Next event: Debate in Parliament 2024/04/24 more...
- Approval in committee of the text agreed at 1st reading interinstitutional negotiations 2024/03/19
- Coreper letter confirming interinstitutional agreement 2024/03/13
- Committee decision to enter into interinstitutional negotiations confirmed by plenary (Rule 71) 2023/12/13
- Committee decision to enter into interinstitutional negotiations announced in plenary (Rule 71) 2023/12/11
- Committee report tabled for plenary, 1st reading 2023/12/07
- Vote in committee, 1st reading 2023/11/28
- Committee decision to open interinstitutional negotiations with report adopted in committee 2023/11/28
- Contribution 2023/09/15
- Amendments tabled in committee 2023/09/05
- Committee opinion 2023/07/19
Progress: Awaiting Parliament's position in 1st reading
Role | Committee | Rapporteur | Shadows |
---|---|---|---|
Lead | LIBE | OETJEN Jan-Christoph ( Renew) | LENAERS Jeroen ( EPP), KALJURAND Marina ( S&D), STRIK Tineke ( Verts/ALE), FEST Nicolaus ( ID), KANKO Assita ( ECR), GUSMÃO José ( GUE/NGL) |
Committee Opinion | BUDG | ||
Committee Opinion | TRAN | OETJEN Jan-Christoph ( Renew) | Marian-Jean MARINESCU ( PPE), Kosma ZŁOTOWSKI ( ECR), Josianne CUTAJAR ( S&D), Clare DALY ( GUE/NGL) |
Lead committee dossier:
Legal Basis:
TFEU 077-p2, TFEU 079-p2
Legal Basis:
TFEU 077-p2, TFEU 079-p2Subjects
Events
The Committee on Civil Liberties, Justice and Home Affairs adopted the report by Jan-Christoph OETJEN (Renew, DE) on the proposal for a regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information (API) for enhancing and facilitating external border controls, amending Regulation (EU) 2019/817 and Regulation (EU) 2018/1726, and repealing Council Directive 2004/82/EC.
The committee responsible recommended that the European Parliament's position adopted at first reading under the ordinary legislative procedure should amend the proposal as follows:
API data to be collected by air carriers
The amended text stated that air carriers should collect API data of passengers, consisting of the passenger data and the flight information, respectively, on the flights for the purpose of transferring that API data to the router. Where the flight is code-shared between one or more air carriers, the obligation to transfer the API data should be on the air carrier that operates the flight.
Means of collecting API data
The collection of API data should not include an obligation for air carriers to check the travel document at the moment of boarding the aircraft or an obligation for passengers to carry a travel document when travelling, without prejudice to acts of national law that are compatible with Union law. The collection of API data by automated means should not lead to the collection of any biometric data from the travel document.
Where air carriers provide an online check-in process, they should enable passengers to provide the API data during the online check-in process, using automated means .
Air carriers should ensure that API data is encrypted during the transmission of the data from the passenger to the air carriers.
Obligations on air carriers regarding transfers of API data
At the moment of check-in, air carriers should transfer the API data in accordance with this Regulation and relevant international standards. Air carriers should receive an acknowledgement of receipt of the transfer of the API data.
Processing of API data received
The competent border authorities should be prohibited from processing API data for the purposes of profiling under any circumstances.
Storage and deletion of API data
Members suggested that air carriers should store, for a time period of 24 hours (as opposed to the 48 hours proposed by the Commission) from the moment of departure of the flight, the API data relating to that passenger that they collected. They should immediately and permanently delete that API data after the expiry of that time period.
Air carriers or competent border authorities should immediately and permanently delete API data where they become aware that the API data collected was processed unlawfully or that the data transferred does not constitute API data.
Fundamental Rights
The collection and processing of personal data by air carriers and competent authorities should not result in discrimination against persons on the grounds of sex and gender, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age or sexual orientation.
The router
Members clarified the functioning of the router. It should allow for the reception and transmission of encrypted API data and automatically extract and make available the statistics to the central repository for reporting and statistics.
eu-LISA should design and develop the router in a way that any API data transferred from the air carriers to the router and any API data transmitted from the router to the competent border authorities and to the central repository for reporting and statistics are encrypted.
