The EU’s PNR legislation should certainly be welcomed. However, many EU members have only partially begun their journey to compliance. At the same time, airlines are struggling to respond to the different ways EU countries are implementing the legislation. This makes compliance for airlines especially challenging.
Here are six broad reasons:
1• Problems with PNR data itself
A basic PNR need only contains the passenger’s name and itinerary. This is all that’s needed to functionally get people from A to B. However, the EU now requires that airlines share PNRs that contain 19 separate pieces of information. These include the passenger name and itinerary, but also other information, including luggage (number of bags and weight), nationality, payment method, ticket currency and so on. It’s clear that some of this information could be useful for law enforcement to spot possible threats but collecting and processing that data on time could be challenging for incumbent airlines with standardised processes and systems due mainly to IT constraints. Additionally, when it comes to specific types of flights, such as charter or business jet, it could be simply impossible. Much of the requested data is not part of the information collected at the time of booking (or even after).
2• Quality problems
Another challenge arises from providing accurate data. Consider the realities of ticket booking. The PNR might be generated after someone books offline (such as through partner airlines, travel agencies or call centres) or online (internet booking sites), or through one of many other intermediaries over which the airline has no influence.
What’s more, PNR data often goes unverified. There will not necessarily be name checks, or any other checks on data provided by the passenger and/or travel agent for the reservation. PNRs also contain both structured and free format text depending on the internal processes of each of the stakeholders. To make matters murkier, business jet airlines or charter airlines and network carriers providing charter flights have methods of recording passenger data and apply processes that make compliance with the regulation difficult to sustain. For instance, the collection of name and passport data only happens at the airport a few hours before the flight for a charter flight and baggage information for business jet flights is not collected. Those compliance challenges oblige those airlines to engage in individual negotiations with each EU state to obtain exemptions.
3• Communication problems
Besides problems collecting the data itself, there are also challenges when it comes to communicating this data between the airline and the member state’s PIU. Airlines have received non-industry standards requests or don’t manage the standard requested (PNRGOV, PAXLST, PAXLST CREW), and PIUs are not leaving the choice of protocols or formats to the airlines, which really changes how they structure their data files before sending them. All this means that airlines are forced to engage in technology development which results in increased implementation costs.
4• Airline IT resources
Since the introduction of the law, many airlines’ IT resources have been seriously stretched. The PIU’s in different EU countries have been demanding they follow their specific requirements, and this has resulted in bottlenecks and delays as airlines struggle to adapt to the needs of 28 member states.
5• IT implementation timeframes
Many airlines have also complained about the unrealistic timeframes for compliance with the regulation. Consider the enormous complexity of these projects, with airlines which fly from anywhere in the world into the EU having to securely send sensitive passenger data to 28 different PIUs. Making this happen in just a couple of years is a huge project.
6• IT costs
Airlines have also complained about the costs involved in implementing PNR programmes. Besides the actual implementation, they must also cover continuous data transmission costs and maintenance.
Compliance is not optional
Despite these challenges, airlines are keenly aware of the need to comply with the regulation. There could be heavy fines for non-compliance, and Poland has already begun penalising airlines who have fallen foul of the law. There is an even bigger risk too – airlines that don’t comply may be completely barred from flying to destination countries.
So what should airlines do? Going it alone can be costly and confusing, so it’s definitely worth working with API PNR project experts who will be able to manage IT projects, negotiate implementation plans and obtain exemptions to regulation for some types of carriers, such as charter flights. Airlines can of course also seek advice about PNR strategy from airline associations.
It’s also worth looking to the market for off-the-shelf IT solutions that can help. Streamlane solutions are currently being used by various airlines and the states for its PNR data collection.
While the PNR directive is problematic in practice, it could help law enforcement detect and prevent crime and terrorism. And there are now a growing number of options that make it easier for airlines and member states to comply too.