Legal provisions of COM(2024)670 - - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2024)670 - . |
|---|---|
| document | COM(2024)670 |
| date | October 8, 2024 |
Article 1
Subject matter and scope
1. This Regulation establishes an application for the electronic submission of travel data (‘the EU Digital Travel application’) for:
(a) the creation of digital travel credentials as defined in Article 2, point 31 of Regulation (EU) 2016/399;
(b) the entry of self-declared travel data;
(c) the secure submission of digital travel credentials and the self-declared travel data to the competent authority for the purposes of facilitating travel and of carrying out border checks on persons in accordance with Article 8(2g) and (3), point (j), of Regulation (EU) 2016/399.
2. This Regulation lays down the conditions under which the EU Digital Travel application shall be developed, operated and maintained.
Article 2
Definitions
For the purposes of this Regulation, the following definitions apply:
(a) ‘border checks’ means the checks as defined in Article 2, point (11) of Regulation (EU) 2016/399;
(b) ‘persons enjoying the right of free movement under Union law’ means the persons as defined in Article 2, point (5) of Regulation (EU) 2016/399;
(c) ‘third-country national’ means the persons as defined in Article 2, point (6) of Regulation (EU) 2016/399;
(d) ‘Traveller Router’ means the technical component referred to in Article 5.
Article 3
General structure of the EU Digital Travel application
The EU Digital Travel application shall be composed of:
(a) a mobile application, enabling the creation of digital travel credentials for single or multiple use and the entry of self-declared travel data;
(b) a backend validation service, ensuring the confirmation of the authenticity and integrity of the chip data or the digital travel credential using available certificates and where applicable, the matching of the facial image taken from the user to the travel document or digital travel credential;
(c) a Traveller Router, which shall ensure secure and encrypted communication between the mobile application and the receiving authority.
Article 4
Creation and use of digital travel credentials
1. Persons enjoying the right of free movement under Union law who are in possession of any of the following travel documents may use the EU Digital Travel application to create a digital travel credential based on that travel document for single or multiple use:
(a) a travel document issued in accordance with Regulation (EC) No 2252/2004;
(b) an identity card issued in accordance with Regulation (EU) XXXX/XXXX [COM(2024) 316 final];
(c) a travel document that contains the same data and that is based on technical specifications compatible with those provided for by Regulation (EC) No 2252/2004 and allowing for the verification of its authenticity, validity and integrity.
2. The EU Digital Travel application shall provide for the possibility to store a digital travel credential for multiple use in the European Digital Identity Wallet, provisions for which are laid down in Regulation (EU) No 910/2014.
3. The EU Digital Travel application shall be able to retrieve:
(a) a digital travel credential previously issued or created in accordance with Article 1(1a) of Regulation (EC) No 2252/2004 or Article 2 of Regulation (EU) XXXX/XXXX50 [COM(2024) 671 final];
(b) a digital travel credential that was created in accordance with paragraph 1 of this Article.
4. Third-country nationals who are in possession of a travel document containing a storage medium may, subject to the availability of valid certificates necessary for the checking of its authenticity, use the EU Digital Travel application to create a digital travel credential for single or multiple use.
5. Before the creation of a digital travel credential in accordance with paragraphs 1 and 4, the EU Digital Travel application shall verify the integrity and authenticity of the storage medium of the travel document and match the facial image of the person seeking to create the digital travel credential against the facial image stored on the storage medium.
6. The use of the EU Digital Travel application and the creation and use of digital travel credentials by persons enjoying the right of free movement under Union law and third-country nationals shall be voluntary and based on their consent.
7. Digital travel credentials created pursuant to this Article shall not include the fingerprints of the holder.
Article 5
Travel data to be submitted by travellers
1. The travel data shall consist of the following data relating to each traveller:
(a) a digital travel credential as defined in Article 2, point (31), of Regulation (EU) 2016/399;
(b) intended date and time of arrival or departure;
(c) the Member State in which the external border is crossed;
2. The travel data may also consist, where applicable, of the following information relating to each traveller:
(a) flight identification number, cruise line registration number, ship identification number and vehicle registration number;
(b) documents justifying the purpose and conditions of the intended stay as required by Article 6 of Regulation (EU) 2016/399.
3. Travel data in each case shall be limited to that which is necessary for the purpose of carrying out border checks in accordance with Regulation (EU) 2016/399.
