Title
Border Control via Advance Passenger Info System
Law
Executive Order No. 122
Decision Date
Dec 15, 2020
Executive Order No. 122 introduces the Advance Passenger Information (API) system in the Philippines, requiring commercial carriers to provide passenger and crew information to the Bureau of Immigration for security vetting and verification purposes, with penalties for non-compliance and unauthorized disclosure, and a maximum data retention period of twelve months.
border control
advance passenger information system
commercial carriers

Legal basis and policy rationale

  • The Order is issued by the President under the constitutional authority of Section 17, Article VII on control of executive departments and faithful execution of laws.
  • The Order is anchored on international standards that require a state to establish an Advance Passenger Information (API) system, consistent with the Chicago Convention and its Annex 9.
  • The Order aligns with international customs procedural harmonization recommendations under the Kyoto Convention (including Specific Annex J on API use for traveler customs control).
  • The Order recognizes international guidelines and recommendations developed by WCO, IATA, and ICAO on advance passenger information.
  • The Order references UN Security Council Resolution No. 2178 (2014) requiring member states to require airlines operating in their territories to provide API to appropriate national authorities.
  • The Order references UNSCR No. 2178 (2014) encouraging evidence-based traveler risk assessment and screening using travel data analysis without resorting to discriminatory profiling.
  • The Order references UNSCR No. 2396 (2017) urging effective national border controls and law enforcement information sharing through secure networks, databases, and advisory notices in accordance with domestic and international law, including human rights law.
  • The Order also recognizes that the Bureau of Immigration (BI) enforces immigration laws and administration over citizenship and alien admission and registration under Commonwealth Act No. 613.

Scope: who must supply API and who is covered

  • The API requirement applies to the captain, master, agent, or owner of every commercial carrier.
  • The obligation applies when the carrier’s vessel or aircraft is arriving in or departing from any port within the Philippine territory.
  • The carrier must provide the BI API covering passengers and the crew and non-crew members.
  • The term Passenger excludes the master and members of the crew or other persons employed or engaged in any capacity on board the commercial vessel or aircraft.
  • The API requirement does not exempt any passenger, crew, or non-crew member from submitting to physical primary inspection at immigration counters.

Key definitions used in the Order

  • API means an electronic communication containing passenger- or crew/non-crew-related information transmitted to the BI prior to arrival or departure and made available on the primary line at the port of entry, including data on flight details and individual travel document data found in the machine readable zone.
  • API System (APIS) means an electronic communications system that collects biographic data from machine readable passports, other official travel documents, or basic details provided by commercial carriers; APIS may be interactive or non-interactive/batch and includes other authorized or recommended programs or systems under relevant international standards and guidelines.
  • Commercial Carriers are persons, corporations, firms, or associations engaged in carrying or transporting passengers or goods (or both) by sea or air, for compensation, offering services to the public; the carrier may be public/common or private.
  • Passenger is a person carried on board a vessel or aircraft, excluding the master and members of the crew or other persons employed or engaged in any capacity on board a commercial vessel or aircraft.

API data handling, standards, and transmission

  • The API data elements, message format, structure, and transmission method must conform to internationally recognized standards and practices to the extent allowed by relevant laws.
  • The BI must ensure required data elements are limited to the minimum necessary.
  • The BI must protect data integrity in the API system.
  • The BI must implement security measures to protect the API’s integrity and availability, including access restrictions and recognized security mechanisms or other reasonable safeguards against unauthorized access.

Verification, correction, access, and immigration inspection

  • After receiving API, the BI must perform security vetting or derogatory information verification for passengers, crew, or non-crew members using its database.
  • When necessary, the BI must verify using other available law enforcement and non-law enforcement databases, including notices issued by INTERPOL and notices subject to UN Security Council sanctions and travel bans.
  • If errors are found in the API, the BI must provide an opportunity to correct the errors or perform corrections after verification based on travel or other related documents.
  • An individual may seek access to the API supplied by the commercial carrier only if the individual is the subject of the data being accessed.

BI as single government agency and controls

  • The BI is designated as the sole government agency authorized to receive or manage the API and other forms of API data.
  • Only personnel authorized by the Commissioner of Immigration shall have access to the APIS.
  • The API serves as the initial security vetting tool to facilitate and expedite legitimate travelers’ arrival and departure during primary inspection.
  • Physical primary inspection at immigration counters remains required for passengers, crew, and non-crew members.

Information sharing and bound disclosures

  • The BI may share information contained in API to further regional or international security, subject to existing treaties, laws, rules, regulations, and consistency with national interest.
  • The BI may provide API information to designated law enforcement and security-related agencies to further national security, law enforcement, immigration, intelligence, and counter-terrorism functions for public safety and order.
  • The designated agencies are:
    • Department of Finance – Bureau of Customs
    • Department of Transportation (DOTr) – Office for Air Transportation Security
    • DOTr – Philippine Coast Guard
    • Department of Health – Bureau of Quarantine
    • Department of Justice – National Bureau of Investigation
    • Department of the Interior and Local Government – Philippine National Police
    • Department of National Defense
    • National Intelligence Coordinating Agency
    • Armed Forces of the Philippines
    • National Security Council
    • Anti-Terrorism Council
  • Where disclosure is authorized, the recipient agency must comply with Republic Act No. 10173 and other relevant laws.

Sanctions for unauthorized disclosure and for failure to provide API

  • Unauthorized disclosure, sharing, publication, or use of API information is punishable under Republic Act No. 10173 and under applicable criminal and civil service laws, rules and regulations.
  • The captain, master, agent, or owner of a commercial carrier is liable for payment of appropriate administrative fines under CA No. 613 and its implementing rules and regulations for:
    • failure to provide API to the BI; or
    • failure to include a passenger, crew, or non-crew member in the API.
  • The administrative fines are imposed regardless of whether the BI eventually cleared the person for entry into the country.
  • The administrative fines are without prejudice to filing appropriate administrative, civil and/or criminal charges pursuant to existing laws, rules, and regulations.
  • Crew or non-crew members not included in the API are dealt with under immigration protocols under relevant laws, rules, and regulations.
  • Passengers may likewise be treated under immigration protocols if it is shown they were complicit in omitting their names and other data from the API.

Data retention, destruction, and future rules

  • Data collected in the APIS must be maintained for not more than twelve (12) months from the date of collection unless the information is classified as terrorism- or crime-related.
  • After the retention period, the data must be erased, destroyed, or disposed of in accordance with rules and regulations promulgated pursuant to the implementing authority under Section 11.

Funding for implementation and implementing rules

  • The initial implementation of the Order is funded through existing appropriations of the BI.
  • Funding requirements for succeeding years must be included in the BI’s budget proposal, subject to the usual budget preparation process.
  • The BI must issue implementing rules and regulations within sixty (60) days from effectivity, in consultation with the National Privacy Commission and other relevant agencies.

Repeal and separability

  • All orders, rules, regulations, issuances, or parts thereof inconsistent with the Order are repealed, amended, or modified accordingly.
  • If any part or provision of the Order is held unconstitutional or invalid, the remaining parts continue in full force and effect.

Analyze Cases Smarter, Faster
Jur helps you analyze cases smarter to comprehend faster, building context before diving into full texts. AI-powered analysis, always verify critical details.

About Privacy Terms