ED Decision 2020/006/R

Aircraft cybersecurity
  • CS-25 Amendment 25
  • CS-27 Amendment 7
  • CS-29 Amendment 8
  • CS-APU Amendment 1
  • CS-E Amendment 6
  • CS-ETSO Amendment 15
  • CS-P Amendment 2
  • AMC-20 Amendment 18
  • AMC & GM to CS-23 Issue 3
  • AMC & GM to Part 21 Issue 2, Amendment 10

The objective of this Decision is to mitigate the potential effects of cybersecurity threats on safety. Such threats could be the consequences of intentional unauthorised acts of interaction with the aircraft on-board electronic networks and systems.

This Decision issues amendments to CS-25, CS-27, CS-29, CS-APU, CS-E, CS-ETSO, CS-P, and to the related acceptable means of compliance (AMC) and/or guidance material (GM), together with AMC-20, AMC/GM to CS-23 and AMC/GM to Part 21. The aim of the amendments is to introduce cybersecurity provisions into the relevant certification specifications (CSs), taking into account:
—    the existing special conditions (SCs), and 
—    the recommendations of the Aircraft Systems Information Security/Protection (ASISP) Working Group of the Aviation Rulemaking Advisory Committee (ARAC)
by following a proportional approach.

The amendments are expected to contribute to the update of the European Union Aviation Safety Agency (EASA) CSs and AMC and GM to reflect the state of the art of the protection of products and equipment against cybersecurity threats. They are also expected to improve harmonisation with the Federal Aviation Administration (FAA) regulations. Overall, they would improve safety, would have neither social nor environmental impact, and would have a negative-to-neutral economic impact.