Why the European Parliament should reject (or substantially amend) the Commission’s proposal on EU Information Security (“INFOSEC”). (1) The issue of “classified information”

By Emilio De Capitani

1.Setting the scene of EU legal framework on access to documents and to confidential information before the Lisbon Treaty

To better understand why the Commission “INFOSEC” draft legislative proposal (2022/0084(COD) on information security shall be substantially amended, let’s recall what was before the Lisbon Treaty and of the Charter, the EU legal framework on access to documents, and notably of EU classified information. With the entry into force of the Amsterdam Treaty on May 1999 the EP and the Council have been under the obligation (art.255 TCE) of adopting in two years time new EU rules framing the individual right of access to documents by establishing at the same time “the general principles and limits of public interests” which may limit such right of access.(emphasis added).

Notwithstanding a rather prudent Commission’s legislative proposal the EP strongly advocated a stronger legal framework for access to documents, for legislative transparency and even for the treatment at EU level of information which, because of their content, should be treated confidentially (so called ,“sensitive” or “classified information”).

Needless to say “Sensitive” or “classified information” at Member States level, are deemed to protect “essential interests” of the State and, by law, are subject to a special parliamentary and judicial oversight regime.[1] As a consequence, at EU level, even after Lisbon, national classified information are considered an essential aspect of national security which “.. remains the sole responsibility of each Member State” (art. 4.2 TEU) and “..no Member State shall be obliged to supply information the disclosure of which it considers contrary to the essential interests of its security;”(art 346.1(a)TFEU.

However, if national classified information is shared at EU level as it is the case for EU internal or external security policies it shall be treated as for any other EU policy by complying with EU rules. Point is on what legal basis these rules should be founded. This issue came to the fore already in 2000 when the newly appointed Council Secretary General Xavier SOLANA negotiated with NATO a first interim agreement on the exchange of classified information. The agreement which mirrored at EU level the NATO Classification standards (“Confidential”, “Secret” and “Top Secret”) was founded on the Council internal organizational power but this “administrative” approach was immediately challenged before the Court of Justice by the a Member State (NL) [2]and by the European Parliament itself [3] which considered that the correct legal basis should had been the new legislation on access to documents foreseen by art 255 of TEC which was at the time under negotiation. The Council, at last, acknowledged that art.255 TEC on access to documents was right legal basis and a specific article (art.9[4]) was inserted in in Regulation 1049/01 implementing art.255 TEC and the EP and NL withdrew their applications before the CJEU[5].

Point is that Art.9 of Regulation 1049/01 still covers only the possible access by EU citizens and such access may be vetoed by the “originator” of the classified information. Unlike national legislation on classified information art.9 didn’t solved, unfortunately, for the lack of time, the issue of the democratic and judicial control by the European Parliament and by the Court of Justice to the EUCI. Art.9(7) of Regulation 1049/01 makes only a generic reference to the fact that “The Commission and the Council shall inform the European Parliament regarding sensitive documents in accordance with arrangements agreed between the institutions.” A transitional and partial solution has then been founded by negotiating Interinstitutional Agreements between the Council and the EP in 2002 [6]and in 2014 [7]and between the European Commission[8] in 2010.

Point is that interinstitutional agreements even if they may be binding (art.295 TFEU) they can only “facilitate” the implementation of EU law which, as described above, in the case of democratic and judicial control of classified information still does not exists. Not surprisingly, both the Council and the Commission Interinstitutional agreements consider that the “originator” principle should also be binding for the other EU institutions such as the European Parliament and the Court of Justice.

This situation is clearly unacceptable in an EU deemed to be democratic and bound by the rule of law as it create zones where not only the EU Citizens but also their Representatives may have no access because of “originator’s” veto. As result, in these situations the EU is no more governed by the rule of law but only by the “goodwill” of the former.

To make things even worse the Council established practice is to negotiate with third Countries and international organizations agreements [9]covering the exchange of confidential information by declaring that the other EU Institutions (such as the EP and the Court of Justice) should be considered “third parties” subject then to the “originator” principle.

Such situation has become kafkianesque with the entry into force of the Lisbon treaty which recognize now at primary law level the EP right to be “fully and timely” informed also on classified information exchanged during the negotiation of an international agreement[10]. Inexplicabily , fourtheen years since the entry into force of the Traty the European Parliament has not yet challenged before the Court of Justice these clearly unlawful agreements.

That Institutional problem kept apart, fact remains that until the presentation of the draft INFOSEC proposal none challenged the idea that in the EU the correct legal basis supporting the treatment also of classified information should be the same of access to documents which after the entry into force of the Lisbon treaty is now art.15.3 of the TFEU[11].

2 Why the Commission choice of art 298 TFEU as the legal basis for the INFOSEC proposal is highly questionable [12]

After the entry into force of the Lisbon Treaty and of the Charter the relation between the fundamental right of access to documents and the corresponding obligation of the EU administration of granting administrative transparency and disclose or not its information/documents has now been strengthened also because of art.52 of the EU Charter.

In an EU bound by the rule of law and by democratic principles, openness and the fundamental right of access should be the general rule and “limits” to such rights should be an exception framed only “by law”. As described above the correct legal basis for such “law” is art.15 of the TFEU which, as the former art.255 TEC, states that “General principles and limits on grounds of public or private interest..” may limit the right of access and the obligation of disclosing EU internal information / documents. Also from a systemic point of view “limits” to disclosure and to access are now covered by the same Treaty article which frames (in much stronger words than art 255 before Lisbon) the principles of “good governance”(par 1), of legislative transparency (par 2) and of administrative transparency (par 3).

Such general “Transparency” rule is worded as following: “1. In order to promote good governance and ensure the participation of civil society, the Union institutions, bodies, offices and agencies shall conduct their work as openly as possible.(..) Each institution, body, office or agency shall ensure that its proceedings are transparent and shall elaborate in its own Rules of Procedure specific provisions regarding access to its documents, in accordance with the regulations referred to in the second subparagraph.”

Bizarrely, the European Commission has chosen for the INFOSEC regulation art.298 TFEU on an open, independent and efficient EU administration by simply ignoring art.15 TFEU and by making an ambiguous reference to the fact that INFOSEC should be implemented “without prejudice” of the pre-Lisbon Regulation 1049/01 dealing with access to documents and administrative transparency. How a “prejudice” may not exist when both Regulations are overlapping and INFOSEC Regulation is upgrading the Council Internal Security rules at legislative level is a challenging question.

It is indeed self evident that both the INFOSEC Regulation and Regulation 1049/01 deal with the authorized/unauthorised “disclosure” of EU internal information/documents.

Such overlapping of the two Regulations is even more striking for the treatment EU Classified information (EUCI) as these information are covered both by art. 9 of Regulation 1049/01 and now by articles 18 to 58 and annexes II to VI of the INFOSEC Regulation.

As described above, Art 255 TCE has since Lisbon been replaced and strengthened by art 15 TFEU so that the Commission proposal of replacing it with art.298 TFEU looks like a “detournement de procedure” which may be challenged before the Court for almost the same reasons already raised in 2000 by the EP and by NL. It would then been sensible to relaunch the negotiations on the revision of Regulation 1049 in the new post-Lisbon perspective but the Commission has decided this year to withdraw the relevant legislative procedure. Submitting a legislative proposal such INFOSEC promoting overall confidentiality and withdrawing at the same time a legislative proposal promoting transparency seems a rather Commission’s strong message to the public.

3 Does the INFOSEC proposal grant a true security for EU internal information?

Point is that European administrative transparency is now a fundamental right of the individual enshrined in the Charter (Article 42).The protection of administrative data is one of the aspects of the “duty” of good administration enshrined in Article 41 of the Charter which stipulates that every person has the right of access to their file, “with due regard for the legitimate interests of confidentiality and professional and business secrecy.”

However Art.298 TFEU is not the legal basis framing professional secrecy. It is only a provision on the functioning of the institutions and bodies which, “in carrying out their tasks … [must be based] on an “open” European administration”[13] and is not an article intended to ensure the protection of administrative documents.

This objective is better served by other legal basis of the Treaties.

First of all, protecting the archives of EU institutions and bodies from outside interference is, even before being a legitimate interest, an imperative condition laid down by the Treatiesand the related 1965 Protocol on the Privileges and Immunities of the Union adopted on the basis of the current Article 343 TFEU. Articles 1 and 2 of that Protocol stipulate that the premises and buildings of the Union, as well as its archives, “shall be inviolable.”

Furthermore, in order to ensure that, in the performance of their duties, officials are obliged to protect the documents of their institutions, Article 17 of the Staff Regulations stipulates that

1. Officials shall refrain from any unauthorized disclosure of information coming to their knowledge in the course of their duties, unless such information has already been made public or is accessible to the public.

Again, (as for Regulation 1049/01), the INFOSEC regulation reinstate that it should be applied “without prejudice” of the Staff Regulation by so mirroring the second paragraph of art.298 TFEU which states that itself states that it should be implemented “in accordance with the Staff Regulations and the rules adopted on the basis of Article 336.” So, also from this second perspective, the correct legal basis for INFOSEC could be the Article 339 (on professional secrecy) and 336 TFEU, with the consequent amendment of the Staff Regulations by means of a legislative regulation of the Parliament and the Council.

By proposing a legislative regulation on the basis of Article 298, the Commission therefore circumvents both the obligation imposed by Article 336, art 339 (on professional secrecy) and, more importantly of Article 15(3) TFEU, according to which each institution or body “..shall ensure (i.e., must ensure) the transparency of its proceedings [and therefore also their protection from external interference] and shall lay down in its rules of procedure specific provisions concerning access to its documents [and therefore also concerning their protection], in accordance with the regulations referred to in the second subparagraph.”(NDR currently Regulation 1049/01)

The objectives set out in Article 298 cannot therefore override the requirements of protecting the fundamental right of access to documents, nor those of Article 15 TFEU which could be considered the “center of gravity”when several legal basis are competing [14].

The same applies to compliance with the regulation establishing the Statute and, in particular, compliance with Article 17 thereof, cited above.

Ultimately, the provisions on the legislative procedure for Union legislative acts are not at the disposal of the Commission, given that administrative transparency is a fundamental right and the protection of documents is a corollary thereof and not a means of functioning of the institutions. Administrative transparency is a fundamental right of every person; the protection of administrative data is a legitimate interest of every administration.

A ”public” interest that can certainly limit the right of access, but only under the conditions established by the legislator of art 15 TFEU and only by the latter.

4. Conclusions

If a recommendation may be made now to the co-legislators is to avoid illusionary shortcuts such as the current Commission proposal whose real impact on the EU administrative “bubble” is far to be clear[15] . The EU Legislator, since the entry into force of the Lisbon Treaty more than fourteen years ago is faced to much more pressing problems.

What is mostly needed is not inventing several layers of illusionary “protection” of the EU information but framing the administrative procedures by law as suggested several times by the European Parliament and by the multiannual endeavor of brilliant scholars focusing on the EU Administrative law[16].

What matters is that the management and the access to EU information should be framed by law and not depend from the goodwill of the administrative author or the receiver as proposed by the INFOSEC Regulation. Nor information security is strengthened transforming each one of the 64 EU “entities” covered by the INFOSEC Regulation [17] in sand-boxes where the information is shared only with the people who, according to the “originator” has a “need to know” and not a “right to know”.

Moreover the EU should limit and not generalize the power for each one of the 64 EU entities of create “classified” information (EUCI). In this perspective art.9 of Regulation 1049/01 needs indeed a true revision but in view of the new EU Constitutional framework and of the new institutional balance arising from the Lisbon treaty and of the Charter.

Fourtheen years after Lisbon the democratic oversight of the European Parliament and the judicial control of the Court of Justice on classified documents , shall be granted by EU law as it is the case in most of the EU Countriesand not by interinstitutional agreements which maintain the “Originator” against these institutions in violation of the rule of law principle as well as of the EU institutional balance.

Could still be acceptable fourteen years after the entry into force of the Lisbon Treaty that the European Parliament and the Court of justice are not taken in account in the dozens of international agreements by which the Council frame the exchange of EUCI with third countries and international organizations?

Instead of dealing with these fundamental issues the European Commission in its 67 pages proposal makes no reference to 24 years of experience in the treatment of classified information and prefer dragging the co-legislators in Kafkian debates dealing with “sensitive but not classified information” or on the strange idea by which documents should marked “public” by purpose and not by their nature (by so crossing the line separating public transparency from public propaganda).

But all that been said, it is not the Commission which will be responsible before the Citizens (and the European Court) for badly drafted legislation. It will be the European Parliament and the Council which shall now take their responsibility. They can’t hide behind the Commission unwillingness to deal with substantive issues (as well as with other aspects of legislative and administrative transparency) ; if the Council also prefer maintain the things as they were before Lisbon it is up to the European Parliament to take the lead and establish a frank discussion with the other co-legislator and verify if there is the will of fixing the real growing shortcomings in the EU administrative “Bubble”.

Continuing with the negotiations on the current version of the INFOSEC proposal notably on the complex issue of classified information paves the way to even bigger problems which (better soon than later) risk to be brought as in 2000 on the CJEU table.

[1] According to the Venice Commission “.. at International and national level access to classified documents is restricted by law to a particular group of persons. A formal security clearance is required to handle classified documents or access classified data. Such restrictions on the fundamental right of access to information are permissible only when disclosure will result in substantial harm to a protected interest and the resulting harm is greater than the public interest in disclosure. Danger is that if authorities engage in human rights violations and declare those activities state secrets and thus avoid any judicial oversight and accountability. Giving bureaucrats new powers to classify even more information will have a chilling effect on freedom of information – the touchstone freedom for all other rights and democracy – and it may also hinder the strive towards transparent and democratic governance as foreseen since Lisbon by art.15.1 of TFEU (emphasis added) The basic fear is that secrecy bills will be abused by authorities and that they lead to wide classification of information which ought to be publicly accessible for the sake of democratic accountability. Unreasonable secrecy is thus seen as acting against national security as “it shields incompetence and inaction, at a time that competence and action are both badly needed”. (…) Authorities must provide reasons for any refusal to provide access to information. The ways the laws are crafted and applied must be in a manner that conforms to the strict requirements provided for in the restriction clauses of the freedom of information provisions in the ECHR and the ICCPR.”

[2] Action brought on 9 October 2000 by the Kingdom of the Netherlands against the Council of the European Union (Case C-369/00) (2000/C 316/37)

[3] Action brought on 23 October 2000 by the European Parliament against the Council of the European Union (Case C-387/00) (2000/C 355/31) LINK chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:C2000/355/31

[4] Regulation 1049/01 Article 9”Treatment of sensitive documents

1. Sensitive documents are documents originating from the institutions or the agencies established by them, from Member States, third countries or International Organisations, classified as “TRÈS SECRET/TOP SECRET”, “SECRET” or “CONFIDENTIEL” in accordance with the rules of the institution concerned, which protect essential interests of the European Union or of one or more of its Member States in the areas covered by Article 4(1)(a), notably public security, defence and military matters.

2. Applications for access to sensitive documents under the procedures laid down in Articles 7 and 8 shall be handled only by those persons who have a right to acquaint themselves with those documents. These persons shall also, without prejudice to Article 11(2), assess which references to sensitive documents could be made in the public register.

3. Sensitive documents shall be recorded in the register or released only with the consent of the originator.

4. An institution which decides to refuse access to a sensitive document shall give the reasons for its decision in a manner which does not harm the interests protected in Article 4.

5. Member States shall take appropriate measures to ensure that when handling applications for sensitive documents the principles in this Article and Article 4 are respected.

6. The rules of the institutions concerning sensitive documents shall be made public.

7. The Commission and the Council shall inform the European Parliament regarding sensitive documents in accordance with arrangements agreed between the institutions.

[5] Notice for the OJ.Removal from the register of Case C-387/00¹By order of 22 March 2002 the President of the Court of Justice of the European Communities ordered the removal from the register of Case C-387/00: European Parliament v Council of the European Union. OJ C 355 of 09.12.2000.

[6] Interinstitutional Agreement of 20 November 2002 between the European Parliament and the Council concerning access by the European Parliament to sensitive information of the Council in the field of security and defence policy (OJ C 298, 30.11.2002, p. 1).

[7] According to the Interinstitutional Agreement of 12 March 2014 between the European Parliament and the Council concerning the forwarding to and handling by the European Parliament of classified information held by the Council on matters other than those in the area of the common foreign and security policy (OJ C 95, 1.4.2014, pp. 1–7) “4. The Council may grant the European Parliament access to classified information which originates in other Union institutions, bodies, offices or agencies, or in Member States, third States or international organisations only with the prior written consent of the originator.”

[8] According to annex III point 5 of the Framework Agreement on relations between the European Parliament and the European Commission (OJ L 304, 20.11.2010, pp. 47–62) In the case of international agreements the conclusion of which requires Parliament’s consent, the Commission shall provide to Parliament during the negotiation process all relevant information that it also provides to the Council (or to the special committee appointed by the Council). This shall include draft amendments to adopted negotiating directives, draft negotiating texts, agreed articles, the agreed date for initialling the agreement and the text of the agreement to be initialled. The Commission shall also transmit to Parliament, as it does to the Council (or to the special committee appointed by the Council), any relevant documents received from third parties, subject to the originator’s consent. The Commission shall keep the responsible parliamentary committee informed about developments in the negotiations and, in particular, explain how Parliament’s views have been taken into account.”

[9] SEE : Agreements on the security of classified information Link : https://eur-lex.europa.eu/EN/legal-content/summary/agreements-on-the-security-of-classified-information.html

[10] Article 218.10 TFUE states clearly that “The European Parliament shall be immediately and fully informed at all stages of the procedure” when the EU is negotiating international agreements even when the agreements “relates exclusively or principally to the common foreign and security policy,” (art.218.3 TFUE).

