ANNEX II (Part-ARO)

Regulation (EU) No 965/2012

This Annex establishes requirements for the administration and management system to be fulfilled by the Agency and Member States for the implementation and enforcement of Regulation (EC) No 216/2008 and its Implementing Rules regarding civil aviation air operations.

SUBPART GEN: GENERAL REQUIREMENTS

SECTION I – General

Regulation (EU) No 965/2012

The competent authority shall provide all legislative acts, standards, rules, technical publications and related documents to relevant personnel in order to allow them to perform their tasks and to discharge their responsibilities.

Regulation (EU) 2019/1384

(a)The Agency shall develop acceptable means of compliance (AMC) that may be used to establish compliance with Regulation (EU) 2018/1139 and its delegated and implementing acts.

(b)Alternative means of compliance may be used to establish compliance with Regulation (EU) 2018/1139 and its delegated and implementing acts.

(c)The competent authority shall establish a system to consistently evaluate whether the alternative means of compliance used by itself or by organisations and persons under its oversight comply with Regulation (EU) 2018/1139 and its delegated and implementing acts. That system shall include procedures to limit, revoke or amend approved alternative means of compliance, if it has been demonstrated by the competent authority that those alternative means of compliance do not comply with Regulation (EU) 2018/1139 and delegated and implementing acts adopted on its basis.

(d)The competent authority shall evaluate all alternative means of compliance proposed by an organisation in accordance:

(1)with point ORO.GEN.120(b) of Annex III (Part-ORO) to this Regulation;

(2)for balloons with point BOP.ADD.010 of Annex II (Part-BOP) to Commission Regulation (EU) 2018/395⁴³; or

(3)for sailplanes with point SAO.DEC.100(c) of Annex II (Part-SAO) to Commission Implementing Regulation (EU) 2018/1976⁴⁴;

by analysing the documentation provided and, if considered necessary, conducting an inspection of the organisation.

When the competent authority finds that the alternative means of compliance are in accordance with the Implementing Rules, it shall without undue delay:

(1)notify the applicant that the alternative means of compliance may be implemented and, if applicable, amend the approval, specialised operation authorisation or certificate of the applicant accordingly; and

(2)notify the Agency of their content, including copies of all relevant documentation.

(e)When the competent authority itself uses alternative means of compliance to achieve compliance with Regulation (EC) No 216/2008 and its Implementing Rules it shall:

(1)make them available to all organisations and persons under its oversight; and

(2)without undue delay notify the Agency.

The competent authority shall provide the Agency with a full description of the alternative means of compliance, including any revisions to procedures that may be relevant, as well as an assessment demonstrating that the Implementing Rules are met.

ED Decision 2014/025/R

GENERAL

The information to be provided to other Member States following approval of an alternative means of compliance should contain a reference to the Acceptable Means of Compliance (AMC) to which such means of compliance provides an alternative, as well as a reference to the corresponding Implementing Rule, indicating as applicable the subparagraph(s) covered by the alternative means of compliance.

ED Decision 2017/006/R

DEMONSTRATION OF COMPLIANCE

In order to demonstrate that the implementing rules are met, a risk assessment should be completed and documented. The result of this risk assessment should demonstrate that an equivalent level of safety to that established by the acceptable means of compliance (AMC) adopted by the Agency is reached.

ED Decision 2014/025/R

GENERAL

Alternative means of compliance used by a competent authority or by organisations under its oversight may be used by other competent authorities or organisations only if processed again in accordance with ARO.GEN.120(d) and (e).

Regulation (EU) 2023/203

(a)The competent authority shall without undue delay notify the Agency in case of any significant problems with the implementation of Regulation (EC) No 216/2008 and its Implementing Rules.

(b)The competent authority shall provide the Agency with safety-significant information stemming from the occurrence reports it has received.

(c)The competent authority of the Member State shall provide the Agency as soon as possible with safety-significant information stemming from the information security reports it has received pursuant to point IS.I.OR.230 of Annex II (Part-IS.I.OR) to Implementing Regulation (EU) 2023/203.

Regulation (EU) 2019/1384

(a)Without prejudice to Regulation (EU) No 376/2014 of the European Parliament and of the Council⁴⁵, the competent authority shall implement a system to appropriately collect, analyse and disseminate safety information.

(b)The Agency shall implement a system to appropriately analyse any relevant safety information received and without undue delay provide to Member States and the Commission any information, including recommendations or corrective actions to be taken, necessary for them to react in a timely manner to a safety problem involving products, parts, appliances, persons or organisations subject to Regulation (EC) No 216/2008 and its Implementing Rules.

(c)Upon receiving the information referred to in (a) and (b), the competent authority shall take adequate measures to address the safety problem.

(d)Measures taken under (c) shall immediately be notified to all persons or organisations which need to comply with them under Regulation (EC) No 216/2008 and its Implementing Rules. The competent authority shall also notify those measures to the Agency and, when combined action is required, the other Member States concerned.

Regulation (EU) 2023/203

(a)The competent authority shall implement a system to appropriately collect, analyse, and disseminate information related to information security incidents and vulnerabilities with a potential impact on aviation safety that are reported by organisations. This shall be done in coordination with any other relevant authorities responsible for information security or cybersecurity within the Member State to increase the coordination and compatibility of reporting schemes.

(b)The Agency shall implement a system to appropriately analyse any relevant safety-significant information received in accordance with point ARO.GEN.125(c), and without undue delay provide the Member States and the Commission with any information, including recommendations or corrective actions to be taken, necessary for them to react in a timely manner to an information security incident or vulnerability with a potential impact on aviation safety involving products, parts, non-installed equipment, persons or organisations subject to Regulation (EU) 2018/1139 and its delegated and implementing acts.

(c)Upon receiving the information referred to in points (a) and (b), the competent authority shall take adequate measures to address the potential impact on aviation safety of the information security incident or vulnerability.

(d)Measures taken in accordance with point (c) shall immediately be notified to all persons or organisations that shall comply with them under Regulation (EU) 2018/1139 and its delegated and implementing acts. The competent authority of the Member State shall also notify those measures to the Agency and, when combined action is required, the competent authorities of the other Member States concerned.

ED Decision 2023/010/R

(a)To appropriately collect and analyse information related to information security incidents and vulnerabilities with a potential impact on aviation safety, the competent authority should implement means that ensure the necessary confidentiality.

(b)When disseminating information related to information security incidents and vulnerabilities with a potential impact on aviation safety, the competent authority should properly select the appropriate recipient(s) to prevent the content of a report from being exploited to the detriment of aviation safety, by revealing, for instance, uncorrected vulnerabilities.

ED Decision 2023/010/R

When deemed necessary, a two-step mechanism could be used: a report alerting about the information security event or incident and the availability of additional data that would require controlled and confidential distribution. This report should only alert recipients of the urgency and the necessity for organisations and competent authorities to establish further communication through secure means.

Therefore, the report should consist of two parts: one limited to mostly public information and one containing the sensitive data that should be restricted to the recipients who need to know. Wherever possible, reports should be based on an agreed taxonomy.

SECTION II – Management

Regulation (EU) 2023/203

(a)The competent authority shall establish and maintain a management system, including as a minimum:

(1)documented policies and procedures to describe its organisation, means and methods to achieve compliance with Regulation (EC) No 216/2008 and its Implementing Rules. The procedures shall be kept up to date and serve as the basic working documents within that competent authority for all related tasks;

(2)a sufficient number of personnel to perform its tasks and discharge its responsibilities. Such personnel shall be qualified to perform their allocated tasks and have the necessary knowledge, experience, initial and recurrent training to ensure continuing competence. A system shall be in place to plan the availability of personnel, in order to ensure the proper completion of all tasks;

(3)adequate facilities and office accommodation to perform the allocated tasks;

(4)a function to monitor compliance of the management system with the relevant requirements and adequacy of the procedures including the establishment of an internal audit process and a safety risk management process. Compliance monitoring shall include a feedback system of audit findings to the senior management of the competent authority to ensure implementation of corrective actions as necessary; and

(5)a person or group of persons, ultimately responsible to the senior management of the competent authority for the compliance monitoring function.

(b)The competent authority shall, for each field of activity, including management system, appoint one or more persons with the overall responsibility for the management of the relevant task(s).

(c)The competent authority shall establish procedures for participation in a mutual exchange of all necessary information and assistance with other competent authorities concerned including on all findings raised and follow-up actions taken as a result of oversight of persons and organisations exercising activities in the territory of a Member State, but certified or authorised by or making declarations to the competent authority of another Member State or the Agency.

(d)A copy of the procedures related to the management system and their amendments shall be made available to the Agency for the purpose of standardisation.

(e)In addition to the requirements contained in point (a), the management system established and maintained by the competent authority shall comply with Annex I (Part-IS.AR) to Implementing Regulation (EU) 2023/203 in order to ensure the proper management of information security risks which may have an impact on aviation safety.

ED Decision 2014/025/R

GENERAL

(a)All of the following should be considered when deciding upon the required organisational structure:

(1)the number of certificates, attestations, authorisations and approvals to be issued;

(2)the number of declared organisations;

(3)the number of certified or authorised persons and organisations exercising an activity within that Member State, including persons or organisations certified or authorised by other competent authorities;

(4)the possible use of qualified entities and of resources of other competent authorities to fulfil the continuing oversight obligations;

(5)the level of civil aviation activity in terms of:

(i)number and complexity of aircraft operated;

(ii)size and complexity of the Member State’s aviation industry;

(6)the potential growth of activities in the field of civil aviation.

