National identity versus European identity: from the acquis communautaire to the European Union’s Rule of law

by Ezio PERILLO (former Judge of the EU General Court)

The acquis is the EU identity, but not only

No longer in fashion, the principle of the acquis communautaire is still an essential part of the Union’s legal order. It encompasses the entire EU legal legacy on which this order has been formed since its creation, including the judgments of the Court. The acquis contains, above all, the five cardinal principles of the European legal order, those ruled by the Van Gend & Loos and Costa/Enel famous judgments. The autonomy, the direct effect and primacy of its law, its uniform interpretation and, finally, its direct and effective judicial protection.  It was ahead of its time in the ’60!

This arsenal of European principles, rules and jurisprudence, constitutes, nowadays, the very identity of the European Union.

Already provided by Article 3 of the Treaty of Amsterdam (1999), the acquis is at present inserted, although no longer with its concise French formula, in Article 13 TEU, which states: “the Union shall have an institutional framework which shall aim to promote its values, advance its objectives, serve its interests, those of its citizens and those of the Member States, and ensure the consistency, effectiveness and continuity of its policies and actions“.  These same obligations are also incumbent on the Member States.  Article 2 of the last act of accession to the European Union, the Croatian one (2013), provides, along the same lines as the previous ones, that “from the date of accession, the provisions of the original Treaties and of the acts adopted by the institutions before accession [including the judgments of the Court of Justice] shall be binding on Croatia and shall apply in that State to the conditions laid down in those Treaties and in this Act”.

Therefore, in order to join and then legitimately stay in the Union, every Member State, old or new, must accept and comply with the binding nature of the acquis.

The acquis is also part of each Member State’s identity

Since its accession to the Union, each Member State has changed, treaty after treaty, its own legal profile, i.e. its constitutional identity, having unanimously assumed, in their legal order, the Treaties provisions, the principles and rules of the acquis communautaire.  Let’s consider, for instance, that national citizens are also, by law, European citizens. It follows that the national identity of each Member State is, nowadays, not only that inherent to their constitutional and political structures (see Art.4 TEU), but also, to a large extent, that deriving from their European affiliation.

Ultimately, the acquis communautaire constitutes, on the one hand, the identity of the European Union, and also, on the other hand, the identity of each Member State, although only in part.  After Lisbon, however, this famous French formula has disappeared from the Treaties provisions, even if it remains in those of the EU accession acts. I propose therefore to rename it here as the “European Rule of law” (or the “Rule of law of the European Union”).[1]

The European Rule of law

The reason of this name is quite simple. L’État de droit, das Rechtsstaat and the Rule of law, even if they are notions not exactly similar to one another, all refer to a national State dimension and not to a supranational or international dimension. Their main objectives are to guide every public authority towards a constitutional and correct exercise of their prerogatives and to prevent them from arbitrarily acting in the name of an alleged “sovereign” legal status.

Thus, when in a legal order, such as that of the European Union, its institutions have been charged, by the Masters of the Treaties, to “serve its interests, those of its citizens and those of the Member States”, this legal system must also have its own Rule of law, like any other legal order. In this perspective, what would have been called the acquis communautaire in the past, has now become the European Rule of law.

A principle or a value?

In a supranational order such as the European one, the values referred to in Article 2 TEU are not values belonging to the Union since its origin, simply because they have been “attributed” thereto, as a legal heritage, by the Masters of the Treaties.

Indeed, for the founding States of the Union, these values are irreplaceable, legal assets and guarantees too, strenuously acquired by their citizens through several, terrible wars. Values that are, today, solemnly engraved in their Constitutions or Fundamental Laws, also in those of the others Member States which joined the Union later. For these and other reasons, the Masters of the Treaties wanted the Union to be also founded on these values[2], which its institutions, like the national ones, must accept and promote (see Article 13 TEU, cited above).

That said, these universal values are not, legally speaking, the same thing as the principles of EU law, although the Masters of the Treaties use them without distinction, sometimes as values sometimes as principles (see, for instance, the second and forth whereas of the Preamble to the Treaties, or Article 21 TUE where it is stated that “ the Union’s action on the international scene shall be guided by the principles which have inspired its own creation, development and enlargement and which it seeks to advance in the wider world: democracy, the rule of law, the universality and indivisibility of human rights …” ).

By the way, according to the first whereas of the preamble to the EU Charter, the Union is, on the one hand, “founded on the indivisible, universal values of human dignity, freedom, equality and solidarity”, and is, on the other, “based on the principles of democracy and the rule of law”.

Therefore, values do found orders because they are fundamental legal assets that are not available to any public power, be it royal, republican, federal or European. Legal principles, instead, do ensure a legal basis to these orders, as they guide the public institutions’ actions and protect the citizens from any kind of arbitrary use of the State’s prerogatives.

But, above all, the difference between values and principles resides in how to legally control their compliance. As provided for in Article 7 TEU, breaches of the values referred to in Article 2 TEU can be determined only by the European Council, and the Council may, consequently, suspend certain of the European rights of the State concerned, including its voting rights. Therefore, the Court of Justice has no jurisdiction to review, on the merits, the legality of these decisions. Indeed, pursuant to Article 269 TFEU, the Court, in these cases, has jurisdiction solely to the extent that it shall check compliance with the procedural requirements provided for by the aforementioned Article 7 TFEU.  Ultimately, in the EU legal order, control over compliance with the founding values of the Union is a political prerogative, while supervising compliance with the EU legal principles is, needless to say, a jurisdictional remit.

Thus, in this legal frame, the ‘European Rule of law’ is, like its prior acquis communautaire, a binding principle of EU law, also for the Member States, and it is up to the Court of Justice to ensure its due and full legal control.  

National identity versus European identity: quid juris?

In its judgment of 22 February 2022, C-430/21 (Court of Appeal of Craiova, Rumania) the Court of justice ruled that if a Constitutional Court considers that an EU provision infringes its country’s national identity, it must stay the proceedings and make a preliminary reference to the Court of justice. Indeed, also in relation to article 4, §2, TUE, this Court has exclusive jurisdiction to declare an EU act invalid for non-compliance with one’s national identity. An EU act, by the way, that should be declared invalid only in the Member State concerned, in a sort of limited EU invalidity.

Still, in a National versus European identity case, the Court of Justice should be bound – I guess – by the description given by the referring Constitutional court as to the national identity at stake. The margins of appreciation become here very narrow.

Let’s then consider a different approach: in such cases, which of the two respective obligations comes first? Requiring the Union to comply with national identity or imposing to the country concerned to adhere to the EU’s identity?  

Well, could one argue that in order to claim the infringement of its own national identity, the country involved should first prove that it has fully respected EU’s identity, i.e. the European Rule of law, which has obviously priority over national law, i.e. over its internal Rule of law?  And if this is the case, shouldn’t the national jurisdiction, ruling on the dispute, disapply the internal provisions conflicting with the European Rule of law?

The answer? The answer is not blowing in the wind and can be given by the Court.


[1] In similar terms, see, Olivier Audéoud, “ L’acquis communautaire, du mythe à la pratique, in, Revue d’études comparatives Est-Ouest, 2002, n. 33-3,  pp. 67-77.

[2] Article 2 TEU so provides. “The Union is founded on the values of respect for human dignity, freedom, democracy, equality, the rule of law and respect for human rights… These values are common to the Member States in a society in which pluralism, non-discrimination, tolerance, justice, solidarity and equality between women and men prevail”.

(EU LAW ANALYSIS) Temporary Protection for Ukrainians in the EU? Q and A

Professor Steve Peers, University of Essex

*updated March 2 2022 to include the Commission proposal for use of the temporary protection Directive, and guidance for applying EU external borders law.  

Among the many big developments over the last few days in response to the Russian invasion of Ukraine, there was an important potential asylum law measure – the possible use of the EU’s temporary protection Directive, a legal framework for mass influxes of people needing protection dating back to 2001 but never used.

According to the EU Council, there was ‘broad support’ for this idea among EU home affairs ministers meeting informally on February 27, and the Commission will propose doing so ‘without delay’. The Commission duly made this proposal on March 2. (I’ll update this blog post again when and if the Council adopts it). What does this mean for the hundreds of thousands – if not millions – of people now fleeing the invasion of Ukraine?

Which Member States does it apply to?

EU asylum law in principle applies to all Member States, except for the UK, Ireland and Denmark, which had an opt out from the Directive. The UK chose to opt in – although obviously this is now moot in light of Brexit. Ireland initially opted out, then opted in to the Directive in 2003. Denmark remains outside the scope of the Directive.

The parallel guidance on applying EU external borders law applies to all Member States except Ireland (because the other EU Member States that do not apply Schengen fully apply EU external borders rules in the meantime), and Schengen associates (Norway, Iceland, Switzerland and Liechtenstein). 

Note that EU Member States waived short-term visa requirements for Ukrainians back in 2017 already. This law applies to all Member States (and Schengen associates) except Ireland; and Ireland has recently waived short-term visa requirements for Ukrainians unilaterally.

Who is covered by temporary protection?

The Directive applies to a ‘mass influx’ of ‘displaced persons’. A ‘mass influx’ is defined as:

…arrival in the [EU] of a large number of displaced persons, who come from a specific country or geographical area, whether their arrival in the [EU] was spontaneous or aided, for example through an evacuation programme;

‘Displaced persons’ are defined as:

…third-country nationals or stateless persons who have had to leave their country or region of origin, or have been evacuated, in particular in response to an appeal by international organisations, and are unable to return in safe and durable conditions because of the situation prevailing in that country, who may fall within the scope of Article 1A of the Geneva Convention or other international or national instruments giving international protection, in particular:

(i) persons who have fled areas of armed conflict or endemic violence;

(ii) persons at serious risk of, or who have been the victims of, systematic or generalised violations of their human rights;

‘Article 1A of the Geneva Convention’ refers to the definition of ‘refugee’ under the UN Refugee Convention – ie a well-founded fear of persecution on grounds of race, religion, political opinion, nationality or particular social group – although note that the Directive does not necessarily apply only to those who fall within that refugee definition (‘who may fall within’). Those fleeing Ukraine can point to the ‘armed conflict’ ground of the ‘displaced persons’ definition in this Directive – although note that the list of the two groups who are covered by the Directive is not exhaustive (‘in particular’), meaning that other groups of people might meet the definition too.

Note also that the Directive only applies to those leaving ‘their country or region of origin’. This ought to cover both Ukrainian citizens and non-Ukrainians who can argue that their ‘origin’ is in Ukraine (‘origin’ is not further defined). That scope is broader than the Refugee Convention, which applies where a person is: ‘outside the country of his [or her] nationality and is unable or, owing to such fear, is unwilling to avail himself [or herself] of the protection of that country’ (or, if stateless, of their country of habitual residence).

Conversely, this means that the Directive does not apply to those whose ‘origin’ is not Ukraine. This might mean that it is interpreted to exclude non-Ukrainian citizens who have moved to Ukraine in recent years. But many of them still need to flee the invasion – and hopefully their need to flee and immediate humanitarian requirements will be recognised even if they technically fall outside the scope of the Directive.  

The scope of the Commission proposal is ‘the following categories of persons displaced as of 24 February 2022 following the military invasion by Russian armed forces on that date:’ 

(a) Ukrainian nationals residing in Ukraine; 

(b) Third-country nationals or stateless persons residing legally in Ukraine and who are unable to return in safe and durable conditions to their country or region of origin; The requirement of inability to return in safe and durable conditions to their country or region of origin shall not apply to third-country nationals or stateless persons who have been legally residing on a long-term basis in Ukraine. 

(c) family members of the persons referred to in points (a) and (b), regardless of whether the family member could return in safe and durable conditions to his or her country or region of origin.

The proposal defines family members as, ‘in so far as the family already existed in Ukraine at the time of the circumstances surrounding the mass influx’: 

(a) the spouse of a person referred to in points (a) or (b) of paragraph 1 or their unmarried partner in a stable relationship, where the legislation or practice of the Member State concerned treats unmarried couples in a way comparable to married couples under its law relating to aliens; 

(b) the minor unmarried children of a person referred to in points (a) or (b) of paragraph 1 or of his or her spouse, without distinction as to whether they were born in or out wedlock or adopted; 

(c) other close relatives who lived together as part of the family unit at the time of the circumstances surrounding the mass influx, and who were wholly or mainly dependent on a person referred to in points (a) or (b) of paragraph 1 at the time. 

However, the guidance on applying external borders law applies to others fleeing the invasion too.  It suggests that the usual criteria for entry across the external borders could be waived for anyone fleeing the conflict, and states that: 

Member States should ensure that non-Ukrainian third country nationals, other than those covered by the scope of the Temporary Protection Directive or who have a right to stay in the Union on the basis of other grounds, transit to their countries of origin or usual residence after entry. So as to avoid situations of illegal stay, Member States are encouraged to provide – if needed – assistance for their repatriation or regularisation, as appropriate. The Frontex Standing Corps can be deployed to support these assisted departures.

How is temporary protection set up?

The Directive is just a framework for a possible temporary protection system. A temporary protection regime is not established automatically, but only after the Council (ie Member States’ home affairs ministers), acting by a qualified majority on a proposal from the Commission, agrees that there is a mass influx of displaced persons.

The Council Decision setting up temporary protection has to be based on:

(a) an examination of the situation and the scale of the movements of displaced persons;

(b) an assessment of the advisability of establishing temporary protection, taking into account the potential for emergency aid and action on the ground or the inadequacy of such measures;

(c) information received from the Member States, the Commission, UNHCR and other relevant international organisations.

The European Parliament must be informed of the decision, but does not have a vote beforehand.

The Council decision must specifythe groups of persons covered, although Member States can extend the regime to other groups displaced for the same reasons and from the same country or region of origin. But if they do so, the financial support provided for in the Directive will not apply to such groups.

Also, the Council decision must set out when temporary protection takes effect; ‘information received from Member States on their reception capacity’; and ‘information from the Commission, UNHCR and other relevant international organisations’.

How many people will it apply to?

The numbers covered by temporary protection are not necessarily unlimited. Member States must ‘indicate – in figures or in general terms – their capacity to receive’ displaced persons. The Council decision setting up temporary protection must set out these numbers. Later on Member States ‘may’ declare that they have more reception capacity. The Commission proposal does not include numbers.

If the numbers who are ‘eligible for temporary protection’ is higher than the numbers that Member States have said they can accept, ‘the Council shall, as a matter of urgency, examine the situation and take appropriate action, including recommending additional support for Member States affected’.

If the numbers are exceeded, then (implicitly) Ukrainians not covered by temporary protection can still make asylum applications – but one could imagine that in this scenario, Member States would struggle to manage the numbers concerned.

How long will it last?

The starting point is that temporary protection is one year long, although it can be terminated early if the Council (ie Member States’ home affairs ministers) decides to end it, on a qualified majority vote on a proposal from the Commission, if the Council has established that conditions in the country of origin have improved sufficiently so ‘as to permit the safe and durable return’ of the beneficiaries.

It is automatically extended for further periods of six months to a two-year maximum. A further extension for up to a third year is possible, again on a qualified majority vote on a proposal from the Commission.

What rights do people covered by temporary protection have?

Member States must issue residence permits for the duration of temporary protection. For those not yet on the territory, they must issue visas to ensure that they can enter. If a person remains on or seeks to enter the territory of another Member State without authorization during the temporary protection period, Member States must take them back. 

Member States must permit temporary protection beneficiaries to take up employment or self-employment, but they may give priority to EU citizens and EEA nationals, as well as legally resident third-country nationals receiving unemployment benefit. The ‘general law’ regarding remuneration, social security, and other conditions of employment in each Member State applies.

As for social welfare and housing, Member States must ‘ensure that persons enjoying temporary protection have access to suitable accommodation or, if necessary, receive the means to obtain housing’, and ‘shall make provision for persons enjoying temporary protection to receive necessary assistance in terms of social welfare and means of subsistence, if they do not have sufficient resources, as well as for medical care’ – which ‘shall include at least emergency care and essential treatment of illness’. There is also an obligation to ‘provide necessary medical or other assistance to persons enjoying temporary protection who have special needs, such as unaccompanied minors or persons who have undergone torture, rape or other serious forms of psychological, physical or sexual violence.’

For education, Member States must give ‘access to the education system under the same conditions as nationals of the host Member State’ for those under 18, but may confine this to the state education system. Admission of adults to the general education system is optional.

Member States have to authorize entry of family members, ‘in cases where families already existed in the country of origin and were separated due to circumstances surrounding the mass influx’. But this only applies to ‘core’ family members:

(a) the spouse of the sponsor or his/her unmarried partner in a stable relationship, where the legislation or practice of the Member State concerned treats unmarried couples in a way comparable to married couples under its law relating to aliens; the minor unmarried children of the sponsor or of his/her spouse, without distinction as to whether they were born in or out of wedlock or adopted;

Admission of a broader group of family members is only optional, ‘taking into account on a case by case basis the extreme hardship which they would face if the reunification did not take place’:

(b) other close relatives who lived together as part of the family unit at the time of the events leading to the mass influx, and who were wholly or mainly dependent on the sponsor at the time.

Note that the Directive clarifies that Member States may adopt more favourable rules for persons covered by temporary protection.

Finally, there is a right to ‘mount a legal challenge’ to exclusion from temporary protection or family reunion. CJEU case law on other EU migration law makes clear that this means access to the courts. 

How does temporary protection relate to asylum applications?

Temporary protection ‘shall not prejudge’ refugee recognition under the Refugee Convention. It will be possible to apply for asylum ‘at any time’.* Any asylum application not processed by the end of the temporary protection period has to be processed afterwards.

Moreover, Member States can deter applications for asylum by providing that a person cannot hold temporary protection status simultaneously with the status of asylum-seeker (the reason that this would deter applications is that asylum-seekers usually have fewer rights than temporary protection beneficiaries would have). But if an application for asylum or other protection status fails, a Member State must continue to extend temporary protection status to the beneficiary.

Member States may exclude a person from the benefit of temporary protection on grounds identical to the Refugee Convention exclusion clauses (ie war crimes/crimes against humanity, serious non-political crimes, or acts against the principles and purposes of the UN), or the Refugee Convention clauses on exclusion from non-refoulement (ie ‘there are reasonable grounds for regarding him or her as a danger to the security of the host Member State or, having been convicted by a final judgment of a particularly serious crime, he or she is a danger to the community of the host Member State’). Exclusions ‘shall be based solely on the personal conduct of the person concerned’, and must be ‘based on the principle of proportionality’.

What happens once temporary protection expires?

Once the temporary protection regime ends, the ‘general laws’ on protection and on foreigners apply, ‘without prejudice’ to certain specific provisions in the Directive. Arguably the reference to the ‘general laws’ must now be understood as a reference not only to the relevant national legislation, but also to EU rules on asylum and the EU’s Returns Directive, which were adopted after the temporary protection Directive.

