European prosecutors are studying how the Moscow Office for the Information Technology Contractor helped build the new e -border system for the European Union, which will establish the largest personal information database in the bloc.
According to the documents seen in the Financial Times, the French IT group ATOS Russia employees used programs in 2021 for the very sensitive project, which aims to collect and store biometric data on all other European Union visitors to the European Union.
The disclosure of Russian participation raised important security questions about the comprehensive reform of the border infrastructure of the European Union. Its launch is still uncertain yet European Union Several targeted dates were canceled due to technical problems.
The leaked papers refer to the ATOS branch in Moscow, which works under a license that gives the FSB security service in Russia to reach its work in the country. Four people who have events have said that employees who take Moscow are directly involved in buying programs for the border system, which usually requires a security permit for the European Union.
The European Public Prosecutor's Office (EPPO) is looking to share atos Russia in the border project, according to two people aware of the investigation.
EPPO is responsible for investigating and prosecuting criminal crimes that affect the financial interests of the European Union. EPPO said it does not comment on cases or publicly confirms the investigations they follow. No fees were brought.
The European Union is called Entry/exit system (ES) will collect data that follows the movements of each foreign traveler who enters or exits the mass, records biometric and personal information as well as the visa status. Atos Belgium won the ES contract, which is now 212 million euros, along with IBM Belgium and Leonardo in Italy in 2019.
Olaf, the European Union Control Authority, last year, has achieved allegations over ATOS Russia's involvement, an unveiled investigation. It found that the measures taken internally by the European Union-Leza, the agency that is implementing ES, to address “security issues” was not enough, according to one person who has direct knowledge of the investigation.
The person said that insufficient evidence was found to open an investigation under the OLAF authorization to combat fraud, but recommendations were issued to the European Union to address weaknesses. Olaf refused to comment.
“We are aware of the fact that the European Union-Liza is closely cooperating with OLAF. A UNHCR spokesman said:” The agency may take all the necessary legal measures if necessary. “
The European Union-Leza said that “he is aware of the allegations related to the participation of Atos Russia” in the project and that “he had no contractual relationships with ATOS Russia.”
“There was no specific security breach,” the agency said, and that “he continued to conduct systematic security assessments and took all relevant measures since he learned.”
The software licenses needed for parts of ES were purchased through ATOS offices in Moscow in 2021, according to the internal documents obtained by FT. There is no evidence of ATOS's Moscow branch in ES work after Russia's extensive invasion of Ukraine in 2022.
The ATOS branch has been operated, since 2016, under a license granted by FSB, one of the rear agencies to the KGB of the Soviet Union. This covered “the development, production and distribution of encryption tools (encryption), information systems and communication systems,” according to Russian public records.
AndrĂ© Soldatov, an author and expert in Russian security services, said that such a license gives FSB “back door” in ATOS Russia activities. “They can look at everything that this company is working on,” said Soldatov.
Atos said that she escaped from her Russian business in September 2022 after the invasion. ATOS, IBM and Leonardo refused to comment.
One of the European officials said that the disclosure of ATOS Russia raised urgent questions about reaching such a sensitive project. They said: “The issue of security immediately comes to mind because of the huge amount of data that it contains (ES).”
ATOS used its Russian office to buy programs for a part of ES that would allow airlines to verify traveler information such as the visa case, according to the leaked documents and four people involved in the software sales in ATOS and EU-Lisa and its suppliers.
Yulia Plavunova, a Moscow -based ATOS employee, was the “basic” communication entity to purchase encryption certificates from the American Appviefx company that helps to verify the users of this part of ES, according to the leaked documents.
The Moscow address in ATOS was also included in documents regarding the license of a Swiss Group Magnolia program for the so -called intermediary programs that link different parts of the computer system.
AppviefX and Magnolia confirmed that ATOS used its Moscow office for purchases, while their contracts were with ATOS France and ATOS Belgium.
A former ATOS employee, who works on the project, said that Blavonova was “part of the Procurement Office” and that it was “constantly involved in the purchases that include a third -party contractor.”
The employee said that they were not aware that Blavonova was based in Russia, and that this was “strange” where “the employees who were identified in the European Union” could only be appointed to the project.
According to the main ES contract, which FT sees, all information technology contractors working on the project “must carry a valid security permit at the secret level of the European Union issued by the National Security Authority (in a member state) before providing services.”
The European Union-Leza said that “there was no specific security breach” as an employee in ATOS Russia “that was unable to reach the European Union IT systems-lezi, sensitive information or buildings.” The program, which was purchased by Appviefx, was not used and Magnolia was not used until 2022, according to the European Union.
Blavonova said she left ATOS in 2021 and “she could not reveal any information belonging to the former employer.” She said that her activity as a “ATOS Russia” software is “not associated with ATOS Russia” and that ATOS provided employees equal opportunities to work in different regions. Being the Russian does not mean working in FSB.
A spokesman for the European Commission said it “has full confidence in the ability of the European Union-Leza to manage ES security” and that the European-Liza “is a security review before ES is going.”
Additional reports from Chris Cook in London
