In this episode, we take a closer look at biometric surveillance technologies used to track and identify people along the so-called Balkan Route. In the first instalment, we’ll focus on North Macedonia and in the second, we’ll turn our attention to Serbia and Bosnia. As with our previous episodes, we’ll zoom in on key border areas, and this time, it's key transit countries on the Balkan Route. In today’s episode, we’ll hear about Abdullah’s experience of crossing in North Macedonia, a fictional story based on real testimonies collected by the Border Violence Monitoring Network. But before we get into it, let’s clarify some terms. 

Intro - biometric data and surveillance technologies

When we talk about surveillance technologies in the migration context, we mean tools and systems designed to monitor, track and identify individuals attempting to cross borders. The range of surveillance technologies and Artificial Intelligence in use today is vast, including everything from drones and thermal cameras to infrared sensors, heartbeat detectors and facial recognition systems. 

Surveillance systems often rely on the collection of biometric data, which is personal information like fingerprints, facial images or iris scans, that can uniquely identify an individual. Think about unlocking your phone with your fingerprint - that data is unique to you. It’s highly sensitive data which should be handled securely. These days, biometric data is routinely collected from people applying for asylum alongside their basic biographical information such as name, age and nationality. The collection of this sensitive data is deeply embedded in how EU states, and increasingly non-EU states, control migration. It is rooted in European colonial practices of surveilling and discriminating against racialised groups.

But its growing use raises serious concerns about the potential harm it can cause, from potential privacy and data violations to the denial of adequate asylum procedures and the criminalisation of migration. For people on the move, these technologies can have grave consequences. 

So, in the context of border enforcement, biometric surveillance is primarily used for identification purposes. By that, we mean the process of registering and verifying the identities of individuals as they cross a border. Often, this can serve as a way to differentiate between what authorities deem legitimate and illegitimate movement. As people cross EU borders, a single fingerprint can unlock an individual’s full personal data. This enables authorities to track and confirm whether individuals have previously entered EU territory or submitted an asylum application.

In the EU, there is a centralised IT database called EURODAC, which is designed to identify where someone has entered the EU and who has applied for asylum. The biometric data stored in EURODAC includes digital fingerprints and facial images, attached to information on whether they could pose a threat to international security and their asylum application or rejection. Fingerprints are digitally transferred from member states to the EURODAC database for comparison against existing records. If a match is found, the relevant member state authorities are notified. A match indicates that the person’s fingerprints are already in the system, meaning they have already applied for asylum, are currently being processed in another member state or may have attempted to enter a member state without authorisation. 

Since 2003, EU member states have been required to collect this biometric data from anyone entering EU borders. Biometric data stored in the EU can be accessed by law enforcement of EU member states as well as the EU agencies involved in border enforcement, like Frontex and EUROPOL, albeit with restrictions. While data-sharing with non-EU countries is technically prohibited, it may be shared with law enforcement for the “purpose of identifying and re-documenting irregular migrants in the process of return and readmission"

With that, EURODAC is supposed to help enforce the so-called Dublin regulation, which rules that people have to apply for international protection in the first country where they set foot. Recently, however, EURODAC has transformed into more than that. With the most recent reform, the scope of EURODAC has expanded to support the prevention of irregular movements and to facilitate the enforcement of returns. Data can now be collected and stored in the database for 10 years from people seeking international protection, including children as young as 6. In the case of  “persons found irregularly entering or illegally staying in the EU”,  that data will be stored for 5 years.

In many cases, biometric data isn’t just collected for identification in a formal asylum procedure; our research has revealed that very often, biometric data is collected in the context of forced and illegal expulsions, known as pushbacks. While these systems are framed as mechanisms for managing asylum claims and “irregular migration”, in practice, they often become tools to facilitate exclusion, surveillance and human rights abuses. 

To grasp the real impact of these surveillance technologies, let’s hone in on North Macedonia, a key transit country for people trying to reach Western Europe. The typical journey involves crossing from Turkey into Greece, then onward to North Macedonia. Although North Macedonia isn’t an EU member state, the EU has poured vast amounts of money into strengthening the country’s border controls and enforcement. Since many countries in the Western Balkans, like North Macedonia, aspire to join the European Union, the EU has strategically tied their prospects of joining to certain conditions - like ramping up border surveillance. This practice of border externalisation involves outsourcing security measures to countries outside the EU’s borders, shifting the responsibility for migration management. 17.5 million EURO from the so-called pre-accession funding (IPA) to North Macedonia has so far been spent on border technologies, IT systems and training, all aimed at tightening migration controls in line with EU standards. 

