A. Introduction
The European Border and Coast Guard Agency (Frontex) is an EU agency that supports Schengen states’ national authorities in the management of their external borders.Footnote 1 While the Member States retain the primary responsibility for their respective segments of the border, the agency reinforces, assesses, and coordinates their actions.Footnote 2 Frontex has become one of the major players in European external border management. As a result of several amendments to and overhauls of its founding regulation—often after events that were perceived as threats to the Schengen area—it has more tasks, better access to human and technical resources, and more financial means than ever. Most notably, it will avail itself of a standing corps of 10,000 border guards with executive powers, partially consisting of Frontex’s own staff, to be fully operational by 2027.Footnote 3
As Frontex’s powers and resources have increased, so have the challenges surrounding its compliance with fundamental rights. Progress has been made in relation to fundamental rights awareness in the agency’s activities, but a major concern continues to be how to ensure legal accountability.Footnote 4 Frontex’s official position locates fundamental rights responsibilities predominantly—if not exclusively—with Member States, essentially because up until the adoption of the new EBCG Regulation in 2019, only Member State personnel had executive powers on the ground.Footnote 5 When new reports of fundamental rights abuses during Frontex-coordinated operations surfaced in August 2019,Footnote 6 Frontex confidently tweeted that it “categorically denies any involvement of its officers in violations of fundamental rights,”Footnote 7 bypassing the question whether it complies with its positive obligation to guarantee that fundamental rights are fully respected during all of its activities.
Member States can be held accountable before their own national courts and before international courts, in particular the European Court of Human Rights (ECtHR). As an EU body, neither of these options are available in relation to Frontex. But it can be brought before the Court of Justice of the European Union (CJEU or “the Court”) to account for the conformity of its conduct with EU law. The principal direct actions available to individuals against acts of Union bodies, including Frontex, are the action for annulment governed by Article 263 TFEU and the action for damages governed by Article 340 TFEU.Footnote 8
The nature of Frontex’s activities, however, poses a particular challenge. The execution of border management tasks often occurs in the form of “factual” conduct: conduct that does not involve the adoption of legally binding acts. Think of the physical act of preventing persons from entering a territory or pushing them back after they have entered. Such factual conduct is often not reviewable under the action for annulment.Footnote 9 Individuals can regularly only resort to the action for damages to challenge these activities.Footnote 10 In addition, given Frontex’s largely coordinative, advisory, and supervisory role, it is typically only indirectly involved in fundamental rights violations. Think, for example, of the advice given by the Frontex Coordinating Officer to a national officer that leads to a fundamental rights violation.Footnote 11 This raises complex questions in both fundamental rights and liability law: How is responsibility distributed among several actors that all contributed to a fundamental rights violation?Footnote 12 Under what circumstances does the indirect involvement in a fundamental rights violation give rise to responsibility?Footnote 13
Against this background, this Article explores the potential of the EU action for damages to offer a remedy for fundamental rights violations committed by Frontex. Because the action for damages has largely been used to recover economic loss, it has been undervalued as a mechanism to ensure fundamental rights accountability. This Article argues that the action for damages may be the means through which to close the accountability gap that arises when EU administration is delivered in the form of informal or factual conduct and to ensure full compliance with the right to an effective remedy. If it is to fulfill that role, the CJEU would have to lower the threshold for EU liability where fundamental rights are concerned.
Section B discusses how liability law can benefit the protection of fundamental rights. Sections C and D then juxtapose the approach under EU public liability law with fundamental rights law on two questions: Whose conduct qualifies as public (Section C)? When does an interference with fundamental rights qualify as a violation giving rise to liability (Section D)? The aim in both sections is to first identify where public liability law falls short of providing a remedy for fundamental rights violations committed by EU bodies, second, to explore the possibilities to close that gap, and third, to assess the implications this has for Frontex’s liability. In order to establish the threshold relevant to fundamental rights law, the analysis relies on the European Convention on Human Rights (ECHR), where both questions have been dealt with more extensively than under EU law. In the absence of EU accession to the ECHR, the Convention is of course not legally binding on the EU. It nonetheless, however, occupies an important place within the EU legal order—not only by providing a source of inspiration for the development of EU fundamental rights law, but also by forming the minimum threshold of protection where rights are concerned that are protected in both the ECHR and the Charter of Fundamental Rights of the European Union (CFR).Footnote 14 Section E closes with a brief summary and a discussion of the findings.
