Next event: Debate in Parliament 2024/04/24 more...
- Approval in committee of the text agreed at 1st reading interinstitutional negotiations 2024/03/19
- Coreper letter confirming interinstitutional agreement 2024/03/13
- Committee decision to enter into interinstitutional negotiations confirmed by plenary (Rule 71) 2023/12/13
- Committee decision to enter into interinstitutional negotiations announced in plenary (Rule 71) 2023/12/11
- Committee report tabled for plenary, 1st reading 2023/12/07
- Vote in committee, 1st reading 2023/11/28
- Committee decision to open interinstitutional negotiations with report adopted in committee 2023/11/28
- Contribution 2023/09/15
- Amendments tabled in committee 2023/09/05
- Committee opinion 2023/07/19
- Committee draft report 2023/07/04
Progress: Awaiting Parliament's position in 1st reading
Role | Committee | Rapporteur | Shadows |
---|---|---|---|
Lead | LIBE | KANKO Assita ( ECR) | LENAERS Jeroen ( EPP), TANG Paul ( S&D), OETJEN Jan-Christoph ( Renew), STRIK Tineke ( Verts/ALE), FEST Nicolaus ( ID), DALY Clare ( GUE/NGL) |
Committee Opinion | BUDG | ||
Committee Opinion | TRAN | OETJEN Jan-Christoph ( Renew) | Marian-Jean MARINESCU ( PPE), Kosma ZŁOTOWSKI ( ECR), Josianne CUTAJAR ( S&D), Clare DALY ( GUE/NGL) |
Lead committee dossier:
Legal Basis:
TFEU 082-p2, TFEU 087-p2
Legal Basis:
TFEU 082-p2, TFEU 087-p2Subjects
Events
The Committee on Civil Liberties, Justice and Home Affairs adopted the report by Assita KANKO (ECR, BE) on the proposal for a regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information for the prevention, detection, investigation and prosecution of terrorist offences and serious crime, and amending Regulation (EU) 2019/818.
The committee responsible recommended that the European Parliament's position adopted at first reading under the ordinary legislative procedure should amend the proposal as follows:
API data to be collected by air carriers
The amended text stated that air carriers should collect API data of passengers , consisting of the passenger data and the flight information, respectively, on the flights for the purpose of transferring that API data to the router.
API data should include only the following passenger data for each passenger on the flight: (a) surname, given name(s); (b) date of birth, sex and nationality; (c) type and number of travel document and the three-letter code of the country that issued it; (d) expiry date of the validity of the travel document; (e) the Passenger Name Record number used by an air carrier to locate a passenger in its information system (PNR record locator); (f) the aircraft seat number allocated to a passenger; (g) the number and weight of checked baggage.
API data should include only the following flight information : the flight identification number(s); where applicable, the border crossing point of entry into the territory of the Member State; the airport code of entry into the territory of the Member State; the initial point of embarkation; the local date and estimated time of departure and arrival.
Collection of API data
Air carriers should collect the API data, using automated means to collect the machine-readable data of the travel document of the passenger concerned.
Where the use of automated means is not possible, air carriers should collect that data manually , either as part of the online check-in or as part of the check-in at the airport.
The collection of API data by automated means should be strictly limited to the alphanumerical data contained in the travel document and should not lead to the collection of any biometric data from it.
Storage and deletion of API data
Members suggested that air carriers should store, for a time period of 24 hours from the moment of departure of the flight, the API data relating to that passenger that they collected. They should immediately and permanently delete that API data after the expiry of that time period.
Air carriers or competent border authorities should immediately and permanently delete API data where they become aware that the API data collected was processed unlawfully or that the data transferred does not constitute API data.
Fundamental rights
The processing of API data and, in particular, API data constituting personal data, should remain strictly limited to what is necessary and proportionate to achieve the objectives pursued by the Regulation. Furthermore, the processing of API data collected and transferred under the Regulation should not lead to any form of discrimination excluded by the Charter of Fundamental Rights of the European Union.
