The European Commission is embarking on a joint exercise with member states to evaluate Germany’s application of Schengen border rules and safeguards, with the review expected to begin in March, according to two sources familiar with the process. The evaluation follows a POLITICO investigation that found Germany had marked Ukrainian citizens who had served time in prisons under Russian control as security threats and prevented them from entering the European Union.

The Schengen evaluation will draw new scrutiny of Berlin’s assertive control of border crossings into and around Europe. Germany has imposed temporary, randomized police checks along its own national borders, and is now using technology to play an outsized role in shaping how other countries police Europe’s external frontier as well. 

Germany’s tough posture toward border enforcement is driven as much by domestic politics as by security concerns: Friedrich Merz’s conservative-led administration has embraced the controls and deportations to blunt the electoral appeal of the far right and to signal a break with Berlin’s traditionally welcoming stance toward asylees. In March, Merz’s government will have to decide whether to renew the temporary border checks, a policy that has been widely criticized for violating the European Union’s promise of free movement.

“The Schengen area is sliced up like Swiss cheese,” said Slovenian Socialist MEP Matjaž Nemec, a member of the European Parliament’s Schengen borders scrutiny group. “As long as the Commission turns a blind eye to blatant violations of EU law and allows large countries like Germany and France to get away with them with impunity, the future of the EU looks bleak.” 

Our investigation found that Germany had issued alerts for Ukrainian refugees once held in Russian-controlled penal institutions, blocking them from entering the European Union. Although Ukrainian authorities said the list of former prisoners had been shared with law-enforcement agency Europol solely for informational purposes, the names later found their way into the EU’s Schengen Information System — a database that links border-control and law-enforcement authorities across the bloc, allowing them to share real-time alerts during police checks and at external border crossings.

Former detainees, rights groups and lawyers say that information-sharing coincided with a surge in entry bans — separating families and leaving former prisoners trapped by opaque security decisions they can’t meaningfully challenge. Last week the European Data Protection Board warned that Germany and other member states were failing to provide sufficient data to assess whether individuals’ rights under the Schengen Information System were being respected.

“The situation of Ukrainians detained by Russia must be improved, as they are the group currently paying the highest price for safeguarding Europe’s security,” said MEP Pekka Toveri, a Finnish member of the center-right European People’s Party. “Russia’s war of aggression against Ukraine concretely demonstrates why such continuous assessment is essential. Managing Europe’s external borders is a core part of the credibility of the entire Schengen system, yet Russia’s brutal actions also create exceptional situations that no normal system is designed to handle.”

Dobrint’s barricades

In 2007, when eastern neighbors Poland and the Czech Republic became fully integrated into the Schengen zone, Germany dismantled the last of the checkpoints at which agents asked to see the passports of travelers entering the country by land. Within years, however, Germans began to have second thoughts about the move.

Amid the 2015 refugee crisis, multiple Schengen countries deployed internal border controls under emergency provisions of EU law. Those allow temporary checks as a tool the European Commission describes as a “measure of last resort,” limited to exceptional circumstances and typically applied in a targeted, intelligence-led way.

Germany used those exceptions most extensively, as the far-right Alternative for Germany (AfD) built political momentum by campaigning against migration and questioning the Schengen system itself. 

Mainstream parties across the political spectrum responded by repeatedly extending and broadening internal checks, framing them as necessary for the country’s security. An Interior Ministry spokesperson said the controls are required to “counter the strain on Germany’s systems caused by the overall high level of migration in recent years.”

After widening those controls to additional borders in 2023, Germany moved in September 2024 to authorize temporary checks along all of its land borders. Those controls have been carried out on a rolling, largely randomized basis rather than through fixed checkpoints. In 2025 the policy hardened further under Chancellor Friedrich Merz’s conservative-led government, which embraced the broad use of internal checks as a core element of its migration and security agenda and signaled its readiness to extend them again. 

Shortly after taking office in spring 2025, Merz’s government not only prolonged the temporary border controls but also announced a significant operational ramp-up: Interior Minister Alexander Dobrindt ordered thousands of additional federal police officers to border duties, substantially increasing the personnel assigned to checks. In March Dobrindt will have to decide whether to extend the temporary checks along all of Germany’s land borders for another six months, under pressure from the AfD as it prepares to contest five state elections this year.

Neighboring countries have chafed at Germany’s approach, which they say risks undermining one of Europe’s core achievements — the free movement of goods and services among companies. Luxembourg’s Home Affairs Minister Léon Gloden has pointed to controls along his country’s border that he says disrupt tens of thousands of daily commuters without justification.

Gloden has also called on the European Commission to intervene more forcefully. In an interview with the Financial Times in December, he accused Brussels of failing to properly enforce Schengen rules by allowing Germany to maintain prolonged internal border controls without challenge. The Commission, he asserted, has failed to carry out unannounced monitoring visits to assess whether the checks are still justified.

“The current border controls are necessary to enforce European legal principles and thereby safeguard the Schengen agreement in the long term,” said Günter Krings, deputy parliamentary leader of the CDU/CSU parliamentary group in the Bundestag. 

When one country’s alerts decide for all

That same impulse is felt far beyond Germany’s own land borders. Under Article 24 of the Schengen Information System regulation, any member state can flag an individual for posing a threat to public order or internal security. Other countries are bound to turn the person away at the zone’s external borders.

Documents reviewed by POLITICO show that in multiple cases, Germany entered such Article 24 alerts against former Ukrainian prisoners who had served sentences in prisons under Russian control. The names appear to have reached Germany as part of a list of 3,738 former prisoners generated by Ukrainian authorities and transmitted via Europol. 