This means that EU policies and funding, financed by taxpayer money, are directly fuelling the expansion of surveillance and control beyond the EU’s borders. This, of course, raises concerns about pre-accession funds being used in ways that violate the rights of people on the move and enable the practice of illegal pushbacks.

“I’ve tried to cross the border many times. I’ve lost count. The most recent was in June in Gevgelija. It was early morning and I was with two others, both from Morocco. We were waiting at the bus station, waiting to take a bus to Skopje“  

This is the story of Abdullah, a 25-year-old man from Morocco, who has attempted to transit from Greece into North Macedonia multiple times. What happened next is not uncommon. Two men approached him, whom he believed to be police officers, dressed in dark blue uniforms with the North Macedonian flag on the side of their sleeves. They spoke first in Macedonian, then shouted in English, ordering him and his transit group to show them their documents and not to move. Within thirty minutes, a dark van pulled up. 

“The officers ordered us to get into the back and pushed us inside, where ten other men were squeezed together.”  

The group was then driven a short distance to what Abdullah described as a ‘camp’, rows upon rows of containers. What Abdullah describes is likely the Vinojug Temporary Transit Centre, a site made of containers close to the Greek border in a town called Gevgelija and regularly used for detaining people in transit before forcibly pushing them back into Greece. Until today, the camp looks almost exactly as it did the day it was first set up. On one side, you have three massive UNHCR tents lined up, and on the other,  broken down and abandoned cars. Everything has been worn down from 10 long years of existence.

Many individuals we have spoken to have passed through Vinojug, and they’ve reported harsh conditions here, such as being denied access to food, water and even the bathroom. A 2024 European Commission report on the country states that the transit centre lacks adequate protection services, like medical and psychosocial care and interpretation services. This is also reflected in the Frontex Consultative Forum on Fundamental Rights’ twelfth annual report published in 2025. The Forum, made up of different European and international institutions, expressed concerns that people are detained at Vinojug without proper information or documentation. It further states that people were registered and fingerprinted, but did not receive official documents outlining their legal status and rights. These reports highlight the systemic failures at Vinojug, which raise questions about the EU’s commitment to protecting human rights. 

“They took me into one of the containers. No translator, I didn’t understand what they were saying.  They asked for my name, where I’m from and my age. Then they took my fingerprints and a photo. No explanation. I tried to ask for asylum once before. They told me, ‘You’re from Morocco. You don’t get asylum here.’ So I didn’t ask again. What’s the point?”

A video of a pushback from North Macedonia, recorded and shared with BVMN by one of the people forcibly returned to Greece, contributes to the evidence of these systematic practices. A visual investigation on the incident carried out by BVMN, can be accessed here. In it, you can hear the following conversation between the person on the move and one of the officers:

1.55 sec: (Respondent) We will go to Greece, or we stay here? Please. We go to Greece, pushback?

(Officer) Greece, yes!

(Officer) Just a moment

(Respondent) You know it is not legal to go to Greece, to push back to Greece?

(Officer) Finish!

Abdullah and his group were detained in a container where they were subjected to biometric procedures. Their fingerprints were scanned using machines and photos were taken - all without the explanation of what was happening. Within half an hour, they were loaded back into the van, driven just five minutes to the Greek border and ordered to get out before being forcibly pushed back across.

While this story is fictional, it is based on real testimonies collected by the Border Violence Monitoring Network and stored in our database. Although Abdullah is not a real person, the details of his experience closely reflect those of many people on the move. Like Abdullah, they are routinely apprehended, detained indefinitely, interrogated and subjected to biometric data collection, including fingerprints and photographs, without explanation or consent. They’re often denied access to translators, legal support or the basic right to seek asylum. In many cases, the processes are accompanied by brutal violence - verbal harassment, beatings and even forced undressing.

It’s hard to imagine how terrifying and disorienting that must be: to be detained without explanation, unable to understand the language and then forcibly returned across a border.

Out of the 70 testimonies BVMN has collected of pushbacks from North Macedonia to Greece, 38 people reported that they had their fingerprints taken. What we see here is a disturbing pattern: a recurring violation of human and privacy rights as part of the systemic practice of pushbacks. It’s important to note here that the testimonies collected by BMVN represent only a small snapshot of what is happening at the border. The real number of people facing pushbacks is much higher. 