(b)The set-up of the organisational structure should ensure that the various tasks and obligations of the competent authority do not rely solely on individuals. A continuous and undisturbed fulfilment of these tasks and obligations of the competent authority should also be guaranteed in case of illness, accident or leave of individual employees.

ED Decision 2014/025/R

GENERAL

(a)The competent authority designated by each Member State should be organised in such a way that:

(1)there is specific and effective management authority in the conduct of all relevant activities;

(2)the functions and processes described in the applicable requirements of Regulation (EC) No 216/2008⁴⁶ and its Implementing Rules and AMCs, Certification Specifications (CSs) and Guidance Material (GM) may be properly implemented;

(3)the competent authority’s organisation and operating procedures for the implementation of the applicable requirements of Regulation (EC) No 216/2008 and its Implementing Rules are properly documented and applied;

(4)all competent authority personnel involved in the related activities are provided with training where necessary;

(5)specific and effective provision is made for the communication and interface as necessary with the Agency and the competent authorities of other Member States; and

(6)all functions related to implementing the applicable requirements are adequately described.

(b)A general policy in respect of activities related to the applicable requirements of Regulation (EC) No 216/2008 and its Implementing Rules should be developed, promoted and implemented by the manager at the highest appropriate level; for example the manager at the top of the functional area of the competent authority that is responsible for such activities.

(c)Appropriate steps should be taken to ensure that the policy is known and understood by all personnel involved, and all necessary steps should be taken to implement and maintain the policy.

(d)The general policy, whilst also satisfying additional national regulatory responsibilities, should in particular take into account:

(1)the provisions of Regulation (EC) No 216/2008;

(2)the provisions of the applicable Implementing Rules and their AMCs, CSs and GM;

(3)the needs of industry; and

(4)the needs of the Agency and of the competent authority.

(e)The policy should define specific objectives for key elements of the organisation and processes for implementing related activities, including the corresponding control procedures and the measurement of the achieved standard.

ED Decision 2014/025/R

DOCUMENTED POLICIES AND PROCEDURES

(a)The various elements of the organisation involved with the activities related to Regulation (EC) No 216/2008 and its Implementing Rules should be documented in order to establish a reference source for the establishment and maintenance of this organisation.

(b)The documented procedures should be established in a way that facilitates their use. They should be clearly identified, kept up-to-date and made readily available to all personnel involved in the related activities.

(c)The documented procedures should cover, as a minimum, all of the following aspects:

(1)policy and objectives;

(2)organisational structure;

(3)responsibilities and associated authority;

(4)procedures and processes;

(5)internal and external interfaces;

(6)internal control procedures;

(7)training of personnel;

(8)cross-references to associated documents;

(9)assistance from other competent authorities or the Agency (where required).

(d)It is likely that the information is held in more than one document or series of documents, and suitable cross-referencing should be provided. For example, organisational structure and job descriptions are not usually in the same documentation as the detailed working procedures. In such cases, it is recommended that the documented procedures include an index of cross-references to all such other related information, and the related documentation should be readily available when required.

ED Decision 2017/006/R

QUALIFICATION AND TRAINING — GENERAL

(a)It is essential that the competent authority has the full capability to adequately assess the continued competence of an organisation by ensuring that the whole range of activities is assessed by appropriately qualified personnel.

(b)For each inspector, the competent authority should:

(1)define the competencies required to perform the allocated certification and oversight tasks;

(2)define the associated minimum qualification requirements;

(3)establish initial and recurrent training programmes in order to maintain and to enhance inspector competency at the level necessary to perform the allocated tasks; and

(4)ensure that the training provided meets the established standards and is regularly reviewed and updated whenever necessary.

(c)The competent authority may provide training through its own training organisation with qualified trainers or through another qualified training source.

(d)When training is not provided through an internal training organisation, adequately experienced and qualified persons may act as trainers, provided their training skills have been assessed. If required, an individual training plan should be established covering specific training skills. Records should be kept of such training and the assessment, as appropriate.

ED Decision 2017/006/R

QUALIFICATION AND TRAINING — INSPECTORS

(a)Initial training programme:

The initial training programme for inspectors should include, as appropriate to their role, current knowledge, experience and skills in at least all of the following:

(1)aviation legislation organisation and structure;

(2)the Chicago Convention, relevant ICAO annexes and documents;

(3)overview of Regulation (EC) No 216/2008, its implementing rules and the related AMC, CS, and GM;

(4)Regulation (EU) No 965/2012 as well as other applicable requirements;

(5)management systems, including the assessment of the effectiveness of a management system, in particular hazard identification and risk assessment, and non-punitive reporting techniques in the context of the implementation of a ‘just culture’;

(6)auditing techniques;

(7)competent authority procedures relevant to the inspectors’ tasks;

(8)human factors principles;

(9)rights and obligations of inspecting personnel of the competent authority;

(10)‘on-the-job’ training, relevant to the inspector’s tasks;

(11)technical training, including training on aircraft-specific subjects, appropriate to the role and tasks of the inspector, in particular for those areas requiring approvals.

(b)Recurrent training programme:

Once qualified, the inspector should undergo training periodically as well as whenever deemed necessary by the competent authority in order to remain competent to perform the allocated tasks. The recurrent training programme for inspectors should include, as appropriate to their role, at least the following topics:

(1)changes in aviation legislation, operational environment and technologies;

(2)competent authority procedures relevant to the inspector’s tasks;

(3)technical training, including training on aircraft-specific subjects, appropriate to the role and tasks of the inspector; and

(4)results from past oversight.

(c)An assessment of an inspector’s competency should take place at regular intervals not exceeding three years.

ED Decision 2015/022/R

QUALIFICATION AND TRAINING — CREW RESOURCE MANAGEMENT (CRM)

For the oversight of the operator’s CRM training, the inspectors of the competent authority should be qualified and trained as follows:

(a)Qualification

To fulfil the qualification provisions, inspectors should:

(1)have adequate knowledge of the relevant flight operations;

(2)have adequate knowledge of human performance and limitations (HPL);

(3)have completed initial CRM training;

(4)have received additional training in the fields of group management, group dynamics and personal awareness; and

(5)have experience in the assessment of the effectiveness of training programmes and management systems.

(b)Training

The training of inspectors should be both theoretical and practical, and should include:

(1)in-depth knowledge of the CRM training elements as laid down in Part-ORO; and

(2)specific skills for the oversight of the operator’s CRM training including the assessment of non-technical skills using proper techniques and methodologies.

ED Decision 2017/006/R

INSPECTOR QUALIFICATION FOR CAT OPERATIONS

(a)For CAT operations of aircraft with an MOPSC of more than 19 seats or with an MCTOM of more than 45 360 kg, an inspector who performs initial certification or oversight tasks relating to:

(1)the flight crew operating procedures contained in Part B (e.g. Chapters B-2, B-3, and B-9) of the Operations Manual (OM), or

(2)the aircraft/FSTD part of the flight crew training syllabi and checking programmes contained in Part D of the OM,

should have the following qualifications:

(i)operational experience in air transport operations appropriate to the allocated tasks;

(ii)experience in either operational management within an air transport operation; or as an examiner; or as an instructor; and

(iii)hold or have held a valid type rating on the aircraft type concerned; or a class rating as appropriate; or a rating on aircraft types/classes with similar technical and operational characteristics.

(b)For CAT operations with an MOPSC of 19 seats or less, the authority should establish the inspector qualifications required to perform the allocated initial certification and oversight tasks. The assigned inspector should undergo theoretical training on aircraft systems and operations.

(c)For in-flight inspections of CAT operations, the inspector should have relevant knowledge of the route and area.

ED Decision 2017/006/R

FATIGUE RISK MANAGEMENT INSPECTOR TRAINING

An inspector involved in the approval process of operator’s flight time specification schemes and fatigue risk management (FRM) should receive the following training:

(a)Initial training

(1)Theory and effects of fatigue

(2)Human factors related to fatigue

(3)Typical hazards and risks related to fatigue, their possible mitigation measures, and the maturity of hazard identification models (reactive, proactive and predictive)

(4)FRM training and promotion methodologies and how to support ongoing development of FRM

(5)Data collection and analysis methods related to FRM

(6)Integration of FRM into the Management System

(7)Fatigue management documentation, implementation and assurance methodologies

(8)Regulatory framework and current best practices

(9)Auditing and assessment of the effectiveness of an operator’s FRM

(b)Recurrent training (at least every 3 years)

(1)Review of FRM implementation issues

(2)Recent incidents related to fatigue

(3)New FRM developments

(4)Review of changes in legislation, and best practices.

ED Decision 2017/006/R

SUFFICIENT PERSONNEL

(a)This GM on the determination of the required personnel is limited to the performance of certification, authorisation and oversight tasks, excluding personnel required to perform tasks subject to any national regulatory requirements.

(b)The elements to be considered when determining required personnel and planning their availability may be divided into quantitative and qualitative elements:

(1)Quantitative elements:

(i)the estimated number of initial certificates to be issued;

(ii)the number of organisations certified by the competent authority;

(iii)the number of persons to whom the competent authority has issued a licence, certificate, rating, authorisation or attestation;

(iv)the estimated number of persons and organisations, as well as the estimated number of subcontracted organisations used by those persons and organisations, exercising their activity within the territory of the Member State and established or residing in another Member State;

(v)the number of organisations having declared their activity to the competent authority;

(vi)the number of organisations holding a specialised operations authorisation issued by the competent authority.

