Journal of European Integration

ISSN: 0703-6337 (Print) 1477-2280 (Online) Journal homepage: http://www.tandfonline.com/loi/geui20

Harmonisation by risk analysis? Frontex and the

risk-based governance of European border control

Regine Paul

To cite this article: Regine Paul (2017): Harmonisation by risk analysis? Frontex and the
risk-based governance of European border control, Journal of European Integration, DOI:
10.1080/07036337.2017.1320553

To link to this article: http://dx.doi.org/10.1080/07036337.2017.1320553

Published online: 24 Apr 2017.

Submit your article to this journal

View related articles

View Crossmark data

Full Terms & Conditions of access and use can be found at

http://www.tandfonline.com/action/journalInformation?journalCode=geui20

Download by: [The UC San Diego Library] Date: 25 April 2017, At: 06:15
Journal of European Integration, 2017
http://doi.org/10.1080/07036337.2017.1320553

Harmonisation by risk analysis? Frontex and the risk-based

governance of European border control
Regine Paul
Law & Society Unit, Faculty of Sociology, Bielefeld University, Bielefeld, Germany

ABSTRACT KEYWORDS
Scholars have highlighted the importance of Frontex risk analysis in European integration;
the institutionalisation of EU-level border control without, however, risk analysis; risk-based
sufficiently substantiating alleged harmonisation dynamics. This governance; institutionalism;
paper interrogates how and why EU-level actors seek to exploit risk border control; Frontex
analysis to harmonise European border control. An interpretive policy
analysis of three contemporary applications of Frontex risk analysis –
the Eurosur impact level assessment, the Schengen evaluation and
monitoring mechanism and resource allocation in the Internal
Security Fund – indicates that Frontex and the Commission found
their harmonisation hopes on the rationalisation promises of risk-
based governance – efficiency, effectiveness, and transparency gains
and de-politicisation effects. This multi-functional rationalisation of
Community decision-making is meant to justify increased EU-level
coordination and interventions without challenging member state
competencies, thereby enabling soft harmonisation processes in the
weakly integrated and much contested domain. Rather than merely
adhering to securitisation goals, risk analysis represents a magic bullet
in the EU’s own institutional risk management.

1. Introduction
Since the foundation of Frontex1 in 2004 a growing body of scholarly work has examined
the role of risk analysis, one of the agency’s chief mandates. While risk analysis largely counts
as a governmental practice in the securitisation of migration some authors have investigated
risk analysis as a governance tool to institutionalise EU-level authority for border control in
the weakly integrated domain. So far, however, the specific appeal of risk analysis for EU-level
actors (here: Frontex and the Commission) in the institutionalisation of respective coordi-
nation and supranational interventions has not been explained. The paper therefore exam-
ines how and why risk analysis is being utilised by EU-level actors to advance the
harmonisation of border control, to understand why ‘risk analysis became the backbone of
integrated border management’ (DG Home Affairs policy officer, interviewed 25 March 2015,
Brussels).

CONTACT  Regine Paul  regine.paul@uni-bielefeld.de

© 2017 Informa UK Limited, trading as Taylor & Francis Group
2   R. PAUL

The argument is developed as follows. Section two delineates Frontex risk analysis and
reviews research which has conceptualised its role in EU border control governance, culmi-
nating in a research focus on the appeal and application of risk analysis as an institutionalising
governance tool. In section three, the paper sets out our analytical framework and method-
ological approach. An organisational studies perspective proposes to analyze Frontex risk
analysis as a case of institutional risk management which draws on risk-based governance to
legitimise and substantiate EU-level actors’ position in the domain. We develop hypotheses
about how and why risk analysis can be utilised by Frontex and the Commission to legitimise
EU-level interventions and increased coordination in European border control. We suggest
that the specific rationalisation promises of risk analysis (efficiency, effectiveness and trans-
parency gains and a de-politicisation of decision-making) can serve to justify increased
coordination efforts – including potentially a more relevant role for EU-level actors – without
challenging member state competencies in a weakly integrated and much contested domain.
The section also details the paper’s methods: an interpretive policy analysis (e.g. Yanow and
Schwartz-Shea 2006) of official documents and semi-structured interviews. Section four
tests our hypotheses on the appeals of risk analysis in the EU’s institutional risk management
strategies by examining three empirically important applications of risk analysis in EU-level
border control: Eurosur, the Schengen evaluation and monitoring mechanism, and the allo-
cation of resources from the Internal Security Fund (ISF). The last section summarises and
discusses findings. Overall, the article contributes to analyses of Frontex which, rather than
focusing on the securitising implications of its activities, seek to account for the institutional
role of its risk analysis mandate in European integration processes. It substantiates the poten-
tial for risk analysis to drive ‘soft’ harmonisation processes in weakly integrated domains,
thus also advancing the scholarly debate about ‘regulation by information’ (Majone 1997)
in the EU.

2.  Frontex risk analysis: from securitisation to institutionalisation?

This section reviews scholarly work on Frontex risk analysis and develops the article’s research
question. It first introduces Frontex risk analysis mandate, showing its central role in the
agency’s formation, on-going tasks and activities. It then reviews scholarly work on Frontex
risk analysis and highlights a recent shift from conceptualising risk analysis as a tool for the
securitisation of migration towards discussing its role in institutionalising EU-level authority
for border controls in a weakly integrated domain. As the precise institutional governance
functions vested in risk analysis by EU-level actors (here: Frontex and the Commission) are
so far not well understood, the article’s research focus is guided to an examination of how
and why precisely risk analysis is being utilised by the EU in its attempt to harmonise border
control.

2.1.  Frontex’ risk analysis mandate and its context

Frontex was set up in 2004 with the aim of ‘improving the integrated management of the
external borders of the Member States of the European Union’ as part of the Schengen acquis
(CEU 2004, article 1.1). This mandate has included risk analysis at its core: ‘The Agency shall
develop and apply a common integrated risk analysis model (CIRAM). It shall prepare both
general and tailored risk analyses to be submitted to the Council and the Commission’
 JOURNAL OF EUROPEAN INTEGRATION   3

(ibid., article 4). Frontex provides the required analyses via a dedicated risk analysis unit
(RAU), whose most relevant product is the annual risk analysis (ARA). In addition, there are
quarterly reports by the Frontex risk analysis network (FRAN) as well as special risk analyses
on the Western Balkans and the EU’s Eastern Borders. There are also ad-hoc briefings on
emerging risks, often also in response to specific informational needs of the Commission or
the Council (cf. Horii 2016).
The focus on risk analyses pre-dates Frontex: the Seville European Council in 2002 had
already stressed the importance of developing a so-called ‘CIRAM’ as a basis for establishing
further cooperation in border management, joint operations, and more harmonised training
for border guards. Consequently, in 2003, the Council promoted the establishment of a Risk
Analysis Centre (RAC) in Helsinki.2 Both CIRAM and the RAC have been integrated under the
umbrella of Frontex.
Risk analysis is not just one function of Frontex, but has been described as the ‘inner core
of the methodology of Frontex’ by its first Executive Director, Illka Laitinen (House of Lords
2008, 25). The agency itself considers risk analysis as ‘the starting point for all Frontex activ-
ities, from joint operations through training to research studies’ (Frontex webpage, accessed
18 June 2015). This importance attributed to risk analysis is also reflected in the agency’s
budget: while it decreased overall from 58.9 Mio € in 2012 to just over 55 Mio € in 2014,
funds for risk analysis more than doubled from 2.45 Mio € in 2012 to more than 6 Mio € in
20143 (joint operations were cut down, by contrast). Though largely desk-based and com-
paratively inexpensive, risk analysis is the second largest item in the agency’s budget after
joint operations (Frontex webpage, accessed 18 June 2015). Academics have thus concluded
that risk analysis ‘forms the basis of its entire range of activities’ for the European border
agency (Pollak and Slominski 2009, 911) and now play a role that is ‘equally important as
border checks and surveillance’ (Horii 2016, 246).

