In June 2023, the European Council adopted new Advanced Passenger information (API) data collection laws, which will lead to the creation of an API data router. This will have an important impact on both airlines and Passenger Information Units across the bloc.

Key takeaways:

  • By 2026 a new API data router will be the single point for airlines to send API data
  • All flights into, out of, and within the EU will need to send passenger information to this single hub
  • The rules should make the process of collecting and sending API and PNR data smoother
  • But connecting to the API data router will still be complex for many carriers

Since 2004, any airline flying into the EU has been legally obliged to transmit Advanced Passenger Information (API) data to the authorities in destination member states  (Passenger and crew data for all flight entering the Schengen zone). Then, in 2016, another directive required them to send Passenger Name Record (PNR) data too. Passenger Information Units (PIU) in countries across the continent have collected and analyzed API PNR data about millions of passengers, and used this information in the fight against terrorism, organized crime and illegal migration.

However, a 2020 evaluation of the API Directive found that the original rules were no longer fit for purpose. And in June this year, the European Council adopted new legislation which will introduce a more streamlined way of collecting API data  (refer to the official proposition).. Specifically, it will introduce a new API data router that will provide a central hub where any carrier flying to, from and within the EU sends this information.

Why is the EU introducing this API data router, and what will it mean for airlines and Passenger Information Units?

Why was an update to API data collection needed?

According to the European Commission’s 2020 analysis, the API Directive has generally been successful in tackling crime, reducing illegal migration and combating terrorism. However, the analysis also reported on several drawbacks and limitations, including:

  • Different technical methods in different countries

Each country’s PIU set up their API (and later, PNR) data system in slightly different ways. From a technical perspective, this meant that airlines need to send data in different formats for each country, adding a significant burden to carriers. At the same time, this meant PIUs often received non-compliant data, due to confusion among carriers about how to send data.

  • Major challenges for charter and business aviation

As we have written about before, complying with the API PNR rules has always been very difficult for business aviation and charter flights for a variety of reasons. In particular, many of these carriers don’t even send API or PNR data to individual PIUs for a range of technical and operational reasons.

  • Purpose of API collection is only for immigration and border control 

Even if API data can be used when combined with PNR data to fight crimes and terrorism. The collection of API is restricted to immigration and border control purposes. As a consequence, API can only be collected for extra-EU/Schengen flights. This creates a gap for law enforcement agencies. They consider the API as “verified data” (versus PNR “declarative data”) and use it to cross-check identity with PNR data during investigations. One objective of the new directive is to extend the purpose of API data to be able to collect those data for intra-EU/Schengen flights.

Background: What is API PNR?

A new API data router aims to streamline the process

To improve security across the EU, the European Council introduced new legislation in 2023 which will lead to the creation of an API data router. This router will provide a single place where all airlines flying into the EU – and within the Schengen Zone – will need to submit API and PNR information. Instead of the current process, where airlines send data to individual PIUs in each destination country, the new router will provide a single place for sending all data.

This is expected to have multiple benefits for both airlines and PIUs:

  • Uniform way of submitting and collecting API data

Airlines will be able to submit all data to one, central hub. This should make the process of complying with the EU’s API rules much simpler for carriers. And for PIUs, there should be much less non-compliance, confusion or rejected submissions, because the process will be the same across the bloc. 

  • Better quality API data

The law requires carriers to collect API data using automated methods. This means there should be fewer data quality problems, such as misspelled names or passports with the wrong numbers/incorrect dates. 

  • Simple and secure

The new API data router will be built and managed by eu-LISA, an EU technology agency. By having a single, simple system, there is a lower chance of data breaches compared to every country having its own IT system. At the same time, using this central API data router will mean that data management, retention and deletion is more streamlined too. 

  • Cover all air travelers, on all flights

As noted above, API and PNR data from all passengers flying into, within and out of the EU will pass through the new API data router. This will mean that PIUs have more accurate and complete information, reducing the risk that criminals and terrorists can ‘slip through’.

Related: What are eu-LISA, EES and ETIAS?

Issues with the new API data router

The EU’s new API data router should make the process of collecting, submitting and analyzing API and PNR data much smoother overall. However, in an FAQ published on the European Commission’s website, they acknowledge that the API router will introduce new challenges and costs for airlines. These include:

  • More work for intra-EU airlines

The new rules may increase the API-PNR const for airlines that only operate inside the Schengen zone. They will now have to collect and transmit API data – in the past they may not have needed to do this at all, or only for PNR data (although the situation may in fact concern very few airlines).

  • Changes to passenger data collection

The new rules will require automated passenger data collection, during online check-in and at the airport. This will introduce new costs and changes to process at almost all airlines. 

  • Doesn’t solve the problem for business and charter aviation

Many charter and business aviation carriers struggle to comply with today’s API and PNR data collection processes. This is for a variety of reasons for this, including timing problems, incompatible processes, and the fact many of these carriers aren’t set up to collect API PNR data. It is crucial to understand all these reasons and design the API data router in a way that  enables these carriers to submit data. 

A simple way to connect with the API data router

We do not yet know exactly when the EU’s new API data router will be up and running – it could be several years before eu-LISA completes the project, to be rolled out between 2026 and 2028.. Nevertheless, Streamlane, with our extensive experience and technology (the API-PNR gateway) – is well placed to help eu-LISA on this project.

Our API PNR gateway already provides states with a single window system which verifies the passenger data received and ensures proper integration into their PIU systems, and is connected to major airlines operating in Europe.

To learn more about our one-stop solution for states to receive passenger data, read about our PIU solutions, or contact us for a demo today.