The European Commission proposed new rules on Monday (Dec 13) to strengthen the use of Advance Passenger Information (API) data.
Information on travelers has helped to improve border controls, reduce irregular migration, and identify persons posing security risks. Every year, over a billion passengers, enter, leave or travel within the EU. The new rules will improve the use of API data to perform checks on passengers prior to their arrival at the external borders. The new rules will also enhance the fight against serious crime and terrorism within the EU. This will close an important gap in the current legal framework while upholding EU standards for data protection and transmission.
The new rules on API will introduce:
- Uniform rules on API data collection. The new rules include a closed list of API data elements, the means to collect API data, and a single point for the transfer of the data.
- Mandatory API data collection for the purposes of border management and combating irregular immigration on all flights entering the Schengen area. This will facilitate the travel of people traveling to the Schengen area, with reduced times at disembarkation and at the physical border checks. Mandatory API data collection for law enforcement purposes for all flights to and from the EU, as well as on selected flights within the EU. API data for such purposes is collected in full respect of EU personal data protection rules.
- Better quality API data, as air carriers will have to collect API data by automated means only.
- Streamlined transmission of API data by air carriers to national authorities through a new router, which will be managed by an EU Agency, eu-LISA. This technical solution is compliant with personal data protection safeguards as it will only transmit and not store any API data.
Next steps
It is now for the European Parliament and the Council to examine the proposal. Once adopted, the rules will be directly applicable across the EU. These proposals complete other EU systems and initiatives in the area of border management and security, and that is being rolled out in the course of 2023 (such as the Entry Exit System and the European Travel Information Authorisation System). The new rules on the collection and transfer of API data are expected to be applied in full as of 2028. Once the router is developed, which is expected to be the case by 2026, public authorities and air carriers will have two years to adjust to the new requirements and test the router, before it becomes mandatory.