Article 6
Transmission of travel data to the competent border authorities
1. The Traveller Router shall transmit the travel data submitted by the traveller to the competent border authority in accordance with the technical specifications adopted in accordance with Article 16(1), point (a).
2. Member States shall designate the competent border authorities authorised to receive the travel data transmitted to them from the Traveller Router in accordance with this Regulation. They shall notify, by [the entry into operation of the EU Digital Travel application], eu-LISA of the name and contact details of the competent border authorities and shall, where necessary, update the notified information.
Article 7
Processing of personal data
1. The competent border authorities shall be data controllers, within the meaning of Article 4, point 7, of Regulation (EU) 2016/679 in relation to the processing of travel data, constituting personal data, received through the Traveller Router.
2. Each Member State shall designate a competent authority as data controller and communicate those authorities to the Commission, eu-LISA and the other Member States.
3. eu-LISA shall be the data processor within the meaning of Article 3, point 12, of Regulation (EU) 2018/1725 for the processing of travel data constituting personal data in the mobile application and through the Traveller Router. eu-LISA shall be the data controller within the meaning of Article 3, point 9, of Regulation (EU) 2018/1725 for the processing of travel data through the backend validation service.
4. No personal data shall be stored on the backend validation service or the Traveller Router beyond what is necessary for the creation of the digital travel credential and transmission of the travel data to the competent border authorities.
5. Users of the EU Digital Travel application shall be able to revoke their consent to process their personal data on the EU Digital Travel application at any time.
Article 8
Establishment and operation of the EU Digital Travel application
1. eu-LISA shall develop the EU Digital Travel application and its components in accordance with the technical specifications adopted pursuant to Article 16(1), point (a).
2. The Programme Management Board referred to in Article 54 of Regulation (EU) 2019/817 shall ensure the adequate management of the development phase of the EU Digital Travel application. The Programme Management Board shall meet regularly and submit written reports every month to eu-LISA’s Management Board on the progress of that phase.
3. eu-LISA shall ensure the operational management of the EU Digital Travel application as well as its adequate security. The EU Digital Travel application shall be hosted by eu-LISA.
4. eu-LISA shall ensure that the EU Digital Travel application is interoperable with the European Digital Identity Wallet established under Regulation (EU) No 910/2014.
5. Where eu-LISA considers that the development of the EU Digital Travel application has been completed, it shall, without undue delay, conduct a test of the application in cooperation with the competent border authorities and other relevant Member States’ authorities, in accordance with the technical specifications adopted pursuant to Article 16(1), point (c), and inform the Commission of the outcome of that test.
6. eu-LISA shall collect statistics on the use of the EU Digital Travel application in accordance with Article 16(1), point (b).
7. eu-LISA shall perform tasks related to provision of training of the competent national authorities on the technical use of the EU Digital Travel application.
Article 9
Responsibilities of the Member States
1. Each Member State shall be responsible for:
(a) ensuring a secure connection between its national system and the Traveller Router to receive data transmitted through the Traveller Router;
(b) the development, operation and maintenance of the connection referred to in point (a);
(c) the management of and arrangements for access of duly authorised staff of border authorities to the data received through the Traveller Router for the purpose of carrying out border checks in accordance with Regulation (EU) 2016/399.
2. Each Member State shall provide the staff of border authorities who have a right to access the data transmitted through the Traveller Router with appropriate training covering, in particular, data security and data protection rules and applicable fundamental rights before authorising them to process such data.
Article 10
Information campaign
The Commission shall, in cooperation with eu-LISA, the European Border and Coast Guard Agency and national border authorities, support the start of operation of the EU Digital Travel application with an information campaign informing the public about the objectives, purposes, the main processing operations and other data protection and data security aspects and use cases of the EU Digital Travel application.
Article 11
Costs
1. Costs incurred by eu-LISA in relation to the development, operation, hosting and technical management of the EU Digital Travel application under this Regulation shall be borne by the general budget of the Union.
2. Costs incurred by Member States in relation to the development, operation and maintenance of their secure connections to receive data transmitted through the Traveller Router shall be borne by Member States.
