2.1 SIS II Alerts for the Purpose of Refusal of Entry

On the basis of the Schengen Borders Code and Visa Code, entry, respectively the issuing of a short-term visa, must be refused to a person who is registered into SIS II by one of the Member States for the purpose of refusal of entry.⁸ This use of SIS is thus based on mutual recognition of, and trust in, national decisions of the other state submitting the SIS alert. In accordance with the current SIS II Regulation, a person may be reported as inadmissible in SIS II, first, if he or she is considered as a threat to public policy or public security or national security, for example if the person is convicted by a Schengen state for a crime punishable with a deprivation of liberty for at least one year. Second, a SIS alert may be based on the fact that the person is the object of a restrictive measure intended to prevent entry into or transit through the territory of Member States, including those implementing a travel ban issued by the Security Council of the United Nations. Third, a SIS alert for the refusal of entry will be entered into SIS II if the TCN has been subject to a decision of expulsion, refusal of entry, or removal.

Both the goal and the content of SIS II have been extended by several Regulations adopted in June 2018. Regulation 2018/1861⁹ on the use of SIS for border controls, allows further storage of biometrics and a new category of alerts on third country-nationals in SIS II, namely persons ‘circumventing national law on entry or stay’. Furthermore, Regulation 2018/1860¹⁰ provides for the obligatory storage of return decisions issued on the basis of the Return Directive 2008/115.¹¹ These amendments will become binding on the basis of an implementing decision of the Commission which must be adopted no later than 21 December 2021.¹²

Regulation 2018/1861 maintained two important restrictions with regard to the issuing of a SIS alert for the purpose of refusal. First, Article 21, obliges Member States to, before entering a SIS alert, assess its proportionality and to determine whether the case is ‘adequate, relevant and important enough’ to warrant an alert in SIS. This proportionality test requirement however, does not apply to SIS alerts related to a terrorist offence (on the basis of Article 24 (2) (b)), as they are, according to Article 21 (2), in itself considered as ‘adequate, relevant and important enough’. Second, SIS alerts must be based on an individual assessment. This assessment implies in accordance with Article 24 (1), that states are required to make an individual assessment of the personal circumstances of the individual and the consequences of refusing him or her entry to the territory. The individual assessment requirement does not apply for the issuing of entry bans on the basis of Return Directive, but, here one could argue that legally even a stricter requirement applies to entry bans following the Return Directive. In the judgment Zh. and O, the CJEU has held that states, deciding within the framework of Article 7(4) of the Return Directive whether or not to grant the person a period of voluntary return or to issue an entry ban, must decide on a case-by-case basis, in order to ascertain whether the personal conduct of the TCN concerned poses a genuine and present risk to public policy.¹³ According to the CJEU, when a Member State relies ‘on general practice or any assumption in order to determine such a risk, without properly taking into account the national’s personal conduct and the risk that that conduct poses to public policy’, it fails to have regard to the requirements relating to an individual examination of the case concerned and to the principle of proportionality. Generally, however, due to the lack of harmonized criteria, Member States retained a wide discretionary power to report TCN s for the purpose of refusal of entry in SIS.¹⁴

Currently, the Member States also use the SIS to issue alerts on so-called Foreign Terrorist Fighters (FTF) based on information from third states. These alerts are either based on Article 24 (2) (b) Regulation 2018/1861, on persons related to terrorist offences, for the purpose of refusal of entry, or on Article 36 Regulation 2018/1862 for the purpose of ‘discreet, inquiry of specific checks’.¹⁵ Such information from ‘trusted third countries’, has already been entered into SIS by some ‘willing Member States’ (including the Czech Republic and Italy) according to a Presidency note of May 2020.¹⁶ This means that when using SIS, the Member States do not only rely on each other’s information on inadmissible TCN s or persons convicted or suspected for terrorist crimes, but also trust and use information from third states. In December 2020, the European Commission proposed to allow Europol to enter so-called ‘information alerts’ on TCN s into SIS.¹⁷ Such alerts would be based on Europol’s assessment concerning TCN s who are not protected by EU’s freedom of movement, and whose behaviour falls within the scope of the crimes for which Europol has the mandate to support the Member States.¹⁸ This proposal did not receive sufficient support, as Member States found it unclear which action had to be taken on the basis of these Europol alerts. As compromise, in May 2021, the EU Presidency proposed to give Europol a supporting role with regard to the analysis and verification of third country information to be entered by Member States in SIS.¹⁹ In view of the aforementioned conditions in the Schengen Borders Code and criteria as defined by the CJEU in the Zh. and O. case, this increasing involvement of Europol in migration decisions is problematic. This involvement will increase the lack of transparency in the decision-making process, making it more difficult to verify and scrutinize the sources and the legitimacy of the information being used. This problem of scrutiny is aggravated because as we have seen above, the required prior proportionality test does not apply to SIS alerts related to terrorist offences. Here again, the lack of a common interpretation of ‘terrorist offences’ and ‘related to’ may result in differentiated practices within the EU.