People on the move are in a vulnerable position, often sharing information under the belief that it will be used to process their claim for international protection. But here’s the real violation: they are coerced into giving up this data without being offered access to the asylum procedure at all. There’s a kind of make-believe, the expectation that their data will help them secure international protection. Instead, it’s used to facilitate pushbacks, denying them that very right and violating transparency and lawfulness, core principles of data protection (GDPR). 

In reality, the information and biometric data they provide are often used not to lodge their asylum claims but to track, control and ultimately prevent them from seeking safety. To make an informed decision about sharing such sensitive data, people need to know exactly what it will be used for, who will have access to it and also how it will be protected. Without this understanding, they are left in the dark and made more vulnerable. Essentially, people on the move are stripped of their digital agency, coerced into giving up data that they no longer control, with no clear path to asylum and denied the very protection they sought in the first place. 

When people on the move are forced to provide biometric data without proper information or consent, it turns into a tool of control rather than protection - with lasting consequences. Some are criminalised and detained for simply crossing borders, while others are charged with a crime of facilitation. Those who make it further into Europe might be deported later on the grounds of having given their fingerprints in another EU country or having passed through a so-called “safe-third country”. 

Technically, Abdullah's fingerprints were taken when he was apprehended in North Macedonia, non-EU Territory. And still, it is quite likely that his fingerprints ended up in EURODAC, the EU fingerprint database. How come?  

BALKANDAC

Over the past five years, the EU and Frontex have been quietly developing biometric registration systems in the Western Balkans, informally known as BALKANDAC. It is modelled after EURODAC, the European fingerprint database used to track asylum seekers mentioned earlier. It’s part of a growing and increasingly interconnected web of surveillance outside of EU borders. 

So what’s really going on? 

Biometric databases in the Western Balkans are designed to identify people crossing borders in the region. This data could then be shared with EU countries as part of broader efforts to “manage migration”. In other words, to prevent irregular migration before it reaches internal EU borders.

When we talk about sharing data between non-EU Balkan states and EU members, there’s a lot that’s not really transparent to the public. We don’t have all the details, but we have a pretty clear sense that it’s happening to some extent. 

First of all, EU agencies like Frontex and EUROPOL are key actors in the establishment of data-sharing frameworks, such as the BALKANDAC model, and in some cases even assist with data collection, which means that access to biometric data is shared, even if indirectly, with EU agencies. The most recent proposals for the reform of the EUROPOL Regulation and the Frontex Regulation suggest an expansion of data-sharing powers with third countries, which could further extend this web of information exchange. 

Then there’s the role of European Migration Liaison Officers, or EMLOs, who were deployed in the Western Balkans as early as 2019, with the stated aim to “support the development by partners in the Western Balkans of interoperable national biometric registration and data-sharing systemality and compatibility with EU systems”. EMLOs are authorised to process biometric data and can also share personal data with law enforcement and other agencies involved in preventing irregular migration. This essentially allows for the exchange of biometric data, potentially across the EU.

Lastly, and perhaps most concerning, individual countries in the region have entered into agreements that facilitate the sharing of data between law enforcement agencies. One key example is the agreement signed on 13 September 2018 in Vienna, involving Albania, Austria, Bulgaria, Hungary, Moldova, Montenegro, North Macedonia, Romania, Serbia and Slovenia. This agreement enables participating states to automatically share biometric data, including DNA and fingerprints, as well as vehicle registration information, giving them access to each other’s databases. This will likely include the biometric data of people on the move who are stopped during border crossings or police checks.

These kinds of agreements are modelled after the EU’s PRÜM agreement, adopted in 2008 - another example of the extension of EU migration and law enforcement systems beyond its borders. The agreement is an initiative between EU Member States aimed at improving cross-border cooperation. It enables the quick and efficient exchange of police information, including DNA profiles, fingerprint data and vehicle registration data. In essence, the EU is expanding its data-sharing framework to include not just member states but also third countries, with significant implications for privacy and surveillance across the region. 

What’s even more troubling is the possibility that the EU might use this system to sidestep their responsibilities. By outsourcing biometric data collection to non-EU countries along the Western Balkan route, they may be avoiding obligations tied to processing asylum claims.

