How digital infrastructure, automated screening, and shared intelligence redefine mobility and data protection
WASHINGTON, DC, December 10, 2025
Across Europe, the most visible sign of border control has always been the checkpoint gate, the passport booth, or the police patrol on a bridge. In 2025, that picture is incomplete. The real frontier of the Schengen system now runs through data centres, algorithmic risk engines, and shared intelligence platforms that process passenger information long before anyone reaches an airport, train station, or port.
The informal term some policymakers and analysts now use, the Schengen AI project, describes this broader shift. It is not a single database or law. Instead, it is a composite of new travel protocols, digital infrastructure, and automated screening rules that rely heavily on artificial intelligence to manage who enters, who stays, and who is flagged for closer scrutiny.
For travellers, the most immediate changes appear in the form of biometric kiosks, automated passport gates, and new online authorisations. For governments and transport operators, the transformation is more profound. Border control is becoming a continuous, data-driven process that links airlines, rail operators, ferry companies, national police, and European agencies into a shared monitoring network.
Supporters argue that this model is essential for managing irregular migration, transnational crime, and terrorism while keeping legitimate travel moving. Critics warn that the same systems risk normalising mass surveillance, eroding data protection, and creating new forms of discrimination and error that are difficult to contest.
This investigation examines how the Schengen AI project works in practice, how its components fit together, and how it is reshaping both mobility and privacy in Europe.
Digital infrastructure behind the new Schengen border
The foundation of Europe’s new border model is a set of large-scale information systems that collect and store data on travellers and their movements. Several developments in 2025 are particularly significant.
The Entry Exit System, known as EES, began operating on October 12, 2025, at external border points of Schengen states. Over a six-month rollout period, it is replacing manual passport stamps for most non-EU nationals on short stays with a digital log of each entry and exit, linked to biometric identifiers such as facial images and fingerprints. Full deployment is expected by April 2026. Once implemented, EES will allow authorities to calculate in real time whether a traveller has complied with the 90 days in any 180 days rule, to spot overstays, and to detect suspected identity fraud more easily.
Alongside EES sits the long-delayed European Travel Information and Authorisation System. ETIAS is now scheduled to start operations in the last quarter of 2026, after EES is entirely in place. Visa-exempt travellers, including citizens of Canada, the United States, the United Kingdom, and many other countries, will have to apply online before travelling to the Schengen area. Their applications will be checked automatically against European security, migration, and health databases. Only those with valid authorisations will be permitted to board flights and ferries to Schengen destinations that require screening.
Passenger data rules have been tightened at the same time. In January 2025, a new legal framework on Advance Passenger Information created EU-wide standards for how air carriers collect and transmit identity data, such as passport numbers and document details, to border authorities. The regulations establish a central router managed by EU LISA, the agency that operates Europe’s large-scale information systems. They are designed to standardise API data flows and complement the Passenger Name Record regime, which already compels airlines to send detailed booking data to national Passenger Information Units for use in counter terrorism and serious crime investigations.
The geographic scope of Schengen has expanded as well. On January 1, 2025, Romania and Bulgaria became full members of the Schengen area, following a period of partial membership in which air and sea border controls had already been lifted. Their full accession removed land border checks with neighbouring states and extended the external Schengen frontier eastward. That enlargement increases the number of national authorities feeding data into and drawing data from the shared systems that underpin Europe’s border regime.
Artificial intelligence does not replace this infrastructure. It sits inside it. Machine learning models help authorities link and interpret records from EES, ETIAS, API, and PNR. Rule-based engines automate screening decisions. Predictive tools support capacity planning at border crossings. Together, they turn static databases into a dynamic system for monitoring mobility.
