Choose the experimental features you want to try

This document is an excerpt from the EUR-Lex website

Document 52022SC0421

COMMISSION STAFF WORKING DOCUMENT Subsidiarity Grid Accompanying the document Proposal for a Regulation of the European Parliament and of the Council on the collection and transfer of advance passenger information (API) for enhancing and facilitating external border controls, amending Regulation (EU) 2019/817 and Regulation (EU) 2018/1726, and repealing Council Directive 2004/82/EC

SWD/2022/421 final

Strasbourg, 13.12.2022

SWD(2022) 421 final

COMMISSION STAFF WORKING DOCUMENT

Subsidiarity Grid

Accompanying the document

Proposal for a Regulation of the European Parliament and of the Council

on the collection and transfer of advance passenger information (API) for enhancing and facilitating external border controls, amending Regulation (EU) 2019/817 and Regulation (EU) 2018/1726, and repealing Council Directive 2004/82/EC

{COM(2022) 729 final} - {SEC(2022) 444 final} - {SWD(2022) 422 final} - {SWD(2022) 423 final}


1.Can the Union act? What is the legal basis and competence of the Unions’ intended action?

1.1 Which article(s) of the Treaty are used to support the legislative proposal or policy initiative?

Under point (b) of paragraph 2 of Article 77 TFEU, the Union has the power to adopt measures relating to the checks to which persons crossing external borders are subject, and under point (d) the Union has the power to adopt any measure necessary for the gradual establishment of an integrated management for external borders. This is the appropriate legal basis for the proposed Regulation on the collection and transfer of API data for border management purposes.

1.2 Is the Union competence represented by this Treaty article exclusive, shared or supporting in nature?

Both in the case of the proposed Regulation on the collection and transfer of API data for border management purposes and the proposed Regulation on the collection and transfer of API data for law enforcement purposes, the Union’s competence is shared.

2.Subsidiarity Principle: Why should the EU act?

2.1Does the proposal fulfil the procedural requirements of Protocol No. 2 1 :

-Has there been a wide consultation before proposing the act?

-Is there a detailed statement with qualitative and, where possible, quantitative indicators allowing an appraisal of whether the action can best be achieved at Union level?

-The preparation of the proposals involved a wide range of consultations of concerned stakeholders, including Member States’ authorities (competent border authorities, Passenger Information Units), transport industry representatives and individual air carriers. EU agencies – such as the European Border and Coast Guard Agency (Frontex), the EU Agency for Law Enforcement Cooperation (Europol), the EU Agency for the Operational Management of Large-Scale IT systems in the Area of Freedom, Security and Justice (eu-LISA) and the EU Agency for Fundamental Rights (FRA), also provided input in light of their mandate and expertise. This initiative also integrates the views and feedback received during the public consultation carried out end of 2019 within the framework of the evaluation of the API Directive.

-Consultation activities in the context of the preparation of the impact assessment supporting the proposals gathered feedback from stakeholders using various methods. These activities included notably an inception impact assessment, an external supporting study and a series of technical workshops.

-An inception impact assessment was published for feedback from 5 June 2020 to 14 August 2020, with a total of seven contributions received providing feedback on the extension of the scope of the future API Directive, data quality, sanctions, relation of API and PNR data, and protection of personal data.

-The external supporting study was conducted based on desk research, interviews and surveys with subject matter experts which examined different possible measures for the processing of API data with clear rules that facilitate legitimate travel, are consistent with interoperability of EU information systems, EU personal data protection requirements, and other existing EU instruments and international standards.

-The Commission services also organised a series of technical workshops with experts from Member States and Schengen Associated Countries. These workshops aimed at bringing together experts for an exchange of views on the possible options which were envisaged to strengthen the future API framework for border management purposes, and also for fighting crime and terrorism.

-The explanatory memorandum of the proposals and the impact assessment (chapter 3) contain a section on the principle of subsidiarity (see the reply to question 2.2 below).

2.2Does the explanatory memorandum (and any impact assessment) accompanying the Commission’s proposal contain an adequate justification regarding the conformity with the principle of subsidiarity?

As regards the proposed Regulation on the collection and transfer of API data for border management purposes, the TFEU explicitly empowering the Union to develop a common policy on the checks to which persons crossing external borders are subject, this is a clear objective to be pursued at EU level. At the same time, this is an area of shared competence between the EU and the Member States.

The need for common rules on the collection and transfer of API data for border management is linked to the creation of the Schengen area and the establishment of common rules governing the movement of persons across the external borders, in particular with the Schengen Borders Code. 2 In this context, the decisions of one Member State affect other Member States, therefore it is necessary to have common and clear rules and operational practices in this area. Efficient and effective external border controls require a coherent approach across the entire Schengen area, including on the possibility of pre-checks of travellers with API data.