As we hear in Abdullah’s story, crossing a border without the right papers isn’t treated as a simple administrative issue but rather a criminal act. People on the move are subject to policing, detention and punishment. Abdullah has been apprehended several times while attempting to transit from Greece into North Macedonia. Each time, instead of going through administrative immigration procedures, he was forced into a van, detained in a container camp, fingerprinted and photographed without an explanation and denied the opportunity to apply for asylum. In the end, he was pushed back across the border to Greece. Abdullah’s experience is sadly far from unique and illustrates how the whole system works. What he went through is part of a much bigger pattern, where migration is treated more like a crime to be punished rather than a normal human activity. This blurs the line between migration management and criminal enforcement, as the growing overlap between migration and criminal databases leads to the increased criminalisation of people on the move, making it more difficult for them to access asylum or international protection. 

The biometric data being collected in these non-EU states, like North Macedonia, is often gathered without the safeguards guaranteed by the EU’s own protection laws, like the GDPR, regarded as the strongest privacy and security law in the world. Despite this lack of safeguards, EU institutions are helping to finance the development of these systems, like BALKANDAC, through pre-accession funding. Meanwhile, people aren’t being told what data is being collected, why it’s being collected, who has access to it or how long it will be stored. And we know from multiple testimonies that this data is being collected at the borders before people are pushed back. 

Role of FRONTEX and IOM  

Let’s take a closer look at the role of two major actors in European border management: Frontex and IOM. 

​​Frontex, the European Border and Coast Guard Agency, has played a key role in migration management in North Macedonia for years. Back in 2009, they made a deal with the country to tackle “illegal migration” by strengthening border control and boosting security between the EU and North Macedonia. This led to a variety of actions, like information exchange, risk analysis, joint training and technical support. 

In 2019, their mandate expanded, giving them the green light to carry out operations not just inside the EU, but also in non-EU countries. This move set the stage for new agreements, and by October 2022, the EU and North Macedonia signed a new deal with Frontex to take border management to the next level. Under the agreement, Frontex would help North Macedonia manage and protect its borders, run joint operations and deploy personnel to work along borders with the EU and neighbouring non-EU Western Balkans countries. 

Fast forward to 1st April 2023, when the agreement officially kicked in. Since then, Frontex has been actively working along North Macedonia’s southern border with Greece, focusing on border security and control. They have deployed over 100 European border guards to support local authorities with border surveillance. When people on the move are apprehended close to the Greek border, Frontex will conduct a so-called ‘debriefing interview’ with them at Vinojug Temporary Transit Centre, where it’s stationed. Local authorities aren’t allowed to be present in the room. This is concerning given the fact that Frontex has been previously reprimanded by the European Data Protection Supervisor (EDPS) for sharing information from debriefing interviews with EUROPOL. This happened after an external audit was conducted by the EDPS in October 2022, which examined Frontex’s operations supporting EU member states at external borders during joint missions. The audit specifically focused on Frontex’s debriefing interviews with individuals intercepted while crossing external borders. Frontex has long been associated with allegations of abuse and malpractice, often acting with relative impunity despite repeated concerns.

And then there is IOM. The International Organisation for Migration is the UN agency for migration matters. It presents itself as a humanitarian organisation, primarily focused on protecting vulnerable migrants and victims of trafficking, and it has been operating in North Macedonia since 1999. However, over the years, its role in the country has shifted towards a more security-driven mandate. IOM has been tasked by the EU to act as a middle agent and procure advanced border surveillance technology for state authorities. Funded by the EU, much of this technology is designed to monitor and control “migration flows”. This obviously brings up concerns about privacy, data collection and potential human rights violations related to the work of IOM. 

In fact, most of the high-tech surveillance equipment used in migration management in North Macedonia has been procured through IOM, positioning the organisation as a key player in the securitisation of the country’s borders. While IOM’s mandate includes the provision of humanitarian assistance, it’s hard to ignore its active involvement in shaping the securitised landscape. IOM is supplying the tools and technology that are an integral part of border surveillance. The equipment they’ve procured includes thermal vision and infrared cameras used to detect people, as well as biometric surveillance technology like fingerprint scanners. 

