What is the Entry/Exit System?
The Entry/Exit System (EES) is a European information system that will automate the process of registering data on third-country nationals entering and leaving the Schengen area. It will record information such as the date and place of the border crossing, as well as refusals of access to the Schengen area. The aim of the EES is to make it easier and more effective to control the movement of people across borders by helping to combat illegal immigration and crime. The EES promotes real-time information sharing by ensuring that border control authorities across the EU have the right information at the right time.
To whom the EES does not apply?
Pursuant to Article 2(3) of Regulation (EU) 2017/2226, the EES does not apply to:
- third–country nationals who are members of the family of a Union citizen to whom Directive 2004/38/EC applies and who hold a residence card pursuant to that Directive, whether or not they accompany or join that Union citizen;
- third-country nationals who are members of the family of a national of a third country, whether or not they accompany or join that national of a third country, where:
- that national of a third country enjoys the right of free movement equivalent to that of Union citizens under an agreement between the Union and its Member States, on the one hand, and a third country, on the other; and
- those third-country nationals hold a residence card pursuant to Directive 2004/38/EC or a residence permit pursuant to Regulation (EC) No 1030/2002;
- holders of residence permits referred to in point 16 of Article 2 of Regulation (EU) 2016/399 other than those referred to in points (a) and (b) of this paragraph;
- third-country nationals exercising their right to mobility in accordance with Directive 2014/66/EU of the European Parliament and of the Council or Directive (EU) 2016/801 of the European Parliament and of the Council;
- holders of long-stay visas;
- nationals of Andorra, Monaco and San Marino and holders of a passport issued by the Vatican City State;
- persons or categories of persons exempt from border checks or benefiting from specific rules in relation to border checks as referred to in point (g) of Article 6a(3) of Regulation (EU) 2016/399;
- persons or categories of persons referred to in points (h), (i), (j) and (k) of Article 6a(3) of Regulation (EU) 2016/399.
What data is collected and processed in connection with the EES?
From a data protection perspective, the EES places a strong emphasis on transparency and security. The personal data to be collected and stored in the system includes biometric data such as fingerprints and facial image, as well as passport and visa data. In particular, the EES would collect, record and store:
- data contained in travel documents (e.g. full name, date of birth, etc.);
- date and place of each entry and exit;
- facial image and fingerprints (‘biometric data’);
- information on whether access has been refused.
Based on the data collected, the biometric templates will be created and stored in the shared biometric matching service. In case of refusal to provide biometric data, access to the territory of European countries using the EES will be refused.
Personal data will be collected and processed in accordance with Regulation (EU) 2016/679, access to which will be strictly controlled and granted only to authorised authorities. The duration of data storage will be limited. One of the core principles of the EES is data minimisation – only those data that are necessary to achieve the objectives of the system will be collected. Strong safeguards are in place to effectively protect personal data, namely:
- as a non-EU national to whom the EES applies, you have the right to request access to your data or to request rectification, completion or erasure of data relating to you in the EES;
- The EES is supervised both by the European Data Protection Supervisor (EDPS) and by independent national supervisory authorities in each participating country;
- The EES shall be developed in accordance with the principles of data protection by design and by default;
- compliance with fundamental rights and data protection rules requires that technology and information systems are well designed and properly used.
In addition, data subjects will have the right to access their personal data, as well as to correct or delete incorrectly recorded information. In order to exercise these rights, it is necessary for the data subject to contact a data controller (e.g. the entity responsible for processing your data) or a data protection officer in each of the European countries using the EES (preferably the countries to which the data subject has travelled). The contact details of the national supervisory and data protection authorities in European countries using the EES will be published on the following website once the EES is operational.
How can you make a complaint about your data?
The data subject may lodge a complaint with:
- a supervisory authorityof the European country using the EES responsible for processing your data (e.g. if you believe that the country has recorded your data incorrectly);
- the EDPS in matters relating to the processing of data by European agencies.
More information on the EES can be found on the following page.
Last updated: 30.01.2025