The Visa Information System (VIS) is a system for exchanging data on short-stay visas between Schengen states. The main objectives of the VIS are to facilitate visa application procedures and external border controls, and to enhance the security of the Schengen area.
The aim of the global VIS introduction process is to provide applicants with greater protection against identity theft, and to prevent document fraud and the practice of "visa shopping". Fingerprints are widely used in the EU as one of the most secure means of identification. The use of biometric data to identify a visa holder is a faster and more precise way of identifying a visa holder by the border police.
The VIS incorporates a central database, a national interface in each Schengen state, and a communication infrastructure between the central database and the national interface. The VIS is linked to the national visa systems of all the Schengen States via the national interfaces, enabling the competent authorities in the Schengen States to process data on visa applications and on visas either issued, refused, annulled, revoked or extended.
The VIS consists of two systems: the VIS database, which conducts alphanumeric searches, and the Automated Fingerprint Identification System (AFIS), which compares fingerprints received with the database and returns a positive or negative response, including any matches.
The main central VIS is located in Strasbourg (France) and a back-up central VIS, capable of providing all the functions of the main central VIS, is located in Sankt Johann in Pongau (Austria).
The VIS is continually processing information gathered by the consulates of the Schengen states. For instance, information entered locally by visa authorities can be available in the VIS in a matter of minutes. The VIS offers rapid verification services for visa holders at border crossings, taking just a few seconds to conduct a visa check.
The Commission was responsible for developing the central database, the national interfaces and the communication infrastructure between the central VIS and the national interfaces. Individual Schengen States are responsible for the development, management and operation of their respective national systems.
The EU Agency for large-scale IT systems, eu-LISA, is responsible for the operational management of VIS.
What is the legal basis for the VIS?
The main acts constituting the legal framework of the VIS are the following:
· Council Decision 2004/512/EC of 8 June 2004 establishing the Visa Information System (VIS), OJUE L 213, 15.6.2004, p. 5.
· Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the VIS and the exchange of data between Member States on short-stay visas(VIS Regulation),OJUE L 218, 13.8.2008, p. 60.
· Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the VIS by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offence, OJUE L 218, 13.8.2008, p. 129.
· Regulation (EC) No 81/2009 of the European Parliament and of the Council of 14 January 2009 amending Regulation (EC) No 562/2006 as regards the use of the Visa Information System (VIS) under the Schengen Borders Code, OJUE L 35, 4.2.2009, p. 56.
· Regulation (EC) No 810/2009 of the European Parliament and the Council of 13 July 2009 establishing a Community Code on Visas (Visa Code), OJUE L 243, 5.9.2009, p. 1.
What are the consequences of VIS in practice for visa applicants?
First-time visa applicants must always present themselves in person when submitting their application to provide their photograph and fingerprints.
The photograph is currently scanned from an existing paper photograph. At a later stage, the photograph will be taken digitally at the moment of the application.
For all new subsequent applications submitted within a period of 59 months, the fingerprints can be copied into the VIS from the previous application file.
Nevertheless, it should be stressed that in the event of reasonable doubt as to the applicant's identity, the consulate will collect fingerprints again within the 59 months referred to above. Moreover, the applicant may ask for fingerprints to be taken if, at the time the application is submitted, it is not immediately possible to confirm that the fingerprints were taken within the aforementioned period.
The biometric data of visa applicants may be collected by Schengen State consulates and external service providers (such as VFS, TLS and others), but not by commercial intermediaries (e.g. travel agencies).
Upon arrival at the Schengen external border, visa holders must provide their fingerprints for comparison with those registered in the VIS, at the request of the Schengen States' border control authorities. Searches in the VIS by Schengen border guards are based on the visa sticker number in combination with fingerprints.
Visa holders whose fingerprints have not been taken at the time of application, on the grounds that they have been exempted from this requirement, will not be asked to provide fingerprints at the border.
What happens to those who refuse to provide fingerprints for various reasons?
As a result, a Schengen visa will not be issued if biometric data is not provided. However, in accordance with Article 13(7) of the Visa Code, there are several categories of citizens who are not required to provide this data, as indicated in the FAQ under Question 18.
If I already have a biometric passport, do I also need to submit my fingerprints?
Yes, holders of biometric passports must also appear in person when applying for a short-stay Schengen visa for the first time to submit their fingerprints.
How is my biometric data protected in the VIS?
Strict data protection rules are defined in the VIS regulation and are subject to control by national and European data protection authorities.
Data is kept in the VIS for a maximum of five years from the visa expiry date, if a visa has been issued, or from the new visa expiry date, if a visa has been extended, or from the date on which a refusal decision is issued by the visa authorities.
All individuals have the right to obtain communication of the data recorded in the VIS concerning them from the Schengen State which entered the data in the system. Individuals may also request that inaccurate data concerning them be rectified, and that illegally recorded data be deleted.
In each Schengen State, the national supervisory authorities independently monitor the processing of personal data recorded in the VIS by the respective Schengen State.
The European Data Protection Supervisor monitors the data processing activities of the VIS Management Authority.
Which data are registered in the VIS?
The visa authorities in each Schengen state register data relating to short-stay visa applications (i.e. applications to stay in the Schengen area for 90 days or less) in the VIS. Data relating to national long-stay visas are not yet recorded in the VIS.
Upon reception of an application, the visa authorities of the relevant Schengen State create an application file in VIS and record the alphanumeric data contained in the Schengen visa application form, the applicant's digital photograph and the ten fingerprints collected.
If the applicant is traveling in a group, the travelers' application files will be linked in the VIS. If a previous application has been registered for the same applicant, the two applications will also be linked in the VIS.
Once a decision has been taken on the application (visa granted/refused) or post-decision (annulment, revocation, extension), the information is recorded in the VIS by the visa authorities of the relevant Schengen States. Once the visa has been issued and all applicant data - including fingerprints - have been recorded in the VIS, a code is inserted in the visa sticker.
Which authorities have access to the VIS?
The visa authorities of the Schengen States have access to the VIS for both data recording and consultation. Application and decision data are entered into the VIS by the visa authorities of the Schengen State responsible for examining the application or taking the decision. The data entered by one Schengen State can then be consulted by the visa authorities of all the other Schengen States, for example when examining another application from the same applicant.
Other authorities from the Schengen States have access to the VIS for consultation only.
National border authorities have access to the VIS in order to verify the identity of the visa holder, the authenticity of the visa and whether the conditions for entry into the territory of the Schengen states have been fulfilled. VIS checks at the Schengen area's external borders, with systematic fingerprint verification, are compulsory, except in a limited number of cases.
The national authorities responsible for carrying out identity checks on the territory of the Schengen states have access to the VIS in order to verify the identity of the visa holder, the authenticity of the visa and whether the conditions for entry, stay or residence on the territory of the Schengen states have been fulfilled.
National asylum authorities have access to the VIS to determine the Member State responsible for examining an asylum application in accordance with Regulation (EC) No 343/2003 and for processing the application.
Europol has access to the VIS for consultation purposes as part of the prevention, detection and investigation of terrorist offences and other serious criminal offences.
National law enforcement authorities have access to VIS data for the same purposes, provided certain legal conditions are respected: access to VIS data must be necessary in a particular case, and there must be reasonable grounds for considering that consultation of the data will make a substantial contribution to the prevention, detection and investigation of terrorism and other serious crimes.
As a general rule, VIS data may not be transferred or made available to a third country or international organization. By way of derogation, certain data recorded in the VIS (name, nationality, travel document number, residence) may be communicated to a third country or international organization when a specific case requires it to prove the identity of a third-country national, including for return purposes.
