Brussels, 5 December 2024
Yesterday, the European Commission proposed to introduce a progressive start of operations of Europe’s new digital border system, the Entry/Exit System (EES), by giving Member States six months to deploy it.
The EES is a state-of-the-art IT system that will digitally record entries and exits, data from the passport, fingerprints, and face images of non-EU nationals travelling for short-stays to any of the EU Member States and Schengen associated.
It will facilitate travel, modernise the management of the external borders, reduce identity fraud, and enable identification of visa overstayers, while strengthening the security of the Schengen area. It will also allow the automation of border controls, gradually accelerate border procedures and improve travellers’ experience. It is the cornerstone of the interoperability architecture allowing all border and security information systems to communicate together.
Today’s proposal allows Member States to gradually benefit from the many advantages and capabilities of the system, whilst giving border authorities and the transport industry more time to adjust to the new procedures.
Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy, said:
Soon, Europe will need to switch on the most modern digital border management system in the world, the Entry/Exit System. It will be a major milestone in the Union’s efforts to enhance border security, knowing who enters and who exists the territory of the Union. With this proposal we are allowing Member States to gradually phase in the new system to ensure it operates smoothly and safely from day one. I encourage the co-legislators to agree on it swiftly!
Magnus Brunner, Commissioner for Internal Affairs and Migration, said:
We need to know who enters and leaves the EU. To enhance the security and efficiency of border crossings, we are putting in place IT systems with innovative technologies. The Entry-Exit system is a big step towards more integrated and comprehensive border management. Allowing Member States to gradually phase in the new system will ensure it operates smoothly from day one.
The proposal will now be submitted to the European Parliament and the Council for adoption. Once adopted, the EES Regulation will enter into force, allowing Member States to start preparing for the progressive start of operations.
More information:
EU Commission Q&A on the progressive start of Europe’s new digital border system EES
Brussels, 5 December 2024
What is the Entry/Exit System?
The Entry/Exit System (EES) is a key step to achieving a European digitalised border control, further reinforcing the EU’s approach to integrated border management. It is the cornerstone of the interoperability architecture, which will allow all border and security information systems to communicate together.
Concretely, the EES is an automated IT system that registers non-EU nationals who travel for a short stay, each time they cross the external borders of any of the EU Member States and Schengen associated countries.
The system will digitally record the person’s name, travel document, biometric data, such as fingerprints and captured facial images and the date and place of entry and exit. It will also record refusals of entry.
The EES will replace the current system of passport stamping, provide reliable data on border crossings and allow for systematic detection of over-stayers. The EES will thus modernise the management of the external borders and strengthen the security of the Schengen area – by reducing identity fraud and making it easier to identify visa overstayers. It will also allow the automation of border controls, progressively accelerating the checks at the external borders, facilitating travel and improving travellers’ experience.
More information on EES is available on the official website, ‘Travel Europe’.
What are the main components of the progressive approach?
The proposal foresees a progressive start of operations of the EES over a period of six months.In practice, that means that all Member States will start operating the EES from day one at one or more border crossing points. Border authorities will progressively register in the system the data of third country nationals crossing the borders, starting with at least 10% of border crossings, and reaching full registration of all individuals by the end of the six months period.
During this period, travellers’ data will be electronically recorded only at the borders where the EES will operate. In parallel, passports will continue being stamped at all borders.
Member States and eu-LISA will set out roll-out plans, defining the details of the progressive entry into operation at central and national level, and Member States will report on their progress to the Commission and eu-LISA on a monthly basis.
Member States who wish to start operating the EES fully from day one will be able to do so. After the six months period, the EES should be fully implemented across all Member States.
What are the benefits of a progressive approach?
Member States can start benefitting from the advantages and capabilities of the system from day one. In addition, it offers them flexibility to adjust their procedures, better prepare their borders and manage the flows of travellers.
Travellers will progressively experience improved and more efficient digital border checks, automated procedures and reduced waiting times at the borders.
Border authorities and the transport industry will also have more time to adjust to the new procedures. Finally, this proposal will preserve the efforts and investments made by eu-LISA, Member States and other stakeholders in infrastructure, technology and resources to prepare for the EES.
Why did the Commission propose a progressive start of operations for the Entry-Exit System (EES)?
Member States, eu-LISA and the Commission have made significant efforts to launch the EES before the end of 2024 (as endorsed by the Justice and Home Affairs Council in October 2023). However, the implementation of a large-scale IT system like EES is a complex operation and delays could not be completely excluded.
At the Home Affairs Council on 10 October 2024 the Commission informed that it had not yet received the required declarations of readiness from all Member States, which is a legal requirement to be able to start the operation of the system.