For those applying for asylum, that means that the definitions of refugee and subsidiary protection in the EU’s qualification Directive will apply, along with the procedural rules in the procedures Directive and the rules on the status of asylum seekers in the reception conditions directive. The EU’s Dublin rules will determine in which Member State an application is made, although the temporary protection Directive includes some (unclear) additional rules on that issue.  

It’s also possible that Ukrainians could obtain another form of legal status, under the national or EU laws on legal migration (EU law has partly harmonised national laws on this issue).

Those who do not obtain legal status via an immigration or asylum route will in principle have to leave. The specific rules in the temporary protection Directive concerning return first of all provide for rules on voluntary return. Many (but not all) Ukrainians would likely wish to return voluntarily anyway, if the situation improves; but it’s anyone’s guess if it will do.

There is an express possibility of enforced return of persons after the regime has ended, but such return must be ‘conducted with due respect for human dignity’, and Member States ‘shall consider any compelling humanitarian reasons which may make return impossible or unreasonable in specific cases’. They must also ‘take the necessary measures concerning’ residence status of former beneficiaries of temporary protection ‘who cannot, in view of their state of health, reasonably be expected to travel; where for example they would suffer serious negative effects if their treatment was interrupted’. Specifically, those persons ‘shall not be expelled so long as that situation continues.’ Finally on the issue of return, Member States have discretion over whether to let children complete their school year.


It remains to be seen if Member States agree to the Commission proposal to establish temporary protection, and if so what the details are – in particular, how many people are covered by it. When the Directive was adopted back in 2001, there was concern among asylum specialists that it might undercut the Refugee Convention, in particular providing a possibility for Member States to set up a system with a lower standard of protection instead of considering asylum applications.

In practice, the EU has since adopted two phases of asylum laws, and concern has turned to how they are applied in practice – in particular as regards pushbacks from the territory and collaboration with dubious non-EU countries like Libya, to keep asylum-seekers from reaching the EU. In contrast to this hostility, a temporary protection system may be welcome – although it would be in stark contrast with the often unpleasant and unjustifiable treatment of others fleeing war or persecution.

Photo credit: Leonhard Lenz, via Wikimedia Commons

*Corrected on Feb 28 2022 to drop the statement that ‘Member States may delay consideration of an application for Convention refugee status until the temporary protection has ended’. In fact the Directive does not explicitly provide for this as such – although as noted, if a Member State chooses not to permit the status of asylum seeker concurrently with that of temporary protection, in practice this is likely to deter asylum applications as long as temporary protection applies. 

(EP Research Service) The Commission’s Rule of Law Report and the EU Monitoring and Enforcement of art. 2 TEU Values.

by Prof. Laurent PECH; Senior Research Fellow, Petra BÁRD, Associate professor, Eötvös Loránd University, Faculty of Law; Researcher, CEU Department of Legal Studies and CEU Democracy Institute; Fernand Braudel Fellow, European University Institute



Rule of law backsliding represents a major, existential challenge for the EU as it structurally endangers the foundations of the EU as a Union based on the rule of law and fundamentally threatens the functioning of the EU’s interconnected legal order. To address the EU’s worsening rule of law crisis and more broadly, the unprecedented and spreading attempts by some national authorities to organise the systemic undermining of EU’s shared foundational values, the European Parliament proposed a new EU mechanism in 2016 to better monitor and enforce the values of democracy, the rule of law and fundamental rights (DRF mechanism).

Instead of embracing the European Parliament’s proposal, the Commission designed its own new annual European Rule of Law Mechanism. The European Rule of Law Mechanism provides an annual process for dialogue on the back of an Annual Rule of Law Report (ARoLR) which the Commission has presented as a new preventive tool. Launched for the first time in 2020, the ARoLR takes the form of twenty-seven country chapters and an umbrella report presenting an overview of the situation of the rule of law situation across the EU. To date, the ARoLR has focused on four “pillars”: (i) national justice systems; (ii) national anti-corruption frameworks; (iii) media pluralism; and (iv) other institutional checks and balances.

The Commission’s ARoLR differs in many respects from the European Parliament’s DRF proposal. Most importantly, the ARoLR foresees lesser involvement for other EU institutions and does not provide for any formal involvement of external experts. It is also narrower in the sense that its scope is more limited as it does not directly cover democracy and fundamental rights; does not (yet) include country specific recommendations and does not automatically lead to the adoption of specific Council conclusions and a Parliament resolution.

This study offers a critical assessment of the Commission’s ARoLR within the broader context of the EU’s DRF architecture, and formulates recommendations in order to address the ARoLR’s negative features identified by the present authors: the creation of false expectations; the use of euphemistic language; the lack of context and connected failure to see the wood for the trees; the denial of (autocratic) reality and resulting category errors; the emphasis on “dialogue no matter what”; and finally, the opportunity costs and possible displacement effect the ARoLR has had on enforcement. This is not to say that a number of positive features cannot be identified. The ARoLR can indeed be commended for offering a compelling definition of the rule of law; a clear outline of why the rule of law matters; a broadly suitable selection of relevant “pillars” and main sources of information; and increasing the political saliency of the rule of law.


This study’s main recommendations summarised below aim to remedy the ARoLR’s identified gaps and shortcomings in the short to medium term. On the long term, it is recommended that renewed consideration is given to

(i) the extension of the ARoLR’s scope so that all Article 2 TEU values are subject to annual monitoring given that these values must be viewed as interconnected, interdependent and mutually reinforcing;

(ii) the extensive involvement of an expert panel and

(iii) the adoption of automatic legal and/or financial actions when country specific recommendations (which the third edition of the ARoLR is expected to contain for the first time) are not fully and promptly addressed.

Considering the Commission’s continuing opposition to the adoption of a mechanism akin to the Parliament’s proposed DRF mechanism, this study has prioritised the elaboration of recommendations which can be actioned in the short to medium term with the view of improving the effectiveness of the ARoLR without fundamentally changing its current scope and structure.

Recommendations on methodology:

•        A better preparation and publication cycle should be organised and in particular, the same time window should be used each year so that planning can be done ahead of the timeline’s official publication in respect of the next edition of the ARoLR;

•        The Commission should promptly publish the input documents they receive from national governments so as to enable experts and civil society groups to fact check them as soon as possible;

•        The Commission should be mindful of deliberate attempts to deceive it by those engaged in the systemic dismantlement of checks and balances and their proxies, such as government-organised non-governmental organisations (GONGOs). In this respect, it is recommended that the Commission provides clearer details than currently regarding country visits and interviews; selection of stakeholders, information selection, as well as greater protection for government critiques, especially those based in countries subject to an ongoing Article 7 procedure;

•        The Commission should elaborate on the indicators taken into account for assessing the rule of law situation in each of the Member States and should aim to undertake a comprehensive assessment of the same elements based on the same indicators in all country chapters;

•        The Commission should seek to take better account of the data and findings from relevant indices such as the Worldwide Governance Indicators (WGI) project, the World Justice Project Rule of Law Index, or the Varieties of Democracy (V-DEM) project;

•        The involvement of an expert panel/network of external experts and/or the EU Fundamental Rights Agency should be considered if only at first to merely provide feedback to the Commission and help inter alia with methodological issues.

Recommendations on scope and structure:

•        As long as the ARoLR is not extended to cover other foundational values enshrined in Article 2 TEU, the Commission should at a minimum better link the ARoLR with the values of democracy and fundamental rights and connected EU action plans and other strategies, considering the interconnected and mutual reinforcing nature of Article 2 TEU values. Scrutiny over judicial independence for example could extend to the evaluation of fair trial rights, access to justice, equality before the law in national case law;

•        New civic space pillar: As long as the ARoLR does not fully encompass all the Article 2 TEU values, the Commission should also consider adopting a fifth pillar dedicated to monitoring national developments relating to civic space considering the crucial importance of civil society when it comes to maintaining and protecting a democratic and pluralist society as well as a proper functioning of public life;

•        New Article 7 section: The insertion of a new Article 7 TEU state of play section in the umbrella report is recommended so as to better highlight in a transversal way the evolution of the situation in the countries which have already been identified as being on an autocratisation pattern following the activation of one of the procedures laid down in Article 7 TEU;

•     New EU chapter: In addition to the country chapters, the publication of a new EU chapter is  recommended with the drafting of this report to be done either by the EU Fundamental Rights Agency and/or a new panel or network of academic experts.

Recommendations regarding effectiveness and follow up:

•        The ARoLR should better outline countries’ rule of law adherence over a sufficient long period of time and highlight cross-cutting trends at EU level. This could be done inter alia by taking into account and summarise key data and findings from relevant indices such as the Worldwide Governance Indicators (WGI) project, the World Justice Project Rule of Law Index, or the Varieties of Democracy (V-DEM) project;

•        In order to better identify threats and violations of the rule of law and make non-compliance with court judgments a recurrent, more salient and costly issue for relevant national authorities, in addition to the forthcoming new country specific recommendations, the ARoLR ought to include data and information regarding non-compliance (or bad faith implementation) with CJEU orders and judgments but also national and ECtHR orders and rulings which concern any issue relating to any of the ARoLR’s pillars;

•        To guarantee better follow up, the ARoLR (including the country-specific recommendations) should be more directly aligned with other rule of law tools and procedures, such as infringement procedures and the Rule of Law Conditionality Regulation 2020/2092, so that remedial action could be more swiftly, consistently and effectively organised in situations where national authorities ignore or violate relevant recommendations;

•        The adoption of urgent reports ought to be considered so as to allow for a prompt and formalised answer from the Commission in a situation where national rule of law related developments are indicative of a serious danger; if state action results in the violation of individual rights on a mass scale or if state action amounts to irreversible or systemic threat to or violation of the rule of law;

In addition to or alternatively to the suggested adoption of urgent reports, the Parliament should consider requesting the Commission to present a mid-year assessment of the state of compliance (or non-compliance) with the ARoLR’s country-specific recommendations, with the Commission to be also requested to specify how non-compliance will be dealt with.


(EUROPEAN LAW BLOG) EU/US Adequacy Negotiations and the Redress Challenge: How to Create an Independent Authority with Effective Remedy Powers (2)


Can the U.S. Government create, by non-statutory means, an independent redress authority capable of providing an effective remedy for a European person who believes that her or his rights have been infringed by an intelligence service? In this article we put forward a novel non-statutory solution that could resolve the “redress” problem in the EU/US adequacy negotiations. This solution is based on three “building blocks” inspired by methods utilized in U.S. administrative law. First, the U.S. Department of Justice should issue a binding regulation creating within that executive agency an independent “Foreign Intelligence Redress Authority” (FIRA). Second, the President should issue a separate Executive Order providing the necessary investigative powers and giving FIRA’s decisions binding effect across the intelligence agencies and other components of the U.S. government. Finally, European individuals could obtain judicial review of an independent redress decision by using the existing Administrative Procedure Act.

Our first article, published on January 31, concentrated on whether the U.S. Congress would necessarily have to enact a new statute in order to create an adequate redress mechanism. We examined political, practical, and U.S. constitutional difficulties in enacting such a statute. Based on careful attention to EU law, we concluded that relying on a non-statutory solution could be compatible with the “essential equivalence” requirements of Article 45 of the EU’s General Data Protection Regulation (GDPR), if the requisite substantive protections for redress were put into place.

This article examines, from both a U.S. and a European law perspective, measures that could address the substantive requirements, notably the deficiencies highlighted by the Court of Justice of the European Union (CJEU) in its Schrems II judgment: independence of the redress body; its ability to substantively review the requests; and its authority to issue decisions that are binding on the intelligence agencies. We discuss only the redress issues highlighted by the CJEU. We do not address here the other deficiency cited by the Court — whether U.S. surveillance statutes and procedures sufficiently incorporate principles of “necessity and proportionality” also required under EU law.

Part I of this article explains how the U.S. executive branch could create an independent administrative institution to review redress requests and complaints. The institution, which we call “FIRA”, would be similar in important ways to what in Europe is considered as an independent administrative authority, such as the several surveillance oversight/redress bodies operating in Europe and listed in the EU Agency for Fundamental Rights’ (FRA) 2017 comparative study on surveillance (p. 115 – in France, for example, the National Commission for Control of Intelligence Techniques, CNCTR). We submit that, in the U.S., such an institution could be based on a binding regulation adopted by the Department of Justice (DOJ). Despite being created by the executive branch, the independence of FIRA will be guaranteed, since leading U.S. Supreme Court precedent considers such a regulation to have binding effect and to protect members of the redress authority from interference by the President or the Attorney General. 

Next, Part II of this article assesses how the U.S. executive branch could provide the necessary investigatory powers for FIRA to review European requests and complaints and to adopt decisions binding upon intelligence agencies. This could be done through a Presidential Executive Order that the President may use to limit executive discretion. 

Finally, Part III of this article discusses the important question of whether the ultimate availability of judicial redress is necessary under EU law and whether there is a path under U.S. law to achieve it, despite the 2021 Supreme Court decision in the TransUnion case limiting standing in some privacy cases. We examine reasons why judicial review of decisions by the independent FIRA may not be required under EU law. Nonetheless, we describe a potential path to U.S. judicial review based on the existing Administrative Procedure Act.  

I. Creating an Independent Redress Authority

Based on our discussions with stakeholders, the most difficult intellectual challenge has been how a redress authority can be created within the executive branch yet have the necessary independence from it. We first present the EU criticisms of the Privacy Shield Ombudsperson approach, and then explain how a binding regulation issued by DOJ can address those criticisms satisfactorily. 

1. Identifying the problems of independence with the previous Privacy Shield mechanism

Four criteria for independence of the redress body have been identified by EU authorities in their critiques of the Ombudsperson approach included in the 2016 Privacy Shield. 

a) Protection against dismissal or revocation of the members of the redress body

A crucial measure of independence under EU law, is protection against removal of any member of the independent body. In Schrems II, the CJEU noted there was “nothing in [the Privacy Shield Decision] to indicate that the dismissal or revocation of the appointment of the Ombudsperson is accompanied by any particular guarantees” (§195), a point previously made in 2016 by the Article 29 Working Party (WP29) when it observed “the relative ease with which political appointees can be dismissed” (here, p. 51). Protection against removal is also recognized under U.S. law and a key indicator for independence.(1) 

b) Independence as protection against external intervention or pressure

Protection against external intervention is a major requirement for a redress authority, as stated by the Advocate General in his 2019 Schrems II Opinion

“The concept of independence has a first aspect, which is external and presumes that the body concerned is protected against external intervention or pressure liable to jeopardise the independent judgment of its members as regards proceedings before them” (note 213).  

By contrast, the Ombudsperson in the original Privacy Shield was “presented as being independent of the ‘intelligence community’, [but] (…) not independent of the executive” (§ 337). 

c) Impartiality

In the same opinion, Advocate General Saugmandsgaard Øe stressed (and the CJEU endorsed), the importance of impartiality: “The second aspect of [independence], which is internal, is linked to impartiality and seeks to ensure a level playing field for the parties to the proceedings and their respective interests with regard to the subject matter of those proceedings” (note 213, emphasis added). 

d)  Relationship to the intelligence community 

In its 2015 study on surveillance, FRA noted that there is a “Goldilocks” challenge concerning the ties between redress bodies and intelligence agencies: “While ties that are too close may lead to a conflict of interest, too much separation might result in oversight bodies that, while independent, are very poorly informed” (p. 71).  In 2016, the WP29 found that the Privacy Shield solution did not appropriately respond to this challenge:

“The Under Secretary is nominated by the U.S. President, directed by the Secretary of State as the Ombudsperson, and confirmed by the U.S. Senate in her role as Under Secretary. As the letter and the Memorandum representations stress, the Ombudsperson is ‘independent from the U.S. Intelligence community’. The WP29 however questions if the Ombudsperson is created within the most suitable department. Some knowledge and understanding of the workings of the intelligence community seems to be required in order to effectively fulfil the Ombudsperson’s role, while at the same time indeed sufficient distance from the intelligence community is required to be able to act independently.” (p.49)

2. How the creation of FIRA by DOJ Regulation could fix these problems 

To date, despite insightful discussions of the challenges, we have not seen any detailed public proposals for how the U.S. executive branch might create a redress institution to meet the strict EU requirements for independence.(2) One innovation, which we understand that the parties might now be considering, could be a binding U.S. regulation, issued by an agency pursuant to existing statutory authority, to create and govern FIRA. Crucially, leading U.S. Supreme Court cases have given binding effect to a comparable regulation, even in the face of objections by the President or Attorney General.

a) Binding DOJ regulation to ensure independence of the FIRA 

The Department of Justice could issue a regulation to create FIRA and guarantee its independent functioning.  It could guarantee independence for the members of FIRA, including protections against removal, in the same fashion.

Under the U.S. legal system, such an agency regulation has the force of law, making it suitable for defining the procedures for review of redress requests and complaints. DOJ regularly issues such regulations, under existing statutory authorities, and pursuant to established and public procedures. To protect against arbitrary or sudden change, modifying or repealing the regulation would require following the same public procedural steps as enacting the regulation in the first place did.  In Motor Vehicles Manufacturers Association vs. State Farm Mutual Automobile Insurance Co., the Supreme Court held that since a federal agency had the discretion to issue a regulation initially, it would have to utilize the same administrative procedures to repeal it.

In an EU/U.S. framework for a new Privacy Shield, the U.S. Government unilaterally could commit to maintain this DOJ regulation in force, and the European Commission could reference the U.S. commitment as a condition of its adequacy decision. This would provide both to the EU and to members of FIRA a guarantee against revocation of the regulation ensuring that the authority would act independently. 

b) Supreme Court precedents protect against external intervention or pressure 

During the Watergate scandal involving then-President Richard Nixon, the Department of Justice issued a regulation creating an independent “special prosecutor” (also called “independent counsel”) within that department. The special prosecutor was designed to be independent from Presidential control, with the regulation stipulating that he could not be removed except with involvement by designated members of Congress. 

Acting within the powers defined in the regulation, the special prosecutor issued a subpoena for audio tapes held by the White House. The President, acting through the Attorney General, objected to the subpoena.  In a unanimous 1974 Supreme Court decision, United States v. Nixon, it was held that the special prosecutor’s decision to issue the subpoena had the force of law, despite the Attorney General’s objection.  The Court noted that although the Attorney General has general authority to oversee criminal prosecutions, including by issuing a subpoena, the fact that the special prosecutor had acted pursuant to a binding DOJ regulation deprived the Attorney General of his otherwise plenary power over subpoenas. 

The Supreme Court observed that “[t]he regulation gives the Special Prosecutor explicit power” to conduct the investigation and issue subpoenas, and that “[s]o long as this regulation is extant, it has the force of law” (emphasis added).  The Court concluded: 

“It is theoretically possible for the Attorney General to amend or revoke the regulation defining the Special Prosecutor’s authority. But he has not done so. So long as this regulation remains in force, the Executive Branch is bound by it, and indeed the United States, as the sovereign composed of the three branches, is bound to respect and to enforce it.”