Under IPA 2020, the EU contracted IOM to implement a €4 million project titled “EU for improved border and migration management capabilities in North Macedonia.” The stated goal was to improve border control, manage migration flows along the Balkan route, and combat smuggling and trafficking in “full respect of the Rule of Law and Fundamental Rights”. One of the intended outcomes was the supply of surveillance equipment for border control as well as systems for migrant identification and registration, supposedly “in line with EU standards”.  Typically, IOM issues procurement tenders for equipment, which is then provided to state authorities.  

But, as was discussed above, multiple testimonies we’ve gathered suggest that people in transit are often apprehended and forced into giving up personal data. That hardly reflects the EU’s own public standards. It exposes a paradox: people turn to the IOM for protection, yet the very organisation providing humanitarian aid is also equipping states with the tools to deter and keep them out. 

What’s happening in North Macedonia is just one part of a wider pattern extending across the Balkans. In the second part of this episode, Arianna will take us to Serbia and Bosnia, where border surveillance and biometric systems play a critical role in managing migration. We’ll see how the EU’s invisible borders keep expanding beyond its territory.

 

Serbia

We are now in Serbia. It’s the 14th or the 15th of October 2024. The person that we will call Khaled* doesn’t know where he is. He just arrived alone from North Macedonia by foot. It’s 6pm and it's already dark. He feels exhausted and confused. He walked for so long he isn’t even sure what day exactly is. 

Khaled finally stops a taxi and heads towards the camp, perhaps thinking, this time, he’ll be safe. But: the police stop the car. A dark blue van arrives shortly after. He is forced to enter the van. 

The van starts driving, but Khaled can’t see where they are heading. There are no windows and the time is spelled by the noise of the car èngine. Could be about ten minutes. The van stops. What Khaled has in front of his eyes looks to him similar to  an “intelligence service building” with  lots of rooms. Some police officers start asking questions to him. Name. Birthday. And then they just inform him that they are going to take his fingerprints. But why? What could happen to him after that? No one explains anything. 

Khaled feels scared. He resists the police orders, but they don’t take it well. One of the officers kicks him in the chest. 

He is overcome by a feeling of fear: he decides to give his fingerprints, but still the police did not explain why he needs to.

After that, he’s held for almost another 30 minutes. Then, they put him back in the same van and drive him over the border, back into North Macedonia. He commented: 

‘We are also humans [...]. People shouldn’t behave like this with us. Treat us like humans’. 

This story is fictional but based on real testimonies collected by the Border Violence Monitoring Network. Khaled’s experience closely reflects that of many people on the move. The very fact that biometric data is being collected before people are pushed back,  raises serious concerns for people on the move. But what emerges even more clearly from testimonies in Border Violence Monitoring Network’s database is the problematic way of data collection. Testimonies consistently describe troubling circumstances surrounding biometric registration: data is often collected by force, without informed consent and without the presence of a translator. This frequently happens during periods of arbitrary detention under coèrcive conditions, where people are deprived of basic needs such as food, water, or access to toilets.

Take Khaled’s case, for example: his fingerprints were forcibly taken with no guarantees of protection. Instead, he was pushed back shortly after. 

These practices aren’t just invasive, they’re also deeply misleading. Many people are told, or led to believe, that giving their biometric data will mean protection, legal papers, or access to asylum. But what often happens instead is a pushback. They’re forcibly returned across the border, with no legal process, just hours after giving their data. 

This contradiction is particularly evident in the case of Serbia where biometrics are  a requirement for asylum registration, the only means for any kind of protection. Biometrics are therefore required for access to basic needs. However, as Khaled’s example clearly shows, handing over personal data doesn’t guarantee protection.

So if data isn't actually used to keep people safe, and instead it’s collected mostly during pushbacks, then what exactly is they being used for?

Serbia now runs a fully functional biometric database and an Automated Fingerprint Identification System (AFIS) within the Ministry of the Interior.   

The technology comes from Papillon, a Russian company specialized in biometric and forensic systems. Serbia’s Ministry of Interior uses Papillon’s Multibiometric Identification System, capable of real-time biometric identification as well as multibiometric data banks for fingerprints, iris scans, and facial recognition.  Papillon continues to win state tenders for system maintenance: one contract in February 2025 was worth over two hundred thousand euros. However, the company has faced serious criticism for its links to the Kremlin and the FSB, Russia’s Federal Security Service. Papillon’s systems form part of the technical core of Serbia’s biometric infrastructure, but its development has been mainly driven by European funding.

