Activities of Jan-Christoph OETJEN related to 2022/0424(COD)
Reports (1)
REPORT on the proposal for a regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information (API) for enhancing and facilitating external border controls, amending Regulation (EU) 2019/817 and Regulation (EU) 2018/1726, and repealing Council Directive 2004/82/EC
Opinions (1)
OPINION on the proposal for a regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information (API) for enhancing and facilitating external border controls, amending Regulation (EU) 2019/817 and Regulation (EU) 2018/1726, and repealing Council Directive 2004/82/EC
Amendments (36)
Amendment 12 #
Proposal for a regulation
Recital 8
Recital 8
(8) In the interest of effectiveness and legal certainty, the items of information that jointly constitute the API data to be collected and subsequently transferred under this Regulation should be listed clearly and exhaustively, covering both information relating to each traveller and information on the flight of that traveller. Such flight information should cover information on the border crossing point of entry into the territory of the Member State concerned in all cases covered by this Regulation, but that information should be collected only where applicable under Regulation (EU) [API law enforcement], that is, not when the API data relate to intra-EU flights.
Amendment 15 #
Proposal for a regulation
Recital 13
Recital 13
(13) In view of ensuring that the pre- checks carried out in advance by competent border authorities are effective and efficient, the API data transferred to those authorities should contain data of travellers that are effectively set to cross the external borders, that is, of travellers that are effectively on board of the aircraft. Therefore, the air carriers should transfer API data directly after flight closure. Moreover, API data helps the competent border authorities to distinguish legitimate travellers from travellers who may be of interest and therefore may require additional verifications, which would necessitate further coordination and preparation of follow-up measures to be taken upon arrival. That could occur, for example, in cases of unexpected number of travellers of interest whose physical checks at the borders could adversely affect the border checks and waiting times at the borders of other legitimate travellers. To provide the competent border authorities with an opportunity to prepare adequate and proportionate measures at the border, such as temporarily reinforcing or reaffecting staff, particularly for flights where the time between the flight closure and the arrival at the external borders is insufficient to allow the competent border authorities to prepare the most appropriate response, API data should also be transmitted prior to boarding, at the moment of check-in of each traveller. In order to reduce the impact on air carriers, and with a view to create synergies with other reporting obligations on air carriers in Regulation (EU) 2017/2226, Regulation (EU) 2018/1240 and Regulation (EC) 767/2008 and avoid duplication, air carriers should transfer the API data at the moment of check-in of each traveller by way of interactive API in accordance with international standards, using the existing carrier gateway. Air carriers should receive a meaningful reply to the transfer of interactive API in accordance with Regulation (EU) 2017/2226, Regulation (EU) 2018/1240 and Regulation (EC) 767/2008.
Amendment 17 #
Proposal for a regulation
Recital 13 a (new)
Recital 13 a (new)
(13a) In order to enhance data quality, the router should verify whether the API data transferred to it by the air carriers complies with the supported data formats. Where the router has verified that the data is not compliant with the suported data formats, the router should, immediately and in an automated manner, notify the air carrier concerned.
Amendment 18 #
Proposal for a regulation
Recital 15 a (new)
Recital 15 a (new)
(15a) Given that this Regulation requires additional adjustment and administrative costs by the air carriers, the overall regulatory burden for the aviation sector should be kept under close review. Against this backdrop, the report evaluating the functioning of this Regulation should assess the extent to which the objectives of the Regulation have been met and to which extent it has impacted the competitiveness of the sector. Therefore, the Commission’s report should also refer to the interaction of this Regulation with other relevant EU legislative acts, notably Regulation (EU) 2017/2226, Regulation (EU) 2018/1240 and Regulation (EC) 767/2008. The report should assess the overall impact of related reporting obligations on air carriers, identifying provisions that may be updated and simplified to mitigate the burden on air carriers, as well as actions and measures that have been or could be taken to reduce the total cost pressure on the aviation sector.