In sum, as supported by clear Supreme Court precedent, a DOJ regulation can create a mechanism within the executive branch, so that the members of the administration must comply with its terms, even in the face of contrary instructions from the President or Attorney General. And, as stated earlier, the lasting character of the DOJ regulation creating FIRA could be guaranteed by the US Government in the EU/US agreement and be identified by the European Commission in its subsequent adequacy decision as a condition for maintaining this decision in force.

c) Impartiality

We are not aware of significant U.S. constitutional obstacles to ensuring impartiality in FIRA. DOJ appoints Administrative Law Judges (ALJ), such as for deciding immigration matters, and “[t]he ALJ position functions, and is classified, as a judge under the Administrative Procedure Act.” 

U.S. law concerning ALJ’s, including those located in DOJ, states that they are “independent impartial triers of fact in formal proceedings”.(3) In Nixon the Supreme Court reaffirmed the lawfulness of an independent adjudicatory function located within the DOJ.(4) A DOJ FIRA regulation could similarly offer guarantees in terms of the impartiality and expertise of members.

d) Relationship to the intelligence community 

Furthermore, the DOJ appears to be the executive agency best-suited to resolve the “Goldilocks” problem, mentioned above, by combining knowledge and understanding of the intelligence agencies with sufficient distance to judge their conduct independently. 

As noted, EU bodies questioned whether the Department of State, a diplomatic agency, was a “suitable department” for the redress role. The DOJ is more suitable in part because of its experience with the Watergate independent counsel and, for instance, with Immigration Judges as independent triers of fact. 

At the same time, a FIRA located within the DOJ would be well-placed to have knowledge about the intelligence community. The DOJ provides extensive oversight of intelligence activities through its National Security Division, including by issuing regular reports concerning classified activities of the Foreign Intelligence Surveillance Court. Other DOJ components, such as the Office of Privacy and Civil Liberties, also have access to classified information including Top Secret information about intelligence agency activities. In addition, an Executive Order could empower the DOJ to enlist other agencies, such as the Office of the Director of National Intelligence, to gain information from the intelligence community.

II. Creating Effective Powers for the Independent Redress Authority

A DOJ regulation creating an independent redress authority within that executive department must be accompanied by additional government-wide steps for effectively investigating redress requests and for issuing decisions that are binding on the entire intelligence community. The DOJ-issued regulation would define the interaction of FIRA with other parts of that Department.  For the overall mechanism to be effective in other parts of the U.S. government, however, the key legal instrument would be a separate Executive Order issued by the President. In issuing an EO, the President would act within the scope of his overall executive power to define legal limits, such as by requiring intelligence agencies to be bound by FIRA decisions. 

1. Identifying the problems of effectiveness concerning the previous Privacy Shield mechanism

To meet the EU requirement of effective remedial powers, the new redress system would need to have two types of effective powers that the Privacy Shield Ombudsperson lacked. 

a) Investigative Powers 

The WP29 wrote in 2016: 

“concerns remain regarding the powers of the Ombudsperson to exercise effective and continuous control. Based on the available information (…), the WP29 cannot come to the conclusion that the Ombudsperson will at all times have direct access to all information, files and IT systems required to make his own assessment” (p. 51).

In 2019, the European Data Protection Board (EDPB) likewise stated: 

“[T]he EDPB is not in a position to conclude that the Ombudsperson is vested with sufficient powers to access information and to remedy non-compliance, (…)” (§103). 

b) Decisional Powers 

In Schrems II, the CJEU stated:  

Similarly, (…) although recital 120 of the Privacy Shield Decision refers to a commitment from the US Government that the relevant component of the intelligence services is required to correct any violation of the applicable rules detected by the Privacy Shield Ombudsperson, there is nothing in that decision to indicate that that ombudsperson has the power to adopt decisions that are binding on those intelligence services and does not mention any legal safeguards that would accompany that political commitment on which data subjects could rely” (§196).

The EDPB similarly concluded in 2019:

“Based on the available information, the EDPB still doubts that the powers to remedy non-compliance vis-à-vis the intelligence authorities are sufficient, as the ‘power’ of the Ombudsperson seems to be limited to decide not to confirm compliance towards the petitioner. In the understanding of the EDPB, the (acting) Ombudsperson is not vested with powers, which courts or other similarly independent bodies would usually be granted to fulfil their role” (§102).

2. How a Presidential Executive Order Could Confer These Powers upon FIRA 

These passages describe key EU legal requirements for a new redress system. President Biden could satisfy them by issuance of an Executive Order (EO).  The American Bar Association has published a useful overview explaining that an EO  is a “signed, written, and published directive from the President of the United States that manages operations of the federal government.” EOs “have the force of law, much like regulations issued by federal agencies.”  Once in place, only “a sitting U.S. President may overturn an existing executive order by issuing another executive order to that effect.”

As a general matter, the President has broad authority under Article II of the Constitution to direct the executive branch. In addition, the Constitution names the President as Commander-in-Chief of the armed forces, conferring additional responsibilities and powers with respect to national security. The President’s powers in some instances may be limited by a properly enacted statute, but we are not aware of any such limits relevant to redress.

Not only does the President enjoy broad executive powers, but he or she also may decide to limit how he or she exercises such powers through an EO which, under the law, would govern until and unless withdrawn or revised. Thus, the President would appear to have considerable discretion to instruct the intelligence community, by means of an EO, to cooperate in investigations and to comply with binding rulings concerning redress.

As with the DOJ regulation, the U.S. Government could commit in the EU/US adequacy arrangement to maintain this EO in force. But how could the EU and the general public have confidence that the EO is actually being followed by intelligence agencies? First, FIRA will be able to assess whether this is the case, backed by an eventual provision in the Presidential EO fixing penalties for lack of compliance with its orders (similarly as legislation in European countries fixes penalties for failure to comply with the orders of equivalent redress bodies – for an example see art. L 833-3 of the French surveillance law). Furthermore, U.S. intelligence agencies are already subject to parliamentary oversight, including on classified matters, by the Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence. Oversight might also be performed by other governmental actors that have access to classified materials, such as an agency official called the Inspector General or the Civil Liberties and Privacy Office, or by the independent Privacy and Civil Liberties Oversight Board (whose new Director, Sharon Bradford Franklin, recently confirmed by the Senate, is known for her commitment to strong surveillance safeguards and oversight). Oversight may be performed at the Top Secret or other classification level, with unclassified summaries released to the public

III. Creating Judicial Review of the Decisions of the Independent Redress Authority

Finally, we turn to whether and how decisions of FIRA may be reviewed judicially. We first explain why judicial review in these circumstances may not be required under EU law.  Nonetheless, to minimize the risk of invalidation by the CJEU, we set forth possible paths for creating U.S. judicial review.

1. Reasons that judicial redress is not necessarily required 

There are at least four reasons to believe that EU law does not necessarily require judicial redress if FIRA is independent and capable of exercising the quasi-judicial functions described above by adopting decisions binding on intelligence agencies.

First, as explained in our earlier article, Article 13 of the European Convention on Human Rights (ECHR) may be the appropriate legal standard for the European Commission to use in deciding upon the “essential equivalence” of third countries for international data transfer purposes.  Article 13 only requires an independent “national authority,” thus a non-judicial body could suffice.

Second, the Advocate General in Schrems II seemed to give the impression that judicial review should only be required in a case where the redress body itself is not independent: 

“in accordance with the case-law, respect for the right guaranteed by Article 47 of the Charter thus assumes that a decision of an administrative authority that does not itself satisfy the condition of independence must be subject to subsequent control by a judicial body with jurisdiction to consider all the relevant issues. However, according to the indications provided in the ‘privacy shield’ decision, the decisions of the Ombudsperson are not the subject of independent judicial review.” (§340, emphasis added)

Since FIRA, unlike the Ombudsperson, will not only enjoy independence but also will exercise quasi-judicial functions by adopting decisions binding on intelligence agencies, separate judicial redress may not be required.

Third, this is exactly what seems to be happening in practice in EU Member States themselves. FRA noted in its 2017 comparative study on surveillance that, in most European countries, redress bodies are non-judicial bodies. It also observed that such non-judicial remedies appear better than judicial ones, because their procedural rules are less strict, proceedings are faster and cheaper, and non-judicial avenues generally offer greater expertise than judicial mechanisms. Furthermore, FRA found that “across the EU only in a few cases can decisions of non-judicial bodies be reviewed by a judge” (ibid., p.114 – and table pp.115-116). Requiring the U.S. to provide judicial redress would thus be more than what exists in many Member States.(5) 

Fourth, these observations are even more relevant when one focuses on international surveillance. In France, for instance, an individual may file complaints with the Supreme Administrative Court (Conseil d’Etat) on the basis of the domestic surveillance law of July 2015. There is no possibility to do so under the international surveillance law of November 2015, however, since that law gives only the CNCTR, an administrative authority, the power to initiate (under some conditions) proceedings in the Conseil d’Etat – but does not confer this right directly upon an individual.(6)

Of course, actual practice under Member States law does not necessarily mean that a third country’s similar practices meet the “essential equivalence” standard of EU fundamental rights law, since the relevant comparator seems to be European Law standards – not Member States’ practices which do not always necessarily meet these standards.(7) Nonetheless, demanding from the U.S. a much more elaborate process than what already exists for international surveillance in most EU Member States might be complicated, particularly if there is an effective independent administrative regime in the U.S. exercising quasi-judicial functions.

2. Ultimate judicial redress will however help ensure meeting CJEU requirements

Despite these indications that European law may not require judicial redress, we acknowledge that the position of the CJEU on this point remains ambiguous.  

As indicated in our first article, the CJEU in Schrems II expressly used the term “body,” giving the impression that an independent national administrative authority (in conformity with the requirements of Art. 13 ECHR) could be enough to fulfill the adjudicatory function. As we explained, this is how the EDPB seems to have read Schrems II in its 2020 European Essential Guarantees Recommendations. Long-time EU data protection official Christopher Docksey concurs as well. 

However, it is also true that the Schrems II judgment contains multiple references to judicial redress. It refers to “ the premiss [sic] that data subjects must have the possibility of bringing legal action before an independent and impartial court ” (§194); “the right to judicial protection” (ibid.); “data subject rights actionable in the courts against the US authorities” (§192); “the judicial protection of persons whose personal data is transferred to that third country” (§190); and “the existence of such a lacuna in judicial protection in respect of interferences with intelligence programmes” (§191). It is not clear whether these statements should also apply (following the Advocate General’s logic) to an independent redress body such as FIRA capable of exercising quasi-judicial functions, in contrast to the Ombudsperson examined by the CJEU. Nevertheless, the CJEU judgment might be read as requiring at least some form of ultimate judicial control of a redress authority’s decisions. This also appears to be the interpretation of a senior Commission official. 

In light of these statements, it would be prudent for the U.S. to provide for some form of ultimate judicial review of FIRA decisions, to increase the likelihood of passing the CJEU test in an eventual Schrems III case.  

3. A path to ultimate judicial review of FIRA decisions

As we explained in our first article, the U.S. constitutional doctrine of standing poses a major hurdle in creating a pathway to judicial redress. In the 2021 TransUnion case, the Supreme Court held that plaintiffs incorrectly identified by a credit reporting agency as being on a government terrorism watch list had not shown the required “injury in fact”. This lack of injury in fact, and thus lack of standing, existed even though the underlying statute appeared to confer the right to sue. While one might find this U.S. constitutional jurisprudence unduly restrictive, any new Privacy Shield agreement must take it into account.

There might be, however, another way to provide an individual with judicial redress. An unsatisfied individual could appeal to a federal court an administrative disposition of a redress petition on the grounds that FIRA has failed to follow the law. In such a case an individual would not be challenging the surveillance actions of intelligence agencies (for which injury in fact may be impossible to satisfy) as such; instead, the suit would allege the failure of an independent administrative body (FIRA) to take the actions required by law.  

As Propp and Swire have written previously, one useful precedent is the U.S. Freedom of Information Act (FOIA), under which any individual can request an agency to produce documents, without first having to demonstrate that he or she has suffered particular “injury in fact”. The agency is then required to conduct an effective investigation and to explain any decision not to supply the documents. After the agency responds, the individual may appeal the decision to federal court. The judge then examines the quality of the agency’s investigation to ensure compliance with law, and the judge can order changes in the event of mistakes by the agency.

Analogously, a European individual, unsatisfied by FIRA’s investigation and decision, could bring a challenge in court. Taking into consideration that FOIA concerns a distinct question,  the appeal against FIRA’s decisions would be based upon the umbrella U.S. Administrative Procedure Act (APA). The APA provides generally for judicial review of an agency action that is “arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law.” Since both a regulation and an Executive Order have the force of law, an APA-based appeal could examine whether the FIRA decision and its implementation was “in accordance with law.” Since the APA applies generally, it could operate in these circumstances without need for an additional federal statute. In addition, U.S. federal courts deciding APA-based appeals already have methods for handling classified national security information. For instance, they access classified information under the Classified Information Procedures Act (CIPA).

Including judicial review under the APA would be a good faith effort by the U.S. government to respond to ultimate EU law concerns. However, since the FIRA approach has not been judicially tested, some legal uncertainty concerning standing to bring the APA suit in federal court would remain. FOIA practice provides a good legal basis for meeting the standing requirement through challenging agency action itself, but TransUnion highlighted the level of privacy injuries which must be shown to enable a decision in federal court.  


In these two articles, we have sought to examine rigorously and fully the requirements of EU law with respect to redress. We also have examined U.S. constitutional law, explaining both the difficulties surrounding some solutions (for instance the problem of standing for judicial redress) and the opportunities created by some precedents (such as the protection offered to independent investigative bodies by decisions of the U.S. Supreme Court).

We are not aware of any other published proposal that wrestles in such detail with the complexity of EU and U.S. law requirements for foreign intelligence redress. We hope that our contribution helps fill this gap and presents a promising path permitting resolution of the “redress challenge” in the EU/US adequacy negotiations.

Much will depend on the details of construction and implementation for this protective mechanism. What our articles contribute is the identification of three fundamental building blocks on which a solid and long-lasting transatlantic adequacy agreement could stand. We have shown that there is a promising way to create, by non-statutory means, an independent redress authority and to provide the necessary investigative and decisional powers to respond to redress requests by European persons. We also suggest a way to successfully address the problem of standing and thereby to provide for an ultimate possibility of judicial control. Using these building blocks to create an effective redress mechanism could enable the U.S. and the EU not only to establish a solid transatlantic adequacy regime capable of resisting CJEU scrutiny but also to advance human rights more broadly.


(1) In 2020, as discussed here, the Supreme Court addressed the President’s removal power in the Siela Law LLC case, finding unconstitutional Congress’ establishment of independence for an agency head. At the same time, the Court reaffirmed that protections against removal can exist for “inferior officers” (roughly, officials appointed through a civil service process rather than by the President) and for multi-member bodies. Either or both of these categories may apply to FIRA members. In 2021, the Supreme Court, in U.S. v. Arthrex, struck down a system of independent Administrative Patent Judges. The approach in our article would be different since the President here issues an executive order, and thus the President serves as the “politically accountable officer” required by the Supreme Court in Arthrex.

(2) More specifically, there have been proposals for providing redress for surveillance conducted pursuant to Section 702 FISA, such as here and here. However, an additional “thorny issue is whether international surveillance, conducted by US intelligence agencies outside the territory of the US on the basis of Executive Order 12333 (EO 12333) should be (or not) part of the adequacy assessment.” Although arguments exist under EU law that redress for EO 12333 surveillance might be excluded from the assessment, this article proceeds on the understanding that the current negotiations will only succeed if EO 12333 surveillance is covered as well. We are not aware of any published proposal that would do so, and seek in this article to present such an approach. For example, the proposal here would apply to requests for redress concerning surveillance conducted under EO 12333, such as programs recently declassified by the U.S. government.

(3) It appears that terms such as “adjudication” and “court” may be understood somewhat differently in the U.S. compared with the EU, creating a risk of confusion in proposals concerning redress. Under U.S. law, many federal agencies, including the Federal Trade Commission and Department of Justice, routinely conduct what is called “adjudication.” Many federal agencies have Administrative Law Judges, defined by the U.S. government as “independent impartial triers of fact in formal proceedings.”  By contrast, in Europe, “courts” and “judges” generally exist outside of the Executive. Therefore, our discussion of FIRA avoids words such as “adjudication” that may be understood differently in different legal systems.

(4) In the 1954 case, Accardi v. Shaughnessy, the Attorney General by regulation had delegated certain of his discretionary powers to the Board of Immigration Appeals. The regulation required the Board to exercise its own discretion on appeals for deportation cases. As noted in U.S. v. Nixon, the Supreme Court in Accardi had held that, “so long as the Attorney General’s regulations remained operative, he denied himself the authority to exercise the discretion delegated to the Board even though the original authority was his and he could reassert it by amending the regulations.”

(5) For a recent description of the German system, see here by Daniel Felz.

(6) This finding was confirmed in a June 2018 decision by the Conseil d’Etat following a request introduced in this court by the Member of the European Parliament Sophie In ’t Veld (analysis here). The Court also rejected the possibility for the claimant to challenge indirectly an alleged misuse of power resulting from the failure of the chairman of the CNCTR to refer the matter to the Council of State. However, as stated by the CNCTR (here, at 46) this is one of the points appearing in the (no less than) 14 challenges currently pending at the ECHR against the French surveillance laws.

(7) See for instance this study by I. Brown and D. Korff arguing that “the EU institutions should stand up for the rule of law and demand the member states and third countries bring their practices in line with those standards”  (at 111).

(EUROPEAN LAW BLOG) EU/US Adequacy Negotiations and the Redress Challenge: Whether a New U.S. Statute is Necessary to Produce an “Essentially Equivalent” Solution (1)


Must the U.S. Congress change statutory law to solve the major issue of “redress” in the EU-US adequacy negotiations? This is a crucial question, especially since a series of political, pragmatic and even legal/constitutional difficulties mean that the U.S. might not be able to come up with a short-term statutory solution for redress. In this article we analyse this question for the first time in detail, and argue that, provided the U.S. is able to address the deficiencies highlighted by the Court of Justice of the European Union (CJEU) in its Schrems II judgment (independence of the redress body; ability to substantively review the requests; and authority to issue decisions that are binding on the intelligence agencies), then relying on a non-statutory solution could be compatible with the “essential equivalence” requirements of Article 45 of the EU’s General Data Protection Regulation (GDPR). In a second, forthcoming article, we set forth specific elements of a novel non-statutory solution and assess whether it would meet the substantive European legal requirements for redress.

