What you get on a plane, it is not just you and your luggage going on a journey. Data you generate when you interact with travel companies and state agencies goes with you, and is used by a growing number of states for forms of automated surveillance and profiling. This ‘travel data’ is supposed to be used to detect terrorists and serious criminals. However, it also offers states new means to control movement, monitor dissidents and test experimental, invasive technologies.

• ‘Travel data’ refers to personal and other data that is collected from passengers, primarily those travelling by air but also increasingly via other modes of mass transport, such as ferries
• Travel data is used by state authorities to conduct searches against national and international databases and watchlists, feed automated systems to detect people who match certain ‘risk profiles’ or ‘risk scores’, and to generate new risk profiles and other forms of information
• These systems of mass surveillance and profiling are done primarily in the name of counter-terrorism, but states also use these schemes for the investigation and prosecution of other criminal offences
• Many western states have had travel data schemes in place for decades, and since the mid-2010s they have pushed for adoption of global legal and technical obligations by organisations such as the United Nations, the International Civil Aviation Organisation, and the International Maritime Organisation
• Those obligations are now being gradually implemented by states around the world, on every continent and in every type of political system, creating a global network of travel surveillance and passenger profiling that can be used to inhibit or prevent the movement of people deemed ‘risky’ or dangerous by state authorities
• Implementation of travel data schemes is supported by the same organisations that have adopted the standards, along with a range of others such as the Global Counter-Terrorism Forum, the International Organization for Migration and the World Customs Organisation

Travel data schemes offer states a new means for state surveillance and control; require the collection, storage and international sharing of sensitive personal data from hundreds of millions (and potentially billions) of people; are premised on the use of experimental and untested technologies; will reinforce bias and discrimination; undermine basic liberal principles such as the presumption of innocence; and are inherently undemocratic in the way they are designed and implemented

• ‘Travel data’ is used here to refer to two specific types of information:
• Advance Passenger Information (API): information on a passenger and their journey, taken from the passenger’s travel document (generally, a passport) and the transport company’s internal systems;
• Passenger Name Record (PNR, the term used in the aviation sector)/Booking and Reservation Information (BRI, the term used in the maritime sector): information on a passenger and their journey gathered by commercial intermediaries such as booking companies, travel agents or transport companies themselves.
• API is used to conduct searches against databases and watchlists
• PNR is used in more extensive and experimental ways, to detect people who match certain profiles or algorithmic categories, examine the travel patterns or companions of individuals, and to generate ‘risk profiles’ about particular routes, categories of person or other factors
• Both types of data are generally transmitted by transport companies to state entities usually known as Passenger Information Units (PIUs) or “targeting centres”
• The collection, use and exchange of this sensitive personal data between states raises a wide range of issues:
• travel data schemes mean that people require government permission to travel – a far-from-liberal measure, but one that is becoming increasingly normalised;
• “pushing the border out” poses problems for redress and accountability, making it more difficult to people challenge decisions that affect them by relieving states of legal obligations they may have if affected people were present on their territory
• digitally extending state borders also makes dangerous journeys for refugees and others seeking safety ever-more likely, fuelling the market for people smuggling, which is in turn used by states to justify new policing and surveillance powers;
• turning the liberal presumption of innocence on its head, travel data schemes treat everyone travelling a priori as a suspect, or potential suspect;
• automated profiling systems use algorithms that inevitably reflect social and political biases and discrimination, which will impact most heavily upon those already facing discrimination and marginalisation;
• authoritarian, dictatorial and intolerant regimes are setting up these systems with the support of international organisations, offering new opportunities for repression and control;
• in some states, travel data schemes have been set up by decree and without meaningful democratic scrutiny, highlighting the limited or absent democratic input in international counter-terrorism decision-making and implementation.

Advance Passenger Information (API)

API consists of information on a passenger and their journey, taken from the passenger’s travel document and the transport company’s internal systems. Where the necessary legal and technical infrastructure is in place, it is sent by the transport company to state authorities.

The EU’s most recent rules on API and air travel, introduced in 2024, include eight data points on each passenger and nine data points on their flight. International rules on API, meanwhile, are more extensive (both are detailed at the end of this report).

API can be received by state authorities in two ways. The first is known as “batch API.” Through this, “all passenger details for a particular flight are transmitted together, usually upon closure of the flight boarding process, limiting government intervention to the time of arrival.”¹

The second is known as “interactive API” (iAPI). Here, “passenger details are transmitted in real-time to requesting States on a per passenger basis as they check-in.” This “allows for real-time document validation against databases and watch lists.” These systems also allow authorities to transmit messages to transport operators in response to searches against databases – for example, to order that they prevent an individual from boarding a plane. ²

Passenger Name Record (PNR)/Booking Reservation Information (BRI)

PNR and BRI is gathered from commercial intermediaries such as travel agents, and airline or ferry companies. PNR is the term used in the aviation sector, and BRI in the maritime sector.

Multiple types of data can be included within PNR or BRI. The European Union lists 19 potential data points listed in its PNR rules, including passenger name, address and contact information, payment information, and baggage information. However, there are many other forms of data that can be stored in and exchanged by PNR systems. ³

Searches and checks

As noted above, API is used for “document validation against databases and watch lists.” ¹ This might involve, for example, using a passengers’ name, date of birth, or passport number to search police or intelligence databases.

Profiling and screening

Because PNR/BRI contains a broader array of information than API, it is often processed using rule-based screening and other profiling techniques. For example, a state may decide that all male passengers aged between 18 and 35 travelling to and from a particular place via a particular route should be flagged for further inquiry.

Systems such as these are intended to allow the “identification of previously unknown persons of interest, who have been linked to known or suspected terrorists, criminal networks, or other illegal activities,” in the words of the European Commission. ²

PNR/BRI can also enable the mapping and comparison of travel patterns, or assessing which tickets have been bought with the same credit or debit card. The European Commission has explained that:

Examples of such risk-indicators reported by national authorities include the fact that the passengers have booked their tickets using travel agencies known to be used by traffickers or have chosen travel routes that are both longer and more expensive than the routes a person travelling for business or tourism purposes might have chosen. ³

In 2015, the Spanish interior ministry published a set of technical requirements for its national PNR system. Though the system did not ultimately go ahead in this form, the paper gives a good indication of what can be done using the data – or, at least, what states hope can be done with it. The interior ministry wanted a system that could analyse large quantities of structured and unstructured data, to offer analysts an array of information:

• identification of passengers with multiple names;
• identification of patterns in routes and itineraries;
• scoring with risk profiles;
• detection of patterns of behaviour;
• alerts about “suspicious profiles”;
• detection of changes in behaviours;
• collection and analysis of data about activity in the airport, using the “digital footprint” left behind by passengers; and
• creation of “networks of relations.”

The ministry also aimed to combine PNR data with the “continuous” extraction of information from open sources, “principally social networks.” ⁴ 

PNR may also contain API. This is considered beneficial by security officials, as the official data (API) can be used to check the accuracy of the passenger-provided data (PNR).

Information units and targeting centres

Travel data is generally submitted by airlines to a single entity within the recipient state. These entities are often referred to as Passenger Information Units (PIUs) or Border Targeting Centres. The European Commission describes the PIU as “the core of the PNR mechanism.” ⁵

A PIU receives API and PNR data, processes it (by conducting searches and profiling), and communicates the results of that processing to other authorities (such as the police, border or customs agency). They also create new risk profiles and generate new targeting mechanisms, which may be shared with other states, along with data on passengers of interest.

The collection, processing and sharing of travel data by and between states raises a number of issues for individual rights and liberties. It also poses broader questions about democratic process and standards, and the nature of citizenship under contemporary security regimes.

Travel data is used to conduct pre-emptive checks on individuals who wish to travel to another country – if they are deemed unsuitable or ‘risky’, they can be prevented from travelling. In this way, travel data schemes are effectively ‘government permission to travel’ schemes ¹ – a far-from-liberal measure, but one that is becoming increasingly normalised.

