Air Traffic Management / Air Navigation Services (ATM/ANS) ground equipment

Expand all questions

Application for DPO

Our product will require certification under the new framework and our company would like to become an approved Design or Production Organisation. COMMISSION IMPLEMENTING REGULATION (EU) 2023/1769 includes DPO.OR.A.010 which states: "An application for a design or production organisation approval shall be made in a form and manner established by the Agency". Where can I find these these forms, and how does the application process work in practice?

If a manufacturing company has several subsidiaries in several countries, is a DPO certificate expected for each of the subsidiaries or would there be a way to get an overall for the entire company?

Which cost can be expected to perform a DPO approval? (external cost, e.g. to be paid to EASA)

In order to apply for EASA acceptance of a Federal Aviation Administration (FAA) approval, does our company have to be an EASA-approved design or production organisation (DPO) beforehand?

In order to perform maintenance and provide support of equipment produced by our company and that is already deployed in Europe, does our company need to be an approved design or production organisation (DPO)?

What about homemade ANSP equipments? Does the ANSP need to be accredited as a DPO?

If an ANSP designs and builds an integrated system, e.g. integrating software from various suppliers onto a data centre infrastructure (noting this may involve "DPO" activities, and some specifications can only be fully implemented/verified at this level) is the ANSP expected to certify as a DPO?

Classification or notification of changes

Major and minor changes (Major/Minor changes) - the description of what is a major and what is a minor change (for major changes, the need to issue an SoC/Declaration/Certificate) is defined in general terms in the regulatory proposals. There was no consensus on the interpretation at the EASA webinar. It is necessary to define the criteria for including the change in the big/small category

The new regulation does not require a notification and documentation of a small change - in cases where the SoC is not changed. A different approach compared to today's DoVs, which cover the entire life cycle of a component/equipment - for small changes, a TF change is made. Will this create a problem at the end of the transition period? – TF will not be updated and SoCs will only have some changes

What should an air navigation service provider (ANSP) expect to receive from a design or production organisation (DPO) for minor changes that are not notifiable to EASA and do not result in an update to the certification, and is the ANSP still expected to notify these minor updates as changes to the functional system?

Acceptance of approvals issued by third countries

Some of the equipment produced by our company has a Federal Aviation Administration (FAA) approval and some equipment does not. For the FAA-approved equipment, can you confirm that our company can apply to have the FAA certification accepted by EASA?

Categorisation of systems or equipment

We are still not sure, in which category some specific equipment falls and thus we would appreciate a more detailed allocation oversight of specific systems to categories (e.g. electr. flight strips; network equipment, Server HW, virtualisation and operating systems, used for all kinds of systems).

Division of today's EATMN components into CA categories. For some existing systems, the categorization is debatable (e.g. EFS). Does the new regulation require anything similar as so called “distribution of systems and constituents within the functional system”?

Does a primary surveillance radar (PSR) being provided to the European Union require certification under Regulation (EU) 2023/1768? If so, are there any published detailed specifications (DSs) for PSRs?

Categorisation of software

For surveillance (SUR) equipment, e.g. ADS-B station, there is also processing equipment (including software) for at least converting the received signal to ASTERIX. Does this mean that this equipment will always be subject to certification by EASA?

GM1 GE.GEN.003 'Software': It is stated that firmware is considered as software. Is this also the case for libraries, operating systems, enterprise service bus (in service-oriented architecture (SOA)), security software, and all software used for virtualisation (e.g. VMware)?

Commercial off the shelf (COTS) systems or equipment

Is it correct to assume that COTS IT/network elements (e.g. servers, routers, switches) do not have the need for certification or declaration, if they are not part of the equipment subject to certification/declaration? E.g. certified software is delivered by DPO, which can be run on any platform/network at the ANSP, which is not certified but fulfils the specifications provided by the DPO.

Cloud-based architectures

How the case of an ANSP cloud based architecture and a SW application produced by a DP0 which is subject to certification or declaration will be handled ?

Development Assurance for Software or Hardware

Who is going to define software / software assurance level (SWAL) requirements for a particular ATM/ANS system? EASA, ANSP, ...?

Did I understand correctly that the software assurance level (SWAL) assignment and stating that the equipment is safe for use is moved to design or production organisations (DPOs)? I got that impression from previous sessions and disagree since safety (as security) depends on the operational usage of the equipment. What is your opinion?

If the software design assurance level (SW DAL) of equipment depends on ATM functions of the air navigation service provider (ANSP), how do you guarantee that certified/declared equipment will be available with such an expected level? Aren't we creating a chicken-and-egg issue?