Information to passengers
Air carriers should provide passengers with information on the purpose of the collection of their personal data, the type of personal data collected, the recipients of the personal data and the means to exercise the data subject rights. This information should be communicated to passengers in writing and in an easily accessible format at the moment of booking and at the moment of check-in, irrespective of the means used to collect the personal data at the moment of check-in.
Costs of eu-LISA, the European Data Protection Supervisor, the national supervisory authorities and of Member States
Member underlined that the financial appropriation to the functioning of the router will determine its success, therefore eu-LISA should be provided with the necessary resources. In addition, in view of the expected increase in tasks for the EDPS and national data protection authorities, the report includes provisions regarding the coverage of cost costs incurred by them as well.
Penalties
Member States should ensure that a systematic or persistent failure to comply with obligations set out in this Regulation is subject to financial penalties of up to 2% of an air carrier's global turnover of the preceding business year.
API Expert Group
The committee called for an API Expert Group to be set up to facilitate cooperation and the exchange of information on obligations stemming from and issues relating to this Regulation among Member States, EU institutions and stakeholders.
The Group should be composed of representatives of the European Commission, Member States’ relevant authorities, the European Parliament and eu-LISA.
Monitoring and evaluation
Members considered that this Regulation should be subject to regular evaluations to ensure the monitoring of its effective application. In particular, the collection of API data should not be to the detriment of the travel experience of legitimate passengers. The overall regulatory burden for the aviation sector should be kept under close review.
Moreover, the report should assess the extent to which the objectives of the Regulation have been met and to which extent it has impacted the competitiveness of the sector.
PURPOSE: to present new rules on the collection and transfer of advance passenger information (API) to facilitate external border controls, combat illegal immigration and increase internal security.
PROPOSED ACT: Regulation of the European Union and of the Council.
ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.
BACKGROUND: Advance Passenger Information (API) is information on a passenger collected at check-in or at boarding. It includes information about the passenger and information about their flight. In 2019, the International Civil Aviation Organisation (ICAO) reported 4.5 billion passengers globally carried by air transport on scheduled services, with over half a billion passengers that enter or leave the EU every year. This puts a strain on the external air borders of the EU as all travellers, meaning non-EU nationals, and EU citizens crossing the external borders, should be effectively and systematically checked against the relevant databases. To ensure that checks can be performed efficiently on every air passenger, there is a need to speed up border controls at airports and ensure the facilitation of passenger flows while at the same time maintaining a high level of security.
The existing legal framework on API data, which consists of Council Directive 2004/82/EC and national law transposing that Directive, has proven important in improving border controls, notably by setting up a framework for Member States to introduce provisions for laying down obligations on air carriers to transfer API data on passengers transported into their territory. However, divergences remain at national level. In particular, API data is not systematically requested from air carriers and air carriers are faced with different requirements regarding the type of information to be collected and the conditions under which the API data needs to be transferred to competent border authorities. Those divergences lead not only to unnecessary costs and complications for the air carriers, but they are also prejudicial to ensuring effective and efficient pre-checks of persons arriving at external borders.
The existing legal framework should therefore be updated and replaced to ensure that the rules regarding the collection and transfer of API data for the purpose of enhancing and facilitating the effectiveness and efficiency of border checks at external borders and for combating illegal immigration are clear, harmonised and effective .
CONTENT: this proposed Regulation presents new rules on the collection and transfer of advance passenger information (API) to facilitate external border controls, combat illegal immigration and increase internal security. It lays down the rules on:
- the collection by air carriers of advance passenger information (‘API data’) on flights into the Union;
- the transfer by air carriers to the router of the API data;
- the transmission from the router to the competent border authorities of the API data.
It will apply to air carriers conducting scheduled or non-scheduled flights into the Union.