From single checkpoints to automated screening pipelines
Under the traditional border model, assessment happened at a specific place and time. A traveller reached a booth, an officer examined their documents, asked questions, and made a decision. Today, that moment is only one point in a longer screening pipeline that begins before the journey and continues after it ends. Pre-travel, airlines and other carriers collect passenger name records whenever a reservation is made. PNR data can include routes, payment methods, contact details, frequent flyer numbers, seating preferences, and information about travelling companions. Closer to departure, carriers collect advance passenger information, a structured set of identity details drawn from travel documents. For many routes, both PNR and API must be transmitted to national Passenger Information Units or border authorities.
Automated systems match these feeds against watchlists, lost-and-stolen document databases, sanctions lists, and other security and law enforcement records. Machine learning models trained on past investigations search for patterns that correlate with smuggling, trafficking, organised crime, or systematic overstays. Rule engines add explicit legal criteria, such as specific alert codes or lists of stolen passports.
Once ETIAS is in place, pre-travel authorisation data will provide another layer of information. Risk rules written into ETIAS will automatically screen applications against European databases, flagging cases that require human review. In many situations, the first time a traveller learns that they are of interest to authorities will be when an authorisation is delayed or refused.
At the border itself, EES records and biometric gates complete the pipeline. Entry and exit events are logged, stay durations are recalculated, and any mismatch between the rules and the traveller’s status can trigger questions or refusals.
Artificial intelligence connects these stages. It can assign risk scores to individual journeys, rank flights and ferries by their perceived threat level, and highlight unusual combinations of itinerary and passenger history for officers to review. It also allows authorities to run retrospective analyses, asking what travel patterns preceded specific crimes or incidents and then building new risk indicators from those findings.
Case study one: When a pattern becomes a suspicion
Consider a realistic, anonymised scenario based on situations reported by travellers and analysts.
A consultant working in infrastructure and logistics travels frequently between Europe, the Gulf states, and North Africa. His itineraries are often complex, with multi-leg journeys, short-notice changes, and mixed carriers. He pays with different corporate cards linked to various subsidiaries of his employer, depending on the project and country.
On their own, none of these details is unusual. Taken together, though, they generate a travel pattern that appears in both PNR and API data as a network of last-minute bookings on routes associated with sensitive sectors and regions.
Separately, law enforcement agencies investigate a smuggling network that has used specific long-haul European hubs and similar multi-leg routings. Analysts identify recurring patterns in those cases and feed them into a PNR risk ruleset. From that point on, any booking that resembles the pattern receives an elevated risk score.
When the consultant next flies into Schengen, the system flags his trip for closer review, even though he has never been under investigation. Airline staff quietly mark his boarding pass for additional questioning. At the border, EES confirms his previous stays have always complied with the rules, yet the risk profile still prompts a secondary interview.
Nothing unlawful is discovered, and he is allowed to enter. The pattern, however, remains in the system. On future trips, the same indicators generate new alerts, turning a legitimate travel profile into a recurring source of friction, built not on evidence of wrongdoing but on statistical resemblance to unrelated cases.
Building a shared intelligence framework
The Schengen AI project is not confined to individual countries. It operates through shared intelligence structures that link national border forces, police, customs, and European agencies.
Passenger Information Units sit at the heart of this architecture. Each participating state operates a PIU responsible for receiving PNR data from carriers, running automated risk analyses, and disseminating relevant alerts to border, police, and security units. These units often rely on vendor-supplied software that incorporates AI components, such as anomaly detection algorithms, clustering tools, and pattern-matching engines.
At the European level, agencies such as Frontex and Europol coordinate information flows. Frontex operates situation centres that collate data from member states, including information on irregular migration trends, detected document fraud, and cross-border criminal activity. Europol supports investigations into organised crime and terrorism, sometimes using travel data to map movements of suspects and associates.
The EU has also invested in interoperability projects that allow authorities to query multiple databases through shared interfaces. The aim is to ensure that checks against EES, visa systems, criminal records, and security alerts remain integrated. As these systems become more interconnected, artificial intelligence tools gain a richer set of inputs with which to draw inferences about travellers and routes.