The Router
The report stated that in order to avoid that air carriers have to establish and maintain multiple connections with Passenger Information Units (PIUs) for the transfer of API data and PNR data, and to avoid the related inefficiencies and security risks, provision should be made for a single router, created and operated at the Union level, that should serve as a connection, filter and distribution point for those transfers.
In this regard, eu-LISA should design, develop, host and technically manage, a router for the purpose of facilitating the transfer of encrypted API and PNR data by the air carriers to the PIUs.
Methodology and criteria for the selection of intra-EU flights
Member States that decide to apply Directive (EU) 2016/681 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime (‘PNR Directive’) and consequently this Regulation to intra-EU flights should for the selection of those flights:
- carry out an objective, duly reasoned and non-discriminatory threat assessment ;
- take into account only criteria which are relevant for the prevention, detection, investigation and prosecution of terrorist offences and serious crime having an objective link.
In situations of a genuine and present or foreseeable terrorist threat , Member States may apply Directive (EU) 2016/681 to all intra-EU flights arriving at or departing from its territory, in a decision that is limited in time to what is strictly necessary and that is open to effective review.
Logs
Members suggested that u-LISA should keep logs of all processing operations relating to the transfer of API data through the router under this Regulation.
Actions in the case of technical impossibility to use the router
eu-LISA should immediately notify air carriers and Passenger Information Units in an automated manner of the technical impossibility of using the router and take steps to remedy this technical impossibility.
Information to passengers
Air carriers should provide passengers with information on the purpose of the collection of their personal data, the type of personal data collected, the recipients of the personal data and the means to exercise the data subject rights. This information should be communicated to passengers in writing and in an easily accessible format at the moment of booking and at the moment of check-in, irrespective of the means used to collect the personal data at the moment of check-in.
Penalties
Member States should ensure that a systematic or persistent failure to comply with obligations set out in this Regulation is subject to financial penalties of up to 2% of an air carrier's global turnover of the preceding business year.
PURPOSE: to present new rules on the collection and transfer of advance passenger information (API) for the prevention, detection, investigation and prosecution of terrorist offences and serious crime.
PROPOSED ACT: Regulation of the European Union and of the Council.
ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.
BACKGROUND: over the last decade the EU and other parts of the world have seen an increase in serious and organised crime. According to Europol’s EU Serious and Organised Crime Threat Assessment, most organised crime involves international travel, typically aimed at smuggling persons, drugs or other illicit goods into the EU. Notably, criminals make frequent use of the EU’s main airports as well as smaller regional airports operating low-cost airlines. In this context, information on air travellers is an important tool for law enforcement authorities to counter serious crime and terrorism in the EU.
Air traveller data includes Advance Passenger Information (API) and Passenger Name Records (PNR) which, when used together, are particularly effective to identify high-risk travellers and to confirm the travel pattern of suspected individuals.
In the EU, the PNR Directive does not lead to the collection of the full set of API data, as air carriers do not have any business purpose to collect such data.
The joint processing of API and PNR data by competent law enforcement authorities substantially increases the effectiveness of the fight against serious crimes and terrorism in the EU . The combined use of API data and PNR data enables the competent national authorities to confirm the identity of passengers and greatly improves the reliability of PNR data.
The current EU legal framework only regulates the use of PNR data for fighting serious crime and terrorism but does not do so specifically for API data, which can be requested only on flights coming from third countries, leading to a security gap , notably regarding intra-EU flights for which Member States request air carriers to transfer PNR data. Passenger Information Units obtain the most effective operational results on flights where both API and PNR data are collected. This means that competent law enforcement authorities cannot benefit from the results of the joint processing of API data and PNR data on flights within the EU, for which only PNR data is transferred.
For those reasons, complementary rules should be established requiring air carriers to collect and subsequently transfer a specifically defined set of API data, which requirements should apply to the extent that the air carriers are bound under that Directive to collect and transfer PNR data on the same flight.
