Sign up now!
Want to keep informed?

Sign up to our newsletter! Get the best of PierNext monthly and access to exclusive and free publications

Topics

Topics

A

Search
All search results
Mobility

EES System in European Ports: Implementation, Deadlines and Biometric Controls 2026

The European Union takes another step forward in protecting its borders with a new entry and exit system that is currently being implemented gradually until it becomes mandatory during 2026.

Posted on 01.13.2026
PierNext
The Entry/Exit System (EES) involves, in addition to passport control, biometric facial and fingerprint control of travelers (FP).

What is the Entry/Exit System (EES)?

The Entry/Exit System (EES) is the new registry of people with passports from non-EU member countries who make short-term stays of 90 days in one of the 29 countries using the system.

In addition to passport control, biometric facial and fingerprint control of travelers is performed to determine that the person is who they claim to be in their official document.

In force since October 12, 2025, the EES will be fully implemented over the next six months and will coexist with traditional border controls. The goal is to completely replace manual stamping by April 10, 2026, at the latest.

  • "The rollout is progressive because different ports, airports, and railway stations are moving at different paces, and because there are different internal border points and with third countries that have required a joint agreement among all EU members," Bernat Baró, Corporate Security Director of the Port of Barcelona, tells PierNext.

The EES provides national authorities with real-time information about who enters the EU and when, which represents an important step in modernizing and strengthening EU border security. Once fully operational, the system will also detect people who overstay their permitted time and cases of document and identity fraud, ensuring a safer travel experience for everyone.

In the coming months, the European Commission and eu-LISA (European Union Agency for the Operational Management of Large-Scale IT Systems) will support member states to ensure the proper functioning of the system.

The EES system provides real-time information on who enters the EU and when (EU).

Why is the EES being implemented?

The history of the EES dates back almost a decade. The European Commission presented the first proposal on April 6, 2016, as part of the 'Smart Borders' package. After negotiations with the European Parliament and the Council, an agreement was reached in July 2017.

The EES Regulation, together with a specific amendment to the Schengen Borders Code, was adopted on November 20, 2017, and entered into force on December 29, 2017.

It was on December 4, 2024, when the Commission proposed introducing a gradual rollout of the system. "Security policies have gained greater prominence in this legislature, as seen for example in the investment to improve military mobility," Baró notes.

The goal is, in this case, to establish a common policy for entries and exits from the European area, since controlling the movement of people between EU countries is complex without a global and shared vision.

The goal is to establish a common policy for entries and exits from the European area, since controlling the movement of people between EU countries is complex without a global and shared vision.

Who does the EES apply to?

The Entry/Exit System applies to third-country nationals (not belonging to the EU, Iceland, Liechtenstein, Norway, or Switzerland) who make short-term stays of up to 90 days within a 180-day period, whether or not they need a short-term Schengen visa.

  • The EES does not apply to: EU citizens, Iceland, Liechtenstein, Norway, or Switzerland; holders of long-term residence permits in Schengen area countries; cross-border workers; and holders of long-term visas or residence permits issued by Schengen area countries. Brexit Withdrawal Agreement beneficiaries are also exempt.

The EES does not apply to EU citizens (FP).

Benefits of the new border control method

  • Modernizing and increasing the efficiency of border controls
    Replacing passport stamping streamlines border controls and allows staff to work more efficiently.
  • Facilitating and expediting border crossings
    With the EES, travelers will spend less time on border procedures thanks to faster controls, self-service options, and the ability to provide information in advance.
  • Preventing irregular migration
    By using fingerprint and facial data, the system prevents people from overstaying or using false identities.
  • Increasing security in the Schengen Area
    The EES will allow border agents and police authorities to access important information about travelers, helping them detect security risks and support the fight against serious crime, organized crime, and terrorism.

"The first thing third-country nationals have to do is register, something they will need to do every three years. But if it's someone who enters and exits frequently to visit their family, for example, a first registration will be sufficient," notes the Corporate Security Director of the Port of Barcelona.

The data recorded by the EES is stored for three years (FP).

What data does the system store?

The EES electronically records the following data for each traveler:

  • Personal data: full name, date of birth, nationality, gender, travel document data.
  • Biometric data: fingerprints and digitized facial image.
  • Travel information: date, time, and place of each entry and exit.
  • Information on entry refusals, if applicable.

The data is stored for three years from the last recorded entry or exit, complying with the EU's General Data Protection Regulation (GDPR).

The data is stored for three years from the last recorded entry or exit, complying with the EU's General Data Protection Regulation (GDPR).

Data protection: the importance of regulatory compliance

The implementation of biometric systems like the EES requires strict compliance with the European Union's General Data Protection Regulation (GDPR), especially when dealing with biometric data considered "special category" due to its sensitivity.

Article 35 of the GDPR establishes that any high-risk data processing must include a prior Data Protection Impact Assessment (DPIA) that justifies the necessity, suitability, and proportionality of the system. This assessment must consider whether less intrusive alternatives exist that can achieve the same security and efficiency objectives.