[11] Interestingly reference to art.15 of the TFEU is also made in the EP-Council 2014 Interinstitutional Agreement on access to classified information (not dealing with External Defence) See point 15 : This Agreement is without prejudice to existing and future rules on access to documents adopted in accordance with Article 15(3) TFEU; rules on the protection of personal data adopted in accordance with Article 16(2) TFEU; rules on the European Parliament’s right of inquiry adopted in accordance with third paragraph of Article 226 TFEU; and relevant provisions relating to the European Anti-Fraud Office (OLAF)

[12] However this legal basis was fit for another legislative proposal, of a more technical nature, which has now become EU Regulation 2023/2841 layng down measures for a high common level of cybersecurity for the institutions, bodies, offices and agencies of the Union. This Regulation apply at EU administrative level the principles established for the EU Member States by Directive (EU) 2022/2555 (²) improving the cyber resilience and incident response capacities of public and private entities. It created an Interinstitutional Cybersecurity Board ( IICB) and a Computer Emergency Response Team (CERT) which operationalizes the standards defined by the IICB and interact with the other EU Agencies (such as the EU Agency dealing with informatic security, Enisa), the corresponding structures in the EU Member States and even the NATO structures. It may be too early to evaluate if the Regulation is fit for its purpose ([12]) but the general impression is that its new common and cooperative system of alert and mutual support between the EU Institutions, Agencies and bodies may comply with the letter and spirit of art.298 of the TFEU

[13] Quite bizarrely this “open” attribute is not cited in the INFOSEC proposal and, even more strangely, none of the EU institutions has until now consulted the EU Ombudsman and/or the Fundamental Rights Agency.

[14] See Case C-338/01 Commission of the European Communities v Council of the European Union(Directive 2001/44/EC – Choice of legal basis)“The choice of the legal basis for a Community measure must rest on objective factors amenable to judicial review, which include in particular the aim and the content of the measure. If examination of a Community measure reveals that it pursues a twofold purpose or that it has a twofold component and if one of these is identifiable as the main or predominant purpose or component whereas the other is merely incidental, the act must be based on a single legal basis, namely that required by the main or predominant purpose or component. By way of exception, if it is established that the measure simultaneously pursues several objectives which are inseparably linked without one being secondary and indirect in relation to the other, the measure must be founded on the corresponding legal bases…”

[15] Suffice to cite the following legal disclaimer :”This Regulation is without prejudice to Regulation (Euratom) No 3/1958 17 , Regulation No 31 (EEC), 11 (EAEC), laying down the Staff Regulations of Officials and the Conditions of Employment of other servants of the European Economic Community and the European Atomic Energy Community 18 , Regulation (EC) 1049/2001 of the European Parliament and of the Council 19 , Regulation (EU) 2018/1725 of the European Parliament and of the Council 20 , Council Regulation (EEC, EURATOM) No 354/83 21 , Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council 22 , Regulation (EU) 2021/697 of the European Parliament and of the Council 23 , Regulation (EU) [2023/2841] of the European Parliament and of the Council 24 laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union.

[16] See ReNEUAL Model Rules on EU Administrative Procedure. ReNEUAL working groups have developed a set of model rules designed as a draft proposal for binding legislation identifying – on the basis of comparative research – best practices in different specific policies of the EU, in order to reinforce general principles of EU law

https://www.reneual.eu/projects-and-publications/reneual-1-0

[17] The Council has listed not less than 64 EU entities (EU Institutions Agencies and Bodies – EUIBAs) in document WK8535/2023

Verfassungsblog : Why an EU Country under the Surveillance Procedure (Article 7.1 TEU) Should not Chair the Council Presidency

by Virgilio DASTOLI and Emilio DE CAPITANI

In accordance with the Council Decision on the exercise of the Presidency of the Council of the European Union,¹⁾ from July 1 of this year the office is to be held by Hungary. This occasion will mark the first time that the Presidency will have been held by a Member State that has been subject to the “surveillance” procedure in Article 7(1) of the Treaty on European Union, having been launched by the European Parliament in September 2018.

As the Court of Justice has recognised,²⁾ by adopting its Resolution, the EP has already triggered the legal consequences foreseen by Protocol 24.

‘[A]s long as the Council or the European Council has not taken a decision in respect of the Member State concerned, a Member State may, by way of derogation from the general rule laid down in that single article, take into consideration or declare admissible to be examined any asylum application lodged by a national of the Member State that is the subject of that procedure.’

Simply put, it means that Hungary is no longer to be considered a “safe country”, and if it should occur, a Hungarian may request asylum in another EU Country. In other words, the general presumption that fundamental rights and values are respected in that Member State is no longer absolute, and precaution should be taken when fundamental rights of individuals are concerned (as is the case in relation to the European Arrest Warrant). In a more general sense, and in the relations with other Member States or EU Institutions, the principle of mutual trust that is the bedrock of intra-EU cooperation is not “blind trust” and cannot be taken for granted.

Within this perspective, it would be sensible to assume that a Member State that does not enjoy the full confidence of the other Member States should not be responsible for a key coordinating role, as is the case when holding the Council Presidency. As a matter of fact, holding the Council Presidency is anything but a protocolar task. It plans, coordinates and chairs meetings of the Council and most of the Council’s preparatory bodies, i.e. working parties and committees. It suggests compromise solutions with a view to reaching an agreement between the Members of the Council (‘honest broker’). The Presidency should be, by definition, neutral and impartial. It is the moderator for discussions and cannot, therefore, favour either its own preferences or those of a particular Member State.

But holding the Council Presidency also has an essential interinstitutional dimension, because it is the Presidency that represents the Council in its relations with the European Parliament (EP) and negotiates on behalf of the Council to reach agreements on legislative files by protecting and promoting together the EU values that Hungary is openly challenging.

It is not surprising that the European Parliament (which originally triggered the Article 7(1) TEU procedure against Hungary) already one year ago³⁾ sent a Resolution to the Council and the Commission underlining

‘the important role of the presidency of the Council in driving forward the Council’s work on EU legislation, ensuring the continuity of the EU agenda and representing the Council in relations with the other EU institutions” but also questioning “…how Hungary will be able to credibly fulfil this task in 2024, in view of its non-compliance with EU law and the values enshrined in Article 2 TEU, as well as the principle of sincere cooperation’.

Surprisingly, neither the Commission nor the Council have to date furnished any response. Perhaps the reason was that these two institutions were expecting a positive development prior to the end of the legislative term, such as apparently occurred with Poland, (the only other European Country subjected to the Article 7(1) TEU procedure). Yet, unfortunately, in the case of Hungary, the situation has in the meantime rather worsened, to the extent that the European Parliament adopted two new Resolutions, the first on January 18 of this year⁴⁾ and the second on April 24.⁵⁾

These highly detailed texts summarise and update the already formidable list of all Hungarian infringements of the rule of law and of the Budgetary Conditionality Mechanism. The most recent text declares in even stronger words the same concerns as to the suitability of Hungary as President of the Council and declares the EP ‘readiness to take measures to defend the credibility of the Union with respect to the values enshrined in Article 2 TEU as regards cooperation with the Council’.

It remains to be seen if the two most recent EP texts will once again fall on deaf ears on the Council side. However, from a constitutional point of view, the assessment of the EP appears well founded and should have received much greater attention from the Council, notably because by maintaining the Hungarian Presidency the Council is threatening the smooth functioning of the EU in its essential legislative and budgetary functions as envisaged in the post-Lisbon Treaty framework: these functions now fall within the joint responsibility of the European Parliament and of the Council (Article 14(1) and 16(1) TEU), and this co-responsibility requires a great deal more than loyal cooperation between the two institutions (Article 13 TEU).

It would now be both prudent and sensible for the Council to modify its 2016 Decision, by qualified majority, as already provided for in legal doctrine,⁶⁾ by foreseeing explicitly that Council Presidency should not be held by a Country under art. 7 Procedure. As a consequence the Hungarian Presidency will be delayed until the Article 7(1) TEU surveillance procedure will have been successfully concluded. It has to be noted that a postponement should not be considered as a sanction against Hungary, but rather a simple precautionary measure to preserve the smooth functioning of the European Union and to avoid a period of interinstitutional bickering between the EU co-legislators, particularly at such a decisive moment for the EU legislature both from an internal and international point of view. Moreover, it wouldn’t be the first time that the Council Presidency has been postponed, and then for much less serious reasons. As rightly noted by the Meijers Committee,

‘changes in the previously agreed order of Presidencies have not been uncommon. They occurred on six occasions, for different reasons: three times after the accession of new Member States, in 1995, in 2005 and in 2007; in 2002 at the request of Germany because general elections were scheduled during its upcoming Presidency; in 2009 because of the Treaty of Lisbon; and in 2016 after accession of Croatia and the Brexit Referendum with regard to the UK Presidency, which was scheduled to start in 11 months’ time, as of July 2017. Therefore, it is established legal and political practice to reconsider the order of the Presidency in case of relevant circumstances, even if relatively close to the date that the rotation is scheduled to start’.

It is finally also worth noting that an urgent appeal to postpone the Hungarian Presidency has very recently been submitted to the EU Institutions by the European Movement (IT, ES, FR branches).⁷⁾ The European Commission President, Ursula Von Der Leyen, has shared it with the competent Members of the College, notably with Vice-President Maroš Šefčovič, who is responsible for interinstitutional relations. The time period until July 1 is rapidly diminishing, and on June 18 the General Affairs Council will decide on a reasoned proposal from the Commission on closing the Article 7(1) TEU procedure against Poland.⁸⁾ Will it also be the occasion to discuss the issue of the incoming Hungarian Presidency? If so the point could also be submitted for final decision at the European Council Meeting on June 27/28 under the chapter on institutional issues (as the general responsibility on the issue of Council Presidencies falls under the COEUR competence – Article 236 TFEU).

We, the undersigned scholars, experts and citizens, support this call for the postponement of the Hungarian Presidency.

Those who wish to support this initiative can send their contact details here.

Prof. Gábor Halmai, European University Institute, Florence

Prof. Sergio Fabbrini, Luiss University, Rome

Prof. Petra Bard, Radboud University

Prof. Tomacz Tadeus Koncewicz, University of Gdańsk, Department of European and Comparative Law

Prof. Laurent Pech, University College Dublin

Prof. Paul Craig, University of Oxford

Prof. Kim Lane Scheppele, Princeton University

Prof. Catherine Dupré, University of Exeter Law School

Prof. Maria Bergström, Uppsala University, Faculty of Law

Prof. Marie-Laure Basilien-Gainche University Jean Moulin Lyon 3, Institut Universitaire de France

Prof. Henri de Waele, Radboud University Nijmegen and University of Antwerp

Prof. Elspeth Guild, Queen Mary University of London

Prof. Olivier Costa, CNRS, CEVIPOF, Sciences Po, Paris

Dr. Marta Lasek-Markey, Trinity College Dublin

Prof. Stephen Skinner, University of Exeter

Dr. Christine Bicknell, Human Rights and Democracy Forum, University of Exeter Law School

Dr. Carlotta Garofalo, University of Graz

Ounia N. Doukoure, Paris 1 University, Institut Convergences Migrations ; Lille Catholic University

Prof. Marc Valéri, University of Exeter

Prof. Federico Fabbrini, Dublin City University

Prof. Dominique Custos, Caen Normandie University

Prof. Dino G. Rinoldi, Catholic University of the Sacred Heart of Milan

Prof. Nicoletta Parisi, Catholic University of the Sacred Heart of Milan

Prof. Douwe Korff, University of Oxford

Prof. Susanna Cafaro, University of Salento

Prof. Laurence Burgorgue-Larsen, Paris 1 University

Prof. Fred Constant, University of the Antilles

Prof. Jean-Manuel Larralde, Caen Normandie University

Prof. Maria Castillo, University Caen Normandie University

Prof. Maciej Bernatt, University of Warsaw

Prof. Yves Poullet, University of Namur

Prof. Antonio Da Re, University of Padova

Prof. Luciano Corradini, Roma Tre University

Prof. Massimiliano Guderzo, University of Siena

Prof. Massimo Fragola, Università della Calabria

This is a pre-peer reviewed version of an article submitted for publication in the European Law Journal.

References

↑1	Council Decision (EU) 2016/1316 of 26 July 2016 amending Decision 2009/908/EU (OJ L 208, 2.8.2016, p. 42) : https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016D1316.
↑2	See paras. 39 and 40 of Case C-650/18, Ungary v. European Parliament, June 3 2021, EU:C:2021:426:‘39 In the present case, it should be noted that the adoption of the contested resolution initiates the procedure laid down in Article 7(1) TEU. Under point (b) of the sole article of Protocol (No 24), once that procedure is initiated and as long as the Council or the European Council has not taken a decision in respect of the Member State concerned, a Member State may, by way of derogation from the general rule laid down in that single article, take into consideration or declare admissible to be examined any asylum application lodged by a national of the Member State that is the subject of that procedure.40 It follows that the adoption of the contested resolution has the immediate effect of lifting the prohibition, which is in principle imposed on the Member States, on taking into consideration or declaring admissible to be examined an asylum application made by a Hungarian national. That resolution thus changes, in relations between Member States, the position of Hungary in the field of asylum.’
↑3	European Parliament resolution of 1 June 2023 on the breaches of the Rule of Law and fundamental rights in Hungary and frozen EU funds (2023/2691 RSP)OJ C, C/2023/1223, 21.12.2023, ELI: http://data.europa.eu/eli/C/2023/1223/oj
↑4	See point 8 of the Resolution “Situation in Hungary and frozen EU funds” questioning again “..if the Hungarian Government will be able to credibly fulfil this task in 2024, in view of its non-compliance with EU law and the values enshrined in Article 2 TEU, as well as the principle of sincere cooperation;” and “asking the Council to find proper solutions to mitigate these risks as soon as possible”, https://www.europarl.europa.eu/doceo/document/TA-9-2024-0053_EN.html.
↑5	See Resolution Ongoing hearings under Article 7(1) TEU regarding Hungary to strengthen Rule of Law and its budgetary implications where it regretted ‘that the Council has not yet found a solution to this problem, and that representatives of the Hungarian Government would chair the Council’s meetings concerning democracy, the rule of law and fundamental rights, including meetings related to protecting the EU’s financial interests and budget; underscores that this challenge comes at the crucial moment of the European elections and the formation of the Commission; deplores the failure to find a solution and reiterates its readiness to take measures to defend the credibility of the Union with respect to the values enshrined in Article 2 TEU as regards cooperation with the Council;’ https://www.europarl.europa.eu/doceo/document/TA-9-2024-0367_EN.html.
↑6	See the Mejiers Committee “Comment on the exercise and order of the Presidency of the Council of the EU”, published on 19 May 2023, https://www.commissie-meijers.nl/comment/comment-on-the-exercise-and-order-of-the-presidency-of-the-council-of-the-eu/.
↑7	Available at: https://www.movimentoeuropeo.it/images/documenti/VIKTOR_ORB%C3%81N_MUST_NOT_CHAIR_THE_COUNCIL_OF_THE_EUROPEAN_UNION_MEIT-FR-ES.pdf.
↑8	Available at: https://data.consilium.europa.eu/doc/document/ST-10716-2024-INIT/en/pdf.

The Council of Europe Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law: perhaps a global reach, but an absence of harmonisation for sure

by Michèle DUBROCARD (*)

On 15 March 2024, Ms Marija Pejčinović Burić, the Secretary General of the Council of Europe, made a statement, on the occasion of the finalisation of the Convention on Artificial Intelligence (AI), Human Rights, Democracy and the Rule of Law. She welcomed what she described as an ‘extraordinary achievement’, namely the setting out of a legal framework that covers AI systems throughout their lifecycles from start to end. She also stressed the global nature of the instrument, ‘open to the world’.

Is it really so? The analysis of the scope, as well as the obligations set forth in the Convention raise doubts about the connection between the stated intent and the finalised text. However, this text still needs to be formally adopted by the Ministers of Foreign Affairs of the Council of Europe Member States at the occasion of the 133rd Ministerial Session of the Committee of Ministers on 17 May 2024, after the issuing of the opinion of the Parliamentary Assembly of the Council of Europe (PACE)[1].

I- The scope of the Convention

It is no secret that the definition of the scope of the Convention created a lot of controversy among the negotiators[2]. In brief, a number of States, a majority of which are not members of the Council of Europe [3] but participated in the discussions as observers, essentially opposed the European Union, in order to limit the scope of the Convention to activities related to AI systems only undertaken by public authorities, and exclude the private sector.

Those observer States achieved their goal, presumably with the help of the Chair[4] and the Secretariat of the Committee on Artificial Intelligence (CAI), but they did it in a roundabout way, with an ambiguous wording. Indeed, the reading of both Article 1.1 and Article 3.1(a) of the Convention may lead to think prima facie that the scope of the Convention is really ‘transversal’[5], irrespective of whether activities linked to AI systems are undertaken by private or public actors:

– according to Article 1.1, ‘the provisions of this Convention aim to ensure that activities within the lifecycle of artificial intelligence systems are fully consistent with human rights, democracy and the rule of law.’

– according to Article 3.1(a),‘the scope of this Convention covers the activities within the lifecycle of artificial intelligence systems that have the potential to interfere with human rights, democracy and rule of law as follows’.

This impression is confirmed by the explanatory report, which states in par. 15 that ‘the Drafters aim to cover any and all activities from the design of an artificial intelligence system to its retirement, no matter which actor is involved in them’.

However, the rest of Article 3 annihilates such wishful thinking: as regards activities undertaken by private actors, the application of the Convention will depend on the goodwill of States. Better still, a Party may choose not to apply the principles and obligations set forth in the Convention to activities of private actors, and nevertheless be seen as compliant with the Convention, as long as it will take ‘appropriate measures’ to fulfil the obligation of addressing risks and impacts arising from those activities:

‘Each Party shall address risks and impacts arising from activities within the lifecycle of artificial intelligence systems by private actors to the extent not covered in subparagraph (a) in a manner conforming with the object and purpose of the Convention.

Each Party shall specify in a declaration submitted to the Secretary General of the Council of Europe at the time of signature or when depositing its instrument of ratification, acceptance, approval or accession how it intends to implement this obligation, either by applying the principles and obligations set forth in Chapters II to VI of the Framework Convention to activities of private actors or by taking other appropriate measures to fulfil the obligation set out in this paragraph. Parties may, at any time and in the same manner, amend their declarations’.

How should one interpret such a provision? It seems to allow Parties to submit a reservation on the private sector but, at the same time, it is not worded as a reservation per se. On the contrary, it establishes a sort of equivalence between the principles and obligations laid down in the Convention and ‘other appropriate measures’ to be taken by the Parties when addressing risks and impacts arising from activities related to AI systems undertaken by private actors. In other words, the Convention organizes the modalities of circumvention of the principles and obligations that yet constitute the core of its very object.

The result of such a provision is not only a depreciation of the principles and obligations set forth in the Convention, since it is possible to derogate from them for activities of private actors without derogating from the Convention itself, but it also creates a fragmentation in the implementation of the instrument. The uncertainty stemming from these declarations is aggravated by the possibility, for each Party, to amend its declaration at any time. Since there is no other specification, one could even imagine a situation where a Party could, in the first instance, accept to apply the principles and obligations set forth in the Convention to the private sector, but then, at a later stage, reconsider its initial decision and limit such application to the public sector only.