This drive to assert control over travellers is part of a broader effort to “push the border out.” ² This relieves states of legal obligations that they may have if a person were physically present on their territory: namely, to provide procedural or substantive rights to that person to challenge the decision to prevent them from travelling. ³

It also makes regular travel for people fleeing war or poverty, who already face multiple barriers to seeking safety, even more difficult. Schemes to digitally – and thus physically – extend states’ borders in this way play a key role in restraining and preventing the free movement of people around the globe, and ensuring that refugees and others seeking safety or opportunity have to engage in dangerous and costly journeys. This fuels the market for people smuggling, which in turn is used by states to justify the adoption new policing and surveillance powers. ⁴

On a more conceptual, but no less important level, travel surveillance and passenger profiling schemes turn the basic liberal principle of the presumption of innocence on its head. They function on an assumption that, a priori, everyone is potentially guilty until proven otherwise. This, in turn, reflects the broader logic of contemporary state security politics: if a person or object has not been thoroughly screened, vetted, profiled and checked, they are deemed to be a potential threat.

Travel data is also used for automated profiling, which essentially involves the calculation of a ‘risk score’ for each individual. This is used to determine whether they should be subject to further attention, search, and/or questioning by the authorities. This raises a whole host of issues, ranging from the possibility of inaccuracies and errors in the data used to generate these scores, to the bias and discrimination that is inevitably reflected in the algorithms used to process the data.

The global push to set up systems for travel surveillance and passenger profiling is coming from international organisations that are ostensibly designed to upheld a liberal democratic international order. However, many of the states within that order are far-from democratic – a problem that is getting worse as a growing number of authoritarian and far-right parties come to power across the globe. The programmes and projects supporting national surveillance and profiling schemes do not appear take this problem into account sufficiently – if at all.

New tools for the monitoring and control of individuals are being handed to states with appalling human rights records, offering them new possibilities to undermine civic space and fundamental freedoms to speech, association, assembly and more. This is a problem that requires serious investigative work at national level, to understand the real-life impact of these systems on dissidents, trade unionists, community organisers and others.

The people affected by these schemes – a number that runs into the hundreds of millions, and potentially billions if they are set up in every UN member state – are also like to face serious problems with redress. [link to redress piece] Sensitive personal data will be transmitted to foreign states, who may not even grant rights to foreign nationals to seek access to, rectify or delete their personal data. Where they do, procedural obstacles may well stand in the way of meaningful redress: language barriers, a lack of legal aid, and problems with understanding a foreign legal or administrative system.

The ways these schemes are designed and implemented also poses problems for democratic standards. Evidently, many of the states that receive support from international organisations are not democracies – but many are. Some governments have resorted to using executive decrees to implement their national systems “while the parliamentary process was pending or lagging,” according to the Parliamentary Assembly of the Organisation for Security and Cooperation in Europe. ⁵ International counter-terrorism obligations have thus been used by governments as a way to bypass democratic procedure.

Even where democratic procedures are respected, and national laws establishing travel surveillance and passenger profiling systems are set up with transparency and the potential for public participation, they bear anti-democratic hallmarks. The laws, standards and practices have generally been agreed by international organisations subject to limited, if any, democratic input.

Counter-terrorism is far from the only policy area in which this problem arises, and this is not the first time the problem has arisen in relation to counter-terrorism policy. ⁶ Nevertheless, the ongoing spread of travel surveillance and passenger profiling schemes provides a stark reminder of how little meaningful democratic input and oversight there is of global counter-terrorism policymaking.

This problem is compounded by the increasing translation of legal obligations into technical standards. This first took place in the realm of air travel, through changes to the Chicago Convention on civil aviation. The same is now taking place with maritime travel, through changes to the Convention on Facilitation of International Maritime Traffic. This shifts controversial norms from a the world of politics to one of technical standards and business requirements. The effect is to depoliticise invasive surveillance and profiling schemes, whilst rendering them even more difficult to challenge.

Key points

• Travel data schemes were initially promoted bilaterally by the USA after 9/11, but there are now global legal and regulatory obligations in place
• These obligations stem from:
• UN Security Council Resolutions
• the Chicago Convention on International Civil Aviation
• the Convention on Facilitation of International Maritime Traffic
• These are leading to the gradual but widespread adoption of travel data schemes – in 2024, the number of states around the world with both API and PNR systems in use for air travel was around 60 in 2024
• The inclusion of standards on API and PNR in international conventions on civil aviation and maritime transport has important effects:
• it depoliticises them, turning them from controversial and contestable political and legal norms into technical standards that become normalised as business requirements for transport companies;
• this translation into technical standards also wraps them in specialised, bureaucratic institutions and agencies that are not necessarily open, accessible or amenable to human rights advocacy or campaigning.

State interest in access to travel data increased following the 9/11 attacks in the United States, ostensibly as a way to track and curtail the movement of alleged terrorists, though the possibilities for control offered by these schemes are far broader. The USA engaged in significant diplomatic efforts in the years that followed, calling on other states to adopt API and PNR laws.

Until 2006, these efforts focused almost entirely on European states, but the US government soon began to gather information on and offer assistance to other countries. ¹ This shift followed an increase in funding for a foreign assistance scheme run by the Department of Homeland Security. ²

In Europe, the USA’s diplomatic push often fell on welcoming ears. An EU Directive on API was adopted in 2004 ³ and was upgraded early in 2024. ⁴ A law on PNR was adopted in 2016, before facing a legal challenge in 2022 that placed certain limitations on it. ⁵ Nevertheless, it remains in force, and most EU member states have not implemented the changes required by the court. ⁶

The ultimate goal, however, was for the worldwide adoption of API and PNR systems. There are now global legal obligations in place that may, eventually, see that achieved. These are examined below. Their practical implementation – which is often the result of training, technical expertise and other forms of assistance provided by international organisations – is examined in the subsequent section.

It is important to note that these global legal obligations are representative of a shift in strategy. Until 2016, the emphasis was primarily on the adoption of national legislation (or, in the case of the EU, supranational legislation). Bilateral pressure – for example, from the US – often played a role in the adoption of such laws.

The global legal obligations now put in place still have to be implemented by national legislation. However, since 2016 there has also been a concerted effort by powerful states and global institutions to have these legal norms translated into technical standards. This is clearest in the cases of the changes to the Chicago Convention and the Convention on Facilitation of International Maritime Traffic discussed below.

The results in these norms becoming depoliticised through transfer to specialised institutions and bodies – for example, those dealing with civil aviation and maritime transport rules. Issues that should have been the subject of open, democratic debate become submerged in bureaucratic jargon and niche requirements. As the legal scholar Gavin Sullivan has noted:

What might once have been framed as a normative clash between collective security and human rights can now readily be reframed as a foreseeable consequence of global aviation standards applicable to all airline passengers as part of the very condition of their carriage. Technical reframing takes this juridical and political conflict towards a rather different and specialised space with its own functional interests, expert vocabularies, structural biases and patterned institutional practices.⁷

He goes on to argue that through this process, “international law becomes increasingly fragmented and marginalised,” as seemingly ‘technical’ actors take on an important role in the enforcement of global security norms. This is undoubtedly beneficial for those who advocate for a global system of pre-emptive security premised on surveillance, profiling and computerised risk assessment. For those who wish to see different models of security, it makes challenging and contesting those norms far more difficult.

In 2014 and 2016, the UN Security Council approved binding resolutions ¹ that “called upon” UN member states to set up travel surveillance systems, in particular by collecting API.

In 2017, that recommendation was turned into a requirement. A Resolution adopted on 21 December of that year ² declares that “Member States shall require airlines operating in their territories to provide API to the appropriate national authorities.” States should use API to detect the arrival, transit or departure of “foreign terrorist fighters” or individuals on the UN terrorist sanctions lists, says the text.

