Questions on Part-IS? Don't keep them to yourself!

Vasileios PAPAGEORGIOU • 18 October 2023
in community Cybersecurity

Questions on Part-IS? Don't keep them to yourself!

Following the publication of the Part-IS regulatory package (Delegated Regulation (EU) 2022/1645 & Implementing Regulation (EU) 2023/203) and the corresponding AMC/GM, a  number of questions has been raised by the stakeholders of the Cybersecurity in Aviation community.

Hopefully answers are not that far..

Currently the EASA team working in this field is gathering those questions received with the aim of providing a dedicated Frequently Asked Questions (FAQ) section in the EASA website.


Do you have any questions regarding the implementation of Part-IS in your domain and/or organisation?

We want to hear from you! Please provide your question in the comments below and it will be considered during the preparation of the FAQs.

Kindly note that the main purpose of this post is to collect questions and not to provide any detailed answers in the comments below. The answers will be provided in the questions that will be included in the dedicated FAQ section.

PS. Short quiz: Do you know the answer in the question below?

“My organisation is not in the list of the organisations that have to comply with Part-IS but it does provide services to such organisations. Do we have to comply with Part-IS?”

Comments (5)

Christoph Schnyder

Article 3 Definitions (1): Is it limited to digital information only? I would say "No", because you need to consider information in hard copy fashion as well.
I just had a controversial discussion about it.


Hi Christoph, short answer to this is that "information security" under Part-IS (Opinion No 03/2021) considers threats of both digital and analogue nature. There is also a long answer to this that will be provided in the FAQs.

You are not allowed to comment on content in a group you are not member of.

View group