BETA


2022/0424(COD) Collection and transfer of advance passenger information for enhancing and facilitating external border controls

Progress: Awaiting Council's 1st reading position

RoleCommitteeRapporteurShadows
Lead LIBE OETJEN Jan-Christoph (icon: Renew Renew) LENAERS Jeroen (icon: EPP EPP), KALJURAND Marina (icon: S&D S&D), STRIK Tineke (icon: Verts/ALE Verts/ALE), KANKO Assita (icon: ECR ECR), FEST Nicolaus (icon: ID ID), GUSMÃO José (icon: GUE/NGL GUE/NGL)
Committee Opinion BUDG
Committee Opinion TRAN OETJEN Jan-Christoph (icon: Renew Renew) Marian-Jean MARINESCU (icon: PPE PPE), Josianne CUTAJAR (icon: S&D S&D), Clare DALY (icon: GUE/NGL GUE/NGL)
Lead committee dossier:
Legal Basis:
TFEU 077-p2, TFEU 079-p2

Events

2024/08/08
   EC - Commission response to text adopted in plenary
Documents
2024/04/25
   EP - Results of vote in Parliament
2024/04/25
   EP - Decision by Parliament, 1st reading
Details

The European Parliament adopted by 492 votes to 33, with 10 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information (API) for enhancing and facilitating external border controls, amending Regulation (EU) 2019/817 and Regulation (EU) 2018/1726, and repealing Council Directive 2004/82/EC.

The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:

Subject matter

To enhance and facilitate the effectiveness and efficiency of border checks at external borders and of combating illegal immigration, this Regulation lays down the rules on: (a) the collection by air carriers of advance passenger information; (b) the transfer by air carriers to the router of the API data; (c) the transmission from the router to the competent border authorities of the API data. The Regulation should also apply to air carriers conducting flights into the Union.

Collection and transfer of API data

Air carriers should collect API data of each passenger on flights to the EU to be transferred to the router. The API data should consist only of the following data relating to each passenger on the flight : the surname, the date of birth, sex and nationality; the type and number of the travel document and the three-letter code of the issuing country of the travel document; the number identifying a passenger name record used by an air carrier to locate a passenger within its information system (PNR record locator); seating and baggage information.

In addition, air carriers should collect certain flight information, such as the flight identification number, airport code, departure and arrival times and the air carrier's contact details.

Where air carriers provide an online check-in process, they should enable passengers to provide API data by automated means during this online check-in process. For passengers that do not check-in online, air carriers should enable those passengers to provide those API data by automated means during check-in at the airport with the assistance of a self-service kiosk or of airline staff at the counter.

During a transitional period, air carriers should provide the possibility to passengers to provide API data manually as part of the online check-in. Air carriers should transfer the API data: (a) per passenger at the moment of check-in, but not earlier than 48 hours prior to the scheduled departure time, and: (b) for all boarded passengers immediately after flight closure.

Any processing of API data and, in particular, of API data constituting personal data must remain strictly limited to what is necessary and proportionate to achieve the objectives pursued by the Regulation. Furthermore, the processing of API data collected and transferred under the Regulation must not lead to any form of discrimination prohibited by the Charter of Fundamental Rights of the European Union. Particular attention must be paid to children, the elderly, people with disabilities and vulnerable persons.

Where an air carrier becomes aware that the data that it stores under this Regulation was processed unlawfully, or that the data does not constitute API data, it should immediately and permanently delete, that data.

The router

The European Union Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA) should design, develop, host and technically manage a router to facilitate the transfer of encrypted API data by air carriers to the competent border authorities.

The router should verify, in an automated manner and on the basis of real-time air traffic data, whether the air carrier has transferred the API data. Where the router has verified that the data has not been transferred by the air carrier, it should immediately and in an automated manner inform the air carrier concerned and the competent border authorities of the Member States to which the data was to be transferred. In this case, the air carrier should transfer the API data immediately.

Data protection

The air carriers should be controllers, within the meaning of the GDPR, for the processing of API data constituting personal data in relation to their collection of that data and their transfer thereof to the router under this Regulation. Each Member State should designate a competent authority as data controller and communicate those authorities to the Commission, eu-LISA and the other Member States.

Air carriers should provide passengers, on flights covered by this Regulation, with information on the purpose of the collection of their personal data, the type of personal data collected, the recipients of the personal data and the means to exercise the data subject rights.

Governance

No later than the date of entry into force of the Regulation, the Management Board of eu-LISA should establish a Programme Management Board consisting of ten members. The Programme Management Board should ensure the proper execution of eu-LISA's tasks relating to the design and development of the router. At the request of the Programme Management Board, eu-LISA should provide detailed and up-to-date information on the design and development of the router, including the resources allocated by eu-LISA.

Technical matters related to the usage and functioning of the router should be discussed in the API-PNR Contact Group where eu-LISA representatives should be also present.

Sanctions

Member States should ensure that a recurrent failure to transfer API data is subject to proportionate financial penalties of up to 2% of the air carrier's global turnover for the previous financial year. Failure to comply with the other obligations set out in the Regulation should be subject to proportionate penalties, including financial penalties.

Documents
2024/04/24
   EP - Debate in Parliament
2024/03/19
   EP - Approval in committee of the text agreed at 1st reading interinstitutional negotiations
2024/03/13
   CSL - Coreper letter confirming interinstitutional agreement
2023/12/13
   EP - Committee decision to enter into interinstitutional negotiations confirmed by plenary (Rule 71)
2023/12/11
   EP - Committee decision to enter into interinstitutional negotiations announced in plenary (Rule 71)
2023/12/07
   EP - Committee report tabled for plenary, 1st reading
Details

The Committee on Civil Liberties, Justice and Home Affairs adopted the report by Jan-Christoph OETJEN (Renew, DE) on the proposal for a regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information (API) for enhancing and facilitating external border controls, amending Regulation (EU) 2019/817 and Regulation (EU) 2018/1726, and repealing Council Directive 2004/82/EC.

The committee responsible recommended that the European Parliament's position adopted at first reading under the ordinary legislative procedure should amend the proposal as follows:

API data to be collected by air carriers

The amended text stated that air carriers should collect API data of passengers, consisting of the passenger data and the flight information, respectively, on the flights for the purpose of transferring that API data to the router. Where the flight is code-shared between one or more air carriers, the obligation to transfer the API data should be on the air carrier that operates the flight.

Means of collecting API data

The collection of API data should not include an obligation for air carriers to check the travel document at the moment of boarding the aircraft or an obligation for passengers to carry a travel document when travelling, without prejudice to acts of national law that are compatible with Union law. The collection of API data by automated means should not lead to the collection of any biometric data from the travel document.

Where air carriers provide an online check-in process, they should enable passengers to provide the API data during the online check-in process, using automated means .

Air carriers should ensure that API data is encrypted during the transmission of the data from the passenger to the air carriers.

Obligations on air carriers regarding transfers of API data

At the moment of check-in, air carriers should transfer the API data in accordance with this Regulation and relevant international standards. Air carriers should receive an acknowledgement of receipt of the transfer of the API data.

Processing of API data received

The competent border authorities should be prohibited from processing API data for the purposes of profiling under any circumstances.

Storage and deletion of API data

Members suggested that air carriers should store, for a time period of 24 hours (as opposed to the 48 hours proposed by the Commission) from the moment of departure of the flight, the API data relating to that passenger that they collected. They should immediately and permanently delete that API data after the expiry of that time period.

Air carriers or competent border authorities should immediately and permanently delete API data where they become aware that the API data collected was processed unlawfully or that the data transferred does not constitute API data.

Fundamental Rights

The collection and processing of personal data by air carriers and competent authorities should not result in discrimination against persons on the grounds of sex and gender, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age or sexual orientation.

The router

Members clarified the functioning of the router. It should allow for the reception and transmission of encrypted API data and automatically extract and make available the statistics to the central repository for reporting and statistics.

eu-LISA should design and develop the router in a way that any API data transferred from the air carriers to the router and any API data transmitted from the router to the competent border authorities and to the central repository for reporting and statistics are encrypted.

Information to passengers

Air carriers should provide passengers with information on the purpose of the collection of their personal data, the type of personal data collected, the recipients of the personal data and the means to exercise the data subject rights. This information should be communicated to passengers in writing and in an easily accessible format at the moment of booking and at the moment of check-in, irrespective of the means used to collect the personal data at the moment of check-in.

Costs of eu-LISA, the European Data Protection Supervisor, the national supervisory authorities and of Member States

Member underlined that the financial appropriation to the functioning of the router will determine its success, therefore eu-LISA should be provided with the necessary resources. In addition, in view of the expected increase in tasks for the EDPS and national data protection authorities, the report includes provisions regarding the coverage of cost costs incurred by them as well.

Penalties

Member States should ensure that a systematic or persistent failure to comply with obligations set out in this Regulation is subject to financial penalties of up to 2% of an air carrier's global turnover of the preceding business year.

API Expert Group

The committee called for an API Expert Group to be set up to facilitate cooperation and the exchange of information on obligations stemming from and issues relating to this Regulation among Member States, EU institutions and stakeholders.

The Group should be composed of representatives of the European Commission, Member States’ relevant authorities, the European Parliament and eu-LISA.

Monitoring and evaluation

Members considered that this Regulation should be subject to regular evaluations to ensure the monitoring of its effective application. In particular, the collection of API data should not be to the detriment of the travel experience of legitimate passengers. The overall regulatory burden for the aviation sector should be kept under close review.

Moreover, the report should assess the extent to which the objectives of the Regulation have been met and to which extent it has impacted the competitiveness of the sector.