The 2017 Resolution was also the first time PNR was mentioned by the Security Council. The text includes a requirement for member states to “develop the capability to collect, process and analyse… [PNR] data and to ensure PNR data is used by and shared with all their competent national authorities.” The stated aim of collecting PNR is “preventing, detecting and investigating terrorist offenses and related travel.”

A 2019 Resolution broadened the scope of these activities beyond terrorism. It says that travel data should be used to “help security officials make connections between individuals associated to organized crime, whether domestic or transnational, and terrorists, to stop terrorist travel and prosecute terrorism and organized crime, whether domestic or transnational.” ³ Individual states, however, may make use of travel data systems for even broader purposes – the authorities in Fiji, for example, have claimed they will use them to deal with undocumented workers. ⁴

Prior to the introduction of legal obligations on API and PNR by the Security Council, the International Civil Aviation Organisation had begun work on the issue. This was the result of pressure from various states and organisations, including UN Security Council officials, as part of a push to have airlines help enforce the travel bans required by international terrorism sanctions. ¹

However, the ultimate effects go beyond simply those subject to international sanctions. In April 2016, representatives of the Netherlands and the International Air Transport Association (IATA, “the trade association for the world’s airlines” ²) also called on the ICAO to introduce new rules on API. ³ An IATA working paper noted “the potential value of API data to support pre-arrival/departure risk assessment activities which measurably improve border control effectiveness.” It noted five “specific benefits” to API systems:

• Watchlist screening: standardised API data allows states to carry out checks against national and international watchlists and databases;
• Integrated border management: API data supports the work of “a number of border security agencies”;
• Automated border control: “API allows for risk-based, data-driven immigration processing, allowing low-risk passengers to be steered through ABC gates”;
• International cooperation: standardised API datasets “will facilitate international data sharing and analysis on cross-border movements”;
• Travel history and analysis: standardised datasets may make it possible to eliminate paper embarkation and disembarkation cards. ⁴

In September 2018, discussions began on introducing an international Standard for PNR. Later that year, a US representative echoed the call at the ICAO’s High-Level Conference on Aviation Security. They urged “widespread use of PNR to help identify high-risk and potential terrorist travel prior to arrival on our collective shores.” ⁵

New rules contained in Annex 9 to the Chicago Convention eventually became applicable in February 2021. ⁶ With regard to API, Annex 9 says that each signatory state “shall establish” an API system. This “shall be supported by appropriate legal authority (such as, inter alia, legislation, regulation or decree) and be consistent with internationally recognized standards for API.” ⁷ There is also a recommendation for states to set up an interactive API (iAPI) system, which allows swifter data exchange between airlines and the authorities. ⁸

With regard to PNR, each signatory to the Chicago Convention is obliged to “develop a capability to collect, use, process and protect Passenger Name Record (PNR) data for flights to and from its territory supported by an appropriate legal and administrative framework (such as, inter alia, legislation, regulation or decree).” ⁹

Many people seeking to travel internationally may face unwarranted questioning, interrogation, detention or refusal of entry due to the nature of automated risk assessment and screening systems. Even those who are not are, de facto, treated as suspects, simply by virtue of getting purchasing a plane ticket. Sensitive personal data may be transferred to a range of jurisdictions with wildly differing standards on data protection and security. And the numbers of people involved are vast. In 2024, airlines carried 9.5 billion passengers, many of whom will have been travelling on international journeys.¹⁰

Box 1: Standards and Recommended Practices

The measures contained in Annex 9 of the Chicago Convention are formally known as Standards and Recommended Practices (SARPs). As of 2019, there were some 12,000 SARPS across the 19 different annexes to the Convention. ¹¹

According to the European Commission: “Standards are specifications for which a uniform application is considered necessary, whereas Recommended Practices are not mandatory,” though their uniform application is deemed “desirable”. ¹² One ICAO official considers that signatory states “have an obligation to secure, to the highest degree possible, compliance with these SARPs”

Many scholars consider SARPs a form of “soft law”, which need to be given effect through national rules and regulations. ¹³ The ICAO’s Universal Security Audit Mechanism is designed to monitor compliance with SARPs, and for recommending changes, where deemed necessary. ¹⁴ Francesco Giovanni Albisinni, an expert in administrative law, has described the type of regulatory regime governed by the ICAO as sitting at “the crossroads between bureaucratic, technical power, and political authority.”¹⁵

States that do not meet audit requirements will face warnings to change their practices. Given that the ICAO will also send warnings about their failings to airlines – who may decide they no longer wish to operate at an airport deemed incompliant – there is a powerful incentive for states to stay in line.

States and international organisations are currently working to transpose counter-terrorism and security norms into international maritime transport standards. As with aviation standards, this will transform a political issue into a largely technical one. A topic that should be the question of political contestation and debate will become embedded within layers of bureaucracy and niche expertise, making it harder to challenge, whether legally or politically.

In 2019, a working group of the World Customs Organisation (WCO) called for harmonised international passenger data standards for cruise ships, to enable advanced risk assessment and the “facilitation” of journeys. These changes were needed, the working group argued, because of ongoing annual increases in the number of cruise passengers. They also raised the risk of drug trafficking, of which there were multiple known cases by both passengers and crew on cruise ships. Trials of advanced passenger screening by the Australian and New Zealand authorities had been successful, the report noted, but “a harmonised data standard” would be of benefit. ¹ 

By the time a dedicated WCO working group on “passenger facilitation and control” was set up in 2021, the COVID-19 pandemic was being invoked as a further justification for advanced screening, profiling and control measures. In 2021, the WCO made a proposal to the International Maritime Organization (IMO, a UN agency ²) to introduce obligations for “cruise ships and later ferries” to provide both API and PNR to state authorities.

The proposal was discussed within the IMO in June 2021. Some member state delegations noted that any changes needed to take into account the potential impact on data protection and freedom of movement. Others called for standards to be aligned to existing US and EU schemes for air transport. A delegate from the UN Office of Counter Terrorism was present, and highlighted the importance of harmonised maritime passenger data standards. ³

Work drawing up those standards went back and forth between various committees and working groups in the IMO and WCO for the next few years. In January 2024, Australia and the WCO called on the IMO to amend the Facilitation Convention as a matter of “urgency.” This urgency, they said, was due to:

…the increase in risk from ʺbroken travelʺ, i.e. when passengers or crew travel using more than one mode of travel, but data for risk assessment purposes is only available on part of that journey. Harmonizing data elements across different modes of transport, such as aviation and maritime could reduce costs to industry and allow government authorities to work more efficiently in risk assessing travellers at the border. ⁴

As a result of this work, in spring 2024, the IMO updated a document called the IMO Compendium. This sets out data standards for the shipping and ferry industry, covering everything from controls on cargo and pollution reporting, to requirements for passenger data. A new dataset was introduced for API, with more extensive requirements than its counterpart in the aviation sector – for example, data on ferry passengers’ vehicles also has to be included, if available.

However, inclusion in the Compendium does not make transmission of API data mandatory. That requires amendments to the Convention on the Facilitation of International Maritime Traffic. In December 2024, ten IMO member states ⁵ and the WCO submitted detailed proposals for potential amendments to the Convention. A working group was subsequently established by the IMO, to draft proposals in time for a meeting in March 2026.

Those amendments would make the transmission of API on maritime passengers to state authorities mandatory. The transmission of PNR (known in the maritime sector as Booking & Reservation Information, or BRI) would at first be recommended, and subsequently made mandatory. If the working group’s amendments are adopted by the relevant IMO committee, they will likely enter into force on 1 January 2029. ⁶

Any changes to the FAL Convention will be implemented by member states and overseen by the IMO through an audit process similar to that used by the ICAO. ⁷ Global implementation will undoubtedly take years. Information exchange on shipping and maritime transport still relies heavily upon paper-based documentation, though this is changing: an international legal obligation to exchange information between carriers and ports electronically only came into force in 2019. ⁸ 

The number of people affected by these changes will be substantial. The ferry industry lobby group, Interferry, says that at least 4.27 billion passengers travelled by ferry worldwide in 2019. ⁹ A substantial number of those passengers will have travelled on international journeys, where the screening and profiling requirements will take effect.