Instead of establishing a level playing field among the Parties, the Convention legitimizes uncertainty as regards its implementation, in space and time.

On the other hand, Article 3.2 clearly authorizes an exemption, requested this time by the European Union[6], for activities within the lifecycle of AI systems related to the protection of national security interests of Parties. However, according to the provision, such activities should be ‘conducted in a manner consistent with applicable international law, including international human rights law obligations, and with respect for its democratic institutions and processes’. In the framework of the Council of Europe, such an exemption is particularly surprising in the light of the case-law of the European Court of Human Rights, which has clearly interpreted the concept of ‘national security’[7]. Exempting from the scope of the Convention activities of AI systems related to the protection of national security interests seems therefore at best useless, if not conflicting with the obligations stemming from the European Convention on Human Rights.

In addition to national security interests, Article 3 foresees two more exemptions, namely research and development activities and national defence. Concerning research and development activities regarding AI systems not yet made available for use, Article 3.3 also includes what seems to be a safeguard, since the Convention should nevertheless apply when ‘testing or similar activities are undertaken in such a way that they have the potential to interfere with human rights, democracy and the rule of law’. However, there is no indication of how and by whom this potential to interfere could be assessed. The explanatory report is of no help on this point, since it limits itself to paraphrasing the provision of the article[8].

As regards matters related to national defence, the explanatory report[9] refers to the Statute of the Council of Europe, which excludes them from the scope of the Council of Europe. One can however wonder whether the rules of the Statute of Europe are sufficient to justify such a blanket exemption, especially in the light of the ‘global reach’ that the Convention is supposed to have[10]. Moreover, contrary to the explanations related to ‘national security interests’, the explanatory report does not mention activities regarding ‘dual use’ AI systems, which should be under the scope of the Convention insofar as these activities are intended to be used for other purposes not related to national defence.

II- Principles and obligations set forth in the Convention

According to the explanatory report, the Convention ‘creates various obligations in relation to the activities within the lifecycle of artificial intelligence systems’[11].

When reading Chapters II to Chapter VI of the Convention, one can seriously doubt whether the Convention really ‘creates’ obligations or rather simply recalls principles and obligations already recognized by previous international instruments. Moreover, the binding character of such obligations seems quite questionable.

II-A Principles and obligations previously recognized

A number of principles and obligations enshrined in the Convention refer to human rights already protected as such by the European Convention on Human Rights, but also by other international human rights instruments. Apart from Article 4 that recalls the need to protect human rights in general, Article 5 is dedicated to integrity of democratic processes and respect of rule of law[12], Article 10 is about equality and non-discrimination[13], Article 11 refers to privacy and personal data protection[14], and Articles 14 and 15 recall the right to an effective remedy[15].

Other principles are more directly related to AI, such as individual autonomy in Article 7, transparency and oversight in Article 8, accountability and responsibility in Article 9, and reliability in Article 12, but once again these principles are not new. In particular, they were already identified in the Organisation for Economic Co-operation and Development (OECD) Recommendation on AI, adopted on 19 May 2019[16].

This feeling of déjà vu is reinforced by the wording of the Convention: in most articles, each Party shall ‘adopt or maintain measures’ to ensure the respect of those principles and obligations. As duly noted in the explanatory report, ‘in using “adopt or maintain”, the Drafters wished to provide flexibility for Parties to fulfil their obligations by adopting new measures or by applying existing measures such as legislation and mechanisms that existed prior to the entry into force of the Framework Convention’[17].

The question that inevitably comes to mind is what the added value of this new instrument can be, if it only recalls internationally recognized principles and obligations, some of them already constituting justiciable rights.

Indeed, the mere fact that this new instrument deals with the activities related to AI systems does not change the obligations imposed on States to protect human rights, as enshrined in applicable international law and domestic laws. The evolution of the case law of the European Court of Human Rights is very significant in this regard. As we know, the Court has considered, on many occasions, that the European Convention on Human Rights is to be seen as ‘a living instrument which must be interpreted in the light of present-day conditions’[18]. Without much risk one can predict that in the future the Court will have to deal with an increasing number of cases involving the use of AI systems[19].

II-B A declaratory approach

One could try to advocate for this new Convention by emphasizing the introduction of some principles and measures which haven’t been encapsulated in a binding instrument, yet. Such is the case, for instance, of the concepts of transparency and oversight, to be linked to those of accountability and responsibility, reliability, and of the measures to be taken to assess and mitigate the risks and adverse impacts of AI systems.

However, the way these principles and measures have been defined and, above all, how their implementation is foreseen, reveal a declaratory approach, rather than the intention to establish a real binding instrument, uniformly applicable to all.

Moreover, the successive versions of the Convention, from the zero draft, to the last version of March 2024, reveal a constant watering down of its content: the provisions on the need to protect health and environment have been moved to the Preamble, while those aiming at the protection of whistleblowers have been removed.

In the light of the EU Artificial Intelligence Act[20], the current situation is almost ironic, since the Convention does not create any new individual right, contrary to the EU regulation, which clearly recognizes, for instance, the human overview as well as the right to explanation of individual decision-making. And yet, the general economy of the AI Act is based on market surveillance and product conformity considerations, while the Council of Europe Convention on AI is supposed to focus on human rights, democracy, and the rule of law[21].

So, what is this Convention about? Essentially obligations of means and total flexibility as regards the means to fulfil them.

– obligations of means:

A number of obligations in principle imposed on Parties are in fact simple obligations of means, since each Party is requested to ‘seek to ensure’ that adequate measures are in place. It is the case in Article 5, dedicated to the ‘integrity of democratic processes and respect for rule of law’. It is also the case in Article 15 on procedural safeguards, when persons are interacting with an artificial intelligence system without knowing it, in Article 16.3 in relation to the need of ensuring that adverse impacts of AI systems are adequately addressed, and in Article 19 on public consultation.

On the same vein, other articles include formulations which leave States with considerable room for manoeuvre in applying the obligations: as regards reliability, each Party shall take ‘as appropriate’ measures to promote this principle[22]. As regards digital literacy and skills, each Party shall ‘encourage and promote’ them[23]. Similarly, Parties are ‘encouraged’ to strengthen cooperation to prevent and mitigate risks and adverse impacts in the contexts of AI systems[24].

More importantly, it will be up to Parties to ‘assess the need for a moratorium or ban’ AI systems posing unacceptable risks[25]. One can only deplore the removal of former Article 14 of the zero draft, which provided for the ban of the use of AI systems by public authorities using biometrics to identify, categorise or infer emotions of individuals, as well as for the use of those systems for social scoring to determine access to essential services. Here again, the Convention is under the standards defined by the AI Act[26].

– the choice of the measures to be adopted:

First, one should note that from the first article of the Convention, flexibility is offered to the Parties as regards the nature of the measures to be adopted, if appropriate. Article 1.2 provides the possibility for each Party ‘to adopt or maintain appropriate legislative, administrative or other measures to give effect to the provisions set out in this Convention’.

Consequently, Parties might consider that their domestic system is fully compliant with this Convention without any change in their regulations. They could even consider that simple recommendations to public or private actors might be sufficient to fulfil their obligations under the Convention.

The wide leeway given to the States also explains the constant reference to the ‘domestic law’ [27]or to the domestic legal system[28] throughout the Convention. In particular Article 6, which constitutes a chapeau for the whole Chapter III, states that principles included in this Chapter shall be implemented by Parties ‘in a manner appropriate to its domestic legal system and the other obligations of this Convention’. Such a wording is not free from a certain ambiguity, since it might be interpreted as requiring, as part of their implementation, an adaptation of the principles set forth in the Convention to the pre-existing domestic law, and not the opposite.

Here again, with this constant reference to domestic laws intrinsically linked to the ‘flexibility’ given to the Parties, one can only deplore the lack of harmonisation of the ‘measures’ which might be adopted in accordance with the Convention.

– the absence of an international oversight mechanism:

It is true that Article 26 of the Convention lays down the obligation for each Party to establish or designate one or more effective mechanisms to oversee compliance with the obligations of the Convention. However, once again, Parties are free to choose how they will implement such mechanisms, without any supervisory control at the international level. The Conference of Parties, composed of representatives of the Parties and established by Article 23 of the Convention, won’t have any monitoring powers. The only obligation foreseen is – in Article 24- a reporting obligation to the Conference of the Parties, within the first two years after the State concerned has become a Party. But after this first report, there is no indication on the periodicity of the reporting obligation.

Conclusion

Despite the continuous pressure from the civil society[29] and the interventions of the highest authorities in the field of human rights and data protection[30], the final outcome of the negotiations is a weak text, based on very general principles and obligations. Some of them are even under the level of the standards recognized in the framework of the Council of Europe, in the light of the European Convention on Human rights and the case law of the European Court of Human Rights, as well as of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. Moreover, their application won’t be consistent among the Parties, due to a variable-geometry scope and a considerable margin of manoeuvre left to the Parties to implement the Convention.

Why so many concessions, in the context of negotiations held under the umbrella of the Council of Europe, which presents itself as the ‘continent’s leading human rights organisation’? The answer of the Council of Europe representatives is: ‘global reach’. So, should the hope to see States which are not members of the Council of Europe ratify the Convention justify such a lack of ambition?

Yet it is not the first time that an international binding instrument negotiated in the framework of the Council of Europe allows for a fragmented application of its provisions: the Second Additional Protocol to the Convention on Cybercrime[31] already provided some sort of ‘pick and choose’ mechanism in several articles. However, what could be understood in the light of the fight against cybercrime, is more difficult to accept in the framework of a Convention aiming at protecting human rights, democracy and the rule of law in the context of artificial intelligence systems.

It is possible that the negotiators could not achieve a better result, in view of the positions expressed in particular by the United States, Canada, Japan and Israel. In that case, the Council of Europe would have been better advised either to be less ambitious and drop the aim of a ‘global reach’, or wait a few more years until the ripening of the maturation of all minds.

(*) EDPS official: This text is the sole responsibility of the author, and does not represent the official position of the EDPS

NOTES

[1] The Opinion adopted by the PACE on 18 April 2024 includes several proposals to improve the text. See https://pace.coe.int/en/files/33441/html

[2] See an article published in Euractiv on 31 Jan 2024 and updated on 15 Feb 2024:…(https://www.euractiv.com/section/artificial-intelligence/news/tug-of-war-continues-on-international-ai-treaty-as-text-gets-softened-further/ )

See also the open letter of the representatives of the civil society:

https://docs.google.com/document/d/19pwQg0r7g5Dm6_OlRvTAgBPGXaufZrNW/edit, and an article of M. Emilio de Capitani: The COE Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law. Is the Council of Europe losing its compass? https://free-group.eu/2024/03/04/the-coe-convention-on-artificial-intelligence-human-rights-democracy-and-the-rule-of-law-is-the-council-of-europe-losing-its-compass/

[3] USA, Canada, Japan, Israel.

[4] See an article issued in swissinfo.ch – https://www.swissinfo.ch/eng/foreign-affairs/ai-regulation-is-swiss-negotiator-a-us-stooge/73480128

[5] The terms of reference of the CAI explicitly refers to the establishment of a ‘binding legal instrument of a transversal character’.

[6] See, for instance, an article in Euractiv ‘EU prepares to push back on private sector carve-out from international AI treaty’ – https://www.euractiv.com/section/artificial-intelligence/news/eu-prepares-to-push-back-on-private-sector-carve-out-from-international-ai-treaty/

[7] National security and European case-law: Research Division of the European Court of Human Rights- https://rm.coe.int/168067d214

[8] Paragraph 33 of the explanatory report : ‘As regards paragraph 3, the wording reflects the intent of the Drafters to exempt research and development activities from the scope of the Framework Convention under certain conditions, namely that the artificial intelligence systems in question have not been made available for use, and that the testing and other similar activities do not pose a potential for interference with human rights, democracy and the rule of law. Such activities excluded from the scope of the Framework Convention should in any case be carried out in accordance with applicable human rights and domestic law as well as recognised ethical and professional standards for scientific research’.

[9] Paragraph 36 of the explanatory report.

[10] In its opinion of 18 April 2024 the PACE suggested to only envisage a restriction. See above note 1.

[11] Paragraph 14 of the explanatory report

[12] these principles are closely linked to freedom of expression and the right to free elections: see in particular Article 10 of the European Convention on Human Rights and Article 3 of Protocol 1

[13] See in particular Article 14 of the European Convention on Human Rights and Protocol 12,

[14] See in particular Article 8 of the European Convention on Human Rights and the case law of the European Court of Human Rights, as well as Article 1 of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data.

[15] See in particular Article 13 of the European Convention on Human Rights.

[16] https://legalinstruments.oecd.org/en/instruments/oecd-legal-0449#mainText

[17] Paragraph 17 of the explanatory report.

[18] See Tyrer v United Kingdom 2 EHRR 1 at para. 31

[19] On 4 July 2023, the Third Section of the European Court of Human Rights delivered the first judgment on the compatibility of facial recognition technology with human rights in Glukhin v. Russia:

https://hudoc.echr.coe.int/eng#%22display%22:%5B2%5D,%22itemid%22:%5B%22001-225655%22%5D

[20] See Articles 14 and 86 of the AI Act – https://artificialintelligenceact.eu/the-act/

[21] ‘The Council of Europe’s road towards an AI Convention: taking stock’ by Peggy Valcke and Victoria Hendrickx, 9 February 2023: ‘Whereas the AI Act focuses on the digital single market and does not create new rights for individuals, the Convention might fill these gaps by being the first legally binding treaty on AI that focuses on democracy, human rights and the rule of law’. https://www.law.kuleuven.be/citip/blog/the-council-of-europes-road-towards-an-ai-convention-taking-stock/

[22] Article 12 of the Convention.

[23] Article 20 of the Convention.

[24] Article 25 of the Convention.

[25] Article 16.4 of the Convention.

[26] See Chapter II of the AI Act – https://artificialintelligenceact.eu/the-act/

[27] See Articles 4, 10, 11 et 15.

[28] See Articles 6 and 14.

[29] See in particular the open latter of 5 March 2024:

https://docs.google.com/document/d/19pwQg0r7g5Dm6_OlRvTAgBPGXaufZrNW/edit

[30] See the statement of the Council of Europe Commissioner for Human Rights:

https://www.coe.int/en/web/commissioner/-/ai-instrument-of-the-council-of-europe-should-be-firmly-based-on-human-rights

See also the EDPS statement in view of the 10th and last Plenary Meeting of the Committee on Artificial Intelligence (CAI) of the Council of Europe drafting the Framework Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law: https://www.edps.europa.eu/press-publications/press-news/press-releases/2024/edps-statement-view-10th-and-last-plenary-meeting-committee-artificial-intelligence-cai-council-europe-drafting-framework-convention-artificial_en

[31] Second Additional Protocol to the Convention on Cybercrime on enhanced co-operation and disclosure of electronic evidence- https://rm.coe.int/1680a49dab

The new proposal on the security of EU informations: transforming the EU “Bubble” in an EU “Fortress” ? (3)

3. How the INFOSEC proposal builds a wider, but still incomplete, legal framework for EU Classified informations (EUCI)

“The core of the proposed Regulation on the security of EU information (hereafter the INFOSEC proposal) concerns the creation and management of EU classified information (EUCI). In doing so, it substantially modifies Article 9 of Regulation 1049/2001, which deals with public access (or not) to so-called “sensitive documents”.

According to that article:

“Sensitive documents are documents originating from the institutions or the agencies established by them, from Member States, third countries or International Organizations, classified as ‘TRÈS SECRET/TOP SECRET’, ‘SECRET’ or ‘CONFIDENTIEL’ in accordance with the rules of the institution concerned, which protect essential interests of the European Union or of one or more of its Member States in the areas covered by Article 4(1)(a), notably public security, defense and military matters.”

Paragraph 3 of the same article also makes clear that: “Sensitive documents shall be recorded in the register or released only with the consent of the originator.”

Paragraph 7 says: “The Commission and the Council shall inform the European Parliament regarding sensitive documents in accordance with arrangements agreed between the institutions.”

It should be noted that Article 9 of Regulation 1049/2001 was a “fast and dirty” solution for a problem which arose in July 2000: Javier Solana, newly appointed Secretary General of the Council, negotiated with the new NATO Secretary General, Mr Robertson, an administrative arrangement with NATO on the exchange of classified information with the Council of the EU. However, that arrangement was challenged before the Court by the European Parliament (EP) and the Dutch government, because they considered that it limited a citizen’s fundamental right of access to documents, and exceptions to such fundamental right should have been framed by law.

At the time, the negotiation of Regulation 1049/01 was under the pressure of a deadline established in the Treaty. The reference to “sensitive” documents was added at the end of the legislative procedure and, because of this, the EP and the Dutch government withdrew their case before the Court.

Unfortunately, it was a Pyrrhic victory – it soon became clear that Article 9 of Regulation 1049/2001 was (and still is) a rather elusive and patchy framework for EU classified information.

A number of points can be made in this regard:

a) It does not regulate how the information should be classified and declassified in the interests of the EU, as opposed to the interests of the originator (whether that be a member State, EU institution, agency or body). Quite the contrary – by transferring the definition of these aspects to the internal security of each institution it paved the way to different standards and the very well-known risk of over classification.

b) It foresees a very weak framework for parliamentary oversight. By making reference to interinstitutional agreements and not codifying in secondary law the EP’s constitutional right to oversee classified information, it places the institution in an ancillary position. It is unfortunate that the EP has not fought until now to obtain treatment comparable to the one reserved for national parliaments with regard to their governments.

The solutions may be different, and special procedures and perhaps even special parliamentary bodies may be needed, but a stronger EP role is more than necessary because this lack of oversight will not be covered at national level – governments will declare that they are barred from revealing the information because it is classified at “European” level! Moreover, the instrument of an “interinstitutional agreement/arrangement” as currently foreseen by Article 295 of the Lisbon Treaty has strong constitutional limitations. As the Council Legal Service itself recognized in 2018: “The wording of the provision (NDR art.295 TFEU), and notably the use of the term ‘arrangements’, points to the fact that IIAs are instruments for regulating the modalities of cooperation and not for the regulation of substantive policy areas.”

It is thus quite surprising that, since the first Interinstitutional Agreement in 2002, the European Parliament has not asked for a sturdier legal basis for its oversight power.

