How to protect your identity verification from deepfakes - with NFC Learn more
Using our App? Go here

EC changes to Advance Passenger Information legislation moves forward

The EC Requirement on Air Carriers to materially improve the quality of Advance Passenger Information, through automated data collection, takes a significant step forward.

EU member states agreed on 21st June 2023 the Council's negotiating mandate for two legislative proposals on the collection and transfer of Advance Passenger Information.

"Better travel data collection will contribute to fighting crime more efficiently and help border guards stop illegal crossings, as well as making it easier to travel by air." - Gunnar Strömmer, Swedish Minister for Justice

The requirement for carriers applying to any mode of international transport including bus, rail and maritime, not just airlines, to supply passenger information in advance of travel is not new. For the purpose of this blog let’s put aside the not inconsiderable roles of the World Customs Organisation, the International Air Transport Association (IATA), the United Nations and the International Civil Aviation Organization (ICAO) in the origins of modern Advanced Passenger Information (API) standards and requirements.

Following many years of voluntary schemes, the US mandated their interim Advanced Passenger Information System) APIS requirements on 31 December 2001. The European Commission directed their mandatory requirement for the electronic supply of Advanced Passenger Information (API) in 2004, through the Council Directive 2004/82/EC of 29 April 2004, following significant time in consultation. These are of course just two legislative vehicles for two (albeit significant) receivers of API and all states. Now all but a handful of international states have material pre-departure information provision requirements.

The birth of API was not without its challenges, many of them legal, some of which remain today with sharing of personal data across jurisdictions, but that is another day’s topic. Since the initial regulatory requirements were introduced all state schemes have created formal variations of their requirements. These variations have included the timing of when API should be sent and the contents of the overall Passenger Data Record required, with extensions for Passenger Name Record (PNR) data commonplace.

Improving data quality

Most recently the European Council (EC) has moved to improve the quality of data with proposed revisions to 2004/82/EC to ‘ensure that the collection and processing of API data is more effective and consistent'. On 13th December 2022, the 2441st Meeting of the Commission met in Strasbourg and approved two proposals for changes to the collection and transfer of advance passenger information (API) for a) enhancing and facilitating external border controls, amending Regulation (EU) 2019/817 and Regulation (EU) 2018/1726, and repealing Council Directive 2004/82/EC and b) the prevention, detection, investigation and prosecution of terrorist offences and serious crime, and amending Regulation (EU) 2019/818.

Whilst many of the proposed changes align the legal framework across member states, for example, revisions to take account of the General Data Protection Regulation GDPR) as opposed to the 1995 Data Protection Directive. Further controls are added for the use of personal data provided by carriers for crime and terrorism prevention and detection balanced against an individual’s human rights.

Simplified and streamlined air carriers route

The proposal includes for a simplified and streamlined route for air carriers to supply API data to EC member states which will be welcome. Changes also arise following consultation and reports by the commission highlighting errors or inconsistencies in the data supplied by carriers with the result being PNR data cannot be matched to the associated API data, meaning the arrival state’s ability to undertake its risk assessments for clearance to travel and/or national security is compromised.

This data matching has consequences for legitimate travellers’ experiences if they are delayed as a result of an incorrect risk assessment, plus there are financial and operational consequences for the carrier if a traveller is incorrectly documented on arrival.

The proposals announced by the Commission on 13th December 2022 include the requirement to provide “Better quality API data, as air carriers will have to collect API data by automated means only” calling an end to the tedious and more importantly error prone passenger experience of manually typing in travel document information between ticket booking and check-in.

The directive applies to all passenger journeys into, out of, or for selected flights within the Schengen area and as such needs to be adopted by over 300 international airlines and 1 billion passenger journeys per annum.         

The timelines for implementation of all the proposals, subject to European Council and Parliament examination, give time for air carriers to begin the automated collection, based on ICAO 9303 standards for Machine Readable Travel Documents which include the NFC chip data standards.

ReadID was the first to market for automated NFC document verification on Android in 2014 and iOS in 2019. We remain the market leader for mobile NFC document and identity verification based on ICAO 9303. With our SaaS offering we can have mobile NFC document verification up and running for customers within 4 weeks from initial engagement, so contact us as soon as possible to create a solution with us that will enable you to meet this forthcoming regulatory requirement and enhance your passengers experience.



Try it yourself for free

Interested in NFC-based identity verification? Our free personal app ReadID Me is available in the App and Plays stores. No personal information is shared with Inverid or other parties; it is a client-only verification.

Or subscribe to our newsletter, sent about 6 times per year.