Overall, the proposal contains:
- provisions for the collection and transfer of API data, namely a clear set of rules for the collection of API data by air carriers, rules regarding the transfer of API data to the router, the processing of API data by competent border authorities, and the storage and deletion of API data by air carriers and those authorities;
- provisions for the transmission of API data through a central router which will act as the single point of reception and onward distribution of data, replacing the current system comprised of multiple connections between air carriers and national authorities. More specifically, it includes provisions describing the main features of the router, rules on the use of the router, the procedure for the transmission of API data from the router to the competent border authorities, deletion of API data from the router, the keeping of logs, and the procedures in case of a partial or full technical impossibility to use the router;
- specific provisions on the protection of personal data . More specifically, it specifies who the data controllers and data processor are for the processing of API data constituting personal data pursuant to this Regulation. It also sets out measures required from eu-LISA to ensure the security of data processing, in line with the provisions of Regulation (EU) 2018/1725. It sets out measures required from air carriers and competent border authorities to ensure their self-monitoring of compliance with the relevant provisions set out in this Regulation and rules on audits;
- specific issues relating to the router . It contains requirements on the connections to the router of competent border authorities and air carriers. It also sets out the tasks of eu-LISA relating to the design and development of, the hosting and technical management of, and other support tasks relating to, the router. It also contains provisions concerning the costs incurred by eu-LISA and Member States under this Regulation, in particular as regards Member States’ connections to and integration with the router. It also sets out provisions regarding liability for damage cause to the router, the start of operations of the router and the possibility of voluntary use of the router by air carriers subject to certain conditions;
- provisions on supervision, possible penalties applicable to air carriers for non-compliance of their obligations set out in this Regulation, rules relating to statistical reporting by eu-LISA, and on the preparation of a practical handbook by the Commission;
Budgetary implications
This proposal will have an impact on the budget and staff needs of eu-LISA and Member States’ competent border authorities.
For eu-LISA, it is estimated that an additional budget of around EUR 45 million (33 million under current MFF) to set-up the router and EUR 9 million per year from 2029 onwards for the technical management thereof, and that around 27 additional posts would be needed for to ensure that eu-LISA has the necessary resources to perform the tasks attributed to it in this proposed Regulation and in the proposed Regulation for the collection and transfer of API data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime.
For Member States, it is estimated that EUR 27 million (EUR 8 million under the current Multiannual Financial Framework) dedicated to upgrading the necessary national systems and infrastructures for border management authorities, and progressively up to EUR 5 million per year from 2028 onwards for the maintenance thereof, could be entitled for reimbursement by Border Management and Visa Instrument fund. Any such entitlement will ultimately have to be determined in accordance with the rules regulating those funds as well as the rules on costs contained in the proposed Regulation.
Documents
- Debate in Parliament: Debate in Parliament
- Approval in committee of the text agreed at 1st reading interinstitutional negotiations: GEDA/A/(2024)001541
- Coreper letter confirming interinstitutional agreement: GEDA/A/(2024)001541
- Committee report tabled for plenary, 1st reading: A9-0409/2023
- Contribution: COM(2022)0729
- Amendments tabled in committee: PE752.817
- Committee opinion: PE746.927
- Committee draft report: PE750.252
- Economic and Social Committee: opinion, report: CES0256/2023
- Contribution: COM(2022)0729
- Contribution: COM(2022)0729
- Document attached to the procedure: OJ C 084 07.03.2023, p. 0002
- Document attached to the procedure: N9-0017/2023
- Document attached to the procedure: EUR-Lex
- Document attached to the procedure: SEC(2022)0444
- Document attached to the procedure: EUR-Lex
- Document attached to the procedure: SWD(2022)0421
- Document attached to the procedure: EUR-Lex
- Document attached to the procedure: SWD(2022)0422
- Document attached to the procedure: EUR-Lex
- Document attached to the procedure: SWD(2022)0423
- Legislative proposal published: COM(2022)0729
- Legislative proposal published: EUR-Lex
- Document attached to the procedure: EUR-Lex SEC(2022)0444
- Document attached to the procedure: EUR-Lex SWD(2022)0421
- Document attached to the procedure: EUR-Lex SWD(2022)0422
- Document attached to the procedure: EUR-Lex SWD(2022)0423
- Document attached to the procedure: OJ C 084 07.03.2023, p. 0002 N9-0017/2023
- Economic and Social Committee: opinion, report: CES0256/2023
- Committee draft report: PE750.252
- Committee opinion: PE746.927
- Amendments tabled in committee: PE752.817
- Coreper letter confirming interinstitutional agreement: GEDA/A/(2024)001541
- Contribution: COM(2022)0729
- Contribution: COM(2022)0729
- Contribution: COM(2022)0729
Amendments | Dossier |
25 |
2022/0424(COD)
2023/06/08
TRAN
25 amendments...