With the adoption of the INFOSEC Regulation the situation will become even worse, because the EP will be obliged to negotiate interinstitutional agreements with all the other EU institutions, agencies and bodies if access to classified information is necessary for fulfilling its own constitutional role. From the outside, 21 years after the first interinstitutional agreement, the fact that the EP is still negotiating the revision of the 2002 interinstitutional agreement on access to classified information in the Common Security and Defence Policy (CSDP) area instead of creating a true legislative legal basis for its oversight may look to some like a form of Stockholm syndrome. To exit from such an impasse would not be wise for the European Parliament to study the more suitable model by looking at the experience of the major EU Member States and, even of the USA ?

c) Article 9 recognises, albeit only in the domain of “sensitive” documents and information, the so-called “originator privilege” or “author rule.” This is an exception to the general philosophy of Regulation 1049/2001, as made clear in Article 4(5):

“A Member State may request the institution not to disclose a document originating from that Member State without its prior agreement.” The point was, and still is, that the EU institutions may only by bound by law and not by the will of an “author”, even if it were an EU member state, a point confirmed in the jurisprudence of the Court of Justice of the EU.

What the INFOSEC proposal does is to transform the exception of the “originator principle” in a rule. But, by recognizing to each EU Institution, Agency and Body the power of classify information in the interest of the EU it does not establish a mechanism which may verify that the EU interest is adequately by the classification or if it has been abusively established. For instance, an oversight power may be recognized to the European Commission or to the Ombudsman to decide if a document/information created by the EU Agencies should be declassified.

Clear rules on this point at INFOSEC level, may prevent from happening, other “incidents”, such as the one which occurred between Europol, the Ombudsman and the Commission, in 2015 when the Ombudsman asked to inspect the report of Europol’s Joint Supervisory Body (JSB) on the implementation of the EU-US Terrorist Finance Tracking Programme Agreement ( see https://www.ombudsman.europa.eu/fr/case/en/42114 )

d) It does not foresee a judicial oversight of classified information. Today it is still up to the originator to decide whether or not to give the Court of Justice access to classified information. This is not a rhetorical question: it has already happened that the Council did’nt answer positively to a Court of Justice request of having access to classified informations. As Deirdre Curtin remind us in her essay Top Secret Europe: “…in the OMPI case (*) on the blacklisting of terrorists by the UN and within the EU context, the Court said clearly that the Council could not base its decision on information that is not revealed to the Court.” ( Case T-248/08, People’s Mojahedin Organization of Iran v Council (OMPI III) para 73). It is worth recalling that in some Countries such as the USA

e) It does not solve the problem of sharing of “sensitive information” between entities which have a legitimate “need to know.” Instead, as Article 9 is focused on the security of each author of “sensitive information” and does not refer to common legislative standards, this has been done until now by the Council. This institution remains the main creator and exchanger of classified information, and has imposed via bilateral agreements with all the other EU institutions, agencies and bodies its internal security rules which, in turn, mirror the NATO standards. It is because of the legal fragility of this “de facto harmonisation” that the Commission has decided to launch a legislative initiative establishing at secondary law level the principles which should be respected in this domain inside the EU.

However, the solution envisaged in the INFOSEC proposal still does not address the main weaknesses of Article9 of Regulation 1049/2001 nor the weaknesses of the Council Internal Security Rules which are proposed to become the common EU standard. . In fact, in some cases it makes the situation even worse.

A useful example can be seen in the EU security agreements with third countries and international organizations on the exchange of classified information foreseen by articles 55-68 of the INFOSEC proposal.

The proposal requires, as a rule, that these agreements be negotiated and concluded according to Article 218 of the Lisbon Treaty, which will finally give the possibility for the EP to give its consent and to be fully and timely informed of the agreements’ content. But INFOSEC foresees also the possibility of continuing with “executive” arrangements which can be negotiated not only by the Council but also by other EU Institutions, agencies and bodies without associating the EP. That exclusion of the EP has been , unfortunately, until now the case and dozens of international agreements have been negotiated by the Council using Article 13 of its internal security rules as a legal basis.

Now, if the INFOSEC proposal is adopted not only the Council but also all the other EU Institutions Agencies and bodies will have a legal basis for negotiating and concluding these executive “arrangements”. It would be wise to make clear in the INFOSEC proposal that the arrangements shall foresee that, because of the EU’s constitutional framework, no veto can be exercised over the transmission of classified information to the EP and to the CJEU.

4. Summing up: by endorsing the INFOSEC legislative proposal is the EP shooting on its Foot ?

National identity versus European identity: from the acquis communautaire to the European Union’s Rule of law

by Ezio PERILLO (former Judge of the EU General Court)

The acquis is the EU identity, but not only

No longer in fashion, the principle of the acquis communautaire is still an essential part of the Union’s legal order. It encompasses the entire EU legal legacy on which this order has been formed since its creation, including the judgments of the Court. The acquis contains, above all, the five cardinal principles of the European legal order, those ruled by the Van Gend & Loos and Costa/Enel famous judgments. The autonomy, the direct effect and primacy of its law, its uniform interpretation and, finally, its direct and effective judicial protection. It was ahead of its time in the ’60!

This arsenal of European principles, rules and jurisprudence, constitutes, nowadays, the very identity of the European Union.

Already provided by Article 3 of the Treaty of Amsterdam (1999), the acquis is at present inserted, although no longer with its concise French formula, in Article 13 TEU, which states: “the Union shall have an institutional framework which shall aim to promote its values, advance its objectives, serve its interests, those of its citizens and those of the Member States, and ensure the consistency, effectiveness and continuity of its policies and actions“. These same obligations are also incumbent on the Member States. Article 2 of the last act of accession to the European Union, the Croatian one (2013), provides, along the same lines as the previous ones, that “from the date of accession, the provisions of the original Treaties and of the acts adopted by the institutions before accession [including the judgments of the Court of Justice] shall be binding on Croatia and shall apply in that State to the conditions laid down in those Treaties and in this Act”.

Therefore, in order to join and then legitimately stay in the Union, every Member State, old or new, must accept and comply with the binding nature of the acquis.

The acquis is also part of each Member State’s identity

Since its accession to the Union, each Member State has changed, treaty after treaty, its own legal profile, i.e. its constitutional identity, having unanimously assumed, in their legal order, the Treaties provisions, the principles and rules of the acquis communautaire. Let’s consider, for instance, that national citizens are also, by law, European citizens. It follows that the national identity of each Member State is, nowadays, not only that inherent to their constitutional and political structures (see Art.4 TEU), but also, to a large extent, that deriving from their European affiliation.

Ultimately, the acquis communautaire constitutes, on the one hand, the identity of the European Union, and also, on the other hand, the identity of each Member State, although only in part. After Lisbon, however, this famous French formula has disappeared from the Treaties provisions, even if it remains in those of the EU accession acts. I propose therefore to rename it here as the “European Rule of law” (or the “Rule of law of the European Union”).[1]

The European Rule of law

The reason of this name is quite simple. L’État de droit, das Rechtsstaat and the Rule of law, even if they are notions not exactly similar to one another, all refer to a national State dimension and not to a supranational or international dimension. Their main objectives are to guide every public authority towards a constitutional and correct exercise of their prerogatives and to prevent them from arbitrarily acting in the name of an alleged “sovereign” legal status.

Thus, when in a legal order, such as that of the European Union, its institutions have been charged, by the Masters of the Treaties, to “serve its interests, those of its citizens and those of the Member States”, this legal system must also have its own Rule of law, like any other legal order. In this perspective, what would have been called the acquis communautaire in the past, has now become the European Rule of law.

A principle or a value?

In a supranational order such as the European one, the values referred to in Article 2 TEU are not values belonging to the Union since its origin, simply because they have been “attributed” thereto, as a legal heritage, by the Masters of the Treaties.

Indeed, for the founding States of the Union, these values are irreplaceable, legal assets and guarantees too, strenuously acquired by their citizens through several, terrible wars. Values that are, today, solemnly engraved in their Constitutions or Fundamental Laws, also in those of the others Member States which joined the Union later. For these and other reasons, the Masters of the Treaties wanted the Union to be also founded on these values[2], which its institutions, like the national ones, must accept and promote (see Article 13 TEU, cited above).

That said, these universal values are not, legally speaking, the same thing as the principles of EU law, although the Masters of the Treaties use them without distinction, sometimes as values sometimes as principles (see, for instance, the second and forth whereas of the Preamble to the Treaties, or Article 21 TUE where it is stated that “ the Union’s action on the international scene shall be guided by the principles which have inspired its own creation, development and enlargement and which it seeks to advance in the wider world: democracy, the rule of law, the universality and indivisibility of human rights …” ).

By the way, according to the first whereas of the preamble to the EU Charter, the Union is, on the one hand, “founded on the indivisible, universal values of human dignity, freedom, equality and solidarity”, and is, on the other, “based on the principles of democracy and the rule of law”.

Therefore, values do found orders because they are fundamental legal assets that are not available to any public power, be it royal, republican, federal or European. Legal principles, instead, do ensure a legal basis to these orders, as they guide the public institutions’ actions and protect the citizens from any kind of arbitrary use of the State’s prerogatives.

But, above all, the difference between values and principles resides in how to legally control their compliance. As provided for in Article 7 TEU, breaches of the values referred to in Article 2 TEU can be determined only by the European Council, and the Council may, consequently, suspend certain of the European rights of the State concerned, including its voting rights. Therefore, the Court of Justice has no jurisdiction to review, on the merits, the legality of these decisions. Indeed, pursuant to Article 269 TFEU, the Court, in these cases, has jurisdiction solely to the extent that it shall check compliance with the procedural requirements provided for by the aforementioned Article 7 TFEU. Ultimately, in the EU legal order, control over compliance with the founding values of the Union is a political prerogative, while supervising compliance with the EU legal principles is, needless to say, a jurisdictional remit.

Thus, in this legal frame, the ‘European Rule of law’ is, like its prior acquis communautaire, a binding principle of EU law, also for the Member States, and it is up to the Court of Justice to ensure its due and full legal control.

National identity versus European identity: quid juris?

In its judgment of 22 February 2022, C-430/21 (Court of Appeal of Craiova, Rumania) the Court of justice ruled that if a Constitutional Court considers that an EU provision infringes its country’s national identity, it must stay the proceedings and make a preliminary reference to the Court of justice. Indeed, also in relation to article 4, §2, TUE, this Court has exclusive jurisdiction to declare an EU act invalid for non-compliance with one’s national identity. An EU act, by the way, that should be declared invalid only in the Member State concerned, in a sort of limited EU invalidity.

Still, in a National versus European identity case, the Court of Justice should be bound – I guess – by the description given by the referring Constitutional court as to the national identity at stake. The margins of appreciation become here very narrow.

Let’s then consider a different approach: in such cases, which of the two respective obligations comes first? Requiring the Union to comply with national identity or imposing to the country concerned to adhere to the EU’s identity?

Well, could one argue that in order to claim the infringement of its own national identity, the country involved should first prove that it has fully respected EU’s identity, i.e. the European Rule of law, which has obviously priority over national law, i.e. over its internal Rule of law? And if this is the case, shouldn’t the national jurisdiction, ruling on the dispute, disapply the internal provisions conflicting with the European Rule of law?

The answer? The answer is not blowing in the wind and can be given by the Court.

NOTES

[1] In similar terms, see, Olivier Audéoud, “ L’acquis communautaire, du mythe à la pratique, in, Revue d’études comparatives Est-Ouest, 2002, n. 33-3, pp. 67-77.

[2] Article 2 TEU so provides. “The Union is founded on the values of respect for human dignity, freedom, democracy, equality, the rule of law and respect for human rights… These values are common to the Member States in a society in which pluralism, non-discrimination, tolerance, justice, solidarity and equality between women and men prevail”.

(EU LAW ANALYSIS) Temporary Protection for Ukrainians in the EU? Q and A

Professor Steve Peers, University of Essex

*updated March 2 2022 to include the Commission proposal for use of the temporary protection Directive, and guidance for applying EU external borders law.

Among the many big developments over the last few days in response to the Russian invasion of Ukraine, there was an important potential asylum law measure – the possible use of the EU’s temporary protection Directive, a legal framework for mass influxes of people needing protection dating back to 2001 but never used.

According to the EU Council, there was ‘broad support’ for this idea among EU home affairs ministers meeting informally on February 27, and the Commission will propose doing so ‘without delay’. The Commission duly made this proposal on March 2. (I’ll update this blog post again when and if the Council adopts it). What does this mean for the hundreds of thousands – if not millions – of people now fleeing the invasion of Ukraine?

Which Member States does it apply to?

EU asylum law in principle applies to all Member States, except for the UK, Ireland and Denmark, which had an opt out from the Directive. The UK chose to opt in – although obviously this is now moot in light of Brexit. Ireland initially opted out, then opted in to the Directive in 2003. Denmark remains outside the scope of the Directive.

The parallel guidance on applying EU external borders law applies to all Member States except Ireland (because the other EU Member States that do not apply Schengen fully apply EU external borders rules in the meantime), and Schengen associates (Norway, Iceland, Switzerland and Liechtenstein).

Note that EU Member States waived short-term visa requirements for Ukrainians back in 2017 already. This law applies to all Member States (and Schengen associates) except Ireland; and Ireland has recently waived short-term visa requirements for Ukrainians unilaterally.

Who is covered by temporary protection?

The Directive applies to a ‘mass influx’ of ‘displaced persons’. A ‘mass influx’ is defined as:

…arrival in the [EU] of a large number of displaced persons, who come from a specific country or geographical area, whether their arrival in the [EU] was spontaneous or aided, for example through an evacuation programme;

‘Displaced persons’ are defined as:

…third-country nationals or stateless persons who have had to leave their country or region of origin, or have been evacuated, in particular in response to an appeal by international organisations, and are unable to return in safe and durable conditions because of the situation prevailing in that country, who may fall within the scope of Article 1A of the Geneva Convention or other international or national instruments giving international protection, in particular:

(i) persons who have fled areas of armed conflict or endemic violence;

(ii) persons at serious risk of, or who have been the victims of, systematic or generalised violations of their human rights;

‘Article 1A of the Geneva Convention’ refers to the definition of ‘refugee’ under the UN Refugee Convention – ie a well-founded fear of persecution on grounds of race, religion, political opinion, nationality or particular social group – although note that the Directive does not necessarily apply only to those who fall within that refugee definition (‘who may fall within’). Those fleeing Ukraine can point to the ‘armed conflict’ ground of the ‘displaced persons’ definition in this Directive – although note that the list of the two groups who are covered by the Directive is not exhaustive (‘in particular’), meaning that other groups of people might meet the definition too.

Note also that the Directive only applies to those leaving ‘their country or region of origin’. This ought to cover both Ukrainian citizens and non-Ukrainians who can argue that their ‘origin’ is in Ukraine (‘origin’ is not further defined). That scope is broader than the Refugee Convention, which applies where a person is: ‘outside the country of his [or her] nationality and is unable or, owing to such fear, is unwilling to avail himself [or herself] of the protection of that country’ (or, if stateless, of their country of habitual residence).

Conversely, this means that the Directive does not apply to those whose ‘origin’ is not Ukraine. This might mean that it is interpreted to exclude non-Ukrainian citizens who have moved to Ukraine in recent years. But many of them still need to flee the invasion – and hopefully their need to flee and immediate humanitarian requirements will be recognised even if they technically fall outside the scope of the Directive.

The scope of the Commission proposal is ‘the following categories of persons displaced as of 24 February 2022 following the military invasion by Russian armed forces on that date:’

(a) Ukrainian nationals residing in Ukraine;

(b) Third-country nationals or stateless persons residing legally in Ukraine and who are unable to return in safe and durable conditions to their country or region of origin; The requirement of inability to return in safe and durable conditions to their country or region of origin shall not apply to third-country nationals or stateless persons who have been legally residing on a long-term basis in Ukraine.

(c) family members of the persons referred to in points (a) and (b), regardless of whether the family member could return in safe and durable conditions to his or her country or region of origin.

The proposal defines family members as, ‘in so far as the family already existed in Ukraine at the time of the circumstances surrounding the mass influx’:

(a) the spouse of a person referred to in points (a) or (b) of paragraph 1 or their unmarried partner in a stable relationship, where the legislation or practice of the Member State concerned treats unmarried couples in a way comparable to married couples under its law relating to aliens;
(b) the minor unmarried children of a person referred to in points (a) or (b) of paragraph 1 or of his or her spouse, without distinction as to whether they were born in or out wedlock or adopted;
(c) other close relatives who lived together as part of the family unit at the time of the circumstances surrounding the mass influx, and who were wholly or mainly dependent on a person referred to in points (a) or (b) of paragraph 1 at the time.

However, the guidance on applying external borders law applies to others fleeing the invasion too. It suggests that the usual criteria for entry across the external borders could be waived for anyone fleeing the conflict, and states that:

Member States should ensure that non-Ukrainian third country nationals, other than those covered by the scope of the Temporary Protection Directive or who have a right to stay in the Union on the basis of other grounds, transit to their countries of origin or usual residence after entry. So as to avoid situations of illegal stay, Member States are encouraged to provide – if needed – assistance for their repatriation or regularisation, as appropriate. The Frontex Standing Corps can be deployed to support these assisted departures.

How is temporary protection set up?

The Directive is just a framework for a possible temporary protection system. A temporary protection regime is not established automatically, but only after the Council (ie Member States’ home affairs ministers), acting by a qualified majority on a proposal from the Commission, agrees that there is a mass influx of displaced persons.

The Council Decision setting up temporary protection has to be based on:

(a) an examination of the situation and the scale of the movements of displaced persons;

(b) an assessment of the advisability of establishing temporary protection, taking into account the potential for emergency aid and action on the ground or the inadequacy of such measures;

The European Parliament must be informed of the decision, but does not have a vote beforehand.

The Council decision must specifythe groups of persons covered, although Member States can extend the regime to other groups displaced for the same reasons and from the same country or region of origin. But if they do so, the financial support provided for in the Directive will not apply to such groups.

Also, the Council decision must set out when temporary protection takes effect; ‘information received from Member States on their reception capacity’; and ‘information from the Commission, UNHCR and other relevant international organisations’.

How many people will it apply to?

The numbers covered by temporary protection are not necessarily unlimited. Member States must ‘indicate – in figures or in general terms – their capacity to receive’ displaced persons. The Council decision setting up temporary protection must set out these numbers. Later on Member States ‘may’ declare that they have more reception capacity. The Commission proposal does not include numbers.

If the numbers who are ‘eligible for temporary protection’ is higher than the numbers that Member States have said they can accept, ‘the Council shall, as a matter of urgency, examine the situation and take appropriate action, including recommending additional support for Member States affected’.