The direction of travel is clear. After air and maritime transport, the introduction of mandatory travel surveillance and passenger profiling of other forms of transport is likely to creep higher up the international agenda. The USA already collects travel data from rail and coach passengers entering the country, ¹⁰ the topic has been on the EU’s agenda for years, ¹¹ and the OSCE is now included the topic of rail and road travel in its international seminars (see below). Ultimately, the logic underpinning the global security architecture is one of an ever-tightening net, that seeks to have all people crossing international borders tracked, monitored and pre-emptively profiled.

[IMAGE: travel-data-icao-trip-global-standards.jpg]

The Organisation for Security and Co-operation in Europe (OSCE) is “the world’s largest regional security organization,” with 57 member states from Europe, Central Asia and North America. Its work deals with “a wide range of security-related concerns,” covering topics including “arms control… human rights, national minorities, democratization, policing strategies, counter-terrorism and economic and environmental activities.” It does not create or approve any legally binding instruments, but instead seeks to create political consensus amongst member states. ¹

The OSCE’s Ministerial Council, made up of member states’ foreign ministers, is “the central decision-making and governing body of the OSCE.” ² In December 2016, the Council approved a Decision on enhancing the use of API. This sets out a series of political commitments for member states to establish API systems in line with international standards. ³ The Decision followed an October agreement between the OSCE and the International Air Transport Association (IATA, the lobby group for the world’s airlines), which included a commitment to joint work on “harmonized passenger data exchange programs” and other issues. ⁴

The December 2016 Decision says that OSCE states “commit to,” amongst other things:

• establishing API systems, in accordance with ICAO requirements;
• consider establishing interactive API (iAPI) systems; and
• “establish automated cross-checking of this data against relevant national, regional and international watch lists, in particular Interpol databases and UN Sanctions Lists.”

The OSCE’s executive structures were tasked by the Decision with supporting efforts to “raise awareness” of the relevant UN Security Council resolutions, and supporting member states in establishing API systems. This is precisely what happened when the OSCE established a number of informal working groups designed to support the establishment of national API and PNR systems, examined further below.

National and regional legislation

International legislation and standards still require national implementation. This process has been ongoing for years, and it will take many more before every UN member state has the requisite systems in place – particular given the addition of maritime, and likely then rail and road travel, to the obligations placed on states.

According to a 2024 report by the UN Security Council’s Counter-Terrorism Executive Directorate, with regard to air travel there are 100 states around the world an API system in place, 67 with a PNR system, and 63 with both.

In the last three years alone, at least 14 new states have approved or initiated legislation designed to set up travel surveillance and passenger profiling systems. This includes India, Kenya, Nigeria, Ghana, the Philippines, Somalia and many others from across the globe, demonstrating that this is no longer simply a trend limited to the ‘west’. ⁵ Regional organisations such as the Caribbean Community (CARICOM) and the European Union have also approved legislation designed to apply more-or-less uniformly across their member states.

A number of civil society organisations engaged in advocacy at the UN to try to ensure that international legislation – such as the resolutions that introduce travel data obligations on all member states – include human rights protections. While this work is vital, it is also the case that these systems can be implemented with human rights protections in place – for example around privacy and data protection – yet still, de facto, violate human rights. This is particularly so when national legislation does not offer foreign nationals meaningful avenues for redress; or if travel data were to be used by a government to monitor or interdict dissidents, trade unionists or others seen as ‘subversive’.

It also remains the case that it is at national level where individuals and organisations have the most substantial opportunities to challenge policy and legislation. The most prominent case study with regard to travel data systems is the EU, where a court challenge brought by the Belgian organisation Ligue des droits humans saw the court set out a number of changes required to bring the Passenger Name Record Directive into line with fundamental rights standards.⁶ So far, most EU member states have not taken the steps required.

Bringing a court case in the first place is a lengthy, complex and costly process. Having the judgement implemented properly is even more difficult. That is why this research has resulted in more questions than answers about the ways and means available to challenge the development of a global security architecture. Some routes of challenge and redress are available, but they leave the fundamental aspects of the architecture untouched. This is a long-term question that requires in-depth organisation, planning and strategizing.

The legal obligations, standards and recommended practices set out above have to be implemented by states. International organisations, as well as a number of wealthy states, have set up and supported a range of programmes and projects to support to the national development of travel surveillance and passenger profiling infrastructure. These cover a wide range of the infrastructure needed: from support with drafting legislative “roadmaps” and advice on data protection, to the provision of software and the exchange of “good practices” through technical assistance projects. Dozens of states around the world have so far been beneficiaries. The sections below examine the work undertaken by some of the main organisations involved in these efforts, and highlight key problems for rights, liberties and democratic standards.

Key points

• International organisations and wealthy donor states are supporting the establishment of legal and technical infrastructure for travel surveillance and passenger profiling at national level
• Institutions involved include:
• the Global Counter-Terrorism Forum and the International Organization for Migration, focusing on the production of guidance documents, training and the exchange of “good practices” between national officials;
• the Organised for Security and Cooperation in Europe and the UN Countering Terrorist Travel Programme support the drafting of legal and technical “roadmaps” and action plans;
• the United Nations Countering Terrorist Travel Programme and the World Customs Organisation provide software for processing travel data, with plans to include enhanced functions based on machine learning and artificial intelligence, raising a range of new risks to rights and liberties.
• Countries supported by these institutions range from nominally liberal democratic states, to authoritarian and dictatorial states with appalling human rights records;
• Even where national parliaments and civil society are able to play a role in debating and informing legislation, they are in many ways presented with a fait accompli
• Legislation is decided and agreed in accordance with international law and technical standards, raising serious questions over how to challenge the spread and normalisation of travel surveillance and passenger profiling.

The Global Counter-Terrorism Forum was set up on the initiative of the USA in 2011. It describes itself as “an informal, apolitical, multilateral counterterrorism (CT) platform that contributes to the international architecture for addressing terrorism,” supporting the UN’s work by providing a “platform for CT officials and practitioners around the world to share expertise and strategies and to develop widely applicable good practices and tools. ¹

Bibi van Ginkel notes that the GCTF “emerged at a time when the general perception was that the United Nations was too rigid, political, and bureaucratic to respond effectively to terrorism threats considered urgent, imminent, and dynamic.” ² In response, the GCTF claims to take an “anticipatory and nimble approach,” ³ though van Ginkel argues that cooperation between the GCTF and UN counter-terrorism bodies has not been entirely successful.

Whether or not this is the case, the GCTF has put significant effort into advancing international policy and national practice on a wide range of counter-terrorism policies, including the surveillance of travel and profiling of passengers. At least five papers produced by the agency have advocated for the establishment of API and PNR systems for both maritime and air travel. ⁴

These papers are the result of initiatives launched by GCTF members, and seek to inspire changes in national government policy and practice – for example, by setting out recommendations, guidance and advice. They don’t have the binding force of law, but the production of norms in this manner avoids the lengthy bureaucratic wrangling of formal law-making whilst isolating state activity from public and democratic scrutiny and oversight.