(2)Qualitative elements:

(i)the size, nature and complexity of activities of certified, authorised and declared organisations (cf. AMC1 ORO.GEN.200(b)) ,taking into account:

(A)privileges of the organisation;

(B)type of approval, scope of approval, multiple certification, authorisation and declared activities;

(C)possible certification to industry standards;

(D)types of aircraft/flight simulation training devices (FSTDs) operated;

(E)number of personnel; and

(F)organisational structure, existence of subsidiaries;

(ii)the safety priorities identified;

(iii)the results of past oversight activities, including audits, inspections and reviews, in terms of risks and regulatory compliance, taking into account:

(A)number and level of findings;

(B)timeframe for implementation of corrective actions; and

(C)maturity of management systems implemented by organisations and their ability to effectively manage safety risks, taking into account also information provided by other competent authorities related to activities in the territory of the Member States concerned; and

(iv)the size and complexity of the Member State’s aviation industry and the potential growth of activities in the field of civil aviation, which may be an indication of the number of new applications and changes to existing certificates and authorisations to be expected.

(c)Based on existing data from previous oversight planning cycles and taking into account the situation within the Member State’s aviation industry, the competent authority may estimate:

(1)the standard working time required for processing applications for new certificates (for persons and organisations) and authorisations;

(2)the number of new declarations or changed declarations;

(3)the number of new certificates and authorisations to be issued for each planning period; and

(4)the number of changes to existing certificates and authorisations to be processed for each planning period.

(d)In line with the competent authority’s oversight policy, the following planning data should be determined specifically for each type of organisation certified by the competent authority as well as for declared organisations, including those being authorised:

(1)standard number of audits to be performed per oversight planning cycle;

(2)standard duration of each audit;

(3)standard working time for audit preparation, on-site audit, reporting and follow-up, per inspector;

(4)standard number of ramp and unannounced inspections to be performed;

(5)standard duration of inspections, including preparation, reporting and follow-up, per inspector;

(6)minimum number and required qualification of inspectors for each audit/inspection.

(e)Standard working time could be expressed either in working hours per inspector or in working days per inspector. All planning calculations should then be based on the same unit (hours or working days).

(f)It is recommended to use a spreadsheet application to process data defined under (c) and (d), to assist in determining the total number of working hours/days per oversight planning cycle required for certification, authorisation, oversight and enforcement activities. This application could also serve as a basis for implementing a system for planning the availability of personnel.

(g)For each type of organisation certified or high risk commercial specialised operation authorised by the competent authority, the number of working hours/days per planning period for each qualified inspector that may be allocated for certification, authorisation, oversight and enforcement activities should be determined, taking into account:

(1)purely administrative tasks not directly related to oversight and certification/authorisation;

(2)training;

(3)participation in other projects;

(4)planned absence; and

(5)the need to include a reserve for unplanned tasks or unforeseeable events.

(h)The determination of working time available for certification, authorisation, oversight and enforcement activities should also consider:

(1)the possible use of qualified entities; and

(2)possible cooperation with other competent authorities for approvals or authorisations involving more than one Member State.

(i)Based on the elements listed above, the competent authority should be able to:

(1)monitor dates when audits and inspections are due and when they have been carried out;

(2)implement a system to plan the availability of personnel; and

(3)identify possible gaps between the number and qualification of personnel and the required volume of certification/authorisation and oversight.

Care should be taken to keep planning data up-to-date in line with changes in the underlying planning assumptions, with particular focus on risk-based oversight principles.

ED Decision 2017/006/R

INSPECTOR COMPETENCY

(a)Competency is a combination of individual skills, practical and theoretical knowledge, attitude, training, and experience.

(b)An inspector should, by his/her qualifications and competencies, command the professional respect of the inspected personnel.

ED Decision 2016/006/R

SPECIFIC FLIGHT OPERATIONS INSPECTOR QUALIFICATION

(a)The following characteristics should be considered in order to establish aircraft types/classes with similar technical and operational characteristics:

(1)Engine technology;

(2)Certification basis;

(3)Level of automation;

(4)Flight controls logic (e.g. fly-by-wire, conventional, etc.); and

(5)Size and mass of the aircraft (e.g. maximum take-off mass, wake turbulence category, etc.).

(b)The following factors should be considered with regard to knowledge of the route and area:

(1)Climatological conditions, e.g. exceptionally cold weather;

(2)Availability of adequate aerodromes and their specific features, e.g. high elevation, poor English/communication capability, exceptional approach procedures;

(3)Navigational procedures, including PBN requirements, ETOPS and extended diversion time requirements;

(4)Communication procedures, including required communication performance, any specific and contingency procedures, e.g. loss of communication, drift down, oxygen escape; and

(5)Equipment requirements related to search and rescue, e.g. polar, desert operations, oceanic, remote areas.

ED Decision 2017/006/R

INSPECTOR TRAINING PROGRAMMES

(a)The competent authority may adapt the duration and depth of the individual training programme of an inspector, provided the required competencies are achieved and maintained.

(b)The following documents, as appropriate to the role of the inspector, are relevant for the initial training programme for inspectors referred to in AMC2 ARO.GEN.200(a)(2):

(1)The Chicago Convention and relevant ICAO annexes and documents

(2)Regulation (EU) No 376/2014 (Occurrences in civil aviation)

(3)Regulation (EC) No 216/2008, and related implementing rules such as:

(i)Regulation (EU) No 1178/2011 (Air Crew Regulation);

(ii)Regulation (EU) No 1332/2011;(Part-AUR);

(iii)Regulation (EU) No 923/2012 (Part-SERA);

(iv)Regulation (EU) No 748/2012 (OSD); and

(v)Regulation (EU) No 1321/2014 (Part-M, Part-145).

(c)The duration of the on-the-job training should take into account the scope and complexity of the inspector’s tasks. The competent authority should assess whether the required competence has been achieved before an inspector is authorised to perform a task without supervision.

ED Decision 2017/006/R

FATIGUE RISK MANAGEMENT INSPECTOR TRAINING

‘Theory and effects of fatigue’ refers to:

(a)sleep;

(b)circadian rhythm;

(c)adaptation (acclimatisation) after time-jet zone crossing (westbound and eastbound) and jet lag;

(d)shift work;

(e)bio-mathematical fatigue models; and

(f)measurement of fatigue.

ED Decision 2017/006/R

FATIGUE RISK MANAGEMENT INSPECTOR TRAINING

Guidance on training for inspectors on fatigue risk management is contained in ICAO Doc 9966 (Manual for the Oversight of Fatigue Management Approaches).

ED Decision 2017/006/R

INSPECTOR EXPERIENCE IN EITHER OPERATIONAL MANAGEMENT WITHIN AN AIR TRANSPORT OPERATION OR AS AN INSTRUCTOR OR AS AN EXAMINER

The inspector assigned to certification and oversight tasks should have sufficient experience in roles that enable a thorough understanding of the operational processes.

(a)Experience in operational management refers to previous appointments in functions of organisational relevance, such as in any of the areas below:

(1)flight operations and operational control;

(2)flight crew training; and

(3)management system.

Such appointments should not be limited to senior management functions such as nominated persons in accordance with point (b) of ORO.GEN.210. It is important that the inspector assigned to certification and oversight tasks in accordance with AMC4 ARO.GEN.200(a)(2) have sufficient experience which enables a thorough understanding of the operational processes within air transport operations.

(b)In the context of the approval and oversight of aircraft specific flight crew training and checking, the inspector should have experience as an instructor.

ED Decision 2014/025/R

PROCEDURES AVAILABLE TO THE AGENCY

(a)Copies of the procedures related to the competent authority’s management system and their amendments to be made available to the Agency for the purpose of standardisation should provide at least the following information:

(1)Regarding continuing oversight functions undertaken by the competent authority, the competent authority’s organisational structure with description of the main processes. This information should demonstrate the allocation of responsibilities within the competent authority, and that the competent authority is capable of carrying out the full range of tasks regarding the size and complexity of the Member State’s aviation industry. It should also consider overall proficiency and authorisation scope of competent authority personnel.

(2)For personnel involved in oversight activities, the minimum professional qualification requirements and experience and principles guiding appointment (e.g. assessment).

(3)How the following are carried out: assessing applications and evaluating compliance, issuance of certificates and authorisations, performance of continuing oversight, follow-up of findings, enforcement measures and resolution of safety concerns.

(4)Principles of managing exemptions and derogations.

(5)Processes in place to disseminate applicable safety information for timely reaction to a safety problem.

(6)Criteria for planning continuing oversight (oversight programme), including adequate management of interfaces when conducting continuing oversight (air operations, flight crew licensing, continuing airworthiness management for example).

(7)Outline of the initial training of newly recruited oversight personnel (taking future activities into account), and the basic framework for continuation training of oversight personnel.

(b)As part of the continuous monitoring of a competent authority, the Agency may request details of the working methods used, in addition to the copy of the procedures of the competent authority’s management system (and amendments). These additional details are the procedures and related guidance material describing working methods for competent authority personnel conducting oversight.

(c)Information related to the competent authority’s management system may be submitted in electronic format.

Regulation (EU) 2023/203

(a)Tasks related to the initial certification, specialised operation authorisation or continuing oversight of persons or organisations subject to Regulation (EC) No 216/2008 and its Implementing Rules shall be allocated by Member States only to qualified entities. When allocating tasks, the competent authority shall ensure that it has:

(1)put a system in place to initially and continuously assess that the qualified entity complies with Annex V to Regulation (EC) No 216/2008.

This system and the results of the assessments shall be documented.

(2)established a documented agreement with the qualified entity, approved by both parties at the appropriate management level, which clearly defines:

(i)the tasks to be performed;

(ii)the declarations, reports and records to be provided;

(iii)the technical conditions to be met in performing such tasks;

(iv)the related liability coverage; and

(v)the protection given to information acquired in carrying out such tasks.

