Explanatory Memorandum to COM(2024)670 -

Please note

This page contains a limited version of this dossier in the EU Monitor.

dossier COM(2024)670 - .
source COM(2024)670
date 08-10-2024


1. CONTEXT OF THE PROPOSAL

Reasons for and objectives of the proposal

Uniform measures on border control at its external borders1 are an essential element in ensuring the proper functioning of the EU’s area without internal border controls (‘the Schengen area’), as well as the internal security of the EU.

The robust and efficient management of these external borders also bolsters the EU’s comprehensive asylum and migration policy, ensuring that third-country nationals are channelled to the appropriate processes, with full respect for their fundamental rights.

Having in place systematic border checks and highly secure travel documents facilitates legitimate entry and stay for both EU citizens and third-country nationals, while guaranteeing that security is maintained through proper controls on identity, by checking both documents and databases to determine potential security risks.

Since the entry into force of the Schengen Borders Code in 20062, great advances in standardising controls at its external borders have been made. However, with the emergence of new technologies and the large-scale IT systems used at these borders, as well as the significant increases in traveller flows, the environment in which border checks are carried out has changed remarkably.

Since the entry into force of Regulation (EU) 2017/458 reinforcing checks against relevant databases at the Schengen area’s external borders3, EU citizens have also been subject to systematic checks when crossing these external borders, resulting in longer waiting times, albeit increased security as demonstrated by the increase in hits against relevant databases. Third-country nationals have been subject to such checks on entry and exit since the entry into force of the Schengen Borders Code.

Border checks comprise verification of people’s identity and nationality, the validity and authenticity of their travel documents and checks in relevant databases, in particular the Schengen Information System, Interpol’s Stolen and Lost Travel Documents (SLTD) database and certain national databases4.

For third-country nationals, it also includes a verification that the entry conditions are fulfilled and an entry in the Entry/Exit System5, expected to enter into operation in 2024, is registered. These entry conditions pertain, among other things, to having a valid visa or travel authorisation, justifying the purpose of the visit and means of subsistence.

In recent years, the number of people crossing the external borders have steadily increased to close to pre-pandemic levels. In 2019, 605 million such border crossings were recorded, while in 2020 the figure dropped to 186 million. In 2023, a total of 593 million crossings were recorded. From these crossings, 65% were at air borders, 31% at land borders and the remaining 4% via sea borders6. The fact that over half a billion passengers enter or leave the EU every year puts a strain on its external borders. High volumes of travellers are a challenge for the authorities responsible for carrying out checks at external borders, as well as for all travellers crossing those borders on a daily basis.

Given the pressure on the verification processes at external borders7, combined with varying rates of digitalisation8 by Member States, new challenges are emerging. They include security risks and inefficient border management as well as obstacles to smooth travel across borders.

The absence of (fully) digitalised processes, along with increasing traveller volumes, have resulted in longer waiting times at border-crossing points. Travellers are required to physically present their travel documents at all external border-crossing points into and out of the Schengen area, either to border authorities for manual verification or at e-gates. Even with the use of e-gates, a border authority official is required to supervise the process and make a decision on admission or refusal of entry (or refusal to leave).

Carriers transporting passengers in and out of the EU territory and Schengen area also face difficulties and are impacted by high traveller volumes and the need for manual verification of traveller data. In addition to longer waiting times, processing times per passenger (verification of identity, inspection of travel document, consultation of databases etc.) have increased with the introduction of systematic and thorough checks that are nonetheless crucial for security.

As border checks on both EU citizens and third-country nationals are carried out only once the traveller arrives at the physical border-crossing point and presents a physical travel document, authorities are unable to verify in advance whether the person concerned (with the exception of visa holders) has a valid and authentic travel document. In case of third-country nationals, border authorities are unable to verify in advance whether they fulfil the entry conditions.

The 2021 Commission Communication on a Schengen Strategy9 put forward the European Commission’s plans towards further digitalising procedures at the external borders of the Schengen area, including an initiative on digitalising travel documents and facilitating travel.