Documents
2023/11/28
   EP - Vote in committee, 1st reading
2023/11/28
   EP - Committee decision to open interinstitutional negotiations with report adopted in committee
2023/09/15
   PT_PARLIAMENT - Contribution
Documents
2023/09/05
   EP - Amendments tabled in committee
Documents
2023/07/19
   EP - Committee opinion
Documents
2023/07/05
   EP - Committee draft report
Documents
2023/04/27
   ESC - Economic and Social Committee: opinion, report
Documents
2023/04/26
   NL_SENATE - Contribution
Documents
2023/03/28
   EP - OETJEN Jan-Christoph (Renew) appointed as rapporteur in LIBE
2023/03/23
   ES_PARLIAMENT - Contribution
Documents
2023/02/22
   EP - OETJEN Jan-Christoph (Renew) appointed as rapporteur in TRAN
2023/02/13
   EP - Committee referral announced in Parliament, 1st reading
2023/02/08
   EDPS - Document attached to the procedure
2022/12/14
   EC - Document attached to the procedure
2022/12/14
   EC - Document attached to the procedure
2022/12/14
   EC - Document attached to the procedure
2022/12/14
   EC - Document attached to the procedure
2022/12/13
   EC - Legislative proposal published
Details

PURPOSE: to present new rules on the collection and transfer of advance passenger information (API) to facilitate external border controls, combat illegal immigration and increase internal security.

PROPOSED ACT: Regulation of the European Union and of the Council.

ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.

BACKGROUND: Advance Passenger Information (API) is information on a passenger collected at check-in or at boarding. It includes information about the passenger and information about their flight. In 2019, the International Civil Aviation Organisation (ICAO) reported 4.5 billion passengers globally carried by air transport on scheduled services, with over half a billion passengers that enter or leave the EU every year. This puts a strain on the external air borders of the EU as all travellers, meaning non-EU nationals, and EU citizens crossing the external borders, should be effectively and systematically checked against the relevant databases. To ensure that checks can be performed efficiently on every air passenger, there is a need to speed up border controls at airports and ensure the facilitation of passenger flows while at the same time maintaining a high level of security.

The existing legal framework on API data, which consists of Council Directive 2004/82/EC and national law transposing that Directive, has proven important in improving border controls, notably by setting up a framework for Member States to introduce provisions for laying down obligations on air carriers to transfer API data on passengers transported into their territory. However, divergences remain at national level. In particular, API data is not systematically requested from air carriers and air carriers are faced with different requirements regarding the type of information to be collected and the conditions under which the API data needs to be transferred to competent border authorities. Those divergences lead not only to unnecessary costs and complications for the air carriers, but they are also prejudicial to ensuring effective and efficient pre-checks of persons arriving at external borders.

The existing legal framework should therefore be updated and replaced to ensure that the rules regarding the collection and transfer of API data for the purpose of enhancing and facilitating the effectiveness and efficiency of border checks at external borders and for combating illegal immigration are clear, harmonised and effective .

CONTENT: this proposed Regulation presents new rules on the collection and transfer of advance passenger information (API) to facilitate external border controls, combat illegal immigration and increase internal security. It lays down the rules on:

- the collection by air carriers of advance passenger information (‘API data’) on flights into the Union;

- the transfer by air carriers to the router of the API data;

- the transmission from the router to the competent border authorities of the API data.

It will apply to air carriers conducting scheduled or non-scheduled flights into the Union.

Overall, the proposal contains:

- provisions for the collection and transfer of API data, namely a clear set of rules for the collection of API data by air carriers, rules regarding the transfer of API data to the router, the processing of API data by competent border authorities, and the storage and deletion of API data by air carriers and those authorities;

- provisions for the transmission of API data through a central router which will act as the single point of reception and onward distribution of data, replacing the current system comprised of multiple connections between air carriers and national authorities. More specifically, it includes provisions describing the main features of the router, rules on the use of the router, the procedure for the transmission of API data from the router to the competent border authorities, deletion of API data from the router, the keeping of logs, and the procedures in case of a partial or full technical impossibility to use the router;

- specific provisions on the protection of personal data . More specifically, it specifies who the data controllers and data processor are for the processing of API data constituting personal data pursuant to this Regulation. It also sets out measures required from eu-LISA to ensure the security of data processing, in line with the provisions of Regulation (EU) 2018/1725. It sets out measures required from air carriers and competent border authorities to ensure their self-monitoring of compliance with the relevant provisions set out in this Regulation and rules on audits;

- specific issues relating to the router . It contains requirements on the connections to the router of competent border authorities and air carriers. It also sets out the tasks of eu-LISA relating to the design and development of, the hosting and technical management of, and other support tasks relating to, the router. It also contains provisions concerning the costs incurred by eu-LISA and Member States under this Regulation, in particular as regards Member States’ connections to and integration with the router. It also sets out provisions regarding liability for damage cause to the router, the start of operations of the router and the possibility of voluntary use of the router by air carriers subject to certain conditions;

- provisions on supervision, possible penalties applicable to air carriers for non-compliance of their obligations set out in this Regulation, rules relating to statistical reporting by eu-LISA, and on the preparation of a practical handbook by the Commission;

Budgetary implications

This proposal will have an impact on the budget and staff needs of eu-LISA and Member States’ competent border authorities.

For eu-LISA, it is estimated that an additional budget of around EUR 45 million (33 million under current MFF) to set-up the router and EUR 9 million per year from 2029 onwards for the technical management thereof, and that around 27 additional posts would be needed for to ensure that eu-LISA has the necessary resources to perform the tasks attributed to it in this proposed Regulation and in the proposed Regulation for the collection and transfer of API data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime.

For Member States, it is estimated that EUR 27 million (EUR 8 million under the current Multiannual Financial Framework) dedicated to upgrading the necessary national systems and infrastructures for border management authorities, and progressively up to EUR 5 million per year from 2028 onwards for the maintenance thereof, could be entitled for reimbursement by Border Management and Visa Instrument fund. Any such entitlement will ultimately have to be determined in accordance with the rules regulating those funds as well as the rules on costs contained in the proposed Regulation.

Documents

  • Commission response to text adopted in plenary: SP(2024)394
  • Results of vote in Parliament: Results of vote in Parliament
  • Decision by Parliament, 1st reading: T9-0376/2024
  • Debate in Parliament: Debate in Parliament
  • Approval in committee of the text agreed at 1st reading interinstitutional negotiations: GEDA/A/(2024)001541
  • Coreper letter confirming interinstitutional agreement: GEDA/A/(2024)001541
  • Committee report tabled for plenary, 1st reading: A9-0409/2023
  • Contribution: COM(2022)0729
  • Amendments tabled in committee: PE752.817
  • Committee opinion: PE746.927
  • Committee draft report: PE750.252
  • Economic and Social Committee: opinion, report: CES0256/2023
  • Contribution: COM(2022)0729
  • Contribution: COM(2022)0729
  • Document attached to the procedure: OJ C 084 07.03.2023, p. 0002
  • Document attached to the procedure: N9-0017/2023
  • Document attached to the procedure: EUR-Lex
  • Document attached to the procedure: SEC(2022)0444
  • Document attached to the procedure: EUR-Lex
  • Document attached to the procedure: SWD(2022)0421
  • Document attached to the procedure: EUR-Lex
  • Document attached to the procedure: SWD(2022)0422
  • Document attached to the procedure: EUR-Lex
  • Document attached to the procedure: SWD(2022)0423
  • Legislative proposal published: COM(2022)0729
  • Legislative proposal published: EUR-Lex
  • Document attached to the procedure: EUR-Lex SEC(2022)0444
  • Document attached to the procedure: EUR-Lex SWD(2022)0421
  • Document attached to the procedure: EUR-Lex SWD(2022)0422
  • Document attached to the procedure: EUR-Lex SWD(2022)0423
  • Document attached to the procedure: OJ C 084 07.03.2023, p. 0002 N9-0017/2023
  • Economic and Social Committee: opinion, report: CES0256/2023
  • Committee draft report: PE750.252
  • Committee opinion: PE746.927
  • Amendments tabled in committee: PE752.817
  • Coreper letter confirming interinstitutional agreement: GEDA/A/(2024)001541
  • Commission response to text adopted in plenary: SP(2024)394
  • Contribution: COM(2022)0729
  • Contribution: COM(2022)0729
  • Contribution: COM(2022)0729

Votes

A9-0409/2023 – Jan-Christoph Oetjen – Provisional agreement – Am 139 #

2024/04/25 Outcome: +: 492, -: 33, 0: 10
DE FR IT ES PL NL RO SE CZ BE AT BG HR SK FI HU DK LT IE PT EE LV SI LU EL MT
Total
84
67
40
51
42
24
18
19
21
18
14
12
12
12
12
10
11
9
12
14
7
8
6
6
5
1
icon: PPE PPE
134

Belgium PPE

2

Finland PPE

2

Denmark PPE

For (1)

1
3

Estonia PPE

For (1)

1

Luxembourg PPE

2
icon: S&D S&D
100

Czechia S&D

For (1)

1

Belgium S&D

1

Bulgaria S&D

3

Slovakia S&D

For (1)

1

Denmark S&D

2

Lithuania S&D

2

Estonia S&D

2

Latvia S&D

2

Luxembourg S&D

For (1)

1

Malta S&D

1
icon: Renew Renew
91

Poland Renew

1

Sweden Renew

2

Austria Renew

For (1)

1

Bulgaria Renew

2

Croatia Renew

For (1)

1

Finland Renew

3

Lithuania Renew

1

Ireland Renew

2

Estonia Renew

3

Latvia Renew

For (1)

1

Slovenia Renew

2

Luxembourg Renew

2

Greece Renew

1
icon: Verts/ALE Verts/ALE
60

Italy Verts/ALE

2

Spain Verts/ALE

2

Poland Verts/ALE

For (1)

1

Netherlands Verts/ALE

3

Sweden Verts/ALE

2

Czechia Verts/ALE

3

Belgium Verts/ALE

3

Austria Verts/ALE

2

Finland Verts/ALE

3

Denmark Verts/ALE

For (1)

1

Lithuania Verts/ALE

2

Ireland Verts/ALE

2

Portugal Verts/ALE

1

Luxembourg Verts/ALE

For (1)

1
icon: ECR ECR
48

Germany ECR

Abstain (1)

1

France ECR

For (1)

1

Netherlands ECR

2

Romania ECR

1

Bulgaria ECR

2

Croatia ECR

1

Slovakia ECR

For (1)

1

Finland ECR

1

Latvia ECR

For (1)

1
icon: ID ID
43

Czechia ID

For (1)

1

Belgium ID

Against (1)

3

Austria ID

2

Denmark ID

For (1)