Case study two: A joint operation on a high-risk corridor
A coordinated operation on a busy air corridor between a Schengen hub and a non-EU capital illustrates how this shared framework works in practice.
National PIUs in several countries notice recurring patterns in PNR data for flights on the route. Clusters of passengers often book separate tickets through the same agency, pay with related cards, and connect to a small number of onward destinations inside Schengen. At the same time, law enforcement reports suggest that the same route is being used to move victims of labour exploitation into Europe.
Frontex convenes a joint operation with selected member states. AI-supported analysis ranks incoming flights by risk, combining information from PNR indicators, watchlists, and EES records from previous trips. Border and police teams are deployed to arrival gates at specific times.
During the operation, most passengers pass through automated gates with minimal delay. A smaller group, identified by the combined risk models, is intercepted for more extensive interviews and document checks. Several suspected facilitators are arrested, and several exploited workers are referred to protection procedures.
Authorities present the operation as a success for data-driven enforcement. Civil liberties groups acknowledge the importance of disrupting exploitation networks, but question how many innocent passengers were subject to intrusive scrutiny based on opaque algorithms, and whether similar models could be used in the future to target political activists, journalists, or minority communities.
Artificial intelligence at the checkpoint
For many travellers, the first tangible sign of the Schengen AI project is the automated checkpoint. These systems combine digital infrastructure and machine learning into a single interaction that feels routine.
At airports, automated border gates read passport chips, capture facial images, and compare live templates to stored references. The matching engines that drive these comparisons rely on neural networks trained on large datasets. Operators tune thresholds to balance the risk of false acceptance against the risk of false rejection.
EES adds a second layer. For travellers who have already enrolled, the facial image captured at the gate can be matched against an EES template, not only verifying that the person is the document holder but also confirming that the document has been used previously in the system and that stay limits have not been exceeded.
Rail terminals that serve as external border points, such as cross-channel stations, adopt similar processes. Non-EU passengers may be asked to enrol or verify their data at kiosks before boarding, so that checks do not cause excessive delays on arrival. Ferry ports, particularly those with high volumes of short-haul passenger traffic, are also beginning to introduce biometric verification where space and infrastructure permit.
The same facial recognition and biometric systems can be integrated into terminal access control and queue management. In some pilots, a single enrolment allows passengers to move through security and boarding without repeatedly presenting documents. In others, behavioural analytics tools examine how crowds form around gates, and adjust signage and staffing accordingly.
Case study three: Ferry terminals under EES
A large ferry port linking a non-EU country with a Schengen member state illustrates the operational impact of EES and AI-assisted checkpoints.
Before 2025, car and foot passengers presented passports at manual booths. Officers stamped documents, performed visual checks, and occasionally referred travellers for secondary questioning. Processing times depended heavily on staffing and seasonal peaks.
After EES went live, the port introduced self-service kiosks where non-EU nationals scan their passports and provide facial images before boarding. AI tools assess the quality of the captured images and verify that data fields are complete. At the Schengen side of the crossing, automated gates use the enrolled biometrics and EES records to complete the checks.
Queue analytics software monitors vehicle and passenger flows in real time, using cameras and other sensors to detect congestion in waiting areas, lanes, and ramps. When delays start to build at the kiosks or gates, the system alerts supervisors, who can open additional lines or adjust boarding sequences.
The new arrangements reduce manual stamping and allow more predictable scheduling. However, passengers who refuse biometric enrolment, who experience false rejections, or whose data triggers risk alerts still face manual processing. For them, the combination of EES and AI power does not eliminate queues; it changes where and how they appear.
Data protection, fundamental rights, and the AI debate
Europe’s legal framework treats mobility and data protection as intertwined issues. The Schengen AI project must operate within constraints set by both border law and privacy law.