If the numbers are exceeded, then (implicitly) Ukrainians not covered by temporary protection can still make asylum applications – but one could imagine that in this scenario, Member States would struggle to manage the numbers concerned.

How long will it last?

The starting point is that temporary protection is one year long, although it can be terminated early if the Council (ie Member States’ home affairs ministers) decides to end it, on a qualified majority vote on a proposal from the Commission, if the Council has established that conditions in the country of origin have improved sufficiently so ‘as to permit the safe and durable return’ of the beneficiaries.

It is automatically extended for further periods of six months to a two-year maximum. A further extension for up to a third year is possible, again on a qualified majority vote on a proposal from the Commission.

What rights do people covered by temporary protection have?

Member States must issue residence permits for the duration of temporary protection. For those not yet on the territory, they must issue visas to ensure that they can enter. If a person remains on or seeks to enter the territory of another Member State without authorization during the temporary protection period, Member States must take them back.

Member States must permit temporary protection beneficiaries to take up employment or self-employment, but they may give priority to EU citizens and EEA nationals, as well as legally resident third-country nationals receiving unemployment benefit. The ‘general law’ regarding remuneration, social security, and other conditions of employment in each Member State applies.

As for social welfare and housing, Member States must ‘ensure that persons enjoying temporary protection have access to suitable accommodation or, if necessary, receive the means to obtain housing’, and ‘shall make provision for persons enjoying temporary protection to receive necessary assistance in terms of social welfare and means of subsistence, if they do not have sufficient resources, as well as for medical care’ – which ‘shall include at least emergency care and essential treatment of illness’. There is also an obligation to ‘provide necessary medical or other assistance to persons enjoying temporary protection who have special needs, such as unaccompanied minors or persons who have undergone torture, rape or other serious forms of psychological, physical or sexual violence.’

For education, Member States must give ‘access to the education system under the same conditions as nationals of the host Member State’ for those under 18, but may confine this to the state education system. Admission of adults to the general education system is optional.

Member States have to authorize entry of family members, ‘in cases where families already existed in the country of origin and were separated due to circumstances surrounding the mass influx’. But this only applies to ‘core’ family members:

(a) the spouse of the sponsor or his/her unmarried partner in a stable relationship, where the legislation or practice of the Member State concerned treats unmarried couples in a way comparable to married couples under its law relating to aliens; the minor unmarried children of the sponsor or of his/her spouse, without distinction as to whether they were born in or out of wedlock or adopted;

Admission of a broader group of family members is only optional, ‘taking into account on a case by case basis the extreme hardship which they would face if the reunification did not take place’:

(b) other close relatives who lived together as part of the family unit at the time of the events leading to the mass influx, and who were wholly or mainly dependent on the sponsor at the time.

Note that the Directive clarifies that Member States may adopt more favourable rules for persons covered by temporary protection.

Finally, there is a right to ‘mount a legal challenge’ to exclusion from temporary protection or family reunion. CJEU case law on other EU migration law makes clear that this means access to the courts.

How does temporary protection relate to asylum applications?

Temporary protection ‘shall not prejudge’ refugee recognition under the Refugee Convention. It will be possible to apply for asylum ‘at any time’.* Any asylum application not processed by the end of the temporary protection period has to be processed afterwards.

Moreover, Member States can deter applications for asylum by providing that a person cannot hold temporary protection status simultaneously with the status of asylum-seeker (the reason that this would deter applications is that asylum-seekers usually have fewer rights than temporary protection beneficiaries would have). But if an application for asylum or other protection status fails, a Member State must continue to extend temporary protection status to the beneficiary.

Member States may exclude a person from the benefit of temporary protection on grounds identical to the Refugee Convention exclusion clauses (ie war crimes/crimes against humanity, serious non-political crimes, or acts against the principles and purposes of the UN), or the Refugee Convention clauses on exclusion from non-refoulement (ie ‘there are reasonable grounds for regarding him or her as a danger to the security of the host Member State or, having been convicted by a final judgment of a particularly serious crime, he or she is a danger to the community of the host Member State’). Exclusions ‘shall be based solely on the personal conduct of the person concerned’, and must be ‘based on the principle of proportionality’.

What happens once temporary protection expires?

Once the temporary protection regime ends, the ‘general laws’ on protection and on foreigners apply, ‘without prejudice’ to certain specific provisions in the Directive. Arguably the reference to the ‘general laws’ must now be understood as a reference not only to the relevant national legislation, but also to EU rules on asylum and the EU’s Returns Directive, which were adopted after the temporary protection Directive.

For those applying for asylum, that means that the definitions of refugee and subsidiary protection in the EU’s qualification Directive will apply, along with the procedural rules in the procedures Directive and the rules on the status of asylum seekers in the reception conditions directive. The EU’s Dublin rules will determine in which Member State an application is made, although the temporary protection Directive includes some (unclear) additional rules on that issue.

It’s also possible that Ukrainians could obtain another form of legal status, under the national or EU laws on legal migration (EU law has partly harmonised national laws on this issue).

Those who do not obtain legal status via an immigration or asylum route will in principle have to leave. The specific rules in the temporary protection Directive concerning return first of all provide for rules on voluntary return. Many (but not all) Ukrainians would likely wish to return voluntarily anyway, if the situation improves; but it’s anyone’s guess if it will do.

There is an express possibility of enforced return of persons after the regime has ended, but such return must be ‘conducted with due respect for human dignity’, and Member States ‘shall consider any compelling humanitarian reasons which may make return impossible or unreasonable in specific cases’. They must also ‘take the necessary measures concerning’ residence status of former beneficiaries of temporary protection ‘who cannot, in view of their state of health, reasonably be expected to travel; where for example they would suffer serious negative effects if their treatment was interrupted’. Specifically, those persons ‘shall not be expelled so long as that situation continues.’ Finally on the issue of return, Member States have discretion over whether to let children complete their school year.

Comments

It remains to be seen if Member States agree to the Commission proposal to establish temporary protection, and if so what the details are – in particular, how many people are covered by it. When the Directive was adopted back in 2001, there was concern among asylum specialists that it might undercut the Refugee Convention, in particular providing a possibility for Member States to set up a system with a lower standard of protection instead of considering asylum applications.

In practice, the EU has since adopted two phases of asylum laws, and concern has turned to how they are applied in practice – in particular as regards pushbacks from the territory and collaboration with dubious non-EU countries like Libya, to keep asylum-seekers from reaching the EU. In contrast to this hostility, a temporary protection system may be welcome – although it would be in stark contrast with the often unpleasant and unjustifiable treatment of others fleeing war or persecution.

Photo credit: Leonhard Lenz, via Wikimedia Commons

*Corrected on Feb 28 2022 to drop the statement that ‘Member States may delay consideration of an application for Convention refugee status until the temporary protection has ended’. In fact the Directive does not explicitly provide for this as such – although as noted, if a Member State chooses not to permit the status of asylum seeker concurrently with that of temporary protection, in practice this is likely to deter asylum applications as long as temporary protection applies.

(EP Research Service) The Commission’s Rule of Law Report and the EU Monitoring and Enforcement of art. 2 TEU Values.

by Prof. Laurent PECH; Senior Research Fellow, Petra BÁRD, Associate professor, Eötvös Loránd University, Faculty of Law; Researcher, CEU Department of Legal Studies and CEU Democracy Institute; Fernand Braudel Fellow, European University Institute

EXECUTIVE SUMMARY (LINK TO THE FULL REPORT)

Background

Rule of law backsliding represents a major, existential challenge for the EU as it structurally endangers the foundations of the EU as a Union based on the rule of law and fundamentally threatens the functioning of the EU’s interconnected legal order. To address the EU’s worsening rule of law crisis and more broadly, the unprecedented and spreading attempts by some national authorities to organise the systemic undermining of EU’s shared foundational values, the European Parliament proposed a new EU mechanism in 2016 to better monitor and enforce the values of democracy, the rule of law and fundamental rights (DRF mechanism).

Instead of embracing the European Parliament’s proposal, the Commission designed its own new annual European Rule of Law Mechanism. The European Rule of Law Mechanism provides an annual process for dialogue on the back of an Annual Rule of Law Report (ARoLR) which the Commission has presented as a new preventive tool. Launched for the first time in 2020, the ARoLR takes the form of twenty-seven country chapters and an umbrella report presenting an overview of the situation of the rule of law situation across the EU. To date, the ARoLR has focused on four “pillars”: (i) national justice systems; (ii) national anti-corruption frameworks; (iii) media pluralism; and (iv) other institutional checks and balances.

The Commission’s ARoLR differs in many respects from the European Parliament’s DRF proposal. Most importantly, the ARoLR foresees lesser involvement for other EU institutions and does not provide for any formal involvement of external experts. It is also narrower in the sense that its scope is more limited as it does not directly cover democracy and fundamental rights; does not (yet) include country specific recommendations and does not automatically lead to the adoption of specific Council conclusions and a Parliament resolution.

This study offers a critical assessment of the Commission’s ARoLR within the broader context of the EU’s DRF architecture, and formulates recommendations in order to address the ARoLR’s negative features identified by the present authors: the creation of false expectations; the use of euphemistic language; the lack of context and connected failure to see the wood for the trees; the denial of (autocratic) reality and resulting category errors; the emphasis on “dialogue no matter what”; and finally, the opportunity costs and possible displacement effect the ARoLR has had on enforcement. This is not to say that a number of positive features cannot be identified. The ARoLR can indeed be commended for offering a compelling definition of the rule of law; a clear outline of why the rule of law matters; a broadly suitable selection of relevant “pillars” and main sources of information; and increasing the political saliency of the rule of law.

Recommendations

This study’s main recommendations summarised below aim to remedy the ARoLR’s identified gaps and shortcomings in the short to medium term. On the long term, it is recommended that renewed consideration is given to

(i) the extension of the ARoLR’s scope so that all Article 2 TEU values are subject to annual monitoring given that these values must be viewed as interconnected, interdependent and mutually reinforcing;

(ii) the extensive involvement of an expert panel and

(iii) the adoption of automatic legal and/or financial actions when country specific recommendations (which the third edition of the ARoLR is expected to contain for the first time) are not fully and promptly addressed.

Considering the Commission’s continuing opposition to the adoption of a mechanism akin to the Parliament’s proposed DRF mechanism, this study has prioritised the elaboration of recommendations which can be actioned in the short to medium term with the view of improving the effectiveness of the ARoLR without fundamentally changing its current scope and structure.

Recommendations on methodology:

• A better preparation and publication cycle should be organised and in particular, the same time window should be used each year so that planning can be done ahead of the timeline’s official publication in respect of the next edition of the ARoLR;

• The Commission should promptly publish the input documents they receive from national governments so as to enable experts and civil society groups to fact check them as soon as possible;

• The Commission should be mindful of deliberate attempts to deceive it by those engaged in the systemic dismantlement of checks and balances and their proxies, such as government-organised non-governmental organisations (GONGOs). In this respect, it is recommended that the Commission provides clearer details than currently regarding country visits and interviews; selection of stakeholders, information selection, as well as greater protection for government critiques, especially those based in countries subject to an ongoing Article 7 procedure;

• The Commission should elaborate on the indicators taken into account for assessing the rule of law situation in each of the Member States and should aim to undertake a comprehensive assessment of the same elements based on the same indicators in all country chapters;

• The Commission should seek to take better account of the data and findings from relevant indices such as the Worldwide Governance Indicators (WGI) project, the World Justice Project Rule of Law Index, or the Varieties of Democracy (V-DEM) project;

• The involvement of an expert panel/network of external experts and/or the EU Fundamental Rights Agency should be considered if only at first to merely provide feedback to the Commission and help inter alia with methodological issues.

Recommendations on scope and structure:

• As long as the ARoLR is not extended to cover other foundational values enshrined in Article 2 TEU, the Commission should at a minimum better link the ARoLR with the values of democracy and fundamental rights and connected EU action plans and other strategies, considering the interconnected and mutual reinforcing nature of Article 2 TEU values. Scrutiny over judicial independence for example could extend to the evaluation of fair trial rights, access to justice, equality before the law in national case law;

• New civic space pillar: As long as the ARoLR does not fully encompass all the Article 2 TEU values, the Commission should also consider adopting a fifth pillar dedicated to monitoring national developments relating to civic space considering the crucial importance of civil society when it comes to maintaining and protecting a democratic and pluralist society as well as a proper functioning of public life;

• New Article 7 section: The insertion of a new Article 7 TEU state of play section in the umbrella report is recommended so as to better highlight in a transversal way the evolution of the situation in the countries which have already been identified as being on an autocratisation pattern following the activation of one of the procedures laid down in Article 7 TEU;

• New EU chapter: In addition to the country chapters, the publication of a new EU chapter is recommended with the drafting of this report to be done either by the EU Fundamental Rights Agency and/or a new panel or network of academic experts.

Recommendations regarding effectiveness and follow up:

• The ARoLR should better outline countries’ rule of law adherence over a sufficient long period of time and highlight cross-cutting trends at EU level. This could be done inter alia by taking into account and summarise key data and findings from relevant indices such as the Worldwide Governance Indicators (WGI) project, the World Justice Project Rule of Law Index, or the Varieties of Democracy (V-DEM) project;

• In order to better identify threats and violations of the rule of law and make non-compliance with court judgments a recurrent, more salient and costly issue for relevant national authorities, in addition to the forthcoming new country specific recommendations, the ARoLR ought to include data and information regarding non-compliance (or bad faith implementation) with CJEU orders and judgments but also national and ECtHR orders and rulings which concern any issue relating to any of the ARoLR’s pillars;

• To guarantee better follow up, the ARoLR (including the country-specific recommendations) should be more directly aligned with other rule of law tools and procedures, such as infringement procedures and the Rule of Law Conditionality Regulation 2020/2092, so that remedial action could be more swiftly, consistently and effectively organised in situations where national authorities ignore or violate relevant recommendations;

• The adoption of urgent reports ought to be considered so as to allow for a prompt and formalised answer from the Commission in a situation where national rule of law related developments are indicative of a serious danger; if state action results in the violation of individual rights on a mass scale or if state action amounts to irreversible or systemic threat to or violation of the rule of law;

In addition to or alternatively to the suggested adoption of urgent reports, the Parliament should consider requesting the Commission to present a mid-year assessment of the state of compliance (or non-compliance) with the ARoLR’s country-specific recommendations, with the Commission to be also requested to specify how non-compliance will be dealt with.

(LINK TO THE FULL REPORT)

VERFASSUNGSBLOG : A cautious green light for technology-driven mass surveillance

The Advocate General’s Opinion on the PNR Directive

by Christian Thönnes

Yesterday, on 27 January 2022, Advocate General (AG) Pitruzzella published his Opinion (“OP”) in the Court of Justice of the European Union’s (CJEU) preliminary ruling procedure C-817/19. The questions in this case pertain to Directive (EU) 2016/681 of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime (in short: PNR Directive) and its compatibility with EU primary law.

In his Opinion (which, besides the Press Release (“PR”), was only available in French at the time of writing), the AG, while criticizing the PNR Directive’s overbroad data retention period and its lack of clarity and precision in certain points, generally considers the PNR Directive to be “compatible with the fundamental rights to respect for private life and to the protection of personal data” (PR). His arguments are not convincing.

Certainly, much more can and will be written about this case in general and the Opinion in particular. This entry can only shine a light on some of the AG’s major arguments. In so doing, it shall point out why, in my opinion, the CJEU would do well not to follow the AG’s recommendations. Instead, I believe the PNR Directive is incompatible with Articles 7 and 8 of the EU Charter of Fundamental Rights (CFR). Consequently, it ought to be invalidated.

What the AG has to say about the PNR Directive

The PNR Directive obliges EU Member States to require air carriers to transmit a set of data for each passenger to national security authorities, where they are subjected to automated processing against pre-existing databases (Art. 6 § 3 letter a) and “pre-determined criteria” (Art. 6 § 3 letter b), which contain (allegedly) suspicious flight behaviors (such as a mismatch between luggage and length of stay and destination, see the Commission’s Evaluation Report, point 5.1, in order to identify potential perpetrators of serious crimes or acts of terrorism (a more detailed description of the Directive’s workings can be found in paras 9-18 of the AG’s Opinion or here).

The AG points to certain (limited) problems with the Directive’s wording. Firstly, he contends that point 12 of Annex I, enabling “General Remarks” to be included in PNR data sets, fail to “satisfy the conditions of clarity and precision laid down by the Charter” (PR, also para 150 OP). He also considers the Directive’s five-year-retention period for PNR data excessive and proposes that this period be limited to cases where “a connection is established, on the basis of objective criteria, between those data and the fight against terrorism or serious crime” (PR, also para 245 OP). In addition, he provides clarifying criteria for the relevancy of databases under Art. 6 § 3 letter a (para 219 OP), regarding the applicability of the GDPR (para 53 OP) as well as collisions with the Schengen Borders Code (para 283 OP). He also demands that, due to their lack of transparency, (at least some) “machine-learning artificial intelligence systems” (PR), should not be used for pre-determined criteria (para 228 OP).

The most resounding message of his Opinion, however, is that the PNR Directive’s mass retention and processing regime is “relevant, adequate and not excessive in relation to the objectives pursued” (PR) and thus compatible with Articles 7 and 8 CFR. He therefore recommends to let it stand, albeit with some interpretative limitations (para 254 OP).

Incompatibility with Digital Rights Ireland and its successors

The AG’s reasoning in support of the PNR Directive’s proportionality relies on his central finding that “the Court’s case-law on data retention and access in the electronic communications sector is not transposable to the system laid down by the PNR Directive” (PR). He is referring to decisions like Digital Rights Ireland, Tele2 Sverige and Quadrature du Net, in which the CJEU had laid down strict limits on governments’ power to collect and process telecommunications data. Notably, it posited that “the fight against serious crime […] and terrorism […] cannot in itself justify that national legislation providing for the general and indiscriminate retention of all traffic and location data should be considered to be necessary for the purposes of that fight” (Tele2 Sverige, para 103; also Digital Rights Ireland, para 51). Instead, the CJEU required that in order to be considered “limited to what is strictly necessary […] the retention of data must continue nonetheless to meet objective criteria, that establish a connection between the data to be retained and the objective pursued” (Tele2 Sverige, para 110).

