Schengen Information System (SIS II)

The second generation of the Schengen Information System— SIS II - is an information system that allows national border control, customs and police authorities responsible for checks at the external Schengen border as well as within the Schengen Area to circulate alerts about wanted or missing people and objects such as stolen vehicles and documents. SIS II therefore, continues the important role of compensating for the abolition of internal border checks and facilitates the free movement of people within the Schengen Area.

SIS II provides information on individuals who do not have the right to enter or stay in the Schengen Area, or on those who are sought in relation to criminal activities. SIS II also contains information on missing persons, in particular children or other vulnerable individuals who are in need of protection. Details of certain objects are also recorded in SIS II, for example, cars, ­ arms, boats and identity documents that may have been lost, stolen, or used to carry out a crime.

The second generation of the Schengen Information System (SIS II) went operational from 9 April 2013 and is regulated by Regulation (EC) 1987/20061 (hereinafter "the SIS II Regulation") and Council Decision 2007/533/JHA2 (hereinafter "the SIS II Decision").

European Supervision

The Central SIS II is supervised by the European Data Protection Supervisor (EDPS). Supervision over each National SIS II is allocated to the Data Protection Authorities (DPAs) in each respective Member State.

The SIS II Supervision Coordination Group was set up in 2013 to ensure coordinated supervision of SIS II between the EDPS and national supervisory authorities. The SIS II SCG meet twice a year.

National Supervision

Ireland is carrying out preparatory activities to integrate into the SIS II andhas applied to take part in the police and criminal judicial co-operation measures (not the common border control and visa provisions). Ireland’s participation in SIS will be governed by Council Decision 2007/533/JHA, which establishes SIS II for law enforcement purposes.

In Ireland, Part 3 (sections 21 – 24) of the Criminal Justice Miscellaneous Provisions Act 2009, as amended, gives effect to Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second generation Schengen Information System.

For the purposes of Article 60 of the Council Decision 2007/533/JHA (‘Supervision of N.SIS II’) and Article 114 of the Schengen Convention, the Data Protection Commission is designated as the national supervisory authority (per section 23 of the Criminal Justice Miscellaneous Provisions Act 2009, as amended).

Rights of data subjects in relation to SIS II

Every individual has a right to access personal data held by An Garda Síochána about them, and a right to request rectification or erasure of their personal data.

Any person who believes that his or her personal information is recorded in the Schengen Information System (SIS II) may make an access request to any of the contracting parties to the Schengen acquis. As Ireland has yet to connect to SIS II, An Garda Síochána have not yet begun to enter any data onto SIS II.

Any individual seeking to access personal information held by An Garda Síochána about them should complete the Data Access Request form (F20).

Comprehensive information on access rights to data processed in SIS II is available from ‘Guide for exercising the right of access.’

Model letter for requesting access

Model letter for requesting correction or deletion of the data processed 


When Ireland connects to SIS II, the DPC will investigate any complaints it receives in relation to SIS II. Under the Data Protection Act 2018 Act, you have certain rights in relation to how your complaint is handled by the DPC, including the right to appeal a decision of the DPC to either the Circuit Court or the High Court.

Separate from the handling of complaints, the Data Protection Commission regulates any restrictions of data subject rights as set out in sections 89-95 of the Data Protection Act 2018.