2.2 The Consultation Mechanism in the Visa Code: Other States’ Objections

The Visa Code provides for a consultation procedure on the basis of which one Member State refuses a visa by reason of an objection issued by another Member State. In accordance with Article 22 Visa Code, a Member State may submit to the Commission a list of third countries, on the basis of which, whenever a person with the nationality of one of the listed states applies for a visa in another Member State, the latter state must consult the former state. If the consulted Member State subsequently objects against the issuing of a visa to this person, the visa will be refused even if he or she does not intend at all to visit the objecting state. This cooperation is implicitly based on mutual or interstate trust. Due to the use of the standard form set out in Annex VI of the Visa Code, the visa refusal does not provide much information on the reasons of refusal and the applicant may not even be informed about which state objected against the issuing of a visa.²⁰ In practice this means that when a visa is refused following an objection of another Member State, the consulting state, nor the applicant may know the reasons for this objection.

According to Article 53 Visa Code, Member States should inform the European Commission of the third countries for which they require prior consultation in the context of a visa application. The European Commission issues a list containing these countries of origin.²¹ By 2013 the list consisted of 30 third countries.²² In the 2017 version, the list had expanded to 38 third countries.²³ The applicants subject to prior consultation are mostly nationals of African, Asian and Arabic-speaking states, including states ‘producing’ the highest number of refugees.²⁴ Stateless persons and refugees, regardless which nationality they hold, are included in the list as well.

2.3 ECRIS-TCN and Its Use in Immigration and Asylum Decision-Making

The ECRIS-TCN Regulation 2019/816, adopted in April 2019, provides for a centralized system containing information on TCN s following national decisions related to criminal convictions or prosecutions.²⁵ This may include criminal convictions of TCN s based on violations of national immigration laws. Following Article 7 of the Regulation, information in ECRIS-TCN can be requested for criminal proceedings or ‘for any of the other purposes mentioned in this provision, if provided by national law’. These ‘other purposes’ may include security clearances, vetting for voluntary activities involving contacts with children or vulnerable persons, and also ‘visa, acquisition of citizenship and migration procedures, including asylum procedures’. This means that national immigration and asylum authorities may, if provided by national law, check ECRIS-TCN and decide to use information on criminal records from other Member States in their immigration law decision-making.

In 2019, the Commission submitted a proposal explicitly allowing border guards to use the data included in ECRIS-TCN for the purpose of border management in accordance with the ETIAS Regulation 2018/1240.²⁶ As discussed below, once ETIAS becomes operational, persons from visa exempted countries will need a prior travel authorisation before arriving in the EU territory. The ECRIS-TCN proposal provides the use of information in ECRIS-TCN in border and immigration law decisions in general, but also to decide upon applications for travel authorisations by visa exempted TCN s. Different from the general provision in the ECRIS-TCN Regulation, access within the framework of the ETIAS Regulation would be limited to national records in ECRIS-TCN on TCN s convicted for a terrorist offence or another serious criminal offence. For this purpose, a proposed amendment of ECRIS-TCN Regulation provides in Article 5 for the addition of a ‘flag’ to the ECRIS-TCN that the TCN has been convicted either in the past 25 years for a terrorist offence or in the past 15 years for a serious criminal offence as listed in the Annex to Regulation 2018/1240. These latter offences should be punishable under national law by a custodial sentence or detention order for a maximum period of at least three years. The Commission thus proposes a higher threshold for applicants from visa exempt countries than for TCN s who need a short-term visa to enter the Schengen territory. Nevertheless, the lengthy periods during which convictions in the past will still result in the refusal of travel authorisation is worrying. Furthermore, the data retention period for information in ECRIS-TCN, including the aforementioned flags is entirely left to the national laws.²⁷