Through the EU’s Instrument for Pre-Accession Assistance  IPA II, Serbia received funding to align its border management and asylum systems with European standards. One of the program’s specific goals was the creation of a national fingerprint database to register “asylum seekers” and so-called “irregular migrants”. To make this happen, the project takes two main steps. First, it looks at what the Border Police can already do when it comes to registering and sharing asylum seekers’ data. Then, it reorganises the whole system for data registration and exchange to make it more efficient.

The Border Police plays a significant role, but the main aim of this project  was to create a connection between different national databases, and to foster a form of interoperability. How does it work? The Border Police is at the centre of the system bringing together data from other Serbian Institutions. That means that they do not only collect data directly, but they work closely with Criminal Police, Traffic Police, the Police Directorate, the Directorate for Administrative Affairs and the local police units.  In practice, this aimed to create a biometric database compatible with the EURODAC system , the EU wide fingerprint database used to manage asylum claims. 

Efforts to build databases compatible with EURODAC go back to 2020, when the Serbian government released its Revisioned Action Plan for Chapter 24 regarding Justice, Freedom and Security. This document set out a roadmap to identify the legal, strategic and technical steps needed to link Serbia’s systems with those of the European Union. The goal was to promote future cooperation under the EURODAC and Dublin regulations.   

Let’s pause for a moment and recap. What do we have so far? Serbia has built a biometric system closely aligned with the European Union. But the way this data is collected raises serious concerns. It often happens under pressure and through coercion and even during violent pushbacks at the borders. While the system grows more complex, transparency remains limited. We still don’t know how much of this data is shared, or how exactly it’s used. What we do know is that Serbia works closely with European agencies such as Frontex, Europol and Interpol. 

It’s October 2023. A mass fingerprinting operation unfolds at Serbia’s border with the European Union: it’s a joint action between INTERPOL and Serbia’s Ministry of Interior. The outcome? The fingerprints of 516 people were taken, both from state reception centres and from so-called “wild” locations near the border with Hungary. INTERPOL doesn’t have direct access to the EURODAC system. Still, its close cooperation with European authorities and the Serbian government is raising questions about the growing compatibility between the biometric systems of the governments it works with. 

At the same time, Europol reform is now making this topic even more concerning. In June 2022 the EU adopted Regulation (EU) 2022/991 strengthening Europol’s mandate: it allows the agency to cooperate more with private parties, process personal data, engage more in research and innovation, and increase cooperation with non-EU countries. A new recast of the EUROPOL regulation is underway to be adopted by the EU in 2026, further expanding EUROPOLs powers in the field of Migration. In 2014 Serbia and EUROPOL signed a cooperation agreement, which included sharing of data.  In 2019, Serbia agreed to further expand its cooperation with Europol, without further details on what this expansion really means. However, given Serbia’s moves to increase data collection and investigations around so-called “smuggling” and  the lack of transparency surrounding Europol’s field operations, there’s serious cause for concern regarding how biometric data collection from people on the move is shared with EUROPOL.  

Now, let’s turn to another, equally troubling aspect: the role of Frontex, the European Border and Coast Guard Agency. 

Given Frontex close coordination with systems like EURODAC, the agency’s growing presence in Serbia has drawn attention. In 2024, a new Status Agreement between the EU and Serbia allowed Frontex to operate across the country, including at borders with non-EU states.

Although Frontex does not have direct access to the EURODAC database, its cooperation with Serbian authorities means that biometric data collected during joint border operations can be shared with national systems, and eventually with EU mechanisms for asylum and border management.

We’ve seen how many questions remain open about how biometric data collected at the borders are actually used. While Serbia’s ties with European institutions and agencies grow stronger, the same cannot be said for the rights and protections of those whose fingerprints and data are being taken. And yet, at the same time, the ongoing reform of EURODAC expands the range of biometric data gathered, introducing facial images and data from minors  and increasing interoperability with other EU information systems.

These changes reflect a broader trend: a deeper integration of national and European border databases, aimed to improve coordination and data management across all the regions.

Let’s take a look at one of the centres in the country: Lipa Transit Reception Centers (TRC), in the north of Bosnia. Many containers sit atop a hill, surrounded by pastures and forests still at risk of unexploded mines. Funded by the European Union the camp in Lipa is now run by the Service for Foreigner’s Affairs (SFA), an independent administrative unit within the Ministry of Security. Lipa is the pilot case where management is gradually shifting from being run by international agencies such as IOM to being managed by the Bosnian authorities. 

