Is the EU's new law on travel authorization for non-EU citizens creating a brave new world?

Professor Steve Peers, University of Essex

Introduction

A new European Union (EU) law regarding travel authorization for non-EU citizens visiting the EU was recently announced. This new law will impact millions of travelers annually, potentially including British citizens post-Brexit. This law, though not immediately applicable, holds significant future implications. This explanation aims to clarify its reach and functionality. (Update: the final law was officially published in September 2018).

Basics of the system

It’s crucial to understand that this travel authorization is not a visa. While serving a similar purpose to a short-term visa in pre-determining entry eligibility, the application process will be simpler, cheaper, and valid for a longer duration.

Another important aspect is understanding which countries are affected. This involves two perspectives: the countries implementing the law and the citizens subject to it.

Firstly, the countries implementing the law are those fully adhering to the Schengen system. This encompasses all EU members except the UK, Ireland, Cyprus, Romania, Bulgaria, and Croatia, although the latter four are obligated to eventually join. It also includes non-EU Schengen-associated countries: Norway, Iceland, Liechtenstein, and Switzerland.

Citizens subject to the travel authorization are those from non-EU countries a) not already requiring a visa to enter the EU and b) without a free movement agreement with the EU. Consequently, British citizens visiting the EU after Brexit will require this authorization unless visiting Ireland or other non-Schengen EU countries. However, an exception exists for the UK during the post-Brexit transition period due to the continued application of free movement during this time.

This new development aligns with the broader framework of UK/EU immigration arrangements after Brexit. While UK citizens likely won’t need short-term visas, they will likely be subject to this travel authorization law and other EU border control measures as non-EU citizens without free movement rights. This includes losing access to fast-track lanes at external borders. A reciprocal exception could be negotiated, but this depends on the willingness of both the UK and EU.

Characterizing the application of this law to UK citizens as “punishment” from the EU is inaccurate. The UK government seeks non-EU status without free movement, and the EU will treat the UK accordingly. The UK will actually have a more favorable arrangement than many non-EU countries whose citizens require visas.

However, it’s important to remember that this new law extends beyond the UK, impacting numerous other non-EU countries, including the USA, Canada, Australia, New Zealand, Japan, South Korea, Israel, and many states in the Caribbean, Latin America, and those bordering the EU to the east.

The law will also apply to certain non-EU citizens currently exempt from visa requirements under specific circumstances, such as school pupils, refugees, armed forces members, and non-EU family members of EU citizens without residency cards based on EU free movement law.

Conversely, it won’t apply to other non-EU citizens, such as refugees and stateless persons within a Member State; non-EU family members of EU citizens with residency cards; individuals with residency permits from a Schengen state, uniform (Schengen) visas, or national long-stay visas; and several other specific categories.

UK citizens residing in the EU27 before Brexit will need their rights, as stipulated in the Brexit withdrawal agreement, to be confirmed by a Schengen state residency permit to utilize these exemptions when returning to Schengen countries.

When will the new travel authorisation system apply?

Formal adoption of the new regulation is expected within a few months. While technically effective twenty days post-adoption, the system’s database requires time for setup. Therefore, implementation hinges on the Commission’s assessment of various factors, including the enactment of other proposed EU laws related to database interoperability, adoption of implementing measures, and successful system testing. While a precise timeline remains uncertain, experience suggests a potential delay of several years.

During the initial six months post-implementation, the system will be optional. This period may be extended by the Commission for another six months, renewable once. Subsequently, a six-month grace period will be granted, allowing border guards to make exceptions for entry without valid authorization. This grace period can also be extended by the Commission for an additional six months.

Process for the applicant

Applicants must apply for travel authorization via a website or mobile app “sufficiently in advance of any intended travel,” or, if already within a Schengen State, “before the expiry of the validity of the travel authorization.” Those with valid authorization can reapply 120 days (about four months) before expiry. The system will “automatically inform” authorization holders via email about upcoming expirations and renewal options. Applications can be submitted by the traveler or an authorized third party.

The application requires personal details such as name, birth date, birthplace, gender, nationality, parents’ names, travel document information, contact information, education level, occupation, and intended Member State of stay. Applicants must also disclose any criminal convictions, time spent in war or conflict zones, and previous requirements to leave any EU visa-whitelist country or Member State territory within a specific timeframe. Additional questions may follow based on these answers. The application fee is €7, with exemptions for individuals under 18 or over 70 and family members of EU citizens.