The CJEU issued its Schrems II judgment in July, 2020, invalidating the EU/U.S. Privacy Shield and creating uncertainty about the use of Standard Contractual Clauses (SCCs) for transfers of personal data to all third countries (see analysis herehereherehere and here). In light of the legal uncertainty and the increasing tensions concerning transatlantic data transfers resulting from the intensification of enforcement actions by European data protection authorities (DPAs) since Schrems II (such as this and this), there is both strong reason to reach a new EU/U.S. agreement and also a stated willingness of both sides to do so.  The European Commission, understandably, has emphasized though that there is no “quick fix” and that any new agreement must meet the full requirements of EU law.

This article focuses on one of the two deficiencies highlighted by the CJEU: the need for the U.S. legal system to provide a redress avenue accessible to all EU data subjects. We do not address here the other deficiency– whether U.S. surveillance statues and procedures sufficiently incorporate principles of ‘necessity and proportionality’ also required under EU law.

We concentrate our inquiry, from both a U.S. and a European law perspective, on whether the U.S. Congress would necessarily have to enact a new statute in order to create an adequate redress mechanism. Part I of this article explains the pragmatic and political reasons why it would be difficult to adopt a new U.S. statute, and especially to do so quickly. Part II examines the U.S. constitutional requirements for “standing”, and explains the legal difficulties and uncertainty concerning proposals, such as the one advanced by the American Civil Liberties Union (ACLU), to provide redress through an individual action in U.S. federal courts. Part III then addresses European law concerning whether a statute is necessary, concluding that the substance of the protections of fundamental rights and respect of the essence of the right to an effective remedy are the key considerations, rather than the form by which an independent and effective redress mechanism would be created.

This article will be followed by a second article exploring whether a non-statutory solution for redress is capable of satisfying the strict substantive standards required by EU law.

I. Political Difficulties of an Immediate Statutory Approach to Redress

There are important advantages to enacting a new U.S. statute to provide redress:

  • There is greater democratic legitimacy if the legislature passes a statute.
  • A law can set limits on Executive discretion that only may be changed by a subsequent statute.
  • A law can fix in a stable, permanent and objective way the rules and procedures for the appointment of the members of the redress body, the duration of their mandate, and guarantees concerning their independence.

However, there are strong pragmatic and political reasons why it would be difficult to enact a new statute in the short term to create a new redress mechanism.

  • First, it is no secret that the U.S. Congress currently finds it difficult to pass legislation generally, with partisan battles and procedural obstacles slowing passage of even essential legislation. As Politico recently reported, “it is increasingly unlikely that Congress will pass any digital-focused bills before lawmakers shut down ahead of November’s midterms”.
  • Second, legislative reform of U.S. surveillance laws is a particularly complex and contentious issue. The national security community in the U.S. has little appetite for sweeping reforms, and even a strong push from the White House may not be sufficient to move such legislation through Congress. In Europe as well, substantial reform of surveillance laws requires a lot of time to seek the necessary political consensus (see for instance this).[i]
  • Third, the international dimensions of a redress reform make legislation even more difficult. If a new redress mechanism benefits only EU data subjects, then it is hard to explain to Congress why they should get greater rights than Americans. On the other hand, if redress rights were also to be conferred on U.S. data subjects, then a novel and complex set of institutional changes to the overall U.S. surveillance system would be needed.
  • Fourth, it would be difficult for U.S. legislators to vote for a statute without knowing in advance whether the CJEU will accept it as good enough.
  • Fifth, Congress historically has been reluctant to regulate in great detail how the President conducts foreign policy and protects national security. For instance, Congress has adopted detailed statutes (such as the Foreign Intelligence Surveillance Act, FISA)) concerning “compelled access”, e.g. how intelligence agencies can request data from service providers. By contrast, it has rarely enacted any statute that applies to “direct” surveillance conducted outside of the U.S. under the standards of Executive Order (EO) 12,333. Furthermore, specific actions under that Executive Order have never, so far as we know, been subject to review by federal judges.

For these reasons, we believe at a pragmatic level that it would be extremely difficult for Congress to promptly pass legislation to provide redress to EU persons. By contrast, if an adequate fix to the redress problem can be created at least in large part without new legislation, then it would be considerably easier for Congress subsequently to enact a targeted statute ratifying the new mechanism, perhaps adding other provisions to perfect an initial non-statutory approach. That sort of legislation is far easier to enact than writing a law in Congress from a blank page.

II. Constitutional Difficulties for a U.S. Statutory Approach to Redress: The Problem of Standing

These political and pragmatic reasons alone would justify U.S. government and European Commission negotiators seeking to address the redress deficiencies highlighted in Schrems II through a non-statutory solution. But, in addition, there is a constitutional dimension. The U.S. Constitution establishes a “standing” requirement as a prerequisite to a case being heard before judges in the federal court system. Any new U.S. redress mechanism must be consistent with the U.S. Constitution, just as it must meet EU fundamental rights requirements.

U.S. standing doctrine derives from Article III of the U.S. Constitution, which governs the federal court system. The federal judicial power extends only to “cases” and “controversies” – meaning that there has to be an “injury in fact” in order to have a case heard. A related doctrine is the ban on issuance of “advisory opinions” by federal judges, a position of the Supreme Court dating back to the first President, George Washington, and defined most clearly in Muskrat v. United States. In sum, a statute that creates a cause of action in the federal courts is unconstitutional unless it meets the requirements of standing and injury in fact, and does not violate the prohibition on advisory opinions.

The ACLU in 2020 called for a “standing fix” to enable suit in federal court “where a person takes objectively reasonable protective measures in response to a good-faith belief that she is subject to surveillance.” However, since the right to redress under European law also exists for individuals who did not take protective measures, the proposal seems too narrow to meet the CJEU requirements.

A second difficulty with the ACLU approach is that the Supreme Court made standing related to privacy injuries even more difficult to establish in its TransUnion LLC v. Ramirez decision in June, 2021. As discussed here, the majority in that case made it significantly more difficult for privacy plaintiffs henceforth to sue in federal court. The Court restated its 2016 Spokeo case that a plaintiff does not automatically satisfy “the injury-in-fact requirement whenever a statute grants a person a statutory right and purports to authorize that person to sue to vindicate that right.” More bluntly, the Court stated: “An injury in law is not an injury in fact”. [ii] The majority in TransUnion found “concrete harm” for some plaintiffs but not others. Even individuals whose credit histories were badly mistaken – stating they were on a government list as “potential terrorists” – did not enjoy a right of action created by statute. In sum, there would be substantial legal uncertainty surrounding a U.S. statute conferring upon EU data subjects the right to go straight to U.S. courts to get redress (for a similar conclusion see here).

The standing objection applies only to direct access to federal courts, and not to an independent non-judicial redress authority. However, Congress might be reluctant to intervene ex nihilo in a field such as “direct” foreign surveillance conducted under EO 12,333, which traditionally belongs to the Executive power under the U.S. Constitution. Congress might be more willing to act and endorse by statute an effective redress mechanism if, as a first step, the Executive branch itself had first created such an independent non-judicial redress authority within the Executive branch. In any case, such a statute does not appear to be a necessary precondition under U.S. law for creating a redress system

III. Is a Non-Statutory Approach to Redress Compatible with European Law?

Since the U.S. government might not be able to produce a short-term statutory solution for redress, the question then arises as to whether a non-statutory approach would be acceptable under EU law. In order for the European Commission to be able to issue an adequacy decision under Article 45 of the GDPR, the U.S. must ensure an “adequate” level of protection.

If the U.S. is able to address by non-statutory means the deficiencies highlighted by the CJEU in Schrems II (mentioned above), then such a solution could be compatible with the “essential equivalence” requirements of Article 45 of the GDPR. We defer for now the question of whether a non-statutory path would indeed be able to address these substantive issues, instead focusing only on whether a non-statutory approach in principle is compatible with European law.

A. The Starting Point: The Right to Effective Remedy Under European Human Rights Law

What we call “redress” in the context of transatlantic adequacy negotiations corresponds to the “right to effective remedy” under European law. Article 47(1) of the Charter of Fundamental Rights of the European Union (“Charter”) states that:

“Everyone whose rights and freedoms guaranteed by the law of the Union are violated has the right to an effective remedy before a tribunal in compliance with the conditions laid down in this Article.”

The official explanations of Article 47 make clear that this article is “based on Article 13 of the European Convention of Human Rights” (ECHR), according to which:

“Everyone whose rights and freedoms as set forth in this Convention are violated shall have an effective remedy before a national authority notwithstanding that the violation has been committed by persons acting in an official capacity.”

A comparison of the two articles reveals that in EU law the protection is more extensive than in ECHR law, since the former guarantees the right to an effective remedy before a “tribunal” while the latter only refers to a “national authority”. The term “tribunal” seems to refer to a judicial body, as the official explanation suggests. This is confirmed by reference to non-English language versions of Article 47(1), which translate the word “tribunal” as “court” (e.g.“Gericht” in German and “Gerecht” in Dutch). It is also evident that neither Article 47(1) of the Charter nor Article 13 of the ECHR require that a redress body be created by statute.

 However, Article 47 (2) of the Charter adds additional, complicating requirements.:

“Everyone is entitled to a fair and public hearing within a reasonable time by an independent and impartial tribunal previously established by law. Everyone shall have the possibility of being advised, defended and represented”.

As the official explanations point out, this second paragraph “corresponds to Article 6(1) of the ECHR”, which reads as follows:

“In the determination of his civil rights and obligations or of any criminal charge against him, everyone is entitled to a fair and public hearing within a reasonable time by an independent and impartial tribunal established by law. Judgment shall be pronounced publicly but the press and public may be excluded from all or part of the trial in the interests of morals, public order or national security in a democratic society, where the interests of juveniles or the protection of the private life of the parties so require, or to the extent strictly necessary in the opinion of the court in special circumstances where publicity would prejudice the interests of justice”.

Both Article 47(2) of the Charter and Article 6(1) of the ECHR thus require “an independent and impartial tribunal established by law”. Yet, what is the exact relationship between the provisions on “effective remedy” (Article 47(1) of the Charter and Article 13 of the ECHR), and those on “a fair and public hearing by independent and impartial tribunals established by law” (Article 47(2) of the Charter and Article 6(1) of the ECHR)?

A restrictive analysis would regard the two sets of articles as entirely interlinked, in which case redress bodies would always have to be “established by law”.

A second more flexible and plausible interpretation would maintain that this latter set of requirements constitutes lex specialis in relation to the former; in other words, the “right to effective remedy” (“redress”) is broader than the “right to a fair trial”. This interpretation finds support in the ECHR, which textually separates the two sets of rights and requirements (Articles 13 and 6(1)). It is also confirmed by the official guide to Article 13 which states that “Article 6 § 1 of the Convention is lex specialis in relation to Article 13” (here, at 41), and by the fact that Article 6(1) is limited in scope to civil rights and criminal charges. It therefore would be difficult to merge the obligation of states to put in place an “effective remedy” with the established by law” requirement, as this latter requirement only concerns the right to a fair trial before a “tribunal” under Article 6(1) – and not the broader right of redress before a “national authority” under Article 13. It seems then that, at least under the ECHR, a redress body need not always be a judicial body nor be “established by law”, provided that it satisfies the substantive requirements of the “right to effective remedy”. As we will see, the standards of the ECHR have always been particularly relevant for the European Data Protection Board (EDPB) in assessing the “essential equivalence” of “redress” mechanisms under Article 45 of the GDPR.

B. Flexibility Introduced by the “Essentially Equivalent” Standard of EU Data Protection Law

A flexible interpretation of the “effective remedy” requirement is also supported by the “essential equivalence” standard of the GDPR for third countries.

In Schrems I, the Court clearly acknowledged that “the means to which [a] third country has recourse, [… ] for the purpose of ensuring such a level of protection may differ from those employed within the European Union, [… ] those means must nevertheless prove, in practice, effective in order to ensure protection essentially equivalent to that guaranteed within the European Union” (§74 of the October 6, 2015 judgment, emphasis added).

The CJEU Advocate General emphasised in his 2019 Schrems II Opinion that the “essentially equivalent” standard “does not mean that the level of protection must be ‘identical’ to that required in the Union”. He explained that:

“It also follows from that judgment, in my view, that the law of the third State of destination may reflect its own scale of values according to which the respective weight of the various interests involved may diverge from that attributed to them in the EU legal order. Moreover, the protection of personal data that prevails within the European Union meets a particularly high standard by comparison with the level of protection in force in the rest of the world. The ‘essential equivalence’ test should therefore in my view be applied in such a way as to preserve a certain flexibility in order to take the various legal and cultural traditions into account” (§§ 248-249, emphasis added).

The EDPB previously had endorsed this flexible interpretation of the elements for adequacy. In its 2016 Opinion on Privacy Shield, for instance, the EDPB’s predecessor (WP29) emphasised that:

“the WP29 does not expect the Privacy Shield to be a mere and exhaustive copy of the EU legal framework […]. The Court has underlined that the term ‘adequate level of protection’, although not requiring the third country to ensure a level of protection identical to that guaranteed in the EU legal order, must be understood as requiring the third country in fact to ensure, by reason of its domestic law or its international commitments, a level of protection of fundamental rights and freedoms that is essentially equivalent to that guaranteed within the European Union [… ]” (p. 3).

It is precisely this flexible approach that allowed EU authorities to set aside the requirement that a redress body should be a “tribunal” – despite clear terms to the contrary in Article 47(1) of the Charter. As the EDPB noted in its Recommendations 02/2020 on the European Essential Guarantees for surveillance measures of November 10, 2020 (§47): “an effective judicial protection against such interferences can be ensured not only by a court, but also by a body which offers guarantees essentially equivalent to those required by Article 47 of the Charter” (emphasis added). The EDPB noted that the CJEU itself “expressly” used the word “body” in §197 of Schrems II. Indeed, in all its extant positions on U.S. redress mechanisms, the EDPB has recognised that the applicable standards equate with those in Article 13 of the ECHR, which “only obliges Members States to ensure that everyone whose rights and freedoms are violated shall have an effective remedy before a national authority, which does not necessarily need to be a judicial authority” (ibid, §46, emphasis added).

Therefore, provided that the U.S. redress mechanism meets the substantive requirements of Article 13 ECHR as cited in Schrems II and the EDPB opinions, a judicial body will not be necessarily required, and an “established by law” standard need not be applied in order to meet the “essential equivalence” test. As the astute European legal observer Chris Docksey concluded:

“This could be an opportunity for the CJEU to give meaning to the difference between essential equivalence and absolute equivalence mentioned above when deciding on the standard of individual redress to be applied in the specific case of international transfers. If the content of the right under Article 47 is ensured, then the form should not be an obstacle” (emphasis added).

C. Interpreting “Law” in a Substantive, Not Formal, Sense

European human rights law seems, in fact, to prioritise substance over form even in situations that go beyond an “essential equivalence” assessment. This can be shown by examining interpretations of the “in accordance with the law” requirement found in the ECHR, the Charter and several fundamental EU data protection sources of law, including the GDPR.

ECHR articles concerning human rights, including Article 8 (right to privacy), stipulate that some restrictions to these rights may be acceptable provided they are “in accordance with the law” and “necessary in a democratic society” in order to protect certain legitimate interests (such as national security, public safety, or the prevention of disorder or crime). Similarly, Article 52 of the Charter requires that: “Any limitation on the exercise of the rights and freedoms recognised by this Charter must be provided for by law (…)”.

Both the Convention and the Charter, however, interpret the term “law” in a flexible way. The ECtHR, for instance, has emphasised on multiple occasions that:

“[A]s regards the words “in accordance with the law” and “prescribed by law” which appear in Articles 8 to 11 of the Convention, the Court observes that it has always understood the term “law” in its “substantive” sense, not its “formal” one; it has included both “written law”, encompassing enactments of lower ranking statutes and regulatory measures (…), and unwritten law” (Sanoma Uitgevers B.V. v. the Netherlands, 2010, § 83, emphasis added). See also Sunday Times (No. 1) v. the United Kingdom, 1979, §47).

Similarly, in EU data protection law, both the Law Enforcement Data Protection Directive (LED) and the GDPR also understand the term “law” in its substantive sense. According to Recital 33 of the LED, for instance:

“Where this Directive refers to Member State law, a legal basis or a legislative measure, this does not necessarily require a legislative act adopted by a parliament, without prejudice to requirements pursuant to the constitutional order of the Member State concerned (…)” (emphasis added).

Further, Recital 41 of the GDPR provides:

“Where this Regulation refers to a legal basis or a legislative measure, this does not necessarily require a legislative act adopted by a parliament, without prejudice to requirements pursuant to the constitutional order of the Member State concerned. However, such a legal basis or legislative measure should be clear and precise and its application should be foreseeable to persons subject to it, in accordance with the case-law of the [CJEU] and the European Court of Human Rights” (emphasis added).

This flexible interpretation of the term “law” in the data protection context for assessing the incursion of state interests on fundamental rights is formally separate from the requirement in Article 47(2) of the Charter that a tribunal be “previously established by law”. However, this analytic flexibility is consistent with how EU bodies have interpreted the “essentially equivalent” standard, including in the context of the Privacy Shield. It therefore supports the conclusion that a U.S. decision to put in place an independent and effective redress mechanism for surveillance would satisfy the requirements of European law even if it does not involve the adoption of a statute. This conclusion is also supported by the European DPAs previous positions concerning the Privacy Shield Ombudsperson.

D. The CJEU and EU DPAs Did Not Object to Non-Statutory Redress

The fact that the Privacy Shield Ombudsperson was not created by statute did not seem to be a primary concern for either the CJEU or the EDPB in assessing whether this mechanism offers  “essentially equivalent” protection to European law.

In Schrems II the Court did not identify as a deficiency that the Ombudsperson mechanism was not created by statute. Rather, the problems detected were that there was “nothing in [the Privacy Shield Decision] to indicate that the dismissal or revocation of the appointment of the Ombudsperson is accompanied by any particular guarantees” and, also, that there was “nothing in that decision to indicate that the ombudsperson has the power to adopt decisions that are binding on those intelligence services (…)” (§§ 195-196). Thus, provided there is a way to fix these deficiencies by non-statutory means, the new redress solution could pass the “essential equivalence” test.

The EDPB also seems to support this argument. In its 2016 Opinion on Privacy Shield, the WP29 began by stating that:

“in addition to the question whether the Ombudsperson can be considered a ‘tribunal’, the application of Article 47 (2) Charter implies an additional challenge, since it provides that the tribunal has to be ‘established by law’. It is doubtful however whether a Memorandum which sets forth the workings of a new mechanism can be considered ‘law’” (p. 47).