B. The Action for Damages and Fundamental Rights
According to Article 340(2) TFEU, the EU is liable to make good any damage caused by its institutions or by its servants in the performance of their duties.Footnote 15 The procedure that serves to establish whether the conditions for liability are met and award compensation is the action for damages, which the CJEU is exclusively competent to hear.Footnote 16 Together with the law on Member State liability—developed by the CJEU in a line of cases starting with Francovich Footnote 17—the rules governing the liability of the EU for breach of non-contractual obligations constitute what is referred to here as “EU public liability law.”Footnote 18
Article 340(2) TFEU itself does not define the conditions for the liability of the EU but instead leaves it to the Court, which shall be guided by the “general principles common to the laws of the Member States.”Footnote 19 The Court thus draws inspiration from the provisions on liability of public authorities in the national legal systems of the Member States, which in turn usually follow—with adaptations—the principles of the more general rules on liability in private law. These are typically referred to as “tort law” in common law jurisdictions and “delict law” in civil law jurisdictions.Footnote 20
From a private law perspective, the main function of liability law is to provide monetary compensation—damages—for harm—also injury or damage—inflicted by someone else.Footnote 21 In that sense, it is backward-looking, providing a remedy for past harmful conduct. But liability law is widely considered, in addition to its compensatory function, to aim at preventing future harmful conduct through deterrence and is therefore also forward-looking.Footnote 22 Fundamental rights remedial practice is usually both backward- and forward-looking.Footnote 23 Nevertheless, harm arising from a fundamental rights violation can, by its very nature, often not be made good by financial means or indeed remedied at all.Footnote 24 For this reason, there has been a stronger focus on changing state behavior to prevent future violations than providing compensation.Footnote 25 Yet, this does not mean that the remedy of damages is alien to fundamental rights law. Not only do national legal systems usually make it available in the fundamental rights context, the ECHR itself also incorporates the possibility of monetary compensation as a remedy for Convention violations.Footnote 26
Beyond providing a substantive remedy, however, the main contribution of public liability law to the protection of fundamental rights is that it renders fundamental rights enforceable by offering a procedural remedy: The action for damages. Three aspects are particularly noteworthy in this respect. First, it is available to individuals.Footnote 27 Individual complaint mechanisms are an important tool to compel public authorities to meet their legal obligations, especially when there is a lack of political will to ensure compliance.Footnote 28 Second, the decision on the individual’s claim is taken by an independent and impartial body whose awards of damages are legally binding and enforceable. The advantages of judicial proceedings in the context of the protection of fundamental rights were also pointed out by the ECtHR, which noted in Z v. The United Kingdom that judicial remedies “furnish strong guarantees of independence … and enforceability of awards.”Footnote 29 Third, within the context of court proceedings following an action for damages, individuals can demand answers and compel public actors to justify their conduct. This makes it a powerful accountability mechanism.Footnote 30
Providing a substantive and procedural remedy, liability law is generally considered instrumental for states to comply with their obligations under the right to an effective remedy.Footnote 31 This is also the case for the EU, which is required—by virtue of Article 47 CFR—to make an effective judicial remedy available to every individual whose rights may have been violated.Footnote 32 The action for damages may, under certain circumstances, indeed be the only judicial mechanism available to individuals to challenge EU conduct and thus plays an important role in this respect.Footnote 33 The right to compensation has been qualified as a fundamental principle of Union law and the “necessary extension of the principle of effective judicial protection and access to the courts.”Footnote 34 The central place of the action for damages in remedying breaches of EU law is recognized in Article 41(3) CFR by virtue of which the right to have the Union make good any damage it caused is a fundamental right in itself.Footnote 35 While Article 41(3) CFR only reproduces Article 340(2) TFEU and does not modify the conditions under which liability arises,Footnote 36 it may form the basis for the CJEU to develop the conditions for liability in line with the requirements of fundamental rights law.Footnote 37
C. Identifying the Public Sphere
I. Whose Conduct Engages the Liability of the EU?
EU public liability law presupposes that there is conduct attributable to the EU, if the EU is to incur liability.Footnote 38 The EU incurs liability for conduct “by its institutions or by its servants.”Footnote 39 The institutions are the principal institutions listed in Article 13(1) TEU, as well as other bodies “established by the Treaty and authorized to act in its name and on its behalf.”Footnote 40 Beyond that, the conduct of servants—in essence, staff membersFootnote 41—may give rise to the Union’s liability, if they act “in the performance of their duties.”Footnote 42 The latter phrase has been interpreted restrictively by the Court to only include those acts of servants that “by virtue of an internal and direct relationship, are the necessary extension of the tasks entrusted to the institutions.”Footnote 43 Thus, private conduct does not engage the liability of the EU unless there is a strong legal relationship between the EU and the acting person in a dual sense: The person must be an actual staff member of a Union body and must objectively be carrying out tasks for that Union body in the course of which the infringement occurs.