1

Estonia ID

For (1)

1
icon: NI NI
32

Germany NI

For (1)

3

France NI

2

Spain NI

Abstain (1)

1

Netherlands NI

Against (1)

1

Romania NI

For (1)

1

Czechia NI

For (1)

1

Belgium NI

For (1)

1

Latvia NI

Against (1)

1

Greece NI

For (1)

Against (1)

3
icon: The Left The Left
27
4

France The Left

5

Sweden The Left

Against (1)

1

Czechia The Left

1

Belgium The Left

Against (1)

1

Finland The Left

Against (1)

1

Denmark The Left

Against (1)

1

Ireland The Left

Against (2)

4

Portugal The Left

3

Greece The Left

1
AmendmentsDossier
264 2022/0424(COD)
2023/06/08 TRAN 25 amendments...
source: 749.217
2023/09/06 LIBE 239 amendments...
source: 752.817

History

(these mark the time of scraping, not the official date of the change)

docs/10/docs/0/url
Old
/oeil/spdoc.do?i=60899&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0376_en.docx
docs/10/docs/0/url
Old
/oeil/spdoc.do?i=60899&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0376_en.docx
docs/10/docs/0/url
Old
/oeil/spdoc.do?i=60899&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0376_en.docx
docs/10/docs/0/url
Old
/oeil/spdoc.do?i=60899&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0376_en.docx
docs/10/docs/0/url
Old
/oeil/spdoc.do?i=60899&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0376_en.docx
docs/10/docs/0/url
Old
/oeil/spdoc.do?i=60899&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0376_en.docx
docs/10/docs/0/url
Old
/oeil/spdoc.do?i=60899&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0376_en.docx
docs/10/docs/0/url
Old
/oeil/spdoc.do?i=60899&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0376_en.docx
docs/10/docs/0/url
Old
/oeil/spdoc.do?i=60899&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0376_en.docx
docs/10/docs/0/url
Old
/oeil/spdoc.do?i=60899&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0376_en.docx
docs/10/docs/0/url
Old
/oeil/spdoc.do?i=60899&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0376_en.docx
docs/10/docs/0/url
Old
/oeil/spdoc.do?i=60899&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0376_en.docx
docs/10/docs/0/url
Old
/oeil/spdoc.do?i=60899&j=0&l=en
New
https://data.europarl.europa.eu/distribution/doc/SP-2024-394-TA-9-2024-0376_en.docx
docs/10/docs/0/url
Old
/oeil/spdoc.do?i=60899&j=0&l=en
New
nulldistribution/doc/SP-2024-394-TA-9-2024-0376_en.docx
docs/4/docs/0/url
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2023:084:TOC
New
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=07030202
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
links
Research document
docs/4/docs/0/url
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2023:084:TOC
New
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=07030202
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
links
Research document
docs/4/docs/0/url
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2023:084:TOC
New
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=07030202
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
links
Research document
docs/4/docs/0/url
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2023:084:TOC
New
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=07030202
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/4/docs/0/url
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2023:084:TOC
New
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=07030202
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/4/docs/0/url
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2023:084:TOC
New
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=07030202
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/4/docs/0/url
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2023:084:TOC
New
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=07030202
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/4/docs/0/url
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2023:084:TOC
New
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=07030202
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/4/docs/0/url
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2023:084:TOC
New
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=07030202
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/4/docs/0/url
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2023:084:TOC
New
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=07030202
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/4/docs/0/url
Old
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2023:084:TOC
New
https://eur-lex.europa.eu/oj/daily-view/L-series/default.html?&ojDate=07030202
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/4
date
2023-02-08T00:00:00
docs
type
Document attached to the procedure
body
EDPS
docs/4
date
2023-02-08T00:00:00
docs
type
Document attached to the procedure
body
EDPS
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/4
date
2023-02-08T00:00:00
docs
type
Document attached to the procedure
body
EDPS
docs/4
date
2023-02-08T00:00:00
docs
type
Document attached to the procedure
body
EDPS
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/4
date
2023-02-08T00:00:00
docs
type
Document attached to the procedure
body
EDPS
docs/4
date
2023-02-08T00:00:00
docs
type
Document attached to the procedure
body
EDPS
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/4
date
2023-02-08T00:00:00
docs
type
Document attached to the procedure
body
EDPS
docs/4
date
2023-02-08T00:00:00
docs
type
Document attached to the procedure
body
EDPS
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/10
date
2024-08-08T00:00:00
docs
url: /oeil/spdoc.do?i=60899&j=0&l=en title: SP(2024)394
type
Commission response to text adopted in plenary
body
EC
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
events/9
date
2024-04-25T00:00:00
type
Results of vote in Parliament
body
EP
docs
url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=60899&l=en title: Results of vote in Parliament
docs/10
date
2024-04-25T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0376_EN.html title: T9-0376/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/9/summary
  • The European Parliament adopted by 492 votes to 33, with 10 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information (API) for enhancing and facilitating external border controls, amending Regulation (EU) 2019/817 and Regulation (EU) 2018/1726, and repealing Council Directive 2004/82/EC.
  • The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:
  • Subject matter
  • To enhance and facilitate the effectiveness and efficiency of border checks at external borders and of combating illegal immigration, this Regulation lays down the rules on: (a) the collection by air carriers of advance passenger information; (b) the transfer by air carriers to the router of the API data; (c) the transmission from the router to the competent border authorities of the API data. The Regulation should also apply to air carriers conducting flights into the Union.
  • Collection and transfer of API data
  • Air carriers should collect API data of each passenger on flights to the EU to be transferred to the router. The API data should consist only of the following data relating to each passenger on the flight : the surname, the date of birth, sex and nationality; the type and number of the travel document and the three-letter code of the issuing country of the travel document; the number identifying a passenger name record used by an air carrier to locate a passenger within its information system (PNR record locator); seating and baggage information.
  • In addition, air carriers should collect certain flight information, such as the flight identification number, airport code, departure and arrival times and the air carrier's contact details.
  • Where air carriers provide an online check-in process, they should enable passengers to provide API data by automated means during this online check-in process. For passengers that do not check-in online, air carriers should enable those passengers to provide those API data by automated means during check-in at the airport with the assistance of a self-service kiosk or of airline staff at the counter.
  • During a transitional period, air carriers should provide the possibility to passengers to provide API data manually as part of the online check-in. Air carriers should transfer the API data: (a) per passenger at the moment of check-in, but not earlier than 48 hours prior to the scheduled departure time, and: (b) for all boarded passengers immediately after flight closure.
  • Any processing of API data and, in particular, of API data constituting personal data must remain strictly limited to what is necessary and proportionate to achieve the objectives pursued by the Regulation. Furthermore, the processing of API data collected and transferred under the Regulation must not lead to any form of discrimination prohibited by the Charter of Fundamental Rights of the European Union. Particular attention must be paid to children, the elderly, people with disabilities and vulnerable persons.
  • Where an air carrier becomes aware that the data that it stores under this Regulation was processed unlawfully, or that the data does not constitute API data, it should immediately and permanently delete, that data.
  • The router
  • The European Union Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA) should design, develop, host and technically manage a router to facilitate the transfer of encrypted API data by air carriers to the competent border authorities.
  • The router should verify, in an automated manner and on the basis of real-time air traffic data, whether the air carrier has transferred the API data. Where the router has verified that the data has not been transferred by the air carrier, it should immediately and in an automated manner inform the air carrier concerned and the competent border authorities of the Member States to which the data was to be transferred. In this case, the air carrier should transfer the API data immediately.
  • Data protection
  • The air carriers should be controllers, within the meaning of the GDPR, for the processing of API data constituting personal data in relation to their collection of that data and their transfer thereof to the router under this Regulation. Each Member State should designate a competent authority as data controller and communicate those authorities to the Commission, eu-LISA and the other Member States.
  • Air carriers should provide passengers, on flights covered by this Regulation, with information on the purpose of the collection of their personal data, the type of personal data collected, the recipients of the personal data and the means to exercise the data subject rights.
  • Governance
  • No later than the date of entry into force of the Regulation, the Management Board of eu-LISA should establish a Programme Management Board consisting of ten members. The Programme Management Board should ensure the proper execution of eu-LISA's tasks relating to the design and development of the router. At the request of the Programme Management Board, eu-LISA should provide detailed and up-to-date information on the design and development of the router, including the resources allocated by eu-LISA.
  • Technical matters related to the usage and functioning of the router should be discussed in the API-PNR Contact Group where eu-LISA representatives should be also present.
  • Sanctions
  • Member States should ensure that a recurrent failure to transfer API data is subject to proportionate financial penalties of up to 2% of the air carrier's global turnover for the previous financial year. Failure to comply with the other obligations set out in the Regulation should be subject to proportionate penalties, including financial penalties.
docs/10
date
2024-04-25T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0376_EN.html title: T9-0376/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/9/summary
  • The European Parliament adopted by 492 votes to 33, with 10 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information (API) for enhancing and facilitating external border controls, amending Regulation (EU) 2019/817 and Regulation (EU) 2018/1726, and repealing Council Directive 2004/82/EC.
  • The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:
  • Subject matter
  • To enhance and facilitate the effectiveness and efficiency of border checks at external borders and of combating illegal immigration, this Regulation lays down the rules on: (a) the collection by air carriers of advance passenger information; (b) the transfer by air carriers to the router of the API data; (c) the transmission from the router to the competent border authorities of the API data. The Regulation should also apply to air carriers conducting flights into the Union.
  • Collection and transfer of API data
  • Air carriers should collect API data of each passenger on flights to the EU to be transferred to the router. The API data should consist only of the following data relating to each passenger on the flight : the surname, the date of birth, sex and nationality; the type and number of the travel document and the three-letter code of the issuing country of the travel document; the number identifying a passenger name record used by an air carrier to locate a passenger within its information system (PNR record locator); seating and baggage information.
  • In addition, air carriers should collect certain flight information, such as the flight identification number, airport code, departure and arrival times and the air carrier's contact details.