The aim is to contribute to a safer area of freedom, security and justice, a stronger common EU policy on external border management and facilitated travel for both EU citizens and third-country nationals who fulfil the entry conditions. More specifically, it is necessary to increase security in the Schengen area and the EU and allow for a smoother and faster border crossing for travellers.

Therefore this proposal for a regulation aims at (i) establishing a uniform standard for digital travel credentials and a common EU application (EU Digital Travel application) for using them, (ii) allowing people to use digital travel credentials to cross external air, land and sea borders based on a uniform EU technical solution, and (iii) enabling border authorities to carry out checks based on these credentials, to reduce bottlenecks and time spent at border-crossing points.

By introducing the possibility for travellers to have and submit a digital version of their travel document through an application for an advance check ahead of travel, they could pass through border control in a smoother fashion.

Creating the possibility for border authorities to receive digital versions of travel documents in advance would allow them to carry out the checks in advance and thereby focus their resources on detecting cross-border crime and irregular migration more efficiently. The situation today is that while passenger volumes continue to increase and authorities are required to carry out all checks at the time of the actual border crossing, their capacity to manage resources, pre-screen (to focus on high-risk profiles) and detect irregular migration and cross-border crimes (such as human trafficking or migrant smuggling) is not fully optimised. Moreover, while border guards are required to verify the authenticity and integrity of chip data in travel documents10, this step may be at times skipped, due to travel peaks and technical malfunctions11. In these cases, the border guards will rely more on a manual inspection of the document’s physical security features12. Physical security features are more susceptible to manipulation than the electronic data stored on the document’s chip, given that the data is protected by the issuing authority’s digital signature.

It is important to address such risks in view of the fact that document fraud is a key enabler for cross-border crime, which has an impact on the internal security of the EU. In 2023 alone, national authorities detected over 17 000 fraudsters either using or in possession of over 22 000 fraudulent documents13. By advancing the verification of the authenticity and integrity of travel documents with the use of digital travel credentials, border authorities will have more time and resources to focus on risk profiles, detect fraudulent documents and prevent irregular migration and cross-border crime.

While modern travel documents, including the ones issued by EU Member States and most third countries, are already equipped with a contactless chip and provide high security, the data in the chip cannot currently be sufficiently used for remote processing in the EU.

The International Civil Aviation Organization (ICAO) already started work in 2016 on digitalising travel documents, with a view to facilitating air travel. This digital representation of the person’s identity that is derived from an existing travel document, referred to in the ICAO context as ‘digital travel credential’ (DTC), is essentially a replica of the personal data (excluding fingerprints) held on the chip of a travel document, and it can be stored securely – for example on a mobile phone – either for a single interaction or multiple usage. The digital travel credential can be shared with other stakeholders, such as border authorities and carriers, through an interface (e.g. a mobile app) ahead of travel, including for pre-registering data, such as in the Entry/Exit System or for the purposes of collecting and transmitting advance passenger information. The first version of the ICAO DTC technical standard14 has already been finalised and piloted.

Ongoing EU-funded pilot projects15 on the use of digital travel credentials based on the ICAO technical standard at the external borders have shown the indisputable added value of incorporating the use of digital travel credentials to cross-border travel. Authorities have more time to process individual travellers (before they even arrive), while the waiting and processing times per traveller at the physical border-crossing point can be remarkably reduced16 due to the fact that most checks have been carried out in advance.

Overall, the EU initiative on digitalising travel documents and facilitating travel offers the opportunity to improve the travel experience for individual travellers and increase security by enabling border authorities to carry out checks in advance and in a new way, based on digital data in travel documents submitted by travellers before they travel. This proposal moreover supports the implementation of the Entry/Exit System by enabling third-country nationals to pre-enrol their data remotely, as opposed to registering data once they arrive at the physical border crossing point. This will result in less waiting times at the physical border crossing points and allow additional time for border authorities to carry out the necessary checks.

