The European Union has issued an important advisory for non-EU nationals planning to visit member states, outlining new data collection requirements at border entry points.
The European Union issued a short statement in Kenya on Monday, September 29, informing travelers about the Entry/Exit System (EES), which collects and stores personal information from visitors crossing the external borders of European countries.
Under the EES framework, non-EU nationals must provide personal data each time they reach the external borders of participating European countries.
The system collects information listed in travel documents, including full name and date of birth, dates and places of each entry and exit, and biometric data comprising facial images and fingerprints.
“Important update for non-EU nationals travelling for a short stay to 29 European countries! As of 12 October 2025, the Entry/Exit System will gradually record; data from the travel document, travel dates, biometric data,” EU in Kenya wrote.
Border authorities will also record whether a traveler was refused entry. Based on the collected biometric data, templates will be created and stored in the shared Biometric Matching Service.
Travelers holding short-stay visas to enter the Schengen area will have their fingerprints already stored in the Visa Information System and will not need to provide them again for the EES.
The system also interfaces with the European Travel Information and Authorisation System (ETIAS), particularly checking the status of travel authorizations and whether applicants are family members of EU nationals.
According to the advisory, personal data is collected to improve the efficiency of external border management, prevent irregular immigration, facilitate the management of migration flows, and identify travelers who have no right to enter or who have exceeded their permitted stay.
The system also aims to identify individuals using fake identities or passports and help prevent, detect, and investigate terrorist offenses and other serious crimes.
The advisory clearly states that refusing to provide biometric data will result in the denial of entry into the territory of European countries using the EES.
Border, visa, and immigration authorities in European countries using the EES can access the data to verify identity and determine whether travelers should be allowed entry or continued stay. Law enforcement authorities and Europol may also access the information for law enforcement purposes.
The system retains different categories of data for varying periods. Records of entries, exits, and refusals of entry are kept for three years from the date of creation, while individual files containing personal data are stored for three years and one day from the date of the last exit or refusal of entry.
Non-EU nationals have the right to request access to their data, request correction of inaccurate or incomplete information, and request erasure of unlawfully processed personal data. To exercise these rights, travelers must contact data controllers or data protection officers in the European countries they visited.
The advisory warns that overstaying permitted durations can result in consequences, depending on national legislation in the respective European country, including removal from the territory, administrative fines, detention, or prevention from re-entering the EU in the future.
However, travelers who can provide credible evidence of exceeding authorized stay due to unforeseeable circumstances, such as hospitalization, may have their data amended in the system.
