The new Eurodac is coming into force. The rules of operation of the system and the model of supervision are changing
Regulation (EU) 2024/1358 on the modernisation of Eurodac became applicable on 12 June 2026. This is one of the key elements of the Pact on Migration and Asylum, which introduces significant changes in the collection and use of data of applicants for international protection and migrants subject to migration procedures.
The new rules significantly extend the scope of Eurodac. The existing system, which primarily serves to determine which Member State is responsible for examining an application for international protection, is being transformed into a broader tool to support the implementation of the Union’s migration and asylum policy. The aim of the new regulations is to improve the identification of persons subject to migration and asylum procedures, prevent unauthorised secondary movements between Member States and support the implementation of the new procedures provided for in the Pact on Migration and Asylum.
In addition to fingerprint data, the system will also include additional biometric and alphanumeric data, including facial images. The scope of the categories of persons to be registered will also be extended. For the first time, the system will also cover the biometric data of children from the age of 6, with the Regulation providing for specific safeguards to protect the rights of the child when data are collected. In certain cases, the system may also record information on security risks and decisions taken in the context of migration and asylum procedures.
The implementation of new solutions in Poland also requires the adaptation of national regulations. In the course of legislative work on the draft Act on the participation of the Republic of Poland in the Eurodac system, the President of the Personal Data Protection Office drew attention to the need to ensure effective mechanisms for exercising the rights of data subjects, the full enforceability of the obligations under the Eurodac Regulation and appropriate conditions for independent supervision of the system. Some of the demands were taken into account at the legislative stage.
On the date of application of the new rules, the Eurodac Supervision Coordination Group has ceased its activities. Eurodac Supervision Coordination Group has been a forum for cooperation between national data protection authorities and the European Data Protection Supervisor for years.
In connection with the transition to the new model of supervision, the role the Vice Chair of the Eurodac Supervision Coordination Group performed by Maria Jęda, the Chief Coordinator for EU Large‑Scale Information Systems at the Personal Data Protection Office was also terminated. Under the new rules, the tasks related to the coordinated supervision of Eurodac will be carried out in the framework of the Coordinated Supervisory Committee of the European Data Protection Board.
The Office for Personal Data Protection actively participated in the work of the Group i.a. by being involved in the analysis of the relationship between the Eurodac Regulation and the Screening Regulation and issues related to the exercise of the right of access. Additionally, in 2025 supervisory activities were carried out in relation to the exercise of responsibilities under the provisions governing the functioning of Eurodac.
The new rules also strengthen the role of national data protection authorities, including the President of the Personal Data Protection Office, in supervising the functioning of Eurodac. The tasks of the supervisory authorities shall be to monitor the lawfulness of the processing of personal data by the competent national authorities, including their transmission to Eurodac and the use of data collected in the system.
New obligations related to access to Eurodac data for law enforcement purposes are of particular importance. According to the Regulation, each Member State must ensure an annual, independent inspection of the personal data processing in this area, including an analysis of a sample of reasoned electronic requests. The results of such inspections will be taken into account in the annual reports to the European Parliament, the Council and the European Commission.
The implementation of the new solutions will require reconciling the objectives of migration management, security and efficiency of procedures with the need to ensure a high level of personal data protection and respect for fundamental rights. The Personal Data Protection Office will actively participate in monitoring the application of the new rules at both national and European level.