Evidently, the PNR Directive would clash with these criteria – were they found to be applicable. The collection and automated processing of PNR data is completely indiscriminate. Given Member States’ universal extension to EU domestic flights, it affects all European flight passengers, regardless of their personal histories and independently of a potential increased domestic threat situation (this is proposed as a possible criterion in Quadrature du Net, para 168). The use of pre-determined criteria is not, like the comparison against existing databases, aimed at recognizing known suspects, but at conjuring up new suspicions (see EU Commission PNR Directive Proposal, SEC(2011) 132, p. 12). Also, taking a flight is a perfectly ordinary form of human behavior. There is no empirically demonstrated connection to the perpetration of serious crimes or acts of terrorism (in para 203, the AG presupposes such a “lien objectif” without providing any evidence exceeding anecdotal intuitions about terrorism and human trafficking) and the PNR Directive, given its broad catalogue of targeted crimes, is not limited to dangers caused by air traffic. What behavior will be targeted next? Visiting the museum? Going to a rock concert? Belgium, for example, has already expanded the PNR Directive’s scope to international trains, busses and ferries (Doc. parl., Chambre, 20152016, DOC 54-2069/001, p.7).

Good reasons for applicability

It thus is quite clear: Should Digital Rights Ireland and its successors apply, the PNR Directive is in trouble. Now, why wouldn’t their criteria be transposable? The AG’s arguments mainly turn on a perceived difference in sensitivity of PNR data, compared to telecommunications meta-data. The latter, the AG explains, contain intimate information of users’ private lives (para 195, 196), and almost uncontrollable in their scope and processing because everyone uses telecommunication (paras 196, 198). Moreover, because they are used for communication, telecommunications data, unlike PNR data, have an intrinsic connection to fundamental democratic freedoms (para 197). PNR data, on the other hand, he opines, are limited to a delineated life domain and narrower target groups because fewer people use planes than telecommunication (paras 196, 198).

Under closer examination, this comparison falls apart. Firstly, PNR data contain very sensitive information, too. As the CJEU has pointed out in his Opinion 1/15 regarding the once-envisaged EU-Canada PNR Agreement, “taken as a whole, the data may, inter alia, reveal a complete travel itinerary, travel habits, relationships existing between air passengers and the financial situation of air passengers, their dietary habits or state of health” (para 128). Unlike the AG (see para 195 in his Opinion), I can find no remarks in Opinion 1/15 that would relegate PNR data to a diminished place compared to telecommunications data. But secondly, and more importantly, the AG fails to consider other factors weighing on the severity of the PNR Directive’s data processing when compared against the processing of Directive 2006/24/EC and its siblings: The method and breadth of processing and the locus of storage.

Only a small minority of telecommunication datasets, upon government requests in specific cases (see Articles 4 and 8 of Directive 2006/24/EC), underwent closer scrutiny, while the vast majority remained untouched. Under the PNR Directive, however, all passengers, without exception, are subjected to automated processing. In so doing, the comparison against pre-determined criteria, as the AG points out himself (para 228 OP), can be seen as inviting Member States to use self-learning algorithms to establish suspicious movement patterns. Other EU law statutes like Art. 22 GDPR or Art. 11 of Directive 2016/618, as well as comparable decisions by national constitutional courts (BVerfG, Beschluss des Ersten Senats vom 10. November 2020 – 1 BvR 3214/15 -, para 109) are inspired by an understanding that such automated processing methods greatly increase the severity of respective interferences with fundamental rights. Moreover, while telecommunications data were stored on telecommunication service providers’ servers (to whom users had entrusted these data), PNR data are all transferred from air carriers to government entities and then stored there.

Hence, there are good reasons to assume that the data processing at hand causes even more severe interferences with Articles 7 and 8 CFR than Directive 2006/24/EC did. It thus follows, that the case law of Digital Rights Ireland should apply a fortiori.

An inaccurate conception of automated algorithmic profiling and base rate fallacy

There are other problems with the AG’s reasoning; completely untangling all of them would exceed this space. Broadly speaking, however, the AG seems to underestimate the intrinsic pitfalls of unleashing predictive self-learning algorithms on datapools like these. The AG claims that the PNR Directive contains sufficient safeguards against false-positives and discriminatory results (para 176 OP).

Firstly, it is unclear what these safeguards are supposed to be. The Directive does not enunciate clear standards for human review. Secondly, even if there were more specific safeguards, it is hard to see how they could remedy the Directive’s central inefficiency. That inefficiency does not reside in the text, it’s in the math – and it’s called ‘base rate fallacy’. The Directive forces law enforcement to look for the needle in a haystack. Even if their algorithms were extremely accurate, false-positives would most likely exceed true-positives. Statistics provided by Member States showing extremely high false-positive rates support this observation. The Opinion barely even discusses false-positives as a problem (only in an aside in para 226 OP). Also, it is unclear how the antidiscrimination principle of Art. 6 § 4 is supposed to work. While the algorithms in question may be programmed in way to not process explicit data points on race, religion, health etc., indirect discrimination is a well-established problem of antidiscrimination law. Both humans and algorithms may just use the next-best proxy trait. (see for example Tischbirek, Artificial Intelligence and Discrimination).

Now, the AG attempts to circumvent these problems by reading the PNR Directive in a way that prohibits the use of self-learning algorithms (para 228 OP). But that interpretation, which is vaguely based on some “système de garanties“ (para 228 OP), is both implausible – it lacks textual support and the pile of PNR data is amassed precisely to create a use case for AI at EU borders – and insufficient to alleviate this surveillance tool’s inherent statistical inefficiency.

This cursory analysis sheds light on some of the AG’s Opinion’s shortcomings. It thus follows that the CJEU should deviate from Pitruzzella’s recommendations. The PNR Directive, due to the severity of its effects and its inherent inefficiency in fulfilling its stated purpose, produces disproportionate interferences with Articles 7 and 8 CFR. It ought to be invalidated.

Between 2017 and 2021, the author worked for the German NGO “Gesellschaft für Freiheitsrechte”, among other things, on a similar case (C-148/20 to C-150/20) directed against the PNR Directive.

IS THERE A FUTURE FOR THE EU’S AREA OF FREEDOM, SECURITY AND JUSTICE? A PLAN TO BUILD BACK TRUST

by CAMINO MORTERA-MARTINEZ

REBLOGGED FROM THE INTERNET SITE OF THE CENTRE FOR EUROPEAN REFORM / LINK : https://www.cer.eu/publications/archive/policy-brief/2022/there-future-eus-area-freedom-security-and-justice

SUMMARY

The past 15 years have not been kind to two great icons of European integration: the common currency with its accompanying passport-free Schengen area and area of freedom, security and justice (AFSJ).
Much like the eurozone between 2008 and 2015, the EU’s area of freedom, security and justice has gone through a series of shocks over the past seven years, whether they relate to migration, asylum policies, security concerns or the rule of law. But, unlike the EU’s single currency area, there have been limited efforts to fix the AFSJ’s multiple shortcomings.
To date, the EU has dealt with each crisis separately. This was reasonable while each problem was manageable on its own and had little or no spill-over to other parts of the EU project. But this is no longer a sustainable strategy. All the AFSJ crises are related and they all need fixing quickly. The EU should find inspiration in how it dealt with the twin financial and eurozone crises.
So far, Schengen and the AFSJ have weathered a migration crisis, several terrorist attacks, and a pandemic because EU countries have mostly been happy to co-operate with each other and trusted each other’s systems.
But it is becoming clear that countries have very different ideas about who should be allowed in and how; what an independent judiciary is; and what should be the relationship between EU law and national constitutions.
The EU does not need to come up with flashy new plans to reform Schengen every two or three years. Instead, EU leaders should focus on the underlying problem: the waning trust between member-states and the impact that this lack of trust on co-operation.
The most important consequence of the bloc’s gradual loss of mutual trust may be the gradual exclusion of some EU countries from the Union’s common legal space. That space includes not only police and judicial co-operation, but also the single market.
The EU will not solve its trust problem through new laws or court rulings, because the problem stems from political, rather than legal, differences. Instead, the EU should focus on rethinking the way the AFSJ works and clarifying the compromises it involves. One way forward could be to draw inspiration from the European Semester and the EU’s post-pandemic recovery fund.
The EU should come up with a ‘European Justice Semester’, which would help to rebuild trust in three ways. First, it would establish a permanent and clearer link between policies related to Schengen, like the free movement of people, and policies related to the wider area of AFSJ like the independence of the judiciary. Second, it would make it harder for countries to backslide. And third, it would allow the EU to anticipate, prepare and deal with issues of mutual trust faster and better.
The European Council could hold a special summit on the future of Schengen and the AFSJ. The result could be a baseline plan which includes a monitoring mechanism based on the eurozone’s European Semester and the post-pandemic recovery fund.
Such plan would include a set of pre-agreed standards that all member-states should abide by. These standards should be drawn up by the Council of Ministers and the European Commission, approved by the European Parliament and endorsed by the European Council.
The Commission could use these standards to monitor trends, for example of judicial reforms, and issue clear guidelines. Member-states would need to present national plans roughly every two years explaining how they would comply with those guidelines.
National AFSJ plans should be approved by the Council of Ministers. The Commission would then review those plans and come up with country recommendations, which should be approved by the Council of Ministers. Member-states should commit to follow those recommendations.
EU governments and the European Commission could set up dedicated teams to ensure regular communication between Brussels and EU capitals; and an early warning mechanism to spot problems before they become unmanageable, similar to the six-month review devised for the disbursement of the recovery fund.
EU member-states should agree on a warning procedure that would apply to countries which have been found to repeatedly deviate from the standards. Such a procedure could end with a suspension of EU funds or with a temporary ‘freezing’ of the recalcitrant country’s participation in certain EU laws, like the European Arrest Warrant.
To work, a European Justice Semester cannot be a purely procedural plan, driven solely by the EU institutions. Such a plan would need the highest-level political backing and broad public support every step of the way. A European Justice Semester should focus on performance, solidarity and accountability.

BRIEFING

During the first decade of the 21st century, the prospects for European integration looked bright. This was particularly true for two of the icons of integration: the common currency, and the passport-free Schengen area. The 2010s were not kind to either; so far, the 2020s have not been kind to anything at all. As a result of the COVID-19 pandemic, countries have put borders back up. The politics of migration remain toxic and EU countries have not been able to agree on common policies. Despite a number of shocking terrorist attacks, the likelihood of falling victim to terrorism in Europe is extremely small. Even so, terrorism and crime are amongst the top ten concerns of European citizens, according to the European Commission, and feature regularly in electoral campaigns across the EU.1 Meanwhile, the EU’s reliance on a common legal space, in which shared rules are interpreted predictably by independent courts, has been challenged by assaults on the independence of the judiciary in several member-states. Furthermore, the Union’s post-pandemic recovery fund may be susceptible to corruption and, if the money is misspent, anti-EU forces will profit.

Much like the eurozone between 2008 and 2015, the EU’s area of freedom, security and justice has gone through a series of shocks over the past seven years, whether they relate to migration, asylum policies, security concerns or the rule of law. But, unlike the EU’s single currency area, there have been limited efforts to fix the AFSJ’s multiple shortcomings. Instead, both EU governments and the EU institutions have chosen to follow a piecemeal strategy, treating each blow to the Union’s AFSJ as an isolated incident. This has made sense until now, as it is an easier sell to voters to separate migration issues from, say, the rule of law. But it is not a sustainable strategy anymore.

EU leaders can no longer pretend that the EU’s common borderless legal area is doing well.

All of the AFSJ’s crises are related. The reason why EU countries have close police and judicial co-operation links and, at least on paper, a common set of rules governing asylum and migration, is that they need to reduce the risks that would otherwise arise in a Union without internal border checks. Schengen and the AFSJ form the bloc’s common borderless legal area. A shock to Schengen has an immediate ripple effect on the AFSJ.

EU leaders and the EU institutions can no longer pretend that the EU’s common borderless legal area is doing well. The EU needs a new plan to make it more resilient. This plan must include regular performance checks and a set of rights and obligations that finally simplifies the link between Schengen and the AFSJ. Such a plan would need a serious commitment from both EU governments and the Brussels institutions, but would not require changing the treaties.

This policy brief looks back at the AFSJ’s difficult decade. It argues that the EU needs to clarify the relationship between Schengen and the bloc’s common legal space, and draws lessons from the eurozone crisis, calling for the EU to set up a ‘European Justice Semester’ to protect the AFSJ.

This is the last paper of a series on the future of EU justice and home affairs. It examines some ideas that have been discussed at meetings of the Amato group, a reflection group of experts on justice and home affairs policies, run by the Centre for European Reform, chaired by former Italian Prime Minister Giuliano Amato and supported by the Open Society European Policy Institute (OSEPI). It has been meeting since 2014. This paper tries to capture the main take-aways of the group’s work over the past seven years.

THE EU’S DECADE OF UNREST AND RELAXATION

EU justice and home affairs (JHA) comprises a set of policies intended to help EU countries manage the side-effects of closer economic integration and the abolition of border controls. As member-states gradually lifted checks on people, goods, capital and services, both law-abiding Europeans and criminals became more mobile. The free movement of capital made laundering money easier. The development of the internal market also meant that more people from different nationalities were getting married, divorced, having children, signing or ending contracts, buying and selling property and, in general, entering into legal transactions in other countries. Meanwhile, both asylum-seekers and other sorts of migrants were arriving in Europe in growing numbers, and looking to settle.2

The 1999 Amsterdam treaty responded to these developments by saying that one of the EU’s main objectives should be “to maintain and develop the Union as an area of freedom, security and justice, in which the free movement of persons is assured in conjunction with appropriate measures with respect to external border controls, asylum, immigration and the prevention and combating of crime.”3

Spurred by a general optimism about European integration and the pressing need to improve police and judicial co-operation in Europe following terrorist attacks in Madrid and London in 2004 and 2005, the Lisbon treaty, which entered into force in December 2009, gave new powers to the EU institutions. The Commission was given the power to propose laws on a wide range of topics such as migration, asylum, criminal law and police co-operation. The Council of Ministers and the European Parliament could each amend, reject or approve those proposals, which, once accepted, would become EU laws and fall under the supervision of the European Court of Justice (ECJ).

From 1999 to the mid-2010s, JHA remained a relatively obscure part of EU policy which accordingly attracted very little public interest. In hindsight, it all began to turn sour in 2014.

Faced with increasing arrivals of leaky boats overcrowded with people fleeing bloody conflicts in Syria and Libya, the Italian government of then-prime minister Enrico Letta launched ‘Mare Nostrum’, a search and rescue operation, in 2013. Other EU countries then accused Italy of encouraging people to risk their lives crossing to Europe by sea in unsafe ships operated by people smugglers, and the EU convinced Letta to replace ‘Mare Nostrum’ with the much smaller ‘Operation Triton’ in 2014. Triton had no mandate to search for and rescue distressed boats proactively. In April 2015, around 700 people died in a shipwreck off the coast of the Italian island of Lampedusa. In September of that year, the image of three-year-old Syrian boy Alan Kurdi lying lifeless on a Turkish beach made headlines around the world. Public attention turned to Europe’s perceived inability to deal with migrants and asylum-seekers, who were often conflated.

The migrant shipwreck tragedy in Lampedusa was a turning point for the future of the EU project.

The tragedy in Lampedusa was a turning point for the EU: the Union has been at the centre of a heated political debate about borders, human rights and Europe’s economy ever since. National politicians began to frame migration debates as a zero-sum choice between open borders for all and ‘fortress Europe’. EU governments and the Brussels institutions eventually fell into the trap of adopting this dichotomy, creating the most serious border crisis in the EU’s history.

In 2015 and early 2016, over a million people crossed into Europe as the conflict in Syria intensified and Libya’s failed state became a safe haven for smugglers. Quickly, it became apparent that member-states did not see eye-to-eye. Some felt they were bearing a disproportionate burden in protecting Schengen’s external borders; some felt they were taking in more than their fair share of asylum-seekers; and some did not want to accept would-be refugees at all. The bitter political debates that ensued deepened the fault lines between front-line and destination member-states. The disagreements about quotas, solidarity and shared responsibility also entrenched another dividing line that had been developing for a while, this time between Central and Western Europe over respect for the rule of law and fundamental rights.

While Hungary’s Viktor Orbán had been toying with the idea of “illiberal democracy” since 2014, the EU’s rule of law stand-off began in earnest four years ago.4 In December 2017, the Commission launched a disciplinary proceeding against Poland under Article 7 of the Lisbon treaty, for breaching EU values. Article 7 proceedings can end with the suspension of the offending state’s voting rights in the Council of Ministers. In October 2018, the European Parliament initiated proceedings against Hungary for the same reason.5 But neither of the two disciplinary actions has got very far: they require unanimous agreement in the Council, minus the offending state. Even if 25 states agreed to sanction Poland or Hungary, one of that pair would still be able to block action against the other. Meanwhile, both the European Commission and the European Parliament have become worried about democratic backsliding in other countries, too: in Slovenia, the government of Orbán’s ally, Janez Janša, has been clamping down on media freedom and NGOs. In Romania and Bulgaria, fears over corruption and respect for fundamental rights are piling up.

Twenty twenty-one may have been the bumpiest year yet for the rule of law in Europe. In December 2020, the EU passed a law (the ‘conditionality mechanism’, in EU jargon) that would stop payments from the EU’s budget and recovery fund to countries that do not respect the rule of law. The Commission has not yet triggered this mechanism because, to overcome Warsaw and Budapest’s threat to veto the bloc’s recovery fund, EU governments promised them that the law would not be used until the ECJ had had the time to review it. But, to put pressure on Poland and Hungary, the Commission has instead delayed the release of recovery fund money (which is separate from the general EU budget) to both countries, over concerns about widespread corruption and a captured judiciary. Over the past 12 months, the ECJ has ruled repeatedly that the Polish government has breached EU law with its judicial reforms – and Warsaw has, also repeatedly, refused to comply with the Luxembourg court’s rulings.6 The stand-off came to a head in October when the Polish Constitutional Tribunal ruled that parts of the EU treaties were incompatible with the Polish constitution, sparking fears of a ‘Polexit’.

The Polish Constitutional Tribunal tried to piggyback on a relatively new trend: the rise of the eurosceptic courts. The Romanian and German constitutional courts, the Danish Supreme Court and the French Conseil d’État have in recent years all questioned the validity of EU law or the legitimacy of ECJ rulings.7 Spain’s otherwise reliably pro-EU judiciary has been debating the usefulness of the European Arrest Warrant (EAW) since a judge in Germany refused the extradition of the fugitive Catalan independence movement leader Carles Puigdemont.8 And Slovenia only nominated its required two delegated prosecutors to the European Public Prosecutor’s Office (EPPO, a body with powers to prosecute crimes related to the EU budget) in November 2021, six months after the office started operations. Ljubljana’s two nominees are not even confirmed yet – with Janša clarifying that they are just “temporary appointments”.9

EU justice and home affairs, once the preserve of academics and officials, has become a political battleground.

