ÉñÂíÎçÒ¹¸£ÀûÍø

A: The CT Travel Programme, led by the United Nations Office of Counter-Terrorism (UNOCT), seeks to build Member States capabilities to prevent, detect, investigate and bring to justice individuals suspected of terrorism or other serious crimes by using passenger data, in accordance with Security Council resolutions 2178 (2014), 2396 (2017) and 2482 (2019) international standards and recommended practices and human rights principles..

The Programme utilizes an ¡°All-of-UN¡± approach in partnership with the Counter-Terrorism Committee Executive Directorate (CTED), the International Civil Aviation Organization (ICAO), the United Nations Office on Drugs and Crime (UNODC), the Office of Information and Communication Technology (OICT), the International Criminal Police Organization (INTERPOL) and the International Organization for Migration (IOM).

Each CT Travel Programme Partners CTED, UNODC, ICAO, OICT, INTERPOL and IOM contributes crucial inputs for the overall implementation process. In tandem with awareness raising activities, CT Travel focuses on arranging and conducting prerequisite assessments of confirmed beneficiary Member. The assessment process involves the use of ¡°deep-dive¡± missions with CTED leading the technology assessment component. After determining a state¡¯s existing level of implementation, the Programme produces a ¡°roadmap¡± for the Member State that identifies subsequent steps for implementation across the four pillars:

• Pillar I involves the provision of legislative assistance to establish a legal framework or update existing legislation governing the Passenger Information Unit (PIU) based on expertise provided by UNODC.

• Pillar II involves institutional set-up of Passenger Information Units (PIU) and capacity-building support, including training, drafting standard operating procedures, and sharing expertise among countries on the use of travel data to stem the flow of FTFs, by UNODC and UNOCT.

• Pillar III covers supporting beneficiary member states in setting up carrier engagement and connectivity, by actively coordinating with the airlines in beneficiary countries, led by ICAO with support from UNOCT and OICT.

• Pillar IV covers the provision of technology adoption and support and expertise under the overall strategic guidance of OICT, in the deployment, installation, enhancement and maintenance support of ¡°goTravel¡±, the UN owned/configured version of the Travel Information Portal (TRIP) system donated by the Kingdom of Netherlands as an effective software solution for countries to collect and process API/PNR data. INTERPOL also supports this pillar by linking goTravel to its databases on known terrorists and serious criminals.

A: The CTT Programme helps Member States to comply with Security Council resolutions 2178 (2014), 2396 (2017) and 2482 (2019) which requires Member States to: a) receive and analyze advance passenger information (API); b) develop capabilities to receive and analyze passenger name records (PNR); c) make full use of relevant watchlists; d) and share information about foreign terrorist fighters (FTFs) and serious criminals using commercial air transport within their jurisdiction and across jurisdictions. Additionally, the CTT Programme supports compliance with the Standards and Recommended Practices in ICAO annex 9 of the Chicago Convention.

A: goTravel is the United Nations-owned software solution supporting Member States in enhancing their capacity to use Advance Passenger Information/Passenger Name Records to detect terrorists and serious criminals analyzing their travel movements in compliance with Security Council resolutions 2178, 2396 and 2482 and human rights and data privacy norms. goTravel supports the end-to-end process for PIUs and law enforcement to obtain passenger data from (airline) carriers and conduct targeted analysis as well as share the findings of their data assessment. Member States adopt the UN-owned goTravel solution to enable the automated analysis of large data volumes on passengers on all inbound and outbound traffic and to remain in compliance with international human rights and privacy standards.

A: Engagements with Member States for the implementation and licensing of goTravel are established through a Memorandum of Agreement (MoA) signed between the requesting government and the United Nations as part of the CT Travel Programme, following the assessment of the capacity of the Member state to implement API/PNR. The legal terms for the adoption of goTravel rely on treaties, conventions and international agreements in place between the United Nations (UN) and its Member States, providing the framework for the MoA to form a legally binding document.

A: The IUC membership includes representatives of Member States who are users of the goTravel solution. The objective of the goTravel International User Community is to provide a platform for Passenger Information Units (PIUs) to exchange strategies, knowledge, skills, expertise and opinions with respect to the tool, goTravel, as well as support innovation and continuous development of goTravel. By using the same platform, PIUs enhance standardization, becoming more effective in their work to combat terrorism and organized/serious crime. The IUC is responsible for the governance structures and processes for the continuous development and maintenance of goTravel.