ED-153 considers that the air navigation service provider (ANSP) shall allocate the software assurance level (SWAL). Which standard support that the DPO shall allocate the SWAL? As in a previous comment, ANSP should allocate the SWAL and DPO should evidence. Why the change? (in a previous question, the answer was that the DPO allocate the SWAL)

Non-compliance

The implementation of a change from the awarding of a public contract to the introduction into operation is a long-term process, during which the following situations may occur (we are considering the transition period): - Issuance of the specification for the given device during implementation - Failure to certify the supplier by the end of the transition period - Reluctance of the contracted supplier to certify. We consider it appropriate to agree with the procedure of the provider/regulator for these cases. Does EASA work on something as a guidelines in this matter?

For a system subject to SoC: If there is a documented non-compliance with some detailed specification, does that automatically mean, it must not be put into operation, or can it be put into operation based on some evaluation criteria? If yes, which are these criteria?

Partnership Agreements

What is the process to follow for an NSA to support EASA in its activity?

Registry of certificates, statements of compliance, defects

Does EASA plan to publish an EU-open database recording: a. Certified DPO with the details of the certificates ( validity, etc.), b. Certified GE with the details of the certificates, c. Issued SoC by ANSP or DPO, d. Known defects on certified and declared GE?

Scope/Applicability

We assume that only those systems are subject to Certification/Declaration/SoC, where applicable specific Detailed Specifications have been issued. Is this assumption correct?

We assume that Electronic Flight Strips are not subject to certification (EFS does not fall into 3b, as EFS does not provide separation of aircraft or prevention of collision, it is not 3a either, there it must be 3c). Please confirm.

What parts of the system need to be certified/how can we define the equipment/constituent that needs to be certified. E.g. Flight strips System with several servers, operating system and virtualisation, switches, operating position equipment plus some software components. Can the DPO only certify the software, with definition of hardware requirements and the customer (or we) purchases any COTS HW, which fulfills these requirements?

Is the following requirement applicable for all ATM/ANS Equipment in "PART 2 — ATM/ANS equipment subject to certification / Subpart A — Air traffic services: "DS GE.CER.ATS.110 ATS recording ATM/ANS equipment specified in this Subpart is to provide recording and replay capability of technical and operational data, and system status."?

DoV refers to the systems structured according to support of the functions and services provided within the functional system defined by the respective ANSP, while SoC refers to components/equipment. DoV also covers the integration process within ANSP, while a SoC is at the level of today's DSU, DoC. Is this assumption correct?

The DoV is also documenting the integration of components/devices into the provider's systems within its FS, the new regulatory framework does not cover this integration - the SoC issuing process ends before the device is integrated into the FS, the integration is done as a change to FS. Is this assumption correct?

In Part 3, Subpart C, what about PSR and SMR?

Could you please elaborate a bit more on the Statements of Compliance (SoCs) in case there are no detailed specifications DSs? If there are no DSs, then no SoC is required, right? Otherwise, any single and simple system would need a SoC?

From you explanations, we infer that if we need to put into service a system but there are no DSs, then we only need to comply with the GENERAL part of the DSs: Is this interpretation right?

If a detailed specification (DS) does not exist for certain hardware (HW) or software (SW), e.g. the application that provides to air traffic controllers (ATCO) the radar availability chart on the auxiliary display, is it subject to this regulatory package? I would say neither CERT, DECL nor SoC are applicable in this case? Only change management should be applied?

Means of compliance (MOC)

Should the ATM/ANS Equipment Release Form attach external documentation/evidence how the GE is compliant with the AMCs and DSs?

Conformity assessment during the transition period

We assume that all systems in operation before September 13 are grandfathered and only need SoC after major changes. Please confirm.

What happens with the equipment sold by a DPO during the transition period and installed by the ANSP but at the end of the transition period, the DPO is not certified by EASA?

In the following scenario, an ANSP put into service a GE (i.e. ADS-B) with its SoC, in September 2028 the manufacturer is not approved as DPO. Should the ANSP deinstall it and deploy a GE from another DPO?

Does it mean that if during the transition period there is only one DPO but many manufactures, ANSPs are not forced to procure the equipment from that DPO? They can thus procure an equipment from non-DPO manufacturers till September 2028?

For SoC and DoV, we assume that the issuance of existing DoVs will be simply replaced by the issuance of SoCs (at least within the transitional period until 2028, once the DoV or its part are to be change). Is this correct?

Implementation support to stakeholders

What is the EASA plan to ensure wide communication towards ATM GE providers and common understanding of the regulation framework?