The Evolution of the Remote Border: Preemptive Mobility Control

Human mobility in the European Union is increasingly governed through a dense network of large-scale information systems: SIS, VIS, Eurodac, the Entry/Exit System (EES), and the European Travel Information and Authorisation System (ETIAS). These systems are usually presented as technical improvements. They are supposed to make travel faster and safer. But this reliance on selling these systems for safety and ease of travel does not capture what is happening.

I have discussed in many prior posts that the border is no longer only a line at the edge of a territory. It now appears earlier, farther away, and in forms that are often less visible. A traveller may encounter it at a consulate, in a visa application, at an airline check-in desk, through a biometric record, or in an automated risk assessment before a trip begins.

This matters because the legal encounter with the state is changing, too. The older image of the border was simple: a person arrived at a frontier and presented documents to an official. That model has not disappeared, but it no longer captures the main structure of mobility control. The border has been dispersed across institutions, databases, private actors, and different moments in time.

I want to look at this change through three connected developments: the outward movement of border control, the growing use of biometrics to fix identity, and the turn toward earlier risk assessment. These developments overlap, so it would be misleading to treat them as simple historical stages. Still, separating them helps show how the modern EU border has become less a place than a process. In addition, this short essay will introduce some of the main scholars who have worked in this field, as the literature is actually quite developed.

The Border Moves Outward

I want to start with what Aristide Zolberg called “remote control”: the state filters movement before people reach its territory, where legal obligations, including asylum and human rights obligations, become harder to avoid. David FitzGerald later described a similar structure as an “architecture of repulsion.” The point is not only to decide who may enter. It is also, in many cases, to keep certain people from reaching the place where they could make a legal claim at all.

Carrier sanctions are one of the clearest examples. Airlines and other transport companies must check travel documents and may be fined if they carry passengers who are later found not to have the required papers. In practice, the airline desk becomes an early checkpoint. The immediate decision is made by a private actor, not a state official, but the function being performed is plainly a border function.

Calling this privatisation is a useful label but does not tell the whole story. The state has not stepped back. It has kept the legal authority while shifting part of the work of exclusion onto private actors. For the traveller, this changes the experience of refusal. The decisive moment may not take the form of a written decision from a public authority. Instead, it may come when an airline employee says boarding is not possible.

When the state outsources decisions, it impacts accountability because a person refused at the gate may not know whether the problem came from the airline’s interpretation, a state instruction, a database hit, a visa rule, or a warning attached to the document. Border control becomes harder to see precisely because it has been spread across so many actors and systems.

The Border "Thickens" Around Identity

Once control is spread across consulates, airports, visa offices, asylum systems, police databases, carrier desks, and border authorities, the state needs a way to recognise the same person across each of those settings. This is where biometrics become central.

Systems such as VIS, Eurodac, and EES move border control beyond the paper document. Information is no longer limited to text or even the textual data in the chip in an electronic passport. The body itself becomes part of the file. Across these systems, the person is represented through fingerprints, facial images, names, dates of birth, travel document data, visa records, entry and exit records, asylum or migration-related records, and possible links between identities. The result is a denser informational environment through which the traveller is identified and assessed.

Irma van der Ploeg captured this point clearly in her work on Eurodac. Biometrics turn the body into information that can be stored, searched, compared, and moved across systems. In this sense, the border increasingly produces a data version of the traveller.

Katja Franko Aas captures another part of this development through her contrast between the “bona fide traveller” and the “crimmigrant body.” Smart border systems promise convenience, but speed for some depends on sorting everyone. Some travellers are accelerated. Others are slowed down, flagged, suspected, or asked to explain themselves. The promise of frictionless travel is therefore selective. It rests on the prior classification of mobility.

Didier Bigo’s work is useful here because he shows that border control is no longer carried out solely by guards at the frontier. It is also carried out through database analysts, police systems, security professionals, IT infrastructure, private intermediaries, and administrative networks. The border can now be defined as a series of data encounters.

eu-LISA sits at the centre of this structure. It manages and develops the large-scale EU information systems that increasingly organise mobility, including SIS, VIS, Eurodac, EES, ETIAS, and ECRIS-TCN. It is easy to treat eu-LISA as a technical agency working in the background. I would argue that it is much more than a technical agency and should be considered the agency through which mobility is governed.

Identity checks themselves are not, of course, new. What is new is the density of the identity environment. More data now attaches to each person, and a greater number of authorities can access or query it. More systems are designed to communicate with one another. The traveller is increasingly known through a networked identity record.

The Border Begins Earlier in Time

The next change is temporal. Border control has always looked backward: where a person came from, what documents they carried, whether they overstayed, or whether they had previously been refused entry. Increasingly, however, it also looks forward. It asks what a person might do in the future if onward travel is allowed.