 Right there in Lipa, biometric registration was introduced in 2021 for the first time in Bosnia. People can stay at the centre, but only on one condition: giving their fingerprints.

 From that point on, the biometric system became an integral part of camp life.  IOM developed the SMART Application.  What is then a Smart ID? It is an internal tool used to register and track people in temporary reception centers. It stores fingerprints and biographical information of people.  Smart ID cards are fundamental inside the camp to access all the internal services. To receive meals at the canteen, borrow a game, use razors at Barber Shop, and join the NGOs activities. When individuals leave Lipa they have to leave their card at the entrance security desk, and they receive it back only if  they return to the camp. So, some decide not to enter the camp at all. They don’t want to give their fingerprints, don’t want to be registered, because they fear it could reduce their chances of obtaining international protection in an EU country.

IOM played a key role, not just in developing this technology, but also in putting it into practice. Infact: 

“IOM continues to work closely with the Ministry of Security and the Service for Foreigners Affairs to roll-out the SMART Camp Application”.
 

This is a quote from the IOM report from the first week of March 2022. Then it continues mentioning that :

“The infrastructure needs have been mapped, data models and naming and organizational structures have been agreed upon, and the data exchange possibilities, interfaces and security have been explored”. 

The testing phase of SMART Application started in April 2024, making the system operational. In 2025, IOM continues to provide training on the smart applications to the SFA. Every day, the SMART Camp Application automatically generates reports. These reports include full lists of beneficiaries, each with a unique ID, along with details like gender, category (when vulnerable), country of origin, their room and the  area in the camp.

Once again, access to protection is granted only in exchange for sensitive data, without clear or transparent information on how it will be used. 

Now, let’s explore what’s happening in Bosnia more broadly. 

Bosnia and Herzegovina is a complex state shaped by the Dayton Agreements of 1995. Its migration policy is fragmented with responsibilities bounced around different administrative units. Pressure from European institutions and the UN agencies has also influenced decisions. In the field of migration and border management, BiH received support through several assistance funds, from bilateral donors, EU and development banks. BiH is implementing the second Special measure for 2019 funded by the EU  for the amount of EUR 23 million. The Special measure aims to support BiH managing migration and  improving the capacity for identification, registration and referral of third-country nationals crossing the border, providing adequate and protection-sensitive accommodation and basic services for refugees, asylum seekers and migrants, as well as strengthening capacity for border control and surveillance.

Then, at the beginning of 2024, Bosnia took another step: it officially started negotiations with Frontex. This was one of the conditions set for Bosnian authorities before opening the accession talks with the EU. 

One year later, on June 11th 2025, they signed a Status Agreement that enabled Frontex to support the Bosnian Border Police on the ground. Then, on October 31st, Frontex issued a press release announcing the rollout of a fully fledged operation in Bosnia and Herzegovina. But what does the Status Agreement exactly establish? 

Two points stand out. First, it provides for data exchange through EUROSUR, the EU’s border-surveillance and information-sharing system. Second, and most relevant to everything we’ve discussed so far, it authorises access to biometric databases. In practice, Bosnian authorities can allow Frontex team members to consult their databases whenever needed to achieve operational objectives. And Bosnia must ensure that this access is provided efficiently and effectively.

This episode has been drafted based on research by BVMN, Collective Aid and Anonymous member organisations. We thank everyone who supported this research and particularly those who kindly to shared their testimony with us. 

SHOWNOTES

• “Border Management: EU Concludes Agreement with North Macedonia on Frontex Cooperation.” Consilium — Council of the European Union, 24 Feb. 2023, accessed 12 Jan. 2026.
• https://www.consilium.europa.eu/en/press/press-releases/2023/02/24/border-management-eu-concludes-agreement-with-north-macedonia-on-frontex-cooperation/

• “Border Security with Drones and Databases.” Statewatch, accessed 12 Jan. 2026.
• https://www.statewatch.org/analyses/2024/border-security-with-drones-and-databases/

• “EDPS Reprimands Frontex for Non-Compliance with Regulation (EU) 2019/1896.” European Data Protection Supervisor (EDPS), 2025, accessed 12 Jan. 2026.
• https://www.edps.europa.eu/press-publications/press-news/press-releases/2025/edps-reprimands-frontex-non-compliance-regulation-eu-20191896_en

