Legislative Observatory
European Parliament
Please fill in this field to find a procedure

Collection and transfer of advance passenger information for the prevention, detection, investigation and prosecution of terrorist offences and serious crime

2022/0425(COD)

PURPOSE: to present new rules on the collection and transfer of advance passenger information (API) for the prevention, detection, investigation and prosecution of terrorist offences and serious crime.

PROPOSED ACT: Regulation of the European Union and of the Council.

ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.

BACKGROUND: over the last decade the EU and other parts of the world have seen an increase in serious and organised crime. According to Europol’s EU Serious and Organised Crime Threat Assessment, most organised crime involves international travel, typically aimed at smuggling persons, drugs or other illicit goods into the EU. Notably, criminals make frequent use of the EU’s main airports as well as smaller regional airports operating low-cost airlines. In this context, information on air travellers is an important tool for law enforcement authorities to counter serious crime and terrorism in the EU.

Air traveller data includes Advance Passenger Information (API) and Passenger Name Records (PNR) which, when used together, are particularly effective to identify high-risk travellers and to confirm the travel pattern of suspected individuals.

In the EU, the PNR Directive does not lead to the collection of the full set of API data, as air carriers do not have any business purpose to collect such data.

The joint processing of API and PNR data by competent law enforcement authorities substantially increases the effectiveness of the fight against serious crimes and terrorism in the EU. The combined use of API data and PNR data enables the competent national authorities to confirm the identity of passengers and greatly improves the reliability of PNR data.

The current EU legal framework only regulates the use of PNR data for fighting serious crime and terrorism but does not do so specifically for API data, which can be requested only on flights coming from third countries, leading to a security gap, notably regarding intra-EU flights for which Member States request air carriers to transfer PNR data. Passenger Information Units obtain the most effective operational results on flights where both API and PNR data are collected. This means that competent law enforcement authorities cannot benefit from the results of the joint processing of API data and PNR data on flights within the EU, for which only PNR data is transferred.

For those reasons, complementary rules should be established requiring air carriers to collect and subsequently transfer a specifically defined set of API data, which requirements should apply to the extent that the air carriers are bound under that Directive to collect and transfer PNR data on the same flight.

It is therefore necessary to establish at Union level clear, harmonised and effective rules on the collection and transfer of API data for the purpose of preventing, detecting, investigating and prosecuting terrorist offences and serious crime.

CONTENT: the proposed Regulation aims to lay down better rules for the collection and transfer of API data by air carriers for the purpose of preventing, detecting, investigating, and prosecuting terrorist offences and serious crime. More specifically, it lays down rules on:

- the collection by air carriers of advance passenger information data (‘API data’) on extra EU flights and selected intra EU flights;

- the transfer by air carriers to the router of the API data;

- the transmission from the router to the Passenger Information Units (‘PIUs’) of the API data on extra-EU flights and selected intra-EU flights. 

It will apply to air carriers conducting scheduled or non-scheduled extra-EU flights or intra-EU flights.

Overall, the proposal contains:

- the provisions for the collection, transfer to the router and deletion of API data by air carriers, and rules regarding the transmission of API data from the router to the Passenger Information Units;

- specific provisions on logs, specifications as to whom are the personal data controllers in relation to processing of API data constituting personal data under this Regulation, security and self-monitoring by air carriers and PIUs;

- rules on the connections to, and integration with, the router by Passenger Information Units and air carriers, as well as on Member States’ costs in connection thereto. It also contains provisions regulating the situation of a partial or full technical impossibility to use the router and on liability for damage caused to the router;

- provisions on supervision, on possible penalties applicable to air carriers for non-compliance of their obligations set out in this Regulation and on the preparation of a practical handbook by the Commission.

Budgetary implications

This proposal will have an impact on the budget and staff needs of eu-LISA and Member States’ competent border authorities.

For eu-LISA, it is estimated that an additional budget of around EUR 45 million (33 million under current MFF) to set-up the router and EUR 9 million per year from 2029 onwards for the technical management thereof, and that around 27 additional posts would be needed for to ensure that eu-LISA has the necessary resources to perform the tasks attributed to it in this proposed Regulation and in the proposed Regulation for the collection and transfer of API data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime.

For Member States, it is estimated that EUR 27 million (EUR 8 million under the current Multiannual Financial Framework) dedicated to upgrading the necessary national systems and infrastructures for border management authorities, and progressively up to EUR 5 million per year from 2028 onwards for the maintenance thereof, could be entitled for reimbursement by Border Management and Visa Instrument fund. Any such entitlement will ultimately have to be determined in accordance with the rules regulating those funds as well as the rules on costs contained in the proposed Regulation.