2.2.  From risk analysis as securitisation of migration …

One main strand of Frontex research has addressed risk analysis as a tool for securitisation.
Approaches are set in a larger field of research – critical security studies – which has examined
how European migration and border control policies ‘facilitate the creation of migration as
a destabilising or dangerous challenge to west European societies’ (Huysmans 2000, 753)
and defines them as Foucauldian securitising discourses. This particular angle exposes that,
whilst migration risks remain notoriously contentious and hard to assess, what matters is
that their discursive construction as assessable and manageable adverse events readily lend-
ing themselves to risk analysis techniques serves to securitise migration.
The securitisation thesis is underpinned by an epistemological problematization of the
notion of risk itself. Risk analysis is seen as a hegemonic rationality project which seeks to
‘secur[e] uncertain futures’ (Amoore 2013, 55) based on calculations of probabilities and
impacts of ‘adverse’ events which are presented as objective and entail the assumption that
decisions can be ‘easy, automated, or preprogrammed’ if only we get our risk analyses right.
While normative judgement can never be escaped in risk assessment (cf. Hilgartner, Miller,
and Hagendijk 2015; Shrader-Frechette 1990; Stone 2012) and controversies certainly also
surface in highly scientificized fields, migration is discussed as a particularly non-scientific
risk compared to food or work safety risks: ‘[u]sing the traditional natural sciences as a bench-
mark, Frontex’ field of activity cannot be described as highly technical or scientific … there
4   R. PAUL

is very little established science within the field of border control’ (Ekelund 2014, 111).
Whether or not irregular border crossings should be equated – by borrowing the risk assess-
ment methodologies from science and technology domains in which the EU is well estab-
lished as risk regulator (Delogu 2016) – to asbestos exposure at the work place or pesticide
residues in fruits is a highly political question in itself. Through its very application, risk
analysis thus normalises migration and border crossings as scientifically assessable risks
similar to health risks in other regulatory domains, thereby presenting their assumed adverse
impact, costs and benefits as taken-for-granted rather than open to political discussion. This
then legitimises pre-emption, prevention and enforcement activities which are ‘usually
reserved for emergencies’ (Boswell 2007, 589). In this context, Sergio Carrera and colleagues
(2013, 342) have critically commented on the agency’s tendency to ‘move beyond mere
“regulatory” or administrative powers and rather expand over – risk-based – “operational”
activities’ without assuming accountability or liability for these activities.
The securitisation lens certainly has strong merits, particularly in systematically uncover-
ing, underneath the technical language of risk analysis, violations of migrant rights in border
control activities. Yet, the perspective equally tends to neglect the relevance of risk analysis
(or indeed other forms of knowledge provision) as a powerful form of internal, rather than
external, governance. Christina Boswell (2007, 604; cf. 2008) has rightly highlighted that the
agency’s goals ‘may be just as much geared to responding to internal requirements – for
example legitimising decisions or reducing uncertainty within the organisation – as they
are concerned to respond to perceived pressure from the environment’.

2.3.  … towards risk analysis as institutionalisation of EU-level border control

In response to the limits of the securitisation perspective, several scholars have argued that
Frontex risk analysis must also be interpreted as an EU-level attempt to institutionalise border
controls as a genuine Community task. More generally speaking, its powerful role as risk
assessor and regulator is underpinned by the famous condition of the EU as a ‘regulatory
state’ (Majone 1994) whose legitimacy and self-constitution relies greatly on the provision
and consolidation of ‘information’‘evidence’ and ‘expertise’ in supranational regulatory pro-
cesses (Boswell 2008; Carmel 2016; Majone 1997), regardless of how contested or even
deeply undemocratic such notions may be in regulatory practice (cf. the critique of evi-
dence-based policy-making by Rüb and Straßheim 2012).
Institutionalisation claims emerge against the backdrop of a rather weak formal mandate
for integrated border control and a comparatively weak agencification of the border control
domain. Certainly, Schengen countries have intensified coordination on border control oper-
ations since the Schengen Convention in 1985: they systematically exchange and pool all
relevant information – with Frontex acting as a hub – and the Schengen Borders Code even
lays down common rules for local border control practices (cf. Mungianu 2013). Irrespective
of such harmonisation progress, however, the enforcement and implementation of border
controls remain ‘a matter of member states and their administrative authorities’, with the
role of the EU being limited to ‘coordinat[ing] their responses’ (Boswell and Geddes 2011,
145). In consequence, Frontex’ mandate is embedded in a governance structure pertained
by ‘features of intergovernmental cooperation’ (Mungianu 2013, 361; cf. Ekelund 2014). With
the agency’s management board entailing one representative per EU country plus only two
delegates from the Commission, activities are closely checked against member states’
 JOURNAL OF EUROPEAN INTEGRATION   5

interests and their sovereignty concerns, avoiding the creation of a supranational mandate
for border control (Pollak and Slominski 2009). At the same time, Frontex’ budget is allocated
by the Commission and reviewed by the European Parliament. Its peculiar half-independent
nature, somewhat stuck between a loose network and a fully-fledged agency (Wolff and
Schout 2013), as well as between intergovernmental and supranational governance, makes
Frontex a rather weak agency compared to the powerful European regulatory agencies for
food standards, chemicals or medicines (EFSA, ECHA and EMEA).
In the context of the weak integration of the border control domain, several authors have
interpreted Frontex risk analysis as a tool for solving tensions between member states’ strong
formal sovereignty and their somewhat countervailing wish to coordinate approaches and
receive EU-level support. Andrew Neal (2009) argues that risk analysis has been a crucial
means of institutionalising and normalising EU-level border management, claiming that it
enables Frontex to respond to member state emergency claims all while substantiating its
own role as risk analyst despite weak formal integration. Mungianu (2013) observes a con-
siderable de facto (though not de jure) harmonisation of border control through Frontex’
activities regarding joint operations, the coordinated deployment of border guards and
common training for national border guards, while Satoko Horii (2016) confirms risk analysis
to shape more harmonised political decision-making in member states despite the EU’s weak
regulatory mandate. Yet, neither author explains why precisely such harmonisation through
risk analysis might occur, or form such a crucial part of Community decision-making in the
first place.
Explanatory hints are offered by Johannes Pollak and Peter Slominski (2009) who suggest
Frontex be able to ‘support and link national and supranational authorities’ by ‘provid[ing]
the actors of bureaucratic governance with the sort of information and coordination activities
that they need’ (ibid., 906, 918). Risk information and knowledge, for them, are ‘the most
important resources of Frontex … as a basis for cooperation, coordination and persuasion’
(ibid., 908). Indeed, the agency itself considers ‘risk analysis as a corner-stone of the man-
agement of external borders … [and] a tool to contribute to greater management coherence’
across member states (Frontex 2012, 7). This interpretation resonates with wider claims in
the European integration literature according to which harmonisation can be advanced in
the absence of ‘hard’ regulatory mandates through low level agencies’ facilitation of coor-
dination, peer review and information exchange4 (e.g. Majone 1997 on ‘regulation by infor-
mation’; Sabel and Zeitlin 2010 on ‘experimentalist governance’). From this perspective, the
provision of knowledge (in our case risk analysis) (a) offers an opportunity for the EU to
strengthen its practical relevance for member states, especially in weakly integrated domains,
and (b) systematically establishes informational shared points of references – including fora
to contest expert opinions – which might induce voluntary harmonisation among member
state regulatory practices. The institutionalising power of knowledge generation at EU-level
has been confirmed recently by Geddes and Scholten (2015, 41), who highlight that ‘mobi-
lizing specific types of research’ can be ‘a political strategy designed to reinforce policy objec-
tives’ precisely in domains where the EU lacks formal competencies (such as migrant
integration); whereas Emma Carmel (2016) even considers (risk) expertise – though always
contested – as powerful governance tool in the on-going constitution of the Union as dom-
inant migration regulator: ‘The EU is imagined and enacted through the entangled relation-
ships of knowledge generation and governance practices’ (ibid., 18).
6   R. PAUL