The need for EU action on API data at this point in time also stems from recent legislative developments on Schengen external border management, notably:

·The 2019 Interoperability Regulation 3 will enable systematic checks of persons crossing the external borders against all available and relevant information in EU centralised information systems for security, border and migration management. Establishing a centralised transmission mechanism for API data at EU level is a logical continuation of this concept. Following the concepts included in the Interoperability Regulations, the centralised transmission of API data could in the future lead to using this data to query various databases (SIS, Europol data) via the European Search Portal.

·At the external borders, the use of API data would effectively complement the imminent implementation of the European Travel Information and Authorisation System (ETIAS) and of the Entry Exit System (EES). The use of API data would remain necessary for external border management as it informs border guards in advance whether a traveller has effectively boarded a plane and is about to enter the Schengen area, thus facilitating the border check that will take place once that traveller arrives at the external borders.

Action at EU level will help to ensure the application of harmonised provisions on safeguarding fundamental rights, in particular personal data protection, in the Member States. The different systems of Member States that have already established similar mechanisms, or will do so in the future, may impact negatively on the air carriers as they may have to comply with several diverging national requirements, for example regarding the types of information to be transferred and the conditions under which this information needs to be provided to the Member States. These differences are prejudicial to effective cooperation between the Member States for the purposes of preventing, detecting, investigating, and prosecuting terrorist offences and serious crime. Such harmonised rules can only be set at EU level.

Since the objectives of this proposal cannot be sufficiently achieved by the Member States, and can be better achieved at Union level, it can be concluded that the EU is both entitled to act and better placed to do so than the Member States acting independently. The proposal therefore complies with the subsidiarity principle as set out in Article 5 of the Treaty on European Union.

2.3Based on the answers to the questions below, can the objectives of the proposed action be achieved sufficiently by the Member States acting alone (necessity for EU action)?

The need for common rules on the collection and transfer of API data for border management is linked to the creation of the Schengen area and the establishment of common rules governing the movement of persons across the external borders, in particular with the Schengen Borders Code. 4 In this context, the decisions of one Member State affect other Member States, therefore it is necessary to have common and clear rules and operational practices in this area. Efficient and effective external border controls require a coherent approach across the entire Schengen area, including on the possibility of pre-checks of travellers with API data. 

(a)Are there significant/appreciable transnational/cross-border aspects to the problems being tackled? Have these been quantified?

External border management is by definition cross-border. The threat posed by serious crime and terrorism is both transnational and cross-border.

(b)Would national action or the absence of the EU level action conflict with core objectives of the Treaty 5 or significantly damage the interests of other Member States?

Yes, enhancing external border management can only be achieve by way of joint action. Likewise, an effective fight against serious crime and terrorism requires joint action across Member States.

(c)To what extent do Member States have the ability or possibility to enact appropriate measures?

The current API Directive is part of the Schengen acquis related to the crossing of the external borders.

(d)How does the problem and its causes (e.g. negative externalities, spill-over effects) vary across the national, regional and local levels of the EU?

The need to enhance external border management is shared across the EU. While there are some regional differences, the threat posed by serious crime and terrorism is also shared threat across the EU.

(e)Is the problem widespread across the EU or limited to a few Member States?

The need to enhance external border management is shared across the EU. The threat posed by serious crime and terrorism is also shared threat across the EU.

(f)Are Member States overstretched in achieving the objectives of the planned measure?

No, as they already collect and process the data in scope of the proposed initiatives.

(g)How do the views/preferred courses of action of national, regional and local authorities differ across the EU?

The comprehensive stakeholder consultation carried out in preparation of the proposals did not indicate any difference of views at national, regional or local level.

2.4Based on the answer to the questions below, can the objectives of the proposed action be better achieved at Union level by reason of scale or effects of that action (EU added value)?

The 2020 evaluation showed that the API Directive has had a number of positive effects in those Member States that had established a national API system when implementing the Directive and request API data from air carriers. 6 This would not have been realised by Member States acting alone. 7 Using the international standards alone to establish national API systems in the Member States would have been possible without the API Directive but it may not have resulted in a coordinated outcome. However, the evaluation of the Directive also showed that the EU legal current framework leads to inconsistent and diverging practices in the Member States on API data requiring further EU action in this area, including with a separate legal instrument on law enforcement.

(a)Are there clear benefits from EU level action?

Yes. As illustrated by the effectiveness of existing EU instruments for external border management or law enforcement, such as the Schengen Information System, EU action can bring significant added value to Member States in these areas. Likewise, EU action brings added value for the management of the Schengen external borders and for internal security in the Union.