The AENA case: lessons on biometric implementation

A recent example illustrates the importance of regulatory compliance in biometric systems. In November 2024, the Spanish Data Protection Agency (AEPD) imposed a fine of €10.04 million on AENA for implementing facial recognition systems in eight Spanish airports without conducting a valid DPIA.

The AEPD's resolution noted that AENA used a "one-to-many" (1:N) identification system with centralized storage of facial patterns of more than 62,000 passengers, when less intrusive alternatives existed. The agency determined that the processing violated the principle of data minimization, as it stored many more personal data than traditional visual verification methods.

This case underscores three fundamental principles for any biometric implementation:

  • Necessity and proportionality: the system must be strictly necessary and no less invasive alternatives should exist.
  • Data minimization: only data strictly necessary for the specific purpose should be collected.
  • Prior assessment: a complete DPIA must be conducted before deployment, not after.

Unlike the AENA case, the European Entry/Exit System has been designed from its origin in strict compliance with GDPR, with impact assessments conducted at the European level, technical architecture validated by eu-LISA, and continuous supervision by the European Data Protection Supervisor. The system was approved through Regulation (EU) 2017/2226 after years of analysis and consultations, ensuring that each element responds to a legitimate and proportionate border security need.

This methodological difference explains why the EES can operate at a European scale with full legal guarantees, while ad hoc implementations without the appropriate regulatory framework can face significant sanctions. The lesson is clear: in border biometrics, regulatory compliance is not optional, it is fundamental.

EES deployment at the Port of Barcelona

At the national level, this procedure in Spain is the responsibility of the National Police Corps. The State Secretariat for Security, State Ports, and the Port Authorities have established a work framework for its implementation through a collaboration agreement.

In the case of the Port of Barcelona, the service has just been tendered with the objective of acquiring and installing the automated equipment necessary for border control at the Port of Barcelona.

The EES system must collect biometric data (fingerprints and facial) and personal data: name, passport, date and place of entry/exit from the EU.

The cost of implementation, co-financed by European Funds for Internal Security of the EU, has been valued at approximately €12 million, and includes the following infrastructure, distributed across cruise terminals Terminal C (public), Terminal E (Carnival), Terminal G (Royal Caribbean) and Terminal H (MSC) and ferry terminals Contradique and Transmediterránea:

  • 33 ABC Gates
  • 13 Registration Tablets
  • 43 Verification Tablets
  • 7 Containers
  • 134 Kiosks

Baró explains that its implementation in the port environment can be more complex than in the airport environment, especially until this process becomes part of the operational routine. The reason, in Barcelona's case, is the diversity of the model, which handles a significant volume of passengers between ferries and cruises. In 2024, passengers approached 5.4 million people, of which 1.74 million correspond to ferry passengers.

  • "The complexity lies in the fact that these flows of people do not transit through a single terminal, which is why the port's own architecture complicates the operation. In addition, controls for passengers traveling in their vehicle will greatly slow down boarding and disembarkation operations, as the EES systems will have to be installed in mobile equipment inside containers located at the quayside," Baró details.

Travel to Europe mobile application

To facilitate the border process, Frontex has developed the Travel to Europe mobile application, which allows pre-registration of information up to 72 hours before arriving at or leaving a European country using the EES. The application scans the biometric passport via NFC, captures a facial image, and allows users to answer the entry questionnaire in advance.

Although the app's use is voluntary, it is expected to significantly reduce waiting times at borders. It is currently available in Sweden, with expansion planned for France, the Netherlands, and Italy during 2026. It is important to note that it does not replace border controls or guarantee automatic entry.

Travel to Europe mobile application (EU).

Towards a new security standard

To date, the implementation follows the logic of any new operation, with a gradual deployment that allows operational adjustments before full implementation in April 2026. The coming months will be decisive in consolidating a system that not only modernizes European border management but also establishes a new standard of security and efficiency in cross-border movement control.

The EES represents a fundamental step in the digital transformation of European borders, anticipating future integrations with systems like ETIAS (European Travel Information and Authorization System), planned for late 2026.

This technological evolution redefines how Europe manages international mobility, balancing the facilitation of legitimate transit with the strengthening of common security.

 

 

Related posts
ProtectEU: What Role Do Ports Play in the EU’s New Security Strategy?
GovernanceTechnology
ProtectEU: What Role Do Ports Play in the EU’s New Security Strategy?
by PierNext
Non-intrusive scanners: make the invisible visible
LogisticsTechnology
Non-intrusive scanners: make the invisible visible
by PierNext
With digitalization comes risk: how ports prevent cyberattacks
GovernanceTechnology
With digitalization comes risk: how ports prevent cyberattacks
by PierNext

Subscribe to PierNext's monthly newsletter and gain access to exclusive reports and studies

Data protection: The Barcelona Port Authority will process your data to manage the PierNext newsletter subscription. You can exercise your rights by electronic registration at https://seu.portdebarcelona.gob.es. Find out about our privacy policy by clicking here

Thanks, ebook downloaded