European rules on the sharing of air passenger data are about to change. The Council of the European Union has given the go-ahead for two new regulations designed to strengthen border security and bolster the bloc against terrorism and serious crime.
Under the new protocol for the collection and transfer of advanced passenger information (API), airlines must transmit passenger data – including travel document data, flight details and baggage information – to the authorities before passengers reach the EU’s external borders. In this way, authorities can conduct advance checks, assess potential security risks and manage them effectively. It is a process intended to allow for smoother border checks and ensure that any necessary action is taken ahead of time to secure the EU’s external borders.
Getting rid of security “blind spots”
The measures will support the prevention, detection and prosecution of terrorism and serious crime, lawmakers and authorities say. This will be achieved by linking API data with passenger name records or “PNR” data, allowing authorities to track criminal activities and prevent the movement of criminals and terrorists across EU borders.
Welcoming the news, Sándor Pintér, Hungarian Minister for Home Affairs, said, “ We cannot afford any blind spots about air passengers arriving in the EU. Thanks to the two laws adopted today, law enforcement authorities and border guards will get more accurate and timely advance information about everyone on EU-bound flights.”
In addition to the new rules on data sharing, a centralised system (router) for data transmission will be established to ensure more accurate data sharing and reduce administrative burden. Airlines will be required to use automated systems to send the API data, with a transitional period for manual data collection if needed.
Why is advanced data sharing necessary?
In 2019, over half a billion air passengers entered or left the EU, highlighting the importance of air travel in the fight against cross-border crime and terrorism, according to authorities who say air travel is increasingly being used by criminals and terrorists. The rules ensuring timely access to passenger data are crucial, they say, for maintaining security. “These regulations address gaps in existing laws, establishing more uniform practices for the collection and processing of API and PNR data,” a press release said.
Next steps
The new regulations enter into force 20 days after their formal publication in the Official Journal of the European Union. The adoption on 12 December 2024 replaced the 2004 Advance Passenger Information Directive. As a first step, EU-LISA (the EU agency overseeing IT systems in the area of security and justice), member states and the Commission will undertake the necessary steps to prepare the router for operation.