(b)The competent authority shall ensure that the internal audit process and safety risk management process required by ARO.GEN.200(a)(4) covers all certification, authorisation or continuing oversight tasks performed on its behalf.

(c)For the certification and oversight of the organisation’s compliance with point ORO.GEN.200A, the competent authority may allocate tasks to qualified entities in accordance with point (a), or to any relevant authority responsible for information security or cybersecurity within the Member State. When allocating tasks, the competent authority shall ensure that:

(1)all aspects related to aviation safety are coordinated and taken into account by the qualified entity or relevant authority;

(2)the results of the certification and oversight activities performed by the qualified entity or relevant authority are integrated in the overall certification and oversight files of the organisation;

(3)its own information security management system established in accordance with point ARO.GEN.200(e) covers all the certification and continuing oversight tasks performed on its behalf.

Regulation (EU) No 965/2012

(a)The competent authority shall have a system in place to identify changes that affect its capability to perform its tasks and discharge its responsibilities as defined in Regulation (EC) No 216/2008 and its Implementing Rules. This system shall enable it to take action as appropriate to ensure that its management system remains adequate and effective.

(b)The competent authority shall update its management system to reflect any change to Regulation (EC) No 216/2008 and its Implementing Rules in a timely manner, so as to ensure effective implementation.

(c)The competent authority shall notify the Agency of changes affecting its capability to perform its tasks and discharge its responsibilities as defined in Regulation (EC) No 216/2008 and its Implementing Rules.

Regulation (EU) 2015/140

(a)The competent authority shall establish a system of record-keeping providing for adequate storage, accessibility and reliable traceability of:

(1)the management system’s documented policies and procedures;

(2)training, qualification and authorisation of its personnel;

(3)the allocation of tasks, covering the elements required by ARO.GEN.205 as well as the details of tasks allocated;

(4)certification processes and continuing oversight of certified organisations;

(4a)the process of authorisation of a high risk commercial specialised operation and continuing oversight of an authorisation holder;

(5)declaration processes and continuing oversight of declared organisations;

(6)details of training courses provided by certified organisations, and if applicable, records relating to FSTDs used for such training;

(7)oversight of persons and organisations exercising activities within the territory of the Member State, but overseen, certified or authorised by the competent authority of another Member State or the Agency, as agreed between these authorities;

(8)oversight of operations of other-than complex motor-powered aircraft by non-commercial operators;

(9)the evaluation and notification to the Agency of alternative means of compliance proposed by organisations subject to certification, or authorisation and the assessment of alternative means of compliance used by the competent authority itself;

(10)findings, corrective actions and date of action closure;

(11)enforcement measures taken;

(12)safety information and follow-up measures; and

(13)the use of flexibility provisions in accordance with Article 14 of Regulation (EC) No 216/2008.

(b)The competent authority shall maintain a list of all organisation certificates and specialised operations authorisations it issued as well as declarations it received.

(c)All records shall be kept for the minimum period specified in this Regulation. In the absence of such indication, records shall be kept for a minimum period of five years subject to applicable data protection law.

ED Decision 2014/025/R

GENERAL

(a)The record-keeping system should ensure that all records are accessible whenever needed within a reasonable time. These records should be organised in a way that ensures traceability and retrievability throughout the required retention period.

(b)Records should be kept in paper form or in electronic format or a combination of both media. Records stored on microfilm or optical disc form are also acceptable. The records should remain legible and accessible throughout the required retention period. The retention period starts when the record has been created.

(c)Paper systems should use robust material, which can withstand normal handling and filing. Computer systems should have at least one backup system, which should be updated within 24 hours of any new entry. Computer systems should include safeguards against unauthorised alteration of data.

(d)All computer hardware used to ensure data backup should be stored in a different location from that containing the working data and in an environment that ensures they remain in good condition. When hardware or software changes take place, special care should be taken that all necessary data continue to be accessible at least through the full period specified in the relevant Subpart or by default in ARO.GEN.220(c).

ED Decision 2014/025/R

COMPETENT AUTHORITY MANAGEMENT SYSTEM

Records related to the competent authority’s management system should include, as a minimum and as applicable:

(a)the documented policies and procedures;

(b)the personnel files of competent authority personnel, with supporting documents related to training and qualifications;

(c)the results of the competent authority’s internal audit and safety risk management processes, including audit findings and corrective actions; and

(d)the contract(s) established with qualified entities performing certification, authorisation or oversight tasks on behalf of the competent authority.

ED Decision 2014/025/R

ORGANISATIONS

Records related to an organisation certified or operations authorised by or having declared its activity to the competent authority should include, as appropriate to the type of organisation:

(a)the application for an organisation approval, a specialised operation authorisation or the declaration received;

(b)the documentation based on which the approval or authorisation has been granted and any amendments to that documentation;

(c)the organisation approval certificate or specialised operation authorisation, including any changes;

(d)a copy of the continuing oversight programme listing the dates when audits are due and when such audits were carried out;

(e)continuing oversight records, including all audit and inspection records;

(f)copies of all relevant correspondence;

(g)details of any exemption and enforcement actions;

(h)any report from other competent authorities relating to the oversight of the organisation; and

(i)a copy of any other document approved by the competent authority.

ED Decision 2014/025/R

ORGANISATIONS — DOCUMENTATION

Documentation to be kept as records in support of the approval includes the management system documentation, including any technical manuals, such as the operations manual, and training manual, that have been submitted with the initial application, and any amendments to these documents.

ED Decision 2014/025/R

AUTHORISATION HOLDERS — DOCUMENTATION

Documentation to be kept as records in support of the authorisation of a high risk commercial specialised operation include the risk assessment documentation and related standard operating procedures (SOP), as well as a description of the management system of the proposed operation and a statement that all the documentation sent to the competent authority has been verified by the operator and found in compliance with the applicable requirements. Any amendments to these documents should be documented.

ED Decision 2014/025/R

ACTIVITIES PERFORMED IN THE TERRITORY OF A MEMBER STATE BY PERSONS OR ORGANISATIONS ESTABLISHED OR RESIDING IN ANOTHER MEMBER STATE

(a)Records related to the oversight of activities performed in the territory of a Member State by persons or organisations established or residing in another Member State should include, as a minimum:

(1)oversight records, including all audit and inspection records and related correspondence;

(2)copies of all relevant correspondence to exchange information with other competent authorities relating to the oversight of such persons/organisations;

(3)details of any enforcement measures and penalties; and

(4)any report from other competent authorities relating to the oversight of these persons/organisations, including any notification of evidence showing non-compliance with the applicable requirements.

(b)Records should be kept by the competent authority having performed the audit or inspection and should be made available to other competent authorities at least in the following cases:

(1)serious incidents or accidents;

(2)findings through the oversight programme where organisations certified or authorised by another competent authority are involved, to determine the root cause;

(3)an organisation being certified, authorised or having approvals in several Member States.

(c)When records are requested by another competent authority, the reason for the request should be clearly stated.

(d)The records can be made available by sending a copy or by allowing access to them for consultation.

ED Decision 2014/025/R

GENERAL

Records are required to document results achieved or to provide evidence of activities performed. Records become factual when recorded. Therefore, they are not subject to version control. Even when a new record is produced covering the same issue, the previous record remains valid.

SECTION III – Oversight, certification and enforcement

Regulation (EU) 2025/2293

(a)The competent authority shall verify:

(1)compliance with the requirements applicable to organisations or type of operations prior to the issue of a certificate, approval or authorisation, as applicable;

(2)continued compliance with the applicable requirements of organisations it has certified, specialised operations it has authorised and organisations from which it received a declaration;

(3)continued compliance with the applicable requirements of non-commercial operators of other-than complex motor-powered aircraft; and

(4)implementation of appropriate safety measures mandated by the competent authority as defined in ARO.GEN.135(c) and (d).

(b)This verification shall:

(1)be supported by documentation specifically intended to provide personnel responsible for safety oversight with guidance to perform their functions;

(2)provide the persons and organisations concerned with the results of safety oversight activity;

(3)be based on audits and inspections, including ramp and unannounced inspections; and

(4)provide the competent authority with the evidence needed in case further action is required, including the measures foreseen by ARO.GEN.350 and ARO.GEN.355.

(c)The scope of oversight defined in (a) and (b) shall take into account the results of past oversight activities and the safety priorities.

(d)Without prejudice to the competences of the Member States and to their obligations as set out in ARO.RAMP, the scope of the oversight of activities performed in the territory of a Member State by persons or organisations established or residing in another Member State shall be determined on the basis of the safety priorities, as well as of past oversight activities.

(e)Where the activity of a person or organisation involves more than one Member State or the Agency, the competent authority responsible for the oversight under (a) may agree to have oversight tasks performed by the competent authority(ies) of the Member State(s) where the activity takes place or by the Agency. Any person or organisation subject to such agreement shall be informed of its existence and of its scope.

(f)The competent authority shall collect and process any information deemed useful for oversight, including for ramp and unannounced inspections.

(g)With regard to the certification and oversight of the organisation’s compliance with point ORO.GEN.200A, in addition to complying with points (a) to (f) of this point, the competent authority shall review any approval granted under point IS.I.OR.200(e) of Annex II to Implementing Regulation (EU) 2023/203 following the applicable oversight audit cycle and whenever changes are implemented in the scope of work of the organisation.