  • Where air carriers provide an online check-in process, they should enable passengers to provide API data by automated means during this online check-in process. For passengers that do not check-in online, air carriers should enable those passengers to provide those API data by automated means during check-in at the airport with the assistance of a self-service kiosk or of airline staff at the counter.
  • During a transitional period, air carriers should provide the possibility to passengers to provide API data manually as part of the online check-in. Air carriers should transfer the API data: (a) per passenger at the moment of check-in, but not earlier than 48 hours prior to the scheduled departure time, and: (b) for all boarded passengers immediately after flight closure.
  • Any processing of API data and, in particular, of API data constituting personal data must remain strictly limited to what is necessary and proportionate to achieve the objectives pursued by the Regulation. Furthermore, the processing of API data collected and transferred under the Regulation must not lead to any form of discrimination prohibited by the Charter of Fundamental Rights of the European Union. Particular attention must be paid to children, the elderly, people with disabilities and vulnerable persons.
  • Where an air carrier becomes aware that the data that it stores under this Regulation was processed unlawfully, or that the data does not constitute API data, it should immediately and permanently delete, that data.
  • The router
  • The European Union Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA) should design, develop, host and technically manage a router to facilitate the transfer of encrypted API data by air carriers to the competent border authorities.
  • The router should verify, in an automated manner and on the basis of real-time air traffic data, whether the air carrier has transferred the API data. Where the router has verified that the data has not been transferred by the air carrier, it should immediately and in an automated manner inform the air carrier concerned and the competent border authorities of the Member States to which the data was to be transferred. In this case, the air carrier should transfer the API data immediately.
  • Data protection
  • The air carriers should be controllers, within the meaning of the GDPR, for the processing of API data constituting personal data in relation to their collection of that data and their transfer thereof to the router under this Regulation. Each Member State should designate a competent authority as data controller and communicate those authorities to the Commission, eu-LISA and the other Member States.
  • Air carriers should provide passengers, on flights covered by this Regulation, with information on the purpose of the collection of their personal data, the type of personal data collected, the recipients of the personal data and the means to exercise the data subject rights.
  • Governance
  • No later than the date of entry into force of the Regulation, the Management Board of eu-LISA should establish a Programme Management Board consisting of ten members. The Programme Management Board should ensure the proper execution of eu-LISA's tasks relating to the design and development of the router. At the request of the Programme Management Board, eu-LISA should provide detailed and up-to-date information on the design and development of the router, including the resources allocated by eu-LISA.
  • Technical matters related to the usage and functioning of the router should be discussed in the API-PNR Contact Group where eu-LISA representatives should be also present.
  • Sanctions
  • Member States should ensure that a recurrent failure to transfer API data is subject to proportionate financial penalties of up to 2% of the air carrier's global turnover for the previous financial year. Failure to comply with the other obligations set out in the Regulation should be subject to proportionate penalties, including financial penalties.
docs/10
date
2024-04-25T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0376_EN.html title: T9-0376/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/9/summary
  • The European Parliament adopted by 492 votes to 33, with 10 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information (API) for enhancing and facilitating external border controls, amending Regulation (EU) 2019/817 and Regulation (EU) 2018/1726, and repealing Council Directive 2004/82/EC.
  • The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:
  • Subject matter
  • To enhance and facilitate the effectiveness and efficiency of border checks at external borders and of combating illegal immigration, this Regulation lays down the rules on: (a) the collection by air carriers of advance passenger information; (b) the transfer by air carriers to the router of the API data; (c) the transmission from the router to the competent border authorities of the API data. The Regulation should also apply to air carriers conducting flights into the Union.
  • Collection and transfer of API data
  • Air carriers should collect API data of each passenger on flights to the EU to be transferred to the router. The API data should consist only of the following data relating to each passenger on the flight : the surname, the date of birth, sex and nationality; the type and number of the travel document and the three-letter code of the issuing country of the travel document; the number identifying a passenger name record used by an air carrier to locate a passenger within its information system (PNR record locator); seating and baggage information.
  • In addition, air carriers should collect certain flight information, such as the flight identification number, airport code, departure and arrival times and the air carrier's contact details.
  • Where air carriers provide an online check-in process, they should enable passengers to provide API data by automated means during this online check-in process. For passengers that do not check-in online, air carriers should enable those passengers to provide those API data by automated means during check-in at the airport with the assistance of a self-service kiosk or of airline staff at the counter.
  • During a transitional period, air carriers should provide the possibility to passengers to provide API data manually as part of the online check-in. Air carriers should transfer the API data: (a) per passenger at the moment of check-in, but not earlier than 48 hours prior to the scheduled departure time, and: (b) for all boarded passengers immediately after flight closure.
  • Any processing of API data and, in particular, of API data constituting personal data must remain strictly limited to what is necessary and proportionate to achieve the objectives pursued by the Regulation. Furthermore, the processing of API data collected and transferred under the Regulation must not lead to any form of discrimination prohibited by the Charter of Fundamental Rights of the European Union. Particular attention must be paid to children, the elderly, people with disabilities and vulnerable persons.
  • Where an air carrier becomes aware that the data that it stores under this Regulation was processed unlawfully, or that the data does not constitute API data, it should immediately and permanently delete, that data.
  • The router
  • The European Union Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA) should design, develop, host and technically manage a router to facilitate the transfer of encrypted API data by air carriers to the competent border authorities.
  • The router should verify, in an automated manner and on the basis of real-time air traffic data, whether the air carrier has transferred the API data. Where the router has verified that the data has not been transferred by the air carrier, it should immediately and in an automated manner inform the air carrier concerned and the competent border authorities of the Member States to which the data was to be transferred. In this case, the air carrier should transfer the API data immediately.
  • Data protection
  • The air carriers should be controllers, within the meaning of the GDPR, for the processing of API data constituting personal data in relation to their collection of that data and their transfer thereof to the router under this Regulation. Each Member State should designate a competent authority as data controller and communicate those authorities to the Commission, eu-LISA and the other Member States.
  • Air carriers should provide passengers, on flights covered by this Regulation, with information on the purpose of the collection of their personal data, the type of personal data collected, the recipients of the personal data and the means to exercise the data subject rights.
  • Governance
  • No later than the date of entry into force of the Regulation, the Management Board of eu-LISA should establish a Programme Management Board consisting of ten members. The Programme Management Board should ensure the proper execution of eu-LISA's tasks relating to the design and development of the router. At the request of the Programme Management Board, eu-LISA should provide detailed and up-to-date information on the design and development of the router, including the resources allocated by eu-LISA.
  • Technical matters related to the usage and functioning of the router should be discussed in the API-PNR Contact Group where eu-LISA representatives should be also present.
  • Sanctions
  • Member States should ensure that a recurrent failure to transfer API data is subject to proportionate financial penalties of up to 2% of the air carrier's global turnover for the previous financial year. Failure to comply with the other obligations set out in the Regulation should be subject to proportionate penalties, including financial penalties.
docs/10
date
2024-04-25T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0376_EN.html title: T9-0376/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/9/summary
  • The European Parliament adopted by 492 votes to 33, with 10 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information (API) for enhancing and facilitating external border controls, amending Regulation (EU) 2019/817 and Regulation (EU) 2018/1726, and repealing Council Directive 2004/82/EC.
  • The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:
  • Subject matter
  • To enhance and facilitate the effectiveness and efficiency of border checks at external borders and of combating illegal immigration, this Regulation lays down the rules on: (a) the collection by air carriers of advance passenger information; (b) the transfer by air carriers to the router of the API data; (c) the transmission from the router to the competent border authorities of the API data. The Regulation should also apply to air carriers conducting flights into the Union.
  • Collection and transfer of API data
  • Air carriers should collect API data of each passenger on flights to the EU to be transferred to the router. The API data should consist only of the following data relating to each passenger on the flight : the surname, the date of birth, sex and nationality; the type and number of the travel document and the three-letter code of the issuing country of the travel document; the number identifying a passenger name record used by an air carrier to locate a passenger within its information system (PNR record locator); seating and baggage information.
  • In addition, air carriers should collect certain flight information, such as the flight identification number, airport code, departure and arrival times and the air carrier's contact details.
  • Where air carriers provide an online check-in process, they should enable passengers to provide API data by automated means during this online check-in process. For passengers that do not check-in online, air carriers should enable those passengers to provide those API data by automated means during check-in at the airport with the assistance of a self-service kiosk or of airline staff at the counter.
  • During a transitional period, air carriers should provide the possibility to passengers to provide API data manually as part of the online check-in. Air carriers should transfer the API data: (a) per passenger at the moment of check-in, but not earlier than 48 hours prior to the scheduled departure time, and: (b) for all boarded passengers immediately after flight closure.
  • Any processing of API data and, in particular, of API data constituting personal data must remain strictly limited to what is necessary and proportionate to achieve the objectives pursued by the Regulation. Furthermore, the processing of API data collected and transferred under the Regulation must not lead to any form of discrimination prohibited by the Charter of Fundamental Rights of the European Union. Particular attention must be paid to children, the elderly, people with disabilities and vulnerable persons.
  • Where an air carrier becomes aware that the data that it stores under this Regulation was processed unlawfully, or that the data does not constitute API data, it should immediately and permanently delete, that data.
  • The router
  • The European Union Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA) should design, develop, host and technically manage a router to facilitate the transfer of encrypted API data by air carriers to the competent border authorities.