COVID-19 has further complicated matters. While most headlines rightly focus on the human and economic costs of the pandemic, the spread of the virus has created much collateral damage – including to Schengen and the EU’s single market. At the beginning of the pandemic, member-states restored, or extended, passport checks;10 and the EU imposed an entry ban on non-EU citizens. Both were not entirely unreasonable measures but were decided and applied in a hurry and rather incoherently across the EU.11 As a result, member-states grew wary of each other – questioning the ability of other European governments to deal with the crisis. More worryingly, many EU countries introduced serious and unco-ordinated restrictions on the free movement of European citizens – or banned it altogether. While the EU has to some extent managed to harmonise member-states’ criteria for when EU citizens are allowed to travel (notably through the introduction of an EU-wide COVID-19 vaccination passport), many restrictions on movement remain in place. At the time of writing, in January 2022, several member-states have re-instated lockdowns and/or other restrictions on movement within and across their borders. Border controls persist in many EU countries.

EU justice and home affairs, once the preserve of a handful of lawyers, academics and officials, has become a political battleground. Migration, security (including health security) and EU values are amongst the most contentious issues of EU policy – and ones which can win or lose elections at home. Collectively, they have created new rifts within the EU or aggravated pre-existing fault lines. The EU and its member-states tolerated Orbán’s antics until the 2015-2016 migration crisis exposed a new and important rift between Eastern and Western member-states.12 The crisis also mirrored the divisions that became apparent during the eurozone crisis between 2010 and 2012: frugal, more economically conservative member-states like Germany, Sweden and the Netherlands are also the EU’s biggest recipients of both labour migrants and asylum-seekers, while their southern, more indebted and fiscally dovish counterparts like Italy, Greece and Spain are the countries where migrants and asylum-seekers first arrive.

The row over the rule of law has intensified the split between the original EU-15 and countries which joined the EU after 2004. While security remains less divisive, as most EU countries agree that they should co-operate to combat crime and terrorism, the topic has become entangled in broader discussions over the EU’s borders, Europe’s values and political posturing over the place of religion in Europe. The European Commission even has a dedicated Commissioner for ‘promoting our European way of life’ whose portfolio includes security.

To date, the EU has dealt with each of these crises separately. This was reasonable while each problem was manageable on its own and had little or no spill-over to other parts of the EU project. But there are clear links between the EU’s migration, security and rule of law woes.

ALL ROADS LEAD TO SCHENGEN

There is a reason why all of the AFSJ’s crises seem to be happening at the same time, or in very close succession: they are connected. It is naïve to think that sizeable migration flows will not affect the way that Europeans think about security; and it is plain wrong to believe that migration, border and security issues will not spill over into other parts of EU policy-making, such as the recovery fund and the rule of law. The only reason why the EU has an area of freedom, security and justice in the first place is because of Schengen. In the words of a senior EU official, “without Schengen, laws governing criminal and civil co-operation in Europe, as well as police and intelligence collaboration, would be nice-to-have, not a must-have.”

There is a reason why all AFSJ’s crises are happening at the same time: they are connected.

To date, Schengen has managed to weather a migration crisis, several terrorist attacks and a pandemic because of two things: it involves the sharing of benefits and burdens; and it presupposes a high degree of mutual trust between its members.13 But that trust has eroded in recent years. And both the EU institutions and the member-states seem to have forgotten, or outright ignored, the compromises that are required to make Schengen work.

To benefit from the abolition of border controls between member-states, governments had to introduce so-called compensatory measures, like boosting controls on the EU’s external borders, exchanging law enforcement information through common databases and improving police and judicial co-operation between themselves.14 All these measures are based on the assumption that, by following common rules and standards, EU countries’ border, police and judicial systems will eventually become so similar that further checks will become unnecessary. This is the starting point of the AFSJ, which is based on the same principles as the original Schengen treaty (an inter-governmental treaty signed in 1985 and later expanded and transformed into EU law), but goes beyond it by including mechanisms for judicial co-operation in several areas of law, like criminal, civil and commercial law. These mechanisms include the EAW, which makes it easier to extradite criminals across the EU, and the European Investigation Order (EIO), which allows one country to carry out criminal investigations on behalf of another. Mutual recognition (in this case of each other’s goods and services) is also the modus operandi of the EU’s single market. Not coincidentally, both Schengen and the single market grew in parallel in the 1990s.

Neither Schengen nor the EU’s single market can work without trust. While the single market seems unscathed for now (with the exception of Brexit and a continuing row over lower quality products making their way eastwards), things are not looking up for the AFSJ. It is becoming clear that – despite the AFSJ’s large body of common standards – countries have very different ideas about who should be allowed in and how; what an independent judiciary is; and what the relationship between EU law and national constitutions should be.

The EU does not need to come up with flashy new plans to reform Schengen every two or three years, as it has since the migration crisis. Instead, EU leaders should focus on the underlying problem: the waning trust between member-states and the impact this lack of trust has on the area of freedom, security and justice.

WHY WANING TRUST IS A PROBLEM

Every EU crisis over the past ten years has been to some degree the result of diminishing trust between its member-states. Each of those crises has in turn fed suspicions and made countries more wary of each other. Not all the crises originate in the EU’s deficient AFSJ arrangements. But all of them have had an impact on the bloc’s area of freedom, security and justice. Take the eurozone crisis. Greece’s near-exit from the euro in 2015 unexpectedly shaped Europe’s initial response to the refugee crisis.15 In 2016, with Athens seemingly unable to control the massive flows of people trying to cross to Europe by sea, talk of a mini-Schengen, which would not include Greece, grew louder in the corridors of Brussels. Having once been accused of almost pushing Greece out of the single currency, then German Chancellor Angela Merkel was “determined not to let Greece fall again” in the words of one of her senior aides. To end the crisis without having to push Greece out of Schengen, Merkel struck a surprise deal with Turkey to return rejected asylum-seekers from Greece.

Beyond the obvious blow to the European project, the most important consequence of the bloc’s gradual loss of mutual trust is that, eventually, it may lead to the exclusion of some EU countries from the Union’s common legal space. That space includes police and judicial co-operation but also the single market: goods, people and, to an extent, services and capital move freely in the EU because citizens and companies alike rely on EU-wide standards, including court rulings. If the judiciary gets captured in a member-state, both civil and criminal law co-operation will become more difficult; businesses will be wary of setting up shop in a country where they may be subject to arbitrary laws; and people’s personal decisions, on issues such as buying a house, having kids or changing jobs, will be affected too.

The EU will not restore trust by laws or court rulings alone, because this is a political problem.

Currently, there is no formal mechanism in place to expel a country from the AFSJ. But there are two ways this can happen. The first is through a de facto exclusion of a member-state from EU judicial co-operation schemes. This is already happening when, for example, national courts stop the transfer of asylum-seekers from Germany and elsewhere back to Greece or Italy because of abysmal reception conditions. Another example is when courts in several EU countries refuse to extradite wanted people to a member-state where the courts are not perceived as independent, or where the government is distrusted by other member-states. After the UK triggered Article 50 of the Lisbon treaty to start its exit from the EU, several judges across the Union refused to extradite people there, as it was unclear whether EU law would apply to those suspected or convicted of crimes during and after Brexit. As the situation of the judiciary in Poland, Hungary and Romania has deteriorated, various European courts have refused extradition requests, as they considered that suspects’ fundamental rights might not be respected in those countries. While the ECJ has, for now, stopped blanket prohibitions on extradition (as opposed to decisions in individual cases) because of declining judicial standards, this may change in the future, especially if Poland continues openly to defy ECJ rulings.16 In any case, the Luxembourg court already allows member-states to suspend extradition if they have evidence that the rights of the suspect may not be respected – something which should not be too difficult to argue in view of the ECJ’s latest rulings on the independence of the Polish judiciary and the Commission’s own assessment of the situation in Poland, Hungary and Romania.

The second way to suspend an EU country’s membership of the bloc’s single legal area is more tricky, but not impossible. In a recent paper for the Centre for European Political Studies (CEPS), a think-tank, respected Hungarian EU law professor Petra Bárd and former Polish Ombudsman Adam Bodnar argue that the Polish Constitutional Tribunal’s October ruling should trigger a formal suspension of all AFSJ laws based on mutual recognition in Poland.17 The authors suggest that this could be done either by the EU institutions or by the ECJ. There is no article in the treaties allowing for such a suspension. But there is no article in the treaties which explicitly rules it out, either – in fact, the European Parliament has suggested that the three EU institutions (Commission, Parliament and Council) could take such a decision, if they found ‘systemic deficiencies’ in a given country after conducting regular joint reviews of the state of the rule of law in each EU member-state.18 The ECJ could, on paper, issue a ruling after concluding one of the many cases it is now examining, declaring the suspension of one or more of these laws in certain member-states. But recent case law on the suspension of European Arrest Warrants in Poland indicates that this is unlikely to happen.

The ECJ’s main problem is that, if it ruled that one or more EU laws were not applicable to an EU country because its courts lacked independence, this would make it very difficult for that country’s judges to seek the ECJ’s help when dealing with matters of EU law. All national courts are allowed to submit questions to the ECJ if they think there may be a contradiction between EU and national rules; or if they are looking to clarify obscure points of EU law. A ruling to exclude a country from mutual recognition laws would automatically imply that national judges would not be allowed to continue business as usual, including asking for preliminary rulings.19 This would have a ripple effect on the bloc: because the ECJ would not be able to interpret questions of EU law in one country, it would not be able to ensure the uniform application of EU law across all member-states.

Suspending parts of the EU acquis would be difficult and may have unintended effects. For example, suspending membership of Schengen if a country cannot guarantee that its judiciary is fully independent would be a more effective stick than the Article 7 procedure and would ensure that Schengen rights and obligations are clear to all members. But such a move, even if temporary, would be tricky: one of the benefits of Schengen is that it makes it easier for European citizens to move around the Union, in turn boosting support for the EU project.

The EU will not solve its trust problem by laws or court rulings alone, because this is a problem that stems from political, rather than legal, differences. Rebuilding trust will require a higher level of accountability over how AFSJ policies are enacted at a national level. The problem is not necessarily the result of bad faith. There is, more simply, a general lack of understanding of the provisions of the Union’s AFSJ and a lack of ambition to clarify them. Eventually, this could become a very big problem. If Europeans do not find a way to restore a shared understanding of the rules, trust that they will be enacted proportionately and that violations will be penalised, the EU’s fault lines will deepen and governments will further question the logic of open borders and security co-operation. Citizens may start to wonder what the point of the EU is, after all.

In the future, the EU should focus on rethinking the way the AFSJ works and clarifying the compromises it involves. This is no easy task. But EU leaders and the EU institutions could find inspiration in one of the ways the Union dealt with the twin financial and eurozone crises in the first part of the last decade.

FINDING HOPE IN A STRANGE PLACE: HOW THE EUROZONE CRISIS COULD HELP FIX THE EU’S AREA OF FREEDOM, SECURITY AND JUSTICE

In 2008, the world economy experienced a steep downturn when parts of the American and European financial sectors collapsed. In the EU, some member-states fared worse than others. In Greece, Portugal, Italy and Spain, the crisis exacerbated long-standing structural problems and added sky-rocketing public debt to create a perfect storm. Investors lost confidence in the creditworthiness of several of the EU’s member-states.20 As a result, many people lost trust in the eurozone altogether: the EU’s ambitious common currency came close to collapsing.

The EU institutions should to do ‘whatever it takes’ to keep the AFSJ afloat.

In an attempt to lower public debt and to regain the confidence of financial markets, member-states imposed large cuts in public spending, which took a heavy economic toll on Southern European countries. The crisis forced leaders to confront the trade-offs inherent in the single currency – between shared rules, costs and benefits – and eventually, with a lot of help from the European Central Bank, they managed to stabilise the currency.

There are parallels between Schengen, and its accompanying AFSJ, and the eurozone. Both are extremely ambitious projects in the absence of an overarching federal state. Both feature consistently amongst the most popular aspects of the EU (a single currency and passport-free travel). And both have proved to be unprepared to absorb shocks (be it a global economic crisis, a pandemic or a sudden surge in migration); and are plagued by repeated failures of member-states to abide by the rules (on deficit and debt limits, border controls, or judicial independence). But while the euro crisis instilled a sense of doom in Europe’s political elites and forced them into action, this sense of urgency has so far been missing from the EU’s AFSJ.

It is now time for the EU institutions to do ‘whatever it takes’ to keep the AFSJ afloat. A good starting point would be to set up a European Justice Semester for the EU’s area of freedom, security and justice.

The financial and sovereign debt crises exposed the failures of the EU’s monetary and macroeconomic policies. To fix them, the Union changed fiscal rules and passed new laws governing the co-ordination of fiscal and macroeconomic policies. The EU also set up more stringent oversight mechanisms, for example the common supervision of Europe’s largest banks. To streamline the regular co-ordination of Europe’s economic policy, the EU created the European Semester.

Starting in November each year, the European Commission, together with the Council of Ministers, scrutinise economic trends and individual member-states’ policies, and recommend areas for reform. EU countries then submit national plans to Brussels, explaining how they are going to follow the Commission’s recommendations. The recommendations cover a wide range of policies, from employment to childcare and civil justice. The Commission assesses the national plans, and issues specific recommendations to each of the EU-27 – and additional recommendations for eurozone members. The Council of Ministers then discusses the recommendations, which have to be endorsed by EU leaders before their adoption. In case of non-compliance, the EU can require additional monitoring, impose fines and even freeze EU funding to the offending country – though that has not yet happened. A decision to fine a country is deemed to be approved unless a qualified majority of member-states disagrees with it (a procedure known as reverse qualified majority voting). Countries which have signed the so-called Fiscal Compact, a treaty on fiscal stability, have also agreed that other decisions, such as deeming that one country has breached the rules, can also be taken by reverse qualified majority voting.

The European Semester also has a role in the disbursement of the post-pandemic recovery fund to EU countries. To qualify for recovery money, EU countries need to send their national spending plans to the European Commission, which scrutinises them and decides whether or not to grant funding. To perform this analysis, the Commission looks at many indicators, including the European Semester’s country recommendations. If the national plans do not comply with the rules of the recovery fund, European Semester recommendations, and the rule of law provisions of the conditionality mechanism, the Commission may delay the release of funds or stop it altogether – as is currently the case with Hungary and Poland.

A review mechanism called ‘European Justice Semester’ could combine elements of the European Semester and the recovery fund.

Of course, neither the EU’s economy nor the eurozone are perfect, nor have the new rules magically fixed all their problems. But, over time, EU leaders and the EU institutions realised that they could not rely on trust and outdated laws alone to keep the economy and the single currency going – they needed a renewed push to make all countries accountable for their actions. The European Semester is a small building block in the eurozone’s efforts to stabilise the currency. The EU’s post-pandemic recovery fund is taking accountability a step further by putting proper money behind a reform monitoring system. Countries are required to show how they are using the recovery money to reach the targets and milestones set by the Commission every six months. They are also required to prove that the money is properly audited and that they have made all the necessary reforms for the money to have a meaningful impact on society and the economy. In stark contrast with previous funds, if a country fails this test, the Commission and the Council of Ministers are allowed to stop payments until the errant member-state complies with the rules.

A review mechanism, combining elements of the European Semester and the recovery fund, – a ‘European Justice Semester’ – could serve as a useful tool for the EU’s area of freedom, security and justice, for three reasons.

First, it would help to establish a permanent and clearer link between policies related to Schengen – like the free movement of people or the sharing of police and intelligence information (which most countries like); and policies related to the wider area of freedom, security and justice – like the independence of the judiciary or common asylum and migration rules (which some countries do not like very much). Second, it would help solve what can be called the ‘Copenhagen paradox’, whereby democratic backsliding in some member-states means that, were they to apply to join the EU now, they would not meet the so-called Copenhagen criteria for accession on human rights and the rule of law. A regular overview of justice and home affairs policies would make it harder for countries to backslide. And third, it would allow the EU to anticipate, prepare and deal with issues of mutual trust better, before they become a Poland-sized problem and without having to resort to the ineffective Article 7 procedure for suspending voting rights in the Council.

The legal basis for a European Justice Semester for the EU’s area of freedom, security and justice would be Article 70 of the Lisbon treaty. Article 70 allows the Commission and member-states to conduct a review of policies related to the area of freedom, security and justice, “in particular in order to facilitate full application of the principle of mutual recognition.” The treaty also says that both the European and national parliaments should be kept abreast of the reviews.

A European Justice Semester for the EU’s AFSJ should follow at least seven steps:

1. The EU should begin by defining the key elements of the area of freedom, security and justice and, more crucially, the rights and obligations attached to it. Member-states would need to revise the 1999 concept of the AFSJ to bring it line with current realities. This could include, for example, making it clear that Schengen is an integral part of the AFSJ and cannot be detached from other elements, like compliance with ECJ rulings or agreements on migration policies. The hard reality is that countries cannot have the benefits of passport-free travel without recognising the authority of the ECJ or applying migration laws that they themselves have approved in Brussels.

EU leaders used to come up with multi-annual plans (‘programmes’) to set out the direction EU justice and home affairs should take. Over time, EU governments found these plans too onerous, so they quietly dropped them. Over the past seven years, there have been no policy guidelines on EU JHA beyond two Commission plans heavily focused on internal security matters (the 2015 European Security Agenda and the 2019 European Security Union). A renewed effort to make the AFSJ work, now and in the future, should come from EU leaders, not the European Commission. The European Council could hold a special summit on the future of JHA, as it did twice in the ten years after the birth of the AFSJ.

At the summit, EU countries could debate, and decide, what they want to do with police and judicial co-operation, the Schengen area and the Union’s migration policies. This should be a frank and open conversation that could be informed by the conclusions of the Conference on the Future of Europe – an EU-wide public consultation process that is due to conclude in the spring of 2022. The result should be a baseline plan for the Union’s area of freedom, security and justice which should include a monitoring mechanism based on the eurozone’s European Semester and the post-pandemic recovery fund. This plan would need to be agreed by all EU member-states by consensus. If a broad agreement cannot be found, and some countries decide not to take part, the European Council may want to resort to an inter-governmental agreement, as it has done in the past on eurozone issues. This would be unideal, though – EU governments and the EU institutions, in particular the European Council, should try to get all member-states on board. Once the plan is in place, decisions should be taken either by qualified majority voting or by reverse qualified majority voting.

JHA policies should reflect the experience of the economic side, where setting down too-specific targets became a headache.

