Introducing the Role of Biometrics in the New EU Entry-Exit-System
Finally, the time has come: the Entry-Exit-System (EES) of the European Union will go into operation in 2022. It's been a long time coming. Beginning in 2008 with a European Commission paper on Next Steps in Border Management in the EU, it was followed by proposals on "Smart Borders" in 2013. Pilot tests were initiated in various EU states in 2015 and regulations were submitted to the European Commission regarding the establishment of an entry-exit system in 2016.
The EES will collect biometric data of every third country national upon entry and exit to/from the Schengen area. This not only serves to accelerate travel flow with automated processing, but it also helps to improve several aspects of border identity verification and security by identifying overstayers or persons subject to visa requirements who have not left the Schengen area before their visa has expired. In addition, the new process will abolish passport entry stamp requirements.
Persons from non-EU countries, regardless of whether they are exempt from visa requirements, must provide the following data:
- Biometric facial photo
- Photographs of four fingers of the right or left hand
- Passport data, such as passport number, issuing country or expiration date
- Personal data, such as name, date of birth or nationality
The introduction of the EES is not the only upcoming change for EU border security and information systems. In parallel to EES, other projects and their interoperability, as well as the technical prerequisites in the respective member-states, have been pushed forward with a plan to go live either together with the EES or by the end of 2023.
In conjunction, the European Travel Information Authorisation System (ETIAS) will come into force, which, like the ESTA procedure for travel to the USA, will record data from travellers from visa-exempt countries and thus identify possible risks and threats.
In order to exchange data with the existing systems of the EU border management, organizations such as the Visa Information System (VIS), the Schengen Information System (SIS), the European Asylum Dactyloscopy Database (Eurodac) and the European Criminal Records Information System for Third Country Nationals (ECRIS-TCN) will also have to interface with external systems like the databases of Europol and Interpol. The topic of interoperability was a major point of discussion at an early-stage meeting under the leadership of the European Union Agency for the operational management of large-scale IT systems in the areas of freedom, security and justice (eu-LISA), as the operator of the aforementioned databases.
To facilitate queries to the above systems, a single-search interface — now called the European Search Portal (ESP) — is planned. It will allow simultaneous, parallel queries of all relevant EU information systems, as well as Europol data and Interpol databases (EU 2019/818 (13)). The ESP is also complemented by a shared Biometric Matching Service (sBMS), a Common Identity Repository (CIR) as well as a Multiple-Identity Detector (MID) and a Central Repository for Reports and Statistics (CRRS).
For the purpose of data exchange, a new message format (Universal Message Format - UMF) has been defined to standardize queries and results and to access a common data vocabulary. A National Uniform Interface (NUI) is provided to all the EU member states for this purpose.
Other systems used by EU member states, such as the Prüm Framework, the Passenger Name Record (PNR) system or actions legitimized by the Advance Passenger Information Directive (2004/82/EC), are not part of the current initiative, but could be partially or fully added at a later stage.
Figure 1 (from EC 2017/0351 COD. or according to EU 2019/817) illustrates the structure of the new information services on the central as well as the national side.
While the tasks of the central services are coordinated by eu-LISA, further work is necessary on the side of each EU member-state to integrate these services and to not only update their existing technical infrastructure and processes, but also their legal requirements. Not only do these national systems have to be connected to the central services, but it is also necessary to establish processes to monitor and enforce the different access rights of the national authorities.
With regards to biometric capture, additional requirements must also be met to balance an ever-increasing number of travellers with high-quality biometric capture. Therefore, the focus should be on the support of relevant standards and specifications such as fingerprint image quality checks according to NFIQ2, Presentation Attack Detection (PAD) according to ISO 30107 or equipment and workflows according to BSI TR-03121.
In general, the EES will definitely change the EU border management landscape and its data exchange infrastructure. And although a lot of work has already been done — several member states have already issued and granted tenders in the EES context, and border pilots have been planned and installed — there is clearly more work to be done in 2021 and beyond.
With more than 15 years of experience in biometrics, Axel Görlich is a Senior Solutions Engineer within the Public Sector Biometric unit HID Global. He supports government organizations and commercial enterprises with biometric solution design and implementation strategies as well as identity management technology deployments. As the lead for Crossmatch’s EU Smart Borders Pilot efforts in 2015, Mr. Görlich managed several projects focused on mobile biometric capture and identification.