In its opinion of 2015, the Fundamental Rights Agency (FRA) proposed an explicit prohibition of using ECRIS-TCN information for immigration law enforcement purposes outside criminal law proceedings.²⁸ The FRA warned against secondary effects from national convictions based on previous irregular entry or stay, which, specifically for refugees and children, would have adversary effects for their integration and protection. It further proposed to clearly define the system’s purpose in a manner that limits the Member State’s discretion. The added value of ECRIS-TCN with regard to the already existing option to report convicted or suspected TCN s into SIS is unclear and has not been substantiated by the EU legislator. As submitted by Vavoula, there will be complete overlap between SIS and ECRIS-TCN with regards to convictions on terrorist offences. Furthermore, the overlap between SIS and ECRIS-TCN with regards to other offences listed in the Annex of the ETIAS Regulation will be opaque due to the discretion enjoyed by Member States in registering such alerts.²⁹

3.1 ETIAS and the Refusal of Travel Authorisation

On 25 April 2018, the Council and the European Parliament reached an agreement on the European Travel and Authorisation System (ETIAS), proposed by the European Commission in 2016 for ‘strengthening integrated border management and enhancing internal security’.³⁰ The ETIAS system, when operational, requires visa-exempt TCN s to apply for a travel authorisation and to submit personal information into an online application before travelling to the EU. Their data will be cross-checked against a number of databases and on the basis of this comparison a travel authorisation can be either issued or refused.³¹ In addition to the aforementioned existing large-scale databases, the ETIAS Regulation provides for an additional information system, the ETIAS Central System (Article 6).

According to Article 37 of the ETIAS Regulation, a travel authorisation will be refused amongst others if the applicant poses a security, an illegal immigration, or a high epidemic risk, or he or she is a person in respect of whom an alert has been entered into SIS for the purpose of refusing entry or stay. Other refusal grounds include the fact that the applicant used a travel document which has been reported as lost, stolen misappropriated or invalidated in SIS, or for failing to reply to request to provide failing or additional documentation within ten days of the date of receipt of the request (Article 27 (2)). Aside from the aforementioned risk assessment, Article 37 allows national authorities to refuse a travel authorisation, if ‘there are reasonable and serious doubts as to the authenticity of the data, the reliability of the statements made by the applicant, the supporting documents provided by the applicant or the veracity of their contents’. This entails, in addition to the aforementioned refusal mechanisms on the basis of the SIS II Regulation, the Visa Code and the use of the ECRIS-TCN regulation, another quite discretionary and unspecified ground to deny TCN s admission to the EU.

To assess whether a person is eligible to enter the EU, three levels of information sorting will be used. First, an automated comparison will take place with national and EU databases, for example to check if travel documents have been reported as stolen, lost or invalidated in SIS or national databases, or if the person has been reported for the purpose of refusal of entry into the SIS. Second, there will be an assessment based on ‘ETIAS screening rules’. According to Article 33, these rules are based on an algorithm enabling profiling through the comparison between the data recorded in an application file of the ETIAS Central System with specific risk indicators established by the ETIAS Central Unit pointing to irregular migration, security or public health risks. Third, the personal information of the applicant of the travel authorisation will be compared to the so-called ETIAS watchlist (Article 22). This list will be established on the basis of information provided by Europol ‘related to terrorist offences or other serious criminal offences’ (Article 34). Furthermore, Article 11 of the ETIAS Regulation provides for interoperability between the ETIAS Central System with other EU large-scale databases, including SIS II, Eurodac,³² the Visa Information System or VIS,³³ ECRIS-TCN, and the Entry Exit System or EES,³⁴ for the purpose of the ‘risk-assessment’ of the application. Applications for a travel authorisation will be automatically processed, after which the ETIAS Central System examines ‘each application file individually’ (Article 20). The decision on the travel authorisation is taken by the ‘ETIAS Central Unit’ or the National Unit of the responsible Member State (Article 36). Once issued, the travel authorisation remains valid for five years.

3.2 Pre-screening and Security Flags in Eurodac

Addressing new mechanisms of exclusion, it is important to refer in this contribution to the new ‘pre-entry phase’ as proposed in the Migration Pact of September 2020, ensuring the screening of TCN s (TCN s) arriving at EU’s external borders.³⁵ The aim of the pre-entry phase is, according to the Commission, to establish a ‘seamless link’ between all stages of the migration process from arrival to processing of asylum requests and granting of international protection or, where applicable, the return of those not in need of protection.

