Legislative Observatory
European Parliament
Please fill in this field to find a procedure

Security of identity cards of Union citizens and of residence documents issued to Union citizens and their family members

2024/0187(CNS)

The European Parliament adopted by 377 votes to 279, with 16 abstentions, following a special legislative procedure (consultation), a legislative resolution on the proposal for a Council regulation on strengthening the security of identity cards of Union citizens and of residence documents issued to Union citizens and their family members exercising their right of free movement.

Parliament approved the Commission's proposal subject to the following amendments:

Security standards/format/specifications

The proposal provides that data elements included on identity cards will comply with the specifications set out in part 5 of ICAO document 9303. An amendment clarifies that where a Member State includes a person’s gender on a document covered by this Regulation, the specifications of ICAO Document 9303 ‘F’, ‘M’ or ‘X’ or the corresponding single initial used in the official language or languages of that Member State will be used, as appropriate.

Collection of biometric identifiers

According to the proposal, biometric identifiers stored for the purpose of personalisation of identity cards or residence documents will be kept in a highly secure manner and only until the date of collection of the document and, in any case, no longer than 90 days from the date of issue. Members considered that the processing of those data for other purposes will be subject to the limitations and conditions provided for in national law or Union data protection law.

Protection of personal data and liability

Member States will ensure that all external providers comply with Union and national data protection law, and appropriate measures will be adopted to prevent any unauthorised access or misuse of personal data during outsourced processes.

Furthermore, facial images stored on the storage medium of identity cards and residence documents will only be accessed by duly authorised staff of competent national authorities, Union agencies and private entities for the purpose of verifying the authenticity of the document and the identity of the holder.

Access to the facial image by private entities will also require the consent of the holder, unless access regardless of consent is strictly necessary and provided for by Union or national law in compliance with Union data protection law.

Evaluation

The Commission will report on the implementation of the regulation two years and eleven years after its entry into force, including on the adequacy of the level of security provided, taking into account its impact on fundamental rights and data protection principles.