ED Decision 2017/006/R

GENERAL

The competent authority should assess the organisation and monitor its continued competence to conduct safe operations in compliance with the applicable requirements. The competent authority should ensure that accountability for assessing organisations is clearly defined. This accountability may be delegated or shared, in whole or in part. Where more than one competent authority is involved, a responsible person should be appointed under whose personal authority organisations are assessed.

ED Decision 2014/025/R

EVALUATION OF OPERATIONAL SAFETY RISK ASSESSMENT

As part of the initial certification or the continuing oversight of an operator, the competent authority should normally evaluate the operator’s safety risk assessment processes related to hazards identified by the operator as having an interface with its operations. These safety risk assessments should be identifiable processes of the operator’s management system.

As part of its continuing oversight, the competent authority should also remain satisfied as to the effectiveness of these safety risk assessments.

(a)General methodology for operational hazards

The competent authority should establish a methodology for evaluating the safety risk assessment processes of the operator’s management system.

When related to operational hazards, the competent authority’s evaluation under its normal oversight process should be considered satisfactory if the operator demonstrates its competence and capability to:

(1)understand the hazards and their consequences on its operations;

(2)be clear on where these hazards may exceed acceptable safety risk limits;

(3)identify and implement mitigations, including suspension of operations where mitigation cannot reduce the risk to within safety risk limits;

(4)develop and execute effectively robust procedures for the preparation and the safe operation of the flights subject to the hazards identified;

(5)assess the competence and currency of its staff in relation to the duties necessary for the intended operations and implement any necessary training; and

(6)ensure sufficient numbers of qualified and competent staff for such duties.

The competent authority should take into account that:

(1)the operator’s recorded mitigations for each unacceptable risk identified are in place;

(2)the operational procedures specified by the operator with the most significance to safety appear to be robust; and

(3)the staff on which the operator depends in respect of those duties necessary for the intended operations are trained and assessed as competent in the relevant procedures.

EVALUATION OF OPERATORS’ VOLCANIC ASH SAFETY RISK ASSESSMENT

In addition to the general methodology for operational hazards, the competent authority’s evaluation under its normal oversight process should also assess the operator’s competence and capability to:

(a)choose the correct information sources to use to interpret the information related to volcanic ash contamination forecast and to resolve correctly any conflicts among such sources; and

(b)take account of all information from its type certificate holders (TCHs) concerning volcanic ash-related airworthiness aspects of the aircraft it operates, and the related pre-flight, in-flight and post flight precautions to be observed.

ED Decision 2017/006/R

GENERAL

(a)Responsibility for the conduct of safe operations lies with the organisation. Under these provisions a positive move is made towards devolving upon the organisation a share of the responsibility for monitoring the safety of operations. The objective cannot be attained unless organisations are prepared to accept the implications of this policy, including that of committing the necessary resources to its implementation. Crucial to the success of the policy is the content of Part-ORO, which requires the establishment of a management system by the organisation.

(b)The competent authority should continue to assess the organisation's compliance with the applicable requirements, including the effectiveness of the management system. If the management system is judged to have failed in its effectiveness, then this in itself is a breach of the requirements which may, among others, call into question the validity of a certificate, if applicable.

(c)The accountable manager is accountable to the competent authority as well as to those who may appoint him/her. It follows that the competent authority cannot accept a situation in which the accountable manager is denied sufficient funds, manpower or influence to rectify deficiencies identified by the management system.

(d)Oversight of the organisation includes a review and assessment of the qualifications of nominated persons.

ED Decision 2014/025/R

VOLCANIC ASH SAFETY RISK ASSESSMENT — ADDITIONAL GUIDANCE

Further guidance on the assessment of an operator’s volcanic ash safety risk assessment is given in ICAO Doc 9974 (Flight safety and volcanic ash — Risk management of flight operations with known or forecast volcanic ash contamination).

ED Decision 2015/022/R

CHECKLIST FOR CRM TRAINING OVERSIGHT

The following list includes the major elements for the monitoring of the operator’s CRM training:

(a)development of CRM training considering the operator’s management system;

(b)content of the CRM training syllabus;

(c)qualification of CRM trainer;

(d)training facilities:

(1)classroom;

(2)flight simulation training device (FSTD);

(3)aircraft; and

(4)cabin training device;

(e)training methods:

(1)classroom training (instructions, presentations and behavioural exercises);

(2)computer-based training (CBT);

(3)line-oriented flight training (LOFT); and

(4)check or test;

(f)training analysis:

(1)pre-course reading and study;

(2)integration of the different training methods;

(3)competence and performance of the trainer or instructor;

(4)assessment of flight crew members; and

(5)effectiveness of training.

ED Decision 2016/008/R

OVERSIGHT OF AN OPERATOR CONVERSION COURSE (OCC) FOR MULTI-CREW PILOT LICENCE (MPL) HOLDERS

As part of the initial certification or the continuing oversight of an operator, the competent authority should include the assessment of the OCC provided to MPL holders, who undertake their first conversion course on a new type or at an operator other than the one that was involved in their training for the MPL.

The assessment of the OCC should evaluate whether the operator, in the process of development of the OCC, took the following aspects into account:

—the time elapsed after completion of the initial training, between base training and hiring, and the Line Flying Under Supervision (LIFUS);

—the necessary feedback loop between the Approved Training Organisation (ATO) and the operator involved in the licence training.

ED Decision 2014/025/R

OPERATIONAL APPROVALS ISSUED BY NON-EU STATE OF REGISTRY

When verifying continued compliance of non-commercial operators using an aircraft registered in a third country holding operational approvals for operations in PBN, MNPS and RVSM airspace issued by a non-EU State of Registry, the competent authority should at least assess if:

(a)the State of registry has established an equivalent level of safety, considering any differences notified to the ICAO Standards for RVSM, RNP, MNPS and MEL; or

(b)there are reservations on the safety oversight capabilities and records of the State of registry; or

(c)operators of the State of registry are subject to an operating ban pursuant Regulation (EC) No 2111/2005; or

(d)relevant findings on the State of registry from audits carried out under international conventions exist; or

(e)relevant findings on the State of registry from other safety assessment programmes of States exist.

ED Decision 2014/025/R

ACTIVITIES WITHIN THE TERRITORY OF THE MEMBER STATE

(a)Activities performed in the territory of the Member State by persons or organisations established or residing in another Member State include:

(1)activities of:

(i)organisations certified or authorised by or declaring their activity to the competent authority of any other Member State or the Agency; or

(ii)persons performing operations with other-than-complex motor-powered aircraft; and

(2)activities of persons holding a licence, certificate, rating, or attestation issued by the competent authority of any other Member State.

(b)Audits and inspections of such activities, including ramp and unannounced inspections, should be prioritised towards those areas of greater safety concern, as identified through the analysis of data on safety hazards and their consequences in operations.

Regulation (EU) 2015/140

(a)The competent authority shall establish and maintain an oversight programme covering the oversight activities required by ARO.GEN.300 and by ARO.RAMP.

(b)For organisations certified by the competent authority, the oversight programme shall be developed taking into account the specific nature of the organisation, the complexity of its activities, the results of past certification and/or oversight activities required by ARO.GEN and ARO.RAMP and shall be based on the assessment of associated risks. It shall include within each oversight planning cycle:

(1)audits and inspections, including ramp and unannounced inspections as appropriate; and

(2)meetings convened between the accountable manager and the competent authority to ensure both remain informed of significant issues.

(c)For organisations certified by the competent authority an oversight planning cycle not exceeding 24 months shall be applied.

The oversight planning cycle may be reduced if there is evidence that the safety performance of the organisation has decreased.

The oversight planning cycle may be extended to a maximum of 36 months if the competent authority has established that, during the previous 24 months:

(1)the organisation has demonstrated an effective identification of aviation safety hazards and management of associated risks;

(2)the organisation has continuously demonstrated under ORO.GEN.130 that it has full control over all changes;

(3)no level 1 findings have been issued; and

(4)all corrective actions have been implemented within the time period accepted or extended by the competent authority as defined in ARO.GEN.350(d)(2).

The oversight planning cycle may be further extended to a maximum of 48 months if, in addition to the above, the organisation has established, and the competent authority has approved, an effective continuous reporting system to the competent authority on the safety performance and regulatory compliance of the organisation itself.

(d)For organisations declaring their activity to the competent authority, the oversight programme shall be based on the specific nature of the organisation, the complexity of its activities and the data of past oversight activities and the assessment of risks associated with the type of activity carried out. It shall include audits and inspections, including ramp and unannounced inspections, as appropriate.

(d1)For organisations holding a specialised operations authorisation, the oversight programme shall be established in accordance with (d) and shall also take into account the past and current authorisation process and the validity period of the authorisation.

(e)For persons holding a licence, certificate, rating, or attestation issued by the competent authority the oversight programme shall include inspections, including unannounced inspections, as appropriate.

(f)The oversight programme shall include records of the dates when audits, inspections and meetings are due and when such audits, inspections and meetings have been carried out.

ED Decision 2017/006/R

SPECIFIC NATURE AND COMPLEXITY OF THE ORGANISATION, RESULTS OF PAST OVERSIGHT

(a)When determining the oversight programme for an organisation, the competent authority should consider in particular the following elements, as applicable:

(1)the implementation by the organisation of industry standards, directly relevant to the organisation’s activity subject to this Regulation;

(2)the procedure applied for and scope of changes not requiring prior approval;

(3)specific approvals held by the organisation;

(4)specific procedures implemented by the organisation related to any alternative means of compliance used; and

(5)number of subcontractors.

(b)For the purpose of assessing the complexity of an organisation’s management system, AMC1 ORO.GEN.200(b) should be used.

