1.Strengthening the security of ID cards and residence documents of EU citizens and their family members
What is the Commission proposing today?
Ensuring the security of travel and identity documents, such as national ID cards, is a key element in the fight against terrorism and organised crime. The security features in ID cards, as well as residence documents issued to EU nationals and/or their family members, currently vary significantly across Member States. It is estimated that 80 million Europeans currently have non-machine readable ID cards without biometric identifiers. As many of the EU's security measures rely on secure travel and identity documents - such as the systematic checks carried out at the external borders on all citizens using the Schengen Information System - this creates a security gap, because of the increased risk of falsification and identity fraud. It also leads to practical difficulties for citizens when travelling or moving to another Member State.
The Commission is therefore proposing measures to strengthen the security features of ID cards and residence documents of EU citizens and their non-EU family members. More secure documents will enhance EU external border management, increase the protection against falsification and document fraud and make it more difficult to misuse or copy such documents. This will benefit the security of all citizens, public authorities and businesses. At the same time, the improved documents will facilitate EU citizens and their family members' right to move and reside freely across the Union, because more reliable documents will be more readily accepted.
Is the Commission proposing to replace national ID cards with EU IDs?
No. The Commission is not proposing an EU ID card. Identity cards will still be national cards and issued by national authorities, but, as they allow all EU citizens to cross EU external borders, as well as travel and reside anywhere in the EU, Member States will have to guarantee that their security features meet the new standards set at EU level and are aligned with international standards on travel documents. The international standards already in use, for example for passports, are those set by the International Civil Aviation Organisation (ICAO).
Will Member States currently not issuing ID cards be obliged to start doing so?
No. The proposal does not create an obligation for Member States to introduce ID cards. Only those Member States already issuing ID cards to their nationals are concerned by the proposed measures. If a Member State issues ID cards that allow its citizens to travel, it will have to ensure that the ID cards comply with a minimum set of security features.
How will biometrics make the documents more secure?
The proposed inclusion of two different sets of biometric data - facial and fingerprints - is a basic security feature for ID and residence documents, which according to ICAO studies, is the most secure way to verify the identity of a person and the authenticity of a travel document. Whilst leaving other aspects relating to the design of national cards entirely up to individual Member States, the proposal follows a similar approach to that taken already by the EU for the security features of passports.
Biometric identifiers, such as facial images and fingerprints, are already included in EU passports. The facial image stored on the chip is compared to the photo printed on the document to visually verify the identity of the document holder. If this verification is inconclusive, fingerprints are an additional identifier as studies show that these are stable whereas a person's appearance will change over time.
At the same time, more secure documents will facilitate bona fide EU citizens and their family members' right to move and reside freely across the Union, because the documents will be considered more reliable, and therefore, more readily accepted.
Will it be possible in the future to travel within the EU with only a residence document?
No. Residence documents prove the right of residence in a Member State but they are not travel documents. EU citizens will still have to travel with a valid national ID card or passport.
What are the safeguards for protecting personal data?
The new European rules on data protection will be applicable when implementing the new provisions on ID cards and residence documents. Notably, all persons should have access to their personal data that has been processed and have the possibility to get it verified, and if necessary, rectified or erased.
As regards the inclusion of biometric data, fingerprints in particular, specific safeguards will be put in place. Member States should use qualified and authorised staff to collect this data and ensure that data collection procedures guarantee the dignity of the person concerned.
The use of biometric data should be limited to the subset needed to verify that a document is authentic and/or establish a person's identity.
2.Improved cross-border access by law enforcement authorities to financial information
Why does access to financial data need improving?
Criminals and terrorists operate across Member States and are able to transfer funds between different bank accounts in a matter of hours to prepare their acts or launder the proceeds of crime. The number of cross-border cases involving the need for access to financial information is also increasingly growing.
With the current mechanisms, access to and exchange of financial information is too slow compared to the pace at which funds can be transferred across Europe and globally. The information obtained is often incomplete and comes too late. In some Member States, it can take weeks or months to receive the necessary information. Currently, the authorities responsible for the prevention, detection, investigation or prosecution of criminal offences often do not have direct access to this information. This lack of access to financial information during criminal investigations may jeopardise their ability to investigate serious crimes, disrupt criminal activities, foil terrorist plots, or detect and freeze the proceeds of crime. It is imperative that law enforcement authorities have access to the most crucial pieces of financial information as quickly as possible to complete their investigations and crack down on the financing of terrorism and serious crime.
An increased number of successful criminal investigations will result in an increased number of convictions and asset confiscations. This will contribute to the disruption of criminal activities and enhance security across the EU.
How does the proposal fit into the current EU framework to fight money laundering and terrorist financing?
The European Union has already taken several steps to combat money laundering and terrorist financing under the Commission Action Plan on strengthening the fight against terrorist financing presented on 2 February 2016 - this proposal is yet another deliverable.
