EU Council and Parliament enhance air passenger security

Brussels, 1 March 2024

Today, the Belgian presidency of the Council and European Parliament negotiators have provisionally agreed on two regulations that govern the collection and use of air passenger data for border management and law enforcement.

The new rules will improve the handling of advance passenger information (API) data to perform checks on passengers prior to their arrival at the EU’s external borders but also for intra-EU flights in the fight against terrorism and serious crime. They will enhance the fight against serious crime and terrorism within the EU, supplementing the processing of passenger name record (PNR) data.

Advance passenger information (API) contains identification details from the travel document and basic flight information and will be transmitted before and after take-off to authorities at the place of arrival.

A more efficient border management at airports and a strengthened information position for law enforcement authorities about people flying into and within the EU are two important benefits of the advance passenger information regulations we agreed on today.

Annelies Verlinden, Minister of the interior, institutional reform and democratic renewal

Uniform rules for data collection

The two regulations stipulate what API data air carriers must collect and transfer. API data will consist of a closed list of traveller information such as name, date of birth, nationality, type and number of the travel document, seating information and baggage information. In addition, air carriers will be obliged to collect certain flight information, for instance the flight identification number, the airport code and time of departure and arrival.

The collection and transfer of API data in principle only concerns flights that depart from outside of the EU. However, member states may decide to include intra-EU flights. Such a decision will depend on specific law enforcement needs such as a terrorist threat and must in the absence of such threat be supported by a suitably motivated risk assessment.

Better crime fighting and improved border controls

Thanks to the new regulations, law enforcement authorities will be able to combine travellers’ API data and passenger name records (PNR). The PNR is a larger set of air passenger reservation data and contains details about the itinerary of a passenger and information of the flight booking process. When used together, API and PNR are particularly effective to identify high-risk travellers and to confirm the travel pattern of suspected persons.

Also border authorities will benefit from the agreed new rules. Because they will get a more complete view of travellers arriving at airports, border authorities will be able to perform pre-checks before landing, store the data longer than is foreseen today to perform the necessary checks and as a consequence manage their border controls more efficiently.

This will strengthen border security as it should increase the chances of preventing unwanted border crossings. Passengers should benefit from shorter waiting times and smoother passport checks.

Automated data-collection

Airlines will have to collect the API data contained in travel documents by automated means (e.g. through scanning machine-readable passports). Only if an automated collection of traveller data is not possible because of technical reasons can an air carrier collect the data manually (either as part of the online check-in or the check-in at the airport). The possibility to provide data manually during the online check-in will in any case remain available during a transitional period of 2 years. Verification mechanisms will be put in place by the air carriers in order to guarantee the accuracy of the data.

Single router

In order to streamline the transmission of the API data the Council and Parliament decided to put in place a central router. This router, which will be developed by an EU agency, will receive the data collected by the air carriers and then transmit it to the relevant border management and law enforcement authorities. This router will then later also serve for the collection and transmission of PNR data.

Because air carriers will no longer have to send API data to multiple authorities this will enhance the efficiency and reduce costs of the data transfer and reduce the risk of errors and abuses.

Next steps

The agreement that was reached today will have to be confirmed by member states’ representatives (Coreper) before formal adoption in the European Parliament and in the Council.

Assito Kanko (ECR/BE) and Jan-Christoph Oetjen (RENEW/DE) are the European Parliament’s rapporteurs for both files whereas Commissioner Ylva Johansson in charge of home affairs represented the European Commission.

Passenger data (background information)

Source – EU Council

EU Commission welcomes political agreement on Advance Passenger Information to facilitate border management and strengthen security

Brussels, 1 March 2024

The Commission welcomes today’s political agreement between the European Parliament and the Council on the two Regulations on Advance Passenger Information (API), which upgrades the EU’s 20-year-old legislative framework.

Over a billion passengers enter, leave or travel within the EU every year. The increase in the volume of travel showed the need to harmonise the way API data is collected and shared throughout the EU. The new rules will make the data available more efficiently for border and law enforcement authorities, in full respect of EU data protection standards. It will strengthen the prevention, detection, investigation and prosecution of terrorist offences and serious crime, particularly on travels within the EU.