In this respect, EU liability law is narrow when compared to the ECHR. Distinguishing the public and the private spheres is central to fundamental rights law because, strictly speaking, only public actors—for example, states or international organizations—incur fundamental rights obligations.Footnote 44 Nevertheless, conduct of a private actor transforms into public conduct when it is attributable to a public actor, meaning it is characterized, from the legal point of view, as an act of a state or international organization.Footnote 45 Despite the relevance of identifying when conduct is attributable to a public actor, fundamental rights law does not usually contain provisions dealing with that question. The ECHR—like other international human rights treaties—relies on general public international law to define what qualifies as conduct of its contracting states.Footnote 46 In relation to international organizations, the rule set out in the Draft Articles on the Responsibility of International Organizations (ARIO) is that the conduct of organs or agents of an international organization shall be considered attributable to that organization, provided they act in an official capacity and within the organization’s overall functions.Footnote 47 As opposed to EU liability law, this covers not only persons that are formally appointed to act for the international organizations but also those that otherwise act under its legal or factual control.Footnote 48 Moreover, beyond acts that are objectively taken in an official capacity, conduct also qualifies as official when it is reasonably perceived as such by the addressee, even if the organ in question exceeds its authority or contravenes instructions.Footnote 49
An explanation for the narrower approach under EU liability law is that it may have been inspired by national law.Footnote 50 No single rule that is applied across different national legal systems has emerged to delimit the public sphere, the tests employed focusing on the type of body and its authority—is its source public law?—the function or nature of the conduct in question—does it involve the exercise of public functions?—or various aspects or combinations thereof.Footnote 51 The differences notwithstanding, there is an understanding that there needs to be a legal reason to transform private into public conduct, excluding state liability on the basis of de facto control exercised over the conduct in question. Still, a narrow definition of the public sphere may have a greater impact in EU law than in national law, given the central role the action for damages plays within the EU system of remedies in ensuring compliance with the right to an effective remedy.Footnote 52 In order to avoid a gap in fundamental rights accountability, the CJEU would therefore have to adopt a broader understanding of the public realm, in line with the one applied in international human rights law. Notably, the attribution rules developed by the CJEU in the area of Member State liability take a somewhat more lenient approach, allowing the perception of an act as official by the addressee to influence the delimitation of the public from the private.Footnote 53 This latter approach indeed seems to have drawn on the rules of attribution of conduct under international law.Footnote 54
In the EU context, and in the context of international organizations more generally, it is not only important to distinguish the private from the public sphere but also to distinguish the EU public sphere from the Member States’ public sphere. The specific obligations and the possibilities for a person to invoke violations thereof often differ depending on the actor in question—for example, whether it is the EU or one of its Member States, and what commitments they have entered into respectively. As a consequence, allocating a course of conduct that infringes fundamental rights to either the EU or a Member State is important because it defines what obligations apply and in which jurisdiction a complaint may be lodged. The distinction between the public sphere of the Union, on the one hand, and the public sphere of the Member States, on the other hand, also has a substantive and a procedural function in EU public liability law. Substantively, the EU only incurs liability for its own conduct but not for breaches committed by Member States. Procedurally, the CJEU is competent to rule only if the liability of the Union is at stake, whereas the liability of Member States is determined by national courts.Footnote 55 Thus, attribution of the conduct in question to the Union is not only a precondition for the Union’s liability, but is also a precondition for the competence of the Court to adjudicate on the substance of the case.Footnote 56
Under EU law, there are no codified rules regarding the circumstances under which the conduct of Member State officials may be attributable to the Union. It is thus for the CJEU to develop them. In EU public liability law, there is much uncertainty surrounding the rules on attribution of conduct.Footnote 57 The general approach adopted by the CJEU is that the EU incurs liability for Member State conduct only to the extent that it enjoys legal decision-making power, that is, only if it was empowered to determine the Member State’s conduct in question in a legally binding manner.Footnote 58 Thus, whereas opinions, advice, and other types of non-binding influence over a Member State’s conduct in violation of the law does not render the Union liable, instructions and other forms of legally binding influence do.Footnote 59
The ECHR contains no general rule to delimit the public sphere of international organizations from the one of their Member States. The ECtHR thus applies the rule developed under general international law for that purpose. The latter provides that the conduct of Member State officials is attributable to an international organization, if the international organization exercises effective control over this conduct.Footnote 60 Even though the application of this rule by the ECtHR has given rise to controversy, it is generally understood to require a degree of factual control.Footnote 61
The difference between focusing on factual as opposed to normative control for the purposes of attributing conduct is especially evident where an actor has de facto more power or means of influence than de jure. For example, an EU body’s advice to a national authority is often not legally binding, because either the EU body lacks such competence or it did not make use of it in the particular instance.Footnote 62 Even though the Member State is, legally speaking, free to disregard the advice, it may be difficult to do so in practice, especially when the EU body has more expertise than the national authority. A focus on factual rather than normative control for the purposes of allocating responsibility essent ially allows for greater flexibility to take into account that an EU body may factually shape Member State conduct to a greater degree than the law suggests. The extent to which this is the case depends on the degree of factual control required. Under the ECHR, the threshold of effective control has in the past been interpreted restrictively.Footnote 63 While mere advice is also insufficient under the ECHR for attributing conduct, it may lead to responsibility when the circumstances are such that national authority has no other choice in practice than to follow it.