The remainder of this paper seeks to substantiate existing institutionalisation diagnoses

in the border control domain by examining the so far under-researched micro foundations
of the appeal ascribed to risk analysis. While the epistemology of risk analysis at play in the
securitisation of migration is well-charted and problematized, there is, so far, no systematic
consideration of how and why exactly risk analysis is utilised by EU-level actors to harmonise
border control. If risk analysis has become a tool for ‘manag[ing] and control[ling] … the
practices of Member State border security apparatuses’, as Andrew Neal (2009, 353) observes,
we need to explain this diagnosis in more depth: how and why is risk analysis applied in the
EU’s attempt to harmonise border control in the Schengen Area?

3.  Conceptualising risk analysis as institutional risk management in the EU

To answer the research question developed above the paper analyses Frontex risk analysis
as a case of risk-based governance. This section details our analytical framework and meth-
odological approach.

3.1.  Risk analysis as institutional risk management

To explain the harmonisation impetus of Frontex risk analysis in Community decision-making
we draw on studies which have examined the role of risk analysis within organisations.
Scholarly writing on so-called risk-based governance (RBG) highlights the emergence of risk
as a heuristic for (rather than object of ) decision-making (Paul 2017; Rothstein 2006). Based
on calculations of the likelihood times impact of potential societal harms (i.e. actuarial risk
analysis),5 regulators define acceptable and tolerable levels of harm and rationalise their
intervention decisions – including the limits of their responsibility – ex-ante (e.g. Black 2005;
Hutter 2005). They design:
an escalating intervention strategy which refrains from intervening in the low-risk sphere, where
the risk level is defined as acceptable; intervenes proportionally in the medium risk sphere
between the acceptability and tolerability thresholds, and intervenes most strictly and frequently
in the high-risk areas above the tolerability threshold. (Baldwin, Cave, and Lodge 2013, 281f )
Henry Rothstein and colleagues argue that, rather than merely targeting specific ‘societal
risks’ through risk analysis (as assumed in the securitisation debate), risk in RBG operates as
a meta-level governance tool which responds to ‘institutional risks’ – that is: legitimacy risks
hinging on organisational performance and accountability (Rothstein, Huber, and Gaskell
2006, 99–103). As organisations attempt to manage the ‘institutional risks of risk regulation
… [risk has become] an attractive concept for rationalising the practical limits of what reg-
ulation can achieve and rendering given degrees of regulatory failure acceptable’ (ibid., 99f ).
If we conceptualise risk analysis as a governance tool for institutional risk management, this
means investigating (a) how actuarial calculations are applied by EU-level actors to account
for regulatory failure, and (b) how such accounts help substantiate and legitimise their reg-
ulatory role, potentially also beyond the formal Treaty mandate.6
As the notion of institutional risk management operates with a bounded rationality con-
cept (ibid.), what matters in our analysis is the perception of institutional risks and their ‘right’
management by organisational actors themselves. The paper reconstructs the meanings
vested in the regulatory uses of risk analysis with an interpretive policy analysis (IPA) (e.g.
Yanow and Schwartz-Shea 2006). Starting from IPA’s constructivist-interpretivist ontology,
 JOURNAL OF EUROPEAN INTEGRATION   7

policies ‘mean’ not in any pre-determined functional manner but because policy-makers
vest specific meanings in them. The analysis focuses on the meanings which Frontex and
the Commission – chief EU-level regulators of the domain and both at the forefront of pro-
moting more coordinated approaches – vest in risk analysis in their regulatory activities and
how these meanings relate to their institutional risk management. Our IPA triangulates the
analysis of (a) more than a dozen official documents and (b) seven semi-structured inter-
views7 with officials at Frontex and the Commission’s DG Migration and Home Affairs, con-
ducted between February and May 2015. Documents and transcripts were coded with QDA
software for the specific uses and functions of risk analysis which regulators presented as
relevant. Drawing on RBG insights, several hypotheses about potential institutionalising
uses of risk analysis guide our subsequent analysis. These are presented next.

3.2.  Expectations about risk-based institutionalisations of EU border control

The RGB literature details four more specific rationalisation promises which regulators tend
to vest in risk analysis8 and which explain the appeal of risk analysis from an institutional
risk management viewpoint: efficiency, effectiveness and transparency gains, and
de-­politicisation effects. We briefly review these promises to develop expectations about
the EU’s institutionalising uses of risk analysis and their potential role in the harmonisation
of European border control (summary in Table 1).
Proponents of RBG mainly cherish its assumed ability to ensure a more efficient and effec-
tive allocation of scarce resources. Reduced inspection and enforcement loads – and related
efficiency gains – can go hand in hand with more effective regulation, it was argued, because
high impact issues (e.g. explosions or asbestos in workplaces) and frequent non-compliers
(i.e. those employers whose behaviour increases the likelihood of bad things happening)
are being specifically targeted after detailed risk analysis while resources are saved on low
risks (e.g. Majone 2010). Such broad brush promises of efficiency and effectiveness gains
can be expected to institutionalise EU-level border control in two ways. Firstly, risk analysis

Table 1. Expectations about risk-based institutionalisations of EU border control

Promises of risk-based Functions associated with risk analysis
governance (RBG) in RBG literature
Efficiency/effectiveness Enables optimal use of scarce resources
and prevention of societal risks,
pre-empts blame for failure
Transparency Comparison of risks enables design of fair
and predictable interventions, increases
visibility of performance and entices
benchmarking processes
De-politicisation RA enables ‘technocratic’ regulation which
reduces political contestation
Seeming ‘neutrality’ increases mutual trust
in adversarial negotiations and facilitates
solidarity among stakeholders
Overall Rationalisation of regulatory interventions
and spending
Risk-based institutionalisations of EU
border control
RA ‘sold’ as compatible with austerity and NPM
agendas in member states
Explicit limitation of EU responsibility for low
border risks
Explicit limitation of EU-level accountability for
failure
RA used to foster benchmarking processes and
incentivize member states to coordinate
more and perform better
RA used to moderate conflicts between
member states and EU-level actors
RA used to address coordination impasses and
distributional issues
‘Rational’ justification of EU-level coordination
and substantiation of EU role in weakly
integrated domain without challenging
member state competencies
8   R. PAUL