Amendment 12 #
Proposal for a regulation Recital 8 (8) In the interest of effectiveness and legal certainty, the items of information that jointly constitute the API data to be collected and subsequently transferred under this Regulation should be listed clearly and exhaustively, covering both information relating to each traveller and information on the flight of that traveller. Such flight information should cover information on the border crossing point of entry into the territory of the Member State concerned in all cases covered by this Regulation, but that information should be collected only where applicable under Regulation (EU) [API law enforcement]
Amendment 13 #
Proposal for a regulation Recital 9 (9) In order to allow for flexibility and innovation, it should in principle be left to each air carrier to determine how it meets its obligations regarding the collection of API data set out in this Regulation. However, considering that suitable technological solutions exist that allow collecting certain API data automatically while guaranteeing that the API data concerned is accurate, complete and up-to- date, and having regard the advantages of
Amendment 14 #
Proposal for a regulation Recital 12 a (new) (12a) The automatic data collection systems and other processes established under this Regulation should not negatively impact the employees in the aviation industry, who should benefit from upskilling and reskilling opportunities that would increase the efficiency and reliability of data collection and transfer as well as the working conditions in the sector.
Amendment 15 #
Proposal for a regulation Recital 13 (13) In view of ensuring that the pre- checks carried out in advance by competent border authorities are effective and efficient, the API data transferred to those authorities should contain data of travellers that are effectively set to cross
Amendment 16 #
Proposal for a regulation Recital 13 a (new) (13a) With a view to guaranteeing the fulfilment of the rights provided for under the Charter of Fundamental Rights and to ensuring accessible and inclusive travel options, especially for vulnerable groups and persons with disabilities, air carriers, supported by the Member States, shall ensure that an offline alternative for the check-in and for the provision of the necessary data by the passengers is possible at all times.
Amendment 17 #
Proposal for a regulation Recital 13 a (new) (13a) In order to enhance data quality, the router should verify whether the API data transferred to it by the air carriers complies with the supported data formats. Where the router has verified that the data is not compliant with the suported data formats, the router should, immediately and in an automated manner, notify the air carrier concerned.
Amendment 18 #
Proposal for a regulation Recital 15 a (new) (15a) Given that this Regulation requires additional adjustment and administrative costs by the air carriers, the overall regulatory burden for the aviation sector should be kept under close review. Against this backdrop, the report evaluating the functioning of this Regulation should assess the extent to which the objectives of the Regulation have been met and to which extent it has impacted the competitiveness of the sector. Therefore, the Commission’s report should also refer to the interaction of this Regulation with other relevant EU legislative acts, notably Regulation (EU) 2017/2226, Regulation (EU) 2018/1240 and Regulation (EC) 767/2008. The report should assess the overall impact of related reporting obligations on air carriers, identifying provisions that may be updated and simplified to mitigate the burden on air carriers, as well as actions and measures that have been or could be taken to reduce the total cost pressure on the aviation sector.
Amendment 19 #
Proposal for a regulation Recital 17 (17) In order to avoid that air carriers have to establish and maintain multiple connections with the competent border authorities of the Member States’ for the transfer of API data collected under this Regulation and the related inefficiencies
Amendment 20 #
Proposal for a regulation Recital 17 a (new) (17a) With a view to ensuring increased data quality and accuracy, the setting up of travel document validation systems, able to automatically verify carrier- submitted passenger data, should be considered.