Amendment 19 #
Proposal for a regulation
Recital 17
Recital 17
(17) In order to avoid that air carriers have to establish and maintain multiple connections with the competent border authorities of the Member States’ for the transfer of API data collected under this Regulation and the related inefficiencies and security risks, provision should be made for a single router, created and operated at Union level, that serves as a connection and distribution point for those transfers. In the interest of efficiency and cost effectiveness, the router should, to the extent technically possible and in full respect of the rules of this Regulation and Regulation (EU) [API law enforcement], rely on technical components from other relevant systems created under Union law, notably the webservice referred to in Regulation (EU) 2017/2226, the carrier gateway referred to in Regulation (EU) 2018/1240 and the carrier gateway referred to in Regulation (EC) 767/2008. In order to reduce the impact on air carriers and ensure a harmonised approach towards air carriers, eu-LISA should design the router, to the extent technically and operationally possible, in a way that is coherent and consistent with the obligations put on air carriers by Regulation (EU) 2017/2226, Regulation (EU) 2018/1240 and Regulation (EC) 767/2008.
Amendment 21 #
Proposal for a regulation
Recital 19
Recital 19
(19) The router should serve only to facilitate the transmission of API data from the air carriers to the competent border authorities in accordance with this Regulation and to PIUs in accordance with Regulation (EU) [API law enforcement], and should not be a repository of API data. Therefore, and in order to minimise any risk of unauthorised access or other misuse and in accordance with the principle of data minimisation, any storage of the API data on the router should remain limited to what is strictly necessary for technical purposes related to the transmission and the API data should be deleted from the router, immediately, permanently and in an automated manner, from the moment that the transmission has been completed or, where relevant under Regulation (EU) [API law enforcement], the API data is not to be transmitted at all.
Amendment 27 #
Proposal for a regulation
Article 6 – paragraph 2
Article 6 – paragraph 2
2. Air carriers shall transfer the API data both at the moment of check-in and immediately after flight closure, that is, once the passengers have boarded the aircraft in preparation for departure and it is no longer possible for passengers to board or to leave the aircraft. At the moment of check-in, air carriers shall transfer the API data by way of interactive API in accordance with international standards. Where an air carrier transfers the API data by way of interactive API, it shall receive a meaningful reply in accordance with Regulation (EU) 2017/2226, Regulation (EU) 2018/1240 and Regulation (EC) 767/2008.
Amendment 28 #
Proposal for a regulation
Article 6 – paragraph 2 a (new)
Article 6 – paragraph 2 a (new)
2a. The router shall verify whether the API data transferred to it in accordance with paragraph 1 complies with the detailed rules on the supported data formats. Where the router has verified that the data is not compliant with the detailed rules, the router shall, immediately and in an automated manner, notify the air carrier concerned.
Amendment 29 #
Proposal for a regulation
Article 6 – paragraph 3
Article 6 – paragraph 3
3. The Commission is empowered to adopt delegated acts in accordance with Article 37 to supplement this Regulation by laying down the necessary detailed rules on the common protocols and supported data formats to be used for the transfers of API data to the router referred to in paragraph 1, including the use of interactive API for the transfer of API data at the moment of check-in.
Amendment 30 #
Proposal for a regulation
Article 9 – paragraph 3
Article 9 – paragraph 3
3. Without prejudice to Article 10 of this Regulation, the router shall, to the extent technically possible, share and re- use the technical components, including hardware and software components, of the web service referred to in Article 13 of Regulation (EU) 2017/2226 of the European Parliament and of the Council48, the carrier gateway referred to in Article 6(2), point (k), of Regulation (EU) 2018/1240, and the carrier gateway referred to in Article 2a, point (h), of Regulation (EC) 767/2008 of the European Parliament and of the Council49. eu-LISA shall design the router, to the extent technically and operationally possible, in a way that is coherent and consistent with the obligations put on air carriers by Regulation (EU) 2017/2226, Regulation (EU) 2018/1240 and Regulation (EC) 767/2008. _________________ 48 Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011 (OJ L 327, 9.12.2017, p. 20). 49 Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) (OJ L 218, 13.8.2008, p. 60).