Consistency with existing provisions in the policy area

The introduction and implementation of digital travel credentials in the context of border checks is consistent with several major policy initiatives and recent developments in the field of the common EU policy on the external borders:

- The recently adopted Regulation on digital visas17: digital travel credentials could be used by visa applicants to pre-fill information in visa applications and by the competent authorities to verify ahead of travel that the person has a valid visa;

- The European Travel Authorisation and Information System (ETIAS)18: digital travel credentials could be used by the traveller to pre-fill information in travel authorisation applications and by the competent authorities to verify ahead of travel that the person has a valid travel document;

- The Entry/Exit System (EES)19: digital travel credentials can be used by the traveller to remotely pre-enrol travel data needed for the EES, meaning less time spent at border-crossing points;

- Proposal for Regulations on advance passenger information (API): air carriers will be required to collect travel document data for API purposes in an automated way, to ensure data accuracy. Digital travel credentials, among other types of verifiable digital credentials, can be used by carriers for this automated collection, resulting in accurate and reliable data.

The added value of digital travel credentials for the purposes of EES and API, allowing for remote processing and increasing data accuracy, will materialise immediately with the adoption of this regulation.

Finally, the proposal contributes to the further development of European integrated border management by introducing uniform standards for managing external borders more effectively and efficiently.

Consistency with other Union policies

This proposal is accompanied by a Commission proposal for a Council Regulation on the issuance of and technical standards for digital travel credentials based on identity cards20. The technical standard for digital travel credentials based on either a passport or EU identity card should be the same, to ensure they are interoperable and can be used for the purposes of crossing the external borders.

This initiative responds to the global digitalisation trend as well as travellers’ evolving expectations for increasingly faster and more seamless procedures by achieving the key objectives of the Commission’s Digital Europe strategy of 2020, which aims to ensure the integrity and resilience of the EU’s data infrastructure and support the uptake of technology that will make a real difference to people’s daily lives. This initiative also supports the Digital Compass for the EU’s digital decade, which revolves around four cardinal points, one of which is the digitalisation of public services (with the specific objective of 80% of citizens using a digital identity by the end of 203021). In the European Declaration on European digital rights and principles22, the Commission and the co-legislators committed to ensuring that people living in the EU are offered the possibility to use an accessible, voluntary, secure and trusted digital identity. The proposed regulation lives up to this commitment.

Finally, the initiative and the implementation of digital travel credentials in the EU is closely linked with ongoing developments on the European digital identity and the European Digital Identity Wallet23. Digital travel credentials could be stored alongside digital driving licences, medical prescriptions and other documents in the EU digital identity wallet, constituting an electronic attestation that can be used for purposes that go beyond travel, e.g. as a digital identity document for both remote and in-person transactions.

2. LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY

Legal basis

The proposal is based on Article 77(2)(b) and (d) of the Treaty on the Functioning of the European Union (TFEU).

Article 77(2)(b) TFEU empowers the EU to develop measures concerning the checks to which persons crossing external borders are subject. Article 77(2)(d) TFEU empowers the EU to adopt measures for the gradual establishment of an integrated management system for external borders.

These two provisions provide the appropriate legal basis for specifying the measures on the crossing of external borders and for developing the standards, also with regard to digital travel credentials, that are to be followed in the context of carrying out border checks.

With regard to the question of the appropriate legal basis for amending the EU Passport Regulation24, in Schwarz25, the Court explicitly held that as checks at external borders require documents to be presented for the identification of persons, whether third-country nationals or EU citizens, the EU Passport Regulation was correctly adopted under Article 62(2)(a) of the Treaty on European Community, the predecessor of Article 77(2)(b) TFEU.

Subsidiarity (for non-exclusive competence)

The current EU legal framework does not allow for the use of digital solutions for remotely verifying the authenticity and integrity of travel documents in border checks. Due to the nature of the problem, Member States themselves cannot effectively introduce a uniform format for digital travel credentials based on travel documents regulated at EU level and so facilitate cross-border mobility.