2. Building on the European Council guidelines, the Council of Ministers, together with the European Commission, could set up a broad system of standards that all members of the club should abide by, with a clear warning that these standards are linked, and that failure to abide by some could lead to a range of penalties. Both the new concept and the list of standards should be approved by the European Parliament and endorsed by the European Council, to ensure broad political support and citizen engagement and to diminish the risk of non-compliance.

3. On the basis of the list of standards, the European Commission could propose a review process similar to the European Semester. The Commission could monitor trends, for example on judicial reforms, and set clear guidelines every, say, 18 or 24 months. The Commission could use these guidelines to flag issues that it considers to be in violation of EU rules (for example, the Polish reform of the judiciary that discriminates between male and female judges) and to suggest ways to fix them. Once the Commission issues its guidelines, member-states would need to present their plans on a range of JHA policies (civil justice, criminal justice, the state of the judiciary, intelligence gathering, police practices and the status of asylum reception facilities, for example), which would then be discussed by the Council of Ministers and approved by the Commission. This is the type of peer review that Article 70 refers to.

4. The Commission would then review the national plans and come up with country recommendations, broken up by chapters (civil justice, criminal justice, border controls, fundamental rights and so on). The recommendations would need to be approved by the Council of Ministers by qualified majority voting (without the vote of the country in question).

5. Member-states would commit to implementing the recommendations during the rest of the policy cycle. This step would be different from the European Semester in two ways: first, unlike with the Semester, EU countries would have to explicitly say that they would follow the recommendations each time; second, JHA policies are not budgets requiring annual approval, so a European Justice Semester experiment could run for longer periods, of, say, 18-24 months.

6. National governments and the European Commission could set up dedicated teams to ensure regular communication between the EU institutions and EU capitals. An early warning mechanism to spot problems before they become unmanageable could also be part of the plan. The mechanism could be similar to the six-month review devised for the disbursement of the recovery fund.

7. The most difficult part of the exercise would be to agree on, and enforce, sanctions. JHA policies should reflect the experience of the economic side, where setting down too-specific targets has become a major headache for policy-makers. The current debate over the suspended Stability and Growth Pact (SGP) is a case in point: the SGP fixes targets for government deficits and debt. But the rules have proven to be unhelpful in recessions. EU countries froze the Pact when the COVID-19 pandemic hit and are starting to consider reforms to the fiscal rules and when to reactivate them. JHA policy-makers should avoid such hard targets, which would do little to mend wounds or make the AFSJ more resilient to crises.

As a first step, EU member-states should agree on a warning procedure that would apply to countries which have been found to deviate from the standards repeatedly. The Commission and the Council of Ministers, acting by reverse qualified majority voting, could, for example, decide to apply the procedure to a country which had failed to address recommendations twice in a row (that would be two cycles of 18-24 months). The country could respond by amending its actions or face the suspension of EU funds, also agreed by the Council by reverse qualified majority voting.

Ultimately, EU countries will have to decide whether they want to impose more serious consequences on countries which repeatedly fail to abide by the rules. Radical solutions, like suspending parts of EU law for recalcitrant members, may be tempting but will be difficult to apply in practice and might backfire.

A more workable idea would be to ‘freeze’ the application of specific laws, like the EAW or EIO. To be effective in discouraging governments from behaving badly, such a freeze should be swiftly agreed upon by reverse qualified majority voting if a country persists in breaching EU rules for a long time; or if the behaviour is serious enough to put the whole AFSJ at risk. To target unruly governments without punishing citizens, any suspension of certain parts of the acquis should never amount to a total exclusion of one member-state from the EU’s common legal area: all national courts should be able to resort to the ECJ when they need to; and no EU citizen should lose the right of effective judicial protection at the EU level as a result of their government’s actions.

This roadmap would build on existing EU initiatives like the rule of law mechanism (a dialogue between the EU institutions, national governments and civil society about the state of the rule of law in the member-states) and the Schengen evaluation process (a peer review of the way countries apply Schengen laws in their territory, which the Commission has recently proposed to expand). It could scrap existing but inefficient initiatives like the justice scoreboard, by streamlining the oversight of the judiciary across member-states while still taking into account different legal traditions.21 It would also include more recent developments like rule of law conditionality.

If countries do not accept that membership of Schengen brings both rights and obligations, the project may fail.

To work, a European Justice Semester cannot be a purely procedural plan, driven solely by the EU institutions. Such a plan would need the highest political backing every step of the way, and this will not be easy. The one lesson Europe has learnt from the SGP problems is that no-one can resolve an ambitious political challenge, like the euro, with a non-political solution. Any plan to build back trust in the EU’s area of freedom, security and justice should ideally include all member-states. It would only be a distant second best if it was restricted to a handful of member-states. Although once up and running a European Justice Semester could bypass blocking minorities, its basis would need a general consensus on the direction that the EU wants to take when it comes to its area of freedom, security and justice.

A European Justice Semester would need broad public support. The EU’s response to the eurozone crisis may have ultimately helped to avert the demise of the single currency, but it was deeply unpopular in many member-states on account of the pain caused by austerity and economic dogmatism. While some EU leaders remain stubbornly fond of fiscal measures, the pandemic has made their case weaker: the recovery fund has opened the door for a new way to help troubled countries while making them accountable for their actions – by making the fund performance-based. As a result, both Southern and Northern governments (and their voters) have been – touch wood – fairly cheerful about it, as it has something for every-one. A European Justice Semester would need to focus on performance, solidarity and accountability if it is to enjoy broad support across the EU.

CONCLUSION

Some EU governments complain that the EU they joined was about passport-free travel, a budding common currency and the world’s largest single market. The contract they signed said nothing about same-sex marriages, judicial reform or women’s rights. This argument may be illiberal but is not entirely untrue: Europe has changed drastically over the past 20 years. The problem with this line of thought is that it fails to grasp that governments and institutions must and will adapt to a changing society.

So far, the EU’s area of freedom, security and justice has failed to keep pace with a changing world: for the most part, the AFSJ remains stuck at the beginning of the century, when all EU countries seemed to be happy to increase police and judicial co-operation and did not contemplate border closures or democratic backsliding. This, in turn, has increasingly made the AFSJ unable to deal with a succession of crises, each of which has made EU countries less trusting of each other. EU leaders must understand that if countries do not accept that being part of Schengen brings both rights and obligations, the project may fail – or, at the very least, become smaller.

NOTES

1: European Commission, ‘Standard Eurobarometer 95 – Spring 2021’, September 2021.
2: Sophia Besch, Ian Bond and Camino Mortera-Martínez, ´Plugging in the British: Completing the circuit´, CER policy brief, June 22nd 2018.
3: Article 2 Treaty on European Union, 1997. The Amsterdam treaty was signed in 1997 but only entered into force in 1999.
4: Viktor Orbán, Speech at the 25th Bálványos Free Summer University, July 26th 2014.
5: Both the Commission and the European Parliament can trigger Article 7 when they consider that there is a clear risk that a member-state may breach one or more of the EU´s founding values. These are listed in Article 2 of the Lisbon Treaty and are: respect for human dignity, freedom, democracy, equality, the rule of law and respect for human rights, including the rights of persons belonging to minorities among others. Once the proceeding is launched, it is up to the Council of Ministers to impose sanctions.
6: After coming to power in 2015, Law and Justice and its coalition partners launched a major overhaul of Poland’s judiciary. First, the government packed the Constitutional Court with friendly judges; second, the government revamped the judiciary’s governing body, the National Judiciary Council, and changed how both ordinary courts and the Supreme Court functioned. The reform also lowered the retirement age of judges, which allowed the government to force out magistrates seen as hostile to it and replace them with younger, pro-government judges. Further reforms introduced disciplinary procedures that could be used against judges who wanted to apply certain EU laws, or submit preliminary questions to the European Court of Justice – an important feature of the EU’s legal system.
7: In December 2016, the Danish Supreme Court ruled that EU principles deriving from ECJ rulings should not be applicable in Denmark, as they do not derive from the EU treaties. In May 2020, the German Constitutional Court ruled that the ECJ had overstepped its power when it ruled that the European Central Bank’s public sector purchase programme (PSPP) was legal. In April 2021, the French Conseil d’État (France’s highest administrative court) ruled that French intelligence services could breach EU laws protecting privacy because the EU does not have equivalent laws protecting citizens’ safety. In June 2021, the Romanian Constitutional Court said that the Romanian constitution should always have primacy over EU law; and that an ECJ ruling saying that Romania’s recent judicial reform was against EU law was not enforceable in Romania.
8: Camino Mortera-Martínez, ´Catch me if you can: The European Arrest Warrant and the end of mutual trust´, CER insight, April 1st 2019.
9: Wester van Gaal: ‘Slovenia finally appoints ‘temporary’ EPPO prosecutors’, EU Observer, November 19th 2021.
10: Some member-states, like Sweden, introduced border controls in 2015 following the EU’s migration crisis and have not lifted them since.
11: Camino Mortera-Martínez: ‘Will the coronavirus pandemic deliver a coup de grâce to Schengen?’, CER bulletin article, September 20th 2020.
12: Hugo Brady, ‘Openness versus helplessness: Europe’s 2015-2017 border crisis’, Groupe d’études géopolitiques, June 28th 2021.
13: Raoul Ueberecken, ‘Schengen reloaded’, CER policy brief, November 11th 2019.
14: Ueberecken, ‘Schengen reloaded’.
15: Agata Gostyńska-Jakubowska and Camino Mortera-Martínez: ‘Thomas Cromwell or the executioner’s axe? Options for a Grexit’, CER insight, July 10th 2015.
16: See, for example, the following ECJ cases: joined Cases C-404/15 and C-659/15, Aranyosi and Căldăraru; case C‑216/18, LM; and joined cases C‑354/20 and C‑412/20, L and P. The Dutch government is pushing for a blanket ban on extradition to Poland in an ongoing case before the ECJ – C-562/21 Openbaar Ministerie.
17: Petra Bárd and Adam Bodnar: ‘The end of an era: The Polish Constitutional Court’s judgment on the primacy of EU law and its effects on mutual trust’, CEPS, October 25th 2021.
18: Committee on civil liberties, justice and home affairs: ‘Report on the establishment of an EU mechanism on democracy, the rule of law and fundamental rights’, European Parliament, 2020/2072(INL), September 29th 2020.
19: Lukas Märtin: ‘Das Damoklesschwert über der europäischen Rechtsordnung: Vom europäischen Haftbefehl und der Gefahr der Verrechtlichung politischer Konflikte’, Verfassungsblog, December 1st 2021.
20: Marcin Szczepanski, ‘A decade on from the crisis: Main responses and remaining challenges’, European Parliamentary Research Service, October 17th 2019.
21: The justice scoreboard is a Commission-led review of the performance of national judiciaries. To do this, the Commission decides on a set of indicators, often not comparable, across member states and assesses them against a set of pre-decided criteria. Member-states are often reluctant to provide information to the Commission and regularly argue that the scoreboard does not take into account different legal traditions across the EU.

VERFASSUNGSBLOG : Time to Rewrite the EU Directive on Combating Terrorism

by Martin Scheinin and Tarik Gherbaoui

The adoption of EU Directive 2017/541 on combating terrorism in March 2017 has profoundly changed the landscape of European counter-terrorism law. The primary aim of this Directive was to further harmonise the legal framework under which terrorist offences are prosecuted across EU Member States by establishing minimum rules and standards. However, the adverse consequences for the rule of law and human rights have been overlooked from the very outset by the EU institutions. Now, five years after its adoption, it is time for a thorough revision.

A Rushed Adoption Process

The adoption process of the Directive was characterised by long periods of inertia interrupted by phases of panic triggered by external developments. In fact, the European Commission introduced its proposal for the Directive, which builds upon the pre-Lisbon Framework Decision (2002/475/JHA) adopted in the aftermath of 9/11, less than three weeks after the terrorist attacks in Paris in November 2015. Later on, its rushed and opaque finalisation was a political response to the flow of European foreign fighters to the armed conflict in Syria and Iraq. Even though the transnational nature of the foreign fighter phenomenon arguably warrants a pan-European response, from the very outset academics and civil society organisations raised fundamental concerns about the Directive’s potentially adverse rule of law and human rights implications.

As there was no human rights impact assessment during the rushed adoption process, in deviation from both the European Agenda on Security and the Better Regulation Agenda, the Directive ultimately came to include a clause providing for a five-year review. On 18 November 2021, the European Commission submitted a report to the European Parliament and the Council on the implementation of the Directive that assesses the added value of the Directive. The report also claims to address ‘the impact of the Directive on fundamental rights and freedoms, including on non-discrimination, the rule of law, and the level of protection and assistance provided to victims of terrorism’. Such impact assessment is amply warranted and arguably already overdue.

Human Rights Concerns Regarding the Implementation of the Directive

The Commission’s recent report provides a seemingly positive yet largely unsubstantiated assessment of the impact of the Directive. The report finds inter alia that the Directive is ‘overall highly relevant’ and ‘overall internally coherent’, and that it ‘achieved its objectives to a satisfactory extent’ and ‘generated added value’. The Commission’s report claims that ‘while the Directive has had an impact on fundamental rights and freedoms, the limitations largely meet the requirements of necessity and proportionality’. The report also asserts that ‘overall, most stakeholders consulted for the external study did not consider the implementation of the Directive to be problematic from a fundamental rights perspective’. At closer examination, such as the one conducted by the first author of this blog post in his recently approved PhD thesis, these assessments may be too positive.

One of these stakeholders was the EU Fundamental Rights Agency (FRA) which had submitted its own contribution to the Commission as part of the legally required impact assessment of the Directive. The FRA report contains a fairly detailed but primarily empirical rather than legal assessment of the Directive’s human rights implications based on extensive fieldwork, including interviews with experts and practitioners, in seven EU Member States (Belgium, Germany, Greece, Spain, France, Hungary and Sweden). The Commission’s report takes note of the findings of the FRA report but blatantly fails to engage with them. As member of the FRA Scientific Committee that reviews draft versions of FRA reports and publications, and having served as one of the Committee’s two rapporteurs in the matter, the second author of this blog post is well aware of the fact that the Scientific Committee would have wanted the FRA to complement the empirically oriented FRA report with more extensive critical legal analysis of the human rights compatibility of the Directive itself.

The Directive has three key features that have adverse ramifications on the rule of law and human rights: (1) the presence of an overly capacious definition of terrorism that manifestly deviates from UN-level definitions of terrorism (e.g. Security Council Resolution 1566 or the 1999 Terrorism Financing Convention) and from the Council of Europe Convention on the Prevention of Terrorism, (2) the criminalisation of many preparatory acts that may be remote from intrinsically harmful conduct, and (3) the existence of ancillary offences that are also accumulable among each other. While monitoring the implementation of the Directive, the Commission has assessed these features individually but has failed to address how the interplay between these key features exacerbates the adverse human rights implications. For example, there might be pertinent reasons to criminalise ‘travelling abroad for a terrorist purpose’ as a terrorist offence. However, the ‘terrorist purpose’, which constitutes the entire mens rea of this particular offence, is tainted by an overly broad definition of terrorism that also fits poorly with acts committed in situations of armed conflict. For European countries, the three main international legal instruments concerning the foreign (terrorist) fighter phenomenon – UN Security Council Resolution 2178, the Additional Protocol to the Council of Europe Convention on Prevention of Terrorism, and the EU Directive discussed here – all seek to address the same conduct but are mutually incompatible as to whether acts committed in the course of engaging in an armed conflict will be within the scope of application of the instrument. Because of the nebulous definitions contained in the Directive, it is unsurprising that the Commission’s report flags that ‘several national authorities and judges reported difficulties in proving terrorist intent’.

In this matter the Commission’s report fails to address in an adequate fashion the legal uncertainty clouding Recital 37 of the Preamble of the Directive. This provision contains an exclusion clause stipulating that the Directive ‘does not govern the activities of armed forces during periods of armed conflict’. In recent years, EU Member States have predominantly used counter-terrorism law to address the activities of foreign (terrorist) fighters, individuals who have been active in the context of an armed conflict but may or may not have committed actual acts of terrorism. The result has been a further conflation between counter-terrorism law and the laws of war, generally to the detriment of the latter. Taking stock of the Directive’s implementation, and a reform of the Directive itself, would be a perfect moment to provide the necessary clarifications to guide prosecutors and judges at the domestic level. Currently prosecutions related to violent acts committed in the course of an armed conflict abroad may often result in acquittal, simply because the prosecutor’s case rests on specific provisions of the Directive and their national transposition, without paying attention to Recital 37 which then is invoked by the defence to challenge the applicability of terrorism charges in respect of conduct that took place as part of an armed conflict.

The Fragmented Transposition and Implementation of the Directive

Due to these human rights concerns and the political sensitivity of countering terrorism, it is hardly surprising that the implementation of the Directive has been rather troublesome until now. The FRA report affirms that the Directive contains loose definitions that reduce ‘legal clarity’ and result in ‘diverging interpretations of the offences across the EU, as well as conflicting jurisprudence within individual Member States, and reduce the foreseeability of what behaviour is criminalised and under what offence’.

Earlier, in September 2020, the European Commission had released its own report on the transposition of the Directive which made clear that transposition has proved to be particularly challenging regarding Article 3, which requires EU Member states to criminalise certain conduct as terrorist offences and essentially contains the EU definition of terrorism, and regarding Article 9, which contains the offence of travelling abroad for terrorist purposes. As these two provisions have both been indispensable elements of the EU’s legal response to terrorism in recent years, the Commission is concerned that their incorrect transposition risks undermining the uniformity of EU counter-terrorism law. Yet, instead of seeking to address the fundamental concerns that evidently exist among lawmakers and policymakers across numerous EU Member States and in fact point to major flaws in the Directive itself, the Commission decided to use its enforcement powers and has opened infringement procedures against 22 Member States. As Ireland and Denmark decided to opt out of the Directive, this means that infringement procedures have been started against 22 of the 25 Member States that are required to implement the Directive.

While such infringement procedures might help to clarify certain points of law, especially were they to result in a determination by the CJEU, it is high time to have a transparent and constructive legal and political discussion about the flaws of the EU Directive itself now that March 2022 marks five years since its adoption. We understand that the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE Committee) will meet in February or March to discuss the Commission’s report on the implementation and added value of the Directive. That would be an excellent occasion to take a critical look at the several legal flaws of the Directive as a reason for its so far marginal ‘added value’, instead of following the rather self-congratulatory approach of the Commission’s report which elliptically concludes that the Directive ‘has functioned and largely achieved its objectives in the way that was expected’.