GCTF initiatives and papers may be welcomed by other intergovernmental entities – for example, the G7 ⁵ – but they are also referenced in legally-binding texts, such as UN Security Council resolutions. This provides an official stamp of legal approval for informal, intergovernmental policy proposals. For example, the UN Security Council’s 2017 resolution introducing legal obligations on states regarding watchlisting, biometrics and travel surveillance, approvingly cites the work of the GCTF. ⁶ In 2018, the USA and Morocco partnered through the GCTF to launch an initiative on terrorist travel, which was launched “on the margins of the UN General Assembly.” ⁷ The following year, the UN launched its own Countering Terrorist Travel initiative, part-funded by the USA and a host of other states. ⁸

This kind of legitimation can run in both directions. A GCTF paper on maritime security referred to the WCO’s development of new standards for the surveillance of maritime transport and passengers, saying it would “significantly enhance international standards for maritime security by aligning global standards and leveraging the benefits found in aviation through creating a standardized model for advance traveler data and data protection.”

To take its proposals and recommendations from paper to practice, the GCTF organises a variety of workshops and training sessions. For example, through the Maritime Security and Terrorist Travel Initiative, the GCTF has hosted a series of regional webinars targeting states in the Caribbean, Mediterranean, South East Asia, and elsewhere: “The aim is for counterterrorism practitioners to increase their understanding of relevant international maritime security protocols and practices and to consider how to address gaps within existing counterterrorism and border security frameworks to specifically address the terrorist risk.” ⁹

he International Organization for Migration (IOM) is an intergovernmental agency that, like the World Customs Organisation, has its roots in post-World War II Europe. Since 2016, it has been part of the UN system and is often described as the UN’s migration agency. Its stated goal is “promoting humane and orderly migration for the benefit of all.” Part of this effort now includes the implementation of global counter-terrorism and security policies, which are heavily focused on the digitalisation and reinforcement of national borders.

Since 2016, the IOM has assisted the International Civil Aviation Organisation in its efforts to improve “traveller identification,” including through support to the establishment of national API and PNR systems. ¹ This work went a step further in 2022, when the IOM and the UN Office of Counter-Terrorism (UNOCT) signed a memorandum of understanding aimed at continuing that work in coordination with the UN’s Countering Terrorist Travel Programme (see below). ² The IOM is also an observer in the UN’s Global Counter-Terrorism Coordination Compact, which brings together 46 UN entities in an attempt to coordinate the organisation’s sprawling counter-terrorism efforts. ³

The IOM’s cooperation with the ICAO appears to have been heavily focused on offering technical assistance to states, including “legal and IT assessments; regional technical consultations; validation workshops on assessment results, forming and facilitation national API working groups.” ⁴ An article by Florian G. Forster, who in 2019 was head of Integrated Border Management at the IOM, wrote that the organisation:

provides technical and legal advice, assists with procurement tenders and helps countries to build capacities to make better use of traveller data by strengthening analytical and risk assessment capabilities. ⁵

Official reports offer little insight into precisely how the IOM carries out its role in collaboration with the UNOCT, though it appears that at least some of the work involves supporting the establishment of informal regional working groups on API and PNR. ⁶ At the time the memorandum between the two entities was signed, UNOCT official Raffi Gregorian said:

IOM brings a wealth of added value to the CT Travel Programme including its global footprint of regional and country offices, and its long-standing relations with relevant law enforcement agencies through existing border management programmes. ⁷

IOM provides training on topics such as “data protection and ethical data use” as part of its work border controls, which is seen as beneficial to the deployment of travel surveillance systems. After a recent training course in Trinidad & Tobago, Michael Jones, an official from the Caribbean Community (a regional organisation with 15 member states), said:

As we embrace the complete operationalization of Passenger Name Record (PNR) systems across the Caribbean by 2026, this training was critical to building the human infrastructure needed for intelligence-led border security, enhanced inter-agency co-operation and the protection of personal data in keeping with international standards. ⁸

IOM is also involved in other efforts to develop the global security architecture. It supplies hardware and software for “border management”, in the form of the Migration Information and Data Analysis System (MIDAS) to a number of states around the world. As examined in more detail elsewhere in this research [link to watchlisting piece], MIDAS can be made ‘interoperable’ with the UN’s goTravel system, along with an array of other national and international databases and information-sharing systems.

Following the adoption of the December 2016 Ministerial Decision on API, the OSCE began organising a range of events and activities to support member states in setting up travel surveillance and passenger profiling systems.

Alongside the UN’s Office of Counter-Terrorism, the OSCE’s Transnational Threats Department has organised eight international seminars on passenger data exchange. The most recent of these was held in Vienna in November 2024. It hosted discussions on “good practices in legislation, including human rights implications, operations and security analysis,” with “a particular emphasis… on data privacy, the role of data protection officers, and conducting privacy impact assessments.” ¹

While the seminars initially only focused on air travel, discussions have extended over time to other modes of transport. Publicity for the 2021 event noted that one topic on the agenda was “Enhancing Travel Security Across All Modes – Next Steps for Maritime Travel.” ² By 2022, this had expanded to include “road/rail travel” as well. ³

The OSCE is not simply a talking shop. It has supported at least 12 national governments in drafting “roadmaps” and action plans for establishing national travel surveillance systems. ⁴ Amongst those countries are Turkmenistan, an outright dictatorship; and Uzbekistan, where the UN has raised concerns about “political prisoners, impunity for torture [and] forced labour” in the country. ⁵ The most recent presidential election suffered “significant procedural irregularities,” according to the OSCE itself. ⁶ Civil society organisations have highlighted severe restrictions on freedom of association, speech and assembly. ⁷ The OSCE asserts that Uzbekistan’s travel surveillance system “fully [respects] citizens’ right to privacy.”⁸ Whether the country’s authorities respect their citizens’ right to privacy or not is another question.

Other organs of the OSCE have raised serious concerns about the anti-democratic way in which some states have established API and PNR systems. In 2020, the Parliamentary Assembly of the OSCE said that “several countries’ governments enacted decrees to set up the required systems/mechanisms” for travel surveillance “while the parliamentary legislative process was pending or lagging.” ⁹

To put it another way: governments bypassed democratic procedures to meet their international counter-terrorism obligations. The report recommended that decrees be “replaced by comprehensive legislation adopted by national parliaments with the intent to ensure wide political participation and full democratic control over the new legislation.” ¹⁰

Of course, even where political participation and democratic control are possible, it will be limited by design: technocratic roadmaps designed in accordance with the requirements of international organisations do not allow for any substantial degree of divergence by national states. Not only do travel surveillance and passenger profiling systems offer governments new means of surveillance and control; their introduction may also be profoundly anti-democratic.

The UN Office of Counter-Terrorism (UNOCT) describes the Countering Terrorist Travel Programme (CTTP) as “a flagship global initiative.” It aims to support UN member states in implementing UN Security Council resolutions on travel surveillance and passenger profiling. This is done primarily through “legislative, operational, transport industry engagement” support, and “technology.”¹ The technology in question is goTravel, software that was developed by the Dutch authorities for processing API and PNR data, and which was donated to the UN.

The 2024 report for the CTTP says that 83 UN member states have become “partners” since it was launched, with 62 of those receiving “comprehensive technical assistance.” That assistance can include:

1) provision of legislative assistance [support in drafting national legislation],

2) operational enhancement through building PIUs [Passenger Information Units] and other capacity-building support,

3) transport industry support through carrier [airline] engagement, and

4) technical support and expertise in software solutions, primarily goTravel and interoperability with national and international databases and watchlists, including those of INTERPOL.

According to the UNOCT, goTravel, “supports the end-to-end process for law enforcement to obtain passenger data from (airline) carriers and conduct targeted analysis as well as share the findings of their data assessment.”² In short: it enables the surveillance and profiling of passengers and the sharing of that information with other agencies and states.

UNOCT also says “artificial intelligence” capabilities “might be engineered in the next generation of goTravel,” mirroring a claim about separate software it provides for analysing financial transactions. ³ In 2021, the UN filed a request for personal data held by member states, so that it could use it to train machine learning (ML) and artificial intelligence (AI) systems for its travel and financial analysis software.[4] As noted in the official request:

The UN does not have any mandate to access data handled by government administrations managing passenger data or financial data. Still, to ensure that the ML and AI intelligence algorithms work and learn from the data that the countries own, they need to access this data.