A progressive entry into operation of EES was therefore considered as the best way forward for swift progress. However, the current EES Regulation only allows for a full start of operations, and it does not offer flexibility to Member States to address remaining challenges while already operating the EES. The Commission has therefore put forward a proposal for a progressive entry into operation of EES.
The proposal offers flexibility to Member States to roll out the EES according to their capabilities while respecting the minimum thresholds established by the EES Regulation. At the same time, those Member States who are ready to start using the EES fully from day one will be able to do so. This would allow for a period of adjustment for authorities and travelers, while ensuring the security and efficiency of border checks at the external borders.
It will also include the possibility to temporarily suspend the system in case of disruptions. Member States will also be able to skip the collection of biometric data in exceptional circumstances, enabling them to tackle excessive waiting times at the borders, without compromising on the security. This approach was agreed at the JHA Council in October 2024.
How does the proposal address exceptional circumstances, such as technical problems or excessive waiting times? Will this resolve the issues raised by the transport industry e.g. related to the long queues?
Today’s proposal introduces the possibility to temporarily suspend the EES operations in case of technical failures or other disruptions at the borders.
Temporarily suspending EES means stopping electronic registration of travellers’ data in the system, either by not recording their biometric data or not recording their data at all.
By allowing for temporary suspension, the risk of long waiting times at the borders will be substantially reduced. However in no circumstances will security be compromised since the authorities will need to carry out the regular border checks as performed today.
What are the costs to the EU budget for the EES?
The cost to the EU budget of the EES implementation was foreseen to be €480.2 million over four years in the impact assessment of the Regulation.
What are the next steps?
First, the proposal needs to be adopted by co-legislators. When the proposal is adopted and enters into force, the Commission will decide on the date of the progressive start of the EES, after having received all declarations of readiness from Member States. At the latest six months from the progressive launch, the EES will have to operate at its full capacity. To ensure a successful full operation of the EES, eu-LISA and Member States will have to elaborate plans to roll-out EES at central and national level.
When can travellers expect the EES to be fully operational?
Travellers will be informed of the next steps through the EES website and directly at the borders. An information campaign will be launched prior to the start of operations.
What is the link with ETIAS?
The progressive start of the EES operations will be consistent with the application of the future European Travel Information and Authorisation System (ETIAS). A revised planning of ETIAS will be discussed and agreed between the Commission, Member States and eu-LISA in the light of the expected entry into operations of the EES.
Source – EU Commission
Which data are collected by the EES?
You need to provide your personal data each time you reach the external borders of the European countries using the EES.
The EES collects, records and stores:
- data listed in your travel document(s) (e.g. full name, date of birth, etc.)
- date and place of each entry and exit
- facial image and fingerprints (called ‘biometric data’)
- whether you were refused entry.
On the basis of the collected biometric data, biometric templates will be created and stored in the shared Biometric Matching Service (see footnote).
If you hold a short-stay visa to enter the Schengen area, your fingerprints will already be stored in the Visa Information System (VIS) and will not be stored again in the EES.
Depending on your particular situation, the system also collects your personal information from:
- the Visa Information System
- (which contains additional personal information)
- the European Travel Information and Authorisation System (ETIAS), in particular the status of your ETIAS travel authorisation and, if applicable, whether you are a family member of an EU national.
All this is done in full compliance with data protection rules and rights.
Why is your data collected in the EES?
Your data is collected and processed in the EES to:
- reinforce the efficiency of external border management
- prevent irregular immigration
- facilitate the management of migration flows
- identify travellers who have no right to enter or who have exceeded their permitted stay
- identify travellers who are using fake identities or passports
- help prevent, detect and investigate terrorist offences and other serious crimes.
This is required in accordance with Regulation (EU) 2017/2226, specifically Articles 14, 16 to 19 and 23 of Chapter II and Chapter III.
How will you be informed about the processing of your personal data?
You will be provided with written information about the EES and your related rights when you cross the external borders of the European countries implementing the EES for a short stay (maximum of 90 days in any 180-day period).
Conditions for collecting and storing personal data in the EES are set out in Regulation (EU) 2017/2226 establishing the Entry/Exit System.
What happens if you refuse to have your fingerprints scanned or a photo of your face taken?
If you refuse to provide your biometric data, you will be denied entry into the territory of the European countries using the EES.
Who can access your personal data?
- Authorities in European countries using the EES such as border, visa and immigration authorities for the purpose of verifying your identity and understanding whether you should be allowed to enter or stay on the territory.
- Europol may also access your data for law enforcement purposes.