It is therefore necessary to establish at Union level clear, harmonised and effective rules on the collection and transfer of API data for the purpose of preventing, detecting, investigating and prosecuting terrorist offences and serious crime.
CONTENT: the proposed Regulation aims to lay down better rules for the collection and transfer of API data by air carriers for the purpose of preventing, detecting, investigating, and prosecuting terrorist offences and serious crime. More specifically, it lays down rules on:
- the collection by air carriers of advance passenger information data (‘API data’) on extra EU flights and selected intra EU flights;
- the transfer by air carriers to the router of the API data;
- the transmission from the router to the Passenger Information Units (‘PIUs’) of the API data on extra-EU flights and selected intra-EU flights.
It will apply to air carriers conducting scheduled or non-scheduled extra-EU flights or intra-EU flights.
Overall, the proposal contains:
- the provisions for the collection, transfer to the router and deletion of API data by air carriers, and rules regarding the transmission of API data from the router to the Passenger Information Units;
- specific provisions on logs, specifications as to whom are the personal data controllers in relation to processing of API data constituting personal data under this Regulation, security and self-monitoring by air carriers and PIUs;
- rules on the connections to, and integration with, the router by Passenger Information Units and air carriers, as well as on Member States’ costs in connection thereto. It also contains provisions regulating the situation of a partial or full technical impossibility to use the router and on liability for damage caused to the router;
- provisions on supervision, on possible penalties applicable to air carriers for non-compliance of their obligations set out in this Regulation and on the preparation of a practical handbook by the Commission.
Budgetary implications
This proposal will have an impact on the budget and staff needs of eu-LISA and Member States’ competent border authorities.
For eu-LISA, it is estimated that an additional budget of around EUR 45 million (33 million under current MFF) to set-up the router and EUR 9 million per year from 2029 onwards for the technical management thereof, and that around 27 additional posts would be needed for to ensure that eu-LISA has the necessary resources to perform the tasks attributed to it in this proposed Regulation and in the proposed Regulation for the collection and transfer of API data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime.
For Member States, it is estimated that EUR 27 million (EUR 8 million under the current Multiannual Financial Framework) dedicated to upgrading the necessary national systems and infrastructures for border management authorities, and progressively up to EUR 5 million per year from 2028 onwards for the maintenance thereof, could be entitled for reimbursement by Border Management and Visa Instrument fund. Any such entitlement will ultimately have to be determined in accordance with the rules regulating those funds as well as the rules on costs contained in the proposed Regulation.
Documents
- Debate in Parliament: Debate in Parliament
- Approval in committee of the text agreed at 1st reading interinstitutional negotiations: GEDA/A/(2024)001513
- Coreper letter confirming interinstitutional agreement: GEDA/A/(2024)001513
- Committee report tabled for plenary, 1st reading: A9-0411/2023
- Contribution: COM(2022)0731
- Amendments tabled in committee: PE752.818
- Committee opinion: PE746.973
- Committee draft report: PE750.253
- Economic and Social Committee: opinion, report: CES0256/2023
- Contribution: COM(2022)0731
- Contribution: COM(2022)0731
- Document attached to the procedure: OJ C 084 07.03.2023, p. 0002
- Document attached to the procedure: N9-0017/2023
- Document attached to the procedure: EUR-Lex
- Document attached to the procedure: SWD(2022)0424
- Legislative proposal published: COM(2022)0731
- Legislative proposal published: EUR-Lex
- Document attached to the procedure: EUR-Lex SWD(2022)0424
- Document attached to the procedure: OJ C 084 07.03.2023, p. 0002 N9-0017/2023
- Economic and Social Committee: opinion, report: CES0256/2023
- Committee draft report: PE750.253
- Committee opinion: PE746.973
- Amendments tabled in committee: PE752.818
- Coreper letter confirming interinstitutional agreement: GEDA/A/(2024)001513
- Contribution: COM(2022)0731
- Contribution: COM(2022)0731
- Contribution: COM(2022)0731
Amendments | Dossier |
30 |
2022/0425(COD)
2023/05/31
TRAN
30 amendments...