Amendment 31 #
Proposal for a regulation
Article 12 – paragraph 1 – point b
Article 12 – paragraph 1 – point b
(b) in respect of Regulation (EU) [API law enforcement], where the API data relates to other intra-EU flights than those included the lists referred to in Article 5(2) of that Regulation.
Amendment 34 #
Proposal for a regulation
Article 38 – paragraph 4 – point c a (new)
Article 38 – paragraph 4 – point c a (new)
(ca) the impact of this Regulation on the competitiveness of the aviation sector and the burden incurred by businesses. The Commission’s report shall also address this Regulation’s interaction with other relevant EU legislative acts, notably Regulation (EU) 2017/2226, Regulation (EU) 2018/1240 and Regulation (EC) 767/2008, with a view to assess the overall impact of related reporting obligations on air carriers, identify provisions that may be updated and simplified to mitigate the burden on air carriers, and consider actions and measures that could be taken to reduce the total cost pressure on air carriers.
Amendment 90 #
Proposal for a regulation
Recital 12 a (new)
Recital 12 a (new)
(12a) The automatic data collection systems and other processes established under this Regulation should not negatively impact the employees in the aviation industry, who should benefit from upskilling and reskilling opportunities that would increase the efficiency and reliability of data collection and transfer as well as the working conditions in the sector.
Amendment 92 #
Proposal for a regulation
Recital 13
Recital 13
(13) In view of ensuring that the pre- checks carried out in advance by competent border authorities are effective and efficient, the API data transferred to those authorities should contain data of travellers that are effectively set to cross the external borders, that is, of travellers that are effectively on board of the aircraft. Therefore, the air carriers should transfer API data directly after flight closure. Moreover, API data helps the competent border authorities to distinguish legitimate travellers from travellers who may be of interest and therefore may require additional verifications, which would necessitate further coordination and preparation of follow-up measures to be taken upon arrival. That could occur, for example, in cases of unexpected number of travellers of interest whose physical checks at the borders could adversely affect the border checks and waiting times at the borders of other legitimate travellers. To provide the competent border authorities with an opportunity to prepare adequate and proportionate measures at the border, such as temporarily reinforcing or reaffecting staff, particularly for flights where the time between the flight closure and the arrival at the external borders is insufficient to allow the competent border authorities to prepare the most appropriate response, API data should also be transmitted prior to boarding, at the moment of check-in of each traveller. The use of an interactive API should not lead to an automated denial of boarding.
Amendment 94 #
Proposal for a regulation
Recital 13 a (new)
Recital 13 a (new)
(13a) With a view to guaranteeing the fulfilment of the rights provided for under the Charter of Fundamental Rights and to ensuring accessible and inclusive travel options, especially for vulnerable groups and persons with disabilities, air carriers, supported by the Member States, should ensure that an offline alternative for the check-in and for the provision of the necessary data by the passengers is possible at all times.
Amendment 97 #
Proposal for a regulation
Recital 15 a (new)
Recital 15 a (new)
(15a) This Regulation should be subject to regular evaluations to ensure the monitoring of its effective application. In particular, the collection of API data should not be to the detriment of the travel experience of legitimate passengers. Therefore, the Commission should include in its regular evaluation reports on the application of this Regulation an assessment of the impact of this Regulation on the travel experience of legitimate passengers.
