The European Union’s entry/exit system

KEY POINTS

Subject matter

Regulation (EU) 2017/2226 creates the EES, a common electronic system that:

• records and stores the date, time and place of entry and exit of non-EU nationals crossing the EU’s borders;
• automatically calculates the duration of the authorised stay of such non-EU nationals and generates alerts to EU Member States when the authorised stay has expired.

The system replaces the requirement to stamp non-EU nationals’ passports.

Scope

The EES:

• applies to travellers who cross the external borders of the Schengen area and are subject to a visa requirement, including those exempted from it and admitted for a short stay of up to 90 days in a 180-day period;
• will also record data on non-EU nationals whose entry for a short stay has been refused;
• will operate at the external borders of Member States that apply the Schengen acquis in full and at the borders of Member States that – at the time the system starts its operations – do not yet apply the Schengen acquis in full, but have successfully gone through the Schengen evaluation procedure and obtained passive access to the VIS and full access to the Schengen information system.

Data storage and accessibility

The EES will store data on identity and travel documents (full name, date of birth, etc.), along with biometric data (fingerprints and facial images) and the date and place of entry and exit.

These data will be:

• kept for 3 years for those travellers who respect the short-stay rules and 5 years for those who exceed their authorised period of stay;
• accessible to border authorities, visa-issuing authorities and those responsible for monitoring whether a non-EU national fulfils the conditions of entry or residence.

To prevent, detect or investigate terrorist offences or other serious criminal offences, designated law enforcement authorities and the European Union Agency for Law Enforcement Cooperation (Europol) may make a request to consult EES data.

Technical architecture

The EES comprises:

• a central system that will operate a computerised central database of biometric and alphanumeric data (a mix of letters and numbers);
• a national uniform interface in each participating country;
• a secure communication channel between the central systems of the EES and of the VIS;
• a secure and encrypted communication infrastructure between the EES central system and the national uniform interfaces (identical interfaces for all Member States connect their border infrastructures to the EES central system);
• a data repository to obtain customisable reports and statistics;
• a web service to enable non-EU nationals to verify their remaining authorised stay.

eu-LISA, the EU Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice is responsible for developing and operating the system, including adapting the VIS to ensure the interoperability between the EES and VIS central systems.

Amending Regulation (EU) 2024/1356 adapts Regulation (EU) 2017/2226 to the introduction of the screening of non-EU nationals at the EU’s external borders. Among other things, it grants the screening authorities access to the EES to verify whether individuals might pose a threat to internal security.

Amendment of the Schengen Borders Code

Regulation (EU) 2017/2225 amends the Schengen Borders Code as regards the use of the EES at the EU’s external borders as follows:

• the entry and exit of non-EU nationals are recorded directly in the EES;
• where provided for expressly by its national law, a Member State may continue to stamp non-EU nationals’ travel documents if they hold a residence permit or long-stay visa issued by that Member State;
• non-EU nationals must provide biometric data to create their individual EES file or for the carrying out of border checks;
• the identity and nationality of non-EU nationals and the authenticity and validity of their travel document for crossing the border are verified;
• Member States may set up national entry facilitation programmes on a voluntary basis for pre-vetted non-EU nationals;
• Member States may decide whether, and to what extent, to make use of technologies such as self-service systems for non-EU nationals to pre-enrol or update data in the EES, e-gates and automated border control systems, as long as an appropriate level of security is ensured, their use is supervised and border guards have access to the results of such border checks.

Implementing acts

The European Commission has adopted a series of acts implementing Regulation (EU) 2017/2226:

• Decision (EU) 2018/1547 – specifications for connecting the central access points to the EES and for a technical solution to facilitate the collection of data by Member States for generating statistics on the access to EES data for law enforcement purposes;
• Decision (EU) 2018/1548 – rules for drawing up the list of persons identified as overstayers in the EES and the procedure to make that list available to Member States;
• Decision (EU) 2019/326 – measures for entering the data into the EES;
• Decision (EU) 2019/327 – measures for accessing the data in the EES;
• Decision (EU) 2019/328 – measures for keeping and accessing the logs in the EES;
• Decision (EU) 2019/329 – specifications for the quality, resolution and use of fingerprints and facial images for biometric verification and identification in the EES;
• Decision (EU) 2022/1337 – template for the provision of information to non-EU nationals about the processing of personal data in the EES;
• Regulation (EU) 2022/1409 – conditions for operating the web service provided for by Regulation (EU) 2017/2226 and its development and technical implementation;
• Decision (EU) 2023/2601 – rules on managing the functionality for the centralised management of the lists of competent national authorities accessing the EES and the VIS.