The underlying security logic appears to rest on concerns that individuals who spent time in Russian-run detention facilities could have been manipulated by Russian intelligence. In a written response to POLITICO, Germany’s Federal Office for the Protection of the Constitution said it is aware of cases in which Ukrainian nationals who had been in Russian-occupied territories or transferred to Russia were approached, pressured or exploited by Russian intelligence services. The domestic intelligence services said such assessments are shared with other German authorities in formats ranging from general threat overviews to individual case evaluations, which may be taken into account in security-related decisions. 

Germany’s Interior Ministry asserted in written responses to POLITICO that refusal-of-entry alerts in the Schengen Information System are issued only after case-by-case assessments where a person is deemed to pose a risk to public security or order. Authorities may take into account information shared via Europol, the ministry said while acknowledging that it does not have statistics on how often such alerts are applied to specific groups.

“Heightened scrutiny in itself is legitimate,” said Czech MEP Nikola Bartůšek, who cited the hostile actions carried out by Russian intelligence services on Czech territory, including the lethal 2014 bombing of an ammunition warehouse in Vrbětice. “But what must be avoided is treating victims of war as suspects by default. Security concerns must be addressed through evidence-based assessments.”

That standard does not appear to have been applied in the case of Vasyl Soldatov, a Ukrainian former prisoner forcibly transferred to Russia during the war. After his release from detention in Russian-occupied Crimea in May 2025, Soldatov sought to travel onward to the Czech Republic, where his wife was living as a war refugee. Acting on advice from a human rights organization that warned him of a possible Schengen Information System alert, he submitted a data-access request to Czech authorities while still in Crimea.

While Czech police confirmed that Soldatov is not listed as an “undesirable person” under Czech law and is not considered a security risk domestically, authorities nevertheless enforced a refusal of entry because an active Schengen Information System alert — entered by Germany — obliged them to do so.

Similarly, when Yuliia Hetman, a former detainee from occupied Mariupol, arrived at the Polish border in September 2023, officers found no problems with her travel documents or visas and carried out no independent security assessment. But upon entering her name in the Schengen Information System, they found an alert attached.

In each case, national authorities in the Czech Republic and Poland stressed they had no choice but to enforce a Schengen-wide alert entered by Germany. Neither Soldatov nor Hetman has challenged Germany’s action in court. Contesting a Schengen alert abroad requires time, money and stable legal representation that most former prisoners or the small NGOs that serve them simply don’t have, according to Hanna Skrypka, a lawyer at the Kyiv-based Protection of Prisoners of Ukraine who provides legal counseling to Hetman.

The European Commission coordinates monitoring of how countries are applying the Schengen rules, with a number of countries selected for an evaluation each year. Evaluations are carried out by teams of national experts with the support of EU agencies like Frontex and Europol.  

These evaluations are presented in Schengen country reports, which include recommendations for each country, while the Commission prepares an overall Schengen Scoreboard each year to sum up progress on implementing those recommendations and to highlight any issues requiring urgent attention.

“Even the best evaluations are ineffective if the political will is lacking in the Commission and the Member States to comply with the applicable Schengen rules,” said German Social Democrat MEP Birgit Sippel. “The von der Leyen Commission has been conspicuously lacking in this will in recent years, not least in its handling of the reintroduction of internal border controls in Germany and the rejection of asylum seekers at internal borders. To preserve the Schengen area, internal border controls must therefore be lifted as quickly as possible.”

How Brussels will judge compliance

Germany will soon have to answer in front of its Schengen peers. 

The looming evaluation will deploy a Commission-coordinated team of more than 60 experts to conduct on-the-ground visits, request documents and data, and question the authorities responsible for implementing Schengen rules. Investigators are charged with measuring whether system-wide checks and balances successfully prevent alerts from being deployed in a de facto automatic or categorical manner.

The most telling way to assess whether the system protects individual rights is to examine how it works in practice, said an EU bureaucrat familiar with the evaluation process, such as by checking how many people request access to their data, how many seek rectification or deletion of alerts, and how often those requests lead to corrections or removals. Another indicator is whether the safeguards are actually used — including the existence of court challenges and whether national procedures allow people to meaningfully contest a decision. 

“The Schengen monitoring mechanism is a very technocratic tool. It can produce information on defaults and problems — but it doesn’t trickle down to enforcement,” said Romain Lanneau of Statewatch, a London-based NGO that tracks Schengen enforcement and EU police databases. 

Any ability to detect systemwide patterns is hampered by a failure of member nations to comprehensively disclose their use of the Schengen Information System, as Europe’s board of national privacy regulators claimed in a Feb. 4 report on the subject. The European Data Protection Board said “missing data” makes assessing compliance with privacy rules “problematic,” and that sharing information on people’s data subject rights is “very important for the successful operation of the SIS.”

Chloé Berthélémy, senior policy adviser at European digital rights group EDRi, said disregard for data protection requirements is a “long-standing issue in EU police cooperation” and one that has “never [been] addressed seriously by the Commission.” 

“For people affected, it is hard to understand who gets monitored, stopped, deported, or refused entry, and why. These decisions can have far-reaching consequences and alter lives. The Commission should step up efforts to address this serious lack of compliance with obligations by Member States’ police authorities,” she said. 

The available data nonetheless suggests stark differences in how countries handle requests from people to access, amend or erase their data in the Schengen database, whether those requests were granted, as well as details of court cases taken by data subjects.

In 2024 alone, Germany received 4,169 access requests from individuals flagged in the system, but granted only around half of them, far fewer than other countries contending with a comparable volume. Slovenia, for example, received 4,249 requests and granted almost all of them, according to figures reviewed by POLITICO. 

“What data protection should mean is that you can check what data has been stored, and whether it needs to be corrected or deleted,” Lanneau said. “The fact that there’s no information on whether law enforcement authorities are respecting these rights is maddening.”