Amendment 98 #
Proposal for a regulation
Recital 15 b (new)
Recital 15 b (new)
(15b) Given that this Regulation requires additional adjustment and administrative costs by the air carriers, the overall regulatory burden for the aviation sector should be kept under close review. Against this backdrop, the report evaluating the functioning of this Regulation should assess the extent to which the objectives of the Regulation have been met and to which extent it has impacted the competitiveness of the sector. Therefore, the Commission’s report should also conduct a holistic assessment and refer to the interaction of this Regulation with other relevant EU legislative acts, notably Regulation (EU) 2017/2226, Regulation (EU) 2018/1240 and Regulation (EC) 767/2008. The report should assess the overall impact of related reporting obligations on air carriers, identifying provisions that may be updated and simplified, where appropriate, to mitigate the burden on air carriers, as well as actions and measures that have been or could be taken to reduce the total cost pressure on the aviation sector.
Amendment 100 #
Proposal for a regulation
Recital 17
Recital 17
(17) In order to avoid that air carriers have to establish and maintain multiple connections with the competent border authorities of the Member States’ for the transfer of API data collected under this Regulation and the related inefficiencies and security risks, provision should be made for a single router, created and operated at Union level, that serves as a connection and distribution point for those transfers. In the interest of efficiency and cost effectiveness, the router should, to the extent technically possible and in full respect of the rules of this Regulation and Regulation (EU) [API law enforcement], rely on technical components from other relevant systems created under Union law, notably the web service referred to in Regulation (EU) 2017/2226, the carrier gateway referred to in Regulation (EU) 2018/1240 and the carrier gateway referred to in Regulation (EC) 767/2008. In order to reduce the impact on air carriers and ensure a harmonised approach towards air carriers, eu-LISA should design the router, to the extent technically and operationally possible, in a way that is coherent and consistent with the obligations put on air carriers by Regulation (EU) 2017/2226, Regulation (EU) 2018/1240 and Regulation (EC) 767/2008.
Amendment 102 #
Proposal for a regulation
Recital 17 a (new)
Recital 17 a (new)
(17a) With a view to ensuring increased data quality and accuracy, the setting up of travel document validation systems, able to automatically verify carrier- submitted passenger data, should be considered.
Amendment 110 #
Proposal for a regulation
Recital 22
Recital 22
(22) The router to be created and operated under this Regulation should reduce and simplify the technical connections needed to transfer API data, limiting them to a single connection per air carrier and per competent border authority. Therefore, this Regulation provides for the obligation for the competent border authorities and air carriers to each establish such a connection to, and achieve the required integration with, the router, so as to ensure that the system for transferring API data established by this Regulation can function properly. To give effect to those obligations and to ensure the proper functioning of the system set up by this Regulation, they should be supplemented by detailed ruleshe design and development of the router by eu-LISA should enable the effective and efficient connection and integration of air carriers’ systems and infrastructure by providing for all relevant standards and technical requirements. To give effect to those obligations and to ensure the proper functioning of the system set up by this Regulation, they should be supplemented by detailed rules. When designing and developing the router, eu-LISA shall ensure that API data transferred by air carriers and transmitted to competent border authorities is encrypted in transit.
Amendment 111 #
Proposal for a regulation
Recital 23
Recital 23
(23) In view of the Union interests at stake, the costs incurred by the European Data Protection Supervisor and eu-LISA for the performance of its tasks under this Regulation and Regulation (EU) [API law enforcement] in respect of the router should be borne by the Union budget. The same should go for appropriate costs incurred by the Member States in relation to their connections to, and integration with, the router, as required under this Regulation and in accordance with the applicable legislation, subject to certain exceptions. The costs covered by those exceptions should be borne by each Member State concerned itself. The costs incurred by the independent national supervisory authorities in relation to the tasks entrusted to them under this Regulation and Regulation (EU) [API law enforcement] shall be borne by the respective Member States as well. The Union budget should cover the support, such as training, provided by eu-LISA to air carriers and PIUs to enable the effective transfer and transmission of API data through the router.
Amendment 117 #
Proposal for a regulation
Recital 28 a (new)
Recital 28 a (new)
(28a) When providing for the penalties applicable to air carriers under this Regulation, Member States shall take into account the technical, operational and economic feasibility of ensuring complete data accuracy. Additionally, when fines are imposed, their application and value shall be established taking into consideration the actions undertaken by the air carrier to mitigate the issue as well as its repeated failure to cooperate with national authorities.