On completion of the screening procedure, the responsible authorities should fill out a so-called ‘de-briefing form’, containing personal and very detailed information.³⁶ This information includes: name, date and place of birth and sex, initial indication of nationalities, countries of residence prior to arrival, languages spoken, reason for unauthorised arrival, entry, or illegal stay; information on whether the person made an application for international protection, information obtained on routes travelled and any other information on assistance received from a person or organisation in crossing the border without authorisation. The proposed screening procedure may result in four possible outcomes: 1) refusal of entry; 2) return; 3) asylum or; 4) relocation. As submitted by the organisation European Council on Refugees and Exiles (ECRE), the relationship between refusal of entry based on this proposed regulation and the Schengen Borders Code is unclear.³⁷ The added value of the screening procedure in addition to the already applicable border controls and the scrutiny of individuals at the external borders based on the Schengen Borders Code is therefore questionable.

Furthermore, the proposal includes the possibility to assess during the pre-screening procedure whether the TCN poses a possible security risk. This assessment is also provided for in Article 57 (7) of the proposed Regulation on Asylum and Migration Management in the procedure before relocation.³⁸ Based on the outcome of such a security assessment, national authorities must submit information to the Central System of Eurodac that the person could pose a threat to internal security.³⁹ In order to delink this proposal from the negotiations on the other Migration Pact proposals, an amended version of the Eurodac Regulation of September 2021 no longer refers to the Screening Regulation.⁴⁰ The new proposal now provides that Member States must submit to Eurodac ‘the fact that the person could pose a threat to internal security following security checks.’ The content and the conditions under which such security checks may take place, is thus entirely left to the national rules and practices of the Member States. As this information will be retained for ten years in Eurodac, the outcome of these security checks may have long-term implications for TCN s, while possibly affecting the right to apply for international protection.⁴¹

3.3 Regulating the Use of Artificial Intelligence and…. Polygraphs?

Taking into account the aforementioned examples of risk assessment and pre-screening measures in asylum and immigration law procedures, it is relevant to refer shortly to the proposal for a Regulation on Artificial Intelligence, presented by the Commission in April 2021.⁴² The goal of the proposed regulation is amongst others to safeguard EU values and fundamental rights and to ensure the development of ‘secure, trustworthy and ethical artificial intelligence’. The proposal provides general rules to be taken into account in the development and use of artificial intelligence (AI), but also explicitly defines specific ‘harmful’ AI to be prohibited (for example an AI based system of social scoring used by public authorities) and ‘high risk AI systems’. The development and use of these ‘high risk systems’ are bound by stricter rules. It is noteworthy that the Commission, when describing examples of high-risk systems, explicitly refers to the possible use of ‘polygraphs and similar tools or to detect the emotional state of a natural person’ in the fields of migration, asylum and border control management.⁴³ Whereas any scientific evidence for the reliability of the use of polygraphs (read lie-detectors) is lacking (on the contrary, scientist have multiple times emphasized the flaws of these methods), this use of ‘AI’ entails severe risks for the protection of fundamental rights as it will increase the (already existing) problem of accountability, and result in further stigmatization of specific groups of individuals.⁴⁴ Therefore, it is worrying that instead of defining the use of polygraphs as a prohibited AI system, the AI proposal allows this use by national authorities and even by explicitly referring to its use in asylum, migration, and border control decisions. It is even more worrying, that the European Commission subsidizes research investigating the possible use of ‘smart lie-detection system to tighten EU’s busy borders’.⁴⁵