  • The router should verify, in an automated manner and on the basis of real-time air traffic data, whether the air carrier has transferred the API data. Where the router has verified that the data has not been transferred by the air carrier, it should immediately and in an automated manner inform the air carrier concerned and the competent border authorities of the Member States to which the data was to be transferred. In this case, the air carrier should transfer the API data immediately.
  • Data protection
  • The air carriers should be controllers, within the meaning of the GDPR, for the processing of API data constituting personal data in relation to their collection of that data and their transfer thereof to the router under this Regulation. Each Member State should designate a competent authority as data controller and communicate those authorities to the Commission, eu-LISA and the other Member States.
  • Air carriers should provide passengers, on flights covered by this Regulation, with information on the purpose of the collection of their personal data, the type of personal data collected, the recipients of the personal data and the means to exercise the data subject rights.
  • Governance
  • No later than the date of entry into force of the Regulation, the Management Board of eu-LISA should establish a Programme Management Board consisting of ten members. The Programme Management Board should ensure the proper execution of eu-LISA's tasks relating to the design and development of the router. At the request of the Programme Management Board, eu-LISA should provide detailed and up-to-date information on the design and development of the router, including the resources allocated by eu-LISA.
  • Technical matters related to the usage and functioning of the router should be discussed in the API-PNR Contact Group where eu-LISA representatives should be also present.
  • Sanctions
  • Member States should ensure that a recurrent failure to transfer API data is subject to proportionate financial penalties of up to 2% of the air carrier's global turnover for the previous financial year. Failure to comply with the other obligations set out in the Regulation should be subject to proportionate penalties, including financial penalties.
docs/10
date
2024-04-25T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0376_EN.html title: T9-0376/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/9/summary
  • The European Parliament adopted by 492 votes to 33, with 10 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information (API) for enhancing and facilitating external border controls, amending Regulation (EU) 2019/817 and Regulation (EU) 2018/1726, and repealing Council Directive 2004/82/EC.
  • The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:
  • Subject matter
  • To enhance and facilitate the effectiveness and efficiency of border checks at external borders and of combating illegal immigration, this Regulation lays down the rules on: (a) the collection by air carriers of advance passenger information; (b) the transfer by air carriers to the router of the API data; (c) the transmission from the router to the competent border authorities of the API data. The Regulation should also apply to air carriers conducting flights into the Union.
  • Collection and transfer of API data
  • Air carriers should collect API data of each passenger on flights to the EU to be transferred to the router. The API data should consist only of the following data relating to each passenger on the flight : the surname, the date of birth, sex and nationality; the type and number of the travel document and the three-letter code of the issuing country of the travel document; the number identifying a passenger name record used by an air carrier to locate a passenger within its information system (PNR record locator); seating and baggage information.
  • In addition, air carriers should collect certain flight information, such as the flight identification number, airport code, departure and arrival times and the air carrier's contact details.
  • Where air carriers provide an online check-in process, they should enable passengers to provide API data by automated means during this online check-in process. For passengers that do not check-in online, air carriers should enable those passengers to provide those API data by automated means during check-in at the airport with the assistance of a self-service kiosk or of airline staff at the counter.
  • During a transitional period, air carriers should provide the possibility to passengers to provide API data manually as part of the online check-in. Air carriers should transfer the API data: (a) per passenger at the moment of check-in, but not earlier than 48 hours prior to the scheduled departure time, and: (b) for all boarded passengers immediately after flight closure.
  • Any processing of API data and, in particular, of API data constituting personal data must remain strictly limited to what is necessary and proportionate to achieve the objectives pursued by the Regulation. Furthermore, the processing of API data collected and transferred under the Regulation must not lead to any form of discrimination prohibited by the Charter of Fundamental Rights of the European Union. Particular attention must be paid to children, the elderly, people with disabilities and vulnerable persons.
  • Where an air carrier becomes aware that the data that it stores under this Regulation was processed unlawfully, or that the data does not constitute API data, it should immediately and permanently delete, that data.
  • The router
  • The European Union Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA) should design, develop, host and technically manage a router to facilitate the transfer of encrypted API data by air carriers to the competent border authorities.
  • The router should verify, in an automated manner and on the basis of real-time air traffic data, whether the air carrier has transferred the API data. Where the router has verified that the data has not been transferred by the air carrier, it should immediately and in an automated manner inform the air carrier concerned and the competent border authorities of the Member States to which the data was to be transferred. In this case, the air carrier should transfer the API data immediately.
  • Data protection
  • The air carriers should be controllers, within the meaning of the GDPR, for the processing of API data constituting personal data in relation to their collection of that data and their transfer thereof to the router under this Regulation. Each Member State should designate a competent authority as data controller and communicate those authorities to the Commission, eu-LISA and the other Member States.
  • Air carriers should provide passengers, on flights covered by this Regulation, with information on the purpose of the collection of their personal data, the type of personal data collected, the recipients of the personal data and the means to exercise the data subject rights.
  • Governance
  • No later than the date of entry into force of the Regulation, the Management Board of eu-LISA should establish a Programme Management Board consisting of ten members. The Programme Management Board should ensure the proper execution of eu-LISA's tasks relating to the design and development of the router. At the request of the Programme Management Board, eu-LISA should provide detailed and up-to-date information on the design and development of the router, including the resources allocated by eu-LISA.
  • Technical matters related to the usage and functioning of the router should be discussed in the API-PNR Contact Group where eu-LISA representatives should be also present.
  • Sanctions
  • Member States should ensure that a recurrent failure to transfer API data is subject to proportionate financial penalties of up to 2% of the air carrier's global turnover for the previous financial year. Failure to comply with the other obligations set out in the Regulation should be subject to proportionate penalties, including financial penalties.
docs/10
date
2024-04-25T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0376_EN.html title: T9-0376/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/9/summary
  • The European Parliament adopted by 492 votes to 33, with 10 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information (API) for enhancing and facilitating external border controls, amending Regulation (EU) 2019/817 and Regulation (EU) 2018/1726, and repealing Council Directive 2004/82/EC.
  • The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:
  • Subject matter
  • To enhance and facilitate the effectiveness and efficiency of border checks at external borders and of combating illegal immigration, this Regulation lays down the rules on: (a) the collection by air carriers of advance passenger information; (b) the transfer by air carriers to the router of the API data; (c) the transmission from the router to the competent border authorities of the API data. The Regulation should also apply to air carriers conducting flights into the Union.
  • Collection and transfer of API data
  • Air carriers should collect API data of each passenger on flights to the EU to be transferred to the router. The API data should consist only of the following data relating to each passenger on the flight : the surname, the date of birth, sex and nationality; the type and number of the travel document and the three-letter code of the issuing country of the travel document; the number identifying a passenger name record used by an air carrier to locate a passenger within its information system (PNR record locator); seating and baggage information.
  • In addition, air carriers should collect certain flight information, such as the flight identification number, airport code, departure and arrival times and the air carrier's contact details.
  • Where air carriers provide an online check-in process, they should enable passengers to provide API data by automated means during this online check-in process. For passengers that do not check-in online, air carriers should enable those passengers to provide those API data by automated means during check-in at the airport with the assistance of a self-service kiosk or of airline staff at the counter.
  • During a transitional period, air carriers should provide the possibility to passengers to provide API data manually as part of the online check-in. Air carriers should transfer the API data: (a) per passenger at the moment of check-in, but not earlier than 48 hours prior to the scheduled departure time, and: (b) for all boarded passengers immediately after flight closure.
  • Any processing of API data and, in particular, of API data constituting personal data must remain strictly limited to what is necessary and proportionate to achieve the objectives pursued by the Regulation. Furthermore, the processing of API data collected and transferred under the Regulation must not lead to any form of discrimination prohibited by the Charter of Fundamental Rights of the European Union. Particular attention must be paid to children, the elderly, people with disabilities and vulnerable persons.
  • Where an air carrier becomes aware that the data that it stores under this Regulation was processed unlawfully, or that the data does not constitute API data, it should immediately and permanently delete, that data.
  • The router
  • The European Union Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA) should design, develop, host and technically manage a router to facilitate the transfer of encrypted API data by air carriers to the competent border authorities.
  • The router should verify, in an automated manner and on the basis of real-time air traffic data, whether the air carrier has transferred the API data. Where the router has verified that the data has not been transferred by the air carrier, it should immediately and in an automated manner inform the air carrier concerned and the competent border authorities of the Member States to which the data was to be transferred. In this case, the air carrier should transfer the API data immediately.
  • Data protection
  • The air carriers should be controllers, within the meaning of the GDPR, for the processing of API data constituting personal data in relation to their collection of that data and their transfer thereof to the router under this Regulation. Each Member State should designate a competent authority as data controller and communicate those authorities to the Commission, eu-LISA and the other Member States.
  • Air carriers should provide passengers, on flights covered by this Regulation, with information on the purpose of the collection of their personal data, the type of personal data collected, the recipients of the personal data and the means to exercise the data subject rights.
  • Governance
  • No later than the date of entry into force of the Regulation, the Management Board of eu-LISA should establish a Programme Management Board consisting of ten members. The Programme Management Board should ensure the proper execution of eu-LISA's tasks relating to the design and development of the router. At the request of the Programme Management Board, eu-LISA should provide detailed and up-to-date information on the design and development of the router, including the resources allocated by eu-LISA.
