PNR (Passenger Name Record)
Key Takeaways
A Passenger Name Record (PNR) is the central data file created at the time of booking, holding everything needed to manage and service a trip from reservation to check-out. Every commercial flight booking generates one, governed by standardized fields that airlines, agencies, and reservation systems all recognize.
- IATA Resolution 830a codifies five mandatory PNR fields for every commercial booking: passenger name, itinerary, contact details, ticketing information, and a received-from element identifying who made the reservation [1].
- Corporate PNRs carry additional fields beyond the consumer baseline, including cost-center codes, corporate fare identifiers, form-of-payment tokens, and duty-of-care location data for traveler tracking.
- EU regulation requires airlines to depersonalize PNR data after six months and delete it after five years under the EU PNR Directive (2016/681) [2].
- Navan integrates PNR data at the point of booking to enforce travel policies and route trip records into automated expense workflows, reducing post-trip reconciliation work.
What is a PNR (Passenger Name Record)?
Each PNR is tied to a unique alphanumeric reference code, typically six characters, called a record locator. Airlines, travel agencies, and corporate booking tools use this code to retrieve, modify, or service a booking at any point in the travel lifecycle.
The term itself captures a common misconception: PNRs aren't limited to a single passenger's name. They're comprehensive booking records that may cover multiple travelers, multiple trip segments, and all associated service requests on a single reservation.
What Are the Five Mandatory PNR Fields?
Under IATA Resolution 830a, every commercial booking must contain five foundational elements [1]:
- Passenger name: The traveler's full name as it appears on a government-issued ID.
- Itinerary: Flight segments, departure dates, cabin class, and any connecting legs.
- Contact details: The phone number or email address of the booking party.
- Ticketing information: The e-ticket number, fare basis code, and ticket validity dates.
- Received-from element: The party that initiated the booking, whether the traveler, a corporate online booking tool, or a travel agent.
These five fields form the minimum legal and operational requirement for every reservation. Airlines and booking systems rely on them to process check-ins, communicate with border authorities, and manage last-minute changes.
Beyond these five, a PNR can contain dozens of optional elements, including seat preferences, meal requests, loyalty numbers, and special service requests. The possible data points can expand to more than 60 items, according to IATA guidelines on PNR data [1].
How Do Corporate PNRs Differ from Consumer Bookings?
All PNRs share the same five mandatory fields, but corporate bookings routinely carry a second data layer through Special Service Request (SSR) and Other Service Information (OSI) fields. These optional elements are where business travel program data lives, and they're what make a managed trip fundamentally different from a personal booking.
A corporate PNR typically includes:
- Cost-center or project codes that route expenses to the correct accounting ledger
- Corporate fare codes identifying negotiated airline contracts
- Centralized billing tokens for lodge card or virtual card payment
- Duty-of-care location data for real-time traveler tracking during high-risk trips
- Loyalty program numbers for consistent status recognition across carriers
This enriched data structure transforms a basic booking confirmation into a corporate asset. When a traveler's itinerary sits within a managed program, the travel manager has visibility into where every employee is and what each trip will cost before anyone boards. When travelers book outside the managed channel, those SSR/OSI fields are absent, creating blind spots in spend reporting and traveler safety coverage.
Transform Your T&E Management with Navan
Make business travel work for everyone.PNR Data in the Business Travel Lifecycle
A PNR is created the moment a booking is confirmed and stays active through trip completion. Its journey through the corporate travel ecosystem shows why data completeness matters at every stage.
When a booking flows through a Travel Management Company (TMC), the agency reads the PNR to monitor trips in real time, identify policy exceptions, and generate management information reports. If the traveler needs to rebook mid-trip, the TMC services the existing PNR rather than creating a new one, keeping all modifications in a single auditable record.
Travel policy compliance rules integrate with PNR data at the booking stage to flag out-of-policy choices before the reservation is confirmed. Cost-center codes embedded in the PNR feed into expense systems automatically, reducing the manual recoding that typically happens days after a trip ends.
Navan reads PNR data from bookings made through the platform to pre-populate expense line items, apply policy rules, and generate trip reports without requiring travelers to re-enter itinerary details. The richer the corporate PNR, the less reconciliation work is needed after travel.
PNR Privacy and Data Protection
PNR data is classified as personal information in most jurisdictions and is subject to legal frameworks that corporate travel programs must actively manage.
The EU PNR Directive (2016/681) requires airlines to transfer PNR data to national passenger information units for use in terrorism prevention and serious crime investigations [2]. Under the Directive, PNR data must be depersonalized after six months and permanently deleted after five years. In March 2025, the European Data Protection Board clarified that these retention limits apply on a per-flight basis, not as a uniform policy across all traveler data [3].
In the United States, Customs and Border Protection requires airlines to transmit PNR data for international flights under separate rules. Travel programs operating across multiple regions should confirm that all booking platforms and TMC service agreements include data processing provisions that address these varying requirements.
GDPR also applies to PNR data for EU residents, requiring a lawful basis for any processing beyond the operational needs of the booking. Travel managers should consult legal counsel to confirm their program's data handling practices meet applicable requirements across every operating jurisdiction.
Related Terms
- Travel booking: The process of reserving flights, hotels, and transport through managed or unmanaged channels. Booking channel choice directly affects whether a PNR enters the corporate system with the data fields needed for reporting and policy enforcement.
- Expense report: The formal document employees submit to reclaim business spending. PNR data from managed bookings can pre-populate expense line items automatically, reducing the time between trip completion and expense approval.
- Corporate travel agencies: Specialized agencies that manage business travel programs. Corporate travel agencies read and service PNRs on behalf of their clients, handling rebooking, policy flagging, and itinerary management throughout a trip.
Sources
[1] IATA, "Guidelines on Passenger Name Record (PNR) Data," ICAO Document 9944, 1st Edition
[2] European Commission, "Passenger Data: The EU PNR Directive," 2025
Frequently Asked Questions About PNR (Passenger Name Record)