ETIAS is the clearest example of this change in timeframe. Visa-exempt third-country nationals will need travel authorisation before entering the Schengen area and Cyprus. Their applications will be checked against EU information systems, watchlists, and screening rules based on predefined risk indicators. In theory, a hit should not automatically lead to refusal. It should trigger further verification and, where necessary, manual assessment by the competent ETIAS authorities. But that safeguard does not remove the broader change: the traveller is being assessed upstream, before arrival at the border.

Louise Amoore’s work on risk and possibility helps explain the logic behind this. Modern security systems often act on inference rather than knowledge. They do not require certainty but instead work through patterns, associations, correlations, and indicators. The person is not assessed only as a rights-bearing individual carrying documents. The person is also "constructed" for review from different data systems.

This is where the idea of the “data derivative” becomes useful. What is being assessed is not the individual as such, but a version of the person assembled through comparison and prediction. That version may be useful to the state but it may also be wrong, incomplete, misleading, or impossible for the person concerned to understand.

The EU interoperability framework deepens this shift. It is often described loosely as if it were one large database but such a description is inaccurate. More precisely, interoperability links major EU information systems across borders, visas, asylum, migration, police cooperation, and judicial cooperation. Its central components include the European Search Portal, the shared Biometric Matching Service, the Common Identity Repository, and the Multiple Identity Detector.

The Common Identity Repository is designed to store identity data from several systems in a shared space. The Multiple Identity Detector is designed to identify possible identity fraud or multiple identities. Officially, these tools are justified as ways to close information gaps, strengthen identity checks, prevent irregular migration, and improve security. Nevertheless, the legal concern is that systems built for different purposes are now working in tandem. Data gathered in one context may become easier to search or operationally rely on in another, even where formal access rules and legal purposes remain distinct. A visa file, an asylum claim, a police alert, an entry-exit record, and an identity record may remain legally distinct. The point is that operationally, however, they become part of the same apparatus of mobility control.

This is where function creep becomes more than a theoretical worry. Niovi Vavoula has written extensively about interoperability, privacy, and the rights of third-country nationals. Her concern is not simply that more data is being collected. It is that the boundaries between systems, purposes, and legal regimes become harder to maintain once certain systems are connected.

The same issue appears in the literature on ETIAS and automated screening. A system may remain formally rule-based and theoretically based on human reasoning, but automated categorisation is at the bottom of it all. It shapes which files receive attention, which travellers must explain themselves, and how a case is framed before officials have looked at it closely.

The question, then, is not only whether a machine makes the final decision. Instead the more serious question is whether automated systems have already shaped the decision by the time a human official becomes involved.

The Accountability Problem

The consequences for fundamental rights and the rule of law are significant. When border control moves upstream and is handled by many decision makers, the individual may never experience it as a clear legal decision. A traveller may be delayed, flagged, refused authorisation, or stopped at the gate without understanding why. The reason may lie somewhere in a chain of database searches, automated hits, carrier checks, administrative review, and risk indicators.

Guild, Mitsilegas, and Vavoula make this point forcefully in Lawless Borders. As border management becomes more digital, dispersed, and algorithmic, legal accountability becomes harder to locate. Decisions are influenced or controlled by agencies, databases, private actors, automated processes. The more complex the architecture becomes, the harder it is for an individual to know who made the decision, on what basis, and how it can be challenged.

Evelien Brouwer’s work on digital borders and effective remedies points to the most important difficulties in this new border world. The data environment is not built to balance necessity, proportionality, data quality, access, and redress. These problems already exist in large-scale databases, but interoperability sharpens them because it increases the number of settings in which the same data can matter.

If the underlying data is wrong, incomplete, or misleading, the consequences are not abstract. A person may lose the right to travel or come under additional scrutiny. The human impact and sociological consequences of being treated as suspicious without knowing what triggered that suspicion are enormous.

Danielle Keats Citron’s idea of technological due process, although developed in another legal context, captures the difficulty well. Automated government systems can weaken procedural protection when affected individuals lack notice, explanation, transparency, and a real chance to be heard. Automated government may result in mistakes and we must consider the fact that these mistakes may be difficult to detect and challenge.

The future of border control is therefore not only a technical question. It concerns who can move and where responsibility lies when a system produces suspicion. The language of smart borders makes this sound administrative and harmless. But a border of this kind must be analyzed and controlled, preferably through regional or broad international agreements.

In writing further, I hope to turn to the legacy systems, especially SIS, VIS, and Eurodac, and to the way the EU interoperability project is repurposing them for a new era of preemptive mobility control. I had promised to do that earlier, but I realised it would be better to define the stakes and introduce the literature first.

References and Further Reading

Official and Legal Sources

Convention Implementing the Schengen Agreement, Article 26.

