Part-IS is now fully applicable

Part-IS is now fully applicable🎯

Yesterday an important and highly anticipated milestone for aviation cybersecurity in Europe was achieved. Regulation (EU) 2023/203 (Implementing Regulation of Part-IS) became applicable on the 22^nd of February 2026.

This marks the full applicability of Part-IS across the EU aviation sector, following the applicability of the Delegated Regulation which commenced back in October 2025.

Part-IS is now applicable to the following types of organisations:

• Air operators ✈️

• Maintenance Organisations (Part-145) 🪛

• CAMO 🛠️

• ATM/ANS providers 📍

• Approved Training Organisations (ATOs) 👩‍🏫

• Air Traffic Controller Training Organisations (ATCO TO) 🧑‍🏫

• Flight Simulation Training Device (FSTD) operators 🖥️

• Aeromedical Centers 🏥

• U-space service providers (USSPs) & single common information service providers 🚥

• Approved organisations involved in the design or production of ATM/ANS equipment (DPOs)* 📐

*when the domain regulation (Commission Delegated Regulation (EU) 2023/1768) becomes applicable

Apart from the aforementioned organisations, the regulation is also applicable to the respective competent authorities (Article 6 of Implementing Regulation (EU) 2023/203 and Article 5 of Delegated Regulation (EU) 2022/1645), including:

• EASA ⚖️

• Part-66 Competent Authorities 👩🏾‍🔧

• Competent Authorities overseeing the Continuing Airworthiness of certified UAS 🚁
   

In the Related Content below, you may find a series of posts in our Community that paved the way to the transversally applicability of Part-IS (time flies..⏳) 

_{These images have been generated by utilising OpenAI’s tools following relevant prompts.}