Article 12
Amendments to Regulation (EC) No 2252/2004
Regulation (EC) No 2252/2004 is amended as follows:
(1) in Article 1, the following paragraph is inserted:
“1a. Upon request from the applicant, passports and travel documents issued by Member States to their own nationals shall be accompanied by a digital travel credential, which shall:
(a) be based on the technical specifications adopted pursuant to Article 2, point (d);
(b) be in a format that enables their storage in the European Digital Identity Wallets, provisions for which are laid down in Regulation (EU) No 910/2014 of the European Parliament and of the Council;
(c) be free of charge;
(d) contain the same personal data, including facial image, as the passport or travel document based on which they are issued or created.
For the purpose of point (d), digital travel credentials issued or created pursuant to this Article shall not include the fingerprints of the holder.
Member States shall enable the authentication and validation of the digital travel credentials in accordance with the technical specifications set out pursuant to Article 2, point (d).
_____________
* Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73).”;
(2) in Article 2, the following point is added:
“(d) technical specifications, including procedures and requirements for digital travel credentials, their data schema and format, issuance, disclosure process, authentication and validation, revocation, trust model and validity.”.
(3) in Article 4, the following paragraph is added:
“4. Member States shall allow relevant stakeholders, involved in the process of crossing the external borders, to access the storage medium in passports and travel documents, with the exception of fingerprints, with the consent of the person to whom the passport or travel document has been issued.”
Article 13
Amendments to Regulation (EU) 2016/399
Regulation (EU) 2016/399 is amended as follows:
(1) in Article 2, the points 31 to 34 are added:
“31. ‘digital travel credential’ means the digital representation of a person’s identity issued or created pursuant to Article 4 of Regulation (EU) XXXX/XXXX [COM(2024) 670 final]*, Article 1(1a) of Regulation (EC) No 2252/2004**, or Article 2 of Regulation (EU) XXXX/XXXX [COM(2024) 671 final]***;
32. ‘EU Digital Travel application’ means the system established by Regulation (EU) …/… [COM(2024) 670 final] of the European Parliament and of the Council;
33. ‘advance border check’ means the checks carried out on persons enjoying the right of free movement under Union law on the basis of a digital travel credential and other relevant data;
34. ‘advance clearance’ means the verification of the fulfilment of some or all entry conditions for third-country nationals on the basis of a digital travel credential and other relevant data and that support the carrying out of border checks.
_______________
* Regulation (EU) …/… of … establishing an application for the electronic submission of travel data (“EU Digital Travel application”) and amending Regulations (EU) 2016/399 and (EU) 2018/1726 of the European Parliament and of the Council and Council Regulation (EC) No 2252/2004, as regards the use of digital travel credentials (OJ…), […], p. […], ELI: …). ].
** Council Regulation (EC) No 2252/2004 of 13 December 2004 on standards for security features and biometrics in passports and travel documents issued by Member States (OJ L 385, 29.12.2004, p. 1).
*** Council Regulation (EU) …./…. of … on the issuance of and technical standards for digital travel credentials based on identity cards (OJ L …], […], p. […], ELI:…).”;
(2) Article 8 is amended as follows:
(a) the following paragraph is added:
“2g. The checks referred to in paragraph 2 of this Article shall be carried out in advance no more than 36 hours before the intended date and time of arrival or departure, as referred to in Article 5 of Regulation (EU) …/… [COM(2024) 670 final] , where data has been received in accordance with Article 8ba(1) of this Regulation. Where those checks are carried out in advance, the data received may be checked at the border crossing point against the data in the physical travel document or digital travel credential. The identity of the person concerned as well as the authenticity and integrity of the physical travel document or digital travel credential shall be verified.
Before the start of operations of the EU Digital Travel application, as referred to in Article 15 of Regulation (EU) …/… [COM(2024) 670 final], the checks referred to in paragraph 2 of this Article may be carried out in advance no more than 36 hours before the intended date and time of arrival or departure, where data has been received in advance on the basis of the digital travel credential. Where those checks are carried out in advance, the data received may be checked at the border crossing point against the data in the physical travel document or digital travel credential. The identity of the person concerned as well as the authenticity and integrity of the physical travel document or digital travel credential shall be verified.”;
(b) in paragraph 3, the following point is added:
“(j) where a digital travel credential has been received in advance, paragraph 3a of this Article shall apply.”;
(c) the following paragraph is inserted:
“3a. The fulfilment of entry conditions referred to in Article 6 of this Regulation shall be verified in advance no more than 36 hours before the intended date and time of arrival or departure, as referred to in Article 5 of Regulation (EU) …/… [COM(2024) 670 final] , where data has been received in accordance with Article 8ba(2) of this Regulation. Where those checks are carried out in advance, the data received may be checked at the border crossing point against the data in the physical travel document or digital travel credential. The identity of the person concerned as well as the authenticity and integrity of the physical travel document or digital travel credential shall be verified.