could be used to justify Community spending vis-à-vis member state funders as being
focused on the high-risk cases. Such a risk-based legitimisation strategy seems promising
in a climate of austerity and a wider buy-in to evidence-based policy-making and deregu-
lation as part of European New Public Management agendas (critically: Carmel 2016; Tombs
and Whyte 2013). Secondly, the focus on high-risk scenarios for efficiency and effectiveness
reasons might also serve to limit EU-level actors’ accountability for border control failure and
to shift blame to member states. Given its weak agencification Frontex faces the particular
institutional risk of not being able to do much without member state consent but being
nonetheless held accountable regulatory outcomes. Risk analysis might hence be the agen-
cy’s chief remedy for rejecting member state pressure based on an efficiency narrative.
Member states’‘urgency’ claims for Community level action or funding might not merely ‘sit
alongside’ the risk discourse ‘as a series of quiet, professional, technical practice’ (Neal 2009,
351) then: they may be strategically sieved to identify legitimate claims – from the perspec-
tive of the Community – through the filter of risk analysis.
Hopes of transparency gains, secondly, arise as systematic risk analysis may render risks
more comparable and the treatment of ‘similar’ risks – actuarially speaking – more consistent,
more predictable and fairer on regulatees (as summarised in a review for the OECD by Majone
2010). Whilst complexity reduction through numeric comparison remains a highly selective
endeavour it fulfils important regulatory functions by forcing entities into benchmarking
operations with one another (Huber 2017). Insights on how mimetic pressure results from
transparency in EU-level benchmarking processes – for example with respect to the wide-
ly-debated open method of coordination (e.g. Sabel and Zeitlin 2010) – suggest that risk
analysis can foster voluntary coordination and a mainstreaming of perceived (and/or pro-
moted) best practices beyond narrow Treaty mandates, especially in weakly integrated
domains. For example, the harmonisation of flood risk analysis methods through a recent
EU Directive (CEU 2007) has led member states to re-consider nationally governed prevention
standards and respective funding criteria in harmonising manners (Paul, Bouder, and
Wesseling 2016). In addition, the identification of ‘bad performers’ or ‘weak border spots’
through risk analysis may enable EU-level regulators to demand more coordinated border
enforcement, justify their own legitimacy as risk regulators, and reject blame for failure which
risk analysis evidences as being related to member states’ own incapacities.
Lastly, a wide-spread critique of RBG holds that ‘regulation and enforcement … become
technical matters of calculation, policy-oriented scientific discourses that transcend political
contests’ (Tombs and Whyte 2013, 67). This assumed de-politicisation effect makes RBG part
of a broader tendency of governments involving expert agencies in political decision-making
to portray policy issues as technocratic or managerial (i.e. by depoliticizing them) and to
thereby increase governmental legitimacy and scope for action (e.g. Flinders and Wood
2015). Whilst attempts to disguise the political nature of risk analysis have been rightly cri-
tiqued (e.g. Shrader-Frechette 1990; Stone 2012) and are widely noted in the securitisation
debate, we seek to inquire the institutional uses of such de-politicisation through risk analysis
by the EU. Sergio Carrera and colleagues (2013) interpret the deflection of liability and polit-
ical blame as chief governance goal of the informal expansion of EU-level activities in the
domain. The discursive framing of Frontex as technocratic, intelligence-driven and knowl-
edge-providing agency is designed, in their view, to moderate public concerns about its role
in highly contested securitising operations, such as push-backs in the Mediterranean.
Moreover, the ‘rational’, ‘impartial’ and ‘objective’ character which regulators ascribe to risk
 JOURNAL OF EUROPEAN INTEGRATION   9

analysis may serve to create a perceived neutral ground for member states and the
Commission to settle conflicts about the directions and forms of European border control
and its enforcement.
In another reading of de-politicisation, risk analysis may also entice hopes for enhanced
trust and solidarity between actors in multi-level settings. By offering a seemingly transparent
and neutral basis for joint decision-making risk analysis has been shown to moderate com-
peting views and adversarial positions in stakeholder negotiations within member states
(Paul and Huber 2015). With the institutional risk of utter failure of the EU’s motto ‘unity in
diversity’ multiplying alongside member states’ unwillingness to act jointly during the
so-called ‘refugee crisis’, risk analysis could serve as a welcome tool for Frontex, the
Commission, but also the most affected member states, to justify demands for more soli-
daristic and coordinated border controls in Europe. As ‘trust in numbers’ often surmounts
trust in non-quantified claims in policy-making (Porter 1995) distributional decisions about
emergency responses and Community support may seem less controversial when they are
based on actuarial calculations indicating a high border risk.
Overall, we suggest that EU-level actors draw on the rationalisation promises of risk anal-
ysis (efficiency, effectiveness and transparency gains and de-politicisation) to justify increased
coordination without challenging member state competency in the weakly integrated
domain. At the same time, risk analysis might enable the EU to substantiate its role in the
weakly integrated border control domain – including blame shifting for regulatory failure
and informal regulatory expansion beyond the narrow limits of the Treaty mandate.

4.  Three cases of risk-based European border control

This section analyses three applications of Frontex risk analysis at EU-level: Eurosur impact
level assessment, the Schengen evaluation and monitoring mechanism, and resource allo-
cation in the ISF. These cases promise nuanced insights because they cover three different
dimensions of the EU’s regulatory regime: monitoring and evaluation, regulatory enforce-
ment, and the allocation of Community funding, respectively. They are also perceived as
most important uses of risk analysis in European border control by Commission and agency
experts themselves. The analysis scrutinises how EU-level actors apply Frontex risk analysis,
how they interpret the role of RBG in managing institutional risks, and how EU-level uses of
risk analysis might contribute to the institutionalisation of EU-level border control. Evidence
confirms our claim that risk analysis can ‘softly’ advance harmonisation because it offers a
multi-functional justification of increased EU-level coordination and interventions whose
actuarial rationality does not openly question national competencies.

4.1.  Risk analysis in the institutional risk management of Frontex and the
Commission
Before detailing case studies let us consider the Commission’s and border agency’s overar-
ching justification for using risk analysis so prominently in decision-making. How does risk
analysis contribute to these actors’ institutional risk management?
According to the agency’s own rhetoric, the use of Frontex risk analysis in decision-making
is first of all associated with efficiency and effectiveness gains, just as predicted in RBG litera-
ture. Risk analysis is:
10   R. PAUL

‘intended to facilitate and contribute to informed decisions on investments and concerted

actions that are most likely to have sustainable effects on the management of the external
borders and ultimately the internal security of the EU’; risk analysis is seen as a tool ‘in ensuring
the optimal allocation of resources within constraints of budget, staff and efficiency of equip-
ment’. (Frontex 2013, 8)
Interviewees at Frontex detail these functions when describing their activities:
If your budget is limited and capacities for border control are limited, whilst flows remain the
same or grow or become more complex, you have to know where exactly to provide support.
(Frontex risk analyst, interviewed 3 February 2015, Warsaw)