EU action would add considerable value in addressing the challenges related to security and travel facilitation. The current situation affects security at the EU’s borders as well as the proper functioning of the external borders and overall Schengen area. While the external borders and the EU as a whole are placed under considerable strain, joint EU action would allow us to put in place uniform measures to improve integrated border management and reach a minimum level of digital maturity among all EU Member States.

The necessary amendments of the relevant parts of the Schengen acquis (most notably the Schengen Borders Code and the EU Passport Regulation) are only possible at Union level. Moreover, for reasons of scale, effects and expected impacts, the objectives can only be achieved efficiently and effectively at EU level.

Proportionality

According to the principle of proportionality laid down in Article 5 i of the Treaty on European Union, there is a need to ensure the nature and intensity of a given measure matches the identified problem. The problems addressed in this initiative call for EU‑level legislative action to enable Member States to adequately tackle them.

This proposal for a regulation envisages the introduction of digital travel credentials based on travel documents that travellers may use, if they so wish, for the purpose of undergoing border checks. Member States would be obliged to allow travellers to use digital travel credentials to cross borders once the EU-wide technical solution is ready to be deployed. Before such a date, Member States may develop national solutions for the use of digital travel credentials at their external borders.

Therefore, this proposal for a regulation helps Member States address the problems associated with increasing traveller volumes, while ensuring high(er) levels of security, with added convenience for individual travellers. While the initiative requires regulatory and technical intervention, it is proportionate in terms of attaining the objectives and does not go beyond what is necessary.

Choice of the instrument

The objectives of this initiative can only be achieved by a legislative act that will establish an EU-wide technical solution which is directly applicable without a need to transpose the measure into the national legal orders, and amend the existing provisions of the regulations on border checks and travel documents.

Therefore, an act in the form of a regulation establishing a uniform EU application for submitting travel data and for amending the Schengen Borders Code, the EU Passport Regulation and eu-LISA Regulation is needed.

3. RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS

Ex-post evaluations/fitness checks of existing legislation

Contents

1.

N/A


Stakeholder consultations

The preparation of this initiative involved a wide range of consultations of concerned stakeholders, including:

- national Member States’ authorities (border authorities, travel document‑issuing authorities, policymakers);

- EU agencies (such as the European Border and Coast Guard Agency (Frontex), the EU Agency for the Operational Management of Large-Scale IT systems in the Area of Freedom, Security and Justice (eu-LISA) and the EU Agency for Fundamental Rights (FRA));

- international organisations involved in international travel;

- industry and private citizens.

A public consultation was organised as part of the impact assessment. A special Eurobarometer survey was also carried out to gain further insights into public perception in the EU of the use of digital travel credentials for cross-border travel.

Most stakeholders expressed wide support for the initiative, underlining the expected benefits and convenience for both border authorities and travellers of enabling travellers to use digital travel credentials to cross external borders.

The need for a uniform European approach to enabling travellers to use digital travel credentials to cross external borders was confirmed by the targeted consultation of national representatives carried out:

- 96% believed that a uniform approach across EU Member States is essential or very essential;

- 82% considered the fully integrated management of borders and facilitation tools within the EU (without overlapping legislations and processes related to border management bringing operational inefficiencies) to be essential or very essential.

Despite the impact on national systems, 65% of Member States’ authorities surveyed answered that it should be mandatory to accept digital travel credentials, and 71% responded that it should be mandatory to enable the use of digital travel credentials for facilitated travel.

76% of the Member State authorities surveyed preferred having one single application at EU level for the submission of travel data to the border authorities. All respondents said it was very essential to ensure compliance with international (ICAO) standards on digital travel credentials.

The public consultation attracted much interest, with close to 7 000 replies in total, predominantly from Germany, Austria and Slovakia (with respectively 58%, 8% and 8% of the replies).

Opinions were largely negative about the use of digital travel credentials and their willingness to use digital travel credentials when crossing external borders.

- 83% of respondents thought that the possibilities of using digital travel credentials were not important or not at all important, while 12% said they were either very important or important.

- When asked whether digital travel credentials could facilitate the border check procedure, 72% answered negatively.

