Supervising the entry into operations of the Entry/Exit System

The EU Entry/Exit System (EES) entered into operation on 12 October 2025. The EES is a large scale IT system developed by the EU to prevent irregular migration and enhance security in the Schengen area. This automated system registers which travellers from third countries, with or without a visa, enter and exit the Schengen area. It records personal data from travel documents such as name, date of birth, and place of birth. It also registers the dates of entry and exit of travellers, as well as biometric data such as a facial images and fingerprints.

The personal data protection oversight of the EES falls under the responsibility of the Coordinated Supervision Committee (CSC), a group of national supervisory authorities and the European Data Protection Supervisor (EDPS), cooperating closely to monitor the implementation of the EES at both European and at national level.

The gradual deployment of the system will replace passport stamping at the external borders of the Schengen area, with the aim of making border procedures more efficient. European countries will have the option to progressively start using the EES over a period of six months, starting with the registration of third country nationals at 10% of border crossings. By the end of the six months period, European countries should reach full registration of all individuals.

In his supervisory role, the EDPS has already provided data protection advice in relation to the European Commission's practical guidance on the processing of personal data in the EES during the progressive start of operations.

Wojciech Wiewiórowski, EDPS, said: “The protection of personal data is a fundamental right, which applies equally to the processing of data within the Entry/Exit System and therefore requires effective supervision. Given the sensitivity of the personal data processed by the EES, it is crucial to ensure individuals can effectively exercise their rights.”

The EES Regulation ensures that travellers must be properly informed about their rights regarding the processing of their personal data in the EES, and how to exercise these rights. Authorities processing personal data in the EES, such as border guards, migration services, and under certain conditions, law enforcement authorities must ensure that individuals can easily request access to their data, as well as rectification, completion, erasure and restriction.

The EDPS is responsible to audit actions and measures taken by the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA) to maintain the EES security architecture, as well as the communication network that connects the Member States to the central system. This is part of the supervisory role played by EDPS with regard to the large-scale IT systems related to EU justice and home affairs which fall under CSC supervision. In additions to the EES, these IT systems include Eurodac, SIS, VIS, and the future ETIAS and ECRIS-TCN.