With 80,000 km sea borders and 13,000 km land borders, you cannot be everywhere or stop
everyone from entering irregularly. We could be funding a lot of different things, but we cannot.
So you have to set priorities. (Frontex risk analyst, interviewed 3 February 2015, Warsaw)
Such views are equally rehearsed by Commission officials who state that any EU-level
intervention in the border control domain requires proof of its efficiency and effectiveness.
Frontex risk analysis has become a crucial litmus test for the necessity of proposed border
control operations and funding schemes as ‘effective border control comprises risk analysis’
(DG Home Affairs policy analyst, interviewed 5 February 2015, Brussels). Efficiency and effec-
tiveness gains also feature prominently in the Frontex regulation and serve to justify the
very creation of the agency there (cf. CEU 2004, art. 1.2).
Frontex risk analysis is further understood as a strategy to manage the EU’s institutional
risk of potential regulatory failure by establishing the limits of border security ex-ante.
Regulators in Brussels accept that complete border security is impossible to achieve and
needs to be compromised through risk-based prioritisation strategies:
We need to guarantee safe borders without illegal crossings officially, but of course, in reality, we
do acknowledge that we cannot be one hundred per cent sure that there is no illegal crossing.
So yes, we do focus on the riskiest border crossing points or modi operandi in practice. (DG
Home Affairs policy analyst, interviewed 25 March 2015, Brussels)
Such risk-based prioritisation might imply, for instance, that ‘there are areas in Northern
Lapland which are not really patrolled at all, because the terrain is difficult for crossings and
there is two meters of snow half of the year’ (same interviewee).
In line with our de-politicisation expectations, risk analysis is conceived of as a tool to
manage reputational risks and to shift blame for regulatory outcomes. Frontex interviewees
argue that the critical public misunderstands the agency’s role: ‘we create an evidence base
for decision-making that takes place elsewhere, in the member states or with the Commission
… But we do not do policies’ (Frontex public relations officer, interviewed 2 February 2015,
Warsaw). In order to ensure such a ‘neutral’ – though seemingly rather naïve – perception of
the agency’s role as mere evidence provider (cf. Neal 2009), interviewees agree, ‘all of Frontex
should be risk-based; everything the agency does should be justified by risk analysis’ (Frontex
risk analyst, interviewed 3 February 2015, Warsaw).
Importantly, risk analysis also helps actors specify their EU-internal relationship with one
another. A Frontex strategist argues that risk analysis facilitates the agency’s independence
from the Commission: ‘we sometimes have the impression that the Commission sees Frontex
as their tool, but that is problematic … we are an operational analyst autonomous from
politics’ (interviewed 3 February 2015, Warsaw). At the same time, a Commission official
states that ‘Frontex tended to think that they need to please member states who have a
majority in the management board’ but that the systematic use of risk analysis in the
 JOURNAL OF EUROPEAN INTEGRATION   11

Commission’s decision-making would have created more distance in that respect (inter-
viewed 5 February 2015, Brussels). This portrays risk analysis a tool for negotiating compe-
tencies in a domain that has been discussed as stuck between intergovernmentalism and
supranationalism (Wolff and Schout 2013).
Overall, risk analysis seems to facilitate the justification of EU-level border control activities
as efficient, effective, transparent, as well as politically ‘neutral’ and independent as part of
the Commission’s and Frontex’ institutional risk management strategies. While claims of
neutrality in particular are duly met with scholarly scepticism (e.g. Shrader-Frechette 1990;
Stone 2012) and have been nourishing the securitisation thesis, we also need to attend to
their role in justifying more supranational coordination of border control and in substanti-
ating the role of the EU-level interventions. We go on to analyse three applications of risk
analysis to illuminate institutionalising uses of risk analysis in-depth.

4.2.  Case study 1: Eurosur impact level assessment

Frontex risk analysis is used, firstly, to conduct impact level assessment for the information
exchange system Eurosur, established in 2013. Frontex’ role as coordinator of evidence –
member states submit situational pictures to the agency – has been strengthened with
Eurosur. The use of Frontex risk analysis in the drafting of situational pictures is mandatory
(CEU 2013a, art. 9, 10). It aims at increasing the transparency of (perceived) border risks across
the Union by creating a comprehensive and consistent data base. More importantly, however,
risk analysis also guides the agency’s impact level assessment at the heart of Eurosur, argu-
ably shaping decision-making far beyond the EU’s weak border control mandate.
Frontex regularly evaluates more than two hundred external land and sea border sections
in the Schengen Area according to their level of irregular migration and cross-border crimes
risk (‘impact level’). As typical for RBG (cf. Baldwin, Cave, and Lodge 2013), Eurosur impact
level assessment applies a traffic light model to differentiate risks: for each border section,
Frontex evaluators distinguish between unacceptable (red), tolerable (amber) and acceptable
(green) risk levels. A detailed qualitative catalogue of indicators and scenarios serves as a
benchmark for this risk analysis. The Commission then proposes an escalating set of inter-
ventions according to increasing risk levels:

• for low-risk areas: routine local border checks;

• for sections tagged with medium level risk: requirement of national priority setting to
aid local border guards;
• for high-risk border sections: eligibility for Frontex joint operations and EU-level financial
support (for example via the ISF, see below).

While in general,
[m]easures to be taken to reduce these [risks] remain the responsibility of individual mem-
ber states … in the case of ‘high impact level’ [i.e. high-risk] border areas, member states may
request operational assistance from Frontex in the form of a joint operation or rapid intervention.
(Frontex’ website, accessed 17 July 2016)
Risk-based impact level assessment thus justifies the conditions under which member states
can access assistance from Frontex joint operations, all while clearly limiting such EU-level
support to high-risk situations only.
12   R. PAUL

The risk-based substantiation of the EU’s role in border control does not only relate to effi-
ciency (spending Community money only in high-risk border sections) and effectiveness con-
siderations (rendering ‘weak’ border spots transparent and triggering joint enforcement).
Importantly, RBG also renegotiates the relationship between local, national, and EU-level border
guard operations in the multi-level setting: while member states remain responsible for border
control in general – in line with the comparatively weak degree of integration –, the EU sub-
stantiates and legitimises its more powerful role in coordinating operations and providing
financial aid for high border risks. At the same time, risk analysis and its use in Eurosur impact
level assessment serve to limit member states’ emergency response expectations for any other
than high-risk border sections. This risk-based self-limitation of supranational governance is
considered crucial in soliciting member states’ trust in the efficiency and fairness of the EU
border control regime, and, relatedly, their continued willingness to fund joint operations.
In consequence, the use of risk analysis in Eurosur impact assessment – more precisely:
the Commission’s ability to delimit joint interventions to border sections marked as ‘high-
risk’ in a process that is justified as efficient, effective and fair – is hoped to reconcile member
states’ responsibility for border enforcement with EU-level attempts to harmonise national
border controls. This both legitimises and strengthens Frontex’ role as chief risk analyst and
coordinator of joint operations in high-risk scenarios.

4.3.  Case study 2: the Schengen evaluation and monitoring mechanism

Risk analysis has also become crucial for inspection decisions within the Schengen evaluation
and monitoring mechanism (CEU 2013b). The evaluation regime aims to ensure, ‘an effective,
consistent and transparent application of the Schengen rules’, i.e. member states’ ability to
provide sufficient staff, equipment, and training for their sovereign controls of external land,
air, and sea borders (website of DG Migration and Home Affairs, accessed 17 April 2016). As
a previous intergovernmental peer review mechanism was deemed ineffective and non-­
transparent (Horii, 2016), a 2013 regulation has strengthened the role of the Commission.
It carries out quint-annual planned inspections (five to seven member states are visited per
year) but also, unprecedentedly, unannounced visits. When identifying weaknesses in the
implementation of effective border control, the Commission can recommend binding reme-
dial action, including the reintroduction of internal border control as ultimo ratio.
Frontex risk analysis serves as key reference point for the Commission’s reinforced inspec-
tion duties: it is used to schedule inspections and sets priorities for the evaluation period.
As a DG Home Affairs official explains, ‘we need to evaluate what is sufficient for compliance
and what is not in order to decide where to go’ (interviewed 5 February 2015, Brussels).
Unannounced inspections, especially, have to be risk-based and Frontex can also recommend
visits of high-risk sites in that context (CEU 2013b, art. 7). During inspections, member states’
willingness to make Frontex risk analysis results a systematic part of their national border
control strategies counts as a proxy for compliance.
EU-level actors highlight the transparency function of risk analysis as a means to achieve
higher levels of consistent border enforcement (and eventually harmonisation) without
raising member states’ concerns over formal competencies. While it were member states
themselves who demanded a revised evaluation approach, hoping for more ‘objective’ results
and more transparent compliance results, they were equally wary of strengthening the role
of the Commission too much (Horri, 2016). The Commission argues that a technocratic
 JOURNAL OF EUROPEAN INTEGRATION   13

