Access to European Union law
<a href="https://eur-lex.europa.eu/content/help/eurlex-content/experimental-features.html" target="_blank">More about the experimental features corner</a>
Choose the experimental features you want to try
EUR-Lex
Access to European Union law

This document is an excerpt from the EUR-Lex website

You are here
Use quotation marks to search for an "exact phrase". Append an asterisk (*) to a search term to find variations of it (transp*, 32019R*). Use a question mark (?) instead of a single character in your search term to find variations of it (ca?e finds case, cane, care).
Search tips
Need more search options? Use the Advanced search

Document 52022SC0423

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT REPORT Accompanying the documents Proposal for a Regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information (API) for enhancing and facilitating external border controls, amending Regulation (EU) 2019/817 and Regulation (EU) 2018/1726, and repealing Council Directive 2004/82/EC Proposal for a Regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information for the prevention, detection, investigation and prosecution of terrorist offences and serious crime, and amending Regulation (EU) 2019/818

SWD/2022/423 final

Strasbourg, 13.12.2022

SWD(2022) 423 final

COMMISSION STAFF WORKING DOCUMENT

EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT REPORT

Accompanying the documents

Proposal for a Regulation of the European Parliament and of the Council
on the collection and transfer of advance passenger information (API) for enhancing and facilitating external border controls, amending Regulation (EU) 2019/817 and Regulation (EU) 2018/1726, and repealing Council Directive 2004/82/EC

Proposal for a Regulation of the European Parliament and of the Council


on the collection and transfer of advance passenger information for the prevention, detection, investigation and prosecution of terrorist offences and serious crime, and amending Regulation (EU) 2019/818

{COM(2022) 729 final} - {SEC(2022) 444 final} - {SWD(2022) 421 final} - {SWD(2022) 422 final}


Executive Summary Sheet

Impact assessment on the revision of the Advanced Passenger Information (API) Directive

A. Need for action

Why? What is the problem being addressed?

The last decades have witnessed an increase of people travelling by air, with the EU recording about 1 billion passengers (in 2019), out of which half a billion air passengers enter or leave the EU. This puts a strain on the external air borders. In this context, Advanced Passenger Information (API) is an effective tool to inform border authorities in advance of the volume and identity of air travellers, allowing for pre-checks prior to their arrival at the external border. However, there are two main issues which create gaps and inconsistencies in the way Member States process API data both for border management and for law enforcement purposes.

·First, effective border management requires that all air travellers crossing the Schengen external borders are effectively and systematically pre-checked with API data. However, not all Member States request air carriers to transmit API data. In addition, for those Member States which have established an API system, the 2020 evaluation of the API Directive observed that Member States make insufficient use of the possibility of API data processing for enhanced border management. Moreover, the effective use of API data requires the collection of reliable and verified data, which sometimes is not the case today. Indeed, the API Directive does not prescribe the means for collecting API data from passengers, which can lead to incomplete or incorrect data transmitted to national authorities. Taken together, and due to the flexibility the API Directive’s requirements provide, there is great variety in the way Member States have implemented the API Directive. As a consequence, not every air passenger crossing the Schengen external border is pre-checked with API data.

·Second, the joint processing of API data and Passenger Name Record (PNR) data is an effective tool for law enforcement authorities to detect terrorists and other serious criminals. Countering serious crime and terrorism is a distinct purpose of the processing of API data, but it is only effective if the data is processed in combination with the booking information contained in PNR data. The shortcomings in the processing of API data identified above undermine the use of the data for law enforcement purposes. Moreover, as the current EU framework allows for the joint processing of API data and PNR data only on flights entering or leaving the EU, there is an important security gap in the processing of air passenger data by Member States’ authorities on intra-EU and domestic flights. To address this gap, the June 2021 Commission Strategy towards a fully functioning and resilient Schengen area called for an increased use of API data in combination with PNR data for intra-Schengen flights to significantly enhance internal security, in compliance with the fundamental right to the protection of personal data and the fundamental right to freedom of movement. 1

What is this initiative expected to achieve?

