Book Appointment

Get In Touch

Email support@europestudy.eu
Phone +48 22 389 7878

Blog

home // Blog // Audit Reveals Critical Security Flaws in EU’s Schengen Border Database
Audit Reveals Critical Security Flaws in EU’s Schengen Border Database
Jul 02, 2025 93718777 views Europe News

Audit Reveals Critical Security Flaws in EU’s Schengen Border Database

A confidential audit has exposed serious cybersecurity vulnerabilities in the European Union’s central border control database, Schengen Information System II (SIS II), raising alarms over the potential for a catastrophic data breach that could affect millions across Europe.

According to internal audit documents and emails obtained by Bloomberg News and Lighthouse Reports, the system—used by EU border forces to share real-time data on illegal immigrants, terror suspects, and criminals—contained thousands of high-risk security and software flaws.

High-Risk Access and Delayed Patching

The audit, conducted by the European Data Protection Supervisor (EDPS) in 2024, identified an “excessive number” of accounts with administrator-level access. This was labeled an “avoidable weakness” that could allow internal actors to exploit the system. It also found that 69 individuals not directly employed by the EU had access to the SIS II system without the necessary security clearances.

Although there’s no indication that SIS II has been hacked or compromised, experts warn that if a breach were to occur, the damage could be vast. “A breach would be catastrophic, potentially affecting millions of people,” said Romain Lanneau, a legal researcher at watchdog organization Statewatch.

Delays in Fixing Vulnerabilities

The system, overseen by the EU-Lisa agency, was plagued by prolonged delays in patching known security issues. Sopra Steria, the French IT firm contracted to maintain the system, took as long as five-and-a-half years to address some vulnerabilities, despite a contractual obligation to fix “critical and high” issues within two months of a patch release.

Internal communications show Sopra Steria attempted to charge an additional €19,000 to fix certain flaws, prompting EU-Lisa to assert that such work was already covered under its €519,000–€619,000 monthly maintenance agreement.

Sopra Steria declined to respond in detail but stated that its work “was carried out in accordance with EU protocols and legal frameworks.”

Integration Risks with New Border System

The SIS II system, launched in 2013, is currently isolated from the internet. However, it is slated to be integrated with the Entry/Exit System (EES)—a future digital infrastructure designed to automate the registration of the EU’s hundreds of millions of annual visitors. EES will be internet-connected, raising concerns that this integration could expose SIS II’s sensitive biometric and personal data to external hacking threats.

SIS II stores approximately 93 million records, including 1.7 million linked to individuals. Nearly 195,000 of those are considered threats to national security. The rest relate to stolen property, forged identity documents, and return decisions for deportation.

Management Failures and Overreliance on Contractors

The EDPS audit also criticized EU-Lisa for not informing its management board about security risks once they were identified. The agency reportedly struggles with both organizational and technical security gaps.

Sources familiar with the matter claim EU-Lisa’s dependence on external consulting firms, rather than building in-house technical expertise, has undermined its ability to manage large-scale IT systems effectively.

“The agency has not proven sufficient to manage the scale and complexity of these projects,” said Francesca Tassinari, a researcher at the University of the Basque Country. Leonardo Quattrucci, of the Center for Future Generations, added that the EU’s procurement process suffers from a lack of strategic oversight: “Procurement should be treated as a strategic function, but it’s currently a compliance process.”

Broader Implications for EU Smart Borders

The EU has been pursuing “smart borders” for over a decade, aiming to digitize and secure its frontiers amid rising migration and security pressures. However, the repeated delays and vulnerabilities within systems like SIS II and EES raise serious questions about the bloc’s ability to deliver safe, efficient, and secure digital infrastructure.

The launch of EES, originally planned for 2022, has been pushed back several times due to technical problems—primarily involving another French contractor, Atos. The European Commission recently confirmed that parts of the EES may go live in October 2025.

As the EU continues expanding its border surveillance and data-sharing systems, the security of these systems will remain a critical issue—not only for institutional credibility, but for the privacy and safety of millions of individuals whose data they contain.

Source: Bloomberg News / Lighthouse Reports

 

Tags:EuropeWork in PolandTipsJob FairRules and RegulationsWork PermitWork OpportunitiesEuropean DestinationsWinter DestinationsTravelNewsEurope Study
Share:

Blog Categories

Study in Europe
Living in Europe
European Visa
Exploring Europe
Festivals and Events
Work in Poland

Recent Post

uks-graduate-route-visa-2025.webp
10 Sep 2025

UK’s Graduate Route Visa 2025

top-scholarships-for-international-students-in-the-uk.webp
10 Sep 2025

Top Scholarships for International Students in the UK

cost-of-studying-in-the-uk-in-2025.webp
10 Sep 2025

Cost of Studying in the UK in 2025

top-10-in-demand-courses-in-the-uk.webp
10 Sep 2025

Top 10 In-Demand Courses in the UK

What taxes do workers in Slovakia need to pay?
09 Sep 2025

What taxes do workers in Slovakia need to pay?

Popular tag:

Studying in EuropeEuropePart-Time JobAffordable UniversitiesTrainingCultural Differences
Disclaimer

Europe Study, an extension of the renowned consultancy firm EU Helpers are not affiliated with any government or government agency for permits. EU helpers provide immigration guidance, and concierge services for immigration and charge a service fee. It maintains www.euhelpers.pl, a private publishing website, which offers general information on issues related to immigration/permits. It is neither a legal firm nor does it provide any kind of legal advice or suggestions to its users. While we strive to keep the information up-to-date, certain terms, such as immigration eligibility criteria, may change without prior notice.

*Regarding our Job Search Service, we specialize in Resume Writing, LinkedIn Optimisation, and Resume Marketing. It is important to clarify that we do not advertise jobs on behalf of foreign employers or act as representatives for any overseas employer. Please note that our service is not a placement or recruitment service and does not guarantee job placement.

# Our REGION 527259419, KRS 0001077333, NIP 7011180860 is supported by polish lawyers who ensure fairness and compliance with legal regulations.

It is to be noted that the content here is intended for informational purposes only and should not be considered as legal or tax advice. It is always advisable to consult with your own legal and/or tax advisor(s). does not provide legal or tax advice. The information presented is general in nature and is not tailored to any specific company or workforce, nor does it reflect how it operates in a particular jurisdiction. takes no responsibility for this information's accuracy or timeliness and shall not be held liable for any losses resulting from the use of or reliance on this information.