It is unknown whether this request was successful, but UNOCT is adamant that it will “double down on advancing technology-driven solutions and behavioural insights to enhance counter-terrorism efforts.”⁵ There is also a plan in the works for the CTTP to support the “effective integration of maritime API / PNR data,” though there is a recognition that this is “several years away” and requires “a comprehensive sustainability strategy.”⁶

The “solutions” offered through the CTTP are premised on new technologies, for which there is no evidence of effectiveness. In October 2023, Fionnuala Ní Aoláin, a former Special Rapporteur on the Promotion and Protection of Human Rights while Countering Terrorism, called on the UN to pause the CTTP and conduct an urgent review of its human rights implications. She noted that

…goTravel software is an experimental software program which… has never been subject to formal review in respect of its accuracy rate in identifying named individuals, much less the accuracy of its use in any risk-based profiling system. ⁷

Ní Aoláin highlighted that global deployment of these systems will affect “billions of air travellers every year,” yet “even a miniscule error rate of a tenth of one percent would mean millions of false positives/negatives.” ⁸

However, numbers that have been published by UNOCT appear to show rather a different problem: its deployment requires privacy violations on a gargantuan scale. According to UNOCT, 28.5 million passengers on 178,000 flights have been “screened” using goTravel, leading to the generation of 2,300 “alerts” (the report does not say which time period these figures cover). This equates to a hit rate of just 0.008%. The effective hit rate is likely to be even lower, once false positives are taken into account. ⁹ In 2020, the German government admitted that its PNR system had a hit rate of 0.1%, a number that almost looks impressive compared to those the UNOCT cites for goTravel.

What these numbers show is that the overwhelming majority of people subjected to automated screening and profiling have sensitive personal data transmitted to the police, processed by them and stored – possibly for years at a time – for no good reason. With regard to goTravel, this concerns 99.992% of people who have had their data processed through the software – equivalent to 28,497,720 passengers.

Where statistics fail, states often fall back on anecdotes about terrorists and serious criminals to justify intrusive data collection measures. ¹⁰ The UNOCT report does not make any such attempt, but does note: “With seven countries expected to be fully operational in 2025, passenger screenings are projected to surpass 50 million.” Based on the hit rate that can be calculated from the 2024 report, this would lead to 4,000 alerts. Is the substantial investment of money, time and effort required to establish the infrastructure needed to generate those alerts really of public benefit?

This extreme lack of proportionality is accompanied by serious concerns over some of the states that are partners of the CTTP. Ní Aoláin highlighted that “there are a number of States with extremely concerning records of systematic human rights abuse” that have benefited from the Counter Terrorist Travel programme, and condemns “the provision of powerful data monitoring tools to regimes with histories of such violations.” ¹¹

Azerbaijan is one beneficiary of the CTTP, and airports are a key point of control for the authoritarian state. Political refugees deported from Germany have been arrested on arrival ¹² and a Nobel nominee was prevented from leaving the country to attend an Italian literary festival.¹³ The country has also been accused of committing genocide against the Armenian population in its territory.

Other partner states have human rights records ranging from dubious to appalling: Kenya, Nigeria, the Philippines and Sri Lanka are all beneficiaries of the CTTP. Hungary is well-known in Europe for its ongoing rejection of democratic norms and practices. The country hosts a UNOCT office and is a “strategic partner” of the CTTP, meaning that it will “leverage respective expertise, and share best practices, challenges, lessons learned and recommendations” on API and PNR with the UNOCT.¹⁴ Despite the risks, the CTTP “cannot enforce” commitments set out in memoranda of understanding on member states, with the programme’s mid-term evaluation noting that “many external factors (e.g., political change, economic downturn) will impact upon the likelihood of the [member state] adhering to those commitments.” ¹⁵

“Human rights is a core aspect of the programme,” the official evaluation states. However, it goes on to say that this involves “a focus on the right to privacy and the protection of personal data.” Divorcing these two rights from their broader political context is perhaps what makes it possible for the UN to hand over powerful tools for the surveillance and tracking of movement to dictatorships. The evaluation has nothing to say about freedom of assembly, association, speech to leave one’s country, or multiple other rights that may be infringed or violated with the assistance of travel surveillance systems. As Ní Aoláin remarked, “rigorous analysis of human rights concerns cannot have been conducted, or, if conducted, cannot have been afforded sufficient weight.” ¹⁶

The World Customs Organisation (WCO) describes itself as “an independent intergovernmental body whose mission is to enhance the effectiveness and efficiency of Customs administrations.” It has 186 member states “that collectively process 98% of world trade.” Ostensibly concerned with the enforcement of international trade rules and facilitation of international trade, it has also come to play a role in global counter-terrorism policy.¹

As noted above, this includes playing a key part in the development and updating of international travel data rules and standards. However, as well as propelling the development of a global legal infrastructure, the WCO also provides digital infrastructure to states, in the form of the Global Travel Assessment System (GTAS).

GTAS was initially developed by the USA’s Customs and Border Protection agency, which says the software “rapidly compares passenger and cargo manifests against data bases and other records for clues that could reveal a high-risk traveler, such as a foreign terrorist.” This includes integration with Interpol’s databases.² It can be used for the assessment and screening of both air and maritime passengers. Private companies have also contributed to the software’s development. In 2016 the CBP announced a partnership with Tamr, “a Cambridge, Massachusetts-based startup with expertise in large-scale data analytics and machine learning algorithms,” intended to enhance the system.³

The USA provides multiple states with similar software, known as the Automated Targeting System – Global, or ATS-G, on a bilateral basis. However: “Political or legal roadblocks regarding sovereignty prevent some nations from freely collaborating with the U.S.,” according to CBP. ⁴ The agency thus created GTAS, which “permits foreign countries to independently perform vetting activities without the collaboration involved with ATS-G,”⁵ and donated it to the WCO.

GTAS It is apparently currently used in the Maldives, Pakistan, Uganda, Bermuda and Cambodia. The WCO’s Security Programme provides “Project Leadership,” with the CBP apparently acting as the “Technical Team.” ⁶ The software is open source – that is, anyone can examine the source code, or download and install the system to see how it works.

Box 2: API data requirements⁷

Air travel

2. The API data shall consist only of the following data relating to each passenger and crew member on the flight:

(a) the surname (family name), first name or names (given names);

(b) the date of birth, sex and nationality;

(c) the type and number of the travel document and the three-letter code of the issuing country of the travel document;

(d) the date of expiry of the validity of the travel document;

(e) the number identifying a passenger name record used by an air carrier to locate a passenger within its information system (PNR record locator);

(f) the seating information corresponding to the seat in the aircraft assigned to a passenger, where such information is available;

(g) the baggage tag number or numbers and the number and weight of checked bags, where such information is available;

(h) a code indicating the method used to capture and validate the data referred to in points (a) to (d).

3. The API data shall also consist only of the following flight information relating to the flight of each passenger and crew member:

(a) the flight identification number or, where the flight is code-shared between air carriers, the flight identification numbers, or, if no such number exists, other clear and suitable means to identify the flight;

(b) where applicable, the border crossing point of entry into the territory of the Member State;

(c) the code of the airport of arrival or, where the flight is planned to land in one or several airports within the territories of one or more Member States to which this Regulation applies, the codes of the airports of call on the territories of the Member States concerned;

(d) the code of the airport of departure of the flight;

(e) the code of the airport of the initial point of embarkation, where available;

(f) the local date and time of departure;

(g) the local date and time of arrival;

(h) the contact details of the air carrier;

(i) the format used for the transfer of API data.

Maritime API requirements ⁸

Arrival/departure code: A code in the message to show whether the information is submitted for the ship arrival or departure.