The Fourth and the soon-to-be-adopted Fifth Anti-money Laundering Directives establish centralised bank account registries (containing information on all bank accounts in a given country) or data retrieval systems in all Member States to which Financial Intelligence Units (FIUs) and anti-money laundering authorities have access. Under these provisions, FIUs have the powers to collect and analyse financial, administrative and law enforcement information, and to cooperate with each other. However, the Anti-Money Laundering Directives focus primarily on preventive efforts to address money laundering, not on how financial information can be used for the prevention, detection, investigation or prosecution of criminal offences. At the moment, law enforcement authorities can obtain only limited financial information from FIUs - and only when it is necessary for preventing and combatting money laundering and terrorist financing. In addition, FIUs and competent authorities continue to face obstacles when interacting. Today's proposal on improved cross-border access by law enforcement authorities to financial information complements and reinforces this existing framework.
How does this proposal facilitate access to necessary financial information by law enforcement authorities?
This proposal complements the provisions and preventive measures set by the Fourth Anti-Money Laundering Directive and reinforces the legal framework from the point of view of police cooperation. It grants the competent authorities access to centralised bank account registries or data retrieval systems. In addition, the new measures:
-Provide for a more comprehensive framework for cooperation between Financial Intelligence Units (FIUs) and between FIUs and competent authorities.
-Define the type of information (financial information, financial analysis, law enforcement information) that can be requested by competent authorities and FIUs respectively, as well as provide an exhaustive list of criminal offences for which each authority can exchange information on a case-by-case basis for a specific case under investigation.
-Provide deadlines to exchange information and require the use of a secure channel of communication so as to improve and speed up the exchanges.
Who is authorised to directly access the financial information?
Under the current provisions of the Fourth Anti-Money Laundering Directive, the access to national centralised bank account registries is granted to Financial Intelligence Units (FIUs) and the anti-money laundering authorities.
The authorities responsible for prevention, detection, investigation or prosecution of criminal offences do not have direct access to this information. This means that to carry out their investigations, those authorities need to send out a request to all banks in a Member State. Such processes can be very slow and burdensome for both the authorities and the banks while information provided is often incomplete. As a result, it can cause undue delays in criminal investigations, often leading to dead ends.
Today's proposal obliges Member States to designate the competent authorities, who will be able to access and search the national registry in their country, in addition to FIUs and the anti-money laundering authorities. The relevant authorities can include the police, the prosecution offices, the tax authorities and anti-corruption authorities (to the extent that they investigate criminal offences), the Europol National Units and the Asset Recovery Offices. Within each authority, access to the national centralised bank account registry will only be granted to persons specifically designated and authorised to query the registry.
What information will be provided?
The competent authorities will have access to limited information which is strictly necessary to identify in which banks the subject of an investigation holds bank accounts. This information includes the owner's name and date of birth, and the bank account number.
The authorities will not be able to access the content of the bank accounts - neither the balance of the accounts, nor details on the transactions. Once the authorities identify the financial institution, in most cases they will have to approach the respective institution and request further information, e.g. a list of transactions.
How does the proposal improve cooperation between Financial Intelligence Units and law enforcement?
It is a requirement that all Member States provide their Financial Intelligence Units (FIUs) with access to law enforcement information that is necessary for them to carry out their tasks. Consultations with the FIUs showed however that they sometimes experience difficulties in obtaining such information, and that the types of law enforcement information that they had access to varied substantially from Member State to Member State.
The proposal therefore seeks to remove those obstacles by obliging law enforcement authorities to respond to requests for information from FIUs. It defines what type of information (financial information, financial analysis, law enforcement information) can be requested by competent authorities and FIUs respectively, as well as an exhaustive list of criminal offences for which each authority can exchange information on a case-by-case basis. The proposal provides deadlines within which to exchange the information (no more than three days after the receipt of a request and 24h in urgent and exceptional cases) and requires the use of a secure channel of communication to improve and speed up the exchanges. Finally, it requires Member States to indicate all the competent authorities entitled to request information.
What is the role of Europol?
Europol does not conduct criminal investigations, but supports actions by Member States. With no access to financial information, including that contained in the national centralised bank account registries and data retrieval systems, Europol is prevented from exploiting the full potential of its analytical capabilities.
Under the new measures, Europol will have indirect access to bank account registries through Europol National Units. Member States will be obliged to ensure that their Europol National Units and Financial Intelligence Units (FIUs) reply to those requests.
Requests made by Europol will have to be justified and made on a case-by-case basis, within the limits of Europol's responsibilities.
How will the right to privacy and the right to the protection of personal data be ensured?
The proposal maintains a high level of protection of fundamental rights, in particular the right to the protection of personal data. It ensures that only limited information is made available to law enforcement officers. The data that can be accessed and searched will be confined to the narrow subset needed to identify the bank(s) in which a person of interest holds accounts, including the name, date of birth and account number(s). Exchanges of information will be also limited to a case-by-case basis and only where relevant to a specific case for the purpose of combating specified, serious criminal offences.
All the safeguards that are provided in the 2016 Data Protection Police Directive will also apply, including:
-Time limits after which personal data must be deleted from these registries or its retention justified.
-The access to, and processing of, this data is allowed but only to the extent that it is necessary.
-The person of interest must be informed that their personal data can be accessed and, if appropriate, the reasons for which access is granted. It should be clear that they have a right to lodge a complaint.
