In a press release, Amadeus, a large international technology group for the travel and tourism industry, announced plans to acquire Idemia Public Security (IPS) for 1.2bn euros, about $1.4bn. According to the company, Amadeus develops digital systems that help airlines, airports, travel agencies, business travel providers, hotels, payment service providers and border authorities organize their operations.
IPS is the security and identity division of the French technology group Idemia. The company develops systems designed to identify people with certainty, chiefly for states, public authorities, airports, border control agencies and security-related applications. Those systems include biometric technologies such as facial recognition, fingerprint systems, iris recognition, digital identity verification, electronic border controls and police identification systems.
At first glance, the announcement sounds like an ordinary corporate deal. Yet with the planned acquisition of IPS, Amadeus is entering a field that reaches far beyond flight bookings and reservation systems. The company describes the acquisition as an expansion of seamless travel processes. Critics see it as the next building block in an infrastructure in which mobility, identity and permission to travel are becoming ever more closely linked, while a person’s routes and habits can also be digitally mapped.
Travel Is Becoming More Digital
The deal is part of a trend that has been apparent for years. Airports, airlines and border authorities are looking for ways to handle rising passenger numbers while meeting steadily increasing security requirements. Biometrics promises exactly that. A face, a fingerprint or a digital proof of identity is meant to accompany passengers through check-in, security screening, border crossings and boarding. From their own front door to their destination and back again, their face then replaces the ticket, the boarding pass, the hotel key card and access to the transfer between airport and accommodation.
What sounds like extraordinary convenience in the language of the providers comes with major risks. A journey is no longer organized merely through a ticket, but through a verifiable, machine-readable and permanently stored identity.
For Amadeus, this is not the first step in that direction. In 2024, the company acquired Vision-Box, a provider of biometric solutions for airports, airlines and border controls. The declared aim then, too, was to make the entire process more integrated, from booking to arrival. The planned acquisition of IPS would expand that approach considerably. Vision-Box focuses mainly on airport operations, while IPS brings experience with state identity systems, border management and security applications.
Where Business Meets the State
IPS is not an ordinary software supplier. The company operates in regulated areas where identity is not merely a matter of convenience, but of state control. With around 3,300 employees worldwide and more than 600 customers in the public and private sectors, IPS is one of the largest players in the field. In addition to passenger processing, IPS works in other regulated environments, including access controls and state biometric identification and data systems. Private services are therefore being connected with state institutions.
This creates the prospect of a group that can combine travel technology, airport processes, border crossings and identity verification more closely than before. The most obvious risk is the close interlinking of personal travel data and border controls. Once the information that a person is entering a country is recorded, it is automatically linked to information about where that person will stay in the country.
The timing of the deal is striking because the EU’s new Entry/Exit System (EES) has now gone into operation in Europe. It is intended to replace old passport stamps entirely with digital records.
According to the European Commission, entries, exits and refusals of entry for non-EU nationals are recorded digitally. The system also includes biometric information, such as facial images, fingerprints and details from travel documents. The Commission justifies this on the grounds of security and modern border management. For travelers from outside the Schengen Area, border crossings are therefore becoming more data-driven than ever before.
A Brave New Travel Economy
In this environment, providers such as Amadeus and Idemia are gaining strategic importance. Whoever connects the technical systems at airports, airlines, hotels and borders sits at a critical junction in modern mobility.
Amadeus itself says it wants to become an “orchestrator” of the travel ecosystem. That is a revealing statement because it describes not merely a service provider, but an overarching platform that brings together different data points, actors and processes. The smoother the process appears to passengers, the less visible it becomes how many identity checks are taking place in the background. That is the core of the criticism.
Data protection officials have long warned that biometric systems carry particular risks. The European Data Protection Board (EDPB) said in a 2024 opinion on facial recognition at airports that travelers should retain the greatest possible control over their biometric data. The EDPB noted that misuse of such data could have serious consequences. Facial recognition technology, the data protection officials said, could lead to false negatives, bias and discrimination. The misuse of biometric data could have dramatic consequences, including identity theft or identity fraud.
Unlike passwords, biometric features cannot simply be changed. If the electronic form of a face or fingerprint is stolen, it is permanently lost and compromised. That opens the door to every form of abuse.
Who Controls the Data?
The central question, therefore, is not whether biometrics can speed up travel. In many cases, it can. The more important question is who controls the systems, how long data is stored, who gains access to it and whether travelers have genuine alternatives.
At borders in particular, the idea of voluntary consent is difficult. Anyone who wants to enter a country can hardly avoid a mandatory registration process. If the same logic then migrates into ever more private parts of the journey, from baggage drop to hotel check-in, the line between state security architecture and commercial convenience technology becomes blurred.
Alongside the security of the data collected, the issue of growing state control must also be addressed. If governments have access to such a volume of data, it becomes very easy to create profiles of people’s journeys and even encounters. Who is where, when, with whom and at which event? The willingness of numerous states to introduce forms of social control could then make travel not only controllable by state authorities, but actively subject to their direction.
Data protection officials are right to call for biometric data collection to be avoided wherever possible, or at least kept to a minimum. In all cases, according to the EDPB, only the biometric data of passengers who actively enroll and consent to participation should be processed.
If the social credit score is wrong, the gate at the airport simply does not open at boarding. Even if that sounds like a conspiracy theory, the danger remains that whatever is technically possible will eventually be done by someone, somewhere.
Countries such as China have long shown how behavior disapproved of by the authorities can exclude people from social participation. With the wrong social credit score, some are already unable to book flights or buy train tickets.