II. Whose Conduct Engages the Liability of Frontex?
According to Article 97(4) EBCG Regulation, Frontex is to make good any damage “caused by its departments or by its staff in the performance of their duties, including those related to the use of executive powers.”Footnote 64 While this rule sets out in a straightforward manner that the conduct of Frontex’s staff will give rise to Frontex’s liability, in practice it is often difficult to ascertain whether and to what extent Frontex’s staff was involved in a particular fundamental rights violation. This has partially to do with transparency. It is not always clear what Frontex staff does precisely where and when.Footnote 65 But it is also due to the fact that fundamental rights violations may be committed at various stages in which Frontex’s involvement and control differ.
The most uncontroversial situation is where a Frontex staff member directly violates a person’s rights on the ground, for example, by physically ill-treating a migrant. That would clearly engage Frontex’s liability. But not all personnel relied on during joint operations are Frontex staff. First, it is unclear to what extent the conduct of private actors can engage Frontex’s liability. Think, for example, of a commercial operator who provides surveillance flights during a joint operation.Footnote 66 While under fundamental rights law such private actors would qualify as agents whose conduct is attributable to the international organization contracting their services, it is unclear to what extent the relationship of these surveillance providers with Frontex would qualify as internal and sufficiently direct so that their activities form the necessary extension of the tasks entrusted to Frontex and give rise to its liability.
Second, and more importantly, the majority of personnel deployed during joint operations are national officers either of the host state or participating states. Until January 2021—when Frontex is envisaged to deploy its own staff members as border guards—indeed only national officers have executive powers whereas Frontex staff may only perform coordination and similar tasks.Footnote 67 It is thus the responsibility of Frontex for violations committed by Member State officers that is particularly controversial. Think, for example, of a Member State’s vessel that—in the context of a Frontex operation—forces a boat carrying migrants back to its place of origin, exposing them to torture or inhuman or degrading treatment.Footnote 68 The difficulty in this situation is that while it is not a Frontex staff member that directly commits the fundamental rights violation, Frontex is involved in it at various levels. It finances the operation, sets out the framework within which all activities have to take place, guides the host state in implementing it, and supervises the states involved in all their activities during joint operations.Footnote 69 More concretely, the fundamental rights violation may be inherent in how the agency set up the operation. Think, for example, of an Operational Plan that explicitly prescribes disembarkation in a place where individuals face serious ill-treatment. Or the infringement may occur because a Frontex staff member on the ground suggested a course of conduct contrary to fundamental rights. Think of advice or an instruction to the vessel in question to proceed as it did.
In these circumstances, Frontex’s liability may be engaged indirectly for its own staff’s failure to prevent in this respect—see infra Section D.III. But the influence the agency exercises over what happens during joint operations also raises the question whether national officials deployed to joint operations have to be equated with Frontex staff members for the purposes of liability, making Frontex directly liable for any violations they commit. In light of the previous section, this is the case if Frontex can be considered to exercise normative control over the course of conduct that led to the fundamental rights violation in question.
In principle, the EBCG Regulation sets out that instructions to deployed personnel are to be issued by the host state.Footnote 70 Despite that, there are two concrete instruments through which Frontex may exercise control on the ground. First, together with the host state, it adopts an Operational Plan that provides the framework within which all activities have to take place and is legally binding on all participating parties.Footnote 71 If, in a specific case, fundamental rights violations are indeed inherent in the design of a specific operation—for example, an Operational Plan that explicitly prescribes disembarkation contrary to fundamental rights law—these can be considered as having been legally determined by both Frontex and the host state. Even though it is unclear exactly what effect the exercise of shared legal control has for the purposes of EU liability law, it may be assumed that it renders them jointly liable.Footnote 72 Yet, the Operational Plan does not usually set out who is to do exactly what, when, and how. These details on the daily aspects of the operation are decided by a Joint Coordination Board, composed of officers from several Member States and a Frontex representative, which runs the joint operation.Footnote 73 Hence, fundamental rights violations are, as a rule, not legally pre-determined in the Operational Plan. The second, more immediate instrument through which Frontex may influence conduct during joint operations is the right to communicate its views on instructions to the host state. While this allows Frontex to guide and supervise the host state in implementing the Operational Plan, the host state is only required to take these views into consideration and follow them to the extent possible, but is not legally bound by them.Footnote 74 Still, Frontex does not have the opportunity to directly issue instructions to deployed personnel. Thus, this instrument of control also does not give Frontex the normative control required for attribution of Member State officers’ conduct.
