News
A Russian subsidiary of the French company Atos, which has ties to Russia’s Federal Security Service (FSB), played a role in creating the EU’s largest biometric database for tracking people crossing the bloc’s borders, the Financial Times (FT) reported earlier today. According to the FT, the European Public Prosecutor’s Office (EPPO) has launched an investigation into the matter.
Documents reviewed by the FT revealed that in 2021, the French IT group Atos used employees from its Russian branch, Atos Russia, to buy software for the new Entry/Exit System (EES) — a project aimed at establishing the largest biometric database used by the bloc to collect and store data on all non-EU visitors to member states. In 2019, Atos Belgium won the contract — now worth just under $220 million — in a joint bid with IBM Belgium and the Italian company Leonardo.
The report of Russian involvement has raised serious security concerns regarding the extensive revamp of the EU’s border infrastructure. The system's most recent launch date was set for Nov. 10, 2024, but was delayed yet again due to technical issues and concerns from member states over potential border congestion. In response, the European Commission decided on a gradual six-month rollout instead of an immediate implementation. It is reportedly due to launch in 2025, although the specific date is yet to be confirmed. Doug Bannister, chief executive of the Port of Dover in the UK, recently said that the system will not be introduced until November 2025.
The EES will replace manual passport stamping with a digital registration system, requiring non-EU travelers to submit fingerprints and facial recognition data when entering the Schengen Area. Designed to enhance border security, the system will electronically monitor travelers' entries and exits.
Last year, Olaf, the EU’s anti-fraud watchdog, carried out a previously undisclosed investigation into allegations involving Atos Russia. According to a source with direct knowledge of the inquiry, the probe found that EU-Lisa, the agency responsible for implementing the EES, had taken internal measures to address “security issues” but deemed them insufficient.
While there was not enough evidence to launch a full investigation under Olaf’s anti-fraud mandate, recommendations were issued to EU-Lisa to strengthen security measures. Olaf declined to comment to the FT.
According to Russia’s Unified State Register of Legal Entities (EGRUL), Atos Russia has operated under an FSB license for the “development, production, distribution of encryption (cryptographic) tools, information systems and telecommunication systems” since 2016. Journalist and author Andrei Soldatov, an expert on Russia’s security services, told the FT that such a license effectively grants the FSB a “back door” into Atos Russia’s operations. “They can look at everything this company is working on,” Soldatov said.
According to leaked documents — along with the accounts of four individuals involved in software sales at Atos, EU-Lisa, and their suppliers — Atos used its Russian office to acquire software for a segment of the Entry/Exit System designed to enable airlines to verify traveler information, including visa status.
Yulia Plavunova, a Moscow-based Atos employee, served as the “primary” customer contact for the procurement of cryptographic certificates from the U.S. company AppViewX, which are used to verify users within that segment of the EES.
Both AppViewX and Magnolia confirmed that Atos used its Moscow office for procurement, while their contracts were with Atos France and Atos Belgium.
Plavunova told the FT that she left Atos in 2021 and “cannot disclose any information that belongs to my former employer.” She stressed that her role as a software buyer was “not connected to Atos Russia business” and noted that Atos “provided employees with equal opportunities to work for different regions… Being Russian doesn’t mean working for the FSB.”
Atos said that it divested from its Russian branch in September 2022 — half a year after the full-scale invasion of Ukraine began.