Amendment 10 #
Proposal for a regulation Recital 6 a (new) (6a) Given that this Regulation requires additional adjustment and administrative costs by the air carriers, the overall regulatory burden for the aviation sector should be kept under close review. Against this backdrop, the report evaluating the functioning of this Regulation should assess the extent to which the objectives of the Regulation have been met and to which extent it has impacted the competitiveness of the sector. Therefore, the Commission’s report should also refer to the interaction of this Regulation with other relevant EU legislative acts, notably Regulation (EU) 2017/2226, Regulation (EU) 2018/1240 and Regulation (EC) 767/2008. The report should assess the overall impact of related reporting obligations on air carriers, identifying provisions that may be updated and simplified to mitigate the burden on air carriers, as well as actions and measures that have been or could be taken to reduce the total cost pressure on the aviation sector.
Amendment 11 #
Proposal for a regulation Recital 7 Amendment 12 #
Proposal for a regulation Recital 10 (10) In particular, the items of information that jointly constitute the API data to be collected and subsequently transferred under this Regulation should be those listed clearly and exhaustively in Regulation (EU) API [border management], covering both information relating to each passenger and information on the flight of that traveller. Under this Regulation, such flight information should cover information on the border crossing point of entry into the territory of the Member State concerned
Amendment 13 #
Proposal for a regulation Recital 11 (11) In order to ensure a consistent approach on the collection and transfer of API data by air carriers as much as possible, the rules set out in this Regulation should be aligned with those set out in the Regulation (EU) [API border management] where appropriate. That concerns, in particular, the rules on data quality, the air carriers’ use of automated means for such collection, the precise manner in which they are to transfer the collected API data to the router and the deletion of the API data. In order to reduce the impact on air carriers, and with a view to create synergies with other reporting obligations on air carriers in Regulation (EU) 2017/2226, Regulation (EU) 2018/1240 and Regulation (EC) 767/2008 and avoid duplication, air carriers should transfer the API data at the moment of check-in of each traveller by way of interactive API in accordance with international standards, using the existing carrier gateway. Air carriers should receive an acknowledgement of receipt to the transfer of interactive API, in line with international standards.
Amendment 14 #
Proposal for a regulation Recital 11 (11) In order to ensure a consistent approach on the collection and transfer of API data by air carriers as much as
Amendment 15 #
Proposal for a regulation Recital 11 a (new) (11a) The automatic data collection systems and other processes established under this Regulation should not negatively impact the employees in the aviation industry, who should benefit from upskilling and reskilling opportunities that would increase the efficiency and reliability of data collection and transfer as well as the working conditions in the sector.
Amendment 16 #
Proposal for a regulation Recital 11 a (new) (11a) In order to enhance data quality, the router should verify whether the API data transferred to it by the air carriers complies with the supported data formats. Where the router has verified that the data is not compliant with the suported data formats, the router should, immediately and in an automated manner, notify the air carrier concerned.
Amendment 17 #
Proposal for a regulation Recital 12 a (new) (12a) With a view to guaranteeing the fulfilment of the rights provided for under the Charter of Fundamental Rights and to ensuring accessible and inclusive travel options, especially for vulnerable groups and persons with disabilities, air carriers, supported by the Member States, shall ensure that an offline alternative for the check-in and for the provision of the necessary data by the passengers is possible at all times.
Amendment 18 #
Proposal for a regulation Recital 14 Amendment 19 #
Proposal for a regulation Recital 14 (14) As regards intra-EU flights, in line with the case law of the Court of Justice of the European Union (CJEU), in order to avoid unduly interfering with the relevant fundamental rights protected under the Charter and to ensure compliance with the requirements of Union law on the free movement of persons and the abolition of internal border controls, a selective approach should be provided for. In view of the importance of ensuring that API data can be processed together with PNR data, that approach should be aligned with that of Directive (EU) 2016/681. For those reasons, API data on those flights should
Amendment 20 #
Proposal for a regulation Recital 15 Amendment 21 #
Amendment 22 #
Proposal for a regulation Recital 23 a (new) (23a) When providing for the penalties applicable to air carriers under this Regulation, Member States shall take into account the technical, operational and economic feasibility of ensuring complete data accuracy. Additionally, when fines are imposed, their application and value shall be established taking into consideration the actions undertaken by the air carrier to mitigate the issue as well as its repeated failure to cooperate with national authorities.