The Schengen Borders Code defines when and how external border checks are carried out and under what conditions internal controls can be reintroduced. Regulations governing EES and ETIAS specify retention periods, access rights, and purposes for which data can be used. They also grant law enforcement agencies access to EES records under defined circumstances, particularly for the investigation of serious crime and terrorism.
The General Data Protection Regulation and the Law Enforcement Directive set general standards for personal data processing, including principles of purpose limitation, data minimisation, and proportionality. They provide individuals with rights of access, rectification, and in some cases erasure. In theory, these rights apply to border and travel data as much as to any other category.
In practice, exercising those rights in the border context is difficult. Many travellers are unaware that PNR and API data exists, or that EES records may be retained for years. Even where individuals submit access requests, authorities may limit disclosure by invoking national security or ongoing investigations. The complexity of the underlying systems, spread across national and European levels, further complicates efforts to identify which agency holds which data.
The forthcoming EU Artificial Intelligence Act adds another dimension. It treats many AI applications in law enforcement and border control as high risk, subject to strict requirements for risk management, data governance, transparency, and human oversight. Real-time remote biometric identification in public spaces faces tight restrictions, which affect the design of crowd analytics and surveillance tools at transport hubs. Operators will be required to document their AI systems, conduct impact assessments, and be prepared for audits by supervisory authorities.
Case study four: A traveller’s search for transparency
An anonymised case based on complaints raised with civil society organisations illustrates the challenges of asserting data rights at the digital border.
A non-EU academic who frequently travels to conferences in Schengen countries begins experiencing repeated secondary checks upon arrival. Officers seem unusually well-informed about her previous trips and ask detailed questions about whom she meets. She has no criminal record and works in a sensitive but legal research area.
Suspecting that she has been wrongly profiled based on her contacts or topics, she submits access requests to several border agencies and to the airlines she regularly uses, asking what data is held about her and how it is processed.
The responses are fragmented. The airlines provide extracts of PNR data, confirming her itineraries and some contact details. A national border authority responds in general terms, explaining that data such as EES records and API data are processed in accordance with the law, but provides no specific entries. Other agencies refer her to European institutions or decline to answer specific questions, citing national security.
From a legal standpoint, each organisation may be complying with its interpretation of the rules. From the traveller’s perspective, the process reveals how difficult it is to understand or challenge the outputs of the Schengen AI project, even for someone familiar with European institutions and rights frameworks.
Emerging markets, mobility, and compliance
The European border environment does not exist in isolation. Individuals and companies in emerging markets increasingly rely on access to the Schengen area for trade, investment, education, and lifestyles. The Schengen AI project, with its emphasis on pre-travel screening and long-term data retention, changes how those actors must plan.
High-net-worth individuals who have built global mobility around multiple residences and citizenships now face a more structured regime in which every entry into Schengen is logged and cross-checked. Entrepreneurs from China, the Middle East, Latin America, and parts of Africa who use European hubs as transit points must consider not only visas and tax residency, but also how their travel patterns look when processed by AI models trained on risk indicators.
Multinational companies with operations in Europe and emerging markets find that their staff mobility is subject to increasingly detailed scrutiny. Executives who travel frequently through Schengen hubs carry not only passports and boarding passes, but also digital histories of previous trips, employment roles, and corporate links that automated systems can piece together.
Compliance officers and legal teams in these organisations must therefore treat European border protocols as part of a broader regulatory landscape that includes sanctions, export controls, anti-money laundering rules, and data protection obligations.
Case study five: A relocation strategy under Schengen AI
A fictional composite case illustrates how these pressures play out.
A family based in an emerging market country with tight capital controls and rising political risk decides to relocate their centre of life to Europe. They intend to obtain residence in one Schengen state, educate their children in another, and maintain business operations in several non-EU jurisdictions. Their travel will involve regular movement between Schengen and their home region.
At the same time, the family operates legitimate businesses in sectors that attract regulatory attention, including energy and infrastructure. Their corporate structures are complex, with holding companies and trusts in multiple jurisdictions. Without careful planning, their travel and financial footprints could resemble patterns that automated systems associate with sanctions evasion or tax abuse.