Amendment 119 #
Proposal for a regulation
Recital 30
Recital 30
(30) As the router should be designed, developed, hosted and technically managed by the eu-LISA, established by Regulation (EU) 2018/1726 of the European Parliament and of the Council36 , it is necessary to amend that Regulation by adding that task to the tasks of eu-LISA. In order to store reports and statistics of the router on the Common Repository for Reporting and Statistics it is necessary to amend Regulation (EU) 2019/817 of the European Parliament and of the Council37 . The Common Repository for Reporting and Statistics should only provide statistics based on the relevant API data for the implementation and effective supervision of this Regulation. _________________ 36 Regulation (EU) 2018/1726 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), and amending Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) No 1077/2011 (OJ L 295, 21.11.2018, p. 99). 37 Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27).
Amendment 172 #
Proposal for a regulation
Article 6 – paragraph 2 a (new)
Article 6 – paragraph 2 a (new)
2a. The router shall verify whether the API data transferred to it in accordance with paragraph 1 complies with the detailed rules on the supported data formats. Where the router has verified that the data is not compliant with the detailed rules, the router shall, immediately and in an automated manner, notify the air carrier concerned.
Amendment 174 #
Proposal for a regulation
Article 6 – paragraph 3
Article 6 – paragraph 3
3. The Commission is empowered to adopt delegated acts in accordance with Article 37 to supplement this Regulation by laying down the necessary detailed rules on the common protocols and supported data formats to be used for the encrypted transfers of API data to the router referred to in paragraph 1, including the use of interactive API for the transfer of API data at the moment of check-in.
Amendment 180 #
Proposal for a regulation
Article 8 – paragraph 1
Article 8 – paragraph 1
1. Air carriers shall store, for a time period of 248 hours from the moment of departure of the flight, the API data relating to that passenger that they collected pursuant to Article 4. They shall immediately and permanently delete that API data after the expiry of that time period. This is without prejudice to the possibility for air carriers to retain and use the data where necessary for the normal course of their business in particular for travel facilitation, in compliance with the applicable law and in particular Regulation (EU) 2016/679.
Amendment 200 #
Proposal for a regulation
Article 9 – paragraph 3
Article 9 – paragraph 3
3. Without prejudice to Article 10 of this Regulation, the router shall, to the extent technically possible, share and re- use the technical components, including hardware and software components, of the web service referred to in Article 13 of Regulation (EU) 2017/2226 of the European Parliament and of the Council48 , the carrier gateway referred to in Article 6(2), point (k), of Regulation (EU) 2018/1240, and the carrier gateway referred to in Article 2a, point (h), of Regulation (EC) 767/2008 of the European Parliament and of the Council49 . eu-LISA shall design the router, to the extent technically and operationally possible, in a way that is coherent and consistent with the obligations put on air carriers by Regulation (EU) 2017/2226, Regulation (EU) 2018/1240 and Regulation (EC) 767/2008. _________________ 48 Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011 (OJ L 327, 9.12.2017, p. 20). 49 Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) (OJ L 218, 13.8.2008, p. 60).
Amendment 258 #
Proposal for a regulation
Article 24 – paragraph 1
Article 24 – paragraph 1
1. eu-LISA shall, upon their request, provide training to competent border authorities, PIUs and other relevant Member States’ authorities and air carriers on the technical use of the router and on the connection and integration to the router.
Amendment 260 #
Proposal for a regulation
Article 25 – paragraph 1
Article 25 – paragraph 1
1. Costs incurred by eu-LISA in relation to the design, development, hosting and technical management of the router under this Regulation and Regulation (EU) [API law enforcement] shall be borne by the general budget of the Union. In view of the Union interests at stake, in relation to its responsibilities for the design, development, hosting and technical management and maintenance of the router, eu-LISA shall be provided with the necessary resources under the Union budget in accordance with the applicable legislation.
