European travel information and authorisation system (ETIAS): the EU's next border control database

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.

It is expected that on Wednesday the Commission will publish a proposal to establish yet another EU "migration management" database - the European Travel Information and Authorisation System (ETIAS). Based on systems in place in the USA (ESTA), Canada and Australia (ETA), the Commission's idea is to ensure an "additional layer of systematic control" for nationals of countries that have a visa waiver agreement with the EU - currently some 1.4 billion people.


The logic can be summarised thus: your government may have managed to negotiate a visa waiver with the EU, but this leaves the EU with an "information gap". So instead of making you undergo the expensive and intrusive visa application process, you will have to undergo the less expensive (but potentially equally as intrusive) "travel authorisation" process.

The minutes of a September meeting of the Commission's 'High Level Expert Group on Information Systems and Interoperability', obtained by Statewatch, highlights the numerous concerns raised by Member State and EU officials over the practicality and the purpose of the system.

See: European Commission, High-level expert group on information systems and interoperability: Subgroup on new systems – meeting of 14 September: Report (Ares(2016)5744990, 4 October 2016, pdf)

The minutes of the meeting outline the Commission's explanation of the proposed system:

"Under ETIAS, travel authorisations would be available for travel to a Schengen Area border (not to enter Schengen) for visa-exempt third country nationals who would be required to apply for authorisation before their journey. The travel authorisation is designed to determine their eligibility to travel to the Schengen Area and to check if such travel poses a security or migration risk. Travel by air or sea would imply pre-boarding verification whereas land transport would be checked at the border."

Those present were then invited "to comment on whether and why ETIAS was needed, what would be the implications of setting up this system, and whether such a system would really support effectiveness at the border."

The questions noted in the minutes raise numerous issues:

"Would ETIAS be a border or police tool?"

"What happens if applicants have inadequate internet access?"

"Is ETIAS adding value if air and potentially sea travellers are covered by API/PNR?"

"Inadmissible persons are not all entered in to the Schengen Information System because some Member States only enter information in national systems. This could lead to travellers being refused entry even though they assume they have authorisation."

"ETIAS could offer advantages but could also be unnecessary given existing systems, such as VIS."

"Any system must respond to necessity and proportionality, and respond to civil society concerns. Will ETIAS do so, or are existing systems efficient?"

Technical issues were next on the agenda, with the Commission highlighting "technical challenges [including] dealing with payments... defining information retention periods, designing automated risk assessment and incorporating manual risk assessment."

The system may be highly intrusive:

"What data should be collected? Systems in US/Canada/Australia can include information on education, employment details, available financial resources, purpose of visit, convictions, illnesses, health insurance… Is such information of interest and, if so, is it legally accessible? Data privacy and fundamental rights issue have to be considered."

Respnses from the group once again came thick and fast:

"In an area of multiple languages, what will be the language regime of ETIAS?"

"Misspelling (e.g. of names) can raise problems."

"Which databases would be cross-checked? What would be the criteria to refuse travel authorisation before deciding to consult databases."

"ETIAS could be so expensive that it would not provide value for money."

"Will security services have access to ETIAS?"

"Will ETIAS be linked to EES, where biometric information can guard against multiple identities?"

"If a travel authorisation is denied, but the carrier allows the travel, can the third country [i.e. the one from which the person is travelling] stop exit?"

The Commission responded to a number of points, including noting that "ETIAS would be guided by data minimisation".

Next came "operational and financial challenges," including the possible need for ETIAS to interact with other systems, data and system security, and cost: "Canada's annual running costs of €14 million is an indicator for ETIAS."

More questions were raised:

"If a traveller is referred to a consulate but no consulate is available, where can they go?"

"Would ETIAS apply to any EU citizens or holders of residence permits?"

"Why is travel authorisation necessary if somebody simply turns up at the border crossing?"

"Should Council Directive 2001/51/EC [on carrier sanctions] be amended to address carriers that allow travel by those who do not have a travel authorisation?"

In response: "The Commission commented that ETIAS would take account of specific situations, such as residents near borders, those without access to internet or payment facilities."

Then came the issue of screening individual applications, in order to determine whether they should be permitted to travel or not (emphasis added):

"Identity can currently be screened against all the major systems whereas travel documents cannot be screened
against Eurodac or EIS [Europol Information System]. Screening rules — for both automatic and manual processing — would need to be drawn up and reviewed periodically to ensure respect for data privacy and protection considerations. Such rules could be based on EES statistics for overstayers and refusals, patterns, risk assessment and specific values (e.g. phone number or email). Currently, the national system at the point of entry is consulted but, under ETIAS, this could be extended to all national systems. This could lead to building a common repository of data."

Members of the group raised the following points, amongst others:

"Checking national databases is not foolproof."

"Will visa-exempt travellers be subject to greater checks than visa-holders?"

"How to exploit API/PNR information in relation to common risk profiles?"

"Cross-checking data sets through an anonymising filter can reveal a hit without immediately divulging data – this could be supported."

"How will PNR and PIU contribute to ETIAS?"

"Europol could provide a simple solution to implement ETIAS and access Member State data."

"The major challenge currently is handling refugees rather than travellers from visa-exempt countries."

The group also discussed other "information gaps" - on EU citizens and holders of EU residence permits and long-term visas.

Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.


Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error