The technology underpinning a Europe-wide government database used for national security and border control is years out of date, with sweeping plans to overhaul the system in danger of being shelved if the delays continue.
Updates to the system, overseen by the European Commission (EC), have been stalled by technical setbacks, much to the frustration of the EU Parliament and Council.
The Schengen Information System (SIS) holds personal information on citizens from 27 countries in Europe, including name, date of birth, place of birth, physical characteristics and nationality. It is described by the EC as a "vital factor in the smooth running of the area of security, freedom and justice".
Only five countries were originally participating in the SIS, but calls to update the underpinning technology for security and efficiency reasons have increased since 1996 when other countries began joining.
The EU has also discussed plans for the updated system to store more citizen data, and offer better integration with police institutions. Part of the vision is for it to be an effective tool in combating terrorism, especially since the 11 September 2001 terrorist attacks.
However, some human rights organisations, such as Statewatch (PDF), have argued that the expansion of the SIS and the extra data it will gather should be a matter for public debate.
The overhaul of the SIS has been a matter of discussion at EU level for over a decade, according to European documents, but the update to what is now known as SIS II appears to remain at the blueprint stage.
The EC said in a statement published three years ago: "The current SIS was designed to cope with 18 s tates. Its technology is clearly outdated and the new development possibilities should therefore be studied.
"Following the Council meeting on 28 and 29 May 2001 which confirmed that priority must be given to developing SIS II by 2006, the Commission agreed to be responsible for financing and developing the system."
EU spokespeople and recent reports suggest that the delay is partly caused by the EC having difficulties securely transferring data to the new system.
A European Council spokesman said that the Council of Ministers would meet later this month and reassess the whole update process.
"Some member states have argued that, if no progress has been made, we should just forget the overhaul and instead moderate the present system," he said.
A European Parliament spokesman with responsibility for the Civil Liberties, Justice and Home Affairs Committee added that there is a lot of pressure on the EC to make the updates.
"The new system was meant to be in place by 2008, now the deadline is 2011. The next generation of SIS will be more secure and more consistent for the growing number of countries accessing it," he said.
"What we have been having to do is adapt the initial system to all the countries that have started joining it."
The EC was not immediately available to comment.
Commentators have raised concerns about how the number of terminals on the system, estimated at around 500,000, could leave it open to illegal access, and how this has actually occurred in the past in Belgium.
Plans are currently underway to establish a new EU agency that will manage the SIS, as well as the systems monitoring EU visa entry and illegal immigration. The SIS is currently managed in Strasbourg, but the plan is to move it to another country in Europe.
The central IT agency will be in charge of the SIS maintenance work and technical developments. It will also be responsible for ensuring a high quality of service for users, the security of the system and the level of data protection.
Use of the SIS in the UK and Ireland is currently limited to policing purposes, but the European Council spoke last June of further integrating the two countries into the system.
Instapaper to 'go dark' in Europe until it can work out GDPR compliance
James Robbins of ArrowXL says that AI is no longer 'tomorrow's technology'
Staff told to beware of "unusual sounds" after an employee reported mystery symptoms
Sophisticated malware comprises code previously used to attack Ukraine