Amendment 268 #
Proposal for a regulation
Article 31 – paragraph 1
Article 31 – paragraph 1
1. EFor the implementation and supervision of this Regulation, every quarter, eu-LISA shall publish statistics on the functioning of the router, showing in particular the number, the nationality and the country of departure and on compliance by air carriers with the obligations set out in this Regulation, showing in particular the number of passengers on which API data is transmitted, number of flights for which API data is transmitted, flights on which API data is not transmitted, number of API messages transmitted ofn thime travellero competent border authorities, and specifically of the travellpassengers who boarded the aircraft with inaccurate, incomplete or no longer up-to-date API data, with a non- recognised travel document, without a valid visa, without a valid travel authorization, or reported as overstay, the number and nationality of travellpassengers.
Amendment 280 #
Proposal for a regulation
Article 31 – paragraph 5 – introductory part
Article 31 – paragraph 5 – introductory part
5. eu-LISA shall have the right to access the following API data transmitted through to the router, solely for the purposes ofThe central repository for reporting and statistics shall provide eu- LISA, solely for the reporting referred to in Article 38 and for generating statistics in accordance with the present Article, without however such access statistics on API allowing for the identification of the travellpassengers concerned:
Amendment 292 #
Proposal for a regulation
Article 31 – paragraph 6
Article 31 – paragraph 6
6. For the the purposes of the reporting referred to in Article 38 and for generating statistics in accordance with the present Article, eu-LISA shall store the data referred to in paragraph 5 of this Article in the central repository for reporting and statistics established by Article 39 of Regulation (EU) 2019/817. The cross-system statistical data and analytical reporting referred to in Article 39(1) of that Regulation shall allowentral repository for reporting and statistics shall provide duly authorised staff the competent border authorities and other relevant authorities of the Member States to obtainwith customisable reports and statistics, for the purposes referred to in Article 1 on API as referred to in paragraph 5, for the implementation and supervision of this Regulation.
Amendment 303 #
Proposal for a regulation
Article 38 – paragraph 4 – introductory part
Article 38 – paragraph 4 – introductory part
4. By [four years after the date of entry into force of this Regulation ] and every four years thereafter, the Commission shall produce a report containing an overall evaluation of this Regulation, demonstrating the necessity and added value of the collection of API data, including an assessment of:
Amendment 304 #
Proposal for a regulation
Article 38 – paragraph 4 – point c a (new)
Article 38 – paragraph 4 – point c a (new)
(ca) the impact of this Regulation on the travel experience of legitimate passengers.
Amendment 305 #
Proposal for a regulation
Article 38 – paragraph 4 – point c b (new)
Article 38 – paragraph 4 – point c b (new)
(cb) the impact of this Regulation on the competitiveness of the aviation sector and the burden incurred by businesses. The Commission’s report shall also address this Regulation’s interaction with other relevant EU legislative acts, notably Regulation (EU) 2017/2226, Regulation (EU) 2018/1240 and Regulation (EC) 767/2008, with a view to assess the overall impact of related reporting obligations on air carriers, identify provisions that may be updated and simplified, where appropriate, to mitigate the burden on air carriers, and consider actions and measures that could be taken to reduce the total cost pressure on air carriers.
Amendment 307 #
Proposal for a regulation
Article 38 – paragraph 6
Article 38 – paragraph 6
6. The Member States and air carriers shall, upon request, provide eu-LISA and the Commission with the information necessary to draft the reports referred to in paragraphs 2, 3 and 4, including information not constituting personal data related to the results of the pre-checks of Union information systems and national databases at the external borders with API data. In particular, Member States shall provide quantitative and qualitative information on the necessity and added value of the collection of API data from an operational perspective. However, Member States may refrain from providing such information if, and to the extent necessary not to disclose confidential working methods or jeopardise ongoing investigations of the competent border authorities. The Commission shall ensure that any confidential information provided is appropriately protected.