reliance on Frontex risk analysis helps them assume this ‘political role’ in the enforcement of
the Schengen aquis – involving rather sensitive inspection decisions and recommendations –
in a manner that member states can perceive as legitimate (DG Home Affairs policy officer,
interviewed 5 February 2015, Brussels). Inspectors would feel obliged to offer a clear risk-
based rationale when temporarily reintroducing internal border checks in the Union after a
given member state has been evaluated as non-compliant with the Schengen Borders Code.
Interviewees claim, for example, that non-compliance with the Schengen acquis at the
Finnish-Russian border – which is in ‘two metres of snow’ and an unlikely spot for high border
risks in Frontex’ sense – would trigger less urgent Commission recommendations than
non-compliance at the Greek-Turkish border.
Secondly, the focus on risk analysis helps enforcing border control at EU-level: by making
non-compliance with the Schengen acquis visible as a risk in a seemingly objective and
neutral manner, enforceability at a Community level is increased without provoking political
conflict with member states. Risk analysis is understood as enabling in that regard because
it allows the Commission to ‘achieve improvements towards a more harmonised and effective
border management without naming and shaming’ (Frontex risk analyst, interview 3 February
2015, Warsaw). Further, by declaring Frontex risk analysis as obligatory reference point for
member states’ own border controls the Commission has established an influential role for
EU-level knowledge provision through the backdoor of a seemingly soft evaluation mech-
anism. Member states’ political decisions in the domain have already been shown to be
shaped by the way in which Frontex has measured and analysed border risks (Horii 2016).
Our analysis suggests that it is precisely the a-political self-presentation of Frontex risk anal-
ysis which may lead member states to accept the growing de facto EU-level coordination of
border control. As a border agency officials argues:
risk analysis provides us with autonomy from politics … no-one tells our risk analysis team
what to examine, what to find or recommend … [our] risk analysis is data-based and cannot be
bended politically. (Frontex risk analyst, interviewed 3 February 2015, Warsaw)
Overall, risk analysis seems to enable increased EU-level border control enforcement.
RBG’s promises of transparency and de-politicisation are used to justify a more powerful
role for the Commission in monitoring and enforcing compliance with the Schengen acquis
while simultaneously limiting the institutional risk of provoking conflict with member states
about formal competencies.

4.4.  Case study 3: resource allocation through the ISF

Risk analysis also helps justifying the allocation of Community funding via the ISF. The ISF
was set up for the period 2014–2020 with a budget of 3.8 billion Euros to promote, inter alia,
the management of external borders, and with the goal of achieving ‘a uniform and high
level of control of the external borders by supporting integrated borders management,
harmonising border management measures within the Union and sharing information
among EU States, and between EU States and Frontex’ (website of DG Migration and Home
Affairs, accessed 18 June 2016). Member states can apply for ISF funding by proposing spe-
cific measures – including for the setting up and running of IT systems, training schemes, or
the acquisition of operational equipment (ibid). The Commission reviews and selects sub-
missions and relies on Frontex evidence on the submitted cases, which draws on risk analysis
and Eurosur impact level assessment.
14   R. PAUL

Our analysis suggests that the ISF constitutes a particularly far-reaching example of ‘soft’
harmonisation by risk analysis. Through the backdoor of funding decisions, the ISF entails a
strong authority for the Commission to define and financially enforce EU-level border control
priorities, as well as for Frontex risk analysis to profoundly shape such priority-setting and
enforcement. Interviewees both at the Commission and the agency summarise this role
nicely, and not without pride: ‘we decide where the money goes’ (DG Home Affairs policy
analyst, interviewed 5 February 2015, Brussels), and: ‘Frontex has its foot in the door when
approval procedures for multiannual national border control plans are decided upon’ (Frontex
strategist, interviewed 2 February 2015, Warsaw).
Similarly to the Eurosur impact assessment and the Schengen evaluation and monitoring
mechanism, the use of risk analysis in the ISF offers the Commission the capacity to justify
its decisions as ‘efficient’, ‘effective’ and ‘neutral’. The division line between ‘exceptional’ situ-
ations and ‘routine’ border control, between legitimate and illegitimate claims for Community
support, is drawn by the help of risk-based differentiation. While expanding EU-level coor-
dination and support for high border risks, Commission officials clearly announce the non-­
applicability of the ISF to lower risk situations: ‘Frontex is not a financial instrument, it should
not be called upon to provide financial support for member states’ own efforts and respon-
sibilities in border management’ (DG Home Affairs policy officer, interviewed 25 March 2015,
Brussels). First and foremost, member states must comply with the Schengen acquis by
drawing on their own national resources and by devising their own enforcement strategies.
As they insist on their competency, the same expert argues, ‘they cannot require the EU to
assist in routine spending’. Therefore, the Commission is careful to define the ISF, as well as
Frontex joint operations, as additional support in exceptional situations with especially high
border risks. Of course, the very ability to distinguish between ‘routine spending’ and excep-
tional high-risk situations worthy of Community support is a powerful governance tool for
the EU – and one that is remarkably uncontested by member states.
Again, such risk-based differentiation serves as marker of efficiency and effectiveness of
EU-level spending and, relatedly, the fair distribution of Community funds all of which are
believed to ensure (financial) solidarity with those member states exposed to particularly
high border risks. At the same time, risk-based priority-setting in funding also helps the EU
to reject blame for regulatory failure in border sections which have not been marked as
high-risk by Frontex analysts. Overall, the association with risk-based rationality renders the
ISF a multi-functional financial governance tool which (a) substantiates the role of the EU
as chief high-risk regulator in the border domain, (b) responsibilizes member states to deal
with lower risks autonomously, and (c) softly incentivizes them to accept a more harmonised
definition of border risks as well as a coordinated approach to managing them.

