New EU Regulation on API Border Data Processing (Regulation 2025/12)

UK Version of GDPR

The European Union adopted Regulation 2025/12 to standardize how border authorities and airlines process passengers’ Advanced Passenger Information (API). This regulation responds to growing concerns over the security and privacy of large-scale personal data sharing in cross-border travel. Airlines will now have to conduct routine security audits, maintain detailed records of their data flows, and implement strong encryption protocols. In addition, authorities must guarantee robust oversight by Data Protection Officers (DPOs) and submit to reviews by the European Data Protection Supervisor (EDPS). The goal is to strengthen security while upholding fundamental rights under the GDPR, ensuring passengers’ personal data is processed lawfully, transparently, and securely. This regulation is a critical development for sectors dealing with cross-border personal data transfers.
🔗 Official text via EUR-Lex

Picture of Dposphere

Dposphere

Recent Post

International data transfers continue to be one of the most complex compliance challenges facing organizations in

  Organizations across Europe are adapting to stricter cybersecurity reporting requirements introduced through updated regulatory frameworks.

As organizations increasingly integrate artificial intelligence into business operations, regulators across Europe are intensifying oversight of