The promise of security of unfinished infrastructure: Temporal configurations of the ‘interoperability’ project and the criminalization of migration

Introduction

Atlantropa is the name of an imagined and planned, but unbuilt massive infrastructure project. In the late 1920s, German architect Herman Sörgel envisioned Atlantropa as an oceanic dam connecting Gibraltar in Spain and Tangier in Morocco, connecting Europe and Africa. The gigantic project was meant to engineer a dam that would cut the Mediterranean Sea at the Strait of Gibraltar and cause a drop in sea level to create new land for settlements for Europeans and to generate hydropower for all of Europe. This neo-colonial geopolitical megaproject gained popularity in the 1920s and 1930s and was promoted with materials such as plans, maps and scale models of several dams and new ports along with the Mediterranean coast.

Carse and Kneas (2019) use Atlantropa and other large-scale examples of unbuilt and unfinished infrastructure as a source of inspiration to reflect on the temporalities of infrastructure. They explore different temporal configurations which ‘draw attention to the forms of temporal reckoning and interplay that take place as planners, analysts, politicians, speculators, displaced peoples, and potential users are drawn into relation through infrastructure projects’ (Carse and Kneas, 2019: 14). Taking inspiration from their conceptual propositions we can travel through time from the late 1920s and zoom into the temporal configurations of the prestigious flagship project of the EU Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA), the so-called interoperability project (IP). Around 100 years later, the IP is likewise another Eurocentric large-scale infrastructural megaproject, connecting database systems at EU level at the intersections of migration, border and crime control, thus enabling the flow of data of 3rd country nationals across Member States’ (MS) migration and border control, and law enforcement authorities. The IP aims to connect already existing database systems, as well as systems currently under development. These systems are proudly presented as ‘game-changers in the European Justice and Home Affairs area’ and interoperability as the solution to making these ‘EU IT systems work(ing) together for a safer Europe’ in an info leaflet of eu-LISA. In short, the mission is to advance security in the EU through the convergence of migration, border and crime control entangled with the interoperability framework and the EU information systems for security, border and migration management.

What Atlantropa and the IP have in common is that they are large-scale infrastructure projects of monstrosity, relying on omnipotent techno-scientific promises and build on the Eurocentric expansive rationales of control renegotiating Europe's borders. Atlantropa remained a speculative imperial and colonial unbuilt infrastructure that aimed at the control of expanded European territory. Questions can been raised about the IP's ‘data colonial’ character (Couldry and Mejias, 2018; Mumford, 2021), owing to the extraction of data from non-EU-citizens, including vulnerable populations of former colonies, by Global North actors to confront migration and mobility as ‘problems of government’ faced by the EU and its MS. It does so in a way that denies migrants and mobile people's ways of knowing and being in situations of border struggles (Scheel and Tazzioli, 2022) and without providing sufficient oversight and accountability (Fallon, 2020). Contrary to Atlantropa, the IP is on the path towards its incremental implementation and roll out, yet still an emergent and unfinished infrastructure, with the constantly renewed promise to provide security and safety in the EU. The problem to which the IP is presented as the solution builds on the repetition of ‘threats to internal security [e.g., the author], the series of terrorist attacks in several MS and the increase in irregular crossings of the EU's external borders’ (European Commission, 2017). Since the adoption of its regulation in 2019, the IP is in a constant state of becoming, with different subprojects with their own trajectories and timelines, dedicated to the expansion of law enforcement's access to migration data of third country nationals. I argue that it is also normalizing the criminal suspicion directed against migration and migrants, on a continuous basis.

The monstrous infrastructure-in-the-making normalizes over time the totalizing imaginaries of the ‘crimmigrant other’, the criminal migrant (Franko, 2019). The opening of existing migration databases such as Eurodac for law enforcement access is already in operation. The inclusion of the law enforcement database system Prüm into the IP is planned and foreseen with the Prüm 2 update. These different subprojects are meant to become synchronized, thereby replicating and enforcing imaginaries of the ‘crimmigrant other’ as a security threat, and the integration of databases as the promised solution.

In this commentary, I explore two temporal configurations of the IP with substantive impacts on the criminalization of migrants and migration. I conclude by calling for infrastructural accountability for the temporal aspects of obfuscation.

