulation (UE) 2018/1862 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters.
  The regulation determines when participating states can enter data regarding a person or object in SIS and how these data can be processed or exchanged within the framework of cooperation regarding law enforcement.
  The following categories of persons can be entered in SIS 
  - Persons wanted for arrest or extradition.
  - Missing or Vulnerable persons whose travel must be prevented.
  - Persons sought to assist with a judicial procedure.
  - Persons and objects for discreet, inquiry or specific checks.
  - Unknown wanted persons sought for identification according to national law.
  SIS also contains data on different objects that are reported missing, stolen or in other ways are sought after to be seized or used as evidence in criminal proceedings. Such objects could be travel documents, vehicles, weapons, industrial equipment, boats, etc. 
• Regulation (UE) 2018/1861 on the establishment, operation and use of the Schengen Information System (SIS) border checks. 
  The regulation sets the terms and procedures to enter data on third-country nationals into SIS  for alerts on refusal of entry and stay within the Schengen area. Such alerts may be entered if a third-country national is subject to a re-entry ban or is determined as a threat to public order or security. After data regarding a third-country national are entered into SIS II that individual will be refused to enter or stay within the Schengen area.
• Regulation (UE) 2018/1860 on the use of the Schengen Information System for the return of illegally staying third-country nationals.
  The regulation regulates the use of alerts on third-country nationals banned from staying within the Schengen area due to a current decision of return or extradition.
  Supplementary Swedish national rules are mainly found in lagen (2021:1187) med kompletterande bestämmelser till EU:s förordningar om Schengens informationssystem.

Supervising authorities are EDPS, the national data protection authorities and CSC

National data protection agencies and the European Data Protection Supervisor (EDPS) supervise the processing of data in the system.

EDPS is responsible for the supervision of the central database and the national data protection agencies are responsible for the supervision of each participating state’s competent authorities processing in SIS. IMY is responsible for supervising Swedish authorities use of SIS.

The national data protection authorities and EDPS cooperate regarding SIS and other large-scale IT-systems through a specific work group – the Coordinated Supervision Committee (CSC)

The data subjects’ rights

If your data are registered in SIS, you have the right to know what data are stored in the system. As a data subject you also have the right to ask for your data in SIS to be rectified, erased or restricted.

In Sweden it is mainly the Swedish Police and, in some cases, the Swedish Migration Agency who are responsible for processing data in the Swedish national component of the Schengen Information System.
If you have contacted the Swedish Police and the Swedish Migration Agency but are dissatisfied with how your request has been handled you can send a complaint to IMY.

In some cases, data stored in SIS are confidential, preventing you to access your data. In such cases you can contact IMY and request for us to control that your data are correct and that they are lawfully processed. This request is called a lawfulness check.