European prosecutors are examining the role played by the Russian office of French IT company Atos in procuring software for the European Union’s new Entry/Exit System (EES).
The investigation raises concerns over the security of the bloc’s largest biometric database, which is designed to track the movements of non-EU travellers. This scrutiny follows a Bloomberg investigation that identified Atos as a major contributor to delays plaguing the EES project.
Background: Systemic Delays and Management Failures
Originally set for a November 2024 launch, the EES has been delayed to 2025, marking its fourth postponement in five years. The system aims to integrate immigration databases across the 29 Schengen Area countries, using biometrics such as facial recognition and fingerprints to automate border checks. However, severe mismanagement by Atos and its consortium partners, IBM and Leonardo SpA, has led to persistent technical issues and missed deadlines.
Atos, awarded a €142 million contract in 2019 to develop core hardware and software for the EES, has struggled with incomplete installations, misconfigured equipment, and underqualified personnel.
EU-Lisa, the agency responsible for large-scale IT projects, has repeatedly flagged Atos’s failure to meet critical milestones. A 2022 letter from EU-Lisa’s Executive Director, Krum Garkov, cited issues such as delayed bug fixes, missing hardware, and transportation problems as key obstacles to progress.
Member states, including France, Germany, and the Netherlands, have expressed skepticism about the system’s readiness, opposing its previous 2024 launch target due to unresolved technical shortcomings. Austria has also reported increased engineering costs linked to project delays. An October 2024 test run for the launch revealed critical connectivity and system capacity issues between member states and the central database.
Atos’s financial troubles further compound the problem. Once valued at €8.2 billion in 2020, the company’s market worth has plummeted to €74 million, amid debt crises and restructuring efforts.
Internal reports suggest that Atos and its partners attempted to shift financial burdens onto the EU by refusing to cover maintenance costs, leading to an additional €20 million in expenses for EU-Lisa. Critics argue that EU-Lisa’s decision to outsource both development and oversight of the project left it ill-equipped to manage EES’s complexities effectively.
Security Concerns Over Russian Involvement
Against this backdrop of project mismanagement, new concerns have arisen regarding Atos Russia’s involvement in EES procurement. According to documents reviewed by the Financial Times, Atos staff in Moscow purchased software for the project in 2021. Given that Atos Russia operated under an FSB licence, which could allow Russian authorities access to its operations, European prosecutors are investigating potential security risks.
The European Public Prosecutor’s Office (EPPO) is assessing Atos Russia’s role in the project, though no charges have been filed yet. Meanwhile, Olaf, the EU’s anti-fraud agency, previously investigated Atos Russia’s participation but did not find sufficient evidence to warrant a formal probe. However, Olaf recommended that EU-Lisa strengthen its security measures.
EU-Lisa has maintained that there has been no identified security breach and that Atos Russia had no direct contractual relationship with the agency. Nevertheless, leaked documents indicate that Atos’s Moscow office procured cryptographic certificates and software licences for the EES, raising further concerns about security oversight.
Future Prospects and EU Response
Despite the multiple setbacks, the EU remains committed to launching the EES, albeit in a phased manner. The European Commission has expressed confidence in EU-Lisa’s ability to manage system security and has announced plans for a security audit before EES goes live.
The latest revelations expose deeper challenges in the EU’s dependence on external contractors for critical infrastructure projects. As security risks and operational hurdles grow, it remains uncertain whether the EU can effectively implement its long-delayed border management system while ensuring the protection of sensitive personal data.
Image source: frontex.europa.eu
Read also:
OLAF: Strengthening Moldova’s Role in Combating EU Sanctions Evasion