• “The Colonial Biometric Legacy at Heart of New EU Asylum System.” European Digital Rights (EDRi), accessed 12 Jan. 2026.

    https://edri.org/our-work/the-colonial-biometric-legacy-at-heart-of-new-eu-asylum-system/

• “Fingerprinting Database.” Consilium — Council of the European Union, accessed 12 Jan. 2026.
• https://www.consilium.europa.eu/en/policies/fingerprinting-database/

• “Frontex Launches Joint Operation in North Macedonia.” Frontex, accessed 12 Jan. 2026.
• https://www.frontex.europa.eu/media-centre/news/news-release/frontex-launches-joint-operation-in-north-macedonia-U4l3lv

• “Surveillance Technologies at European Borders — North Macedonia.” Border Violence Monitoring Network, accessed 12 Jan. 2026.
• https://borderviolence.eu/reports/surveillance-technologies-at-european-borders-north-macedonia/

• Balkandac Report. Border Violence Monitoring Network, PDF, accessed 12 Jan. 2026.
• https://borderviolence.eu/app/uploads/Balkandac-report-2.pdf

Serbia:

• The quotes in this Episode were drafted based on this testimony from the BVMN database: https://borderviolence.eu/testimony/october-14-2024-presevo-serbia 
• The details about Papillon’s Multibiometric Identification System were obtained through a freedom of information request to Serbia’s Ministry of Interior 
• According to a 2022 Report from the European Commission, Serbia has a fully functioning biometric database and a system for automated fingerprints identifications (AFIS): https://www.stat.gov.rs/media/358410/serbia-report-2022-1.pdf 
• Government of the Republic of Serbia. (2020). Action plan for chapter 24 - justice, freedom and security. Available at: http://www.mup.gov.rs/wps/wcm/connect/9be2669f-e783-4911-9471- 7f20ae6145ce/Revised+AP24_worksheet.pdf?MOD=AJPERES&CVID=nbcua4H
• News  about  the mass fingerprints operation carried out in 2023: https://www.slobodnaevropa.org/a/krijumcarenje-migranti-policija-srbija-pirot/32626271.html ; Border Violence Monitoring Network’s October 2023 report https://borderviolence.eu/uploads/document/file/408/BVMN-Monthly-Report-October-2023.pdf ; https://www.subotica.com/vesti/policija-u-saradnji-sa-interpolom-kontrolisala-identitet-vise-od-500-migranata-id47755.html 
• EU adopted Regulation (EU) 2022/991
• Frontex Status Agreement: https://home-affairs.ec.europa.eu/frontex-status-agreement-serbia_en 
• Eurodac Reform: https://eur-lex.europa.eu/legal-content/IT/ALL/?uri=LEGISSUM%3A4764959 

Bosnia:

• The quotes in this Episode were drafted based on this testimony from the BVMN database: https://borderviolence.eu/testimony/december-9-2023-area-around-korenica-hr
• Biometric registration introduced in Lipa:  https://avaz.ba/english/news/628247/registration-of-migrants-in-the-lipa-camp-begins
• IOM Situation report of 9-15 June 2025: https://bih.iom.int/sites/g/files/tmzbdl1076/files/documents/2025-06/sitrep-9-15-june-2025_1.pdf 
• https://www.diva-portal.org/smash/get/diva2:1781323/FULLTEXT01.pdf 
• IOM Situation Report 28th Febrarury- 6th March 2022: ​​https://bih.iom.int/sites/g/files/tmzbdl1076/files/documents/01_iom-bih-external-sitrep_28-february-6-march_prd.pdf 
• IOM Situation Report 1st-14th April 2024: https://bih.iom.int/sites/g/files/tmzbdl1076/files/documents/2024-04/01_iom-bih-external-sitrep-1-14-april-2024-1.pdf 
• https://enlargement.ec.europa.eu/document/download/ee5b381e-05e5-4d0e-ad7c-50490f47cfbc_en?filename=cd_special_mesaure_ipa_2019.pdf 
• Frontex Status Agreement with BiH: https://home-affairs.ec.europa.eu/status-agreement-bosnia-and-herzegovina_en 
• Frontex press release: https://www.frontex.europa.eu/media-centre/news/news-release/frontex-rolls-out-fully-fledged-operation-in-bosnia-and-herzegovina-X7ZqC6