Working with specialist advisers, including employees of Amicus International Consulting, the family develops a compliance-centred relocation plan. The advisers do not seek to bypass controls. Instead, they map how EES, ETIAS, API, and PNR will interact with visas, residence permits, tax registrations, and corporate structures.
The plan includes regularising all immigration statuses before major moves, ensuring that travel for business and personal reasons is clearly documented, and maintaining consistent personal data across passports, tickets, and corporate records. The advisers prepare explanatory documentation to present if questions arise, linking complex itineraries to lawful business and family decisions.
As a result, the family reduces the likelihood that their movements will trigger unexplained alerts, even though they accept that increased scrutiny is a fact of life in the current environment. Their case shows how the Schengen AI project is pushing sophisticated travellers and investors toward integrated strategies that combine migration, compliance, and data protection issues.
The role of professional services in a data-driven border regime
As European travel protocols become more complex, professional services that sit at the intersection of law, technology, and mobility are becoming more prominent.
Amicus International Consulting provides professional services to clients who face exactly this intersection. Employees work with individuals, families, and companies that need to understand how cross-border movement, asset structures, and regulatory obligations fit together, in the European context, that entails explaining how systems such as EES, ETIAS, and PNR operate, what data they collect, and how that data might interact with other records such as bank information, beneficial ownership registers, and tax filings.
For some clients, the priority is to design life and business plans that respect all relevant laws and minimise unnecessary exposure to arbitrary decisions. That can mean choosing residence options that reduce the number of jurisdictions involved, aligning travel routes with operational needs rather than habit or convenience, and anticipating how future legal changes, including the implementation of the AI Act, may affect mobility.
For others, especially those who have already encountered problems at borders, advisory support involves reconstructing what may have happened, identifying potential sources of error or misunderstanding, and helping to formulate appropriate legal and administrative responses. This can include working with local counsel to lodge complaints, clarify records, or seek redress where rights appear to have been breached.
In all cases, the underlying reality is the same. The Schengen AI project is not only a technical undertaking but also a governance challenge. Individuals and organisations who depend on cross-border mobility must navigate both the written rules and the unwritten logic of automated systems that interpret their movements. Professional services that take compliance, transparency, and long-term planning seriously are becoming part of how that navigation is done.
Looking ahead: a test for European governance
The evolution of Europe’s border regime into a dense network of digital systems and artificial intelligence is far from complete. EES is in its early months of operation. ETIAS has yet to start. The new API framework is still rolling out, and the AI Act’s detailed requirements will take time to implement and enforce. Some member states have reinstated internal border checks in response to migration and security concerns, testing the balance between free movement and national control.
The Schengen AI project, understood as the combined effect of all these measures, raises questions that go beyond technical efficiency. It tests whether Europe can align powerful surveillance and screening tools with its commitments to fundamental rights, including privacy, data protection, non-discrimination, and freedom of movement. It challenges legislators, regulators, and courts to ensure that legal safeguards keep pace with technological change. It asks whether citizens and travellers will be given meaningful insight into systems that increasingly shape their ability to move.
For now, the direction of travel is clear. Mobility within and into the Schengen area is being redefined by digital infrastructure, automated screening, and shared intelligence platforms that depend heavily on artificial intelligence. The border is no longer confined to a line where passports are checked. It begins when a journey is planned, continues through every booking and data submission, and persists in the records that remain long after a trip ends.
How Europe manages that reality, and how individuals and organisations adapt to it, will determine whether the Schengen AI project is remembered as a necessary modernisation of border management or as the moment when invisible controls quietly narrowed the space for unrestricted movement in a continent that once promised open frontiers.
Contact Information
Phone: +1 (604) 200-5402
Signal: 604-353-4942
Telegram: 604-353-4942
Email: [email protected]
Website: www.amicusint.ca