While these instruments may not give Frontex legal control, they allow it to exercise factual influence over the conduct of national officers during joint operations. In many instances, this may not go beyond a purely advisory role, when Frontex for instance shares its views—within the meaning of Article 43(2) EBCG Regulation—with the host state. Regardless, given Frontex’s access to relevant information, its expertise in the area of border management, and its power to decide on withdrawing financial support, national authorities may find themselves in a situation where it is difficult in practice to disregard a piece of “advice” provided by the agency. Where national personnel deployed to joint operations commit fundamental rights violations under such circumstances, the CJEU may draw inspiration from the ECHR and hold Frontex liable—possibly in addition to the Member State—when the effective control threshold is reached.Footnote 75
D. The Conditions for Fundamental Rights Liability
I. What Conduct Engages the Fundamental Rights Liability of the EU?
Under most liability regimes, not every violation of the law necessarily leads to an award of damages. It is not only necessary to prove that the breach caused actual damage; the law often poses additional limits, for example, the requirement of fault on the part of the public authority.Footnote 76 The CJEU has consistently held that the EU’s liability is subject to three cumulative conditions: The unlawfulness of the conduct complained of, the occurrence of damage on the part of the victim, and a causal relationship between the unlawful conduct and the damage.Footnote 77 While fault in the narrow sense is not required, the condition of unlawfulness is qualified in two ways: The rule infringed must be intended to confer rights on individuals and the breach thereof must be sufficiently serious.Footnote 78 The decisive criterion in this respect is whether the Union authorities in question “manifestly and gravely disregard the limits on their discretion.”Footnote 79 A breach is manifest when the authority in question blatantly infringes its legal obligations, for example, when the violation is obvious, “clear-cut,” or flagrant.Footnote 80 A breach is grave when an authority exercising ordinary care and diligence would clearly not have committed it, for example, when the violation is reprehensible or “inexcusable.”Footnote 81 In essence, the seriousness of a breach depends on how much discretion the authority enjoys, how clear the line demarcating lawful from unlawful conduct is, and how reprehensible overstepping that line was in a specific case.Footnote 82
The CJEU has, so far, not developed an approach specific to fundamental rights.Footnote 83 In order for liability to arise, breaches of fundamental rights also give rise to liability only if they are qualified and claimants need to prove damage and causation. Because the Court accepts that fundamental rights confer rights on individualsFootnote 84 and violations cause at least non-material damage,Footnote 85 the central question is under what circumstances breaches of fundamental rights are considered to be sufficiently serious.
The Court does not seem to have taken a clear position on the question, and much will depend on the nature or importance of the specific right in question.Footnote 86 The Court has suggested that a mere breach of a fundamental right is sufficiently serious per se either because it finds that public authorities do not enjoy discretion in the area of fundamental rights,Footnote 87 or because fundamental rights law already includes a balancing exercise in determining whether a breach occurred.Footnote 88 Nevertheless, there is also case law that suggests that fundamental rights violations are only sufficiently serious if they are manifest, flagrant, or reprehensible—for example, if they meet the test used by the CJEU to determine the seriousness of a breach. In Sison, for example, the Court established that the sanctions imposed on the applicant—the freezing of his assets as an anti-terrorism measure—were incompatible with EU law, but the breach did not qualify as sufficiently serious, especially because the provisions at stake were unclear.Footnote 89 Yet Mr. Sison additionally argued that this was, at the same time, a violation of his fundamental rights, in particular his rights to property and respect for private life. The Court left open whether this was the case but pointed out that the alleged breach of fundamental rights was “inseparable” from the illegality already established. For that reason, it concluded that even if a breach of fundamental rights was found to exist, “that breach is also not sufficiently serious, in the particular circumstances of the case, to incur the non-contractual liability of the Community.”Footnote 90 Along the same lines, in other cases the Court examined the obviousness and reprehensibility of the fundamental rights breaches alleged, which suggests that the relevant authorities would not have incurred liability for a simple violation.Footnote 91
Limiting liability—for instance, through a fault or sufficiently serious breach requirement—is sometimes considered necessary to ensure the ability of public authorities to exercise their discretion in the public interest and to prevent an overcautious authority.Footnote 92 In the CJEU’s case law, the reason for the sufficiently serious breach requirement is tied to discretion. In the words of the Court, it serves the purpose of securing the “room for manoeuvre and freedom of assessment” that public authorities need in order to fulfill their functions in the general interest while ensuring that third parties do not “bear the consequences of flagrant and inexcusable misconduct.”Footnote 93 These policy considerations against lowering the liability threshold have been argued to not be supported by empirical evidence.Footnote 94 Moreover, in the case of fundamental rights, this balance between the interests of the individual and society at large is struck in the context of the determination whether a breach occurred. It not only forms part of the proportionality analysis, but is also taken into account in formulating the positive obligations public actors may incur to prevent breaches of fundamental rights—see infra Section D.II.Footnote 95 In this light, it would seem unnecessary in the context of fundamental rights to take a restrictive approach to liability.