- Similarly, 58% of respondents indicated that it would not be at all useful to be able to use digital travel credentials for other administrative procedures, with another 19% indicating that this would not be useful.

- Only 12% of respondents would consider using a digital travel credential if it were available, while 6% said they would consider this under certain conditions.

As motivations for the lack of interest in uptake, respondents highlighted primarily data protection and privacy concerns, as well as overall satisfaction with the current processes.

The Commission also received a considerable number of replies to the public consultation by post, all in the form of a standard letter, on which only the address had to be added. The possibility of a targeted campaign could not be ruled out.

The special Eurobarometer survey EBS 53926 covered 26 358 interviews in the 27 EU Member States and yielded different results.

The survey explored EU citizens’ views and perceptions of travel policies related to travel facilitation, including the introduction and use of digital travel credentials. Two thirds (67%) of Europeans had a positive perception of digital travel credentials. By contrast, one quarter (26%) of Europeans had a negative opinion about them.

Opinions were most positive among younger respondents, students, managers and other white-collar workers, frequent travellers and those who have a positive view of the EU in general.

Perceptions were least positive among those who hold a negative view about the EU, who do not travel and those who left full-time education at the age of 15 or before.

Nonetheless, 68% of Europeans were in favour of using digital travel credentials for travel outside the Schengen area, while 28% opposed their use for this. While support among older respondents was lower, still 54% of respondents aged 55 or over, and 50% of retirees, were in favour of using digital travel credentials for travel outside Schengen.

From the various concerns mentioned, almost half (49%) of Europeans considered that software failures were the most important concern related to the use of digital travel credentials. Concerns about data protection, device problems and cyberattacks were also raised.

The positive results of the Eurobarometer survey are interesting in view of the largely negative feedback collected in the public consultation, also taking into account the larger and more representative sample population.

The feedback received in the various consultation activities have been taken into account in the preparation of this initiative, e.g., by maintaining the voluntary nature of the use of digital travel credentials (as opposed to making it mandatory for travellers), establishing a uniform technical standard for digital travel credentials (as opposed to leaving it up to each Member State), including both EU citizens and third-country nationals in the scope of the initiative and opting for a common EU technical solution for the submission of digital travel credentials (as opposed to each Member State developing their own) with high security standards.

Collection and use of expertise

The Commission contracted an external consultant to conduct a study on the EU initiative on the digitalisation of travel documents and facilitation of travel, to develop options and assess their impacts. The study supported the preparation of the impact assessment report. During the study, stakeholder views and expertise were collected in the form of strategic interviews, targeted consultations, in-depth interviews and the public consultation. In addition, as mentioned above, a special Eurobarometer survey was carried out.

Three Member States (Finland, Croatia and Netherlands) are also carrying out EU-funded pilot activities to test digital travel credentials for cross-border travel purposes. The experiences and results received so far have also been taken into account and reflected in the impact assessment and this proposal.

Impact assessment

In line with its Better Regulation policy, the Commission conducted an impact assessment27 on which the Regulatory Scrutiny Board delivered a positive opinion on 15 December 202328. The impact assessment evaluated three policy options, each of which entailed legislative changes as they all required amendments to existing EU acquis, especially concerning travel documents and border checks. A “soft law” approach was therefore ruled out from the outset.

Each policy option had certain common building blocks, including:

- a transition period/time of voluntary implementation until the EU technical solution is ready;

- reliance on an existing international technical standard;

- the voluntary nature of the use of digital travel credentials by travellers (as also confirmed by the public consultation);

- a central EU technical solution for creating and submitting digital travel credentials.

The main difference between the three policy options related to the level of flexibility enjoyed by the Member States concerning:

2.

1) the possibility for people to have digital travel credentials (as some have explicitly restricted access to the chip data in travel documents to the authorities)


2) allowing travellers to use digital travel credentials for cross-border travel.

Policy option 1

This would allow Member States to make digital travel credentials available to travellers, and to facilitate border checks on people with digital travel credentials.

Policy option 2

This would oblige Member States to make digital travel credentials available to travellers, and allow them to implement measures at border crossing points for using these credentials.