Amendment 23 #
Proposal for a regulation Recital 26 a (new) (26a) When monitoring and evaluating the effective implementation of this Regulation to the benefit of authorities, travellers and air carriers, the Commission shall conduct a holistic assessment of the present Act in relation to other regulations that impact the flow of travellers' data. In this regard, the Commission shall also consider the harmonisation of the channels of transmission of the data air carriers are required to collect and transfer.
Amendment 24 #
Proposal for a regulation Recital 26 b (new) (26b) With a view to ensuring increased data quality and accuracy, the setting up of travel document validation systems, able to automatically verify carrier- submitted passenger data, should be considered.
Amendment 25 #
Proposal for a regulation Recital 26 c (new) (26c) The EU should evaluate the possibility to include other modes of transport within the scope of this Regulation, while taking into account the particularities, business models and ticket purchase practices thereof.
Amendment 26 #
Proposal for a regulation Article 1 – paragraph 1 – point a (a) the collection by air carriers of advance passenger information data (‘API data’) on extra EU flights
Amendment 27 #
Proposal for a regulation Article 1 – paragraph 1 – point c (c) the transmission from the router to the Passenger Information Units (‘PIUs’) of the API data on extra-EU
Amendment 28 #
Proposal for a regulation Article 3 – paragraph 1 – point c Amendment 29 #
Proposal for a regulation Article 4 – paragraph 3 – subparagraph 1 Air carriers shall collect the API data referred to Article 4(2), points (a) to (d), of
Amendment 30 #
Proposal for a regulation Article 4 – paragraph 3 – subparagraph 2 However, where such use of automated means is not possible due to the travel document not containing machine-readable data or due to other technical and operational barriers, air carriers shall collect that data manually, in such a manner as to ensure compliance with paragraph 2.
Amendment 31 #
Proposal for a regulation Article 4 – paragraph 7 7. Air carriers shall transfer the API data both at the moment of check-in and immediately after flight closure, that is, once the travellers have boarded the aircraft in preparation for departure and it is no longer possible for travellers to board
Amendment 32 #
Proposal for a regulation Article 4 – paragraph 7 a (new) 7a. The router shall verify whether the API data transferred to it in accordance with paragraph 6 complies with the detailed rules on the supported data formats. Where the router has verified that the data is not compliant with the detailed rules, the router shall, immediately and in an automated manner, notify the air carrier concerned.
Amendment 33 #
Proposal for a regulation Article 4 – paragraph 9 9. The Commission is empowered to adopt delegated acts in accordance with Article 19 to supplement this Regulation by laying down the necessary detailed rules on the common protocols and supported data formats to be used for the transfers of API data to the router referred to in
Amendment 34 #
Proposal for a regulation Article 5 – paragraph 1 – subparagraph 1 The router shall, immediately and in an automated manner, transmit the API data, transferred to it by air carriers pursuant to Article 4, to the PIUs of the Member State on the territory of which the flight will land or from the territory of which the flight will depart
Amendment 35 #
Proposal for a regulation Article 5 – paragraph 1 – subparagraph 3 Amendment 36 #
Proposal for a regulation Article 5 – paragraph 2 Amendment 37 #
Proposal for a regulation Article 20 – paragraph 1 – point c a (new) (ca) the impact of this Regulation on the competitiveness of the aviation sector and the burden incurred by businesses. The Commission’s report shall also address this Regulation’s interaction with other relevant EU legislative acts, notably Regulation (EU) 2017/2226, Regulation (EU) 2018/1240 and Regulation (EC) 767/2008, with a view to assess the overall impact of related reporting obligations on air carriers, identify provisions that may be updated and simplified to mitigate the burden on air carriers, and consider actions and measures that could be taken to reduce the total cost pressure on air carriers.