The WP29 therefore seemed to link Articles 47(1) and 47(2). However, it did not appear to consider the legal form by which the Ombudsperson was created as an insuperable obstacle. It stated:

“As a consequence – with the principle of essential equivalency in mind – rather than assessing whether an Ombudsperson can formally be considered a tribunal established by law, the Working Party decided to elaborate further the nuances of the case law as regards the specific requirements necessary to consider ‘legal remedies’ and ‘legal redress’ compliant with the fundamental rights of Articles 7, 8 and 47 Charter and Article 8 (and 13) ECHR” (ibid., emphasis added).

The WP29 then went on to analyse the requirements of European law concerning the “right to effective remedy”, focusing primarily on the case law of the ECtHR, and concluded that the Ombudsperson did not meet these requirements, essentially for the same reasons mentioned by the CJEU in the Schrems II Judgment.

In their subsequent assessments of Privacy Shield, the WP29 and the EDPB arrived at the same conclusion. They did not consider that the means by which the Ombudsperson was created represented an obstacle to passing the “essentially equivalent” test. On the contrary, the EDPB “welcomed the establishment of an Ombudsperson mechanism as a new redress mechanism” (see for instance here, §99) and repeated that “having analysed the jurisprudence of the ECtHR in particular”, it “favored an approach which took into account the powers of the Ombudsperson” (see here, p.19).

Similarly, the European Data Protection Supervisor (EDPS) did not oppose the creation of the Ombudsperson on the grounds that it was done in a non-statutory way. On the contrary he argued that “in order to improve the redress mechanism proposed in the national security area, the role of the Ombudsperson should also be further developed, so that she is able to act independently not only from the intelligence community but also from any other  authority” (here, at 8, emphasis added). 


In sum, European law is flexible in interpreting whether the United States must adopt a new statute to meet redress requirements, especially when the question is viewed through the “essential equivalence” prism of data protection. Substance prevails over form. It remains true that a statutory approach would in abstracto be the easiest way for the United States to establish a permanent and independent redress body for effectively reviewing complaints and adopting decisions that bind intelligence services. However, when one takes into consideration the political, practical and constitutional difficulties confronting negotiators, it makes sense to achieve the same results in a different way.

In a second article, to be published shortly, we will detail specific elements of a non-statutory solution and assess whether it would meet the substantive European requirements on redress.

[i] As this report shows even in a country like Germany, particularly sensitive to intelligence law questions, its major Signals Intelligence (SIGINT) reform did not provide any judicial redress options for non-Germans: “There is no legally defined path for foreign individuals, such as journalists abroad, who want to find out if their communications have been collected in SIGINT operations and, if so, to verify whether the collection and processing of their data was lawful. What is more, the legislators opted to explicitly waive notification rights for foreigners regarding the bulk collection of their personal data.” (p. 63)

[ii] The European Court of Human Rights has developed jurisprudence that is more flexible than U.S. standing law in terms of who may bring a suit. European human rights law accepts since Klass and Others v. Germany case (1978) that an individual may, under certain conditions, claim to be the victim of a violation occasioned by the mere existence of legislation permitting secret measures of surveillance, without having to allege that such measures were in fact applied to him or that that he has been subject to a concrete measure of surveillance (the famous theory of “potential victim” of a human rights violation, see here, paras 34-38 and here, p. 15 for an updated analysis). Notwithstanding this greater flexibility in European law, we reiterate that the limits on U.S. standing are a matter of U.S. constitutional law, which cannot be overruled by a statute enacted by Congress.

(European Parliament Study) Ensuring the rights of EU citizens against politically motivated Red Notices

Possibilities under EU law to establish a platform for the exchange of information between the EU and the Member States to address the problem of abusive or politically motivated Interpol notices against EU citizens



This paper, commissioned by the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs at the request of the Committee on Civil Liberties, Justice and Home Affairs, analyses Interpol’s system of Red Notices and the EU-based mechanisms to safeguard citizens against political abuse of Interpol’s system. Recent reforms of Interpol are significant but many problems remain unaddressed. The paper discusses existing and possible platforms, including the European Search Portal, as ways to ensure a more effective enforcement of EU-based legal limits and fundamental rights on a European level.

AUTHOR Rasmus H. Wandall, PhD, Research fellow, University of Lund. Manuscript completed in February 2022 © European Union, 2022



In 2014, the European Parliament issued a resolution with recommendations on the matter (2013/2109(INL)) and since then, it has followed up with debates and further questions, most recently in 2021 concerning the candidacy for the Presidency of Interpol. In 2019, the DROI Committee of the European Parliament published a commissioned study on the misuse of Interpol Red Notices, putting forward a number of recommendations for Interpol reform. Also in 2019, the LIBE Committee and subsequently the European Parliament passed a resolution responding to the Russian Federation’s targeting of Lithuanian judges, prosecutors and investigators, and calling on EU Member States and Interpol to desist from assisting in the targeting (2019/2938(RSP)).

The Parliamentary Assembly of the Council of Europe issued a resolution in 2017 (2161/ 2017) and again in 2019 (2315/2019) both with recommendations for Interpol reform and with recommendations for its Member States. Numerous articles and civil society organisations continue to document abuse and express concern over the exploitation of Interpol and the further need for reform. The leadership of Interpol and the composition of it have attracted considerable attention in this regard.

On the European level, the Court of Justice of the European Union has in recent case-law addressed Member States’ obligations under EU law to limit the use of arrest warrants and extraditions to third countries – also in regard to Red Notices. On this basis, the study analyses recent reform efforts of Interpol with a view to politically motivated Red Notice requests and the possibilities under EU law to establish a platform for the exchange of information between the EU and the Member States to address this problem for EU citizens.


The aim of the study is to 1) describe Interpol, its organisational setup, its financial foundation, and the practice of the notice system, 2) discuss the recent reforms of Interpol, 3) give an overview of the recent case-law development of the Court of Justice of the European Union, and identify what information is necessary to share for Member States to ensure EU citizens against politically motivated Red Notices, and 4) discuss possible platforms on which EU Member States and the EU may exchange information to address the problem. Finally, the aim is to 5) give recommendations for possible action.

Key findings : The Interpol Organisation

A Red Notice is a request to have a person arrested. It is issued through Interpol’s global notice system. Interpol is governed by its General Assembly made up by its 194 members. The President and the Executive Committee Members are elected. A General Secretariat manages the daily operations. Financially, the largest donors to the Interpol are the European Union, the Interpol Foundation for a Safer World (fully funded by the United Arab Emirates), the United States of America, Canada, and Norway.

The General Secretariat coordinates and manages all Interpol’s activities. National Central Bureaus in member countries operate within domestic authorities and carry out part of Interpol’s work. The National Central Bureaus are managed by staff of the domestic authorities.

Red Notice requests are communicated by the National Central Bureau to the General Secretariat with a view to circulation worldwide. A task force in the General Secretariat reviews the requests prior to circulation. If approved, the notice is circulated and possibly publicised. Diffusion orders to arrest are not formal notices and are sent directly to other members of Interpol.

In 2020, Interpol issued 11,094 Red Notices and had more than 66,000 Red Notices in circulation. There has been a significant increase in numbers of Red Notices and Diffusion Orders since 2010.

Within the General Secretariat, a Secretary granted independence is appointed to support the Interpol Commission of the Control of Files. The commission handles individual complaints and performs both a supervisory and advisory role.

Interpol Rules governing the system of notices

Interpol activities, including the processing of Red Notices, must respect Interpol rules and must be consistent with the laws of the jurisdictions engaged by the acts in question.

Interpol is obliged not to assist or aid members that act in violation of international human rights law, and to respect the principle of neutrality stipulated in art. 3 in its Constitution.

The rule forbids the organisation to undertake any intervention or activity of a political, military, religious or racial character. Furthermore, a Red Notice must concern a serious ordinary-law crime and must pass a specific penalty threshold for the notice to be considered.

The National Central Bureaus and subsequently the General Secretariat’s task force review requests to ensure that all thresholds and rules are respected.

Interpol rules on data protection apply alongside overlapping regional and national data protection rules. In the area of the European Union, the Law Enforcement Directive, EU Fundamental Rights laws, and the case law of the Court of Justice of the European Union apply equally in every Member State. Since 2015, Interpol appointed a Data Protection Officer overseeing and developing data protection practice and organisation of Interpol. Each National Central Bureau equally appoints data protection officers.

Recent reforms of the Interpol Red Notice system

Politically motivated Red Notices allow governments to persecute political and other opponents abroad with significant consequences for those affected.

Despite the rights-based limitation of Interpol’s mandate to communicate Red Notices, the risk of politically motivated Red Notices is real. Moreover, observing that democracies are under pressure and that many countries have developed in an authoritarian direction, there is a strong argument that the risk has increased.

Interpol has carried out significant reforms since 2013. The review of Red Notice requests has been strengthened and a complaint mechanism under the Commission of the Control of Files has been enforced. Interpol has assigned a Data Protection Officer and implemented learning and knowledge sharing programmes to support the legal frameworks and good practices of all parts of the Interpol organisation.

Regardless, a number of legal tools continue to be lacking and there is a substandard transparency in the processing of Red Notices. Furthermore, more fundamental problems remain.

First, considering the increasing number of notices in circulation and considering the current setup, proper legal safeguards cannot be expected to be sufficiently enforced in the near future. Second, decentralised National Central Bureaus under the authority of domestic authorities represent a structural problem that is not sufficiently addressed through Interpol’s knowledge management organisation.

Third, the use of national databases to store and update Red Notices means that Interpol updates are ineffective on a global scale and leave inaccurate notice information in circulation on a significant level.

An EU-based platform for exchanging information

The Court of Justice of the EU has developed rights-based boundaries of its Member States’ use of arrest warrants – both in regard to extradition to Member States and to third countries.

The Council of the EU has subsequently affirmed initiatives to enforce these boundaries. Member States must consider fundamental rights as grounds for refusing arrest warrants and extraditions. Verifying that there is a real risk, the executing authority must find that the person in question is subjected to such real risk considering the specific circumstances of the case. If affirmative, a decision to extradite must be deferred. If the risk cannot be discounted, the authority must reach a decision itself or terminate the proceedings. In making this risk evaluation, information that is “objective, reliable, specific and properly updated” must be relied upon.

In its judgment in C-505/19, the Court extended the restrictions to the Member States’ use of Interpol Red Notices. In a case concerning a ne bis in idem violation and violation of the freedom of movement, the Court of Justice of the EU held that a) the mere possibility of a violation of the ne bis in idem principle is not enough to bar a preliminary arrest of the person in question. Only if it has been established “in a final judicial decision taken in a Contracting State or in a Member State” arrest and extradition are prohibited. The Court also held that it is not unlawful to process data in a Red Notice if the ne bis in idem principle may apply. If, however, it is established that the principle does apply and there are no grounds for a criminal process against the person, there is no longer basis for data processing and the person can legitimately require the Member State to erase the data on the Red Notice.

On all accounts, the Member State must effectively communicate the limitation in a note, thus making sure that the individual is not subjected to future arrests on the same grounds elsewhere.

Both within and outside the European Union, digital and professional network-based platforms are applied to facilitate the exchange of information across borders. Technically, European Union institutions have established digital software platforms to facilitate effective exchange of general and case specific information in the area of justice and security. Schengen Information System II, eEDeS (E-Evidence Digital Exchange System) , and e-Justice are important examples. The European Search Portal that provides a single point of entry to searching in several relevant databases simultaneously provides a strong case for a future platform.

Legally, all Member States may exchange information in their own capacities and can process personal data in Red Notices within the legal framework of the Law Enforcement Directive. To some extent the European Search Portal already provides legal and institutional mandate to some necessary data. However, several specific data needs further legal mandate and institutional framework for EU-institutions and EU Member States to share them.

Furthermore, effective exchange of information in the field of justice and security continue to require support from professional human-based networks. In the European area, the European Judicial Network is sigificant, establishing contact points in each Member State and integrating EU-based digital platforms.

Key recommendations

With regard to modelling an effective review and redress mechanism in Interpol for the future:

The European Parliament should call on the EU Commission to include the production of a forecast analysis and modelling that account for high volume cases and decentralised review & update process in the negotiations with Interpol as an area of collaboration.

With regard to procedural and substantive improvements (in prioritised order):

(1) the European Parliament could call on the EU Commission to include in the legal tools currently under development to support the European Arrest Warrant system, the processing of Red Notice requests. This should include step-by-step guidelines for all EU Member States on how to handle Red Notice requests (deciding on, communicating, updating, erasing, inserting notes).

(2) the European Parliament could call on the EU Commission to include in the negotiations with Interpol an item to have Interpol produce, update and make available procedural and substantive tools on the legal handling – including rights-based boundaries – of Red Notices, ensuring consistent and transparent processing of requests, reviews, challenges, corrections and deletions.

(3) the European Parliament could call on the EU Commission to include in the negotiations with Interpol an item to have Interpol produce yearly statistical data on processing of requests for Red Notices with data on country of request, criminal offence category, review outcome, reasons for denial, and the use of available sanctions against member countries. If this is not achieved, the European Parliament could call on the EU Commission to ensure that statistical data on EU Member States’ handling of requests for Red Notice arrests is developed for all Member States.

(4) based on the statistical data, the European Parliament could call on the EU Commission to include in the negotiations with Interpol an item to have Interpol develop public risk profiles of Red Notice requesting countries. This is necessary to evaluate the risk of abuse associated with the requesting countries and to evaluate the effectiveness of the enforcement mechanisms of Interpol.

(5) the European Parliament could call on the EU Commission to include a mechanism for EU to formulate and monitor the agenda of reform initiatives with regard to Red Notices, in the current negotiations for a collaboration agreement with Interpol.

Recommendations with regard to institutional support of platforms for exchange of necessary information:

Both digital platforms and professional human-based networks to facilitate the information exchange already exist. The most important actions are to support and further develop the proper functioning and synergies of these platforms. The European Search Portal provides an optimal starting point.

 (1)      the European Parliament could call on the EU Commission to further develop the legal and institutional framework of the European Search Portal to include a database on final judicial decisions related to existing Red Notices and prior decisions on arrest and extraditions related to an existing Red Notice, as well as a repository with relevant and updated human rights information on requesting countries.

(2) the European Parliament could call on the EU Commission to take the necessary steps to develop and administrate databases on final judicial decisions related to existing Red Notices, and prior decisions on arrest and extraditions related to an existing Red Notice, as well as a repository with relevant and updated human rights information on requesting countries.

(3) to support access and exchange of data, the European Parliament could call on the EU Commission to involve the European Judicial Network in the design of best practices when connecting to other authorities in Member States and when exchanging information concerning Red Notice warrants.

(4) the European Parliament could call on the EU Commission to establish an office to support the update of relevant data, the administration of the databases, and to coordinate the update and prepare procedural and legal guidelines to ensure fundamental rights of citizens going forward.


Worth Reading :”Understanding EU data protection policy “

European Parliament Research Service (EPRS) : Policy Briefing

Summary : The datafication of everyday life and data scandals have made the protection of personal information an increasingly important social, legal and political matter for the EU. In recent years, awareness of data rights and expectations for EU action in this area have both grown considerably. The right to privacy and the right to protection of personal data are both enshrined in the Charter of Fundamental Rights of the EU and in the EU Treaties. The entry into force of the Lisbon Treaty in 2009 gave the Charter the same legal value as the Treaties and abolished the pillar structure, providing a stronger basis for a more effective and comprehensive EU data protection regime.

In 2012, the European Commission launched an ambitious reform to modernise the EU data protection framework. In 2016, the co-legislators adopted the EU’s most prominent data protection legislation – the General Data Protection Regulation (GDPR) – and the Law Enforcement Directive. The framework overhaul also included adopting an updated Regulation on Data Protection in the EU institutions and reforming the e-Privacy Directive, which is currently the subject of negotiation between the co-legislators. The European Parliament has played a key role in these reforms, both as co-legislator and author of own-initiative reports and resolutions seeking to guarantee a high level of data protection for EU citizens. The European Court of Justice plays a crucial role in developing the EU data protection framework through case law. In the coming years, challenges in the area of data protection will include balancing compliance and data needs of emerging technologies, equipping data protection authorities with sufficient resources to fulfil their tasks, mitigating compliance burdens for small and medium-sized enterprises, taming digital surveillance and further clarifying requirements of valid consent. (This is an updated edition of a briefing written by Sofija Voronova in May 2020.)


VERFASSUNGSBLOG : A cautious green light for technology-driven mass surveillance

The Advocate General’s Opinion on the PNR Directive

by Christian Thönnes

Yesterday, on 27 January 2022, Advocate General (AG) Pitruzzella published his Opinion (“OP”) in the Court of Justice of the European Union’s (CJEU) preliminary ruling procedure C-817/19. The questions in this case pertain to Directive (EU) 2016/681 of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime (in short: PNR Directive) and its compatibility with EU primary law.

In his Opinion (which, besides the Press Release (“PR”), was only available in French at the time of writing), the AG, while criticizing the PNR Directive’s overbroad data retention period and its lack of clarity and precision in certain points, generally considers the PNR Directive to be “compatible with the fundamental rights to respect for private life and to the protection of personal data” (PR). His arguments are not convincing.

Certainly, much more can and will be written about this case in general and the Opinion in particular. This entry can only shine a light on some of the AG’s major arguments. In so doing, it shall point out why, in my opinion, the CJEU would do well not to follow the AG’s recommendations. Instead, I believe the PNR Directive is incompatible with Articles 7 and 8 of the EU Charter of Fundamental Rights (CFR). Consequently, it ought to be invalidated.

What the AG has to say about the PNR Directive

The PNR Directive obliges EU Member States to require air carriers to transmit a set of data for each passenger to national security authorities, where they are subjected to automated processing against pre-existing databases (Art. 6 § 3 letter a) and “pre-determined criteria” (Art. 6 § 3 letter b), which contain (allegedly) suspicious flight behaviors (such as a mismatch between luggage and length of stay and destination, see the Commission’s Evaluation Report, point 5.1, in order to identify potential perpetrators of serious crimes or acts of terrorism (a more detailed description of the Directive’s workings can be found in paras 9-18 of the AG’s Opinion or here).

The AG points to certain (limited) problems with the Directive’s wording. Firstly, he contends that point 12 of Annex I, enabling “General Remarks” to be included in PNR data sets, fail to “satisfy the conditions of clarity and precision laid down by the Charter” (PR, also para 150 OP). He also considers the Directive’s five-year-retention period for PNR data excessive and proposes that this period be limited to cases where “a connection is established, on the basis of objective criteria, between those data and the fight against terrorism or serious crime” (PR, also para 245 OP). In addition, he provides clarifying criteria for the relevancy of databases under Art. 6 § 3 letter a (para 219 OP), regarding the applicability of the GDPR (para 53 OP) as well as collisions with the Schengen Borders Code (para 283 OP). He also demands that, due to their lack of transparency, (at least some) “machine-learning artificial intelligence systems” (PR), should not be used for pre-determined criteria (para 228 OP).

