US sets December 2026 deadline for EU data deal or visa-free travel ends

US sets December 2026 deadline for EU data deal or visa-free travel ends

The United States government is demanding unprecedented access to the private biometric and police databases of European citizens as a condition for maintaining visa-free travel.

According to the European Parliamentary Research Service (EPRS)* the US Department of Homeland Security (DHS) expects operational agreements under the Enhanced Border Security Partnership (EBSP) to be in place by December 31, 2026.

If EU member states fail to comply with these new security requirements by the deadline, their citizens may no longer be eligible for the Electronic System for Travel Authorization (ESTA). Instead, travelers from these countries would be required to apply for a formal B1/B2 visitor visa, a process that involves higher costs and mandatory in-person interviews at US embassies.

The shift from voluntary to mandatory compliance

While discussions regarding the EBSP have been ongoing since 2022, the 2026 deadline marks a shift into a high-stakes ultimatum. The European Commission is currently negotiating a framework agreement to prevent individual member states from being forced into separate, potentially conflicting bilateral deals with Washington.

"The framework agreement aims to provide for an overall legal framework and the general conditions for Member States' bilateral information exchange with the U.S. in the context of EBSP," states a technical note from the Council of the European Union.

The United States justifies these measures as essential for enhanced law enforcement and security-related data sharing, according to official statements from the U.S. Department of State. This includes the ability to verify identities using biometric data—such as fingerprints and facial scans—stored in national police and immigration databases.

Privacy concerns and the EU GDPR conflict

The primary roadblock to a deal remains the strict privacy protections afforded to EU citizens under the General Data Protection Regulation (GDPR). EU negotiators are seeking red lines to ensure that data sharing does not exceed what is strictly necessary for border security.

The European Data Protection Supervisor (EDPS) has voiced significant reservations, noting that this would be the first EU agreement involving large-scale sharing of personal data with a third country for immigration control. Critics argue the plan could grant US intelligence agencies access to sensitive information beyond what is currently required for travel.

Impact on travelers in 2026 and 2027

Currently, citizens from most EU countries can travel to the US for up to 90 days without a visa. They only need to have an ESTA, a simple, low-cost, travel authorization. However, the U.S. Embassy has clarified that while current procedures remain in place for now, travelers must prepare for stricter identity verification.

This news coincides with recent potential updates to the ESTA social media requirement, which has already increased the amount of personal data travelers must disclose.

If negotiations stall past the end of 2026, the ripple effect could cause significant delays at US embassies as millions of Europeans shift from the automated ESTA system to traditional visa processing.