Security has been a constant theme since the beginning of the Juncker Commission’s mandate – from President Juncker’s Political Guidelines of July 2014, to the latest State of the Union address in September 2016. In his speech, President Juncker announced that by November the Commission will propose a European Travel Information and Authorisation System (ETIAS) – an automated system to determine who will be allowed to travel to Europe. The Commission’s proposal to establish this system is a first deliverable of the priorities for action identified in the Bratislava Roadmap.
What is the European Travel Information and Authorisation System (ETIAS)?
ETIAS will be an automated IT system created to identify any risks associated with a visa-exempt visitor travelling to the Schengen Area. All visa-exempt third-country nationals who plan to travel to the Schengen area will have to apply for travel authorisation through the system prior to their trip. The information gathered via the system, in full respect of fundamental rights and data protection, will allow for advance verification of potential security or irregular migration risks.
The ETIAS authorisation is not a visa. Nationals of visa liberalisation countries will still be able to travel without a visa but will be required, as a mandatory condition for entry to the Schengen area, to obtain a travel authorisation prior to their travel.
In order to decide whether to issue or reject a request to travel to the EU, the system will conduct prior checks and either issue or refuse a travel authorisation. Although the final decision to grant or refuse entry will always be taken by the national border guards who are conducting border controls under the Schengen Borders Code, prior verification of visa exempt third-country travellers will facilitate border checks and ensure a coordinated and harmonised risk assessment of third-country nationals and substantially reduce the number of refusals of entry at border crossing points.
How will ETIAS address existing information gaps?
Currently, the competent border and law enforcement authorities have little information on those who are visa-exempt – whereas they do have information on people travelling with a visa.
By ensuring that all visitors are checked prior to their arrival and that a valid travel authorisation is required for all visa-exempt third-country nationals, ETIAS will identify persons who may pose a security or irregular migration risk before they arrive at the border and will address this information gap on visa-free travellers by gathering information that could be vital to Member States’ border and law enforcement authorities.
How does ETIAS complement existing information systems for borders and security?
In line with the interoperability strategy proposed in the Communication on Stronger and Smarter Information Systems for Borders and Security of 6 April 2016, ETIAS is designed to be interoperable with existing systems, and systems currently still developed, such as the Entry Exit System (EES).
To the maximum extent possible and when technically feasible, the ETIAS Information System will re-use the hardware and software components of the EES and its communication infrastructure. Interoperability will also be established with the other information systems to be consulted by ETIAS such as the Visa Information System (VIS), Europol data, the Schengen Information System (SIS), Eurodac and the European Criminal Records Information System (ECRIS).
ETIAS and EES will share a common repository of personal data of third-country nationals, with additional data from the ETIAS application (e.g. residence information, answers to background questions, IP address) and the EES entry-exit records separately stored, but linked to this shared and single identification file.
What databases will ETIAS check travellers’ data against?
When verifying and assessing the information submitted by visa-exempt travellers in order to grant or deny a travel authorisation, the system will automatically cross-check each application against:
- relevant existing EU information systems:
- the Schengen Information System (SIS),
- the Visa Information System (VIS),
- Europol data,
- the Eurodac database,
- proposed future EU information systems:
- the Entry/Exit System (EES),
- the European Criminal Records Information System (ECRIS).
- relevant Interpol databases:
- the Interpol Stolen and Lost Travel Document database (SLTD),
- the Interpol Travel Documents Associated with Notices database (TDAWN)),
- and a dedicated ETIAS watch list (which will be established by Europol).
How will ETIAS improve the security of EU citizens?
By providing vital information on security, irregular migration and public health risks prior to the arrival of a person at the Schengen border, ETIAS will significantly contribute to closing existing security information gaps and provide vital information necessary for the authorities of the Member States to help spot potential problem individuals and take action before they reach Schengen’s external borders.
More specifically, a better and more accurate identification of potential security risks of visa-exempt third-country nationals before arriving at the external border of the Schengen area will improve the detection of trafficking in human beings (particularly in the case of minors), help tackle cross border criminality, and more generally will facilitate the identification of persons whose presence in the Schengen area could pose a security threat. ETIAS thus contributes to improving the security of citizens in the Schengen area and enhances internal the security of the EU.
The data stored in ETIAS, in respect of fundamental rights and data protection, may also be made available to national law enforcement authorities and Europol if necessary for the prevention, detection or investigation of a terrorist offence, or other serious criminal offences as well as for the identification of the perpetrator of a terrorist offence or other serious crime.