  • Technical matters related to the usage and functioning of the router should be discussed in the API-PNR Contact Group where eu-LISA representatives should be also present.
  • Sanctions
  • Member States should ensure that a recurrent failure to transfer API data is subject to proportionate financial penalties of up to 2% of the air carrier's global turnover for the previous financial year. Failure to comply with the other obligations set out in the Regulation should be subject to proportionate penalties, including financial penalties.
docs/10
date
2024-04-25T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0376_EN.html title: T9-0376/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/9/summary
  • The European Parliament adopted by 492 votes to 33, with 10 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information (API) for enhancing and facilitating external border controls, amending Regulation (EU) 2019/817 and Regulation (EU) 2018/1726, and repealing Council Directive 2004/82/EC.
  • The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:
  • Subject matter
  • To enhance and facilitate the effectiveness and efficiency of border checks at external borders and of combating illegal immigration, this Regulation lays down the rules on: (a) the collection by air carriers of advance passenger information; (b) the transfer by air carriers to the router of the API data; (c) the transmission from the router to the competent border authorities of the API data. The Regulation should also apply to air carriers conducting flights into the Union.
  • Collection and transfer of API data
  • Air carriers should collect API data of each passenger on flights to the EU to be transferred to the router. The API data should consist only of the following data relating to each passenger on the flight : the surname, the date of birth, sex and nationality; the type and number of the travel document and the three-letter code of the issuing country of the travel document; the number identifying a passenger name record used by an air carrier to locate a passenger within its information system (PNR record locator); seating and baggage information.
  • In addition, air carriers should collect certain flight information, such as the flight identification number, airport code, departure and arrival times and the air carrier's contact details.
  • Where air carriers provide an online check-in process, they should enable passengers to provide API data by automated means during this online check-in process. For passengers that do not check-in online, air carriers should enable those passengers to provide those API data by automated means during check-in at the airport with the assistance of a self-service kiosk or of airline staff at the counter.
  • During a transitional period, air carriers should provide the possibility to passengers to provide API data manually as part of the online check-in. Air carriers should transfer the API data: (a) per passenger at the moment of check-in, but not earlier than 48 hours prior to the scheduled departure time, and: (b) for all boarded passengers immediately after flight closure.
  • Any processing of API data and, in particular, of API data constituting personal data must remain strictly limited to what is necessary and proportionate to achieve the objectives pursued by the Regulation. Furthermore, the processing of API data collected and transferred under the Regulation must not lead to any form of discrimination prohibited by the Charter of Fundamental Rights of the European Union. Particular attention must be paid to children, the elderly, people with disabilities and vulnerable persons.
  • Where an air carrier becomes aware that the data that it stores under this Regulation was processed unlawfully, or that the data does not constitute API data, it should immediately and permanently delete, that data.
  • The router
  • The European Union Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA) should design, develop, host and technically manage a router to facilitate the transfer of encrypted API data by air carriers to the competent border authorities.
  • The router should verify, in an automated manner and on the basis of real-time air traffic data, whether the air carrier has transferred the API data. Where the router has verified that the data has not been transferred by the air carrier, it should immediately and in an automated manner inform the air carrier concerned and the competent border authorities of the Member States to which the data was to be transferred. In this case, the air carrier should transfer the API data immediately.
  • Data protection
  • The air carriers should be controllers, within the meaning of the GDPR, for the processing of API data constituting personal data in relation to their collection of that data and their transfer thereof to the router under this Regulation. Each Member State should designate a competent authority as data controller and communicate those authorities to the Commission, eu-LISA and the other Member States.
  • Air carriers should provide passengers, on flights covered by this Regulation, with information on the purpose of the collection of their personal data, the type of personal data collected, the recipients of the personal data and the means to exercise the data subject rights.
  • Governance
  • No later than the date of entry into force of the Regulation, the Management Board of eu-LISA should establish a Programme Management Board consisting of ten members. The Programme Management Board should ensure the proper execution of eu-LISA's tasks relating to the design and development of the router. At the request of the Programme Management Board, eu-LISA should provide detailed and up-to-date information on the design and development of the router, including the resources allocated by eu-LISA.
  • Technical matters related to the usage and functioning of the router should be discussed in the API-PNR Contact Group where eu-LISA representatives should be also present.
  • Sanctions
  • Member States should ensure that a recurrent failure to transfer API data is subject to proportionate financial penalties of up to 2% of the air carrier's global turnover for the previous financial year. Failure to comply with the other obligations set out in the Regulation should be subject to proportionate penalties, including financial penalties.
docs/10
date
2024-04-25T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0376_EN.html title: T9-0376/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/9/summary
  • The European Parliament adopted by 492 votes to 33, with 10 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information (API) for enhancing and facilitating external border controls, amending Regulation (EU) 2019/817 and Regulation (EU) 2018/1726, and repealing Council Directive 2004/82/EC.
  • The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:
  • Subject matter
  • To enhance and facilitate the effectiveness and efficiency of border checks at external borders and of combating illegal immigration, this Regulation lays down the rules on: (a) the collection by air carriers of advance passenger information; (b) the transfer by air carriers to the router of the API data; (c) the transmission from the router to the competent border authorities of the API data. The Regulation should also apply to air carriers conducting flights into the Union.
  • Collection and transfer of API data
  • Air carriers should collect API data of each passenger on flights to the EU to be transferred to the router. The API data should consist only of the following data relating to each passenger on the flight : the surname, the date of birth, sex and nationality; the type and number of the travel document and the three-letter code of the issuing country of the travel document; the number identifying a passenger name record used by an air carrier to locate a passenger within its information system (PNR record locator); seating and baggage information.
  • In addition, air carriers should collect certain flight information, such as the flight identification number, airport code, departure and arrival times and the air carrier's contact details.
  • Where air carriers provide an online check-in process, they should enable passengers to provide API data by automated means during this online check-in process. For passengers that do not check-in online, air carriers should enable those passengers to provide those API data by automated means during check-in at the airport with the assistance of a self-service kiosk or of airline staff at the counter.
  • During a transitional period, air carriers should provide the possibility to passengers to provide API data manually as part of the online check-in. Air carriers should transfer the API data: (a) per passenger at the moment of check-in, but not earlier than 48 hours prior to the scheduled departure time, and: (b) for all boarded passengers immediately after flight closure.
  • Any processing of API data and, in particular, of API data constituting personal data must remain strictly limited to what is necessary and proportionate to achieve the objectives pursued by the Regulation. Furthermore, the processing of API data collected and transferred under the Regulation must not lead to any form of discrimination prohibited by the Charter of Fundamental Rights of the European Union. Particular attention must be paid to children, the elderly, people with disabilities and vulnerable persons.
  • Where an air carrier becomes aware that the data that it stores under this Regulation was processed unlawfully, or that the data does not constitute API data, it should immediately and permanently delete, that data.
  • The router
  • The European Union Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA) should design, develop, host and technically manage a router to facilitate the transfer of encrypted API data by air carriers to the competent border authorities.
  • The router should verify, in an automated manner and on the basis of real-time air traffic data, whether the air carrier has transferred the API data. Where the router has verified that the data has not been transferred by the air carrier, it should immediately and in an automated manner inform the air carrier concerned and the competent border authorities of the Member States to which the data was to be transferred. In this case, the air carrier should transfer the API data immediately.
  • Data protection
  • The air carriers should be controllers, within the meaning of the GDPR, for the processing of API data constituting personal data in relation to their collection of that data and their transfer thereof to the router under this Regulation. Each Member State should designate a competent authority as data controller and communicate those authorities to the Commission, eu-LISA and the other Member States.
  • Air carriers should provide passengers, on flights covered by this Regulation, with information on the purpose of the collection of their personal data, the type of personal data collected, the recipients of the personal data and the means to exercise the data subject rights.
  • Governance
  • No later than the date of entry into force of the Regulation, the Management Board of eu-LISA should establish a Programme Management Board consisting of ten members. The Programme Management Board should ensure the proper execution of eu-LISA's tasks relating to the design and development of the router. At the request of the Programme Management Board, eu-LISA should provide detailed and up-to-date information on the design and development of the router, including the resources allocated by eu-LISA.
  • Technical matters related to the usage and functioning of the router should be discussed in the API-PNR Contact Group where eu-LISA representatives should be also present.
  • Sanctions
  • Member States should ensure that a recurrent failure to transfer API data is subject to proportionate financial penalties of up to 2% of the air carrier's global turnover for the previous financial year. Failure to comply with the other obligations set out in the Regulation should be subject to proportionate penalties, including financial penalties.
docs/10
date
2024-04-25T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0376_EN.html title: T9-0376/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/9/summary
  • The European Parliament adopted by 492 votes to 33, with 10 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information (API) for enhancing and facilitating external border controls, amending Regulation (EU) 2019/817 and Regulation (EU) 2018/1726, and repealing Council Directive 2004/82/EC.
  • The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:
  • Subject matter
  • To enhance and facilitate the effectiveness and efficiency of border checks at external borders and of combating illegal immigration, this Regulation lays down the rules on: (a) the collection by air carriers of advance passenger information; (b) the transfer by air carriers to the router of the API data; (c) the transmission from the router to the competent border authorities of the API data. The Regulation should also apply to air carriers conducting flights into the Union.
  • Collection and transfer of API data