5. Conclusion
This article investigated the appeal and uses of Frontex risk analysis in EU-level decision-­
making to determine how and why risk analysis can advance the harmonisation of European
border control (as suggested, but so far not sufficiently substantiated, in the literature). It
conceptualised the regulatory use of risk analysis as a case of institutional risk management –
rather than of externally-oriented securitisation – and examined three applications of Frontex
risk analysis in EU-level decision-making in-depth. The analysis exposed that EU-level actors
draw on risk analysis to facilitate processes of soft harmonisation in weakly integrated
 JOURNAL OF EUROPEAN INTEGRATION   15

domains. Risk-based differentiation offers a multi-functional rationalisation of Community

decision-making which helps justify increased EU-level coordination and interventions in
high-risk areas without challenging member state competencies. It is equally targeted to
shift blame for regulatory failure in low-risk border situations (back) to member states.
The Commission and Frontex seek to capitalise on the multiple rationalisation promises
of RBG to justify EU-level spending and intervention priorities vis-à-vis member states. They
use risk analysis to highlight strengths and weaknesses of member states’ border manage-
ment ‘without naming and shaming’ (Eurosur and Schengen evaluation), to have member
states commit to enforcement recommendations (Schengen evaluation), and, eventually,
to render acceptable a more harmonised approach to European border control as well as a
stronger regulatory role for the EU-level in high-risk areas. The use of risk analysis for ISF
decision-making is narrated as being transparent, efficient and fair and is meant to capture
member states’ continued support for coordinated border controls and solidarity with mem-
ber states with particularly high border risks. Within the Schengen evaluation system, the
perceived ‘neutrality’ of risk analysis enables the Commission to justify unannounced visits
and improvement recommendations for member states – otherwise a political hot potato.
Here, the transparency and de-politicisation promises of RBG are used to justify a more
powerful role for the Commission in monitoring and enforcing the Schengen acquis, but
also to incentivize member states to adopt more harmonised risk management approaches.
This dynamic might be consolidated further in the future: Executive Director, Fabrice Leggeri,
announced that the increases in Frontex’ budget as a response to the refugee crisis at the
onset of 2016 will be distributed with a risk rationale in mind: ‘Risk analysis … is an essential
tool for deciding how these new resources should be allocated’ (Frontex 2016, 5).
Overall, risk analysis seems to serve as a magic bullet with which EU-level actors seek to
solve a wide array of coordination and regulatory problems in the multi-level governance
setting. Several implications for research and policy come to mind. Firstly, our findings sug-
gest that European integration research could benefit from considering the internal gov-
ernance role of risk analysis more prominently. There are good reasons to expect risk analysis
to serve as a tool for subtly harmonising policies and enforcement also in other domains
marked by weak integration and simultaneously high problem-solving pressures. When
faced with typical cross-border regulatory problems such as migratory movements, flooding,
pollution or terrorist crimes, member states may be willing to coordinate their approaches
far beyond the formal competencies set out in the Treaties. In this context, the seeming
innocence of risk analysis and its appeal as a rationalisation heuristic in governance processes
– though inevitably involving highly normative decisions – offers a way to deepen coordi-
nation and increase harmonisation without openly shifting competency to supranational
actors. The self-representation of EU-level actors as ‘neutral’ and ‘efficient’ risk assessors and
managers in our example certainly indicates a great trust in the success of risk-based justi-
fication patterns. Comparative research across agencies and policy domains – also consid-
ering member states’ uses of and responses to EU-level risk analysis – must test the
generalisability of such dynamics.
Secondly, the observed pattern of ‘harmonization by risk analysis’ entails considerable
policy implications. With Frontex risk analysis being mainstreamed as a baseline for ever
more border control decisions at EU-level (and by member states themselves), including on
funding and operations, its political impact increases without respective scrutiny of risk
analysts’ and risk managers’ liability for potential human rights breaches (e.g. Carrera, den
16   R. PAUL

Hertog, and Parkin 2013; Mungianu 2013) – or indeed the normative foundations of risk
analysis itself. While the article exhibited the ‘soft’ expansion of EU-level authority as highly
functional for increased coordination efforts in a weakly integrated domain, at least from
the viewpoint of EU-level actors, the dis-embedding of ‘harmonization by risk analysis’ from
democratic decision-making and political debate remains deeply problematic (e.g. Flinders
and Wood 2015; Fossum 2012). Our findings leave those who demand more and better
coordination in the border control domain with an unresolved tension: while risk analysis
might contribute to desirable harmonisation precisely because it can be rationalised as
‘neutral’ and ‘managerial’, such de-politicised representations might simultaneously reify
current post-factual populist tendencies in Europe. Rather than articulating border control
decisions as technocratic ‘self-evident’ automatisms based on ‘neutral’ actuarial calculations
done in Brussels, unrealistic and undemocratic control expectations might be better coun-
tered if the political choices behind regulatory applications of risk analysis were openly
debated as matters of European multi-level governance.

Notes
1. 
The European Agency for the Management of Operational Cooperation at the External Borders
of the Member States of the European Union. The article also uses ‘border agency’ or ‘agency’
as shorthand.
2. 
Helsinki was chosen as a headquarters not least because Finland had piloted the CIRAM within
its own border control and had arguably uploaded its approach to the EU level (interviews with
Frontex risk analyst on 3 February 2015 in Warsaw and with former Frontex adviser on 8 April
2015 via skype; also Horii 2016).
3. 
Under the impression of the refugee crisis the agency’s budget skyrocketed to 254 Mio €,
with funds for risk analysis growing to 13.68 Mio € (Frontex webpage, accessed 17 May 2016).
4. 
Such ‘soft’ harmonisation processes have been identified for other security-related EU agencies
such as Europol (e.g. Carrapiço and Trauner 2013).
5. 
The actuarial concept of risk needs to be distinguished from political and socio-cultural notions
of risk which consider in more depth the contested character of risk ‘knowledge’ (Haines 2011).
6. 
While national uses of RBG are well-studied, especially in Anglo-American contexts (e.g. Black
2005; Haines 2011; Hutter 2005; Rothstein, Borraz, and Huber 2013, the role of risk-based
rationalisations as part of European integration dynamics is not yet attracting much attention
among RBG scholarship either.
7. 
A list of anonymized interviewees can be requested from the author. The sample covered
all those involved in risk analysis at a strategic (rather than operational) level in the EU, and
willing to speak to a researcher. Increasing public critique of Frontex during the ‘refuge crisis’
worsened access since spring 2015.
8. 
This article does not seek to test the empirical validity of these regulatory promises. What
matters here is the perceived appeal of risk analysis by regulators themselves.

Acknowledgements
I thank interviewees for their generous sharing of insights as well as all collaborators on the HowSAFE
project for the possibility to conduct this research ‘on the side’, and for their feedback. Thanks to Jacob
Reilley for thorough language editing and to anonymous reviewers for constructive feedback.

Disclosure statement
No potential conflict of interest was reported by the author.
 JOURNAL OF EUROPEAN INTEGRATION   17

Funding
Research for this paper was supported by a grant awarded through the Open Research Area Programme
for the Social Sciences, jointly funded by the Deutsche Forschungsgemeinschaft [DFG, Germany, grant
number: HU-1791/3-1]; the Agence National de la Recherche (ANR, France); the Economic and Social
Research Council (ESRC, United Kingdom) and the Nederlands Organisatie voor Wetenschappelijk
Onderzoek (NWO, Netherlands) (http://tinyurl.com/howsafe-project); Economic and Social Research
Council [grant number ES/K006169/1].

