Passenger’s Name Record Information Regulations 2022

In a significant move that has indirect relation to a discussion on “Privacy”, Government of India (Central Board of Indirect Taxes and Customs-CBIC), on 8th August 2022, Ministry of Finance notification no: GSR 621(E), has notified “Passenger’s Name Record Information Regulations 2022”

The salient points of the Regulations are as under:

  • The Regulations require the operator of Aircrafts (i.e airlines) to transmit specified information electronically to the designated Customs System. Passengers are not required to individually submit any information to Customs, neither do they need to furnish any additional information to the Airlines on account of these regulations. Airlines are already collecting this information under the aegis of the Chicago Convention on International Civil Aviation.
  • The data exchange between the Airlines and the Customs Systems is through the PNRGOV EDIFACT message format. This is a standard electronic message format endorsed jointly by the World Customs Organisation (WCO), International Civil Aviation Organisation (ICAO) and the International Air Transport Association (IATA) and is widely used internationally.
  • Although some data elements included in the Regulations are available from other sources, the objective of these regulations is to obtain this data in advance of departure or arrival of the passengers for analytics by the Customs Risk Management System.
  • The information collected is subject to strict information privacy and data protection and there are adequate legal and administrative safeguards built in. Processing of the information to reveal ethnicity, race, religious or philosophical beliefs, health etc. is strictly prohibited. Hardware and software necessary for data protection has already been envisaged. The information received is used for further processing only by a senior officer of the rank of Principal Additional Director General/Additional Director General.
  • In normal course, the data collected is stored only for five years after which it is disposed of by depersonalisation or anonymisation. The Regulations provide for an extensive and independent system audit and security audit to prevent misuse of the information.

These regulations are meant to enhance detection, interdiction and investigative capabilities of Customs Authorities using non-intrusive techniques for combating offences related to smuggling of contraband such as narcotics, psychotropic substances, gold, arms & ammunition etc. that directly impact national security. This mechanism is being widely used by border management agencies of approximately 60 different countries.

This should help prevent the flight of criminals both of financial crimes and terror acts and hence is part of the National Security obligations.

In the context of the NPDAI the New Data Protection Act, this reflects an exception to be recognized under the National Security obligations. In our draft being built in the series of articles under the series “Shape of Things to Come-NPDAI x” we have provided the “National Security” as a duty of the Government under the Preamble and this notification goes with it.


About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.