  • Air carriers should collect API data of each passenger on flights to the EU to be transferred to the router. The API data should consist only of the following data relating to each passenger on the flight : the surname, the date of birth, sex and nationality; the type and number of the travel document and the three-letter code of the issuing country of the travel document; the number identifying a passenger name record used by an air carrier to locate a passenger within its information system (PNR record locator); seating and baggage information.
  • In addition, air carriers should collect certain flight information, such as the flight identification number, airport code, departure and arrival times and the air carrier's contact details.
  • Where air carriers provide an online check-in process, they should enable passengers to provide API data by automated means during this online check-in process. For passengers that do not check-in online, air carriers should enable those passengers to provide those API data by automated means during check-in at the airport with the assistance of a self-service kiosk or of airline staff at the counter.
  • During a transitional period, air carriers should provide the possibility to passengers to provide API data manually as part of the online check-in. Air carriers should transfer the API data: (a) per passenger at the moment of check-in, but not earlier than 48 hours prior to the scheduled departure time, and: (b) for all boarded passengers immediately after flight closure.
  • Any processing of API data and, in particular, of API data constituting personal data must remain strictly limited to what is necessary and proportionate to achieve the objectives pursued by the Regulation. Furthermore, the processing of API data collected and transferred under the Regulation must not lead to any form of discrimination prohibited by the Charter of Fundamental Rights of the European Union. Particular attention must be paid to children, the elderly, people with disabilities and vulnerable persons.
  • Where an air carrier becomes aware that the data that it stores under this Regulation was processed unlawfully, or that the data does not constitute API data, it should immediately and permanently delete, that data.
  • The router
  • The European Union Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA) should design, develop, host and technically manage a router to facilitate the transfer of encrypted API data by air carriers to the competent border authorities.
  • The router should verify, in an automated manner and on the basis of real-time air traffic data, whether the air carrier has transferred the API data. Where the router has verified that the data has not been transferred by the air carrier, it should immediately and in an automated manner inform the air carrier concerned and the competent border authorities of the Member States to which the data was to be transferred. In this case, the air carrier should transfer the API data immediately.
  • Data protection
  • The air carriers should be controllers, within the meaning of the GDPR, for the processing of API data constituting personal data in relation to their collection of that data and their transfer thereof to the router under this Regulation. Each Member State should designate a competent authority as data controller and communicate those authorities to the Commission, eu-LISA and the other Member States.
  • Air carriers should provide passengers, on flights covered by this Regulation, with information on the purpose of the collection of their personal data, the type of personal data collected, the recipients of the personal data and the means to exercise the data subject rights.
  • Governance
  • No later than the date of entry into force of the Regulation, the Management Board of eu-LISA should establish a Programme Management Board consisting of ten members. The Programme Management Board should ensure the proper execution of eu-LISA's tasks relating to the design and development of the router. At the request of the Programme Management Board, eu-LISA should provide detailed and up-to-date information on the design and development of the router, including the resources allocated by eu-LISA.
  • Technical matters related to the usage and functioning of the router should be discussed in the API-PNR Contact Group where eu-LISA representatives should be also present.
  • Sanctions
  • Member States should ensure that a recurrent failure to transfer API data is subject to proportionate financial penalties of up to 2% of the air carrier's global turnover for the previous financial year. Failure to comply with the other obligations set out in the Regulation should be subject to proportionate penalties, including financial penalties.
docs/10
date
2024-04-25T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0376_EN.html title: T9-0376/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/9
date
2024-04-25T00:00:00
type
Decision by Parliament, 1st reading
body
EP
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0376_EN.html title: T9-0376/2024
procedure/stage_reached
Old
Awaiting Parliament's position in 1st reading
New
Awaiting Council's 1st reading position
docs/10
date
2024-04-25T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0376_EN.html title: T9-0376/2024
type
Text adopted by Parliament, 1st reading/single reading
body
EP
events/9
date
2024-04-25T00:00:00
type
Decision by Parliament, 1st reading
body
EP
docs
url: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0376_EN.html title: T9-0376/2024
procedure/stage_reached
Old
Awaiting Parliament's position in 1st reading
New
Awaiting Council's 1st reading position
events/8
date
2024-04-24T00:00:00
type
Debate in Parliament
body
EP
docs
url: https://www.europarl.europa.eu/doceo/document/CRE-9-2024-04-24-TOC_EN.html title: Debate in Parliament
forecasts
  • date: 2024-04-22T00:00:00 title: Indicative plenary sitting date
forecasts/0
date
2024-04-24T00:00:00
title
Debate scheduled
forecasts/0
date
2024-04-22T00:00:00
title
Indicative plenary sitting date
forecasts/0
date
2024-04-24T00:00:00
title
Debate in plenary scheduled
forecasts/0
date
2024-04-22T00:00:00
title
Indicative plenary sitting date
forecasts/0
date
2024-04-24T00:00:00
title
Debate in plenary scheduled
forecasts/0
date
2024-04-22T00:00:00
title
Indicative plenary sitting date
forecasts/0
date
2024-04-24T00:00:00
title
Debate in plenary scheduled
forecasts/0
date
2024-04-22T00:00:00
title
Indicative plenary sitting date
forecasts/0
date
2024-04-24T00:00:00
title
Debate in plenary scheduled
forecasts/0
date
2024-04-22T00:00:00
title
Indicative plenary sitting date
docs/9
date
2024-03-13T00:00:00
docs
title: GEDA/A/(2024)001541
type
Coreper letter confirming interinstitutional agreement
body
CSL
events/7
date
2024-03-19T00:00:00
type
Approval in committee of the text agreed at 1st reading interinstitutional negotiations
body
EP
docs
title: GEDA/A/(2024)001541
docs/9
date
2024-03-13T00:00:00
docs
title: GEDA/A/(2024)001541
type
Coreper letter confirming interinstitutional agreement
body
CSL
events/7
date
2024-03-19T00:00:00
type
Approval in committee of the text agreed at 1st reading interinstitutional negotiations
body
EP
docs
title: GEDA/A/(2024)001541
docs/9
date
2024-03-13T00:00:00
docs
title: GEDA/A/(2024)001541
type
Coreper letter confirming interinstitutional agreement
body
CSL
events/7
date
2024-03-19T00:00:00
type
Approval in committee of the text agreed at 1st reading interinstitutional negotiations
body
EP
docs
title: GEDA/A/(2024)001541
docs/9
date
2024-03-13T00:00:00
docs
title: GEDA/A/(2024)001541
type
Coreper letter confirming interinstitutional agreement
body
CSL
events/7
date
2024-03-19T00:00:00
type
Approval in committee of the text agreed at 1st reading interinstitutional negotiations
body
EP
docs
title: GEDA/A/(2024)001541
docs/9
date
2024-03-13T00:00:00
docs
title: GEDA/A/(2024)001541
type
Coreper letter confirming interinstitutional agreement
body
CSL
events/7
date
2024-03-19T00:00:00
type
Approval in committee of the text agreed at 1st reading interinstitutional negotiations
body
EP
docs
title: GEDA/A/(2024)001541
docs/9
date
2024-03-13T00:00:00
docs
title: GEDA/A/(2024)001541
type
Coreper letter confirming interinstitutional agreement
body
CSL
events/7
date
2024-03-19T00:00:00
type
Approval in committee of the text agreed at 1st reading interinstitutional negotiations
body
EP
docs
title: GEDA/A/(2024)001541
docs/9
date
2024-03-13T00:00:00
docs
title: GEDA/A/(2024)001541
type
Coreper letter confirming interinstitutional agreement
body
CSL
events/7
date
2024-03-19T00:00:00
type
Approval in committee of the text agreed at 1st reading interinstitutional negotiations
body
EP
docs
title: GEDA/A/(2024)001541
docs/9
date
2024-03-13T00:00:00
docs
title: GEDA/A/(2024)001512
type
Coreper letter confirming interinstitutional agreement
body
CSL
docs/9
date
2024-03-13T00:00:00
docs
title: GEDA/A/(2024)001512
type
Coreper letter confirming interinstitutional agreement
body
CSL
forecasts
  • date: 2024-04-22T00:00:00 title: Indicative plenary sitting date
docs/9
date
2023-12-07T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/A-9-2023-0409_EN.html title: A9-0409/2023
type
Committee report tabled for plenary, 1st reading/single reading
body
EP
events/4/summary
  • The Committee on Civil Liberties, Justice and Home Affairs adopted the report by Jan-Christoph OETJEN (Renew, DE) on the proposal for a regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information (API) for enhancing and facilitating external border controls, amending Regulation (EU) 2019/817 and Regulation (EU) 2018/1726, and repealing Council Directive 2004/82/EC.
  • The committee responsible recommended that the European Parliament's position adopted at first reading under the ordinary legislative procedure should amend the proposal as follows:
  • API data to be collected by air carriers
  • The amended text stated that air carriers should collect API data of passengers, consisting of the passenger data and the flight information, respectively, on the flights for the purpose of transferring that API data to the router. Where the flight is code-shared between one or more air carriers, the obligation to transfer the API data should be on the air carrier that operates the flight.
  • Means of collecting API data
  • The collection of API data should not include an obligation for air carriers to check the travel document at the moment of boarding the aircraft or an obligation for passengers to carry a travel document when travelling, without prejudice to acts of national law that are compatible with Union law. The collection of API data by automated means should not lead to the collection of any biometric data from the travel document.
  • Where air carriers provide an online check-in process, they should enable passengers to provide the API data during the online check-in process, using automated means .
  • Air carriers should ensure that API data is encrypted during the transmission of the data from the passenger to the air carriers.
  • Obligations on air carriers regarding transfers of API data
  • At the moment of check-in, air carriers should transfer the API data in accordance with this Regulation and relevant international standards. Air carriers should receive an acknowledgement of receipt of the transfer of the API data.
  • Processing of API data received
  • The competent border authorities should be prohibited from processing API data for the purposes of profiling under any circumstances.
  • Storage and deletion of API data
  • Members suggested that air carriers should store, for a time period of 24 hours (as opposed to the 48 hours proposed by the Commission) from the moment of departure of the flight, the API data relating to that passenger that they collected. They should immediately and permanently delete that API data after the expiry of that time period.
  • Air carriers or competent border authorities should immediately and permanently delete API data where they become aware that the API data collected was processed unlawfully or that the data transferred does not constitute API data.
  • Fundamental Rights
  • The collection and processing of personal data by air carriers and competent authorities should not result in discrimination against persons on the grounds of sex and gender, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age or sexual orientation.
  • The router
  • Members clarified the functioning of the router. It should allow for the reception and transmission of encrypted API data and automatically extract and make available the statistics to the central repository for reporting and statistics.
  • eu-LISA should design and develop the router in a way that any API data transferred from the air carriers to the router and any API data transmitted from the router to the competent border authorities and to the central repository for reporting and statistics are encrypted.
  • Information to passengers
  • Air carriers should provide passengers with information on the purpose of the collection of their personal data, the type of personal data collected, the recipients of the personal data and the means to exercise the data subject rights. This information should be communicated to passengers in writing and in an easily accessible format at the moment of booking and at the moment of check-in, irrespective of the means used to collect the personal data at the moment of check-in.
  • Costs of eu-LISA, the European Data Protection Supervisor, the national supervisory authorities and of Member States