Upon submission, the application data undergoes automatic comparison with various databases, including the Schengen Information System (SIS), the planned Entry/Exit System (EES), the Visa Information System (VIS), and others. This process aims to verify the applicant’s identity, security risk, and immigration history.

Applications without any “hits” during this process will receive automatic travel authorization. In case of a “hit,” further examination will be conducted to determine its validity. Genuine “hits” will prompt a review by national authorities, potentially involving additional inquiries or consultations with other Member States or Europol. A decision on each application must be made within 96 hours (four days) unless further information or an interview is necessary.

Applicant profiling will be conducted based on pre-determined screening rules, derived from statistical analysis of various factors like overstay rates, travel authorization refusal rates, correlations between application information and immigration breaches, specific security threats, and epidemiological risks.

These rules, established by Frontex, will utilize various factors such as age, gender, nationality, residence, education, and occupation to assess risk. However, profiling based solely on protected characteristics like sex, age, race, ethnicity, religion, or political opinion is strictly prohibited.

A “watchlist” will be compiled, containing individuals suspected of involvement in terrorist or serious criminal offenses, or those deemed likely to commit such acts in the future. Inclusion on this watchlist requires “factual indications or reasonable grounds” based on a comprehensive assessment of an individual. The watchlist, updated at least annually, will contain detailed personal information.

Granting or refusing a travel authorisation

Travel authorization will be granted if “no factual indications or reasonable grounds” exist to suggest the applicant presents a security, illegal immigration, or high epidemic risk. Issuing authorization with a flag recommending an interview with border guards upon arrival is also possible. Authorization will typically remain valid for three years, contingent upon the travel document’s expiry date.

Conversely, travel authorization will be denied if the applicant meets certain criteria, such as using a reported lost or stolen travel document, posing a security or immigration risk, presenting a high epidemic risk, being flagged for entry refusal in the SIS, or failing to respond to requests for additional information or attend an interview. Additionally, reasonable doubts regarding the authenticity of the application, supporting documents, or applicant statements can lead to refusal.

Applicants can appeal refusals to the deciding Member State. A previous refusal doesn’t automatically lead to subsequent rejections, as each application will be evaluated individually.

Applicants will be notified of the decision on their application, receiving details regarding travel conditions for approvals or grounds for refusal and appeal procedures. Decision details will be documented in the ETIAS database.

Provisions exist to annul or revoke a travel authorization if conditions for issuance were not met or are no longer met. Notifications, appeals processes, and database records apply to annulments and revocations. Applicants can also request revocation.

Similar to Schengen visas, limited territorial validity travel authorization can be granted under specific circumstances, such as humanitarian grounds, national interest, or international obligations. Unlike the standard three-year validity, these authorizations last for 90 days.

The new law empowers transport companies to verify passenger authorization status through the ETIAS database to fulfill their obligation of ensuring passengers possess the necessary immigration clearance. Border control, immigration authorities, national law enforcement, and Europol will also have access to the database.

Data retention in the ETIAS database varies: for approved authorizations, data is kept for the authorization’s validity period; for rejected applications, data is retained for five years from the last unsuccessful application. Applicants can consent to an additional three years of data retention for simplified future applications. General EU data protection regulations apply to the processing of personal data within the system. Data sharing with non-EU countries is restricted, with exceptions for Interpol, expulsion facilitation, or imminent security risks, all subject to strict conditions.

Comments

This new law will significantly impact travel to the EU for individuals from various countries, including the UK. While the process presents minimal inconvenience for those who receive authorization after a short application and a €7 fee, those facing application rejections or delays might experience considerable disruptions, particularly if it affects their personal or professional lives.

The grounds for refusal lack clarity. While refusal based on serious criminal history, verified security threats, or significant immigration violations is justifiable, the law also vaguely mentions the use of algorithms and profiling, which are yet to be defined. Recent events have amplified concerns regarding the use of “big data,” and automated rejections without adequate explanation are unacceptable, especially for UK citizens and those from neighboring countries with established personal and professional ties to the EU.

Barnard & Peers: chapter 26, chapter 27

Photo credit: GTP headlines

*This blog post was supported by an ESRC Priority Brexit Grant on ‘Brexit and UK and EU Immigration Policy’

Licensed under CC BY-NC-SA 4.0