A: The TWGTF is composed of a team of national substantive and technology experts from the Passenger Information Unit (PIU), that are the main parties in assessment, pre-production and production activities including the elaboration of requirements/needs, trainings, technology deployments and support activities onsite (installation, configuration, data migration, etc.). goTravel is self-hosted by relevant Member States that signed licensing MoAs with the UN.

A: As of December 2025, 7 countries are fully operational with goTravel: Botswana, Georgia, Luxembourg, Moldova, Mongolia, Norway, The Philippines and are exchanging best practices on API/PNR data analysis. Algeria, Argentina, Switzerland and Sierra Leone are onboarding, extending the reach for international cooperation & secure data sharing; 15+ countries preparing to adopt goTravel. Over 63 million passenger records processed in first 3 quarters of 2025 by 7 countries fully operational with goTravel.

A: goTravel is a software solution that is installed within the Member State¡¯s administration ICT infrastructure that self-hosts it. It runs on Windows x64 and Linux architecture and the hardware requirements depend on the yearly average number of passenger data and the local context. The system can be scaled seamlessly to meet the country's high availability standards and growth.

A: Configuration and end-user trainings are provided to PIUs and other stakeholders. The CTTP Pillar IV technology team aims at building capacity within the host country so that the goTravel Technology Working Group Task Force (TWGTF) can administer and maintain the system independently. Documentation, end-user manuals and trainings are provided.

A: goTravel can process both API and PNR data. iAPI (interactive API) is currently not supported (For further details, please refer to paragraph 3.11). API and PNR data are provided by air carriers.

A: goTravel performs as a single window accepting multiple data transfer standards including receiving API/PNR data from carriers in PNRGOV EDIFACT (version 11.1 to 18.1), PNRGOV XML (version 13.1) or UN/EDIFACT PAXLST (version 05b) formats. goTravel functionalities are being extended to support all PNRGOV versions. Supported transmission protocol: MQ, Type B, REST, SOAP, Webservices, SFTP, AS4, SMTP, ebMS 3.0

A: There are plans to expand the scope to maritime, international high-speed rail and coach information (For further details, please refer to paragraph 3.11).

A: The system can be configured so that data is stored (and masked) in line with Member State's legal provisions. The data retention provisions are fully configurable within the system depending on the legislation in each individual Member State

A: No. The UN does not have mandate to access data on passengers travelling in any country in the world. The Country¡¯s Passenger Information Unit is the passengers¡¯ data owner. goTravel processes and procedures ensure that no UN staff members obtain access to goTravel (and any other) production systems and data, unless specifically authorized by the data owner to carry out specific, authorized, and time-bound set of activities (e.g. in case of troubleshooting problems and/or implementing emergency changes in systems for which UN staff¡¯s intervention is required).

A: goTravel allows for the configuration of rule based targeting and watchlists from a comprehensive list of available data elements from API and PNR data. Any action performed by goTravel operators in line with their defined access profile in the system is to be justified and is logged in the goTravel audit database.

A: Watchlists can be created and maintained in the system depending on the user's role. Watchlists can also be imported in the system. External watchlists can be automatically queried from goTravel (without importing external watchlist data into the solution), when integrated through the goConnect module. Any action performed by goTravel operators in line with their defined access profile in the system is to be justified and is logged for audit purposes. The creation of watchlists and risk indicators happens when a competent authority requests the PIU to perform such action.

A: goTravel follows best practices in terms of role-based access management, supporting different entities and groups accessing the system and performing different functions in goTravel itself. All actions performed in the systems are logged for audit purposes.

A: Searching for known individuals is possible before departure as soon as the data has been provided by the airline therefore also several hours in advance of the flight. This search can also be automated in the system and trigger at any moment the airline provides fresh data through the establishment of authorized watchlists.

A: Data is processed in real-time from airlines and is accessible within a Passenger Information Unit (PIU) with no delay.

A: goTravel data ingestion mechanisms filter incoming data and check for semantic validity based on international standards. Missing data pushes from airlines are monitored through the goTravel Compliance module. Privacy sensitive data (like dietary preferences) contained in the Passenger Name Record (PNR) data sets are filtered out and can not be used for rule based targeting easing Member State's efforts to remain in compliance with human rights and privacy protection international standards.

A: Every single goTravel operator action in the system is logged for audit purposes. A series of reports is available (also protected by role-based access) which provide detailed compliance statistics. goTravel follows best practices in terms of role-based access management, supporting different entities and groups and their processes on a need-to-know basis.

