The Government of Grenada has introduced the Advance Passenger Information and Passenger Name Record Bill, 2026, legislation designed to establish a comprehensive legal framework for the collection, transmission, sharing, storage, and protection of Advance Passenger Information (API) and Passenger Name Record (PNR) data relating to persons arriving in, departing from, or transiting through Grenada.
The proposed legislation forms part of a regional initiative developed by the Caribbean Community (Caricom) and builds upon the existing Caricom Advance Passenger Information System (APIS), which has been operational since 2007. The API/PNR system provides for the establishment of a centralised database to facilitate the collection, storage, and transmission of passenger information across the region by air and sea.
The bill seeks to align Grenada’s legislative framework with international best practices governing the management and protection of passenger information while strengthening national, regional, and international security efforts.
The bill comprises 8 parts and 7 schedules.
Part I contains preliminary provisions, including the short title, commencement provisions, and definitions of key terms such as “Advance Passenger Information,” “Passenger Name Record Database,” “Caricom Advance Passenger Information System,” “Caricom Electronic Manifest Single Window,” “Competent Authority,” and “Data Protection Officer.” The Bill applies to the collection, use, retention, transfer, and protection of API and PNR data by the Competent Authority and the Caribbean Community Implementation Agency for Crime and Security (IMPACS).
Part II establishes the administrative framework for implementation. It outlines the functions and powers of the Competent Authority, including responsibility for overseeing implementation of the Act, establishing protocols and standards for secure data management, supervising the Passenger Information Unit (PIU), and conducting audits and inspections. This Part also establishes the Passenger Information Unit, led by a senior Immigration Officer and supported by representatives from law enforcement, customs, and data protection.
The bill further provides for the appointment and functions of a Data Protection Officer, who will operate independently and oversee compliance with applicable data protection laws and regulations relating to API and PNR data.
Part III sets out common provisions governing the collection, processing, sharing, and protection of API and PNR data. Aircraft and vessel operators will be required to provide relevant passenger, crew, flight, and voyage information. The legislation includes strict confidentiality requirements and limits disclosure to circumstances authorised by law, necessary for the purposes for which the data was collected, or required for national security, public safety, or the prevention and detection of serious crimes.
The bill also establishes the purposes for which API and PNR data may be processed, including passenger risk assessments and responses to requests from competent authorities engaged in the prevention, detection, investigation, and prosecution of terrorism and serious crimes. Sensitive data revealed through processing must be immediately deleted.
Additionally, the legislation authorises the screening of passengers and crew against approved national, regional, and international databases and watch lists and provides for the sharing of information with Caricom APIS, INTERPOL, and other approved security partners. The transfer of data to foreign competent authorities will be subject to safeguards that ensure adequate protection consistent with Grenadian law.
Part IV addresses operational requirements relating to Advance Passenger Information. Aircraft and vessel operators arriving, departing, or transiting through Grenada. Such passengers will be required to transmit API data through the Caricom Electronic Manifest Single Window (CEMSIW). The legislation also provides mechanisms for alternative electronic submissions when prescribed timeframes cannot be met and establishes the right of individuals to access and verify the accuracy of their API data.
Part V governs Passenger Name Record operations and establishes obligations for the transmission, processing, retention, depersonalisation, and anonymisation of PNR data. It also provides for national oversight, coordination with regional and national data protection authorities, safeguards and redress mechanisms, and procedures addressing conflicts of laws relating to the transmission of PNR data.
Part VI establishes an administrative enforcement regime, including procedures for notices of administrative fines, representations, hearings, appeals, payment deadlines, and recovery mechanisms.
Part VII facilitates the exchange of Passenger Name Record data with other participating states, allowing for the transfer of information between competent authorities in accordance with established safeguards and legal requirements.
Part VIII contains miscellaneous provisions, including requirements for electronic submission of information, immunity from liability, regulation-making powers, amendments to schedules, repeal provisions, and consequential amendments to the Immigration Act, Cap. 145.
The bill is supported by 7 schedules that specify timelines and technical requirements for the submission of API and PNR data, identify required data elements, and provide consequential legislative amendments.
The Advance Passenger Information and Passenger Name Record Bill, 2026, represents an important step in strengthening border management, enhancing national security capabilities, supporting regional cooperation, and ensuring that passenger data is handled in accordance with recognised data protection principles and international best practices.
Ministry of Legal Affairs