Moreover, fundamental rights law has characteristics that set it apart from traditional liability regimes and provide reason to modify the conditions for liability in the fundamental rights context. First, while the primary function of liability law is to compensate for and prevent the occurrence of damage, fundamental rights law aims to redress and prevent the violation of rights.Footnote 96 The breach of the right is the damage. This not only makes damage as a condition for liability unnecessary but also the determination of causation—causation being the link between breach and damage.Footnote 97 From this perspective—where liability for fundamental rights violations is concerned—damage and causation should only play a role where the victim of the violation—in addition to the damage inherent in any breach of a fundamental right—also requests compensation for material damage. Second, liability and fundamental rights law target opposite sides of the same coin: Compliance with an obligation, on the one hand, and the protection of rights, on the other hand.Footnote 98 If the focus is on the former, it is appropriate to limit liability to cases of blameworthy or serious non-compliance. This is not the case if the focus is on the latter. What matters is that the right in question is violated, no matter the state of mind or diligence exercised by the wrongdoer. For the particular case of positive obligations, see infra Section D.II. Consequently, the approach to liability should be strict so that any infringement gives rise to liability.Footnote 99 This idea is also inherent in the approach of the ECtHR where state responsibility arises for any breach of fundamental rights. In Keegan v. UK, the ECtHR explicitly pointed out that the fact that the national authority in question “did not act maliciously is not decisive under the Convention, which aims to protect against abuse of power, however motivated or caused.”Footnote 100
These considerations call into question whether the Court’s application of general liability law to fundamental rights violations is necessary in order to ensure the room for maneuver of EU authorities and whether it is suitable to protect fundamental rights. In addition, the approach is difficult to reconcile with the requirements of the right to an effective remedy. The CJEU itself pointed out that neither the CFR nor the ECHR “preclude that the Community’s non-contractual liability be made subject … to the finding of a sufficiently serious breach of the fundamental rights invoked by the applicant.”Footnote 101 While this may be true in general, Article 47 CFR does require the Union to make some complaint mechanism available. Against this background, in circumstances where the action for damages is the only possibility for individuals to seek redress for fundamental rights violations committed by an EU body, the right to an effective remedy requires the Court to lower the threshold for liability.Footnote 102
II. The Puzzle of Liability for Breaches of Positive Obligations
Fundamental rights are generally understood to encompass obligations of a negative and positive nature.Footnote 103 Negative obligations require public authorities to abstain from fundamental rights-infringing conduct. The question is: Does the particular act in question constitute an undue interference with a right? In contrast, positive obligations require public authorities to actively ensure the protection of a right—for example, by adopting laws, responding to and sanctioning interferences by others, or by taking practical steps to protect a person. The key questions typically are: Does a duty to act arise in the specific case? If so, what exactly does the duty entail? And, finally, did the public authority comply with that duty?Footnote 104
The ECtHR has long held that a duty to intervene arises when the authorities “knew or ought to have known” of a “real and immediate risk” to the rights of one or more specific individuals, or in other words, where an interference is foreseeable.Footnote 105 Under these circumstances, public authorities are required to take all reasonable measures available to them to protect the rights of the persons in question. Within the context of the reasonableness test, the Court, on the one hand, considers the projected effect of the measures that could have been taken. “Reasonable” are those measures that “might have been expected to avoid that risk”Footnote 106 or that “could have had a real prospect of altering the outcome or mitigating the harm.”Footnote 107 On the other hand, the Court takes into account the possibilities and limitations of the public authority. Pointing out the difficulties in policing modern societies, the unpredictability of human conduct, the limited availability of resources, and the choices which must be made in terms of priorities, it stressed repeatedly that public authorities can only be expected to take those measures that do not “impose an impossible or disproportionate burden.”Footnote 108
Positive obligations share common characteristics with certain aspects of liability law, in particular the tort of negligence under English law. A duty of care in the common law tort of negligence arises where harm is foreseeable, where the relationship between the claimant and the defendant is one of sufficient proximity, and only to the extent that the imposition of a duty is fair, just, and reasonable.Footnote 109 Thus both tort and ECHR law require a trigger for positive obligations to arise. The trigger in both legal regimes is based on the foreseeability of the risk of harm. They also both limit the requirement to take action to those measures the public authority can reasonably be expected to make in the circumstances of the case.Footnote 110
The CJEU analyzes the different aspects of the ECtHR’s knowledge and reasonableness tests in the context of the sufficiently serious breach requirement and causation. As explained above in Section D.I, a breach of EU law is sufficiently serious when the authorities in question “manifestly and gravely disregard the limits on their discretion.”Footnote 111 When analyzing the manifestness of a breach, the CJEU thus takes into account the foreseeability for the public authority of the illegality of its conduct. The analysis of the gravity of the breach includes an assessment of the reprehensibility or excusability of the mistakes made. Thus, liability only arises to the extent that more could have been reasonably expected from a diligent authority, taking into account—like under the ECHR—the possibilities and limitations public authorities face.