A: AI capabilities are currently not available and might be engineered in the next generation of goTravel. AI might be introduced within a supervised environment and relevant algorithms that might be enabled in future will be producing results that will have to be vetted and actioned by Passenger Information Units (PIUs) human operators. UNOCT and the goTravel technical team are mapping risks related to algorithmic and data bias, explainability and are weighting the need to keeping a meaningful human input firmly in the loop wherever supporting passenger?screening decisions. In fact, PIUs in Member States that opted to use goTravel cannot depend on Artificial Intelligence black?box models when fundamental rights are at stake.
CyberSecurity is also real make?or?break factor for trustworthy AI in PIUs. Protecting models and infrastructure is necessary, but no longer enough¡ª with AI, data itself is now a prime attack vector, requiring strong cyber controls, immutable backups, and end?to?end integrity by design.

A: Yes, through the goTravel claims and provisions module, information can be requested by and provided to the Borders/Customs and other competent authorities as provided by the Member State's legislation.

A: goTravel can import watchlists from other national/international watchlists and databases and automatically query such data to elicit matches against passenger information. goTravel, when integrated by goConnect, can be configured to access external watchlists maintained by other national or international organizations and automatically query them against passenger data received from airlines. goTravel would immediately flags matches to PIU operators coming from internal and external watchlists. goTravel is shipped with when the ability to query Interpol¡¯s I-24/7 databases. Countries can decide to turn on the configuration and automatically start the querying of Interpol databases. Matches against Interpol data would then automatically flagged in real time to PU operators/analysts.

A: Yes. Through the "Public Access Window" individuals can request the PIU to erase their personal data from goTravel.

A: The CTTP Pillar IV Technology Team is adopting a modular approach to deliver add-ons to the main goTravel core functionalities following strict governance processes and oversight offered by Member States' users of the solution. The International User Community is prioritizing work on:

• goTravel (iAPI): The interactive API (iAPI) module will provide national authorities the opportunity to issue a board/no-board advisory message to the airline operators.
• goTravel (Maritime): API/PNR ingestion module for maritime transportation data.
• goTravel (Road): API/PNR ingestion module for road transportation data.
• goTravel (Rail): API/PNR ingestion module for rail transportation data.
• goTravel (Integration): Enhancements of the effective mechanisms in place to enable PIUs and other stakeholders to cooperate, coordinate and exchange information domestically and internationally. The Integration module woudl then enable further integration and interfacing of goTravel with additional national and international databases through the middleware goConnect and PIU Matching Interface.
• etc.

A: The goTravel solution deploys in just a few hours¡ªincluding via Kubernetes, which orchestrates containers for automated deployment, scaling, and management¡ªprovided the Member State meets the necessary hardware and software prerequisites. The CTTP Pillar IV Technology Team offers comprehensive ICT support throughout the engagement, including guidance on enhancing the cybersecurity posture of the hosting ICT infrastructure and network.

A: Typically, goTravel is deployed and self-hosted within Member States data centers, and no data is managed by the United Nations. Additionally, goTravel can also be provided as a cloud solution based on Member State's request and installed in their own private cloud based environment.

A: The International User Community through its governance processes is the key driver for the further development of goTravel and the introduction of new features. The Member States' International User Community can prioritize new functionality in close cooperation with the CTTP Pillar IV technology team. Support requests and bug fixes are addressed in line with service provision key performance indicators outlined in the Memorandum of Agreement signed between the Member State and UNOCT. The UNOCT Technology Team is issuing new releases on a quarterly basis.

A: All parts of the system can be scaled and configured for high availability as needed.

A: To satisfy security requirements and standards critical to the application and data, a security audit of the IT infrastructure including penetration tests are performed, generally by external third party expert providers tasked to identify security risks affecting the infrastructure/network/system layers underneath goTravel that may undermine the whole implementation. Furthermore, the CTTP Pillar IV Technology Team supports government entities of Member States to continuously perform security assessments in line with international standards (ISO27000). goTravel is typically installed in the core infrastructure network layer and is not connected to the Internet reducing cyberattack surface.

A: The goTravel solution solidly rests on Open Source tools and frameworks and it is provided free of charge to Member States who commit to contribute yearly to fund its support and maintenance. If not already available, some software licenses like Microsoft Windows Server and ElasticSearch will need to be purchased by the Member State to run their local instance of goTravel.

