Proposed United States ESTA changes: enhanced data requirements for travellers
What business professionals need to know and how to voice your input
In a significant update to U.S. travel authorisation processes, the U.S. Customs and Border Protection (CBP) has proposed revisions to the information collection for the Arrival/Departure Record (Form I-94) and the Electronic System for Travel Authorization (ESTA).
Published in the Federal Register on 10 December 2025, these changes aim to bolster security and streamline processes but introduce substantial new data demands for Visa Waiver Program (VWP) travellers, including business professionals.
As frequent international travellers, our customers at Global Travel Management understand the importance of staying ahead of regulatory shifts. This article breaks down the key proposed enhancements - particularly the expanded personal data requirements - and provides a clear, step-by-step guide to submitting your comments before the deadline.
Key Proposed Changes: More Data, Greater Scrutiny for ESTA Applicants
The revisions primarily target the ESTA application process, which is mandatory for citizens of VWP countries seeking to enter the U.S. for business, tourism or transit without a visa. While some updates focus on technical improvements - like requiring a "selfie" photo upload for better verification and shifting applications exclusively to the ESTA Mobile app - the most impactful changes involve mandatory disclosure of extensive personal and digital footprints.
These stem from Executive Order 14161 (January 2025) and a related memorandum (4 April 2025), emphasising "high-value data elements" to enhance vetting. Here's what business travellers (and all ESTA applicants) should prepare for:
Social Media Handles (Mandatory, Last 5 Years): Applicants must now provide all social media identifiers used over the past five years. This builds on existing voluntary reporting but makes it a required field, potentially complicating applications for those with evolving online presences.
Contact Information History:
Email Addresses: All addresses used in the last 10 years.
Telephone and Mobile Numbers: All numbers (personal and business) used in the last five years.
IP Addresses and Metadata: Captured automatically from electronically submitted photos, adding a layer of digital tracking without separate manual entry.
Family Member Details: For the first time, ESTA forms will require comprehensive information on immediate family (parents, spouse, siblings and children), including:
Full names
Telephone numbers used in the last five years
Dates and places of birth
Current and historical residences
Additionally, biometric data collection (e.g., facial recognition, fingerprints) will expand, and business-specific contacts like employer phone numbers and emails will need historical reporting.
These requirements apply universally to ESTA users but hit hardest for business travellers who may need to compile years of digital records quickly - potentially delaying approvals or increasing compliance burdens.
CBP estimates these changes will slightly increase application times but improve security screening accuracy. However, critics may argue they infringe on privacy and complicate legitimate travel.
Recent VWP expansions (e.g., Qatar's inclusion) and adjustments (e.g., Romania's removal) further underscore the programme's evolving landscape.
How to Submit Comments: Your Step-by-Step Guide
Public input is a cornerstone of U.S. regulatory processes under the Paperwork Reduction Act (PRA). CBP is actively soliciting feedback on these proposals, with a comment period running from 10 December 2025 to 9 February 2026. Now is the time for travellers, associations and businesses to weigh in on burden estimates, privacy concerns, or suggested simplifications. Comments must be in English and will become part of the public record.
Follow these steps to make your voice heard:
Review the Full Proposal: Start by reading the official notice in the Federal Register. Focus on sections detailing the new data fields and burden analysis to inform your response.
Craft Your Comment: Address one or more of these PRA-specific topics:
The necessity and practical utility of the proposed collections.
The accuracy of CBP's time and cost burden estimates (e.g., additional minutes per application).
Ways to enhance the quality, utility and clarity of the information gathered.
Methods to minimise respondent burden, such as through automation or technological alternatives.
Keep it concise (aim for a maximum of 1-2 pages, but shorter comments can also be submitted), professional and evidence-based. For business travellers, highlight real-world impacts like data compilation challenges or effects on frequent U.S. trips.
Include Required Details: In your email subject line, reference OMB Control Number 1651-0111 and "Agency Information Collection Activities; Revision; Arrival and Departure Record (Form I-94) and Electronic System for Travel Authorization (ESTA)." This ensures proper routing.
Submit via Email: Send your comment as an attachment (PDF or Word) to CBP_PRA@cbp.dhs.gov (mailto:CBP_PRA@cbp.dhs.gov). No other submission methods (e.g., mail or portal) are specified in the notice - email is the sole channel.
Confirm Receipt (Optional but Recommended): After sending, request a read receipt or follow up if you don't hear back within a week. Track the docket for updates, as CBP will summarise comments in their final OMB submission.
Deadline Reminder: All submissions must be received by 9 February 2026, 11:59 p.m. ET. Late comments may not be considered.
Take Action: Shape the Future of U.S. Business Travel
These proposed ESTA enhancements reflect a push for robust border security amid global mobility, but they also raise valid questions about data privacy and administrative hurdles. At Global Travel Management, we're monitoring this closely and can assist clients with compliance strategies or even drafting tailored comments.
Don't miss the 9 February 2026 deadline - submit today to influence policies that affect your next transatlantic trip.
Sources: U.S. Federal Register, Vol. 90, No. 237 (10 December 2025).