What is the difference between a Schengen visa and an ETIAS travel authorisation?
First of all, ETIAS is not a visa. A visa free traveller does obviously not need a visa to enter the Schengen area. ETIAS will not change this. ETIAS is a lighter, significantly cheaper, faster and more visitor-friendly system, which will, in more than 95% of cases, result in a positive answer within a few minutes. It cannot be compared to a Schengen visa. ETIAS is a necessary and small procedural step for all visa-exempt travellers which will allow them to avoid bureaucracy and delays when presenting themselves at the borders. ETIAS will therefore not only fully respect this visa-free status, it will also facilitate the crossing of the Schengen external border for visa-exempt third country nationals and allow visa free visitors to fully enjoy their status.
An ETIAS travel authorisation does not entail the requirements of a visa. There is no need to go to a consulate to make an application, no biometric registration is needed and significantly less information is collected and assessed than during a visa application procedure. Whereas, as a general rule, a Schengen visa procedure can take up to 15 days, and can in some cases be extended up to 30 or 60 days, the on-line ETIAS application only takes a few minutes to fill in. The validity will be for a period of five years, significantly longer than the validity of a Schengen visa. ETIAS will also be valid for an unlimited number of entries.
What is the impact of ETIAS on the common visa policy?
Visa liberalisation is an important tool in building partnerships with third countries and in increasing the attractiveness of the EU for business and tourism. Mandatory systematic advance verification and assessments of potential risk related to visa-exempt travellers through ETIAS, while fully respecting their visa-free status, will help to safeguard and complement the success of the EU’s visa liberalisation policy. Adding this layer of information and risk assessment on visa free visitors would bring significant added value to existing measures to maintain and strengthen the security of the Schengen area and will allow visa free visitors to fully enjoy their visa-free status.
As visa liberalisation dialogues with third countries continue to progress, ETIAS will strengthen the EU’s capacity to assess and manage the potential migration and security risks represented by an increasing number of visa-free travellers whilst at the same time facilitate the crossing of the Schengen external borders. Travellers will also have a reliable early indication of entry into the Schengen area which will substantially reduce the number of refusals of entry. This is a significant improvement for travellers compared to the current state of play.
How will ETIAS ensure and guarantee the respect for fundamental rights and data protection?
The Commission’s proposal fully complies with the Charter of Fundamental Rights and contains all appropriate safeguards as regards the protection of personal data, ensuring that ETIAS is developed in line with the highest standards of data protection, in particular regarding access, which is strictly limited.
The proposal also foresees individuals’ right of redress, particularly as regards the right to a judicial remedy and the supervision of processing operations by public independent authorities.
Personal data recorded in the ETIAS will not be kept for longer than is necessary for its purpose.
Data shall be stored for:
- the period of validity of the travel authorisation or,
- five years from the last entry record of the applicant stored in the Entry Exit System (EES) or,
- five years from the last decision to refuse, revoke or annul the travel authorisation.
The proposed retention period for data related to ETIAS applications will be, as a general rule, five years. This retention period corresponds to the retention period of an EES record with an entry authorisation granted on the basis of an ETIAS travel authorisation or a refusal of entry. ETIAS will ensure interoperability in terms of information and technological infrastructure with the EES and the development of the EES and ETIAS will be carried out together and in parallel. This synchronisation of retention periods is necessary to allow the competent authorities to perform the necessary risk analysis and ensures that both the entry record and the related travel authorisation are kept for the same duration, while also ensuring interoperability between ETIAS and EES.
After the expiry of the five-year period, the application file and personal data will be automatically deleted from the ETIAS Central System.
Member States’ law enforcement authorities and Europol will have access to ETIAS, under strictly defined conditions, for the prevention, detection or investigation of terrorist offences or other serious criminal offences. This access would only be granted for specific cases and only after prior consultation of national criminal databases and when Europol databases have not turned up the information sought. The designated authorities and Europol should only request access to ETIAS when they have reasonable grounds to believe that such access will provide information that will substantially assist them in preventing, detecting or investigating a terrorist offence or other serious criminal offence.