This initiative aims at enhancing Schengen external border management by ensuring that every person travelling on flights entering or leaving the Schengen area is pre-checked with API data prior to the arrival at the Schengen external border. This initiative also aims at enhancing the EU’s internal security by ensuring that Member States’ law enforcement authorities have access to reliable air passenger data to effectively prevent and fight terrorism and serious crime. To achieve these general objectives, the initiative sets out three specific objectives:

·To ensure pre-checks with API data at the Schengen external borders: Collecting API data enables national authorities to cross-check passenger data systematically against information contained in national, EU and international databases, and to do so before a passenger actually arrives at the border crossing point. API data will provide border guards with additional time for the analysis of information and help them to better organise their work.

·To facilitate the flow of bona-fide travelers at the Schengen external borders: API data facilitates the clearance of low-risk passengers. Better preparation for the control of specific passengers by identifying them via API data in advance of their arrival helps to accelerate border checks as passengers requiring secondary checks can be separated without the other passengers queuing and waiting.

·To effectively combat serious crime and terrorism with the joint processing of API data and PNR data: API data collected by automated means will reliably identify those passengers that are of particular interest to competent authorities investigating serious crime and terrorism. To allow for the joint processing of API data and PNR data, every PNR record received by the competent authorities should be complemented with complete and correct API data, while respecting the fundamental right to the protection of personal data and the fundamental right to freedom of movement.

What is the value added of action at the EU level? 

The API Directive leads to inconsistent and diverging practices, as shown by the 2020 evaluation of the Directive, requiring further action in this area to ensure effectiveness and consistency in the use of API data for pre-checks at Schengen external borders. An intervention at EU level would also provide EU-wide criteria for the collection and transfer of API data for law enforcement purposes, so as to enhance the effectiveness of the processing of PNR data to fight serious crime and terrorism in the EU.

Clearer criteria for the collection of API data will ensure better uptake and compliance by the air industry and bring efficiencies, notably with the introduction of the obligation to transmit API data to one entry point (carrier interface and API router) instead of multiple national authorities as is the case today. National authorities and other stakeholders consulted in the preparation of this impact assessment called for the revision of the API Directive to ensure consistency and legal clarity.

B. Solutions

What legislative and non-legislative policy options have been considered? Is there a preferred choice or not? Why? 

A number of legislative policy options have been considered, while non-legislative options would not effectively address the identified problems. Following a pre-selection, some options were quickly discarded. The policy options analysed in the impact assessment can be grouped in three sets of options, namely:

(1)Options concerning the scope of collection of API data for Schengen external border management, with two cumulative policy options:

-policy option 1.1: collect API data on all extra-Schengen inbound flights;

-policy option 1.2. collect API data on all extra-Schengen inbound and outbound flights.

(2)Options concerning the scope of collection of API data for law enforcement purposes to allow for the joint processing of API data and PNR data, with two cumulative policy options:

-policy option 2.1: collect API data on all extra-EU inbound and outbound flights;

-policy option 2.2: collect API data on all extra-EU (inbound and outbound), intra-EU and domestic flights for which PNR data is collected.

(3)Options concerning the quality and capturing of API data as a horizontal aspect. This would apply to the collection of API data on any applicable flight and for any purpose, thus affecting both the collection of API data for Schengen external border management and for law enforcement purposes. There are two alternative policy options:

-policy option 3.1: collect API data by either automated or manual means;

-policy option 3.2: API data collection by automated means only.

The preferred policy options combine the API data collection on extra-Schengen inbound flights for Schengen external border management (policy option 1.1), on extra-EU, on selected intra-EU and domestic flights where PNR data is collected for law enforcement purposes (policy option 2.2). The preferred policy options also include the obligation to transmit a complete API data set by air carriers using automated means only (policy option 3.2) for both Schengen external border management and for law enforcement purposes.

Who supports which option? 

A wide range of stakeholders was consulted in preparation of the impact assessment, including national authorities in the Member States, EU Agencies, civil society organisations, as well as representatives of the private sector and International Organisations. Consultation activities included surveys, interviews and workshops with the main stakeholders. The majority of consulted stakeholders support the preferred policy option.

C. Impacts of the preferred option

What are the benefits of the preferred option (if any, otherwise main ones)?