A causal link is, in principle, considered to exist when the infringement of Union law was a necessary and sufficiently direct condition for the damage to occur.Footnote 112 While the law is underdeveloped with respect to omissions, the critical point seems to be what effect the measures the EU would have been required to take would have had. This, at least, is the approach followed with respect to failures of EU authorities to supervise the implementation of EU law by Member States, in the context of which it has been argued that a causal link between the omission and the damage exists if lawful behavior would have prevented unlawful Member State conduct or eliminated its negative consequences.Footnote 113 Thus, even though the assessment of the causal link in the case of omission ultimately remains unclear, the CJEU may take into account similar aspects as the ECtHR does in its reasonableness test.Footnote 114
In sum, the factors that determine the existence and breach of a positive obligation under the ECHR are similar to those that determine whether the EU incurs liability under Article 340(2) TFEU. In both cases, the foreseeability of the illegality, the possibilities and limitations the authority in question faces, and the projected effect of measures it could have taken are decisive. Whether these aspects are analyzed in the context of the existence of the breach or liability for it must ultimately be irrelevant for the outcome. Consequently, a breach of a positive obligation should give rise to liability, regardless of whether that breach is of a particularly serious nature.
III. What Conduct Engages the Fundamental Rights Liability of Frontex?
Frontex may infringe fundamental rights through action—breach of its negative obligations—or omission—breach of its positive obligations. Infringements through action may occur once Frontex deploys its own border guard with executive powers. In those situations, the key question with respect to Frontex’s liability will revolve around the sufficiently serious breach requirement. In light of the observations made in Section D.II, all breaches of fundamental rights should automatically qualify as sufficiently serious. But if the Court were to adopt a different approach, two observations should be made. First, one may speculate that breaches of the rights typically at risk in the context of border control activities—such as the right to life, the prohibition of torture and inhuman or degrading treatment or punishment, and the prohibition of refoulement—will be considered sufficiently serious per se, simply because of the nature of the rights at stake. Second, many fundamental rights obligations that apply during border control operations have been clarified in cases before the ECtHRFootnote 115 or by the Fundamental Rights Agency.Footnote 116 It is irrelevant to what extent they include standards that are legally binding under EU law. As long as they serve as clarification of the fundamental rights obligations of EU bodies, breaches thereof are more likely to be considered obvious and reprehensible—in other words, sufficiently serious. This suggests that fundamental rights violations that occur in the context of Frontex operations qualify as sufficiently serious. It should be noted, however, that in balancing the various interests at stake, the Court may place particular emphasis on the fact that public policies that serve the fight against irregular migration have come to occupy a central place in the EU. Depending on the circumstances of the case, this may tip the balance towards denying liability.Footnote 117
Given Frontex’s coordinating role during joint operations, infringements through action are less likely than infringements through omission. As an EU body, Frontex is bound by EU fundamental rights law, which in principle encompasses positive obligations to take all reasonable measures to protect individuals from fundamental rights risks the agency knows or should know of.Footnote 118 Frontex’s positive obligations are also reiterated in its founding Regulation, which places the agency under a duty to guarantee that fundamental rights are complied with.Footnote 119 In addition, it also sets out more specific obligations to oversee the correct implementation of the operation according to the Operational Plan, including in relation to fundamental rights.Footnote 120 Finally, the Executive Director is under an obligation to withdraw financial support, or suspend or terminate the joint operations, when fundamental rights violations are concerned that are of a serious nature or likely to persist.Footnote 121 All of these positive obligations Frontex incurs are limited by its competences, meaning that it can only be called upon to step in if and to the extent it can do so with the competences conferred on it.Footnote 122 For instance, maintaining migrant reception facilities is outside Frontex’s competences. Thus, if the conditions in a specific facility within an area where a joint operation takes place infringe Article 4 CFR, Frontex is under no obligation to rebuild or restock that facility or set up an entirely new one. Nevertheless, the agency does have the competence—and, therefore, the obligation—to take a broad range of other measures to protect individuals in such circumstances. For example, it has to ensure that the facilities used during an operation fulfill minimum fundamental rights standards before launching the operation. If the inadequacies only become evident at a later stage, it can—and must—stop sending migrants apprehended during a joint operation to a facility or terminate the operation altogether, should other options not be feasible.
In determining the existence and breach of positive obligations as well as liability for it, Frontex’s knowledge of—including the risk of—an interference with fundamental rights, the possibilities it has to prevent it in the specific situation, and the projected effect of measures it could have taken are decisive. While these aspects can ultimately only be assessed in light of the specific circumstances of each case, two general remarks can be made.
