Referral C-846/25 (Ligue des droits humains, 17 Dec 2025)

By defining security risk as ‘the risk of a threat to public policy, internal security or international relations for any of the Member States’, does Article 3(1)(6) of Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 1 infringe Article 16 of the Treaty on the Functioning of the European Union and Articles 7 and 8 of the Charter of Fundamental Rights of the European Union, read together with Article 5(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), 2 in so far as the purpose laid down therein for the processing of personal data of data subjects is not specified with sufficient precision?