Brussels, 29 June 2006
New, secure biometric passports in the EU, strengthen security and data protection and facilitates travelling
The European Commission adopted on 28 June 2006 the second part of the technical specifications required for the introduction of biometric identifiers (fingerprints) into the passport and other travel documents issued by Member States following Council Regulation (EC) 2252/2004 on the introduction of common security standards and biometrics into passports and other travel documents issued by Member States.
Vice-President Franco Frattini, Commissioner responsible for freedom, security and justice, declared that "this is a key step forward to render passports of EU citizens more secure and reliable. I am particularly proud”, the Vice-President continued “that the EU is among the first in the world issuing passports requirements with a high level of protection against unauthorised access by providing "Extended Access Control", whilst at the same time complying with the recommendations of the International Civil Aviation Organisation (ICAO) in order to ensure interoperability”
The harmonised introduction of biometric identifiers in passports of EU citizens will also ensure that the identity of the holder can be easily established and will protect against identity fraud.
As it is not possible for legal reasons to harmonise the passport format, the Commission has set out with Regulation (EC) 2252/2004 common security standards including biometric identifiers.
Regulation (EC) 2252/2004 gives the mandate to the Commission assisted by a committee composed of experts of Member States (Article 6 committee) to establish the technical specifications necessary for the implementation of the introduction of biometrics into passports and other documents issued by Member States with a validity of more than 12 months. ID cards do not fall under the scope of this Regulation.
The Commission adopted on 28 February 2005 the first part of the technical specifications which relate to the storage of the facial image of the holder on a contactless chip in the passport. The protection of this image is ensured by "Basic Access Control" which needs the reading of the machine readable zone in the passport for opening the chip. This Commission decision triggered the implementation time frame so that all Member States have to implement the facial image requirement at the latest on 28th August 2006. As a consequence all Member States will also fulfil the US requirements for the Visa Waiver countries to issue biometrically enabled passports by October 2006.
EU citizens holding a passport issued by a visa waiver country after the 28 August 2006 can therefore continue to travel without a visa to the US.
The Commission decision of 28 June 2006 relates to the additional storage of two fingerprints on the passport chip. The Commission considered these data as more sensitive and decided to protect them by "Extended Access Control" a system which works with a Pubic Key Infrastructure (PKI). As this system is very new it took the committee more time to establish the technical specifications. The EU will be among the first worldwide to implement this system.
Tests run by some Member States have shown that the system is working. However, access to these data would imply that all border posts are equipped with the necessary reading devices. Member States have not yet installed the necessary soft and hardware as the end date is in 2009.
Currently only Member States will have access to the fingerprint data. Whether access for third countries will be allowed has to be decided by the EC at a later stage. Nevertheless, full interoperability is ensured should the EU decide to give access to third countries.
With the present Commission decision the time frame is triggered for the implementation of fingerprints. Member States will have to store them in their newly issued passports 36 months from 28 June 2006, therefore at the latest on 28 June 2009.