4.1 Access to Legal Remedies against the Refusal of Admission, Visa or Travel Authorisation

Article 14 (3) of the Schengen Borders Code provides that persons refused entry have the right to appeal, which appeal will be conducted in accordance with national law. In accordance with Article 14 (2) the person must be provided with a substantiated decision stating the precise reasons for refusal, by means of the standard form as included in Annex VI to the Schengen Borders Code. This latter addition seems to undermine the rather strict requirement of the substantiated decision-making, as the standard form allows national authorities not to offer detailed information on the reasons for refusal. However, as discussed below, when dealing with CJEU’s case-law, this standard form does not derogate from the general obligation of informed decision-making to ensure effective legal protection. Furthermore, in E.P., the CJEU ruled on the question of how far the state’s discretion reached regarding the evaluation of entry conditions.⁴⁶ The CJEU found that in the case of Article 6(1) of the Schengen Border Code, including the grounds to refuse a person entry to the Schengen area, the Member State had wide discretion in reaching the conclusion that an individual was a threat to public policy. In the same judgment, the CJEU, however underlined that any such decision must be based on a prior individual assessment and proportionality test. According to the CJEU, national practices on the return of TCN s ‘must comply with the principle of proportionality, which is a general principle of EU law, and must therefore, in particular, not go beyond what is necessary to safeguard public policy’.⁴⁷ Furthermore, the CJEU stressed that national authorities may only invoke a threat to public policy if there is a ‘consistent, objective and specific evidence that provides grounds for suspecting that that TCN has committed such an offence’.⁴⁸ These criteria, therefore, need to be effectively scrutinised by national courts.⁴⁹ Furthermore, as underlined by the CJEU with regard to the European Arrest Warrant and the SIS-alert for the refusal of entry, a state may have a duty to check the lawfulness of the (execution of) a SIS-alert, if this would violate fundamental rights, including the right to a fair trial and the freedom of movement of spouses of EU citizens of the person at stake.⁵⁰

Dealing with short-term visa applications, Article 32 (3) of the Visa Code provides that applicants ‘who have been refused a visa shall have the right to appeal’.⁵¹ Member States are required to disclose the grounds of the refusal to the applicant as provided in the standard form in Annex VI.⁵² The form is divided in 11 reasons for refusal, annulment or revocation. Point 5 of the form addresses situations in which the refusal is based on an alert for the purpose of refusing entry issued by another Member State in the Schengen Information System.

In general, these provisions offer Member States much leeway with regard to both the decision-making in visa procedures and the scope and content of legal remedies. With regard to the former, the CJEU in Koushkaki, emphasized that the listed grounds for refusal in Article 32(1) of the Visa Code are exhaustive and therefore a visa refusal cannot be based on any other ground.⁵³ With regard to the latter, in the El Hassani case, the CJEU clarified that the, even if rather vague, the provision on the right to appeal in the Visa Code does not entail a discretionary power for Member States, by stressing the close relationship between Article 32 Visa Code and Article 47 of the EU Charter of Fundamental Rights (EU Charter) on the right to effective judicial protection.⁵⁴ According to the CJEU, where ‘in examining a visa application the national authorities have a broad discretion as regards the conditions for applying the grounds of refusal laid down by the Visa Code and the evaluation of the relevant facts, the fact remains that such discretion has no influence on the fact that the authorities directly apply a provision of EU law.’⁵⁵ Therefore, Article 32(3) of the Visa Code, read in the light of Article 47 EU Charter, requires Member States ‘to provide for an appeal procedure against decisions refusing visas, the procedural rules for which are a matter for the legal order of each Member State in accordance with the principles of equivalence and effectiveness.⁵⁶

4.2 Access to Legal Remedies in Relation with the Information Contained in EU Databases

One of the keystones of data protection and the enforcement of data subjects’ rights to access, correction or deletions of their data, is the right to effective judicial remedies.⁵⁷ Article 68 of the new SIS II Regulation maintains the same provision with regard to access to legal remedies as was already included in the Regulation 1987/2006. It allows data subjects to bring an action before any competent authority, including a court, under the law of any Member State with regard to their rights concerning the entry, rectification, completion, and deletion of their personal data in SIS II. This means that a data subject may proceed in any Member State regardless of whether this state submitted the SIS alert. If a national data protection authority or court finds that the data should be corrected or even deleted from the SIS II, this decision must be executed by the reporting state. This provision in the SIS II Regulation allows TCN s therefore to submit a request or lodge an appeal without having to find out first which states submitted the SIS alert. As we have seen above, this is different for a person whose visa application is rejected based on the objection of another Member State.

The Visa Information System or VIS includes information on every decision adopted with regard to a short-term visa application by a TCN on the basis of the Visa Code. Article 38 VIS Regulation⁵⁸ also includes an individual right to access, correction and deletion of information in the VIS database on short-stay visas and based on Article 40 a person refused this right, has the right to bring an action or a complaint before the competent authorities or courts of that Member State. Member States are thus not obliged to provide a remedy before courts. In accordance with Article 38 (6), a Member State must inform the person on how ‘to bring an action or a complaint before the competent authorities or courts of that Member State’ and on any assistance, including from the national data protection authorities. Whereas this obligation is an important safeguard for legal protection, it is unclear how it is implemented in practice.