Delays and infrastructural obfuscation

In early documents such as the feasibility study about the IP from 2019, the implementation plan had already foreseen rolling the IP out in different modular phases, one database after another, incrementally making different database systems interoperable. The initial plans for the IP included yet-to-be-built components such as the European Travel Authorisation System (ETIAS), the European Entry-Exit-System (EES) and the Criminal Records Information System for Third Country Nationals. However, it also included already existing systems such as the Visa-Information-System (VIS), Schengen Information System and Eurodac. Among these were some systems meant to have already been integrated earlier, and others meant to be integrated later. Finally, there were database systems that initially were not yet mentioned but then became infrastructure candidates to be plugged in at a later stage, such as the database system Prüm that organizes transnational data exchange for police collaboration. Prüm had to go through autonomous transformations, from its initial version to an updated and expanded version ‘Prüm 2’, which required a new regulation to make the database exchange system eligible for technical transformations, including a so-called Prüm II router, enabling integration into the IP in the foreseeable future. The initial timeplan (see image 3) had envisioned a completion of the major transformations until the end of 2023 (European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), 2019). In December 2021, the Council of the European Union published the state of play and a revised timeline for the entire IP which stated the substantial delay of single components such as the EES. As a consequence, an alternative timeline for EES, the ETIAS and their interoperability was drafted without putting the ‘ultimate objective of having the new interoperability architecture implemented by the end of 2023’ at risk (Council of the European Union, 2021).

Delays in regulatory as well as in technical processes of single database systems demanded rescheduling milestones for their implementation and resulted in new timelines. The overarching goal not to jeopardize the final completion deadline of the end of 2023 also required the compression of other planned project time. As the different database systems were designed to be deeply integrated and connected through various components including the Common Identity Repository and the shared Biometric Matching Service (sBMS) among others, it soon became evident that it was unavoidable to confront another replanning and rescheduling of the entire IP. In October 2023, the Council of the European Union published an updated ‘Roadmap to Interoperability’. Eu-LISA presented a strategy ‘Remobilise, Renew and Resolve’ to demonstrate the capacity to gain back control over the delays, suspensions and slowdowns of the entire process (Council of the European Union, 2023). The delivery of the EES was then foreseen until autumn 2024. Autumn 2024 passed and the EES did not start. Instead, multiple delays followed and the result was a ‘“combination of political lock-in and operational failure” where the technology enter[ed, the author] a state of suspension, ‘neither accomplished nor abandoned’ (Boswell and Besse, 2023: 2; van Isacker, forthcoming). It is in the moments of suspension and delays that political and technical negotiations across various stakeholders on the national level, tech industry and on the EU level such as EU institutions and agencies, lead to transformations of the system. These are transformations that require compromises across all stakeholders in order to appropriate the systems for situated implementations, as van Isacker (forthcoming) shows for the UK-EU border at the sites of Dover and Calais. These changes, deriving from adjustments during implementation on local and national levels, and not foreseen and covered by the initial regulation, partially escape public attention and public scrutiny.

With a focus on the temporary zone between the start of the IP until its predicted completion, its planned ‘project time’, waiting and delay then become the norm for delivering on the promise of security (Karasti et al., 2010). These forms of stretching project time have a significant impact on attempts to know and understand, and hold accountable a project with generally very low public visibility. As it is incredibly difficult to track and trace the tremendous number of processes, changing and creeping but expanding constantly over time, this way of governing creates forms of obfuscation. Promises of security are foregrounded, while the simultaneous, multiple and complex ways it configures and targets the ‘crimigrant other’ as a threat, are backgrounded. The infrastructure turns into a ‘promissory note’ that prompts people, targeting in particular EU citizens, to imagine a future world and their place in it, to be safe from stigmatized, othered, racialized, criminalized non EU-citizens (Anand et al., 2018).

Unfinished projects can reshape social and political life while being in the making. The temporal horizons of infrastructures can create or dissolve political spaces or action (Petryna, 2017). The chronology of an incrementally growing complex infrastructure with the constant delays, rescheduling and readjusting timelines that accompanies the preparation and roll out of the IP, tends to close spaces of political action. Thus, the European Data Protection Supervisor (2018: 15), already in 2018, warned about the IP, stating that ‘[a]ssessing the precise implications for privacy and data protection of a very complex system with so many ‘moving parts’ is all but impossible’. This adds obfuscation because it repeatedly makes it more difficult to trace and track not only the planning and replanning but also the technical adjustments and readjustments throughout the implementation of multiple, complex long durée and large-scale developments, at the EU and MSs’ level. It is a particular form of ‘infrastructural obfuscation’ (Bridges, 2021; Zer-Aviv, 2021) because it conceals its expansion and extension of surveilling and criminalizing migration and migrants in its multiple intended sophisticated forms. But additionally, infrastructural obfuscation derives from obscuring the multiple unintended consequences of creating delayed, adjusted and repurposed versions of the IP over time, which may only become partially visible once it materializes from an unfinished infrastructure into an incrementally running infrastructure.