A: Countries who sign Memorandum of Agreement (MoA) with UNOCT for the licensing and use of goTravel obtain the goTravel solution free of charge. The MoA is signed with a duration of 5 years. For the initial one year period from the date of the signature of the MoA, all support and maintenance activities performed by the UNOCT Technology Team in the form of bug fixing, new software releases and updates of goTravel are free to the recipient Member State, as their costs are funded by Donors' contributions under the United Nations Countering Terrorist Travel Programme (CTTP). Should the country using goTravel decide to continue to use the software beyond the initial one-year period, it can opt-in to a non-profit partnership with all other participating Member States sharing the costs of maintenance, updates and 3rd level ICT support, calculated based on the number of Member States using goTravel and proportionate to their Gross Domestic Product (GDP) at Purchasing Power Parity (PPP). The GDP PPP index is maintained and published by the World Bank (). The GDP PPP index takes into account the relative cost of living, rather than using only exchange rates, therefore providing a more accurate picture of the real differences in income. Based on the GDP PPP index, four bands for yearly contribution to the support and maintenance of the UNOCT goTravel solution are established and automatically assigned to each country (Band A: $50,000, Band B: $100,000, Band C: $200,000, Band D: $350,000). These amounts translate into a yearly Member State contribution to the UNOCT CTTP programme earmarked to goTravel activities. Countries with assigned Band: D commit to contributing from the date of the signature of the MoA (ie they will also fund the cost of goTravel support and maintenance for the initial one year period).
The financial support methodology established for the long term sustainability of goTravel support and maintenance as well as the yearly rates indicated above apply for any goTravel MoA signed after 1 January 2026.

A: goTravel embeds robust human rights and data privacy safeguards directly into its code, aligning with international standards. Each Member State controls its goTravel instance, meaning the UN does not have access to production data, ensuring data sovereignty. PIUs set retention and processing policies based on national legislation, and all data handling actions (including configuration changes) are logged for transparency and audit purposes.

A: The Data Protection Officer (DPO) in each Member State configures data retention settings within goTravel. Passenger data is automatically deleted after the specified retention period, ensuring compliance with international privacy standards.

A: Watchlists: goTravel can handle unlimited conditional clauses for watchlists, which minimizes false positives. PIUs can configure and justify watchlists according to privacy regulations.

Risk-Based Targeting (RBT): RBTs are customizable to identify patterns or relationships between passengers (e.g., phone numbers, flight routes) but require justification to prevent unwarranted use. The system triggers only significant risk matches, reducing unnecessary data exposure.

A: Sensitive data is only accessible to authorized users. Matches trigger notifications in the system that can also be sent via email or SMS, in compliance with the competent authority requests. Justifications are required for creating watchlists and risk indicators, with all actions logged in goTravel¡¯s audit tables for compliance and transparency.

A: Through the goConnect middleware, goTravel securely integrates with external databases like INTERPOL. PIU case officers can follow up on matches and request additional information from external systems, adhering to standard operating procedures and minimizing sensitive data exposure.

A: Only for data matches. 99% of passengers are screened without requiring manual verification. PIU analysts receive only records of matches, which significantly reduces the exposure of sensitive data and enhances operational efficiency.

A: Requests for information (RFIs) are managed through the Claims and Provisions functionality in goTravel, ensuring transparency and auditability in data access. Searches involving data older than the standard data masking periods require oversight and justification to maintain privacy. Searches will not result in any matches once data is routinely and automatically deleted in compliance with retention periods.

A: goTravel provides detailed reports on data processing and compliance. It identifies and alerts for any missing data pushes, allowing timely corrective actions. All system actions are logged and auditable, ensuring compliance with privacy and data protection standards.

A: Deployment: Member States host and manage their own goTravel instance; it is not hosted by the UN, ensuring national control over data.

Cost Model: Initial capital implementation costs are covered by UNOCT Donors. Recurring yearly contributions by Member States using goTravel for the software support and maintenance activities offered by UNOCT are proportional to each Member State¡¯s GDP and PPP index, with potential reductions as more countries adopt goTravel, reducing the overall cost burden (see answer to question 5.2 for details).

A: goTravel promotes collaboration among Member States through the International User Community, enabling data sharing and cooperation using the same system. This support bolsters efforts in counter-terrorism and serious organized crime by enhancing cooperation and aligning with best practices across participating nations.