The Entry/Exit System (EES) is an automated IT system for registering non-EU nationals travelling for a short stay, each time they cross the external borders of European countries using the system (exemptions apply, see FAQ section). This concerns travellers who require a short-stay visa and those who do not need a visa. Refusals of entry are also recorded in the system.
The main advantage of the EES is saving time. The EES replaces passport stamping and automates border control procedures, making travelling to European countries using the EES more efficient for the traveller.
The EES also makes it easier to identify travelers who have no right to enter or who have stayed in the European countries using the EES for too long. It makes it easier to detect travelers using fake identities or passports. Finally, the EES helps to prevent, detect and investigate terrorist offences or other serious criminal offences.
The EES applies to you if you are a non-EU national travelling to a European country using the EES for a short stay of up to 90 days within any 180 day period. It is important to remember that the period of 90 days in any 180 days is calculated as a single period for all European countries using the EES.
the EES become operational?
is the EES for?
|2023||The EES modernises border management by increasing efficiency and quality of processes, while simplifying travel in a secure environment||Non-EU nationals travelling for a short stay to a European country using the EES. Exemptions apply – see FAQ section|
European countries using the EES
In Croatia, Cyprus and Ireland, despite being countries of the European Union, passports are still stamped manually.
Why does the EES collect personal data?
The EES collects personal data provided by the traveller each time he or she reaches the borders of European countries using the EES and stores this information in the system together with the date and time of their entry or exit.
This makes border checks faster. It also makes it easier to identify travellers who have no right to enter, who have stayed in European countries using the EES for too long, or who are using fake identities or passports. The EES also collects and stores personal data to contribute to prevention, detection and investigation of terrorist offences and other serious crimes.
Conditions for collecting and storing personal data in the EES are set out in the Regulation (EU) 2017/2226 establishing the Entry/Exit System.
Information on the processing of your personal data in the Entry/Exit System
If you are a non-EU national travelling for a short stay (maximum 90 days in any 180-day period) to a European country using the EES, you will be provided with clear information in writing about the EES and your related rights at the border-crossing point.
Your data is collected and processed for the purposes of border management, preventing irregular immigration and facilitating the management of migration flows. This is required in accordance with Regulation (EU) 2017/2226, specifically Articles 14, 16 to 19 and 23 of Chapter II and Chapter III of the Regulation.
What data will the EES collect?
The EES collects and records:
- data listed in your travel document (e.g. full name, date of birth, etc.)
- date and place of entry into and exit from a European country using the EES
- facial image and fingerprints (called ‘biometric data’)
- refusal of entry, where relevant
Please note that the fingerprint data of non-EU nationals who do not need a visa to enter the territory of European countries using the EES and holders of Facilitated Transit Documents will be stored in the EES. If you need a visa to enter the Schengen area, your fingerprints will already be stored in the Visa Information System and will not be stored again in the EES.
The system also collects your personal information, depending on your particular situation, from:
- the Visa Information System (which contains additional personal information)
- the European Travel Information and Authorisation System, in particular the status of your travel authorisation and, if applicable, your family member status
All this is done in full compliance with data protection rules and rights.
What happens if you refuse to have your fingerprints scanned or a photo of your face taken?
As a non-EU national travelling for a short stay, if you refuse to provide your biometric data, you will be denied entry into the territory of European countries using EES.
Who can access your personal data?
- Authorities in European countries using the EES such as border, visa and immigration authorities for the purpose of verifying your identity and understanding whether you should be allowed to enter or stay on the territory.
- Europol may also access your data for law enforcement purposes.
- Under strict conditions, your data may be transferred to another state (EU country or non-EU country) or international organisation (listed in Annex I of Regulation (EU) 2017/2226) (UN organisation, the International Organisation for Migration, or the International Committee of the Red Cross) for return (Article 41(1) and (2), and Article 42 and/or law enforcement purposes Article 41(6)).
- Carriers will only be able to verify whether short-stay visa holders have already used the number of entries authorised by their visa, and will not be able to access any further personal data.
How long does the EES keep your personal data?
Your data will be stored in the system for the following durations:
- Records of entries, exits, and refusals of entry: 3 years, starting on the date on which they were recorded.
- Individual files containing personal data: 3 years and one day, starting on the date of your last exit record (or of your refusal of entry, if you were not permitted to enter).
- If no exit has been recorded: 5 years, starting on the expiry date of your authorised stay.
After each time period expires, your data is automatically erased.
As the fingerprint scans of travellers requiring Schengen visas will already be in the Visa Information System, they will not be stored again in the EES.
In the case of non-EU nationals who are family members of EU, EEA, or Swiss nationals who are travelling to a state other than the state of their nationality, or who already reside there, and who are accompanying or joining these EU, EEA, or Swiss nationals, each entry, exit, or refusal of entry record will be stored for one year following the date of the exit record or of the refusal of entry record.
How can you find out how much longer you can stay in European countries using the EES and what happens if you overstay?
You have the right to receive information from passport control officers on the maximum remaining duration of your authorised stay.
Once EES is operational, you will be able to consult an online tool available on the EES website and/or consult the equipment installed at the border crossing points (if available).
If you stay for longer than permitted, you will be identified as an ‘overstayer’ and your data will automatically be added to a list. Competent national authorities authorities (passport control officers, immigration officers, staff issuing visas, etc.) can access this list.
If you are added to the list of overstayers, other consequences can apply depending on national legislation in place in the respective European country using EES (e.g. you may be removed from the territory; you may be subject to administrative fines or detention; you may be prevented from re-entering the EU in the future.)
If, as an overstayer, you provide credible evidence to the competent authorities, such as border authorities or immigration authorities, that you exceeded the authorised duration due to unforeseeable or mitigating circumstances (e.g. hospitalisation due to a serious injury), your data can be amended in the system and you can be removed from the list.
The calculation of the duration of the authorised stay and the generation of alerts to European countries using the EES when the authorised stay has expired do not apply to non-EU nationals who are family members of EU, EEA or Swiss nationals who travel to a state other than the state of their nationality, or already reside there, and are accompanying or joining the EU, EEA or Swiss national.
What rights do you have with respect to your personal data?
You have the right to:
- Request from the controller access to data relating to you
- Request that inaccurate or incomplete data is corrected
- Request that unlawfully processed personal data that concern you is erased and/or that the processing thereof is restricted
To exercise any of the rights listed in points (1) to (3), you must contact a data controller (e.g. the entity responsible for processing your data) or data protection officer in any of the European countries using the EES, preferably the ones to which you travelled.
You can find the relevant contact details for the European countries using the EES on this site (will be made available at a later stage).
Where should you submit personal data-related complaints?
You can lodge a complaint with:
- The supervisory authority of the European country using the EES in charge of processing your data (e.g. if you believe that the country has recorded your data incorrectly). (The contact details will be made available at a later stage.)
- The European Data Protection Supervisor for matters related to data processing by European Agencies, for example:
- Frontex: the European Border and Coast Guard Agency hosts the central unit operating the European Travel Information and Authorisation System (ETIAS) relevant for the visa-exempt non-EU nationals
- European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice - eu-LISA: the European Union's Agency that through technology supports EU countries' efforts for a safer Europe
- Europol: the European Union's Law Enforcement Agency aims to achieve a safer Europe for the benefit of all the EU citizens
Lodging a complaint means that you can submit a formal request for a new assessment of your data protection rights, for instance, if your query to the data controller to access, delete or amend your data is refused.