Authenticator family name: The family name of the person attesting to the validity of the transmitted information.

Authenticator party identification number: An identifying number, such as an agent identifier, of the party attesting to the validity of the transmitted information.

Crewmember rank or rating name: The description of the referenced crewmember’s rank or rating on the ship.

Crewmember rank or rating, coded: A code representing the referenced crewmember’s rank or rating on the ship.

Date and time of arrival – estimated: The date and time the ship is estimated to arrive at a specified location, ETA.

Date and time of departure – estimated: The date and time the ship is estimated to depart from a specified location, ETD.

Next port of call, coded: The port immediately subsequent to the port of departure.

Next port of call name: The name and country of the port immediately subsequent to the port of departure.

Person in transit indicator: A “yes/no” indicator of whether the referenced person is in transit to a foreign country.

Person port of embarkation, coded: The code representing the port from which the referenced person embarked the ship.

Person port of disembarkation name: The name of the port from which referenced person plans to disembark.

Person port of disembarkation, coded: The code representing the port from which the referenced person plans to disembark the ship.

Person port of embarkation name: The name of the port from which referenced person embarked.

Person visa number: The number assigned to the referenced person’s visa by the issuing nation.

Person date of birth: The referenced person’s date of birth as shown on the person’s identity document.

Person family name: The family name of the referenced person.

Person gender, coded: A code representing the gender of the referenced person.

Person given name: The given name of the referenced person.

Person identity or travel document expiry date: The expiry date shown on the referenced person’s identity document.

Person identity or travel document number: The number assigned to the referenced person’s identity or travel document by the issuing nation.

Person identity or travel document type, coded: A code representing the type of the referenced person’s presented identity or travel document.

Person nationality, coded: A code representing the nationality of the referenced person as shown on the person’s identity or travel document.

Person place of birth name: The name of the referenced person’s place of birth as shown on the person’s identity or travel document.

Person type, coded: A code representing the type of a person onboard the ship, such as master, crew member or passenger.

Port of arrival, coded: A code representing the port where the ship arrives.

Port of arrival name: The name and country of the port where the ship arrives.

Port of departure, coded: The code representing the port from which the ship departs.

Port of departure name: A name and country of the port from which the ship departs.

Authenticator role, coded: A code providing the role of the person attesting to the validity of the transmitted information.

Ship call sign: The ship’s identification used primarily for radio communications.

Ship flag State, coded: A code representing the nationality of the ship shown on its IMO ship’s certificate.

Ship IMO number: The ship identification number shown on its IMO ship’s certificate.

Ship name: The ship’s name shown on the IMO ship’s certificates.

Location in port: The name of the berth, terminal or station where the ship is located in the referenced port.

Voyage number: An operator-assigned reference code for the ship’s voyage.

Vehicle identification number (VIN): The alphanumeric identifier assigned by the manufacturer to identify a vehicle e.g. for tracking purposes.

Person embarkation date and time – actual: The actual date and time when the person embarked the ship by invitation or boarded without invitation.

Person home address street and number: The street and number of the referenced person’s home address.

Person home address postcode: An alphanumerical code representing the postal area of the referenced person’s home address.

Person home address city: The city address of the referenced person’s home address.

Person home address country sub-division name: The country sub-division of the referenced person’s home address.

Person home address country, coded: A code representing the country of the referenced person’s home address.

Person identity or travel document issue date: The issue date shown on the referenced person’s identity document.

Ship MMSI number: The unique radio identification number (ship station identity).

Authenticator, country coded: A code representing the country address of the referenced authenticator.

Authenticator Street and number : The street and number of the referenced authenticator.

Authenticator city: The city of the referenced authenticator.

Authenticator postcode: An alphanumerical code representing the postal area of the referenced  authenticator.

Authenticator email: The email address for the referenced agent at port.

Authenticator landline number: The landline telephone number for the referenced agent at port.

Authenticator mobile number: The mobile number for the referenced agent at port.

Date and time of arrival at next port of call – estimated: The date and time the ship is estimated to arrive at the next port of call.

Person onboard indicator: A “yes/no” indicator whether the reported person is onboard at the time of reporting.

Person visa issue date: The date when the referenced person’s visa was issued.

Person visa issue location, name: The name of the location where the referenced person’s visa was issued.

Person port of disembarkation date and time – planned: Date and time when the referenced person plans to disembark the ship.

Person landline number: The landline telephone number for the referenced person.

Person mobile number: The mobile number for the referenced person.

Person email: The email address for the referenced person.

Cabin number: The number of the cabin or room onboard.

Unique travelling booking number: Unique number to identify a specific booking related to one or more passengers.

Unique passenger reference number: Passenger’s Unique Reference Number (UNR) in relation to the travel booking.

Person home address P.O. Box: The post office box of the referenced person’s home address.

Authenticator P.O. Box: The post office box of the referenced authenticator.

Authenticator given name: The given name of the person attesting to the validity of the transmitted information.

Crewmember performing work ashore indicator: A “yes/no” indicator whether the referenced crewmember performs work ashore.

Vehicle carried onboard remarks: Additional remarks on the description of the vehicle carried onboard, in addition to make, model and license plate.

Vehicle model: The model of the vehicle.

Vehicle make: The make or brand of the vehicle.

Vehicle license plate number: The license plate number of the vehicle.

Vehicle country of registration: The country of registration of the vehicle.

Vehicle length: The length of the vehicle.

Vehicle height: The height of the vehicle.

Person embarkation date and time – planned: The date and time when the person plans to embark the ship by invitation.

Box 3: PNR data requirements

Air travel ⁹

1. PNR record locator
2. Date of reservation/issue of ticket
3. Date(s) of intended travel
4. Name(s)
5. Address and contact information (telephone number, e-mail address)
6. All forms of payment information, including billing address
7. Complete travel itinerary for specific PNR
8. Frequent flyer information
9. Travel agency/travel agent
10. Travel status of passenger, including confirmations, check-in status, no-show or go-show information
11. Split/divided PNR information
12. General remarks (including all available information on unaccompanied minors under 18 years, such as name and gender of the minor, age, language(s) spoken, name and contact details of guardian on departure and relationship to the minor, name and contact details of guardian on arrival and relationship to the minor, departure and arrival agent)
13. Ticketing field information, including ticket number, date of ticket issuance and one-way tickets, automated ticket fare quote fields
14. Seat number and other seat information
15. Code share information
16. All baggage information
17. Number and other names of travellers on the PNR
18. Any advance passenger information (API) data collected (including the type, number, country of issuance and expiry date of any identity document, nationality, family name, given name, gender, date of birth, airline, flight number, departure date, arrival date, departure port, arrival port, departure time and arrival time)
19. All historical changes to the PNR listed in numbers 1 to 18.

Maritime travel ¹⁰

Submitter: Details related to the submitter of written or electronic documentation.

Submitter name: Name of the party who presents a document or data for the approval, consideration, or decision of another.

Role code: Code specifying the role of a party.

Contact: Details related to contact information of a department or employee.

Department or employee contact name: Name of a department or employee.

Communication: Details related to communication including number and number type.

Communication identifier: Identification of the communication address.

Communication number type code: Code specifying the type of communication address.

BorderTransportMeans: Details related to the means of transport crossing the border of the Customs territory.

Crossing the border transport means name: Name to identify the means of transport used for the carriage of the goods in crossing the border.

Transport means crossing the border identifier: Identification of the means of transport used in crossing the border.

Type of means of transport crossing the border code: Code specifying type of means of transport used for the carriage of the goods in crossing the border.

Conveyance identifier: Identification of the journey of a means of transport, for example voyage number, flight number, trip number.

ArrivalLocation: Details related to the first arrival location.

Arrival port name: Name of the arrival location. This would be a port for sea, airport for air and border post for land crossing.

Port of arrival identifier: Identification of the arrival location. This would be a port for sea, airport for air and border post for land crossing.

