Entry Exit System (EES)

EES affects you if you are a not a citizen of an EU country, or Iceland, Liechtenstein, Norway, or Switzerland. EES is used regardless of whether you require a short-stay visa to travel to the European countries that use EES or if you do not require a visa at all. A short-stay is a period of up to 90 days within a 180-day period, whether you are visiting one or several countries within the EES-area.

The purpose of EES is to:

• modernise and streamline border controls,
• gradually improve travellers’ experience,
• prevent identity fraud by collecting biometric data,
• enhance security within the EU,
• prevent terrorism and serious organised crime by serving as a tool for identity verification.

For most non-EU citizens, EES may also:

• provide information on the maximum permitted length of stay within the EES-area,
• replace the need to stamp passports unless exceptions apply,
• gradually reduce waiting times in queues for passport control.

Personal data is stored in a central database

Each time you arrive at the external borders of the countries using EES, you will need to provide your personal data. The system collects, processes, and stores:

• information contained in your travel documents, such as full name, date of birth, etc.,
• the date and place of each entry and exit,
• biometric data, including a facial image and fingerprints,
• information on whether you have been refused entry.

Based on your collected biometric data, biometric templates will be created and stored in the system’s shared biometric matching service. If you refuse to provide your biometric data, you will be denied entry to the area covered by the EES.

If you hold a short-stay visa for entry into the Schengen Area, your fingerprints will already be stored in the Visa Information System (VIS) and will not be stored again in EES.

The Visa Information System (VIS)

Depending on your specific situation, the system may also collect your personal data from:

• VIS, which contains supplementary personal data,
• the European Travel Information and Authorisation System (ETIAS), specifically the status of your ETIAS travel authorisation and whether you are a family member of an EU citizen. This system is expected to be launched in 2026.

Rights of a data subject

As a registered individual, you have the right to know what data is stored in the EES about you. You also have the right to request that any incorrect data be corrected, erased, or restricted. To exercise these rights, you should first contact the supervisory authority in the country where you believe incorrect data about you have been registered.

You may contact the European Data Protection Supervisor (EDPS) if you are not satisfied with how the following European authorities have processed your personal data:

• Frontex: the European Border and Coast Guard Agency, which hosts the central unit operating ETIAS (relevant for non-EU citizens exempt from visa requirements),
• eu-LISA: the European Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice,
• Europol: the EU Agency for Law Enforcement Cooperation, which works to make Europe safer for the benefit of all citizens.

EDPS and national data protection authorities carry out supervision

Since EES is used by both national competent authorities and competent EU authorities, supervision of data processing in EES is carried out by both the EDPS and independent national supervisory authorities in each participating country. In Sweden, the Swedish Authority for Privacy Protection (IMY) is the supervisory authority.

The system will be introduced gradually across the EU. Member States have the option to implement the EES in stages until 10 April 2026, after which the system will be fully operational throughout the EU. During this period, travellers’ biometric data may be collected at some border crossings but not others. Passports will continue to be stamped as before.