The Regulations will cover flights within, into and from the EU. In particular, the rules will introduce:

Uniform requirements for the collection of API data by carriers, setting a mandatory list of API data to be collected by air carriers from passengers on all flights to from and within the EU.
Increased quality API data: air carriers will have to collect data from passengers (family and first name, date of birth, nationality, etc.) using automated means, with manual insertions of the data in exceptional cases. This will increase the efficiency and reliability of the data collection.
Mandatory transfer of data to Member States: This will facilitate travel to the Schengen area, as it will reduce the time spent at disembarkation and at the physical border checks and will strengthen the fight against terrorism and serious crime within the EU.
More efficient transfer of data by air carriers to Member States, in full compliance with EU data protection rules: A router managed by eu-LISA will replace the current system of multiple connections between air carriers and national authorities. In addition to the transfers of API data through the router included in the Commission’s initial proposals, co-legislators agreed to extend the use of the router to the transfers of Passenger name record (PNR) data. This technical solution is compliant with personal data protection safeguards.

Next steps

The Regulations must now be formally adopted by the European Parliament and the Council before they enter into force, which will happen 20 days after publication in the Official Journal of the EU.

Background

API data is information on passengers which is contained in travel documents and is collected by air carriers during check-in. It is complemented with travel route information. This data contains information which allows to confirm the identity of passengers. The processing of API data provides a tool for border and law enforcement authorities to conduct advance checks of air travellers, so that more resources and time can be allocated to identify travellers to identify high-risk travellers and to confirm the travel pattern of suspected individuals.

In the EU, the API Directive (2004) imposes obligations on air carriers to transmit, upon request, API data to the EU Member State of destination prior to the flight’s take-off. This concerns inbound flights from a third country and aims to improve border control and fight irregular migration.

The revision of the Directive was announced in the Commission Work Programme 2022 and the June 2021 Schengen Communication. The two new Regulations will replace the 2004 Advance Passenger Information Directive, based on the results of the evaluation carried out in 2020.

For More Information

Proposal for a Regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information (API) for facilitating external border checks

Proposal for a Regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information (API) for the prevention, detection, investigation and prosecution of terrorist offences and serious crime

Passenger Data – European Commission (europa.eu)

Quotes

Today’s agreement strengthens our borders. We are implementing a transparent system that safeguards both the EU and our citizens’ data. This means border guards and law enforcement will have clearer insights into everyone arriving on EU-bound flights. With the new Advance Passenger Information rules, we’re tackling security challenges head-on and closing loopholes that criminals exploit.

Source – EU Commission

Cookie	Duration	Description
__stripe_mid		This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any patment information on a server.
__stripe_sid		This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any patment information on a server.
_abck		This cookie is used to detect and defend when a client attempt to replay a cookie.This cookie manages the interaction with online bots and takes the appropriate actions.
_wpfuuid		This cookie is used by the WPForms WordPress plugin. The cookie is used to allows the paid version of the plugin to connect entries by the same user and is used for some additional features like the Form Abandonment addon.
ASP.NET_SessionId		Issued by Microsoft's ASP.NET Application, this cookie stores session data during a user's website visit.
AWSALBCORS		This cookie is managed by Amazon Web Services and is used for load balancing.
bm_sz		This cookie is set by the provider Akamai Bot Manager. This cookie is used to manage the interaction with the online bots. It also helps in fraud preventions
cookielawinfo-checbox-analytics		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional		The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary		This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
elementor		This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
JSESSIONID		Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy		The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga		The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_4L7PKQPHHV		This cookie is installed by Google Analytics.
_ga_T50H0MNN9J		This cookie is installed by Google Analytics.
_gat_gtag_UA_12289088_5		Set by Google to distinguish users.
_gcl_au		Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid		Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
_mcid		No description available.
_swa_u		This cookie is set by the provider Sitewit.com. This cookie is used for statistical report and analysis.
ak_bmsc		No description available.
AWSALB		AWSALB is a cookie generated by the Application load balancer in the Amazon Web Services. It works slightly different from AWSELB.
ec_store_chameleon_font		No description available.
FCCDCF		No description available.
issuem_lp		No description available.
lp_us_his		No description
m		No description available.