(c)Regarding results of past oversight, the competent authority should also take into account relevant results of ramp inspections of organisations it has certified or authorised, persons and other organisation having declared their activity or persons performing operations with other-than-complex motor-powered aircraft that were performed in other Member States in accordance with ARO.RAMP.

ED Decision 2019/019/R

PROCEDURES FOR OVERSIGHT OF OPERATIONS

(a)Each organisation to which a certificate has been issued should have an inspector specifically assigned to it. Several inspectors should be required for the larger companies with widespread or varied types of operation. This does not prevent a single inspector being assigned to several companies. Where more than one inspector is assigned to an organisation, one of them should be nominated as having overall responsibility for supervision of, and liaison with, the organisation’s management, and be responsible for reporting on compliance with the requirements for its operations as a whole.

(b)Audits and inspections, on a scale and frequency appropriate to the operation, should cover at least:

(1)infrastructure,

(2)manuals,

(3)training,

(4)crew records,

(5)equipment,

(6)release of flight/dispatch,

(7)dangerous goods,

(8)organisation’s management system.

(c)The following types of inspections should be included, as part of the oversight programme:

(1)flight inspection,

(2)ground inspection (e.g. documents and records),

(3)training inspection (e.g. ground, aircraft/FSTD),

(4)ramp inspection.

The inspection should be a ‘deep cut’ through the items selected, and all findings should be recorded. Inspectors should review the root cause(s) identified by the organisation for each confirmed finding.

The competent authority should be satisfied that the root cause(s) identified and the corrective actions taken are adequate to correct the non-compliance and to prevent re-occurrence.

(d)Audits and inspections may be conducted separately or in combination. Audits and inspections may, at the discretion of the competent authority, be conducted with or without prior notice to the organisation.

(e)Where it is apparent to an inspector that an organisation has permitted a breach of the applicable requirements, with the result that air safety has, or might have, been compromised, the inspector should ensure that the responsible person within the competent authority is informed without delay.

(f)In the first few months of a new operation, inspectors should carry out oversight activities with a particular focus on the operator’s procedures, facilities, equipment, operational control and management system. They should also carefully examine any conditions that may indicate a significant deterioration in the organisation's financial management. When any financial difficulties are identified, inspectors should increase technical surveillance of the operation with particular emphasis on the upholding of safety standards.

(g)The number or the magnitude of the non-compliances identified by the competent authority will serve to support the competent authority's continuing confidence in the organisation's competence or, alternatively, may lead to an erosion of that confidence. In the latter case, the competent authority should review any identifiable shortcomings of the management system.

ED Decision 2014/025/R

FINANCIAL MANAGEMENT

Examples of trends that may indicate problems in a new organisation's financial management are:

(a)significant lay-offs or turnover of personnel;

(b)delays in meeting payroll;

(c)reduction of safe operating standards;

(d)decreasing standards of training;

(e)withdrawal of credit by suppliers;

(f)inadequate maintenance of aircraft;

(g)shortage of supplies and spare parts;

(h)curtailment or reduced frequency of revenue flights; and

(i)sale or repossession of aircraft or other major equipment items.

ED Decision 2017/006/R

STORAGE PERIODS OF RECORDS

If the organisation’s oversight cycle has been extended, the minimum storage periods for records should be aligned with the extended oversight cycle to ensure that the competent authority has access to all relevant records.

ED Decision 2014/025/R

AUDIT

(a)The oversight programme should indicate which aspects of the approval will be covered with each audit.

(b)Part of an audit should concentrate on the organisation’s compliance monitoring reports produced by the compliance monitoring personnel to determine if the organisation is identifying and correcting its problems.

(c)At the conclusion of the audit, an audit report should be completed by the auditing inspector, including all findings raised.

ED Decision 2014/025/R

RAMP INSPECTIONS

(a)When conducting a ramp inspection of aircraft used by organisations under its regulatory oversight, the competent authority should, as far as possible, comply with the requirements defined in ARO.RAMP.

(b)When conducting ramp inspections on other-than-suspected aircraft, the competent authority should take into account the following elements:

(1)repeated inspections should be avoided of those organisations for which previous inspections have not revealed safety deficiencies;

(2)the oversight programme should enable the widest possible sampling rate of aircraft flying into their territory; and

(3)there should be no discrimination on the basis of the organisation’s nationality, the type of operation or type of aircraft, unless such criteria can be linked to an increased risk.

(c)For aircraft other than those used by organisations under its regulatory oversight, when conducting a risk assessment, the competent authority should consider aircraft that have not been ramp inspected for more than 6 months.

ED Decision 2014/025/R

INDUSTRY STANDARDS

(a)For organisations having demonstrated compliance with industry standards, the competent authority may adapt its oversight programme, in order to avoid duplication of specific audit items.

(b)Demonstrated compliance with industry standards should not be considered in isolation from the other elements to be considered for the competent authority’s risk-based oversight.

(c)In order to be able to credit any audits performed as part of certification in accordance with industry standards, the following should be considered:

(1)the demonstration of compliance is based on certification auditing schemes providing for independent and systematic verification;

(2)the existence of an accreditation scheme and accreditation body for certification in accordance with the industry standards has been verified;

(3)certification audits are relevant to the requirements defined in Annex III (Part-ORO) and other Annexes to this Regulation as applicable;

(4)the scope of such certification audits can easily be mapped against the scope of oversight in accordance with Annex III (Part-ORO);

(5)audit results are accessible to the competent authority and open to exchange of information in accordance with Article 15(1) of Regulation (EC) No 216/2008; and

(6)the audit planning intervals of certification audits i.a.w. industry standards are compatible with the oversight planning cycle.

ED Decision 2014/025/R

OVERSIGHT PLANNING CYCLE

(a)When determining the oversight planning cycle and defining the oversight programme, the competent authority should assess the risks related to the activity of each organisation and adapt the oversight to the level of risk identified and to the organisation’s ability to effectively manage safety risks.

(b)The competent authority should establish a schedule of audits and inspections appropriate to each organisation's business. The planning of audits and inspections should take into account the results of the hazard identification and risk assessment conducted and maintained by the organisation as part of the organisation’s management system. Inspectors should work in accordance with the schedule provided to them.

(c)When the competent authority, having regard to an organisation's safety performance, varies the frequency of an audit or inspection, it should ensure that all aspects of the operation are audited and inspected within the applicable oversight planning cycle.

(d)The section(s) of the oversight programme dealing with ramp inspections should be developed based on geographical locations, taking into account aerodrome activity, and focusing on key issues that can be inspected in the time available without unnecessarily delaying the operations.

ED Decision 2017/006/R

OVERSIGHT PLANNING CYCLE

(a)For each organisation certified by the competent authority all processes should be completely audited at periods not exceeding the applicable oversight planning cycle. The beginning of the first oversight planning cycle is normally determined by the date of issue of the first certificate. If the competent authority wishes to align the oversight planning cycle with the calendar year, it should shorten the first oversight planning cycle accordingly.

(b)The interval between two audits for a particular process should not exceed the interval of the applicable oversight planning cycle.

(c)Audits should include at least one on-site audit within each oversight planning cycle. For organisations exercising their regular activity at more than one site, the determination of the sites to be audited should consider the results of past oversight, the volume of activity at each site, as well as main risk areas identified.

(d)For organisations holding more than one certificate, the competent authority may define an integrated oversight schedule to include all applicable audit items. In order to avoid duplication of audits, credit may be granted for specific audit items already completed during the current oversight planning cycle, subject to four conditions:

(1)the specific audit item should be the same for all certificates under consideration;

(2)there should be satisfactory evidence on record that such specific audit items were carried out and that all corrective actions have been implemented to the satisfaction of the competent authority;

(3)the competent authority should be satisfied that there is no evidence that standards have deteriorated in respect of those specific audit items being granted a credit;

(4)the interval between two audits for the specific item being granted a credit should not exceed the applicable oversight planning cycle.

ED Decision 2014/025/R

OVERSIGHT DECLARED ORGANISATIONS

(a)When determining the oversight programme of organisations having declared their activity, the competent authority should make a selection of operators to be inspected/audited based on the elements specified in ARO.GEN.305(d).

(b)For each selected operator an inspection is a sample inspection of the pre-defined inspection criteria on the basis of key risk elements and the applicable requirements.

(c)The results of past oversight activities should include information from approval activities, e.g. SPA or from other survey programmes such as ACAM.

(d)The oversight programme should also include a certain percentage of unannounced inspections.

(e)The oversight programme should be developed on a yearly basis. All operators should be considered for inclusion into the programme not later than 12 months after the date of the first declaration received. At least one inspection should be performed within each 48-month cycle starting with the date of the first declaration received.

(f)Additional audit/inspections to specific operators may be included in the oversight programme on the basis of the assessment of associated risks carried out within the occurrences reporting scheme(s).

ED Decision 2014/025/R

OVERSIGHT OF AUTHORISATION HOLDERS

(a)When determining the oversight programme of high risk commercial specialised operators holding an authorisation specialised operations authorisation holders, the competent authority should assess the risks related to the type of activity carried out by each organisation and adapt the oversight to the level of risk identified and to the organisation’s ability to effectively manage safety risks.

(b)An oversight cycle not exceeding 24 months should be applied. The oversight planning cycle may be extended to a maximum of 48 months if the competent authority has established that during the previous 24 months the organisation has been able to effectively manage safety risks.

(c)The competent authority should establish a schedule of audits and/or inspections, including unannounced inspections, appropriate to each organisation's business. The planning of audits and inspections should take into account the results of the hazard identification and risk assessment conducted and maintained by the organisation as part of the organisation’s management system. Inspectors should work in accordance with the schedule provided to them.