Estimated/actual indicator: Indicator to differentiate between estimated and actual information (e.g. estimated and actual offices of entry or estimated and actual date of arrival).

First port of arrival in customs territory date/time: Date and time of arrival (actual or scheduled) of the means of transport at the first port (e.g. seaport, airport, freight terminal, rail station).

DepartureLocation: Details related to departure location.

Departure location name: Name of the departure location.

Departure location identifier: Identification of the place of departure of the goods.

Departure date/time: Date and time of departure of the means of transport.

Estimated/actual indicator: Indicator to differentiate between estimated and actual information (e.g. estimated and actual offices of entry or estimated and actual date of arrival).

Itinerary: Details related to the itinerary of the means of transport.

Itinerary location name: Name of a single port of call or other location in the itinerary of a means of transport.

Itinerary location identifier: Identification of a single port of call or other location of the itinerary of a means of transport.

Sequence number: Number indicating the position in a sequence.

Itinerary arrival date/time: Date and time of arrival at itinerary port of the means of transport.

Itinerary departure date/time: Date and time of departure at itinerary port of the means of transport.

Itinerary location type code: Code specifying the type of the itinerary location.

Reservation: Details related to a reservation (e.g. seat number).

Booking date/time: Date and time of the booking.

PNR identifier: Identification of the passenger by Passenger Name Record Locator Number (or unique identifier).

Seat or berth identifier: Identification of an assigned seat or berth.

Travel group name: Name of the travelling group.

Cabin: Details related to the cabin.

Sequence number: Number indicating the position in a sequence.

Cabin identifier: Identification of the specific cabin or room on board.

Cabin type identifier: Identification of the type of cabin or room on board.

DisembarkationLocation: Details related to the disembarkation location.

Disembarkation location name: Name of a port or location of disembarkation.

Disembarkation location identifier: Identification of a port or location of disembarkation.

Disembarkation date/time: Date and time of disembarkation of a person on board.

EmbarkationLocation: Details related to the embarkation location.

Embarkation location name: Name of a port or location of embarkation.

Embarkation location identifier: Identification of a port or location of embarkation.

Embarkation date/time: Date and time of embarkation of a person on board.

Itinerary: Details related to the itinerary of the means of transport.

Itinerary location name: Name of a single port of call or other location in the itinerary of a means of transport.

Itinerary location identifier: Identification of a single port of call or other location of the itinerary of a means of transport.

Sequence number: Number indicating the position in a sequence.

Itinerary arrival date/time: Date and time of arrival at itinerary port of the means of transport.

Itinerary departure date/time: Date and time of departure at itinerary port of the means of transport.

Itinerary location type code: Code specifying the type of the itinerary location.

Payment: Details related to payment details.

Payment type code: Code specifying the type of payment.

Duty/tax payment method code: Code specifying a method of payment.

Payment amount: Amount actually paid, or to be paid.

Address: Details related to an address.

City name: Name of a city.

Country code: Code specifying the name of the country or other geographical entity as specified in ISO 3166 and UN/ECE Rec 3.

Street and number/P.O. box: Specification of the postal delivery point such as street and number or post office box.

Postcode identifier: Identification of the postal zone or address.

FinancialCard: Details related to the financial card.

Financial card expiration date/time: Date and time of expiry up to which this financial card is valid.

Financial card holder name: “Name of the cardholder as it appears on this financial card.

This may include both an individual authorized to use the card as well as the organization that owns the card.”

Financial card identifier: Identification of the financial card.

PersonOnBoard: Details related to the person on board of a transport means.

Person on board identifier: Identification of the person on board.

Sequence number: Number indicating the position in a sequence.

AdditionalInformation: Details related to the special request from declarant to government to take or not to take action.

Sequence number: Number indicating the position in a sequence.

Additional statement description: Description of an additional statement.

Additional statement type code: Code specifying the subject of the additional statement.

Address: Details related to an address.

City name: Name of a city.

Country code: Code specifying the name of the country or other geographical entity as specified in ISO 3166 and UN/ECE Rec 3.

Street and number/P.O. box: Specification of the postal delivery point such as street and number or post office box.

Postcode identifier: Identification of the postal zone or address.

Communication: Details related to communication including number and number type.

Communication identifier: Identification of the communication address.

Communication number type code: Code specifying the type of communication address.

ConnectionTransportMeans: Details related to the means of transport the traveler uses to join or leave the primary means of transport.

Connection transport means name: Name to identify the means of transport used for connection.

Mode of connection transport means code: Code specifying the mode of transport used for connection.

Sequence number: Number indicating the position in a sequence.

Booking reference identifier: Identification of the booking or reservation.

Travel class code: Code specifying the class of travel.

Transport means direction code: Code specifying the direction of the transport means i.e. Inbound, Outbound.

ArrivalLocation: Details related to the first arrival location.

Arrival port name: Name of the arrival location. This would be a port for sea, airport for air and border post for land crossing.

Port of arrival identifier: Identification of the arrival location. This would be a port for sea, airport for air and border post for land crossing.

First port of arrival in customs territory date/time: Date and time of arrival (actual or scheduled) of the means of transport at the first port (e.g. seaport, airport, freight terminal, rail station).

DepartureLocation: Details related to departure location.

Departure location name: Name of the departure location.

Departure location identifier: Identification of the place of departure of the goods.

Departure date/time: Date and time of departure of the means of transport.

LoyaltyProgram: Details related to the loyalty program.

Entitlements description: Description of the entitlements available.

Loyalty program identifier: Identification of the loyalty program.

Redemptions description: Description of the redemptions.

Loyalty program status description: Description of the membership status of the loyalty program.

PersonData: Details related to the person.

Family name: Family name of a person as mentioned in an official document.

Given name: Given name of a person as mentioned in an official document.

Nationality code: Code specifying the nationality of a person.

Birth date/time: Date and time an individual was born.

Birth location name: Name of the location where a person is or was born.

Gender code: Code specifying the gender of a person.

Ticket: Details related to the ticket.

Ticket reference identifier: Identification of the ticket.

Fare type description: Description of the applicable fare type.

TravelDocument: Details related to the travel document (e.g. passport).

Document expiration date/time: Date and time of expiration of the document (e.g. license, visa, permit, certificate, bond).

Travel document identifier: Identification of the travel document by number.

Travel document issue date/time: Date and time the travel document was issued.

Travel document issuing country or political entity identifier: Identification of the country or political entity issuing the travel document.

Travel document issuing country or political entity: Country or political entity issuing the travel document.

Travel document issuer identifier: Identification of the party having issued the travel document.

Travel document type code: Code specifying the name of a travel document.

Requested validity period quantity: Quantity specifying the requested validity expressed in days (i.e., it will be a number of days indicated in the data field and not a period expressed as “from ? until ?”).

TotalPersons: Details related to the total number of persons (e.g. passengers, crew).

Total number of persons: Quantity specifying the total number of persons (passengers and crew, including the captain/master) on board of a means of transport.

TravelAgency: Details related to the travel agency.

Travel agency name: Name of the travel agency that made the booking or reservation.

Travel agency identifier: Identification of the travel agency.

Role code: Code specifying the role of a party.

Address: Details related to an address.

City name: Name of a city.

Country code: Code specifying the name of the country or other geographical entity as specified in ISO 3166 and UN/ECE Rec 3.

Street and number/P.O. box: Specification of the postal delivery point such as street and number or post office box.

Postcode identifier: Identification of the postal zone or address.

Contact: Details related to contact information of a department or employee.

Department or employee contact name: Name of a department or employee.

Communication: Details related to communication including number and number type.

Communication identifier: Identification of the communication address.

Communication number type code: Code specifying the type of communication address.

Carrier: Details related to the party undertaking or arranging transport of goods between named points.

Carrier name: Name of the party providing the transport of goods between named points.