This Regulation establishes a new EU-wide system for collecting and transferring advance passenger information (API) from air carriers to border authorities. It creates a centralized router managed by eu-LISA to facilitate secure data transmission and sets uniform requirements for airlines regarding passenger data collection and transfer. The Regulation aims to enhance and facilitate external border checks while ensuring data protection and fundamental rights.The Regulation’s structure includes:
- General provisions defining scope and key terms
- Rules on collection, transfer, storage and deletion of API data
- Technical provisions for the centralized router system
- Data protection and security requirements
- Governance framework and supervision mechanisms
- Penalties for non-compliance
- Relationship to other EU instruments
Key provisions include:
- Mandatory automated collection of machine-readable travel document data by airlines
- Transfer of API data at check-in and after flight closure through the centralized router
- 48-hour maximum retention period for API data
- Strict purpose limitation for border control and immigration purposes
- Financial penalties up to 2% of annual turnover for repeated non-compliance
- Designation of national supervision authorities
- Regular evaluation and reporting requirements
- Detailed data protection safeguards and security measures