-The person of concern has a right of access, and rectification or erasure if the data is inaccurate.
-Technical and organisational measures must be in place in order to ensure an appropriate level of data security.
The proposed measures also provide for other safeguards such as an obligation on Member States to define those authorities and persons who will be allowed to search these systems, the need for access logs, and the rights of Europol in terms of assisting the Member States.
3.Tightening the rules on the explosives precursors
Why do the existing rules on explosives precursors need to be improved?
In 2013, the EU put in place rules to restrict access to explosives precursors that could be used to make "home-made explosives". These rules require that any suspicious transaction involving these explosive precursors is reported to the relevant authorities. While these restrictions and controls have helped to decrease the amount of precursors available to the general public, and have led to an increase in reports of suspicious transactions, they have proven to be insufficient to satisfactorily prevent the misuse of these substances. The security threat has been constantly evolving with terrorists using new tactics, and developing new recipes and bomb-making techniques. There are, for instance, reports of terrorists and criminals attempting to buy chemicals in Member States with more lenient restrictions, or online, where the rules are not always correctly applied. In many attacks in recent years, home-made explosives were used by terrorists and criminals. The increased terrorist threat in the EU and the danger posed by home-made explosives require stricter and more uniform rules that would help to close the gaps and deprive potential terrorists of the means to carry out their heinous crimes.
How will the new measures improve the rules on explosive precursors?
To respond to this new security environment and even further restrict access to dangerous substances, the Commission has proposed to strengthen the existing rules, in particular by:
-Expanding the scope of the restricted substances by adding two new precursors to the list, with a possibility to add more at a later date, and do so more swiftly. Sulphuric acid, a central ingredient for the production of the explosive TATP, and ammonium nitrate, a chemical otherwise used as a fertiliser, are added to the list of restricted substances. Farmers will retain access to ammonium nitrate for agricultural activities.
-Clarifying that online operators and sales are equally covered by the restricted rules and obligations of the Regulation.
-Restricting access to the general public who will now only be able to obtain certain restricted precursors with a licence. The conditions for granting licences are also tightened and will include careful security screening and a criminal record check.
-The existing registration regime will be discontinued. This regime is weak in terms of security as a person only needs to show an ID in order to buy a restricted explosive precursor.
-Quicker and better information sharing. In particular, it is compulsory to conduct checks upon sale, and alert the next actor in the supply chain that a product is subject to EU restrictions. In the case of a suspicious transaction, economic operators will be obliged to report the responsible authorities within 24 hours. The proposed measures also require that inspections are carried out, training is provided and awareness-raising actions are organised.
Will professional users such as farmers still be able to obtain the substances they need for their work?
Yes. The new measures make a clear distinction between "professional user", to which restricted explosives precursors can be made available, and "a member of the general public", which will not be able to access those substances, unless a special license is granted. Whether a person is a "professional user" depends on the purpose for which he/she purchases explosives precursors and if it is connected to their specific trade, craft or profession. The new provisions clarify that farmers, who were not covered by the definition of "professional users" previously, can acquire, introduce, possess and use restricted substances, for agricultural purposes.
4.Stronger controls on imports and export of firearms
What is the Commission proposing today?
The Recommendation proposed by the Commission today provides guidance to Member States on more effective and better implementation of the 2012 Regulation on export and import of firearms for civilian use. It aims to improve control procedures and information exchange, as well as traceability and cooperation in the fight against firearms trafficking. As part of implementing the Recommendation, Member States should:
-Systematically check the background of individuals applying for an export authorisation, through the use of the European Criminal Records Information Exchange System (ECRIS);
-Systematically verify the existence of refusals of export authorisation by other Member States and regularly notify refusals to other Member States;
-Include clear, permanent and unique marking on a firearm and where possible an additional marking for the identification of the country and year of import;
-Establish an electronic system for submitting applications for export authorisations and a single national database of authorisations and refusals;
-Collect on an annual basis (by 1 July each year) statistics on the number of authorisations and refusals, and the quantities and values of firearms exports and imports, by origin or destination.
Why did the Commission recommend stronger controls on imports and exports of firearms?
International trafficking of firearms is a major concern for the security of European citizens. Without appropriate tracking measures, firearms can be diverted away from the legal market.
In 2017, the Commission carried out an evaluation of the implementation of Regulation (258/2012) on the export and import of firearms, their parts and ammunition. According to the findings of the evaluation report, although progress has been made towards achieving the objectives of Regulation, it nevertheless suffers from a lack of precision. The report noted some of the key shortcomings which could be overcome if Member States took immediate steps.
Improving national practices on tracing firearms and the exchange of information, as well as the proper application of Regulation by all Member States, will allow for the control of legal firearms as they enter and leave the Union to be made more efficient. It will also contribute to public security and enhance overall safety of the general public.
For More Information
Frequently Asked Questions - Denying terrorists the means to act
Directive on the use of financial and other information for the prevention, detention, investigation or prosecution of certain criminal offences
Security Union: Commission presents new EU rules for access to electronic evidence
Factsheet - Security Union - Facilitating Access to electronic evidence