The API/PNR state of play and challenges in Europe
Article by Center for Security Studies, KEMEA
Exploiting travel intelligence for security brings a broad range of different professional disciplines closer together, transferring knowledge between many competences: Border control including Entry Exit System (EES), European Travel Information and Authorisation System (ETIAS) & Advance Passenger Information (API); Visa/migration authorities; Police cooperation; Counterterrorism/Internal Security; Criminal investigation, Passenger Information Units (PIUs); Customs; Carriers and airlines; law enforcement officials, etc., to meet the challenges of the dynamic threat environment. This large scale of actors dictates common tools and approaches. TENACITy works beyond the current state of play, to propose an open architecture, applicable at European level. TENACITy’s vision of strengthening security authority’s role in fighting serious cross-border crimes, amongst others, is to provide for modern and effective tools for exploitation of travel intelligence data by security authorities and to implement and demonstrate a Travel Intelligence Governance Framework that will incorporate a holistic approach to crime prevention.
As a first step, in the context of the TENACITy project, it was considered as necessary to have an in-depth analysis of the current state of play of the processing of PNR and API data in European countries. In this respect, KEMEA prepared and distributed to Passenger Information Units (PIUs) a survey to gather necessary input from PIUs to conduct an in-depth analysis of the existing state-of-play of the technical, and other, capacities of PIUs on the usage of API/PNR data). More specifically, the survey aimed at the identification of i) the level of the implementation of the technical solutions to process PNR and API data, ii) the technical solution developed and iii) the user and system requirements and challenges faced by PIUs.
Twelve EU Member States and two non-EU countries replied to the survey. The majority of the PIUs confirmed that they have an up and running system to process PNR data and API data and highlighted that the existing technological solution covers a big part of their operational needs. In particular, some stressed the usefulness of the historical searches on a case-by-case basis or by comparing PNR data against relevant databases or by processing those against pre-determined criteria in order to identify the yet – unknown criminals.
As for the challenges identified, those vary. In relation to the exchange of PNR data, some mentioned that the exchange of PNR data is not standardised and some PIUs are not using the agreed PIU-PIU template. Most of them highlighted that the data quality is rather poor in order to perform quick and efficient analysis of the data, with an emphasis given at the ‘broken travels’. As a result, they mentioned a number of data that they would wish to become mandatory for the air carriers to collect (for e.g., the date of birth of the passenger was something highlighted). Additionally, some PIUs are already processing PNR data from air carriers that do not support automated transmission yet confirmed that there are limited datasets available to compare those data with. Similarly, the same challenge appears to those who collect PNR data from other modes of transport. Overall, all the PIUs, that participated to the survey, have well set up their systems and other non-technological challenges, like the non-standardised process of exchanging PNR data or the quality of the data are more important. In those challenges, the legal obstacles and the financial challenges shall be added. Many of these challenges can be solved and need to be solved at a legal level. However, the participants have recognised that tools and technological solutions with many automations are needed as they can also solve a part of their operational problems