  • Member underlined that the financial appropriation to the functioning of the router will determine its success, therefore eu-LISA should be provided with the necessary resources. In addition, in view of the expected increase in tasks for the EDPS and national data protection authorities, the report includes provisions regarding the coverage of cost costs incurred by them as well.
  • Penalties
  • Member States should ensure that a systematic or persistent failure to comply with obligations set out in this Regulation is subject to financial penalties of up to 2% of an air carrier's global turnover of the preceding business year.
  • API Expert Group
  • The committee called for an API Expert Group to be set up to facilitate cooperation and the exchange of information on obligations stemming from and issues relating to this Regulation among Member States, EU institutions and stakeholders.
  • The Group should be composed of representatives of the European Commission, Member States’ relevant authorities, the European Parliament and eu-LISA.
  • Monitoring and evaluation
  • Members considered that this Regulation should be subject to regular evaluations to ensure the monitoring of its effective application. In particular, the collection of API data should not be to the detriment of the travel experience of legitimate passengers. The overall regulatory burden for the aviation sector should be kept under close review.
  • Moreover, the report should assess the extent to which the objectives of the Regulation have been met and to which extent it has impacted the competitiveness of the sector.
events/6
date
2023-12-13T00:00:00
type
Committee decision to enter into interinstitutional negotiations confirmed by plenary (Rule 71)
body
EP
events/5
date
2023-12-11T00:00:00
type
Committee decision to enter into interinstitutional negotiations announced in plenary (Rule 71)
body
EP
docs/9/docs/0/url
https://www.europarl.europa.eu/doceo/document/A-9-2023-0409_EN.html
events/4/docs/0/url
https://www.europarl.europa.eu/doceo/document/A-9-2023-0409_EN.html
docs/9
date
2023-12-07T00:00:00
docs
title: A9-0409/2023
type
Committee report tabled for plenary, 1st reading/single reading
body
EP
events/2
date
2023-11-28T00:00:00
type
Vote in committee, 1st reading
body
EP
events/3
date
2023-11-28T00:00:00
type
Committee decision to open interinstitutional negotiations with report adopted in committee
body
EP
events/4
date
2023-12-07T00:00:00
type
Committee report tabled for plenary, 1st reading
body
EP
docs
title: A9-0409/2023
procedure/stage_reached
Old
Awaiting committee decision
New
Awaiting Parliament's position in 1st reading
docs/4/docs/0/url
Old
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:2023:084:TOC
New
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2023:084:TOC
docs/9/date
Old
2023-09-14T00:00:00
New
2023-09-15T00:00:00
docs/10/date
Old
2023-03-22T00:00:00
New
2023-03-23T00:00:00
docs/11/date
Old
2023-04-25T00:00:00
New
2023-04-26T00:00:00
docs/9
date
2023-09-14T00:00:00
docs
url: https://connectfolx.europarl.europa.eu/connefof/app/exp/COM(2022)0729 title: COM(2022)0729
type
Contribution
body
PT_PARLIAMENT
docs/8
date
2023-09-05T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/LIBE-AM-752817_EN.html title: PE752.817
type
Amendments tabled in committee
body
EP
docs/7
date
2023-07-19T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/TRAN-AD-746927_EN.html title: PE746.927
committee
TRAN
type
Committee opinion
body
EP
docs/6
date
2023-07-05T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/LIBE-PR-750252_EN.html title: PE750.252
type
Committee draft report
body
EP
docs/5
date
2023-04-27T00:00:00
docs
url: https://dmsearch.eesc.europa.eu/search/public?k=(documenttype:AC)(documentnumber:0256)(documentyear:2023)(documentlanguage:EN) title: CES0256/2023
type
Economic and Social Committee: opinion, report
body
ESC
commission
  • body: EC dg: Migration and Home Affairs commissioner: JOHANSSON Ylva
committees/0/shadows/3
name
FEST Nicolaus
group
Identity and Democracy
abbr
ID
committees/0/shadows/4
name
GUSMÃO José
group
The Left group in the European Parliament - GUE/NGL
abbr
GUE/NGL
committees/0/shadows
  • name: LENAERS Jeroen group: Group of European People's Party abbr: EPP
  • name: KALJURAND Marina group: Group of Progressive Alliance of Socialists and Democrats abbr: S&D
  • name: STRIK Tineke group: Group of the Greens/European Free Alliance abbr: Verts/ALE
  • name: KANKO Assita group: European Conservatives and Reformists Group abbr: ECR
docs/6
date
2023-04-25T00:00:00
docs
url: https://connectfolx.europarl.europa.eu/connefof/app/exp/COM(2022)0729 title: COM(2022)0729
type
Contribution
body
NL_SENATE
procedure/title
Old
Collection and transfer of advance passenger information (API) for enhancing and facilitating external border controls
New
Collection and transfer of advance passenger information for enhancing and facilitating external border controls
committees/0/rapporteur
  • name: OETJEN Jan-Christoph date: 2023-03-28T00:00:00 group: Renew Europe group abbr: Renew
docs/5
date
2023-03-22T00:00:00
docs
url: https://connectfolx.europarl.europa.eu/connefof/app/exp/COM(2022)0729 title: COM(2022)0729
type
Contribution
body
ES_PARLIAMENT
docs/4
date
2023-02-08T00:00:00
docs
type
Document attached to the procedure
body
EDPS
committees/2/rapporteur
  • name: OETJEN Jan-Christoph date: 2023-02-22T00:00:00 group: Renew Europe group abbr: Renew
procedure/Legislative priorities/0/title
Old
Joint Declaration on EU legislative priorities for 2023 and 2024
New
Joint Declaration 2023-24
procedure/Legislative priorities
  • title: Joint Declaration on EU legislative priorities for 2023 and 2024 url: https://oeil.secure.europarl.europa.eu/oeil/popups/thematicnote.do?id=41380&l=en
  • title: Joint Declaration 2022 url: https://oeil.secure.europarl.europa.eu/oeil/popups/thematicnote.do?id=41360&l=en
events/1
date
2023-02-13T00:00:00
type
Committee referral announced in Parliament, 1st reading
body
EP
procedure/dossier_of_the_committee
  • LIBE/9/10982
procedure/stage_reached
Old
Preparatory phase in Parliament
New
Awaiting committee decision
committees/1/opinion
False
docs/0
date
2022-12-13T00:00:00
docs
type
Legislative proposal
body
EC
events/0/summary
  • PURPOSE: to present new rules on the collection and transfer of advance passenger information (API) to facilitate external border controls, combat illegal immigration and increase internal security.
  • PROPOSED ACT: Regulation of the European Union and of the Council.
  • ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.
  • BACKGROUND: Advance Passenger Information (API) is information on a passenger collected at check-in or at boarding. It includes information about the passenger and information about their flight. In 2019, the International Civil Aviation Organisation (ICAO) reported 4.5 billion passengers globally carried by air transport on scheduled services, with over half a billion passengers that enter or leave the EU every year. This puts a strain on the external air borders of the EU as all travellers, meaning non-EU nationals, and EU citizens crossing the external borders, should be effectively and systematically checked against the relevant databases. To ensure that checks can be performed efficiently on every air passenger, there is a need to speed up border controls at airports and ensure the facilitation of passenger flows while at the same time maintaining a high level of security.
  • The existing legal framework on API data, which consists of Council Directive 2004/82/EC and national law transposing that Directive, has proven important in improving border controls, notably by setting up a framework for Member States to introduce provisions for laying down obligations on air carriers to transfer API data on passengers transported into their territory. However, divergences remain at national level. In particular, API data is not systematically requested from air carriers and air carriers are faced with different requirements regarding the type of information to be collected and the conditions under which the API data needs to be transferred to competent border authorities. Those divergences lead not only to unnecessary costs and complications for the air carriers, but they are also prejudicial to ensuring effective and efficient pre-checks of persons arriving at external borders.
  • The existing legal framework should therefore be updated and replaced to ensure that the rules regarding the collection and transfer of API data for the purpose of enhancing and facilitating the effectiveness and efficiency of border checks at external borders and for combating illegal immigration are clear, harmonised and effective .
  • CONTENT: this proposed Regulation presents new rules on the collection and transfer of advance passenger information (API) to facilitate external border controls, combat illegal immigration and increase internal security. It lays down the rules on:
  • - the collection by air carriers of advance passenger information (‘API data’) on flights into the Union;
  • - the transfer by air carriers to the router of the API data;
  • - the transmission from the router to the competent border authorities of the API data.
  • It will apply to air carriers conducting scheduled or non-scheduled flights into the Union.
  • Overall, the proposal contains:
  • - provisions for the collection and transfer of API data, namely a clear set of rules for the collection of API data by air carriers, rules regarding the transfer of API data to the router, the processing of API data by competent border authorities, and the storage and deletion of API data by air carriers and those authorities;
  • - provisions for the transmission of API data through a central router which will act as the single point of reception and onward distribution of data, replacing the current system comprised of multiple connections between air carriers and national authorities. More specifically, it includes provisions describing the main features of the router, rules on the use of the router, the procedure for the transmission of API data from the router to the competent border authorities, deletion of API data from the router, the keeping of logs, and the procedures in case of a partial or full technical impossibility to use the router;
  • - specific provisions on the protection of personal data . More specifically, it specifies who the data controllers and data processor are for the processing of API data constituting personal data pursuant to this Regulation. It also sets out measures required from eu-LISA to ensure the security of data processing, in line with the provisions of Regulation (EU) 2018/1725. It sets out measures required from air carriers and competent border authorities to ensure their self-monitoring of compliance with the relevant provisions set out in this Regulation and rules on audits;
  • - specific issues relating to the router . It contains requirements on the connections to the router of competent border authorities and air carriers. It also sets out the tasks of eu-LISA relating to the design and development of, the hosting and technical management of, and other support tasks relating to, the router. It also contains provisions concerning the costs incurred by eu-LISA and Member States under this Regulation, in particular as regards Member States’ connections to and integration with the router. It also sets out provisions regarding liability for damage cause to the router, the start of operations of the router and the possibility of voluntary use of the router by air carriers subject to certain conditions;
  • - provisions on supervision, possible penalties applicable to air carriers for non-compliance of their obligations set out in this Regulation, rules relating to statistical reporting by eu-LISA, and on the preparation of a practical handbook by the Commission;
  • Budgetary implications
  • This proposal will have an impact on the budget and staff needs of eu-LISA and Member States’ competent border authorities.
  • For eu-LISA, it is estimated that an additional budget of around EUR 45 million (33 million under current MFF) to set-up the router and EUR 9 million per year from 2029 onwards for the technical management thereof, and that around 27 additional posts would be needed for to ensure that eu-LISA has the necessary resources to perform the tasks attributed to it in this proposed Regulation and in the proposed Regulation for the collection and transfer of API data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime.
  • For Member States, it is estimated that EUR 27 million (EUR 8 million under the current Multiannual Financial Framework) dedicated to upgrading the necessary national systems and infrastructures for border management authorities, and progressively up to EUR 5 million per year from 2028 onwards for the maintenance thereof, could be entitled for reimbursement by Border Management and Visa Instrument fund. Any such entitlement will ultimately have to be determined in accordance with the rules regulating those funds as well as the rules on costs contained in the proposed Regulation.
docs/1/docs/0
url
https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=SECfinal&an_doc=2022&nu_doc=0444
title
EUR-Lex
events
  • date: 2022-12-13T00:00:00 type: Legislative proposal published body: EC docs: url: http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2022/0729/COM_COM(2022)0729_EN.pdf title: COM(2022)0729 url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=2022&nu_doc=0729 title: EUR-Lex
docs/0/docs/1
url
https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=2022&nu_doc=0729
title
EUR-Lex