(d)If the specialised operations authorisation is time limited, the competent authority should adapt the schedule of audits and inspections to the duration of the specialised operation authorisation. Audits or inspections may not be necessary if an authorisation is issued for a single flight or event.

(e)When scheduling audits and inspections, the competent authority should also take into account the activity conducted by authorised organisations in other Member States. In this case the competent authority should coordinate the audit and inspection schedule with the authority of the Member State in which territory the activity is taking place.

(f)Additional audits or inspections to specific operators may be included in the oversight programme on the basis of the assessment of associated risks carried out within the occurrences reporting scheme(s).

ED Decision 2014/025/R

OVERSIGHT OF AUTHORISATION HOLDERS

Past and current authorisation process refers to relevant results of past and current authorisation and oversight activities.

ED Decision 2014/025/R

PERSONS HOLDING A LICENCE, CERTIFICATE, RATING OR ATTESTATION

The oversight of persons holding a licence, certificate, rating or attestation should normally be ensured as part of the oversight of organisations. Additionally, the competent authority should verify compliance with applicable requirements when endorsing or renewing ratings.

To properly discharge its oversight responsibilities, the competent authority should perform a certain number of unannounced verifications.

Regulation (EU) No 965/2012

(a)Upon receiving an application for the initial issue of a certificate for an organisation, the competent authority shall verify the organisation’s compliance with the applicable requirements. This verification may take into account the statement referred to in ORO.AOC.100(b).

(b)When satisfied that the organisation is in compliance with the applicable requirements, the competent authority shall issue the certificate(s), as established in Appendices I and II. The certificate(s) shall be issued for an unlimited duration. The privileges and scope of the activities that the organisation is approved to conduct shall be specified in the terms of approval attached to the certificate(s).

(c)To enable an organisation to implement changes without prior competent authority approval in accordance with ORO.GEN.130, the competent authority shall approve the procedure submitted by the organisation defining the scope of such changes and describing how such changes will be managed and notified.

ED Decision 2017/006/R

VERIFICATION OF COMPLIANCE

(a)Upon receipt of an application for an air operator certificate (AOC), the competent authority should:

(1)assess the management system and processes, including the operator’s organisation and operational control system;

(2)review the operations manual and any other documentation provided by the organisation; and

(3)for the purpose of verifying the organisation’s compliance with the applicable requirements, conduct an audit at the organisation’s facilities. The competent authority should require the conduct of one or more demonstration flights operated as if they were commercial flights, or an in-flight inspection should be conducted at the earliest opportunity.

(b)The competent authority should ensure that the following steps are taken:

(1)The organisation's written application for an AOC should be submitted at least 90 days before the date of intended operation, except that the operations manual may be submitted later, but not less than 60 days before the date of intended operation. The application form should be printed in language(s) of the competent authority's choosing.

(2)An individual should be nominated by the responsible person of the competent authority to oversee, to become the focal point for all aspects of the organisation certification process and to coordinate all necessary activity. The nominated person should be responsible to the responsible person of the competent authority for confirming that all appropriate audits and inspections have been carried out. He/she should also ensure that the necessary specific or prior approvals required by (b)(3) are issued in due course. Of particular importance on initial application is a careful review of the qualifications of the organisations’ nominated persons. Account should be taken of the relevance of the nominee's previous experience and known record.

(3)Submissions that require the competent authority's specific or prior approval should be referred to the appropriate department of the competent authority. Submissions should include, where relevant, the associated qualification requirements and training programmes.

(c)The ability of the applicant to secure, in compliance with the applicable requirements and the safe operation of aircraft, all necessary training and, where required, licensing of personnel, should be assessed. This assessment should also include the areas of responsibility and the numbers of those allocated by the applicant to key management tasks.

(d)In order to verify the organisation’s compliance with the applicable requirements, the competent authority should conduct an audit of the organisation, including interviews of personnel and inspections carried out at the organisation’s facilities.

The competent authority should only conduct such an audit after being satisfied that the application shows compliance with the applicable requirements.

(e)The audit should focus on the following areas:

(1)detailed management structure, including names and qualifications of personnel required by ORO.GEN.210 and adequacy of the organisation and management structure;

(2)personnel:

(i)adequacy of number and qualifications with regard to the intended terms of approval and associated privileges;

(ii)validity of licences, ratings, certificates or attestations as applicable;

(3)processes for safety risk management and compliance monitoring;

(4)facilities — adequacy with regard to the organisation’s scope of work;

(5)documentation based on which the certificate should be granted (organisation documentation as required by Part-ORO, including technical manuals, such as operations manual or training manual).

(f)In case of non-compliance, the applicant should be informed in writing of the corrections that are required.

(g)When the verification process is complete, the person with overall responsibility, nominated in accordance with (b)(2), should present the application to the person responsible for the issue of an AOC together with a written recommendation and evidence of the result of all investigations or assessments which are required before the operator certificate is issued. Approvals required should be attached to the recommendation. The competent authority should inform the applicant of its decision concerning the application within 60 days of receipt of all supporting documentation. In cases where an application for an organisation certificate is refused, the applicant should be informed of the right of appeal as exists under national law.

Regulation (EU) No 965/2012

(a)Upon receiving an application for a change that requires prior approval, the competent authority shall verify the organisation’s compliance with the applicable requirements before issuing the approval.

The competent authority shall prescribe the conditions under which the organisation may operate during the change, unless the competent authority determines that the organisation’s certificate needs to be suspended.

When satisfied that the organisation is in compliance with the applicable requirements, the competent authority shall approve the change.

(b)Without prejudice to any additional enforcement measures, when the organisation implements changes requiring prior approval without having received competent authority approval as defined in (a), the competent authority shall suspend, limit or revoke the organisation’s certificate.

(c)For changes not requiring prior approval, the competent authority shall assess the information provided in the notification sent by the organisation in accordance with ORO.GEN.130 to verify compliance with the applicable requirements. In case of any non-compliance, the competent authority shall:

(1)notify the organisation about the non-compliance and request further changes;

(2)in case of level 1 or level 2 findings, act in accordance with ARO.GEN.350.

ED Decision 2019/019/R

AOC HOLDERS

(a)Changes to personnel specified in Part-ORO:

(1)Any changes to the accountable manager specified in ORO.GEN.210(a) that affect the certificate or terms of approval/approval schedule attached to it, require prior approval under ARO.GEN.330(a) and ORO.GEN.130(a) and (b).

(2)When an organisation submits the name of a new nominee for any of the persons nominated as per ORO.GEN.210(b) or for a safety manager as defined under AMC1 ORO.GEN.200(a)(1), the competent authority should require the organisation to produce a written résumé of the proposed person's qualifications. The competent authority should reserve the right to interview the nominee or call for additional evidence of his or her suitability before deciding upon his or her acceptability.

(b)A simple management system documentation status sheet should be maintained, which contains information on when an amendment was received by the competent authority and when it was approved.

(c)The organisation should provide each management system documentation amendment to the competent authority, including for the amendments that do not require prior approval by the competent authority. Where the amendment requires competent authority approval, the competent authority, when satisfied, should indicate its approval in writing. Where the amendment does not require prior approval, the competent authority should acknowledge receipt in writing within 10 working days.

(d)For changes requiring prior approval, in order to verify the organisation's compliance with the applicable requirements, the competent authority should conduct an audit of the organisation, limited to the extent of the changes. If required for verification, the audit should include interviews and inspections carried out at the organisation’s facilities.

ED Decision 2014/025/R

CHANGE OF NAME OF THE ORGANISATION

(a)On receipt of the application and the relevant parts of the organisation’s documentation as required by Part-ORO, the competent authority should re-issue the certificate.

(b)A name change alone does not require the competent authority to audit the organisation, unless there is evidence that other aspects of the organisation have changed.

Regulation (EU) 2023/203

(a)For changes managed and notified to the competent authority in accordance with the procedure set out in point IS.I.OR.255(a) of Annex II (Part-IS.I.OR) to Implementing Regulation (EU) 2023/203, the competent authority shall include the review of such changes in its continuing oversight in accordance with the principles laid down in point ARO.GEN.300. If any non-compliance is found, the competent authority shall notify the organisation thereof, request further changes and act in accordance with point ARO.GEN.350.

(b)For other changes requiring an application for approval in accordance with point IS.I.OR.255(b) of Annex II (Part-IS.I.OR) to Implementing Regulation (EU) 2023/203:

(1)upon receiving the application for the change, the competent authority shall check the organisation’s compliance with the applicable requirements before issuing the approval;

(2)the competent authority shall establish the conditions under which the organisation may operate during the implementation of the change;

(3)if it is satisfied that the organisation complies with the applicable requirements, the competent authority shall approve the change.

Regulation (EU) 2018/1975

(a)Upon receiving a declaration from an organisation carrying out or intending to carry out activities for which a declaration is required, the competent authority shall verify that the declaration contains all the information required:

(1)pursuant to ORO.DEC.100 of Annex III (Part-ORO) to this Regulation; or

(2)for balloon operators pursuant to BOP.ADD.100 of Annex II (Part-BOP) to Regulation (EU) 2018/395; or

(3)for sailplane operators pursuant to SAO.DEC.100 of Annex II (Part-SAO) to Implementing Regulation (EU) 2018/1976.

After having verified the required information, the competent authority shall acknowledge receipt of the declaration to the organisation.