Before the start of operations of the EU Digital Travel application, as referred to in Article 15 of Regulation (EU) …/… [COM(2024) 670 final] , the fulfilment of entry conditions referred to in Article 6 of this Regulation may be carried out in advance no more than 36 hours before the intended date and time of arrival or departure, where data has been received in advance on the basis of the digital travel credential. Where those checks are carried out in advance, the data received may be checked at the border crossing point against the data in the physical travel document or digital travel credential. The identity of the person concerned as well as the authenticity and integrity of the physical travel document or digital travel credential shall be verified.”;
(d) the following paragraph is inserted:
“10. The Commission shall adopt implementing acts to establish minimum standards with regard to technology, methods and procedures to be used for the verification of the authenticity and validity of travel documents, including residence permits, visas and long-stay visas, and digital travel credentials according to this Article.
Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 38(2).”;
(3) in Article 8a, the following paragraph is inserted:
“4a. Alternatively to paragraph 4, point (b)(ii), the verification may be carried out:
(a) using effective and proportionate technical measures and;
(b) performing random verifications referred to in paragraph 4, point (b)(ii).
This alternative verification shall not rely only on the EU Digital Travel application.”;
(4) the following article is inserted:
“Article 8ba
Use of the EU Digital Travel application
1. Persons enjoying the right of free movement under Union law who are in possession of a digital travel credential may use the EU Digital Travel application for the purposes of advance border checks in accordance with Article 8(2g).
2. Third-country nationals, including those subject to registration in the EES, may use the EU Digital Travel application for the purposes of advance clearance in accordance with Article 8(3), point (j).”
Article 14
Amendments to Regulation (EU) 2018/1726
Regulation (EU) 2018/1726 is amended as follows:
(1) the following article is inserted:
“Article 8d
Tasks relating to the EU Digital Travel application
In relation to the EU Digital Travel application, the Agency shall perform:
(a) the tasks conferred on it by Regulation (EU) …/… [COM(2024) 670 final] of the European Parliament and of the Council*;
(b) tasks relating to training on the technical use of the EU Digital Travel application.
___________
* Regulation (EU) …/… of … establishing an application for the electronic submission of travel data (“EU Digital Travel application”) and amending Regulations (EU) 2016/399 and (EU) 2018/1726 of the European Parliament and of the Council and Council Regulation (EC) No 2252/2004, as regards the use of digital travel credentials (OJ…), […], p. […], ELI: …).”;
(2) in Article 14, paragraph 1 is replaced by the following:
“1. The Agency shall monitor developments in research relevant for the operational management of SIS II, VIS, Eurodac, the EES, ETIAS, DubliNet, ECRIS-TCN, the e-CODEX system, the JITs collaboration platform, the EU Digital Travel application and other large-scale IT systems as referred to in Article 1(5).”;
(3) in Article 19, paragraph 1 is amended as follows:
(a) point (ee) is replaced by the following:
“(ee) adopt the reports on the development of the EES pursuant to Article 72(2) of Regulation (EU) 2017/2226, the reports on the development of ETIAS pursuant to Article 92(2) of Regulation (EU) 2018/1240, the reports on the development of ECRIS-TCN and of the ECRIS reference implementation pursuant to Article 36(3) of Regulation (EU) 2019/816 and the reports on the development of the EU Digital Travel application pursuant to Article 18 of Regulation (EU) …/…[COM(2024) 670 final] ;”;
(b) in point (ff), the following point is inserted:
“(x) the EU Digital Travel application pursuant to Article 18(1) of Regulation (EU) …/… [COM(2024) 670 final] ;”;
(c) the following point is inserted:
“(llb) compile and publish statistics related to the use of the EU Digital Travel application pursuant to Article 8(6) of Regulation (EU) …/… [COM(2024) 670 final];”;
(4) in Article 22(4), the following subparagraph is inserted after the seventh subparagraph:
“The European Border and Coast Guard Agency may attend the meetings of the Management Board as an observer when a question concerning the EU Digital Travel application in relation with the application of Regulation (EU) 2016/399 is on the agenda.”;
(5) in Article 24(3), point (u) is replaced by the following:
“(u) preparing the reports on the development of the EES referred to in Article 72(2) of Regulation (EC) No 2017/2226, on the development of ETIAS referred to in Article 92(2) of Regulation (EU) 2018/1240 and on the development of the EU Digital Travel application referred to in Article 18 of Regulation (EU) …/… [COM(2024) 670 final] and submitting them to the Management Board for adoption;”.