The most resounding message of his Opinion, however, is that the PNR Directive’s mass retention and processing regime is “relevant, adequate and not excessive in relation to the objectives pursued” (PR) and thus compatible with Articles 7 and 8 CFR. He therefore recommends to let it stand, albeit with some interpretative limitations (para 254 OP).

Incompatibility with Digital Rights Ireland and its successors

The AG’s reasoning in support of the PNR Directive’s proportionality relies on his central finding that “the Court’s case-law on data retention and access in the electronic communications sector is not transposable to the system laid down by the PNR Directive” (PR). He is referring to decisions like Digital Rights IrelandTele2 Sverige and Quadrature du Net, in which the CJEU had laid down strict limits on governments’ power to collect and process telecommunications data. Notably, it posited that “the fight against serious crime […] and terrorism […] cannot in itself justify that national legislation providing for the general and indiscriminate retention of all traffic and location data should be considered to be necessary for the purposes of that fight” (Tele2 Sverige, para 103; also Digital Rights Ireland, para 51). Instead, the CJEU required that in order to be considered “limited to what is strictly necessary […] the retention of data must continue nonetheless to meet objective criteria, that establish a connection between the data to be retained and the objective pursued” (Tele2 Sverige, para 110).

Evidently, the PNR Directive would clash with these criteria – were they found to be applicable. The collection and automated processing of PNR data is completely indiscriminate. Given Member States’ universal extension to EU domestic flights, it affects all European flight passengers, regardless of their personal histories and independently of a potential increased domestic threat situation (this is proposed as a possible criterion in Quadrature du Net, para 168). The use of pre-determined criteria is not, like the comparison against existing databases, aimed at recognizing known suspects, but at conjuring up new suspicions (see EU Commission PNR Directive Proposal, SEC(2011) 132, p. 12). Also, taking a flight is a perfectly ordinary form of human behavior. There is no empirically demonstrated connection to the perpetration of serious crimes or acts of terrorism (in para 203, the AG presupposes such a “lien objectif” without providing any evidence exceeding anecdotal intuitions about terrorism and human trafficking) and the PNR Directive, given its broad catalogue of targeted crimes, is not limited to dangers caused by air traffic. What behavior will be targeted next? Visiting the museum? Going to a rock concert? Belgium, for example, has already expanded the PNR Directive’s scope to international trains, busses and ferries (Doc. parl., Chambre, 20152016, DOC 54-2069/001, p.7).

Good reasons for applicability

It thus is quite clear: Should Digital Rights Ireland and its successors apply, the PNR Directive is in trouble. Now, why wouldn’t their criteria be transposable? The AG’s arguments mainly turn on a perceived difference in sensitivity of PNR data, compared to telecommunications meta-data. The latter, the AG explains, contain intimate information of users’ private lives (para 195, 196), and almost uncontrollable in their scope and processing because everyone uses telecommunication (paras 196, 198). Moreover, because they are used for communication, telecommunications data, unlike PNR data, have an intrinsic connection to fundamental democratic freedoms (para 197). PNR data, on the other hand, he opines, are limited to a delineated life domain and narrower target groups because fewer people use planes than telecommunication (paras 196, 198).

Under closer examination, this comparison falls apart. Firstly, PNR data contain very sensitive information, too. As the CJEU has pointed out in his Opinion 1/15 regarding the once-envisaged EU-Canada PNR Agreement, “taken as a whole, the data may, inter alia, reveal a complete travel itinerary, travel habits, relationships existing between air passengers and the financial situation of air passengers, their dietary habits or state of health” (para 128). Unlike the AG (see para 195 in his Opinion), I can find no remarks in Opinion 1/15 that would relegate PNR data to a diminished place compared to telecommunications data. But secondly, and more importantly, the AG fails to consider other factors weighing on the severity of the PNR Directive’s data processing when compared against the processing of Directive 2006/24/EC and its siblings: The method and breadth of processing and the locus of storage.

Only a small minority of telecommunication datasets, upon government requests in specific cases (see Articles 4 and 8 of Directive 2006/24/EC), underwent closer scrutiny, while the vast majority remained untouched. Under the PNR Directive, however, all passengers, without exception, are subjected to automated processing. In so doing, the comparison against pre-determined criteria, as the AG points out himself (para 228 OP), can be seen as inviting Member States to use self-learning algorithms to establish suspicious movement patterns. Other EU law statutes like Art. 22 GDPR or Art. 11 of Directive 2016/618, as well as comparable decisions by national constitutional courts (BVerfG, Beschluss des Ersten Senats vom 10. November 2020 – 1 BvR 3214/15 -, para 109) are inspired by an understanding that such automated processing methods greatly increase the severity of respective interferences with fundamental rights. Moreover, while telecommunications data were stored on telecommunication service providers’ servers (to whom users had entrusted these data), PNR data are all transferred from air carriers to government entities and then stored there.

Hence, there are good reasons to assume that the data processing at hand causes even more severe interferences with Articles 7 and 8 CFR than Directive 2006/24/EC did. It thus follows, that the case law of Digital Rights Ireland should apply a fortiori.

An inaccurate conception of automated algorithmic profiling and base rate fallacy

There are other problems with the AG’s reasoning; completely untangling all of them would exceed this space. Broadly speaking, however, the AG seems to underestimate the intrinsic pitfalls of unleashing predictive self-learning algorithms on datapools like these. The AG claims that the PNR Directive contains sufficient safeguards against false-positives and discriminatory results (para 176 OP).

Firstly, it is unclear what these safeguards are supposed to be. The Directive does not enunciate clear standards for human review. Secondly, even if there were more specific safeguards, it is hard to see how they could remedy the Directive’s central inefficiency. That inefficiency does not reside in the text, it’s in the math – and it’s called ‘base rate fallacy’. The Directive forces law enforcement to look for the needle in a haystack. Even if their algorithms were extremely accurate, false-positives would most likely exceed true-positives. Statistics provided by Member States showing extremely high false-positive rates support this observation. The Opinion barely even discusses false-positives as a problem (only in an aside in para 226 OP). Also, it is unclear how the antidiscrimination principle of Art. 6 § 4 is supposed to work. While the algorithms in question may be programmed in way to not process explicit data points on race, religion, health etc., indirect discrimination is a well-established problem of antidiscrimination law. Both humans and algorithms may just use the next-best proxy trait. (see for example Tischbirek, Artificial Intelligence and Discrimination).

Now, the AG attempts to circumvent these problems by reading the PNR Directive in a way that prohibits the use of self-learning algorithms (para 228 OP). But that interpretation, which is vaguely based on some “système de garanties“ (para 228 OP), is both implausible – it lacks textual support and the pile of PNR data is amassed precisely to create a use case for AI at EU borders – and insufficient to alleviate this surveillance tool’s inherent statistical inefficiency.

This cursory analysis sheds light on some of the AG’s Opinion’s shortcomings. It thus follows that the CJEU should deviate from Pitruzzella’s recommendations. The PNR Directive, due to the severity of its effects and its inherent inefficiency in fulfilling its stated purpose, produces disproportionate interferences with Articles 7 and 8 CFR. It ought to be invalidated.

Between 2017 and 2021, the author worked for the German NGO “Gesellschaft für Freiheitsrechte”, among other things, on a similar case (C-148/20 to C-150/20) directed against the PNR Directive.





  • The past 15 years have not been kind to two great icons of European integration: the common currency with its accompanying passport-free Schengen area and area of freedom, security and justice (AFSJ).
  • Much like the eurozone between 2008 and 2015, the EU’s area of freedom, security and justice has gone through a series of shocks over the past seven years, whether they relate to migration, asylum policies, security concerns or the rule of law. But, unlike the EU’s single currency area, there have been limited efforts to fix the AFSJ’s multiple shortcomings.
  • To date, the EU has dealt with each crisis separately. This was reasonable while each problem was manageable on its own and had little or no spill-over to other parts of the EU project. But this is no longer a sustainable strategy. All the AFSJ crises are related and they all need fixing quickly. The EU should find inspiration in how it dealt with the twin financial and eurozone crises.
  • So far, Schengen and the AFSJ have weathered a migration crisis, several terrorist attacks, and a pandemic because EU countries have mostly been happy to co-operate with each other and trusted each other’s systems.
  • But it is becoming clear that countries have very different ideas about who should be allowed in and how; what an independent judiciary is; and what should be the relationship between EU law and national constitutions.
  • The EU does not need to come up with flashy new plans to reform Schengen every two or three years. Instead, EU leaders should focus on the underlying problem: the waning trust between member-states and the impact that this lack of trust on co-operation.
  • The most important consequence of the bloc’s gradual loss of mutual trust may be the gradual exclusion of some EU countries from the Union’s common legal space. That space includes not only police and judicial co-operation, but also the single market.
  • The EU will not solve its trust problem through new laws or court rulings, because the problem stems from political, rather than legal, differences. Instead, the EU should focus on rethinking the way the AFSJ works and clarifying the compromises it involves. One way forward could be to draw inspiration from the European Semester and the EU’s post-pandemic recovery fund.
  • The EU should come up with a ‘European Justice Semester’, which would help to rebuild trust in three ways. First, it would establish a permanent and clearer link between policies related to Schengen, like the free movement of people, and policies related to the wider area of AFSJ like the independence of the judiciary. Second, it would make it harder for countries to backslide. And third, it would allow the EU to anticipate, prepare and deal with issues of mutual trust faster and better.
  • The European Council could hold a special summit on the future of Schengen and the AFSJ. The result could be a baseline plan which includes a monitoring mechanism based on the eurozone’s European Semester and the post-pandemic recovery fund.
  • Such plan would include a set of pre-agreed standards that all member-states should abide by. These standards should be drawn up by the Council of Ministers and the European Commission, approved by the European Parliament and endorsed by the European Council.
  • The Commission could use these standards to monitor trends, for example of judicial reforms, and issue clear guidelines. Member-states would need to present national plans roughly every two years explaining how they would comply with those guidelines.
  • National AFSJ plans should be approved by the Council of Ministers. The Commission would then review those plans and come up with country recommendations, which should be approved by the Council of Ministers. Member-states should commit to follow those recommendations.
  • EU governments and the European Commission could set up dedicated teams to ensure regular communication between Brussels and EU capitals; and an early warning mechanism to spot problems before they become unmanageable, similar to the six-month review devised for the disbursement of the recovery fund.
  • EU member-states should agree on a warning procedure that would apply to countries which have been found to repeatedly deviate from the standards. Such a procedure could end with a suspension of EU funds or with a temporary ‘freezing’ of the recalcitrant country’s participation in certain EU laws, like the European Arrest Warrant.
  • To work, a European Justice Semester cannot be a purely procedural plan, driven solely by the EU institutions. Such a plan would need the highest-level political backing and broad public support every step of the way. A European Justice Semester should focus on performance, solidarity and accountability.


During the first decade of the 21st century, the prospects for European integration looked bright. This was particularly true for two of the icons of integration: the common currency, and the passport-free Schengen area. The 2010s were not kind to either; so far, the 2020s have not been kind to anything at all. As a result of the COVID-19 pandemic, countries have put borders back up. The politics of migration remain toxic and EU countries have not been able to agree on common policies. Despite a number of shocking terrorist attacks, the likelihood of falling victim to terrorism in Europe is extremely small. Even so, terrorism and crime are amongst the top ten concerns of European citizens, according to the European Commission, and feature regularly in electoral campaigns across the EU.1 Meanwhile, the EU’s reliance on a common legal space, in which shared rules are interpreted predictably by independent courts, has been challenged by assaults on the independence of the judiciary in several member-states. Furthermore, the Union’s post-pandemic recovery fund may be susceptible to corruption and, if the money is misspent, anti-EU forces will profit.

Much like the eurozone between 2008 and 2015, the EU’s area of freedom, security and justice has gone through a series of shocks over the past seven years, whether they relate to migration, asylum policies, security concerns or the rule of law. But, unlike the EU’s single currency area, there have been limited efforts to fix the AFSJ’s multiple shortcomings. Instead, both EU governments and the EU institutions have chosen to follow a piecemeal strategy, treating each blow to the Union’s AFSJ as an isolated incident. This has made sense until now, as it is an easier sell to voters to separate migration issues from, say, the rule of law. But it is not a sustainable strategy anymore. 

EU leaders can no longer pretend that the EU’s common borderless legal area is doing well.

All of the AFSJ’s crises are related. The reason why EU countries have close police and judicial co-operation links and, at least on paper, a common set of rules governing asylum and migration, is that they need to reduce the risks that would otherwise arise in a Union without internal border checks. Schengen and the AFSJ form the bloc’s common borderless legal area. A shock to Schengen has an immediate ripple effect on the AFSJ. 

EU leaders and the EU institutions can no longer pretend that the EU’s common borderless legal area is doing well. The EU needs a new plan to make it more resilient. This plan must include regular performance checks and a set of rights and obligations that finally simplifies the link between Schengen and the AFSJ. Such a plan would need a serious commitment from both EU governments and the Brussels institutions, but would not require changing the treaties. 

This policy brief looks back at the AFSJ’s difficult decade. It argues that the EU needs to clarify the relationship between Schengen and the bloc’s common legal space, and draws lessons from the eurozone crisis, calling for the EU to set up a ‘European Justice Semester’ to protect the AFSJ. 

This is the last paper of a series on the future of EU justice and home affairs. It examines some ideas that have been discussed at meetings of the Amato group, a reflection group of experts on justice and home affairs policies, run by the Centre for European Reform, chaired by former Italian Prime Minister Giuliano Amato and supported by the Open Society European Policy Institute (OSEPI). It has been meeting since 2014. This paper tries to capture the main take-aways of the group’s work over the past seven years. 


EU justice and home affairs (JHA) comprises a set of policies intended to help EU countries manage the side-effects of closer economic integration and the abolition of border controls. As member-states gradually lifted checks on people, goods, capital and services, both law-abiding Europeans and criminals became more mobile. The free movement of capital made laundering money easier. The development of the internal market also meant that more people from different nationalities were getting married, divorced, having children, signing or ending contracts, buying and selling property and, in general, entering into legal transactions in other countries. Meanwhile, both asylum-seekers and other sorts of migrants were arriving in Europe in growing numbers, and looking to settle.2 

The 1999 Amsterdam treaty responded to these developments by saying that one of the EU’s main objectives should be “to maintain and develop the Union as an area of freedom, security and justice, in which the free movement of persons is assured in conjunction with appropriate measures with respect to external border controls, asylum, immigration and the prevention and combating of crime.”3

Spurred by a general optimism about European integration and the pressing need to improve police and judicial co-operation in Europe following terrorist attacks in Madrid and London in 2004 and 2005, the Lisbon treaty, which entered into force in December 2009, gave new powers to the EU institutions. The Commission was given the power to propose laws on a wide range of topics such as migration, asylum, criminal law and police co-operation. The Council of Ministers and the European Parliament could each amend, reject or approve those proposals, which, once accepted, would become EU laws and fall under the supervision of the European Court of Justice (ECJ).

From 1999 to the mid-2010s, JHA remained a relatively obscure part of EU policy which accordingly attracted very little public interest. In hindsight, it all began to turn sour in 2014.

Faced with increasing arrivals of leaky boats overcrowded with people fleeing bloody conflicts in Syria and Libya, the Italian government of then-prime minister Enrico Letta launched ‘Mare Nostrum’, a search and rescue operation, in 2013. Other EU countries then accused Italy of encouraging people to risk their lives crossing to Europe by sea in unsafe ships operated by people smugglers, and the EU convinced Letta to replace ‘Mare Nostrum’ with the much smaller ‘Operation Triton’ in 2014. Triton had no mandate to search for and rescue distressed boats proactively. In April 2015, around 700 people died in a shipwreck off the coast of the Italian island of Lampedusa. In September of that year, the image of three-year-old Syrian boy Alan Kurdi lying lifeless on a Turkish beach made headlines around the world. Public attention turned to Europe’s perceived inability to deal with migrants and asylum-seekers, who were often conflated.

The migrant shipwreck tragedy in Lampedusa was a turning point for the future of the EU project.

The tragedy in Lampedusa was a turning point for the EU: the Union has been at the centre of a heated political debate about borders, human rights and Europe’s economy ever since. National politicians began to frame migration debates as a zero-sum choice between open borders for all and ‘fortress Europe’. EU governments and the Brussels institutions eventually fell into the trap of adopting this dichotomy, creating the most serious border crisis in the EU’s history. 

In 2015 and early 2016, over a million people crossed into Europe as the conflict in Syria intensified and Libya’s failed state became a safe haven for smugglers. Quickly, it became apparent that member-states did not see eye-to-eye. Some felt they were bearing a disproportionate burden in protecting Schengen’s external borders; some felt they were taking in more than their fair share of asylum-seekers; and some did not want to accept would-be refugees at all. The bitter political debates that ensued deepened the fault lines between front-line and destination member-states. The disagreements about quotas, solidarity and shared responsibility also entrenched another dividing line that had been developing for a while, this time between Central and Western Europe over respect for the rule of law and fundamental rights. 

While Hungary’s Viktor Orbán had been toying with the idea of “illiberal democracy” since 2014, the EU’s rule of law stand-off began in earnest four years ago.4 In December 2017, the Commission launched a disciplinary proceeding against Poland under Article 7 of the Lisbon treaty, for breaching EU values. Article 7 proceedings can end with the suspension of the offending state’s voting rights in the Council of Ministers. In October 2018, the European Parliament initiated proceedings against Hungary for the same reason.5 But neither of the two disciplinary actions has got very far: they require unanimous agreement in the Council, minus the offending state. Even if 25 states agreed to sanction Poland or Hungary, one of that pair would still be able to block action against the other. Meanwhile, both the European Commission and the European Parliament have become worried about democratic backsliding in other countries, too: in Slovenia, the government of Orbán’s ally, Janez Janša, has been clamping down on media freedom and NGOs. In Romania and Bulgaria, fears over corruption and respect for fundamental rights are piling up. 

Twenty twenty-one may have been the bumpiest year yet for the rule of law in Europe. In December 2020, the EU passed a law (the ‘conditionality mechanism’, in EU jargon) that would stop payments from the EU’s budget and recovery fund to countries that do not respect the rule of law. The Commission has not yet triggered this mechanism because, to overcome Warsaw and Budapest’s threat to veto the bloc’s recovery fund, EU governments promised them that the law would not be used until the ECJ had had the time to review it. But, to put pressure on Poland and Hungary, the Commission has instead delayed the release of recovery fund money (which is separate from the general EU budget) to both countries, over concerns about widespread corruption and a captured judiciary. Over the past 12 months, the ECJ has ruled repeatedly that the Polish government has breached EU law with its judicial reforms – and Warsaw has, also repeatedly, refused to comply with the Luxembourg court’s rulings.6 The stand-off came to a head in October when the Polish Constitutional Tribunal ruled that parts of the EU treaties were incompatible with the Polish constitution, sparking fears of a ‘Polexit’.