(b)Are there economies of scale? Can the objectives be met more efficiently at EU level (larger benefits per unit cost)? Will the functioning of the internal market be improved?

Yes.

(c)What are the benefits in replacing different national policies and rules with a more homogenous policy approach?

A homogenous policy approach overcomes existing inconsistent and diverging practices in the Member States on API data.

(d)Do the benefits of EU-level action outweigh the loss of competence of the Member States and the local and regional authorities (beyond the costs and benefits of acting at national, regional and local levels)?

Yes.

(e)Will there be improved legal clarity for those having to implement the legislation?

Yes.

3. Proportionality: How the EU should act

3.1 Does the explanatory memorandum (and any impact assessment) accompanying the Commission’s proposal contain an adequate justification regarding the proportionality of the proposal and a statement allowing appraisal of the compliance of the proposal with the principle of proportionality?

With proposed Regulation on the collection and transfer of API data for border management purposes, the legal framework for the collection and transfer of API data for external border management purposes will be reinforced. It will strengthen the API data as an instrument enhancing the pre-checks of travellers at external borders. In alignment with international standards and recommended practices, this proposal will require air carriers to collect and transfer API data for all flights entering the Schengen area. The obligations set in this proposal are limited to what is necessary to achieve this objective. More specifically, this proposal establishes clear rules, among others, on what constitutes API data, on which flights air carriers should collect API data and the transfer thereof. By way of a Regulation, this proposal will establish a consistent approach to the use of API data for external border management across Member States bound by the Schengen acquis. Such standardisation of API requirements across Member States will contribute to increased legal certainty and foreseeability, and therefore also increased compliance by air carriers.

Proportionality is further ensured through several elements of the proposed Regulation, such as the limitation only to incoming flights, the targeting of the requirement to use automated means to only certain API data and safeguards as regards the manner and purpose of the processing of API data.

The proposed Regulation envisages the creation of a router that would serve as a single connecting point between Member States and air carriers, in line with international recommendations and it establishes an EU approach for the collection and transmission of API data. The transmission of API data through the router will reduce costs on the air industry and would ensure that border guards have access to fast and seamless access to API data they need to perform in the context of advanced border checks. This approach will drastically reduce the number of connections to establish and maintain from a Member States’ perspective. Conversely, this will reduce the complexity for air carriers to maintain connections with competent border authorities and introduce economies of scale. An EU Agency, namely eu-LISA, will be responsible for the design, development, hosting and technical management of the router. The transfer of the API data through the router will support the monitoring of flights and thus reduce the probability that a carrier did not comply with the obligation to communicate API data as prescribed in this proposal.

3.2Based on the answers to the questions below and information available from any impact assessment, the explanatory memorandum or other sources, is the proposed action an appropriate way to achieve the intended objectives?

Yes, the two proposals set out an appropriate way to achieve the intended objectives.

(a)Is the initiative limited to those aspects that Member States cannot achieve satisfactorily on their own, and where the Union can do better?

Yes.

(b)Is the form of Union action (choice of instrument) justified, as simple as possible, and coherent with the satisfactory achievement of, and ensuring compliance with the objectives pursued (e.g. choice between regulation, (framework) directive, recommendation, or alternative regulatory methods such as co-legislation, etc.)?

Yes.

(c)Does the Union action leave as much scope for national decision as possible while achieving satisfactorily the objectives set? (e.g. is it possible to limit the European action to minimum standards or use a less stringent policy instrument or approach?)

Yes.

(d)Does the initiative create financial or administrative cost for the Union, national governments, regional or local authorities, economic operators or citizens? Are these costs commensurate with the objective to be achieved?

Yes, as assessed in the impact assessment and the legislative financial statement, the proposal will mean additional costs for the Union, national authorities and carriers. These costs will be offset in the medium to the long term thanks to the efficiencies created by the establishment of the router – a single point of entry – for the data to be collected and transmitted by air carriers to the Member States.

(e)While respecting the Union law, have special circumstances applying in individual Member States been taken into account?

No, as there are no such special circumstances in the aspects addressed by the proposals.

(1)

  https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:12016E/PRO/02&from=EN  

(2)

   Regulation (EU) 2016/399 of the European Parliament and of the Council of 9 March 2016 on a Union Code on the rules governing the movement of persons across borders (Schengen Borders Code).    

(3)

Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa.

(4)

   Regulation (EU) 2016/399 of the European Parliament and of the Council of 9 March 2016 on a Union Code on the rules governing the movement of persons across borders (Schengen Borders Code).    

(5)

  https://europa.eu/european-union/about-eu/eu-in-brief_en  

(6)

The 202 evaluation of the API also showed that Cyprus and Greece did not establish an API system and do not request API data.

(7)

Evaluation of the API Directive, SWD(2020)174, p. 51.

Top