Policy option 3

This would oblige Member States to make digital travel credentials available to travellers and to implement measures at border crossing points for their use. It would remove legal obstacles to using digital travel document data for border check purposes and establish a uniform approach to their use across Member States.

Based on the findings of the impact assessment report, the preferred option was eventually option 3, following the time it takes to develop the central EU technical solution, during which Member States could ‘opt in’ as in option 2, namely by:

a) enabling EU citizens and third-country nationals to derive their digital travel credentials from existing ICAO-compliant travel documents;

b) allowing them to use digital travel credentials to cross external borders in those Member States that choose to implement digital travel credentials before the entry into operation of the central EU technical solution;

c) allowing them to use digital travel credentials to cross external borders in all Member States, once the EU-wide technical solution is ready.

The preferred option has, overall, the most positive impact on supporting the objectives of:

3.

1) increasing security in the Schengen area and the efficiency of managing its external borders


2) offering individual travellers a smoother border crossing.

This is mainly due to the eventual ‘dual’ obligation on Member States to allow individuals to have digital travel credentials and to actually use them to cross borders, leading to the highest expected uptake of digital travel credentials out of all the policy options. It therefore most effectively enables the authorities to carry out advance checks and pre-clear travellers as well as giving every traveller (with a travel document containing a chip) the possibility to opt in.

Standardising the digital travel credentials and its use for external border management across the Member States would also bring further benefits. It could increase efficiency for carriers on a voluntary basis, as they could integrate digital travel credentials into their current workflows. It also enables further use cases of digital travel credentials by EU citizens, by establishing an electronic attribute for the EU digital identity wallet that can be used for e.g. proving one’s identity within the EU or even abroad, if accepted by third countries.

The preferred option has a limited burden on national authorities, which is offset by the expected positive impact of the measures. That consists of making border checks more effective and efficient, allowing also for a better use of resources at local level, allowing them e.g. to focus on risk analyses, patrolling and other tasks. The preferred option mostly consists of improving existing provisions rather than creating new obligations, especially by enabling “pre-arrival border checks” and “pre-cleared” passengers, before their arrival at the border-crossing point. The ultimate benefits depend on the uptake of digital travel credentials, with further information and scenario-based evaluations provided in the impact assessment report.

The obligation to allow travellers to use digital travel credentials for external border crossings would create one burden in particular: building a technical integration solution that allows the digital travel credential to be processed in national border management systems.

Due to the resemblance of the ICAO DTC standard to existing travel documents, integrating this standard should not be overwhelmingly complex or expensive. Member States involved in the digital travel credential pilot projects have estimated such an integration to cost between EUR 300 000 and 700 000 per country. In addition, server capacity may need to be increased, depending on the country and the exact border crossing points, which could cost up to EUR 250 000 per country.

To account for changes in national setups, differences in technological maturity and capacities as well as allowing for reasonable overhead, it is estimated that an average of EUR 2 million per Member State is required to implement digital travel credentials at their external borders.

The costs on EU institutions are limited to those incurred by eu-LISA for developing, operating and maintaining the central EU system for deriving a digital travel credential from an existing physical travel document and for submitting that digital travel credential (along with necessary travel data) to the responsible authority. eu-LISA has estimated the one-off costs for developing and operating such an application at EUR 55.6 million (by 2030) and an annual cost of EUR 6.2 million per year for its maintenance as of 2030.

Regulatory fitness and simplification

As per the Commission’s Regulatory Fitness and Performance Programme (REFIT), all initiatives aimed at changing existing EU legislation should aim to simplify and deliver stated policy objectives more efficiently (i.e. by reducing unnecessary regulatory costs). While this proposal for a regulation has not been part of the REFIT scheme, it will reduce the overall administrative costs incurred by national authorities in carrying out border checks, as demonstrated by the impact assessment.

There are no direct impacts for SMEs. Despite time savings for travellers, including business people, any indirect impact on SMEs, for whom these individuals might be travelling, is too remote to measure and negligible at best.

