FantasticSearch

(1) The carrying out of border checks of persons at the external borders significantly contributes to ensuring the long-term security of the Union, its Member States and its citizens and, as such, remains an important safeguard, especially in the area without internal border control. Border checks are to be carried out in accordance with Regulation (EU) 2016/399 of the European Parliament and of the Council where applicable, in order to help combat illegal immigration and prevent threats to the Member States’ internal security, public policy, public health and international relations. Such border checks are to be carried out in such a way as to fully respect human dignity and be in full compliance with relevant Union law, including the Charter of Fundamental Rights of the European Union (‘the Charter’).

(2) The use of passenger data and flight information transferred ahead of the arrival of passengers, known as advance passenger information or API data, contributes to speeding up the required border checks during the border-crossing process. For the purposes of this Regulation that process concerns, more specifically, the crossing of borders between a third country or a Member State to which this Regulation does not apply and a Member State to which this Regulation applies. The use of API data strengthens border checks at those external borders by providing sufficient time to enable detailed and comprehensive border checks to be carried out on all passengers, without having a disproportionate negative effect on those travelling in good faith. Therefore, in the interest of the effectiveness and efficiency of border checks at external borders, an appropriate legal framework should be provided for to ensure that Member States’ competent border authorities at such external border crossing points have access to API data prior to the arrival of passengers.

(3) The existing legal framework on API data, which consists of Council Directive 2004/82/EC and national law transposing that Directive, has proven important in improving border checks, in particular by setting up a framework for Member States to introduce provisions for laying down obligations on air carriers to transfer API data on passengers transported into their territory. However, divergent practices remain at national level. In particular, API data are not systematically requested from air carriers and air carriers are faced with different requirements regarding the type of information to be collected and the conditions under which the API data need to be transferred to competent border authorities. Those divergences not only lead to unnecessary costs and complications for air carriers, but they are also prejudicial to ensuring effective and efficient pre-checks on persons arriving at external borders.

(4) The existing legal framework needs to be updated and replaced to ensure that the rules regarding the collection and transfer of API data for the purpose of enhancing and facilitating the effectiveness and efficiency of border checks at external borders and for combating illegal immigration are clear, harmonised and effective, in accordance with the rules set out in Regulation (EU) 2016/399 for Member States to which it applies, and with national law where it does not apply.

(5) In order to ensure a consistent approach at both Union and international level as much as possible and in view of the rules on the collection of API data applicable at international level, the updated legal framework established by this Regulation should take into account the relevant practices internationally agreed with the air industry, such as in the context of the World Customs Organisation, International Aviation Transport Association and International Civil Aviation Organisation (ICAO) Guidelines on Advance Passenger Information.

(6) The collection and transfer of API data affect the privacy of individuals and entail the processing of their personal data. In order to fully respect their fundamental rights, in particular the right of respect for private life and the right to the protection of personal data, in accordance with the Charter, adequate limits and safeguards should be provided for. For example, any processing of API data and, in particular, API data constituting personal data should remain strictly limited to what is necessary for and proportionate to achieving the objectives pursued by this Regulation. In addition, it should be ensured that the processing of any API data collected and transferred under this Regulation does not lead to any form of discrimination precluded by the Charter.

(7) In order to achieve its objectives, this Regulation should apply to all air carriers conducting flights into the Union, as defined in this Regulation, irrespective of the place of establishment of the air carriers conducting those flights, and operating both scheduled and non-scheduled flights. The collection of data from any other civil aircraft operations, such as flight schools, medical flights, emergency flights, as well as from military flights, is not within the scope of this Regulation. This Regulation is without prejudice to the collection of data from such flights as provided for in national law that is compatible with Union law. The Commission should assess the feasibility of a Union scheme obliging operators of private flights to collect and transfer air passenger data.

(8) The obligations on air carriers to collect and transfer API data under this Regulation should include all passengers on flights into the Union, transit passengers whose final destination is outside of the Union and any off-duty crew member positioned on a flight by an air carrier in connection with their duties.

(9) In the interest of effectiveness and legal certainty, the items of information that together constitute the API data to be collected and subsequently transferred under this Regulation should be listed clearly and exhaustively, covering both information relating to each passenger and information on the flight taken by that passenger. Under this Regulation, and in accordance with international standards, such flight information should cover seating and baggage information, where such information is available, and information on the border crossing point of entry into the territory of the Member State concerned in all cases covered by this Regulation. Where baggage or seat information is available within other IT systems that the air carrier, its handler, its system provider or the airport authority has at its disposal, air carriers should integrate that information in the API data to be transferred to the competent border authorities. API data as defined and regulated under this Regulation do not include biometric data.

(10) In order to allow for flexibility and innovation, it should in principle be left to each air carrier to determine how it meets its obligations regarding the collection of API data set out in this Regulation, taking into account the different types of air carrier as defined in this Regulation and their respective business models, including as regards check-in times and cooperation with airports. However, considering that suitable technological solutions exist that allow certain API data to be collected automatically while ensuring that the API data concerned are accurate, complete and up to date, and having regard to the advantages of the use of such technology in terms of effectiveness and efficiency, air carriers should be required to collect such API data using automated means, by reading information from the machine-readable data of the travel document. Where the use of such automated means is not technically possible in exceptional circumstances, air carriers should exceptionally collect the API data manually, either as part of the online check-in process or as part of the check-in at the airport, in such a manner as to ensure compliance with their obligations under this Regulation.

(11) The collection of API data by automated means should be strictly limited to the alphanumerical data contained in the travel document and should not lead to the collection of any biometric data from it. As the collection of API data is part of the check-in process, either online or at the airport, this Regulation does not include an obligation for air carriers to check a travel document of the passenger at the moment of boarding. Compliance with this Regulation does not include any obligation for passengers to carry a travel document at the moment of boarding. This should be without prejudice to obligations stemming from other Union legal acts or national law that is compatible with Union law.

(12) The collection of API data from travel documents should also be consistent with the ICAO standards on machine-readable travel documents, which have been incorporated into Union law by means of Regulation (EU) 2019/1157 of the European Parliament and of the Council , Council Regulation (EC) No 2252/2004 and Council Directive (EU) 2019/997 .

(13) The requirements set out in this Regulation and the corresponding delegated and implementing acts should lead to the uniform implementation of this Regulation by the air carriers, thereby minimising the cost of the interconnection of their respective systems. To facilitate the harmonised implementation of those requirements by the air carriers, in particular as regards the data structure, format and transmission protocol, the Commission, on the basis of its cooperation with the competent border authorities, other Member States authorities, air carriers and relevant Union agencies, should ensure that the practical handbook to be prepared by the Commission provides all the necessary guidance and clarifications.