References
Amoore, L. 2013. The Politics of Possibility: Risk and Security Beyond Probability. Durham, NC: Duke
University Press.
Baldwin, R., M. Cave, and M. Lodge. 2013. Understanding Regulation: Theory, Strategy, and Practice. 2nd
ed. New York: Oxford University Press.
Black, J. 2005. “The Emergence of Risk Based Regulation and the New Public Management in the UK.”
Public Law 2005 (Autumn): 512–549.
Boswell, C. 2007. “Migration Control in Europe After 9/11: Explaining the Absence of Securitization.”
Journal of Common Market Studies 45 (3): 589–610.
Boswell, C. 2008. “The Political Functions of Expert Knowledge: Knowledge and Legitimation in
European Union Immigration Policy.” Journal of European Public Policy 15 (4): 471–488.
Boswell, C., and A. Geddes. 2011. Migration and Mobility in the European Union. Basingstoke: Palgrave
Macmillan.
Carmel, E. 2016. “Re-interpreting Knowledge, Expertise and EU Governance: The Cases of Social Policy
and Security Research Policy.” Comparative European Politics: 1–23 (first online).
Carrapiço, H., and F. Trauner. 2013. “Europol and its Influence on EU Policy-making on Organized Crime:
Analyzing Governance Dynamics and Opportunities.” Perspectives on European Politics and Society
14 (3): 357–371.
Carrera, S., L. den Hertog, and J. Parkin. 2013. “The Peculiar Nature of EU Home Affairs Agencies in
Migration Control: Beyond Accountability versus Autonomy?” European Journal of Migration & Law
15 (4): 337–358.
Council of the European Union [CEU]. 2004. Regulation 2007/2004 Establishing a European Agency for the
Management of Operational Cooperation at the External Borders of the Member States of the European
Union (Frontex Regulation). Brussels.
Council of the European Union [CEU]. 2007. Directive on the Assessment and Management of Flood Risks.
2007/60/EC. Brussels.
Council of the European Union [CEU]. 2013a. Regulation 1052/2013 Establishing the European Border
Surveillance System (Eurosur). Brussels.
Council of the European Union [CEU]. 2013b. Regulation 1053/2013 Establishing an Evaluation and
Monitoring Mechanism to Verify the Application of the Schengen Acquis. Brussels.
Delogu, B. 2016. Risk Analysis and Governance in EU Policy Making and Regulation. Cham: Springer
International Publishing.
Ekelund, H. 2014. “The Establishment of FRONTEX: A New Institutionalist Approach.” Journal of European
Integration 36 (2): 99–116.
Flinders, M., and M. Wood. 2015. “When Politics Fails: Hyper-democracy and Hyper-depoliticization.”
New Political Science 37 (3): 363–381.
Frontex. 2012. Common Integrated Risk Analysis Model. A Comprehensive Update (version 2.0). Warsaw.
Frontex. 2013. Annual Risk Analysis 2013. Warsaw.
Frontex. 2016. Annual Risk Analysis 2016. Warsaw.
Fossum, J. E. 2012. “Reflections on Experimentalist Governance.” Regulation & Governance 6 (3): 394–400.
Geddes, A., and P. Scholten. 2015. “Policy Analysis and Europeanization: An Analysis of EU Migrant
Integration Policymaking.” Journal of Comparative Policy Analysis 17 (1): 41–59.
Haines, F. 2011. The Paradox of Regulation: What Regulation Can Achieve and What It Cannot. Cheltenham:
Edward Elgar Publishing.
18   R. PAUL

Hilgartner, S., C. Miller, and R. Hagendijk, eds. 2015. Science and Democracy: Making Knowledge and
Making Power in the Biosciences and Beyond. New York: Routledge.
Horii, S. 2016. “The Effects of Frontex’s Risk Analysis on the European Border Controls.” European Politics
and Society 17 (2): 242–258.
House of Lords. 2008. Frontex: The EU’s External Borders Agency. Report with Evidence. 9th Report of
Session 2006–7, HL Paper 60. London.
Huber, M. 2017/fc. “Leistungsvergleiche in Profession und Regulierung.” In Vergleich und Leistung in
der funktional differenzierten Gesellschaft [Comparin g Performance in Professions and Regulation],
edited by C. Dorn and V. Tacke. Wiesbaden: VS Springer.
Hutter, B. M. 2005. “The Attractions of Risk-based Regulation: Accounting for the Emergence of Risk
Ideas in Regulation.” CARR Discussion Papers, No. 33. London School of Economics.
Huysmans, J. 2000. “The European Union and the Securitization of Migration.” Journal of Common
Market Studies 38 (5): 751–777.
Majone, G. 1994. “The Rise of the Regulatory state in Europe.” West European Politics 17 (3): 77–101.
Majone, G. 1997. “The New European Agencies: Regulation by Information.” Journal of European Public
Policy 4 (2): 262–275.
Majone, G. 2010. “Strategic Issues in Risk Regulation and Risk Management.” In OECD Reviews of
Regulatory Reform, edited by OECD. 93–128. Paris: OECD.
Mungianu, R. 2013. “Frontex: Towards a Common Policy on External Border Control.” European Journal
of Migration and Law 15 (4): 359–385.
Neal, A. W. 2009. “Securitization and Risk at the EU Border: The Origins of FRONTEX.” Journal of Common
Market Studies 47 (2): 333–356.
Paul, R. 2017. “Risk in Regulation and Governance Research. Understanding Analytical Cleavages,
Advancing Research Exchange.” In Shaping Society: New Modes of Intentional Change in Regulation
and Governance, edited by R. Paul, M. Mölders, A. Bora, M. Huber, and P. Münte. Cheltenham: Edward
Elgar Publishing.
Paul, R., F. Bouder, and M. Wesseling. 2016. “Risk-based Governance Against National Obstacles?
Comparative Dynamics of Europeanization in Dutch, French, and German Flooding Policies.” Journal
of Risk Research 19 (8): 1043–1062.
Paul, R., and M. Huber. 2015. “Risk-based Regulation in Continental Europe? Explaining the Corporatist
Turn to Risk in German Work Safety Policies.” European Policy Analysis 1 (2): 5–33.
Pollak, J., and P. Slominski. 2009. “Experimentalist but Not Accountable Governance? The Role of Frontex
in Managing the EU’s External Borders.” West European Politics 32 (5): 904–924.
Porter, T. M. 1995. Trust in Numbers: The Pursuit of Objectivity in Science and Public Life. Princeton, NJ:
Princeton University Press.
Rothstein, H. 2006. “The Institutional Origins of Risk: A New Agenda for Risk Research.” Health, Risk &
Society 8 (3): 215–221.
Rothstein, H., O. Borraz, and M. Huber. 2013. “Risk and the Limits of Governance: Exploring Varied
Patterns of Risk-based Governance Across Europe.” Regulation & Governance 7 (2): 215–235.
Rothstein, H., M. Huber, and G. Gaskell. 2006. “A Theory of Risk Colonization: The Spiralling Regulatory
Logics of Societal and Institutional Risk.” Economy and Society 35 (1): 91–112.
Rüb, F. W., and H. Straßheim. 2012. “Politische Evidenz: Rechtfertigung Durch Verobjektivierung?” In
Der Aufstieg der Legitimitätspolitik, edited by A. Geis, F. Nullmeier, and C. Daase, 377–397. Baden-
Baden: Nomos.
Sabel, C. F., and J. Zeitlin. 2010. Experimentalist Governance in the European Union: Towards A New
Architecture. Oxford: Oxford University Press.
Shrader-Frechette, K. S. 1990. Risk and Rationality. Philosophical Foundations for Populist Reforms.
Berkeley: University of California Press.
Stone, D. 2012. Policy Paradox: The Art of Political Decision Making. New York: W.W. Norton &.
Tombs, S., and D. Whyte. 2013. “Transcending the Deregulation Debate? Regulation, Risk, and the
Enforcement of Health and Safety Law in the UK.” Regulation & Governance 7 (1): 61–79.
Wolff, S., and A. Schout. 2013. “Frontex as Agency: More of the Same?” Perspectives on European Politics
and Society 14 (3): 305–324.
Yanow, D., and P. Schwartz-Shea, eds. 2006. Interpretation and Method. Empirical Research Methods and
the Interpretive Turn. New York: M.E. Sharpe.