An API instrument for external border management would improve Member States’ capacity to use API data to effectively and efficiently pre-check air travellers ahead of their arrival at Schengen external borders. A standardisation of the requirements for the collection and transfer of API data would increase compliance of airline industry as it would be faced with the same requirements from all Member States. More reliable and verified API data as collected by automated means would allow for the identification of high-risk travellers and ensure a speedier facilitation of external border checks and clearance of passengers upon arrival.

A separate API instrument for law enforcement purposes would regulate the API data collection on all flights into and outside the EU, as well as on selected intra-EU and domestic flights for which PNR data is collected. A joint processing of API data and PNR data would reinforce the robustness of the PNR Directive in the fight against serious crime and terrorism. Competent national authorities (Passenger Information Units) would benefit from higher quality and verified API data to investigate serious crimes and terrorism and to identify perpetrators involved in these serious crimes.

What are the costs of the preferred option (if any, otherwise main ones)?

The preferred policy option would require investments for both national authorities and air carriers. The costs of the API instrument for external border management purposes for Member States’ authorities would depend on the size of a country and the overall volume of inbound flights. National API systems would need to be modified to receive and process additional data flows that were not previously collected. The sum of the costs are estimated at an average of EUR 13.5 million in total. For air carriers, the main cost element would be the transmission costs of API data. An obligation to transmit API data systematically on all inbound flights would increase the volume of data transmitted and therefore result in additional transmission costs. With this initiative, however, API data would only be transmitted to a single point, namely the carrier interface accompanied by an API router, which would substantially reduce the transmission costs. These are estimated at net saving of EUR 2.53 million per year. Airlines that do not use automated means in their check-in processes would also need to either invest or make modifications to their systems to collect API data using automated means, estimated at a one-off cost of EUR 50 million.

The API instrument for law enforcement purposes would also represent an increase of the number of passengers on which airlines would transmit data to authorities, with these costs being mitigated by the fact that the data would only be transmitted once to the carrier interface accompanied by an API router. These are estimated at a total of EUR 75 million one-off costs and EUR 16.13 million recurrent costs for the transmission of API data on intra-EU flights and EUR 4.21 million recurrent costs on outbound flights. No costs for Member States are expected as existing capabilities will cater for the processing of additional API data.

How will businesses, SMEs and micro-enterprises be affected?

The proposed measures are not expected to have a significant impact on small and medium sized enterprises.

Will there be significant impacts on national budgets and administrations?

The sum of the expected investment costs at national level is estimated at an average of EUR 13.5 million.

Will there be other significant impacts? 

All preferred policy options relate to the processing of personal data. Consequently, these policy options have an impact on fundamental rights, in particular on the rights to the protection of personal data (Article 8 of the EU Charter on fundamental rights) and right for private and family life (Article 7 of the Charter). The collection of API data on selected intra-EU and domestic flights could deter the exercise of free movement as guaranteed by Article 45 of the Charter. To ensure full compliance with fundamental rights, the impact assessment provides for a thorough consideration of fundamental rights throughout its analysis and identifies a number of effective safeguards that are required. More specifically, the collection of API data on intra-EU and domestic flights for law enforcement purposes would not be systematic and limited to the flights for which PNR data is collected. The collection of API data would apply the requirements and safeguards set by the ruling of the Court of Justice in the Ligue des droits humains case. The preferred policy options would all meet an objective of general interest - effective Schengen external border management and the fight against serious crime and terrorism – and would be strictly limited to what is necessary and proportionate to achieve such objective.  

D. Follow up

When will the policy be reviewed?

The Commission would ensure that the necessary arrangements are in place to monitor the functioning of the measures proposed and evaluate them against the main policy objectives.

After the commencement of operations of the new API instruments, the Commission would submit a report to the European Parliament and the Council assessing the implementation of the instruments and their added value. The report would also report on any direct or indirect impact on fundamental rights. It would examine results achieved against objectives and assess the continuing validity of the underlying rationale and any implications for future options.

To do so, the Commission would take into account the information provided by Member States and any other relevant information related to the implementation of the two instruments. In addition, the transmission of the API data to the carrier interface and distribution to competent national authorities through an API router would support the Commission in its evaluation and enforcement tasks by providing the Commission with reliable statistics on the volume of data transmitted and on the flights for which API data would be requested.

(1)

COM(2021) 277 final (2.6.2021).

Top