Fundamental rights

This proposal positively affects the fundamental right to freedom of movement and residence under Article 45 of the EU Charter of Fundamental Rights by giving beneficiaries of the right to free movement the possibility to create a digital travel credential based on their physical passport, which will allow them to exercise their right more easily.

The proposal has limited impact on the protection of other fundamental rights.

With regard to the protection of personal data, border authorities already process personal data for all people crossing the external borders, as do the authorities responsible for issuing travel documents. The amount and categories of personal data, as currently processed in the areas of border control and document issuance under Union and national law, are not affected by this proposal.

Only the time element (that is the time at which the data is processed) changes, since the border authorities would be able to carry out in advance most of the same checks that are currently carried out once the traveller arrives at the border-crossing point. If a traveller uses the EU Digital Travel application for the creation of their digital travel credential based on their existing physical travel document, a verification of their identity would be carried out automatically by the application in addition to the verification of identity at the physical border crossing point.

On the other hand, data quality will improve, if travellers are able to use digital travel credentials for travel purposes, as opposed to manually self-declaring data, where errors may occur and which may ultimately lead to increased processing times, penalties or even refusal of entry.

Despite the use of a central EU technical solution for the creation and submission of digital travel credentials based on EU passports or passports issued by third countries, the digital travel credential would not be centrally stored. The proposal does not envisage the creation of a new database. Once the digital travel credential is created/derived from an existing travel document, it would be stored on the holder’s mobile device. Data subjects therefore remain in control of their own data and choose if and when to use it. If the person chooses to use it for an advance check and facilitated travel, they can submit it, via the application developed and operated by eu-LISA, to the responsible authorities.

Appropriate safeguards, such as encryption of personal data and cybersecurity measures, should be employed by eu-LISA and the national authorities to prevent data leaks and breaches and to protect against cyberattacks and software applications that run automated tasks.

To use the digital travel credential, the submitted digital travel credential submitted by the user must be temporarily stored in a local database in the responsible Member State. This temporary database/gallery would be populated with the facial images that are contained in the submitted digital travel credentials. This is necessary to biometrically match the traveller to the submitted digital travel credential when they present themselves at the border-crossing point.

This entails a one-to-few match, with a view to verifying the identity of the person, as opposed to the one-to-many biometric matching needed to identify an individual. Once the border check has been carried out, the data should be deleted from the temporary database – similar to what is currently done when reading chip data from physical travel documents during border checks.

As the use of digital travel credentials would be voluntary for travellers, in addition to having the legal basis under both EU and national law for processing the personal data of travellers for border check purposes, travellers would actively consent to the processing of their data and the temporary storage of the digital travel credential in the local database. They can revoke their consent at any time without it affecting their right to cross-border travel.

While EU travel documents as well as certain third country travel documents contain fingerprint data of the holder, fingerprints are excluded from the contents of digital travel credentials. This is in line with the ICAO DTC technical specification.

In terms of impacts on fundamental rights other than the right to privacy and the protection of personal data, the proposal would not affect the protection of fundamental rights negatively. Due to the voluntary nature of using digital travel credentials, the principles of non-discrimination and inclusivity are respected.

Any possible negative outcome associated with the use of digital travel credentials, e.g. leading to a refusal of entry, data breach or unlawful use, would be subject to the existing and applicable legal remedies under EU and national law.

This proposal respects the fundamental rights and observes the principles set out in the EU Charter of Fundamental Rights.

4. BUDGETARY IMPLICATIONS

This proposal would have an impact on the budget and staff needs of eu-LISA and mainly one-time costs for border authorities of Member States.

For eu-LISA, it is estimated that an additional budget of approximately EUR 49.5 million (EUR 6 million under the current 7-year EU budget, the ‘multiannual financial framework’) and 20 full-time equivalent (FTE) staff members are needed to develop the ‘EU Digital Travel’ application and for eu-LISA to carry out its tasks in accordance with the eu-LISA Regulation and this proposal.

These costs and FTEs cover all activities: preparatory activities, software and hardware acquisition, analysis and design, development and testing, data centre preparations, licence costs, operations and maintenance.