The proposal provides for effective safeguards for consultations by national law enforcement authorities or Europol of the data stored in the ETIAS central system:
- consultation of data stored in the ETIAS Central System for law enforcement purposes may only be granted for the prevention, detection or investigation of criminal offences or other serious criminal offences and only if it is necessary for a specific case;
- designated national law enforcement authorities and Europol may only request consultation of data stored in the ETIAS Central System if there are reasonable grounds to consider that such access will substantially contribute to the prevention, detection or investigation of the criminal offence in question;
- data elements with limited relevance for criminal investigations will not be available for consultation (such as education or health data);
- all requests for consultation of the data stored in the ETIAS Central System are subject to an independent verification by a court or an independent authority in order to verify if the strict conditions laid down for access for law enforcement purposes are fulfilled;
- national law enforcement authorities and Europol can only request consultation of data stored in the ETIAS Central System if prior searches in all relevant national databases of the Member State and Europol databases did not lead to the requested information.
How will ETIAS be structured?
The ETIAS would be composed of the ETIAS Information System, the ETIAS Central Unit and the ETIAS National Units.
The ETIAS Information System will comprise:
- a Central System to process the applications;
- a National Uniform Interface in each Member State
- a secure Communication Infrastructure between the Central System and the National Uniform Interfaces;
- a public website and a mobile app for mobile devices;
- an email service.
The ETIAS Central Unit will be established within and managed by the European Border and Coast Guard, and will be part of its legal and policy framework.
Operating on a 24/7 basis, the ETIAS Central Unit will have four central tasks:
- 1) ensuring that the data stored in the application files and the data recorded are correct and up to date;
- 2) where necessary, verifying the travel authorisation applications with regards to traveller’s identity in cases of a hit obtained during the automated process;
- 3) defining, testing, implementing, evaluating and revising specific risk indicators of the ETIAS screening rules;
- 4) carrying out regular audits on the management of applications and on the implementation of the ETIAS screening rules, particularly as regards their impacts on fundamental rights and especially with regards to privacy and data protection.
ETIAS National Units operating 24/7 would be established in each Member State, and would have the primary responsibility of conducting the risk assessment and deciding on travel authorisation for applications rejected by the automated application process as well as providing applicants with information regarding the procedure to be followed in the event of an appeal.
An ETIAS Screening Board with an advisory function would also be established within the European Border and Coast Guard. It would be composed of a representative of each ETIAS National Unit and Europol, and would be consulted for the definition, evaluation and revision of the risk indicators as well as for the implementation of the ETIAS watchlist.
What will the role of Europol be?
Europol, as an EU security information hub, is in a unique position to combine information that is not available to individual Member States or in other EU databases.
Data provided by applicants for an ETIAS authorisation will be cross-checked against data held by Europol related to persons who are suspected of having committed or taken part in a criminal offence, who have been convicted of such an offence, or regarding whom there are factual indications or reasonable grounds to believe that they will commit such an offence.
Europol will also be involved in the definition of ETIAS screening rules and will also manage the ETIAS watchlist within the Europol data. Moreover, ETIAS National Units will consult Europol in the follow up to a hit that occurred during the ETIAS automated processing with data held by Europol..
What is the ETIAS watchlist?
The ETIAS watchlist, to be established and managed by Europol, will consist of data related to persons who are suspected of having committed or taken part in a criminal offence or persons regarding whom there are factual indications or reasonable grounds to believe that they will commit criminal offences.
The watchlist will be established on the basis of:
- (1) the United Nations list of war criminals;
- (2) information related to terrorist offences or other serious criminal offences provided by Member States;
- (3) information related to terrorist offences or other serious criminal offences obtained through international cooperation.
What will the role of eu-LISA be?
Eu-LISA, the Agency for the operational management of large-scale information systems in the area of freedom, security and justice, will develop the ETIAS Information System and ensure its technical management. It will develop National Uniform Interfaces to connect Member States’ national border infrastructures to the Central System. It will set up a secure Communication Infrastructure between the Central System and the National Uniform Interfaces, a public website and a mobile app for mobile devices to be used by the applicants for introducing their applications and a webservice enabling communication between the ETIAS and the applicants as well as with carriers.
What will visa-exempt travellers have to do before their travel?
Travellers will have to make an online application via a dedicated website or an application for mobile devices. Filling in the application should not take more than 10 minutes and should not require any documentation beyond a travel document (a passport or other equivalent document). In case of an inability to create an application (due to age, literacy level, access to and competence on information technology etc.) applications may be submitted by a third person.
An electronic payment of a €7 fee for each application will be required for all applicants above the age of 18. This process (and payment) will only have to be renewed at the end of the validity of the travel authorisation. The electronic payment methods will take into account technological developments and their availability in the visa-free countries in order not to hinder visa-free third country nationals who may not have access to certain payment means when applying for an ETIAS authorisation.
