Български English Français
Home » Schengen Area » Data in the SIS II and retention periods

Data in the SIS II and retention periods

The Schengen Information System II (SIS II) is the largest shared database in Europe on maintaining public security, supporting police and judicial co-operation and managing external border control. Participating States` Authorities provide entries, called „alerts“, on wanted and missing persons, lost and stolen property and entry bans.
 SIS II is a computer network system containing information on wanted persons, missing persons, stolen objects and vehicles. The SIS II can be consulted by police, border police, customs and partially by authorities responsible for issuing visas and residence permits. It enables its users to check persons and objects both at external borders and within the territory of the Schengen States. The Schengen States are therefore the owners of the data they introduce into the SIS II and bear responsibility for their accuracy.
SIS II contains the following categories of data:
1. alerts on third-countries` nationals, who have to be banned from entering the Schengen area;
2. alerts on persons, wanted for arrest or extradition;
3. alerts on missing persons;
4. alerts on missing persons who have to be placed under protection and/or whose whereabouts have to be established;
5. alerts on persons wanted for the purposes of penal proceedings;
6. alerts on persons and objects, that have to be put under a discreet surveillance;
7. alerts on objects, subject to confiscation or will be used as an evidence in penal criminal proceedings.
Types of data entered in SIS:
A SIS II alert always consists of three parts:
- a set of data for identifying the person or object, subject of the alert;
- a statement why the person or object is sought and
- an instruction on the action to be taken when the person or object has been found.
The quality, accuracy and completeness of the data elements enabling identification are the key conditions for the success of SIS. For alerts on persons the minimum data is name, year of birth, a reference to the decision giving rise to the alert and the action to be taken. When available, photographs and fingerprints must be added to facilitate identification and avoid misidentification. The system also offers the possibility to add links between alerts (e.g. between an alert on a person and a vehicle).
Biometric data
Since 2013, SIS II can store fingerprints which may be used to confirm the identity of a person (a one-to-one search). The introduction of an Automated Fingerprint Identification System (AFIS) since March 2018 also allows identifying persons on the basis of their fingerprints (a one-to-many search).
Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU was adopted in 2018. Regulation (EU) 2018/1862 entered into force on 28 December 2019 and will become fully applicable in December 2021. It will introduce changes in the categories of data contained in SIS and their retention periods.
SIS II also contains data on objects which have been stolen or lost:
- vehicles;
- firearms;
- aircraft;
- boats;
- industrial equipment;
- identity documents;
- credit cards;
- banknotes.
Member States not using national copies of records showing the history of the alerts ensure that every access to and all exchanges of personal data within the Central SIS II (CS-SIS) are recorded in their National Systems (N.SIS II) for the purposes of checking whether or not the search is lawful. Article 12 of Regulation (EC) No 1987/2006 provides for two retention periods:
- Records used for the purpose of access/consultation: the retention period is between one and three years after the creation of the records.
- Records which include the history of alerts (i.e. the creation, modification or erasure of the alert): the retention period is one to three years after deletion of the alert.





Commission for Personal Data Protection, Sofia, 2 Prof. Tsvetan Lazarov Blvd.