Council Directive 2001/51/EC supplementing the provisions of Article 26 of the Convention Implementing the Schengen Agreement.

European Parliament and Council, Regulation (EU) 2017/2226 establishing the Entry/Exit System.

European Parliament and Council, Regulation (EU) 2018/1240 establishing the European Travel Information and Authorisation System.

European Parliament and Council, Regulation (EU) 2019/817 establishing a framework for interoperability between EU information systems in the field of borders and visa.

European Parliament and Council, Regulation (EU) 2019/818 establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration.

European Commission, materials on the Entry/Exit System, ETIAS, and interoperability of EU information systems.

eu-LISA, materials on the operational management of large-scale EU IT systems.

Spatial Externalisation

Zolberg, Aristide R. “The Archaeology of ‘Remote Control.’” In Migration Control in the North Atlantic World: The Evolution of State Practices in Europe and the United States from the French Revolution to the Inter-War Period, edited by Andreas Fahrmeir, Olivier Faron, and Patrick Weil. Berghahn Books, 2003.

FitzGerald, David Scott. “Remote Control of Migration: Theorising Territoriality, Shared Coercion, and Deterrence.” Journal of Ethnic and Migration Studies, 2020.

Moreno-Lax, Violeta. Accessing Asylum in Europe: Extraterritorial Border Controls and Refugee Rights under EU Law. Oxford University Press, 2017.

Scholten, Sophie. The Privatisation of Immigration Control through Carrier Sanctions. Brill Nijhoff, 2015.

Lahav, Gallya, and Virginie Guiraudon. “Comparative Perspectives on Border Control: Away from the Border and Outside the State.” In The Wall around the West: State Borders and Immigration Controls in North America and Europe, edited by Peter Andreas and Timothy Snyder. Rowman & Littlefield, 2000.

Bloom, Tendayi, and Verena Risse. “Examining Hidden Coercion at State Borders: Why Carrier Sanctions Cannot Be Justified.” Ethics & Global Politics 7, no. 2, 2014.

Biometric Thickening

van der Ploeg, Irma. “The Illegal Body: ‘Eurodac’ and the Politics of Biometric Identification.” Ethics and Information Technology, 1999.

Aas, Katja Franko. “‘Crimmigrant’ Bodies and Bona Fide Travelers: Surveillance, Citizenship and Global Governance.” Theoretical Criminology, 2011.

Bigo, Didier. “The (In)securitization Practices of the Three Universes of EU Border Control: Military/Navy, Border Guards/Police, Database Analysts.” Security Dialogue, 2014.

Temporal Preemption

Amoore, Louise. “Data Derivatives: On the Emergence of a Security Risk Calculus for Our Times.” Theory, Culture & Society, 2011.

Amoore, Louise. The Politics of Possibility: Risk and Security Beyond Probability. Duke University Press, 2013.

Vavoula, Niovi. “Interoperability of European Centralised Databases: Another Nail in the Coffin of Third-Country Nationals’ Privacy?” EU Immigration and Asylum Law and Policy Blog, 2019.

Vavoula, Niovi. “Interoperability of EU Information Systems: The Deathblow to the Rights to Privacy and Personal Data Protection of Third-Country Nationals?” European Public Law, 2020.

Vavoula, Niovi. Immigration and Privacy in the Law of the European Union: The Case of Information Systems. Brill Nijhoff, 2022.

Derave, Charly, Nathan Genicot, and Nina Hetmanska. “The Risks of Trustworthy Artificial Intelligence: The Case of the European Travel Information and Authorisation System.” European Journal of Risk Regulation, 2022.

Accountability and Remedies

Guild, Elspeth, Valsamis Mitsilegas, and Niovi Vavoula. Lawless Borders. Bristol University Press, 2025.

Brouwer, Evelien. Digital Borders and Real Rights: Effective Remedies for Third-Country Nationals in the Schengen Information System. Martinus Nijhoff / Brill, 2008.

Brouwer, Evelien. “Large-Scale Databases and Interoperability in Migration and Border Policies: The Non-Discriminatory Approach of Data Protection.” European Public Law, 2020.

Citron, Danielle Keats. “Technological Due Process.” Washington University Law Review 85, no. 6, 2008.

Andrew Scott Mansfield

Soy un profesional del derecho que ofrece su experiencia en derecho internacional público y en el cumplimiento de la legislación de los Estados Unidos. Obtuve mis títulos avanzados en la Facultad de Derecho de la Universidad de California en Berkeley y en la Harvard Divinity School. Ahora, con base en Montevideo, Uruguay, estoy posicionado en el centro de las instituciones regionales e internacionales de América del Sur.

https://www.asmc.uy
Next
Next

Uruguay: The Reification of Innocence