With regard to the future use of ECRIS-TCN, Article 25 of the ECRIS-TCN Regulation provides that requests of TCN s for rectification and erasure and to restrict the processing of personal data, which rights are set out in the applicable Union data protection rules, may be addressed to the central authority of any Member State. Where a request is made to a Member State other than the convicting Member State, the former Member State shall forward it to the convicting Member State without ‘undue delay’ and in any event within 10 working days of receiving the request. Upon such request, the convicting Member State must immediately launch a procedure for checking the accuracy of the data concerned and the lawfulness of its processing in ECRIS-TCN; and respond to the Member State that forwarded the request without undue delay. If this convicting state does not agree that the data in ECRIS-TCN are inaccurate or have been processed unlawfully, it will adopt in accordance with Article 25 (4) an administrative or judicial decision explaining in writing to the person concerned why it is not prepared to rectify or erase data relating to him or her. Such cases may, where appropriate, be communicated to the national supervisory authority. Article 25 (5) obliges the Member State adopting the decision pursuant to paragraph 4 to provide the person concerned with information explaining the steps he or she can take if the explanation given pursuant to paragraph 4 is not acceptable to him or her. This includes information on how to bring an action or a complaint before the competent authorities or courts of that Member State and any assistance, including from the national supervisory authorities, that is available in accordance with the national law of that Member State. In case of such refusals the Member States must provide in accordance with Article 27 of the ECRIS-TCN Regulation, ‘any person the right to lodge a complaint and the right to a legal remedy in the convicting Member State which refused the right of access to or the right of rectification or erasure of data relating to him or to her. Where Article 27 does not explicitly state whether this entails judicial remedies, we have learned from CJEU case-law that applicable provisions on legal remedies must be read in accordance with Article 47 of the Charter.⁵⁹ This means that Member State must ensure access to effective judicial protection for individuals lodging an appeal against decisions refusing to correct or delete information in ECRIS-TCN. Contrary to the provision in the aforementioned SIS II Regulation, the right to a legal remedy in the ECRIS-TCN Regulation does not allow the individual to start proceedings in any of the Member States using ECRIS-TCN. As a result, this person may have to start procedures in different states: one in the state refusing entry on the basis of the ECRIS-TCN information, and one in the convicting. This may hamper his or her right to have access to effective judicial protection.

4.3 Access to Legal Remedies with Regard to ‘Risk Assessments’

In accordance with Article 37 (3) of the ETIAS Regulation,⁶⁰ an applicant who has been refused a travel authorisation shall have the right to appeal. Such appeal must be conducted in the Member State that has taken the decision on the application and in accordance with the national law of that Member State. The ETIAS National Unit of this Member State responsible must provide the applicants with information regarding the appeal procedure. If an application for travel authorisation is refused, Article 38 of the ETIAS Regulation provides that the applicant should receive a notification by email. This notification must include information on the right to appeal and a statement of the grounds of refusal as listed in Article 37 (1) and (2). These refusal decisions will not include substantiated or individualised information; they merely state the category of the grounds of refusal (such as, the fact that the person is reported in the SIS for the purpose of refusal of entry, or that s/he poses a security, illegal immigration, or high epidemic risk).

Neither the Screening proposal, nor the proposed Regulation on Asylum and Migration Management⁶¹ provide any legal remedy against the assessment that a person poses a security risk, or any obligation for authorities to inform the TCN about this assessment or ‘security flag’. Second, the proposed Screening Regulation does not seem to provide a legal remedy against a refusal of entry based on the screening procedure within the framework of search and rescue operations, as these operations are excluded from the applicability of the Schengen Border Code.⁶² Furthermore, when dealing with the decision whether a person falls within one of the four aforementioned categories, there is no appeal right for an individual who submits that he or she has been wrongly categorized. This might be particularly problematic where at the external borders or during safe and rescue operations, individuals due to misunderstanding or lack of information, are wrongly categorized as not applying for asylum.

A comparable problem applies to individuals whose application for entry, a visa or travel authorisation, or asylum, is rejected based on the use of risk assessment, artificial intelligence, or even polygraphs. Currently, EU legislation does not provide in extra guarantees with regard to the right to appeal against such decision-making.

