The European Union is preparing to negotiate the Enhanced Border Security Partnership (EBSB) with the United States, a data‑sharing arrangement that could tie EU citizens’ biometric and personal information to U.S. border controls. If the agreement is not in place by the U.S. deadline of 31 December 2026, participating EU states risk losing their Visa Waiver Program (VWP) status, meaning their citizens would need visas to travel to the United States.
What the EBSB would require
- Bilateral deals – Each EU member state would sign a separate agreement with the U.S. Department of Homeland Security (DHS), granting American officials access to national biometric databases.
- Data categories – The draft lists:
- Fingerprints and facial scans (core identifiers)
- Ethnic origin, political opinions, religious or philosophical beliefs
- Trade‑union membership, genetic information, health data, and details about sex life
- Legal thresholds – Transfers must be “strictly necessary and proportionate,” but the exact definitions are still undefined. Basic identity data linked to travel documents would be shared automatically; more sensitive categories would need additional justification.
Timeline and enforcement
| Date | Milestone |
|---|---|
| December 2025 | EU ministers approved a mandate to start negotiations. |
| 31 December 2026 | U.S. deadline for the agreements to be operational. After this, DHS will assess each country’s compliance during VWP reviews. |
| Late 2026 | The EU’s pre‑travel screening system ETIAS is expected to launch, adding another layer of data collection. |
If a state fails to meet U.S. expectations, its citizens could lose visa‑free travel, reverting to the standard visa‑application process.
Legal and privacy concerns
- GDPR compatibility – The draft does not clarify how the “strictly necessary” test aligns with the EU’s General Data Protection Regulation, which limits automated decision‑making and applies to data processing outside EU borders.
- Automated decision‑making – The text does not explicitly forbid U.S. authorities from using algorithms to assess EU travelers. Safeguards such as the right to request human review are mentioned but remain vague.
- European Data Protection Supervisor (EDPS) – In a September 2025 opinion, the EDPS warned that the scale of biometric sharing is unprecedented and stressed that any processing must stay within the “strictly necessary and proportionate” limit.
Political response
- Limited opposition – No EU member state has lodged a formal objection, though several have raised concerns about timing, legal basis, and data protection.
- Parliamentary scrutiny – MEP Raquel Garcia Hamida Vandewalle has submitted written questions to the European Commission and national capitals about the negotiations.
- Expert view – David Lesperance (IMI) notes that the draft is at an early stage and highlights the lengthy precedent of the Western Hemisphere Travel Initiative, which took five years to fully implement after its 2004 mandate.
Related U.S. initiatives
- ESTA overhaul – The U.S. is proposing to expand the Electronic System for Travel Authorization to require up to ten years of social‑media history, additional biometric fields, and family‑member information.
- Historical context – The Western Hemisphere Travel Initiative (post‑9/11) took until 2009 to reach full land and sea‑border coverage, illustrating the potential multi‑year rollout for the EBSB.
EU parallel developments
- Entry‑Exit System (EES) – Captures fingerprints and facial scans of non‑EU travelers at Schengen borders.
- ETIAS – Expected to become operational in late 2026, providing pre‑travel risk assessment for visa‑free travelers and further expanding EU data collection.
Practical implications for travelers and residents
- Risk of visa reinstatement – Citizens of any EU state that does not finalize an EBSB deal may need to apply for U.S. visas, adding cost and processing time.
- Data exposure – Even if a state signs the agreement, travelers’ biometric and highly sensitive personal data could be accessed by U.S. authorities, potentially without robust oversight.
- Monitoring developments – Keep an eye on:
- Official EU Commission updates on the single‑framework proposal.
- National government statements regarding VWP compliance.
- EDPS opinions and any legal challenges under the GDPR.
Given the tight U.S. deadline and the lack of a unified EU stance, the situation remains fluid. Stakeholders should track negotiations closely, assess the adequacy of proposed safeguards, and consider contingency plans for visa requirements should the EBSB fail to materialize.