Amendment 38 #
Proposal for a regulation Article 20 – paragraph 1 – point c a (new) (ca) The interaction with other relevant legislative acts, identifying provisions that may be updated and simplified, as well as actions and measures that have been or could be taken to reduce the total cost pressure on the aviation sector.
Amendment 39 #
Proposal for a regulation Article 20 – paragraph 1 a (new) 1a. The report provided for under paragraph 1 of this Article shall also encompass an assessement of the possibility to include other modes of transport within the scope of this Regulation, while taking into account the particularities, business models and ticket purchase practices thereof.
source: 749.216
|
History
(these mark the time of scraping, not the official date of the change)
docs/7 |
|
events/9 |
|
procedure/stage_reached |
Old
Awaiting Parliament's position in 1st readingNew
Awaiting Council's 1st reading position |
events/8 |
|
forecasts |
|
forecasts |
|
forecasts/0 |
|
forecasts/0 |
|
forecasts/0 |
|
forecasts/0 |
|
forecasts/0 |
|
forecasts/0 |
|
forecasts/0 |
|
forecasts/0 |
|
forecasts/0 |
|
forecasts/0 |
|
forecasts/0 |
|
forecasts/0 |
|
links |
|
links |
|
docs/6 |
|
events/7 |
|
docs/6 |
|
events/7 |
|
docs/6 |
|
events/7 |
|
docs/6 |
|
events/7 |
|
docs/6 |
|
events/7 |
|
docs/6 |
|
events/7 |
|
docs/6 |
|
events/7 |
|
docs/6 |
|
docs/6 |
|
forecasts |
|
docs/6 |
|
events/4/summary |
|
events/6 |
|
events/5 |
|
docs/6/docs/0/url |
https://www.europarl.europa.eu/doceo/document/A-9-2023-0411_EN.html
|
events/4/docs/0/url |
https://www.europarl.europa.eu/doceo/document/A-9-2023-0411_EN.html
|
docs/6 |
|
events/2 |
|
events/3 |
|
events/4 |
|
procedure/Other legal basis |
Rules of Procedure EP 159
|
procedure/stage_reached |
Old
Awaiting committee decisionNew
Awaiting Parliament's position in 1st reading |
docs/1/docs/0/url |
Old
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:2023:084:TOCNew
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2023:084:TOC |
docs/6/date |
Old
2023-09-14T00:00:00New
2023-09-15T00:00:00 |
docs/7/date |
Old
2023-03-22T00:00:00New
2023-03-23T00:00:00 |
docs/8/date |
Old
2023-04-25T00:00:00New
2023-04-26T00:00:00 |
docs/6 |
|
docs/5 |
|
docs/4 |
|
docs/3 |
|
docs/2 |
|
commission |
|
committees/0/shadows/4 |
|
committees/0/shadows/4 |
|
committees/1 |
Old
New
|
committees/2 |
Old
New
|
committees/0/shadows |
|
committees/1 |
Old
New
|
committees/2 |
Old
New
|
docs/3 |
|
committees/0/rapporteur |
|
docs/2 |
|
docs/1 |
|
committees/2/rapporteur |
|
procedure/Legislative priorities/0 |
|
procedure/Legislative priorities/0/title |
Old
Joint Declaration on EU legislative priorities for 2023 and 2024New
Joint Declaration 2023-24 |
procedure/Legislative priorities/1 |
|
procedure/Legislative priorities |
|
events/1 |
|
procedure/dossier_of_the_committee |
|
procedure/stage_reached |
Old
Preparatory phase in ParliamentNew
Awaiting committee decision |
committees/1/opinion |
False
|
docs/0 |
|
events/0/summary |
|
events |
|
docs/0/docs/1 |
|