This Regulation establishes a new EU-wide system for collecting and transferring advance passenger information (API) from air carriers to border authorities. It creates a centralized router managed by eu-LISA to facilitate secure data transmission and sets uniform requirements for airlines regarding passenger data collection. The Regulation aims to enhance external border checks and combat illegal immigration while ensuring data protection and passenger rights.The Regulation’s structure includes:
- General provisions defining scope and key terms
- Rules on collection, transfer, storage and deletion of API data
- Technical provisions for the centralized router system
- Data protection and security requirements
- Governance framework and supervision mechanisms
- Penalties for non-compliance
- Relationship with other EU instruments
Key provisions include:
- Mandatory automated collection of passenger data from machine-readable travel documents
- Transfer of API data at check-in and after flight closure
- 48-hour maximum data retention period
- Strict purpose limitation for border control and immigration purposes
- Financial penalties up to 2% of global turnover for repeated non-compliance
- Establishment of national supervision authorities
- Creation of API Expert Group and Contact Group for implementation
- Regular evaluation and reporting requirements