The IP builds on a speculative threat of the ‘crimmigrant other’ to legitimize the maintenance and expansion of existing and new database systems and their interconnections, without much evidence of its utility for law enforcement purposes taking the examples of Prüm and Eurodac into account (see Amelung, 2023). Beyond anecdotal single ‘success cases’ of law enforcement authorities, no statistics exist on what sort of and how many criminal cases can be resolved with law enforcement access to Eurodac and police collaboration through Prüm. In this sense, this infrastructural architecture builds on a speculative promissory note of safety relying on the presumed suspicion deriving from the targeted population, and provides no evidence that the IP could even live up to its own proclaimed efficiency and efficacy of databases for the designated purpose of law enforcement. Yet, detaching the promise of omnipotent infrastructures from the actual implications for the subjects governed by it is highly problematic and ambiguous, with still poorly understood multi-faceted consequences for their lives.

Disconnected temporalities, multiplicity of expansions and losing the ‘bigger picture’

Since its adoption in 2019, the IP is in a constant state of becoming, with different subprojects with their own trajectories and timelines, dedicated to the expansion of law enforcement's access to migration data. The project incorporates distinct temporal frames, rhythms and already built and expected to-be-built conditions of possibility that rely on each other. The disconnected temporalities of single subprojects complicate the assessment of entwined forms of normalizing the criminalization of migration. The opening of existing migration databases such as Eurodac for law enforcement access is already in operation. The inclusion of the law enforcement database system Prüm into the IP is planned. These two different sub-infrastructural projects are meant to become synchronized and standardized in many ways, thereby replicating and mutually enforcing imaginaries of the ‘crimmigrant other’, the criminal migrant, and certain forms of migrant solidarity as a threat and problem, that requires interoperability as a catch-them-all technological solution.

Since their inception, the Dublin and Eurodac regulations have established data categories to classify and sort (il)legitimate forms of migration and migrants. Over time, the list of possible classifications of situations of ‘irregularity’ and ‘illegality’ to act upon has been substantially expanded, adding more fine-grained descriptions of non-legitimate and non-legal situations of migrants in EU territory. In consequence, data searches in Eurodac can be conducted using data on different ascribed migrant statuses, ranging in their degree of entitlement to international protection and degrees of criminalization. These data categories include data from: ‘asylum applicants’ (category 1), ‘irregular border crossings’ (category 2), ‘illegal stays in Member States’ (category 3), ‘law enforcement searches’ (category 4) and Europol searches (category 5). One form of normalizing the criminalization of migration took place with the help of integrating ‘irregularity of a migrant's stay’ into the Dublin system. This refers to an immigration law concept used to extend measures of control against those ‘irregular migrants’ categorized as ‘illegally’ entering or staying on EU territory. Another form of normalizing the criminalization of migrants over time took place when authorizing the access of law enforcement authorities to Eurodac, with the justification of additionally checking Eurodac's data for the purpose of preventing or investigating cases of serious crime and terrorism. The recent Eurodac Recast project turned into another expansionist data collection project, incorporating more biometrics including facial images, and increasing the amount of eligible people from whom to take data by lowering the age down to six. In conclusion, the possible operations relying on the database added the torquing qualities against migrants, namely possible measures such as detention, removal and repatriation, to an incrementally growing range of criminalized situations of migration (Amelung, 2023; Barak, 2013; European Digital Rights, 2023).

Prüm has become a substantial player for EU cooperation in operational activities that contribute to policing migrant smuggling on the EU level (EPRS, 2025: 10). As counter-smuggling legislation, policy discourse and policy making increasingly criminalize solidarity actions with clear humanitarian purposes, the number of people facing administrative or criminal procedures is on the rise across the EU (PICUM, 2025). The Prüm database together with the IP will support this trend in the future. This additional form of constructing criminal suspicion against migration and solidarity action has received criticism from scholars and civil society organizations, pointing to the unclear distinction between what is and is not smuggling and what is and is not humanitarian (Gordon and Larsen, 2022). Expanding Eurodac, and including Prüm II as an additional candidate within the IP, bring into focus the expansion of data access to another increasingly powerful law enforcement actor: Europol. Europol gets more competences and access to migration data via the IP through various database systems, step-by-step and over time due to the incremental timeline of expansion. As Europol also exchanges biometric data with non-EU countries, civil society organizations stated concerns about Europol's data exchange with third countries with questionable human rights records. EDRi (2022: 11) states in a position paper published about the Prüm II proposal and the role of Europol's involvement in the data exchange, that it is concerned about the possibility that MSs’ authorities may ‘penalise dissidents or other people who are facing politically-motivated persecution from third countries’. EDRi also problematized the possibility that third states may label people as security threats according to their own standards which may also impact asylum adjudication procedures in the EU.