First, at all times during a joint operation, a Frontex staff member is present on the ground. In addition, all personnel involved in joint operations have extensive reporting obligations.Footnote 123 The extent to which this setup actually ensures Frontex’s ability to discharge its monitoring functions has recently been called into question. In May 2019, the Committee Against Torture exposed a number of serious fundamental rights violations that occurred during a Frontex-led return operation from Munich, Germany to Kabul, Afghanistan but were apparently never reported to the agency through its own reporting mechanisms.Footnote 124 Importantly, however, Frontex is under an obligation to monitor the implementation of joint operations and is thus required to set up structures to gain knowledge of any relevant irregularities, including fundamental rights violations. Thus, even if it cannot be assumed that Frontex necessarily always has knowledge of—including the risks of—fundamental rights violations that occur in the context of joint operations, it certainly should have knowledge thereof, which is sufficient for positive obligations to be triggered.
Second, liability will ultimately depend on the extent to which the agency had the possibility to and actually did take measures to respond to a specific fundamental rights risk. As a rule, the more obvious and persistent a fundamental rights violation, the more actively Frontex can be expected to take measures to prevent or stop it. Clearly, if it takes no measures whatsoever, this is likely to amount to a sufficiently serious breach of its monitoring obligations, making Frontex liable alongside the respective state whose officers directly committed the violation. If it takes some measures, it will be necessary to assess whether a reasonably acting authority could have considered them appropriate and sufficient to respond to the violations at stake. Possible measures include communicating views to the host member state through the Coordinating Officer, withdrawing financial support, suspending or terminating a joint operation, or using its position on the ground to positively influence the course of action—for example, through informal advice.
Finally, in the case of fundamental rights violations that are serious or likely to persist, the Frontex Regulation clearly prescribes that the agency has to take one of several measures; in other words, it has to withdraw its financial support or suspend or terminate the operation. Thus, in this situation, Frontex has a more limited degree of discretion in deciding how to respond to a violation. The failure to take any of these measures is capable of making Frontex liable.
E. Conclusion
Border management is a fundamental rights sensitive activity. Inevitably, there will be, and have been, situations in which Frontex’s compliance with fundamental rights is called into question. There is, at the moment, a striking lack of mechanisms for individuals affected by Frontex’s activities to hold the agency to account. The action for damages may fill this gap, but only if a fundamental rights-friendly approach to liability is adopted. In particular, the Court would have to broaden the conduct for which Frontex is liable, apply a less stringent approach to the sufficiently serious breach requirement, and reflect on the conditions under which positive obligations give rise to liability.
Yet, because it has not been conceived as an instrument of fundamental rights protection, the action for damages has a number of shortcomings. First, it has been interpreted strictly by the CJEU. While EU public liability law is sufficiently flexible to accommodate a more lenient approach where fundamental rights are concerned, the Court has been reluctant to relax the conditions for liability. As long as there is a lack of alternative complaint mechanisms, this sits uneasy with the right to an effective remedy—a cornerstone of EU fundamental rights law—which essentially requires that the fundamental rights guaranteed under EU law are enforceable. Second, an important aspect of Frontex’s activities is its cooperation and interaction with Member States. It is difficult to deal with the reality of such multi-actor situations within the context of the action for damages. Whereas the Court is exclusively competent to rule on Frontex’s liability, Member States can only be held liable before their own national courts. There are thus serious limitations for the Court to assess where Frontex’s liability ends and Member State liability begins.
In the long term, it would be desirable to set up a more specific mechanism that allows individuals to hold Frontex to account. Some efforts have been made in this respect with the setting up of a fundamental rights complaints mechanism. Still, it does not qualify as an effective remedy within the meaning of Article 47 CFR because it is not non-judicial and internal to Frontex. Moreover, the lack of accountability mechanisms is not necessarily Frontex-specific, but is a more general problem when EU administration is delivered in the form of informal or factual conduct.Footnote 125 Therefore, it is worth exploring the possibility of setting up an EU-wide fundamental rights complaint procedure. Certainly, if the EU is to retain its credibility in promoting respect for the rule of law within and outside the Union, it is essential that individuals affected by the laws, policies, and activities of EU bodies can hold them to account in an independent and impartial forum.
Either way, EU fundamental rights protection would greatly benefit from external control, for example, by bringing the EU within the ECHR framework. This remains, as a result of the CJEU’s rejection of the Draft Agreement on Accession of the EU to the ECHR in Opinion 2/13, virtually impossible.Footnote 126 While the ECtHR could in theory hold the Member States responsible for the conduct of the EU, this would require it to pierce the veil of the EU’s legal personality and entail a departure from previous case law.Footnote 127
As long as there are no good alternatives internally or externally, the action for damages remains an important gap-filler, especially where informal or factual conduct is concerned. For all its shortcomings, it does have a major advantage: It exists. In times where political will to establish new, stronger fundamental rights accountability mechanisms is missing, this fact should not be underestimated.