Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
European prosecutors are testing how an IT contractor’s Moscow office helped the EU to create a new electronic border system, which would establish the largest personal data database in the block.
According to the documents seen by the Financial Times, French IT Group ATOS Russia’s used workers to buy software in 2021 for the highly sensitive projects in Russia, whose aim is to collect and store biometric data on all non-EU visitors in the EU.
The release of Russian involvement has raised significant security questions about the ambitious overhole of the EU border infrastructure. Its launch remains uncertain later EU Due to technical problems, several target dates have been canceled.
The leaked papers are operated under a license in the ATS branches in Moscow that will provide access to its work in Russia’s FSB Protection Service. Four people of the events said that Moscow-based workers were directly involved in buying software for the border system, which usually requires an EU protection exemption.
The European Public Prosecutor Office (EPPO) is looking for Russia’s involvement in the border project, according to the two, including the knowledge of the investigation.
The EPPO is responsible for the investigation and trial of criminal crime, affecting EU’s financial interests. Eppo says it does not comment on the cases or not confirm the investigations that are publicly followed. No complaint has been made till date.
EU -called Entry/Exit system (EES) Each foreign travelers will collect or exit the block, recording biometric and personal information as well as recording their visa status and collect data. AOS Belgium won the IBM Belgium and Leonardo in Italy with a $ 212 million EES deal.
The EU anti-EU anti-Watchdog Olaf investigated the allegations of ATOS Russia last year, which is an investigation that has not been previously published. It has shown that the steps taken internally by the EU-Lisa EES implementation agency EU-Lisa were not adequate to add “protection problems”, according to a direct knowledge of the investigation.
Inadequate evidence has been found to open an investigation under the OLAF’s delicious anti-Mandet, the person said, but the EU-Lisa recommendation was issued to address the weaknesses. Olaf refused to comment.
“We are aware of the fact that we are closely cooperating with EU-Lisa Olaf. The The If the company proves necessary, all the necessary legal action can be taken, “a spokesman for the European Commission said.
EU-Lisa said the project was “aware of the allegations of ATOS Russia’s involvement” and it was “there was no contract-based relationship with AOS Russia”.
The agency said that “no protection was violated” and it “has continued to evaluate the systematic security and has taken all relevant steps since learning the matter”.
According to the internal documents obtained by FT, the software licenses required for the EES parts were purchased in 2021 through the ATS offices. There is no evidence that the Moscow branch of AOS was involved in EES work after Russia’s attack on Ukraine in 2022.
The AOS Branch, from the year 20 2016, was operated under the license issued by the FSB, the successor of the Soviet Union. According to the Russian public record it has covered the “Develop, Production, Encryption (cryptographic) equipment, data system and telecommunications system”.
Andrey Soltatov, author and expert of Russia’s protection services, says the national license provides FSB a “back door” in Russia’s activities. Soldatov said, “They can look at everything that this company is working.”
ATOS says it was submerged from its Russian business in September 2022 after the attack. ATOS, IBM and Leonardo have not agreed to comment.
A European official said that AOS was raising an urgent question about access to this national sensitive project. “The issue of security is immediately remembered because there is plenty of data [the EES] They have, ”they said.
The AOS used its Russian office to collect software for a part of the EES that allowed the airlines to verify travelers such as visa status, according to four people involved in the sale of software and their suppliers.
The Moscow -based AOS employee Yulia Plavunova was the “Primary” customer communication for the purchase of cryptographic certificate from the US company APVEX, which helps the users of EES to verify the EES, according to leaked documents.
The Moscow address of ATS has been listed on a software license sold by the Swiss Group Magnolia for the so -called Middleware, which attach different parts of the computer system.
Both APVEX and Magnolia have confirmed that AOS used to collect its Moscow office, while their contracts were with AOS France and AOS Belgium.
A former ATOS employee working in the project said Plavunova was “part of the Procurement Office” and “he was consistently involved in the purchase of third -party contractor involved[s]”.
The employee said that they were not aware that Plavunova was located in Russia, and it was “weird” because only the “EU-Colliard Staff” project could be offered.
According to the original EES agreement seen by FT, all IT contractors working on the project “Must keep a valid security exemption at the EU Secret level issued by the National Security Authority [in a member state] Before providing the service ”.
EU-Lisa said that ATS was not a violation of “no protection” by saying “EU-Lisa’s IT system, sensitive information or premises did not get access to the premises.” According to EU-Lisa, the software purchased by APVUX was never used and Magnolia was used until 2022.
Plavunova said he left Aoos in 2021 and “could not disclose any information included in my ex -employer”. He said that his activity as a software buyer was “AOS was not connected to the Russia business” and the AOS “workers had equal opportunity to work for different regions.. Being Russian does not mean to work for FSB.”
A spokesman for the European Commission said that EU-Lisa had full confidence in the EU-Lisa’s power to manage EES’s protection “and EU-Lisa” will perform security monitoring before the EES live “.
Chris Cook’s Additional Report in London