The Polish Constitutional Tribunal tried to piggyback on a relatively new trend: the rise of the eurosceptic courts. The Romanian and German constitutional courts, the Danish Supreme Court and the French Conseil d’État have in recent years all questioned the validity of EU law or the legitimacy of ECJ rulings.7 Spain’s otherwise reliably pro-EU judiciary has been debating the usefulness of the European Arrest Warrant (EAW) since a judge in Germany refused the extradition of the fugitive Catalan independence movement leader Carles Puigdemont.8 And Slovenia only nominated its required two delegated prosecutors to the European Public Prosecutor’s Office (EPPO, a body with powers to prosecute crimes related to the EU budget) in November 2021, six months after the office started operations. Ljubljana’s two nominees are not even confirmed yet – with Janša clarifying that they are just “temporary appointments”.9 

EU justice and home affairs, once the preserve of academics and officials, has become a political battleground.

COVID-19 has further complicated matters. While most headlines rightly focus on the human and economic costs of the pandemic, the spread of the virus has created much collateral damage – including to Schengen and the EU’s single market. At the beginning of the pandemic, member-states restored, or extended, passport checks;10 and the EU imposed an entry ban on non-EU citizens. Both were not entirely unreasonable measures but were decided and applied in a hurry and rather incoherently across the EU.11 As a result, member-states grew wary of each other – questioning the ability of other European governments to deal with the crisis. More worryingly, many EU countries introduced serious and unco-ordinated restrictions on the free movement of European citizens – or banned it altogether. While the EU has to some extent managed to harmonise member-states’ criteria for when EU citizens are allowed to travel (notably through the introduction of an EU-wide COVID-19 vaccination passport), many restrictions on movement remain in place. At the time of writing, in January 2022, several member-states have re-instated lockdowns and/or other restrictions on movement within and across their borders. Border controls persist in many EU countries. 

EU justice and home affairs, once the preserve of a handful of lawyers, academics and officials, has become a political battleground. Migration, security (including health security) and EU values are amongst the most contentious issues of EU policy – and ones which can win or lose elections at home. Collectively, they have created new rifts within the EU or aggravated pre-existing fault lines. The EU and its member-states tolerated Orbán’s antics until the 2015-2016 migration crisis exposed a new and important rift between Eastern and Western member-states.12 The crisis also mirrored the divisions that became apparent during the eurozone crisis between 2010 and 2012: frugal, more economically conservative member-states like Germany, Sweden and the Netherlands are also the EU’s biggest recipients of both labour migrants and asylum-seekers, while their southern, more indebted and fiscally dovish counterparts like Italy, Greece and Spain are the countries where migrants and asylum-seekers first arrive. 

The row over the rule of law has intensified the split between the original EU-15 and countries which joined the EU after 2004. While security remains less divisive, as most EU countries agree that they should co-operate to combat crime and terrorism, the topic has become entangled in broader discussions over the EU’s borders, Europe’s values and political posturing over the place of religion in Europe. The European Commission even has a dedicated Commissioner for ‘promoting our European way of life’ whose portfolio includes security.

To date, the EU has dealt with each of these crises separately. This was reasonable while each problem was manageable on its own and had little or no spill-over to other parts of the EU project. But there are clear links between the EU’s migration, security and rule of law woes. 


There is a reason why all of the AFSJ’s crises seem to be happening at the same time, or in very close succession: they are connected. It is naïve to think that sizeable migration flows will not affect the way that Europeans think about security; and it is plain wrong to believe that migration, border and security issues will not spill over into other parts of EU policy-making, such as the recovery fund and the rule of law. The only reason why the EU has an area of freedom, security and justice in the first place is because of Schengen. In the words of a senior EU official, “without Schengen, laws governing criminal and civil co-operation in Europe, as well as police and intelligence collaboration, would be nice-to-have, not a must-have.” 

There is a reason why all AFSJ’s crises are happening at the same time: they are connected.

To date, Schengen has managed to weather a migration crisis, several terrorist attacks and a pandemic because of two things: it involves the sharing of benefits and burdens; and it presupposes a high degree of mutual trust between its members.13 But that trust has eroded in recent years. And both the EU institutions and the member-states seem to have forgotten, or outright ignored, the compromises that are required to make Schengen work.

To benefit from the abolition of border controls between member-states, governments had to introduce so-called compensatory measures, like boosting controls on the EU’s external borders, exchanging law enforcement information through common databases and improving police and judicial co-operation between themselves.14 All these measures are based on the assumption that, by following common rules and standards, EU countries’ border, police and judicial systems will eventually become so similar that further checks will become unnecessary. This is the starting point of the AFSJ, which is based on the same principles as the original Schengen treaty (an inter-governmental treaty signed in 1985 and later expanded and transformed into EU law), but goes beyond it by including mechanisms for judicial co-operation in several areas of law, like criminal, civil and commercial law. These mechanisms include the EAW, which makes it easier to extradite criminals across the EU, and the European Investigation Order (EIO), which allows one country to carry out criminal investigations on behalf of another. Mutual recognition (in this case of each other’s goods and services) is also the modus operandi of the EU’s single market. Not coincidentally, both Schengen and the single market grew in parallel in the 1990s. 

Neither Schengen nor the EU’s single market can work without trust. While the single market seems unscathed for now (with the exception of Brexit and a continuing row over lower quality products making their way eastwards), things are not looking up for the AFSJ. It is becoming clear that – despite the AFSJ’s large body of common standards – countries have very different ideas about who should be allowed in and how; what an independent judiciary is; and what the relationship between EU law and national constitutions should be.

The EU does not need to come up with flashy new plans to reform Schengen every two or three years, as it has since the migration crisis. Instead, EU leaders should focus on the underlying problem: the waning trust between member-states and the impact this lack of trust has on the area of freedom, security and justice. 


Every EU crisis over the past ten years has been to some degree the result of diminishing trust between its member-states. Each of those crises has in turn fed suspicions and made countries more wary of each other. Not all the crises originate in the EU’s deficient AFSJ arrangements. But all of them have had an impact on the bloc’s area of freedom, security and justice. Take the eurozone crisis. Greece’s near-exit from the euro in 2015 unexpectedly shaped Europe’s initial response to the refugee crisis.15 In 2016, with Athens seemingly unable to control the massive flows of people trying to cross to Europe by sea, talk of a mini-Schengen, which would not include Greece, grew louder in the corridors of Brussels. Having once been accused of almost pushing Greece out of the single currency, then German Chancellor Angela Merkel was “determined not to let Greece fall again” in the words of one of her senior aides. To end the crisis without having to push Greece out of Schengen, Merkel struck a surprise deal with Turkey to return rejected asylum-seekers from Greece. 

Beyond the obvious blow to the European project, the most important consequence of the bloc’s gradual loss of mutual trust is that, eventually, it may lead to the exclusion of some EU countries from the Union’s common legal space. That space includes police and judicial co-operation but also the single market: goods, people and, to an extent, services and capital move freely in the EU because citizens and companies alike rely on EU-wide standards, including court rulings. If the judiciary gets captured in a member-state, both civil and criminal law co-operation will become more difficult; businesses will be wary of setting up shop in a country where they may be subject to arbitrary laws; and people’s personal decisions, on issues such as buying a house, having kids or changing jobs, will be affected too. 

The EU will not restore trust by laws or court rulings alone, because this is a political problem.

Currently, there is no formal mechanism in place to expel a country from the AFSJ. But there are two ways this can happen. The first is through a de facto exclusion of a member-state from EU judicial co-operation schemes. This is already happening when, for example, national courts stop the transfer of asylum-seekers from Germany and elsewhere back to Greece or Italy because of abysmal reception conditions. Another example is when courts in several EU countries refuse to extradite wanted people to a member-state where the courts are not perceived as independent, or where the government is distrusted by other member-states. After the UK triggered Article 50 of the Lisbon treaty to start its exit from the EU, several judges across the Union refused to extradite people there, as it was unclear whether EU law would apply to those suspected or convicted of crimes during and after Brexit. As the situation of the judiciary in Poland, Hungary and Romania has deteriorated, various European courts have refused extradition requests, as they considered that suspects’ fundamental rights might not be respected in those countries. While the ECJ has, for now, stopped blanket prohibitions on extradition (as opposed to decisions in individual cases) because of declining judicial standards, this may change in the future, especially if Poland continues openly to defy ECJ rulings.16 In any case, the Luxembourg court already allows member-states to suspend extradition if they have evidence that the rights of the suspect may not be respected – something which should not be too difficult to argue in view of the ECJ’s latest rulings on the independence of the Polish judiciary and the Commission’s own assessment of the situation in Poland, Hungary and Romania. 

The second way to suspend an EU country’s membership of the bloc’s single legal area is more tricky, but not impossible. In a recent paper for the Centre for European Political Studies (CEPS), a think-tank, respected Hungarian EU law professor Petra Bárd and former Polish Ombudsman Adam Bodnar argue that the Polish Constitutional Tribunal’s October ruling should trigger a formal suspension of all AFSJ laws based on mutual recognition in Poland.17 The authors suggest that this could be done either by the EU institutions or by the ECJ. There is no article in the treaties allowing for such a suspension. But there is no article in the treaties which explicitly rules it out, either – in fact, the European Parliament has suggested that the three EU institutions (Commission, Parliament and Council) could take such a decision, if they found ‘systemic deficiencies’ in a given country after conducting regular joint reviews of the state of the rule of law in each EU member-state.18 The ECJ could, on paper, issue a ruling after concluding one of the many cases it is now examining, declaring the suspension of one or more of these laws in certain member-states. But recent case law on the suspension of European Arrest Warrants in Poland indicates that this is unlikely to happen. 

The ECJ’s main problem is that, if it ruled that one or more EU laws were not applicable to an EU country because its courts lacked independence, this would make it very difficult for that country’s judges to seek the ECJ’s help when dealing with matters of EU law. All national courts are allowed to submit questions to the ECJ if they think there may be a contradiction between EU and national rules; or if they are looking to clarify obscure points of EU law. A ruling to exclude a country from mutual recognition laws would automatically imply that national judges would not be allowed to continue business as usual, including asking for preliminary rulings.19 This would have a ripple effect on the bloc: because the ECJ would not be able to interpret questions of EU law in one country, it would not be able to ensure the uniform application of EU law across all member-states.  

Suspending parts of the EU acquis would be difficult and may have unintended effects. For example, suspending membership of Schengen if a country cannot guarantee that its judiciary is fully independent would be a more effective stick than the Article 7 procedure and would ensure that Schengen rights and obligations are clear to all members. But such a move, even if temporary, would be tricky: one of the benefits of Schengen is that it makes it easier for European citizens to move around the Union, in turn boosting support for the EU project. 

The EU will not solve its trust problem by laws or court rulings alone, because this is a problem that stems from political, rather than legal, differences. Rebuilding trust will require a higher level of accountability over how AFSJ policies are enacted at a national level. The problem is not necessarily the result of bad faith. There is, more simply, a general lack of understanding of the provisions of the Union’s AFSJ and a lack of ambition to clarify them. Eventually, this could become a very big problem. If Europeans do not find a way to restore a shared understanding of the rules, trust that they will be enacted proportionately and that violations will be penalised, the EU’s fault lines will deepen and governments will further question the logic of open borders and security co-operation. Citizens may start to wonder what the point of the EU is, after all.  

In the future, the EU should focus on rethinking the way the AFSJ works and clarifying the compromises it involves. This is no easy task. But EU leaders and the EU institutions could find inspiration in one of the ways the Union dealt with the twin financial and eurozone crises in the first part of the last decade.


In 2008, the world economy experienced a steep downturn when parts of the American and European financial sectors collapsed. In the EU, some member-states fared worse than others. In Greece, Portugal, Italy and Spain, the crisis exacerbated long-standing structural problems and added sky-rocketing public debt to create a perfect storm. Investors lost confidence in the creditworthiness of several of the EU’s member-states.20 As a result, many people lost trust in the eurozone altogether: the EU’s ambitious common currency came close to collapsing. 

The EU institutions should to do ‘whatever it takes’ to keep the AFSJ afloat.

In an attempt to lower public debt and to regain the confidence of financial markets, member-states imposed large cuts in public spending, which took a heavy economic toll on Southern European countries. The crisis forced leaders to confront the trade-offs inherent in the single currency – between shared rules, costs and benefits – and eventually, with a lot of help from the European Central Bank, they managed to stabilise the currency.

There are parallels between Schengen, and its accompanying AFSJ, and the eurozone. Both are extremely ambitious projects in the absence of an overarching federal state. Both feature consistently amongst the most popular aspects of the EU (a single currency and passport-free travel). And both have proved to be unprepared to absorb shocks (be it a global economic crisis, a pandemic or a sudden surge in migration); and are plagued by repeated failures of member-states to abide by the rules (on deficit and debt limits, border controls, or judicial independence). But while the euro crisis instilled a sense of doom in Europe’s political elites and forced them into action, this sense of urgency has so far been missing from the EU’s AFSJ. 

It is now time for the EU institutions to do ‘whatever it takes’ to keep the AFSJ afloat. A good starting point would be to set up a European Justice Semester for the EU’s area of freedom, security and justice. 

The financial and sovereign debt crises exposed the failures of the EU’s monetary and macroeconomic policies. To fix them, the Union changed fiscal rules and passed new laws governing the co-ordination of fiscal and macroeconomic policies. The EU also set up more stringent oversight mechanisms, for example the common supervision of Europe’s largest banks. To streamline the regular co-ordination of Europe’s economic policy, the EU created the European Semester. 

Starting in November each year, the European Commission, together with the Council of Ministers, scrutinise economic trends and individual member-states’ policies, and recommend areas for reform. EU countries then submit national plans to Brussels, explaining how they are going to follow the Commission’s recommendations. The recommendations cover a wide range of policies, from employment to childcare and civil justice. The Commission assesses the national plans, and issues specific recommendations to each of the EU-27 – and additional recommendations for eurozone members. The Council of Ministers then discusses the recommendations, which have to be endorsed by EU leaders before their adoption. In case of non-compliance, the EU can require additional monitoring, impose fines and even freeze EU funding to the offending country – though that has not yet happened. A decision to fine a country is deemed to be approved unless a qualified majority of member-states disagrees with it (a procedure known as reverse qualified majority voting). Countries which have signed the so-called Fiscal Compact, a treaty on fiscal stability, have also agreed that other decisions, such as deeming that one country has breached the rules, can also be taken by reverse qualified majority voting. 

The European Semester also has a role in the disbursement of the post-pandemic recovery fund to EU countries. To qualify for recovery money, EU countries need to send their national spending plans to the European Commission, which scrutinises them and decides whether or not to grant funding. To perform this analysis, the Commission looks at many indicators, including the European Semester’s country recommendations. If the national plans do not comply with the rules of the recovery fund, European Semester recommendations, and the rule of law provisions of the conditionality mechanism, the Commission may delay the release of funds or stop it altogether – as is currently the case with Hungary and Poland. 

A review mechanism called ‘European Justice Semester’ could combine elements of the European Semester and the recovery fund.

Of course, neither the EU’s economy nor the eurozone are perfect, nor have the new rules magically fixed all their problems. But, over time, EU leaders and the EU institutions realised that they could not rely on trust and outdated laws alone to keep the economy and the single currency going – they needed a renewed push to make all countries accountable for their actions. The European Semester is a small building block in the eurozone’s efforts to stabilise the currency. The EU’s post-pandemic recovery fund is taking accountability a step further by putting proper money behind a reform monitoring system. Countries are required to show how they are using the recovery money to reach the targets and milestones set by the Commission every six months. They are also required to prove that the money is properly audited and that they have made all the necessary reforms for the money to have a meaningful impact on society and the economy. In stark contrast with previous funds, if a country fails this test, the Commission and the Council of Ministers are allowed to stop payments until the errant member-state complies with the rules. 

A review mechanism, combining elements of the European Semester and the recovery fund, – a ‘European Justice Semester’ – could serve as a useful tool for the EU’s area of freedom, security and justice, for three reasons.  

First, it would help to establish a permanent and clearer link between policies related to Schengen – like the free movement of people or the sharing of police and intelligence information (which most countries like); and policies related to the wider area of freedom, security and justice – like the independence of the judiciary or common asylum and migration rules (which some countries do not like very much). Second, it would help solve what can be called the ‘Copenhagen paradox’, whereby democratic backsliding in some member-states means that, were they to apply to join the EU now, they would not meet the so-called Copenhagen criteria for accession on human rights and the rule of law. A regular overview of justice and home affairs policies would make it harder for countries to backslide. And third, it would allow the EU to anticipate, prepare and deal with issues of mutual trust better, before they become a Poland-sized problem and without having to resort to the ineffective Article 7 procedure for suspending voting rights in the Council. 

The legal basis for a European Justice Semester for the EU’s area of freedom, security and justice would be Article 70 of the Lisbon treaty. Article 70 allows the Commission and member-states to conduct a review of policies related to the area of freedom, security and justice, “in particular in order to facilitate full application of the principle of mutual recognition.” The treaty also says that both the European and national parliaments should be kept abreast of the reviews.

A European Justice Semester for the EU’s AFSJ should follow at least seven steps:

1. The EU should begin by defining the key elements of the area of freedom, security and justice and, more crucially, the rights and obligations attached to it. Member-states would need to revise the 1999 concept of the AFSJ to bring it line with current realities. This could include, for example, making it clear that Schengen is an integral part of the AFSJ and cannot be detached from other elements, like compliance with ECJ rulings or agreements on migration policies. The hard reality is that countries cannot have the benefits of passport-free travel without recognising the authority of the ECJ or applying migration laws that they themselves have approved in Brussels. 

EU leaders used to come up with multi-annual plans (‘programmes’) to set out the direction EU justice and home affairs should take. Over time, EU governments found these plans too onerous, so they quietly dropped them. Over the past seven years, there have been no policy guidelines on EU JHA beyond two Commission plans heavily focused on internal security matters (the 2015 European Security Agenda and the 2019 European Security Union). A renewed effort to make the AFSJ work, now and in the future, should come from EU leaders, not the European Commission. The European Council could hold a special summit on the future of JHA, as it did twice in the ten years after the birth of the AFSJ. 

At the summit, EU countries could debate, and decide, what they want to do with police and judicial co-operation, the Schengen area and the Union’s migration policies. This should be a frank and open conversation that could be informed by the conclusions of the Conference on the Future of Europe – an EU-wide public consultation process that is due to conclude in the spring of 2022. The result should be a baseline plan for the Union’s area of freedom, security and justice which should include a monitoring mechanism based on the eurozone’s European Semester and the post-pandemic recovery fund. This plan would need to be agreed by all EU member-states by consensus. If a broad agreement cannot be found, and some countries decide not to take part, the European Council may want to resort to an inter-governmental agreement, as it has done in the past on eurozone issues. This would be unideal, though – EU governments and the EU institutions, in particular the European Council, should try to get all member-states on board. Once the plan is in place, decisions should be taken either by qualified majority voting or by reverse qualified majority voting. 