The automated assessment process will start after the fee collection is confirmed. The vast majority of applicants (expected to be more than 95% of all cases) will be given automated approval (when there are no hits on searched databases, the dedicated ETIAS watchlist or against clearly defined screening rules) which will be communicated to them within minutes of payment. If there is a hit or an undecided outcome of the automated process, manual handling of the application will take place by a Central Unit in the European Border and Coast Guard or by a Member State team. This can prolong the response time to the visa-exempt third country national by up to 72 hours. In very exceptional circumstances further information and steps can be asked of applicants, but in all cases a final decision shall be taken within two weeks of their application.
Of the roughly 5% of applications which produce a hit or hits, it is expected that 3-4% will receive a positive decision after ETIAS Central Unit verifies the data, with the remaining 1-2% being transferred to ETIAS National Units for manual processing.
After the decision applicants will be given a response by email with a valid travel authorisation, or a justification for the refusal.
What happens if a person has been refused travel authorisation from ETIAS?
If the travel authorisation is refused, the applicant will always have the right to appeal. Appeals would be launched in the Member State that has taken the decision on the application and in accordance with the national law of that Member State. The applicant would be informed which national authority was responsible for the processing and decision on his or her travel authorisation, as well as information regarding the procedure to be followed in the event of an appeal. If the traveller considers their treatment to have been unfair, he/she is also given the right to seek redress or request access to the information through the national authority.
What is the validity of an ETIAS travel authorisation?
The validity of the travel authorisation would be 5 years (or until the expiry date of the travel document).
What are the obligations for the carriers?
Prior to boarding, air and sea carriers, as well as carriers transporting groups overland by coach will have to verify the status of the travel document required for entering the Schengen Area, including that the visa exempt third country national has a valid ETIAS travel authorisation.
What will happen at the border crossing point?
Upon arrival at a Schengen area border crossing point, the border guard will electronically read the travel document data, thereby triggering a query to different databases as provided for by the Schengen Border Code, including a query to ETIAS in the case of visa-exempt travellers.
- If there is no valid ETIAS travel authorisation, the border guards will refuse entry and record the traveller and the refusal of entry in the EES.
- If there is a valid travel authorisation, the border control process will be conducted as per the current Schengen Border Code. As a result of this process, the traveller may be authorised to enter the Schengen area or refused access under the conditions defined in the Schengen Border Code.
Can an issued travel authorization be revoked?
Although the travel authorisation is valid for 5 years, it may be revoked or annulled should the conditions for issuing the travel authorisation no longer apply.
How much will it cost to develop ETIAS?
To be as efficient as possible, ETIAS will build on the basis of the existing information systems to be consulted and the interoperability which exists between them (EES, SIS, VIS, Europol data, Eurodac and ECRIS) and on the re-use of components developed for those information systems, in particular the EES. The development and implementation of EES and ETIAS should be carried out together and in parallel, which will ensure significant cost savings for the set up and operation of ETIAS.
The cost for developing ETIAS is estimated at €212,1 million and the average annual operations cost at €85 million. ETIAS will be financially self-sustaining, as the annual operations costs would be covered by the fee revenue.
What is the territorial scope of ETIAS?
ETIAS constitutes a development of the Schengen acquis and will apply to those Member States that are part of the Schengen area, including those Member States which do not yet fully apply the Schengen acquis, ie Croatia, Cyprus, Bulgaria and Romania, as well as the Associated Schengen countries Iceland, Norway, Switzerland and Lichtenstein. UK and Ireland are not part of the Schengen area and will not take part in the adoption of the Regulation and are not bound by it or subject to its application. Denmark does not take part in the adoption of the Regulation but may decide within a period of six months after the Council has decided on the Regulation whether it will implement it in its national law.
When will ETIAS be ready?
ETIAS is expected to be operational as early as 2020.
Its development will be built on the establishment of the proposed Entry Exit System (EES) which is currently being negotiated by the Council and the European Parliament and is expected to enter into operation on 1 January 2020.
What are the next steps of the proposal?
The proposal for a Regulation to establish the European Travel Information and Authorisation System (ETIAS) will now be transmitted to the European Parliament and Council for adoption.
The Commission counts on the co-legislators’ support for the establishment the necessary legal basis in 2017, to allow for the technical development by eu-LISA of the European Travel Information and Authorisation System.
Last modified 14.5.2018.