FINAL PROVISIONS
Article 15
Start of operations of the EU Digital Travel application
1. The Commission shall determine the date from which the EU Digital Travel application starts operations by means of an implementing act once eu-LISA has informed the Commission of the successful completion of the test of the application referred to in Article 8(5).
2. The Commission shall set the date referred to in the first paragraph to be no later than 30 days from the date of adoption of that implementing act.
Article 16
Implementing acts
1. The Commission shall, by means of implementing acts:
(a) establish the technical architecture of the EU Digital Travel application and establish the technical specifications for the mobile application, backend services and Traveller Router;
(b) establish the statistics to be collected by eu-LISA on the use of the EU Digital Travel application;
(c) establish the specifications for the test of the EU Digital Travel application before its start of operation;
(d) determine the start of operations of the EU Digital Travel application by eu-LISA.
2. The implementing acts referred to in paragraph 1 shall be adopted in accordance with the examination procedure referred to in Article 17(2).
Article 17
Committee procedure
1. The Commission shall be assisted by the committee established by Article 6 of Council Regulation (EC) No 1683/95. That committee shall be a committee within the meaning of Regulation (EU) No 182/2011.
2. Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.
Article 18
Monitoring and evaluation
1. eu-LISA shall ensure that procedures are in place to monitor the development of the EU Digital Travel application in light of the objectives relating to planning and costs and to monitor the functioning of the EU Digital Travel application in light of the objectives relating to the technical output, cost-effectiveness, security and quality of service.
2. By 1 January 2028 and every twelve months thereafter during the development phase, eu-LISA shall submit a report to the European Parliament and the Council on the state of play of the development of the EU Digital Travel application.
3. The report referred to in paragraph 2 shall include detailed information about the costs incurred and information as to any risks which may impact the overall costs of the EU Digital Travel application to be borne by the general budget of the Union. The report shall also include detailed information about the technical implementation of the project and any technical problems and risks that may impact the overall development and entry into operations of the EU Digital Travel application.
4. Once the development phase of the EU Digital Travel application is finalised, eu-LISA shall submit a report to the European Parliament and to the Council explaining how the objectives, in particular relating to planning and costs, were achieved and justifying any divergences.
5. By… [five years after the start of operations of the EU Digital Travel application], the Commission shall conduct an overall evaluation of the EU Digital Travel application and its use. The overall evaluation report established on this basis shall include an assessment of the application of this Regulation and an examination of results that have been achieved relative to the objectives that were set and of the impact on fundamental rights. The report shall also include an overall assessment of whether the underlying rationale for operating the EU Digital Travel application continues to hold, of the appropriateness of the technical features of the application, of the security of the application and of any implications for future operations. The evaluation shall include necessary recommendations. The Commission shall transmit the report to the European Parliament, the Council, the European Data Protection Supervisor and the European Union Agency for Fundamental Rights.
Article 19
Advisory group
The responsibilities of eu-LISA’s Interoperability Advisory Group referred to in Article 75 of Regulation (EU) 2019/817 shall be extended to cover the EU Digital Travel application. The Advisory Group shall meet regularly until the start of operations of the EU Digital Travel application. It shall report after each meeting to the Programme Management Board. That Advisory Group shall provide eu-LISA with expertise related to the EU Digital Travel application in particular in the context of the preparation of its annual work programme and its annual activity report. It shall also provide the technical expertise to support the tasks of the Programme Management Board and shall follow up on the state of preparation in the Member States.
Article 20
Entry into force and application
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
However, Article 12(1) shall apply from [twelve months after the entry into force of the implementing act referred to in Article 2, point (d) of Regulation (EC) No 2252/2004].
This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.