JHA policies should reflect the experience of the economic side, where setting down too-specific targets became a headache.

2. Building on the European Council guidelines, the Council of Ministers, together with the European Commission, could set up a broad system of standards that all members of the club should abide by, with a clear warning that these standards are linked, and that failure to abide by some could lead to a range of penalties. Both the new concept and the list of standards should be approved by the European Parliament and endorsed by the European Council, to ensure broad political support and citizen engagement and to diminish the risk of non-compliance. 

3. On the basis of the list of standards, the European Commission could propose a review process similar to the European Semester. The Commission could monitor trends, for example on judicial reforms, and set clear guidelines every, say, 18 or 24 months. The Commission could use these guidelines to flag issues that it considers to be in violation of EU rules (for example, the Polish reform of the judiciary that discriminates between male and female judges) and to suggest ways to fix them. Once the Commission issues its guidelines, member-states would need to present their plans on a range of JHA policies (civil justice, criminal justice, the state of the judiciary, intelligence gathering, police practices and the status of asylum reception facilities, for example), which would then be discussed by the Council of Ministers and approved by the Commission. This is the type of peer review that Article 70 refers to. 

4. The Commission would then review the national plans and come up with country recommendations, broken up by chapters (civil justice, criminal justice, border controls, fundamental rights and so on). The recommendations would need to be approved by the Council of Ministers by qualified majority voting (without the vote of the country in question).

5. Member-states would commit to implementing the recommendations during the rest of the policy cycle. This step would be different from the European Semester in two ways: first, unlike with the Semester, EU countries would have to explicitly say that they would follow the recommendations each time; second, JHA policies are not budgets requiring annual approval, so a European Justice Semester experiment could run for longer periods, of, say, 18-24 months. 

6. National governments and the European Commission could set up dedicated teams to ensure regular communication between the EU institutions and EU capitals. An early warning mechanism to spot problems before they become unmanageable could also be part of the plan. The mechanism could be similar to the six-month review devised for the disbursement of the recovery fund. 

7. The most difficult part of the exercise would be to agree on, and enforce, sanctions. JHA policies should reflect the experience of the economic side, where setting down too-specific targets has become a major headache for policy-makers. The current debate over the suspended Stability and Growth Pact (SGP) is a case in point: the SGP fixes targets for government deficits and debt. But the rules have proven to be unhelpful in recessions. EU countries froze the Pact when the COVID-19 pandemic hit and are starting to consider reforms to the fiscal rules and when to reactivate them. JHA policy-makers should avoid such hard targets, which would do little to mend wounds or make the AFSJ more resilient to crises. 

As a first step, EU member-states should agree on a warning procedure that would apply to countries which have been found to deviate from the standards repeatedly. The Commission and the Council of Ministers, acting by reverse qualified majority voting, could, for example, decide to apply the procedure to a country which had failed to address recommendations twice in a row (that would be two cycles of 18-24 months). The country could respond by amending its actions or face the suspension of EU funds, also agreed by the Council by reverse qualified majority voting. 

Ultimately, EU countries will have to decide whether they want to impose more serious consequences on countries which repeatedly fail to abide by the rules. Radical solutions, like suspending parts of EU law for recalcitrant members, may be tempting but will be difficult to apply in practice and might backfire. 

A more workable idea would be to ‘freeze’ the application of specific laws, like the EAW or EIO. To be effective in discouraging governments from behaving badly, such a freeze should be swiftly agreed upon by reverse qualified majority voting if a country persists in breaching EU rules for a long time; or if the behaviour is serious enough to put the whole AFSJ at risk. To target unruly governments without punishing citizens, any suspension of certain parts of the acquis should never amount to a total exclusion of one member-state from the EU’s common legal area: all national courts should be able to resort to the ECJ when they need to; and no EU citizen should lose the right of effective judicial protection at the EU level as a result of their government’s actions. 

This roadmap would build on existing EU initiatives like the rule of law mechanism (a dialogue between the EU institutions, national governments and civil society about the state of the rule of law in the member-states) and the Schengen evaluation process (a peer review of the way countries apply Schengen laws in their territory, which the Commission has recently proposed to expand). It could scrap existing but inefficient initiatives like the justice scoreboard, by streamlining the oversight of the judiciary across member-states while still taking into account different legal traditions.21 It would also include more recent developments like rule of law conditionality. 

If countries do not accept that membership of Schengen brings both rights and obligations, the project may fail.

To work, a European Justice Semester cannot be a purely procedural plan, driven solely by the EU institutions. Such a plan would need the highest political backing every step of the way, and this will not be easy. The one lesson Europe has learnt from the SGP problems is that no-one can resolve an ambitious political challenge, like the euro, with a non-political solution. Any plan to build back trust in the EU’s area of freedom, security and justice should ideally include all member-states. It would only be a distant second best if it was restricted to a handful of member-states. Although once up and running a European Justice Semester could bypass blocking minorities, its basis would need a general consensus on the direction that the EU wants to take when it comes to its area of freedom, security and justice.

A European Justice Semester would need broad public support. The EU’s response to the eurozone crisis may have ultimately helped to avert the demise of the single currency, but it was deeply unpopular in many member-states on account of the pain caused by austerity and economic dogmatism. While some EU leaders remain stubbornly fond of fiscal measures, the pandemic has made their case weaker: the recovery fund has opened the door for a new way to help troubled countries while making them accountable for their actions – by making the fund performance-based. As a result, both Southern and Northern governments (and their voters) have been – touch wood – fairly cheerful about it, as it has something for every-one. A European Justice Semester would need to focus on performance, solidarity and accountability if it is to enjoy broad support across the EU. 


Some EU governments complain that the EU they joined was about passport-free travel, a budding common currency and the world’s largest single market. The contract they signed said nothing about same-sex marriages, judicial reform or women’s rights. This argument may be illiberal but is not entirely untrue: Europe has changed drastically over the past 20 years. The problem with this line of thought is that it fails to grasp that governments and institutions must and will adapt to a changing society. 

So far, the EU’s area of freedom, security and justice has failed to keep pace with a changing world: for the most part, the AFSJ remains stuck at the beginning of the century, when all EU countries seemed to be happy to increase police and judicial co-operation and did not contemplate border closures or democratic backsliding. This, in turn, has increasingly made the AFSJ unable to deal with a succession of crises, each of which has made EU countries less trusting of each other. EU leaders must understand that if countries do not accept that being part of Schengen brings both rights and obligations, the project may fail – or, at the very least, become smaller.


 1: European Commission, ‘Standard Eurobarometer 95 – Spring 2021’, September 2021.
2: Sophia Besch, Ian Bond and Camino Mortera-Martínez, ´Plugging in the British: Completing the circuit´, CER policy brief, June 22nd 2018.
3: Article 2 Treaty on European Union, 1997. The Amsterdam treaty was signed in 1997 but only entered into force in 1999.
4: Viktor Orbán, Speech at the 25th Bálványos Free Summer University, July 26th 2014. 
5: Both the Commission and the European Parliament can trigger Article 7 when they consider that there is a clear risk that a member-state may breach one or more of the EU´s founding values. These are listed in Article 2 of the Lisbon Treaty and are: respect for human dignity, freedom, democracy, equality, the rule of law and respect for human rights, including the rights of persons belonging to minorities among others. Once the proceeding is launched, it is up to the Council of Ministers to impose sanctions.
6: After coming to power in 2015, Law and Justice and its coalition partners launched a major overhaul of Poland’s judiciary. First, the government packed the Constitutional Court with friendly judges; second, the government revamped the judiciary’s governing body, the National Judiciary Council, and changed how both ordinary courts and the Supreme Court functioned. The reform also lowered the retirement age of judges, which allowed the government to force out magistrates seen as hostile to it and replace them with younger, pro-government judges. Further reforms introduced disciplinary procedures that could be used against judges who wanted to apply certain EU laws, or submit preliminary questions to the European Court of Justice  – an important feature of the EU’s legal system. 
7: In December 2016, the Danish Supreme Court ruled that EU principles deriving from ECJ rulings should not be applicable in Denmark, as they do not derive from the EU treaties. In May 2020, the German Constitutional Court ruled that the ECJ had overstepped its power when it ruled that the European Central Bank’s public sector purchase programme (PSPP) was legal. In April 2021, the French Conseil d’État (France’s highest administrative court) ruled that French intelligence services could breach EU laws protecting privacy because the EU does not have equivalent laws protecting citizens’ safety. In June 2021, the Romanian Constitutional Court said that the Romanian constitution should always have primacy over EU law; and that an ECJ ruling saying that Romania’s recent judicial reform was against EU law was not enforceable in Romania. 
8: Camino Mortera-Martínez, ´Catch me if you can: The European Arrest Warrant and the end of mutual trust´, CER insight, April 1st 2019.
9: Wester van Gaal: ‘Slovenia finally appoints ‘temporary’ EPPO prosecutors’, EU Observer, November 19th 2021.
10: Some member-states, like Sweden, introduced border controls in 2015 following the EU’s migration crisis and have not lifted them since. 
11: Camino Mortera-Martínez: ‘Will the coronavirus pandemic deliver a coup de grâce to Schengen?’, CER bulletin article, September 20th 2020. 
12: Hugo Brady, ‘Openness versus helplessness: Europe’s 2015-2017 border crisis’, Groupe d’études géopolitiques, June 28th 2021. 
13: Raoul Ueberecken, ‘Schengen reloaded’, CER policy brief, November 11th 2019.  
14: Ueberecken, ‘Schengen reloaded’.
15: Agata Gostyńska-Jakubowska and Camino Mortera-Martínez: ‘Thomas Cromwell or the executioner’s axe? Options for a Grexit’, CER insight, July 10th 2015.
16: See, for example, the following ECJ cases: joined Cases C-404/15 and C-659/15, Aranyosi and Căldăraru; case C‑216/18, LM; and joined cases C‑354/20 and C‑412/20, L and P. The Dutch government is pushing for a blanket ban on extradition to Poland in an ongoing case before the ECJ – C-562/21 Openbaar Ministerie.
17: Petra Bárd and Adam Bodnar: ‘The end of an era: The Polish Constitutional Court’s judgment on the primacy of EU law and its effects on mutual trust’, CEPS, October 25th 2021.
18: Committee on civil liberties, justice and home affairs: ‘Report on the establishment of an EU mechanism on democracy, the rule of law and fundamental rights’, European Parliament, 2020/2072(INL), September 29th 2020.
19: Lukas Märtin: ‘Das Damoklesschwert über der europäischen Rechtsordnung: Vom europäischen Haftbefehl und der Gefahr der Verrechtlichung politischer Konflikte’, Verfassungsblog, December 1st 2021.
20: Marcin Szczepanski, ‘A decade on from the crisis: Main responses and remaining challenges’, European Parliamentary Research Service, October 17th 2019.
21: The justice scoreboard is a Commission-led review of the performance of national judiciaries. To do this, the Commission decides on a set of indicators, often not comparable, across member states and assesses them against a set of pre-decided criteria. Member-states are often reluctant to provide information to the Commission and regularly argue that the scoreboard does not take into account different legal traditions across the EU. 

VERFASSUNGSBLOG : Time to Rewrite the EU Directive on Combating Terrorism

by Martin Scheinin and Tarik Gherbaoui

The adoption of EU Directive 2017/541 on combating terrorism in March 2017 has profoundly changed the landscape of European counter-terrorism law. The primary aim of this Directive was to further harmonise the legal framework under which terrorist offences are prosecuted across EU Member States by establishing minimum rules and standards. However, the adverse consequences for the rule of law and human rights have been overlooked from the very outset by the EU institutions. Now, five years after its adoption, it is time for a thorough revision.

A Rushed Adoption Process

The adoption process of the Directive was characterised by long periods of inertia interrupted by phases of panic triggered by external developments. In fact, the European Commission introduced its proposal for the Directive, which builds upon the pre-Lisbon Framework Decision (2002/475/JHA) adopted in the aftermath of 9/11, less than three weeks after the terrorist attacks in Paris in November 2015. Later on, its rushed and opaque finalisation was a political response to the flow of European foreign fighters to the armed conflict in Syria and Iraq. Even though the transnational nature of the foreign fighter phenomenon arguably warrants a pan-European response, from the very outset academics and civil society organisations raised fundamental concerns about the Directive’s potentially adverse rule of law and human rights implications.

As there was no human rights impact assessment during the rushed adoption process, in deviation from both the European Agenda on Security and the Better Regulation Agenda, the Directive ultimately came to include a clause providing for a five-year review. On 18 November 2021, the European Commission submitted a report to the European Parliament and the Council on the implementation of the Directive that assesses the added value of the Directive. The report also claims to address ‘the impact of the Directive on fundamental rights and freedoms, including on non-discrimination, the rule of law, and the level of protection and assistance provided to victims of terrorism’. Such impact assessment is amply warranted and arguably already overdue.

Human Rights Concerns Regarding the Implementation of the Directive

The Commission’s recent report provides a seemingly positive yet largely unsubstantiated assessment of the impact of the Directive. The report finds inter alia that the Directive is ‘overall highly relevant’ and ‘overall internally coherent’, and that it ‘achieved its objectives to a satisfactory extent’ and ‘generated added value’. The Commission’s report claims that ‘while the Directive has had an impact on fundamental rights and freedoms, the limitations largely meet the requirements of necessity and proportionality’. The report also asserts that ‘overall, most stakeholders consulted for the external study did not consider the implementation of the Directive to be problematic from a fundamental rights perspective’. At closer examination, such as the one conducted by the first author of this blog post in his recently approved PhD thesis, these assessments may be too positive.

One of these stakeholders was the EU Fundamental Rights Agency (FRA) which had submitted its own contribution to the Commission as part of the legally required impact assessment of the Directive. The FRA report contains a fairly detailed but primarily empirical rather than legal assessment of the Directive’s human rights implications based on extensive fieldwork, including interviews with experts and practitioners, in seven EU Member States (Belgium, Germany, Greece, Spain, France, Hungary and Sweden). The Commission’s report takes note of the findings of the FRA report but blatantly fails to engage with them. As member of the FRA Scientific Committee that reviews draft versions of FRA reports and publications, and having served as one of the Committee’s two rapporteurs in the matter, the second author of this blog post is well aware of the fact that the Scientific Committee would have wanted the FRA to complement the empirically oriented FRA report with more extensive critical legal analysis of the human rights compatibility of the Directive itself.

The Directive has three key features that have adverse ramifications on the rule of law and human rights: (1) the presence of an overly capacious definition of terrorism that manifestly deviates from UN-level definitions of terrorism (e.g. Security Council Resolution 1566 or the 1999 Terrorism Financing Convention) and from the Council of Europe Convention on the Prevention of Terrorism, (2) the criminalisation of many preparatory acts that may be remote from intrinsically harmful conduct, and (3) the existence of ancillary offences that are also accumulable among each other. While monitoring the implementation of the Directive, the Commission has assessed these features individually but has failed to address how the interplay between these key features exacerbates the adverse human rights implications. For example, there might be pertinent reasons to criminalise ‘travelling abroad for a terrorist purpose’ as a terrorist offence. However, the ‘terrorist purpose’, which constitutes the entire mens rea of this particular offence, is tainted by an overly broad definition of terrorism that also fits poorly with acts committed in situations of armed conflict. For European countries, the three main international legal instruments concerning the foreign (terrorist) fighter phenomenon – UN Security Council Resolution 2178, the Additional Protocol to the Council of Europe Convention on Prevention of Terrorism, and the EU Directive discussed here – all seek to address the same conduct but are mutually incompatible as to whether acts committed in the course of engaging in an armed conflict will be within the scope of application of the instrument. Because of the nebulous definitions contained in the Directive, it is unsurprising that the Commission’s report flags that ‘several national authorities and judges reported difficulties in proving terrorist intent’.

In this matter the Commission’s report fails to address in an adequate fashion the legal uncertainty clouding Recital 37 of the Preamble of the Directive. This provision contains an exclusion clause stipulating that the Directive ‘does not govern the activities of armed forces during periods of armed conflict’. In recent years, EU Member States have predominantly used counter-terrorism law to address the activities of foreign (terrorist) fighters, individuals who have been active in the context of an armed conflict but may or may not have committed actual acts of terrorism. The result has been a further conflation between counter-terrorism law and the laws of war, generally to the detriment of the latter. Taking stock of the Directive’s implementation, and a reform of the Directive itself, would be a perfect moment to provide the necessary clarifications to guide prosecutors and judges at the domestic level. Currently prosecutions related to violent acts committed in the course of an armed conflict abroad may often result in acquittal, simply because the prosecutor’s case rests on specific provisions of the Directive and their national transposition, without paying attention to Recital 37 which then is invoked by the defence to challenge the applicability of terrorism charges in respect of conduct that took place as part of an armed conflict.

The Fragmented Transposition and Implementation of the Directive

Due to these human rights concerns and the political sensitivity of countering terrorism, it is hardly surprising that the implementation of the Directive has been rather troublesome until now. The FRA report affirms that the Directive contains loose definitions that reduce ‘legal clarity’ and result in ‘diverging interpretations of the offences across the EU, as well as conflicting jurisprudence within individual Member States, and reduce the foreseeability of what behaviour is criminalised and under what offence’.

Earlier, in September 2020, the European Commission had released its own report on the transposition of the Directive which made clear that transposition has proved to be particularly challenging regarding Article 3, which requires EU Member states to criminalise certain conduct as terrorist offences and essentially contains the EU definition of terrorism, and regarding Article 9, which contains the offence of travelling abroad for terrorist purposes. As these two provisions have both been indispensable elements of the EU’s legal response to terrorism in recent years, the Commission is concerned that their incorrect transposition risks undermining the uniformity of EU counter-terrorism law. Yet, instead of seeking to address the fundamental concerns that evidently exist among lawmakers and policymakers across numerous EU Member States and in fact point to major flaws in the Directive itself, the Commission decided to use its enforcement powers and has opened infringement procedures against 22 Member States. As Ireland and Denmark decided to opt out of the Directive, this means that infringement procedures have been started against 22 of the 25 Member States that are required to implement the Directive.

While such infringement procedures might help to clarify certain points of law, especially were they to result in a determination by the CJEU, it is high time to have a transparent and constructive legal and political discussion about the flaws of the EU Directive itself now that March 2022 marks five years since its adoption. We understand that the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE Committee) will meet in February or March to discuss the Commission’s report on the implementation and added value of the Directive. That would be an excellent occasion to take a critical look at the several legal flaws of the Directive as a reason for its so far marginal ‘added value’, instead of following the rather self-congratulatory approach of the Commission’s report which elliptically concludes that the Directive ‘has functioned and largely achieved its objectives in the way that was expected’.