Loading...

News

ETIAS Faces an Uncertain Path to Its Late-2026 Launch

02.05.2026 | ETIAS

The European Union flag gracefully waving on a flagpole against a cloudy sky in Strasbourg, France.

Article content

ETIAS Faces an Uncertain Path to Its Late-2026 Launch

The European Travel Information and Authorisation System (ETIAS) is scheduled to go live at the end of 2026, but the project is under growing scrutiny from civil society groups and the European Union's own institutions. Even Frontex, the EU border agency, has flagged concerns about whether the system complies with data protection law. Combined with the European Commission's failure to publish promised legal guidance and a pending ruling from the Court of Justice of the European Union (CJEU), the doubts surrounding the launch are mounting.

white airplane flying in the sky during daytime Photo by Hussan Amir on Unsplash

What ETIAS is meant to do

ETIAS is a central pillar of the EU's drive to digitalise border control. It forms part of the "smart borders" package first proposed in 2013, which also includes the Entry/Exit System (EES) that completed its rollout on 10 April 2026. The travel authorisation, adopted in law in 2018, is designed to screen travellers from visa-exempt countries and flag anyone judged to pose a "security, migration or health" risk.

Those flags are produced in two ways: by checking applicants against European watchlists, and through an automated profiling system that compares the information on each application form against a set of "risk indicators". Any "hit" must then be reviewed manually by a member state's ETIAS National Unit before a travel authorisation is approved or refused.

Frontex, the European Border and Coast Guard Agency, has been handed a central role running the ETIAS Central Unit and defining the specific risk indicators used to profile applicants. To learn more about how the authorisation will work in practice, see our ETIAS overview.

Profiling and the risk of discrimination

The regulation states that risk indicators must be targeted, proportionate and never based on personal characteristics. A fundamental rights guidance board has been set up to advise Frontex on the screening rules. In its guidance note on the risk of discrimination, the board lists prohibited indicators such as "nationality" and "country and city of residence", because these can act as proxies for a person's colour, race or ethnic origin.

The board illustrated the danger with the example of someone from Detroit, Michigan, where around 80% of residents are African American: such a traveller could face heightened racial bias regardless of whether their race is actually known to the system.

Frontex sounds the alarm

On 31 March 2026, Frontex published a report to the European Parliament and the Council on the state of preparation of ETIAS, covering April to September 2025. It warned that the likelihood and impact of failing to complete the ETIAS Data Protection Impact Assessment — along with data protection guidelines and privacy notices — had increased compared with previous reporting periods.

The report singled out the Commission for "the persistence of legal uncertainty on a significant number of data protection issues", a consequence of its failure to issue legal guidance that had been due in 2024. When Statewatch asked the Commission whether it had since delivered that guidance, or why it was delayed, the Commission did not reply.

Captivating view of Santorini's famous blue-domed buildings under a vibrant sky. Photo by Aleksandar Pasaric on Pexels

The question of artificial intelligence

For years, academic experts and Statewatch have warned that ETIAS appears to clash with data protection rights. Those warnings sharpened when EU-LISA, the agency responsible for the technical infrastructure behind Europe's information systems, confirmed that artificial intelligence would be permitted within ETIAS.

How exactly AI will be used remains unclear. Academic Niovi Vavoula has cautioned that "all options are open". Adding to the concern, the EU's AI Act exempts any information system already in operation before 2 August 2027 from its monitoring and oversight rules until at least 31 December 2030. According to an EU-LISA report, a decision labelling an individual as a risk could in principle be processed entirely by AI tools — something likely to collide with existing case law, including the CJEU's PNR ruling (C-817/19, 2022), which bars the use of AI to define "risk criteria" because the lack of transparency could undermine a person's right to an effective remedy.

A legal challenge that could mean more delay

A fresh legal challenge could push the timetable back further. The Belgian NGO La Ligue des Droits Humains is contesting how the ETIAS regulation has been implemented in Belgium, and the CJEU has been asked whether the regulation respects a core principle of data protection law.

The case targets Belgium's broad definition of a threat to security — one that stretches to public order, internal security and even the international relations of a member state. The preliminary question before the CJEU is whether that approach breaches the principle of purpose limitation, which requires personal data to be processed only for specified, explicit and legitimate purposes.

Catherine Forget, the lawyer bringing the case, told The Parliament Magazine that "this notion of 'risk' for public security is very badly defined" and that it "is about crimmigration, not only about the fight against serious crime, but also immigration more broadly".

What it means for travellers

For now, ETIAS is still officially expected to launch at the end of 2026, and visa-exempt travellers should continue to prepare for it. But the combination of unresolved data protection questions, the role of AI and a live court case means the timeline is far from guaranteed. Travellers planning trips to the Schengen area can check the latest requirements on our ETIAS overview page.

Image Sources:

  • Header image: Photo by Dušan Cvetanović on Pexels
  • Teaser image: Photo by Natã Romualdo on Pexels