Amendment 21 #
Proposal for a regulation Recital 19 (19) The router should serve only to facilitate the transmission of API data from the air carriers to the competent border authorities in accordance with this Regulation and to PIUs in accordance with Regulation (EU) [API law enforcement], and should not be a repository of API data. Therefore, and in order to minimise any risk of unauthorised access or other misuse and in accordance with the principle of data minimisation, any storage of the API data on the router should remain limited to what is strictly necessary for technical purposes related to the transmission and the API data should be deleted from the router, immediately, permanently and in an automated manner, from the moment that the transmission has been completed
Amendment 22 #
Proposal for a regulation Recital 28 a (new) (28a) When providing for the penalties applicable to air carriers under this Regulation, Member States shall take into account the technical, operational and economic feasibility of ensuring complete data accuracy. Additionally, when fines are imposed, their application and value shall be established taking into consideration the actions undertaken by the air carrier to mitigate the issue as well as its repeated failure to cooperate with national authorities.
Amendment 23 #
Proposal for a regulation Recital 36 a (new) (36a) When monitoring and evaluating the effective implementation of this Regulation to the benefit of authorities, travellers and air carriers, the Commission shall conduct a holistic assessment of the present Act in relation to other regulations that impact the flow of travellers' data. In this regard, the Commission shall also consider the harmonisation of the channels of transmission of the data that air carriers are required to collect and transfer.
Amendment 24 #
Proposal for a regulation Recital 36 b (new) (36b) The EU should evaluate the possibility to include other modes of transport within the scope of this Regulation, while taking into account the particularities, business models and ticket purchase practices thereof.
Amendment 25 #
Proposal for a regulation Article 5 – paragraph 2 – subparagraph 1 Air carriers shall collect the API data referred to Article 4(2), points (a) to (d), using, where technically and operationally feasible, automated means to collect the machine-readable data of the travel document of the traveller concerned. They shall do so in accordance with the detailed technical requirements and operational rules referred to in paragraph 4, where such rules have been adopted and are applicable.
Amendment 26 #
Proposal for a regulation Article 5 – paragraph 2 – subparagraph 2 However, where such use of automated means is not possible due to the travel document not containing machine-readable data or due to other technical and operational barriers, air carriers shall collect that data manually, in such a manner as to ensure
Amendment 27 #
Proposal for a regulation Article 6 – paragraph 2 2. Air carriers shall transfer the API data both at the moment of check-in and immediately after flight closure, that is, once the passengers have boarded the aircraft in preparation for departure and it is no longer possible for passengers to board or to leave the aircraft. At the moment of check-in, air carriers shall transfer the API data by way of interactive API in accordance with international standards. Where an air carrier transfers the API data by way of interactive API, it shall receive a meaningful reply in accordance with Regulation (EU) 2017/2226, Regulation (EU) 2018/1240 and Regulation (EC) 767/2008.
Amendment 28 #
Proposal for a regulation Article 6 – paragraph 2 a (new) 2a. The router shall verify whether the API data transferred to it in accordance with paragraph 1 complies with the detailed rules on the supported data formats. Where the router has verified that the data is not compliant with the detailed rules, the router shall, immediately and in an automated manner, notify the air carrier concerned.
Amendment 29 #
Proposal for a regulation Article 6 – paragraph 3 3. The Commission is empowered to adopt delegated acts in accordance with Article 37 to supplement this Regulation by laying down the necessary detailed rules on the common protocols and supported data formats to be used for the transfers of API data to the router referred to in paragraph 1, including the use of interactive API for the transfer of API data at the moment of check-in.
Amendment 30 #
Proposal for a regulation Article 9 – paragraph 3 3. Without prejudice to Article 10 of this Regulation, the router shall, to the extent technically possible, share and re- use the technical components, including hardware and software components, of the web service referred to in Article 13 of Regulation (EU) 2017/2226 of the European Parliament and of the Council48,
Amendment 31 #
Proposal for a regulation Article 12 – paragraph 1 – point b (b) in respect of Regulation (EU) [API
Amendment 32 #
Proposal for a regulation Article 12 – paragraph 1 – point b a (new) (ba) where the transmission of the API data to the router has taken place before the air carrier became aware of a technical impossibility of the router to subsequently transmit the API data to the competent border authorities or PIUs, as applicable.
Amendment 33 #
Proposal for a regulation Article 22 – paragraph 3 a (new) 3a. Where technically and operationally feasible, the router should allow for the use of pseudonymization and/or encryption of the API data.