The construction of criminal suspicion against migration and migrants, and against solidarity action with migrants, happens in different ways across single database systems according to their own chronological expansionist agendas, path dependencies and the incremental accumulation of different forms of criminalization. With regards to the processes of constructing criminal suspicion, in the case of Eurodac, we find over time that specific forms of migration per se turn into crime. Additionally, migrants are targeted with criminal suspicion as potential offenders of severe crime and terrorism. The use of Prüm for the policing of migrant smuggling, and the ambiguous confusion surrounding ‘migrant smuggling’ and humanitarian action may intensify the criminalization of migrant solidarity. These developments together allow for the incremental repurposing of initially defined objectives and purposes, and the incorporation of various expansionist and extractivist logics consolidating the figure of the ‘crimmigrant other’.

What makes this speculative and ambiguous mode of infrastructural governance of promising ‘security’ stable no matter how much the infrastructure and sub-infrastructures are adapted over time and repurposed, can be explained in terms of what Larkin (2013) has called poetic mode of infrastructures. The poetic mode in the context of infrastructure means that form may be disconnected from its technical function, yet EU institutions and MS offer infrastructures as representations of security to their citizens and ask them to take them as social facts and thus create a politics of ‘as if’ the promised function is given (Larkin, 2013: 335).

Conclusion

I reflected on different temporal configurations that shape the evolution and social and political implications of the IP when it comes to the criminalization of migration and migrants. First, stretching and compressing infrastructural ‘project time’, planned immense time spans and unplanned delays create difficulties in tracing and tracking long durée and large-scale infrastructural processes confronting different forms of obfuscation (Karasti et al., 2010). Second, effects from synchronizing and integrating different temporalities combine their own temporal path dependencies of criminalizing migration and migrants of single database systems such as Eurodac and Prüm.

While technical and regulatory frameworks and possibilities are getting ready for operation, the proof of evidence of their promised utility in the name of security, and also information that could provide means to assess the potential harm to the people whose data is stored, are pending. Calls for accountability of this unfinished infrastructure remain widely unheard. Demands for provision of meaningful statistics and evidence for the efficiency, efficacy and proportionality of the IP as a useful tool for law enforcement are also unheeded, as well as information mechanisms that allow tracking and tracing of the harm from human rights violations supported by large-scale information systems.

While Atlantropa's monstrosity as a large-scale infrastructural project was understood through plans on a mass scale showing massive architecture with dams, towers and geographic maps demonstrating the imagined impact on the surrounding territories, the visibility of monstrosity in the IP is different. Understanding the monstrosity and the temporal horizons of the EU large-scale information system and the plan to make them interoperable relies on capacities to counter multiple obfuscations and to engage critically with them. On the one hand, the multiplicity of temporal infrastructural processes, and aligning them for the IP, requires a way of carefully and critically understanding the single ‘dots’ and connecting them to assess and anticipate the criminalization of migration. On the other hand, paying rigorous attention to these multiple synchronized temporal processes of large-scale infrastructures actually requires slowing down to see ‘delay, accretion, suspension, repair, resistance, and repurposing’ (Anand et al., 2018: 15). Paying rigorously attention in this way may be ‘infrastructural inversion’ in order to bring to the foreground what easily sinks into the background of visibility and attention when facing unfinished long durée and large-scale infrastructure projects (Bowker, 1994). At the time of writing, at the beginning of June 2025, eu-LISA celebrates on its website the latest achievements and the ‘completion of the first milestone of the Interoperability Roadmap’: ‘[o]n 20 May 2025, eu-LISA successfully launched the shared Biometric Matching Service (sBMS’ together with a VIS Upgrade (eu-LISA, 2025). This is the often delayed completion of the first phase out of four planned ones. It is hoped that this work will motivate for the time and collective effort required to critically follow the past, present and still unpredictable future of the continuously unfinished IP.

Supplemental Material