- Under strict conditions, your data may be transferred to another country (inside or outside the EU) or international organisation (listed in Annex I of Regulation (EU) 2017/2226 – a UN organisation, the International Organisation for Migration, or the International Committee of the Red Cross) for return (Article 41(1) and (2), and Article 42) and/or law enforcement purposes (Article 41(6)).
- Transport carriers will only be able to verify whether short-stay visa holders have already used the number of entries authorised by their visa and will not be able to access any further personal data.
How long does the EES keep your personal data?
Your data will only be kept in the system for the purposes for which it was collected and for the specific durations outlined in the table below:
Records of entries, exits and refusals of entry | 3 years Starting on the date on which they were created |
Individual files containing personal data | 3 years and 1 day Starting on the date of your last exit or of your refusal of entry (if you were not permitted to enter) |
If no exit has been recorded | 5 years Starting on the expiry date of your authorised stay. |
Records of entries and exits for non-EU nationals who:
Please check the FAQs section for practical examples. |
1 year Starting on the date of creation of the exit record. |
If no exit has been recorded and you:
|
Your data will not be kept. There is no calculation of the length of your authorised stay. |
After each time period expires, your data is automatically erased.
|
How is your data in the EES protected?
The data stored in the EES is protected against abuse and access to it is restricted to specific staff within national authorities.
Your data cannot be transferred to third parties – whether public or private entities – except in certain cases. See Who can access your personal data.
All data processing is performed by the European countries using the EES.
The EU Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security, and Justice (eu-LISA) will ensure that the EES is operated in accordance with the applicable legislation.
Strong safeguards are in place for the effective protection of your personal data rights:
- as a non-EU national to which the EES applies, you have the right to request access to your data, or to request the rectification, completion or deletion of data relating to you in the EES.
- the EES is supervised by both the European Data Protection Supervisor and independent national supervisory authorities in every participating country;
- the EES has been developed in accordance with the principles of data protection by design and by default;
- full compliance with fundamental rights and data protection rules requires technology and information systems to be well designed and correctly used.
How to check your remaining days in the European countries using the EES and what happens if you overstay?
You have the right to receive information from passport control officers on the maximum remaining duration of your authorised stay. You can also consult the online tool or via the equipment installed at some border crossing points.
If you stay longer than permitted, you will be identified as an ‘overstayer’ and your data will automatically be added to a list. Authorities such as passport control officers, immigration officers and staff issuing visas have access to this list.
If you are added to the list of overstayers, other consequences can apply depending on national legislation in place in the respective European country using the EES (e.g. you may be removed from the territory; you may be subject to administrative fines or detention; you may be prevented from re-entering the EU in the future.)
If, as an overstayer, you provide credible evidence to the competent authorities, such as border authorities or immigration authorities, that you exceeded the authorised duration due to unforeseeable or mitigating circumstances (e.g. hospitalisation due to a serious injury), your data can be amended in the system and you can be removed from the list.
The calculation of the duration of the authorised stay and the generation of alerts to European countries using the EES when the authorised stay has expired do not apply to non-EU nationals who are family members of EU, EEA or Swiss nationals who travel to a state other than the state of their nationality, or already reside there, and are accompanying or joining the EU, EEA or Swiss national.
What rights do you have as regards to your personal data?
You have the right to:
- Request from the controller access to data relating to you
- Request that inaccurate or incomplete data is corrected
- Request that unlawfully processed personal data that concern you is erased and/or request that specific data are not processed
To exercise any of these rights, you must contact a data controller (e.g. the entity responsible for processing your data) or data protection officer in any of the European countries using the EES, preferably the ones to which you travelled.
You can find the relevant contact details for the European countries using the EES.
How can you make a complaint about your data?
Lodging a complaint means that you submit a formal request for a new assessment of your data protection rights, for instance, if your query to the data controller to access, delete or amend your data is refused.
You can lodge a complaint with:
- the supervisory authority of the European country using the EES in charge of processing your data (e.g. if you believe that the country has recorded your data incorrectly)
- the European Data Protection Supervisor for matters related to data processing by European Agencies, for example:
- Frontex: the European Border and Coast Guard Agency hosting the central unit operating the European Travel Information and Authorisation System (ETIAS) relevant for the visa-exempt non-EU nationals
- EU Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA): the European Union’s Agency that, through technology, supports EU countries’ efforts for a safer Europe
- Europol: the European Union’s Law Enforcement Agency aiming to achieve a safer Europe for the benefit of all citizens.
Footnote:
The shared Biometric Matching Service (sBMS) will store biometric templates (which are a mathematical representation of the biometric data stored in the Visa Information System, the EES and other EU information systems) enabling searches with biometric data. The EES will use the sBMS for its interoperability with the VIS.
Source – Official Travel Europe website