4.4 Effective Remedies … with a Little Help from the CJEU

As we have seen above, where the refusal of admission is based on foreign information as is the case in the framework of the SIS, the consultation mechanism in the visa procedure, and in ECRIS-TCN, TCN s will be hampered to address this decision-making effectively.

In the case R.N.N.S and K.A the CJEU provided relevant guidelines to ensure access to effective judicial protection in cases where two states are involved in the denial of entrance.⁶³ In this case, the Dutch visa authorities had refused a short-term visa to TCN s following objections from Hungary, respectively Germany.⁶⁴ Moreover, the Dutch authorities did not provide information on the reasons for refusal and claimed they had no discretion to issue a visa related to the objection of another state.⁶⁵ In both cases, the applicants were referred to the objecting states with regard to their right to appeal under Article 32 of the Visa Code. However, due to the absence of a formal decision, it was difficult if not impossible for the applicants to lodge legal proceedings in the respective states. In both cases, also because of the use of the standard form provided in Annex VI of the Visa Code, the visa refusal itself did not offer the applicants clear or precise information on the grounds of refusal, and at first, not even about which state objected against the issuing of a visa.

In R.N.N.S. and K.A., the CJEU states that despite ‘the broad discretion as regards the conditions for applying the grounds for refusal’, such discretion has no influence on the fact that they directly apply a provision of EU law.⁶⁶ ‘This means that in accordance with Article 47 (2) of the EU Charter, applicants are entitled to a hearing by an independent and impartial tribunal. Furthermore, compliance with that right assumes that a decision of an administrative authority ‘that does not itself satisfy the conditions of independence and impartiality must be subject to subsequent control by a judicial body that must, in particular, have jurisdiction to consider all the relevant issues’.⁶⁷ Whereas the definition of ‘all the relevant issues’ can be considered vague, it does provide an important criterion for the scope of judicial review of the decision-making in visa procedures. In connection with earlier judgment of the CJEU in EP, addressing the prohibition of automated decision making and the necessity of an individual assessment, this means that national courts must be able to address in the visa application the specific reasons and legitimacy of the decision at stake.

Furthermore, the CJEU emphasized that to ensure that the right to judicial protection is effective, the person concerned must be able to ascertain the reasons upon which the decision taken in relation to him or her is based, either by reading the decision itself, or by requesting and obtaining notification of those reasons.⁶⁸ With regard to the role of the courts, the CJEU made a distinction between on the one hand the review by courts of the Member State which adopted the final decision of refusing a visa, which concerns the examination of the legality of that decision, and on the other hand the review of the merits of the objection to the issuing of a visa raised by another Member State. The CJEU emphasized the obligation of the Member State refusing a visa, to ensure that the rights of defence and the right to a remedy of the visa applicant are guaranteed. This includes the obligation to indicate in the visa refusal decision, the identity of the Member State which raised that objection, the specific ground for refusal on the basis of that objection, and, ‘where appropriate’, the essence of the reasons for that objection.

It may be considered disappointing that the CJEU in this judgment explicitly found that the courts of the Member State adopting the final decision, cannot examine the substantive legality of the objection raised by another Member State to the issuing of the visa. The CJEU could have chosen for a parallel reasoning with the provision in the SIS II Regulation. As discussed above, this allows TCN s to seek legal remedies in any of the Member States and provides national courts and tribunals the power to order national authorities from other states to delete or correct SIS alerts, or to grant compensation for harm caused by the use of SIS. However, in R.N.N.S. and K.A., the CJEU did rule that to enable the visa applicant to exercise in accordance with Article 47 EU Charter his or her right to challenge such an objection, the Member State refusing a visa, should provide information on the authority the applicant may contact in order ‘to ascertain the remedies available in that other Member State’.⁶⁹ It should be noted that the CJEU added an apparently superfluous, but meaningful remark: ‘in any event, the Member State concerned may issue a visa with limited territorial validity in accordance with Article 25 of the Visa Code’.⁷⁰ The CJEU made this statement after describing all the necessary safeguards to be adopted by the Member State taking the final decision of refusal to ensure effective judicial protection. This could be read as a gentle instruction to individual states that where there are insufficient (substantiated) grounds for refusing entry, the Member State should grant the applicant in any case access to its own territory, thus providing an implicit exception to mutual trust.