Amendment 34 #
Proposal for a regulation Article 38 – paragraph 4 – point c a (new) (ca) the impact of this Regulation on the competitiveness of the aviation sector and the burden incurred by businesses. The Commission’s report shall also address this Regulation’s interaction with other relevant EU legislative acts, notably Regulation (EU) 2017/2226, Regulation (EU) 2018/1240 and Regulation (EC) 767/2008, with a view to assess the overall impact of related reporting obligations on air carriers, identify provisions that may be updated and simplified to mitigate the burden on air carriers, and consider actions and measures that could be taken to reduce the total cost pressure on air carriers.
Amendment 35 #
Proposal for a regulation Article 38 – paragraph 4 – point c a (new) (ca) The interaction with other relevant legislative acts, identifying provisions that may be updated and simplified, as well as actions and measures that have been or could be taken to reduce the total cost pressure on the aviation sector.
Amendment 36 #
4a. The report provided for under paragraph 4 of this Article shall also encompass an assessement of the possibility to include other modes of transport within the scope of this Regulation, while taking into account the particularities, business models and ticket purchase practices thereof.
source: 749.217
|
History
(these mark the time of scraping, not the official date of the change)
docs/10 |
|
events/9 |
|
procedure/stage_reached |
Old
Awaiting Parliament's position in 1st readingNew
Awaiting Council's 1st reading position |
events/8 |
|
forecasts |
|
forecasts/0 |
|
forecasts/0 |
|
forecasts/0 |
|
forecasts/0 |
|
forecasts/0 |
|
forecasts/0 |
|
forecasts/0 |
|
forecasts/0 |
|
forecasts/0 |
|
forecasts/0 |
|
docs/9 |
|
events/7 |
|
docs/9 |
|
events/7 |
|
docs/9 |
|
events/7 |
|
docs/9 |
|
events/7 |
|
docs/9 |
|
events/7 |
|
docs/9 |
|
events/7 |
|
docs/9 |
|
events/7 |
|
docs/9 |
|
docs/9 |
|
forecasts |
|
docs/9 |
|
events/4/summary |
|
events/6 |
|
events/5 |
|
docs/9/docs/0/url |
https://www.europarl.europa.eu/doceo/document/A-9-2023-0409_EN.html
|
events/4/docs/0/url |
https://www.europarl.europa.eu/doceo/document/A-9-2023-0409_EN.html
|
docs/9 |
|
events/2 |
|
events/3 |
|
events/4 |
|
procedure/stage_reached |
Old
Awaiting committee decisionNew
Awaiting Parliament's position in 1st reading |
docs/4/docs/0/url |
Old
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:2023:084:TOCNew
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2023:084:TOC |
docs/9/date |
Old
2023-09-14T00:00:00New
2023-09-15T00:00:00 |
docs/10/date |
Old
2023-03-22T00:00:00New
2023-03-23T00:00:00 |
docs/11/date |
Old
2023-04-25T00:00:00New
2023-04-26T00:00:00 |
docs/9 |
|
docs/8 |
|
docs/7 |
|
docs/6 |
|
docs/5 |
|
commission |
|
committees/0/shadows/3 |
|
committees/0/shadows/4 |
|
committees/0/shadows |
|
docs/6 |
|
procedure/title |
Old
Collection and transfer of advance passenger information (API) for enhancing and facilitating external border controlsNew
Collection and transfer of advance passenger information for enhancing and facilitating external border controls |
committees/0/rapporteur |
|
docs/5 |
|
docs/4 |
|
committees/2/rapporteur |
|
procedure/Legislative priorities/0/title |
Old
Joint Declaration on EU legislative priorities for 2023 and 2024New
Joint Declaration 2023-24 |
procedure/Legislative priorities |
|
events/1 |
|
procedure/dossier_of_the_committee |
|
procedure/stage_reached |
Old
Preparatory phase in ParliamentNew
Awaiting committee decision |
committees/1/opinion |
False
|
docs/0 |
|
events/0/summary |
|
docs/1/docs/0 |
|
events |
|
docs/0/docs/1 |
|