The Commission welcomes today's political agreement between the European Parliament and the Council on the two Regulations on Advance Passenger Information (API), which upgrades the EU's 20-year-old legislative framework.
Over a billion passengers enter, leave or travel within the EU every year. The increase in the volume of travel showed the need to harmonise the way API data is collected and shared throughout the EU. The new rules will make the data available more efficiently for border and law enforcement authorities, in full respect of EU data protection standards. It will strengthen the prevention, detection, investigation and prosecution of terrorist offences and serious crime, particularly on travels within the EU.
The Regulations will cover flights within, into and from the EU. In particular, the rules will introduce:
- Uniform requirements for the collection of API data by carriers, setting a mandatory list of API data to be collected by air carriers from passengers on all flights to from and within the EU.
- Increased quality API data: air carriers will have to collect data from passengers (family and first name, date of birth, nationality, etc.) using automated means, with manual insertions of the data in exceptional cases. This will increase the efficiency and reliability of the data collection.
- Mandatory transfer of data to Member States: This will facilitate travel to the Schengen area, as it will reduce the time spent at disembarkation and at the physical border checks and will strengthen the fight against terrorism and serious crime within the EU.
- More efficient transfer of data by air carriers to Member States, in full compliance with EU data protection rules: A router managed by eu-LISA will replace the current system of multiple connections between air carriers and national authorities. In addition to the transfers of API data through the router included in the Commission's initial proposals, co-legislators agreed to extend the use of the router to the transfers of Passenger name record (PNR) data. This technical solution is compliant with personal data protection safeguards.
Next steps
The Regulations must now be formally adopted by the European Parliament and the Council before they enter into force, which will happen 20 days after publication in the Official Journal of the EU.
Background
API data is information on passengers which is contained in travel documents and is collected by air carriers during check-in. It is complemented with travel route information. This data contains information which allows to confirm the identity of passengers. The processing of API data provides a tool for border and law enforcement authorities to conduct advance checks of air travellers, so that more resources and time can be allocated to identify travellers to identify high-risk travellers and to confirm the travel pattern of suspected individuals.
In the EU, the API Directive (2004) imposes obligations on air carriers to transmit, upon request, API data to the EU Member State of destination prior to the flight's take-off. This concerns inbound flights from a third country and aims to improve border control and fight irregular migration.
The revision of the Directive was announced in the Commission Work Programme 2022 and the June 2021 Schengen Communication. The two new Regulations will replace the 2004 Advance Passenger Information Directive, based on the results of the evaluation carried out in 2020.