LONDON – Europe’s highest court struck down an anti-terrorism agreement that allows the European Union and America to share information on airline passengers, giving authorities four months to resolve conflicting rules.

The European Court of Justice in Luxembourg yesterday said the 2004 accord was illegally adopted, upholding a challenge by the European Parliament. E.U. lawmakers had also argued that the agreement violates protections on personal data.

Yesterday’s ruling may mean that carriers such as Europe’s biggest airline, Air France-KLM Group, and Deutsche Lufthansa AG will have to choose between violating E.U. or American law, facing fines on both sides of the Atlantic, according to a lawyer specializing in information technology, Eduardo Ustaran. Authorities have until September 30 to come up with new regulations, the court said.

“This is an extreme example of a conflict of laws between two jurisdictions,” Mr. Ustaran said in a phone interview from London. The decision takes the negotiation “back to square one,” he said.

The E.U.’s Brussels-based executive agency, the European Commission, said it’s analyzing the “full implications” of the court ruling and will work with the other institutions to find a solution by the September deadline. The regulator will consult with America on any changes that may be required.

“The commission remains committed to the fight against terrorism while respecting fundamental human rights such as the right to privacy,” a commission spokesman, Johannes Laitenberger, said at a daily news briefing in Brussels yesterday.

The court’s judgment is only about the agreement’s “legal basis,” and not its content, Mr. Laitenberger said.

The current regulations, imposed after the September 11 attacks to allow security agencies to scan airline records for terrorists and criminals, are a compromise with American authorities. The commission had found the original rules violated the European Union’s privacy laws. America agreed not to record passengers’ meal and seating preferences, which could reveal a traveler’s religion or health, as well as limit the amount of time the data is stored to 3 1/2 years from 50 years.

The agreement was approved by E.U. government ministers in May 2004, following a proposal by the commission.

“This is a resolvable issue,” an assistant secretary at America’s Homeland Security Department, Stewart Baker, said at a conference in Washington yesterday. It’s “unimaginable” the European Union and America won’t be able to reach some kind of compromise, he said.

A spokesman for America in Brussels said America planned to work out a solution that wouldn’t disrupt trans-Atlantic flights, compromise security or require a lowering of data protection standards.

An Italian member of the European Parliament, Giusto Catania, said in an e-mailed statement that while he welcomed the judgment, he had hoped the court would say the American requests infringe human rights.

“I expect all European air carriers to deny the U.S. authorities access to their booking records as soon as possible,” he said. Mr. Catania is a member of the European United Left group.

Europe’s third-biggest airline, British Airways Plc, has contacted the British government for advice about what to do, it said in an e-mailed statement. While the company is “disappointed” by the court’s decision, the government has said that British law will not prevent the airline from handing over the data.

The carrier controlled by a British billionaire, Richard Branson, Virgin Atlantic Airways Limited, said it will continue to give American authorities the information they require because it doesn’t breach British law. It has also been in discussion with the British government about the issue.

“This is an extraordinary situation to be in,” a spokesman for Virgin Atlantic, Paul Charles, said in a telephone interview. The carrier only operates trans-Atlantic European flights from London and Manchester. Other European governments must “sort something out,” he said.

Most other E.U. countries have stricter data protection laws than Britain, Mr. Ustaran said. Regulators of each European country must now reach an agreement with America, satisfying both American demands and national data protection laws, he said.