For Member States, while it is not possible to accurately determine the costs associated with implementing this proposal, it is estimated that the one-off investment for each country amount to approximately EUR 2 million. This includes:

- increasing server and storage capacity to temporarily store digital travel credentials submitted by travellers (EUR 250 000);

- developing the secure connection to the Traveller Router, allowing integration into existing national border management systems (EUR 300 000 to 700 000);

- upgrades or procurement of hardware to process digital travel credentials and to support facial recognition, and training of personnel (EUR 30 000).

5. OTHER ELEMENTS

Implementation plans and monitoring, evaluation and reporting arrangements

The Commission will ensure that the necessary arrangements are in place to monitor the functioning of the measures proposed and evaluate them against the main policy objectives. Five years after the commencement of operations of the proposed regulation and the entry into operation of the ‘EU Digital Travel’ application to be developed and operated by eu-LISA, the Commission will submit a report to the European Parliament and the Council assessing the implementation of the regulation and its added value, including any direct or indirect impacts on relevant fundamental rights.

Since it would be mandatory for the competent authorities to allow travellers to use digital travel credentials for cross-border travel once the common EU technical solution is operational, it will allow for a comprehensive view on the uptake of digital travel credentials by travellers, their added value in terms of increased security and easier travel as well as any potential drawbacks.

Moreover, the collection of statistics by eu-LISA will provide the Commission with reliable data on the volumes of users, travel habits and other useful information to further develop the processes for the benefit of both travellers and Member States’ authorities.

The ‘Practical Handbook for Border Guards’29 should be updated to address the changes in the legal framework and provide relevant guidelines/recommendations to national authorities on implementing digital travel credentials in the context of external border management.

Finally, the implementation of the measures under this proposal, including data protection aspects, will be monitored and evaluated in the context of the Schengen evaluation and monitoring mechanism30.

Detailed explanation of the specific provisions of the proposal

Article 1 sets out the establishment of an application for the electronic submission of travel data (the ‘EU Digital Travel’ application), its subject matter and scope.

Article 2 sets out the definitions for the purpose of this Regulation.

Article 3 sets out the general structure of the EU Digital Travel application, including the purpose of each of its technical components.

Article 4 provides the general rules on the creation and use of digital travel credentials within the EU Digital Travel application, including on the possibility to use previously created digital travel credentials that may be stored on the person’s EU digital identity wallet.

Article 5 sets out the travel data that travellers can submit through the EU Digital Travel application to the border authority. Data, in addition to the digital travel credential, are needed to support the border check and pre-clearance.

Article 6 sets out the rules on transmitting travel data to the responsible border authorities as well as the necessary arrangements concerning designation and notification by Member States of responsible authorities.

Articles 7 establishes the rules on the processing of personal data and the roles of data controller and data processor for the purpose of processing personal data submitted through the EU Digital Travel application.

Article 8 sets out the rules on the development, operation and maintenance of the EU Digital Travel application and the consequent obligations of eu-LISA.

Article 9 establishes the obligations of the Member States in ensuring that they can receive data submitted through the EU Digital Travel application.

Article 10 sets out an information campaign to inform the public about digital travel credentials and the use of the EU Digital Travel application.

Article 11 establishes the rules on costs incurred by eu-LISA and the Member States in relation to their obligations under Articles 8 and 9 respectively.

Article 12 contains provisions on amending Regulation (EC) No 2252/2004 to establish the technical standard for digital travel credentials and the possibility for applicants to request one.

Article 13 contains provisions on amending Regulation (EU) 2016/399 concerning the carrying out of border checks as well as the further use of self-service systems and the EU Digital Travel application for those purposes.

Article 14 sets out the amendments to Regulation (EU) 2018/1726 with regard to eu-LISA’s tasks in relation to the EU Digital Travel application.

Articles 15 to 20 contain the final provisions of this Regulation, concerning the adoption of implementing acts, the monitoring and evaluation of this Regulation and its entry into force and application.