(b)If the declaration does not contain the required information, or contains information that indicates non-compliance with applicable requirements, the competent authority shall notify the organisation about the non-compliance and request further information. If deemed necessary the competent authority shall carry out an inspection of the organisation. If the non-compliance is confirmed, the competent authority shall take action as defined in ARO.GEN.350.

ED Decision 2014/025/R

ACKNOWLEDGEMENT OF RECEIPT

The competent authority should acknowledge receipt of the declaration in writing within 10 working days.

ED Decision 2014/025/R

VERIFICATION — DECLARATION

The verification made by the competent authority upon receipt of a declaration does not imply an inspection. The aim is to check whether what is declared complies with applicable regulations.

Regulation (EU) 2019/1384

(a)The competent authority for oversight in accordance with ARO.GEN.300(a) shall have a system to analyse findings for their safety significance.

(b)A level 1 finding shall be issued by the competent authority when any significant non-compliance is detected with the applicable requirements of Regulation (EC) No 216/2008 and its Implementing Rules, with the organisation’s procedures and manuals or with the terms of an approval, certificate, specialised operation authorisation or with the content of a declaration which lowers safety or seriously hazards flight safety.

The level 1 findings shall include:

(1)failure to give the competent authority access to the facilities of the organisation in accordance with point ORO.GEN.140 of Annex III (Part-ORO) to this Regulation, or for balloons operators in accordance with points BOP.ADD.015 and BOP.ADD.035 of Annex II (Part-BOP) to Regulation (EU) 2018/395, during normal operating hours and after two written requests;

(2)obtaining or maintaining the validity of the organisation certificate or specialised operations authorisation by falsification of submitted documentary evidence;

(3)evidence of malpractice or fraudulent use of the organisation certificate or specialised operations authorisation; and

(4)the lack of an accountable manager.

(c)A level 2 finding shall be issued by the competent authority when any non-compliance is detected with the applicable requirements of Regulation (EC) No 216/2008 and its Implementing Rules, with the organisation’s procedures and manuals or with the terms of an approval, certificate, specialised operation authorisation or with the content of a declaration which could lower safety or hazard flight safety.

(d)When a finding is detected during oversight or by any other means, the competent authority shall, without prejudice to any additional action required by Regulation (EC) No 216/2008 and its Implementing Rules, communicate the finding to the organisation in writing and request corrective action to address the non-compliance(s) identified. Where relevant, the competent authority shall inform the State in which the aircraft is registered.

(1)In the case of level 1 findings the competent authority shall take immediate and appropriate action to prohibit or limit activities, and if appropriate, it shall take action to revoke the certificate, specialised operations authorisation or specific approval or to limit or suspend it in whole or in part, depending upon the extent of the level 1 finding, until successful corrective action has been taken by the organisation.

(2)In the case of level 2 findings, the competent authority shall:

(i)grant the organisation a corrective action implementation period appropriate to the nature of the finding that in any case initially shall not be more than three months. At the end of this period, and subject to the nature of the finding, the competent authority may extend the three-month period subject to a satisfactory corrective action plan agreed by the competent authority; and

(ii)assess the corrective action and implementation plan proposed by the organisation and, if the assessment concludes that they are sufficient to address the non-compliance(s), accept these.

(3)Where an organisation fails to submit an acceptable corrective action plan, or to perform the corrective action within the time period accepted or extended by the competent authority, the finding shall be raised to a level 1 finding and action taken as laid down in (d)(1).

(4)The competent authority shall record all findings it has raised or that have been communicated to it in accordance with point (e) and, where applicable, the enforcement measures it has applied, as well as all corrective actions and date of action closure for findings.

(e)Without prejudice to any additional enforcement measures, when the authority of a Member State acting under the provisions of ARO.GEN.300(d) identifies any non-compliance with the applicable requirements of Regulation (EC) No 216/2008 and its Implementing Rules by an organisation certified by, or authorised by or declaring its activity to the competent authority of another Member State or the Agency, it shall inform that competent authority and provide an indication of the level of finding.

ED Decision 2014/025/R

TRAINING

For a level 1 finding it may be necessary for the competent authority to ensure that further training by the organisation is carried out and audited by the competent authority before the activity is resumed, dependent upon the nature of the finding.

ED Decision 2017/006/R

CORRECTIVE ACTION IMPLEMENTATION PERIOD

The 3-month period should commence from the date of the communication of the finding to the organisation in writing and requesting corrective action to address the non-compliance(s) identified.

Regulation (EU) No 379/2014

(a)If, during oversight or by any other means, evidence is found by the competent authority responsible for oversight in accordance with ARO.GEN.300(a) that shows a non-compliance with the applicable requirements by a person holding a licence, certificate, rating or attestation issued in accordance with Regulation (EC) No 216/2008 and its Implementing Rules, the competent authority shall act in accordance with ARA.GEN.355(a) to (d) of Annex VI (Part-ARA) to Commission Regulation (EU) No 1178/2011⁴⁸.

(b)If, during oversight or by any other means, evidence is found showing a non-compliance with the applicable requirements by a person subject to the requirements laid down in Regulation (EC) No 216/2008 and its Implementing Rules and not holding a licence, certificate, rating or attestation issued in accordance with that Regulation and its Implementing Rules, the competent authority that identified the non-compliance shall take any enforcement measures necessary to prevent the continuation of that non-compliance.

ED Decision 2014/025/R

GENERAL

This provision is necessary to ensure that enforcement measures will be taken also in cases where the competent authority may not act on the licence, certificate or attestation. The type of enforcement measure will depend on the applicable national law and may include for example the payment of a fine or the prohibition from exercising.

It covers two cases:

(a)persons subject to the requirements laid down in Regulation (EC) No 216/2008 and its Implementing Rules who are not required to hold a licence, certificate or attestation; and

(b)persons who are required to hold a licence, rating, certificate or attestation, but who do not hold the appropriate licence, rating, certificate or attestation as required for the activity they perform.

Regulation (EU) No 379/2014

If, during oversight or by any other means, evidence is found showing a non-compliance with the applicable requirements by an operator subject to the requirements laid down in Regulation (EC) No 216/2008 and its Implementing Rules, the competent authority that identified the non-compliance shall take any enforcement measures necessary to prevent the continuation of that non-compliance.

SUBPART OPS: AIR OPERATIONS

SECTION I – Certification of commercial air transport (CAT) operators and innovative air mobility (IAM) operators

Regulation (EU) No 379/2014

(a)The competent authority shall issue the air operator certificate (AOC) when satisfied that the operator has demonstrated compliance with the elements required in ORO.AOC.100.

(b)The certificate shall include the associated operations specifications.

(c)The competent authority may determine specific operational limitations. Such limitations shall be documented in the operations specifications.

ED Decision 2025/010/R

AREA OF OPERATION

(a)If the area of operation within the operational specifications of Appendix II to Part-ARO is not defined as ‘worldwide’ or ‘with no geographical limit’, the competent authority should describe the boundaries of a permissible area of operation by listing for example:

(1)a continuous line between a list of coordinates (Lat./Long.);

(2)the national boundary of the State of issuance of the AOC;

(3)a flight information region (FIR) boundary;

(4)a combination of adjacent FIR boundaries;

(5)ICAO region(s) as per ICAO Doc 7030; and

(6)operations in the Inter-Tropical Convergence Zone (ICTZ).

(b)The following factors should be taken into account when deciding the area of operation for CAT operations with aeroplanes and helicopters or for IAM operations with VCA:

(1)The adequacy of the operational control and maintenance arrangements within the proposed area of operation.

(2)The general suitability of the aircraft which are to be used and in particular:

(i)the performance capability of the aircraft with regard to the terrain;

(ii)the need for any special equipment;

(iii)the aircraft systems and the level of redundancy of those systems, with regard to extremes of weather or climate; and

(iv)the need for any special dispatch minima with regard to the content of the MEL.

(3)Any special training required for:

(i)weather or climatic conditions likely to be encountered; and

(ii)compliance with specific approvals under Part-SPA (MNPS, RVSM, etc.).

(4)The need for the flight crew to comply with non-standard ATC requirements such as the use of:

(i)non-standard phraseology;

(ii)altitude clearances in metres; and

(iii)altimeter settings in inches of mercury, wind speed in metres/sec, visibility in miles, etc.

(5)The navigation and communication facilities available over the routes proposed and the associated equipment of the aircraft.

(6)The adequacy of aerodromes, operating sites, vertiports or diversion locations available within the proposed area, and the availability of current maps, charts, associated documents or equivalent data.

(7)The availability of adequate search and rescue facilities, and the need to carry special survival equipment and the need for training in the use of the survival equipment.

(8)Survival equipment available for the operator and installed in the aircraft used.

Regulation (EU) No 965/2012

In considering the safety of a code-share agreement involving a third-country operator, the competent authority shall:

(1)satisfy itself, following the verification by the operator as set out in ORO.AOC.115, that the third-country operator complies with the applicable ICAO standards;

(2)liaise with the competent authority of the State of the third-country operator as necessary.

ED Decision 2014/025/R

SAFETY OF A CODE-SHARE AGREEMENT

(a)When evaluating the safety of a code-share agreement, the competent authority should check that the:

(1)documented information provided by the applicant in accordance with ORO.AOC.115 is complete and shows compliance with the applicable ICAO standards; and

(2)operator has established a code-share audit programme for monitoring continuous compliance of the third country operator with the applicable ICAO standards.

(b)The competent authority should request the applicant to make a declaration covering the above items.

(c)In case of non-compliance, the applicant should be informed in writing of the corrections which are required.

ED Decision 2014/025/R

AUDITS PERFORMED BY A THIRD PARTY PROVIDER

When audits are performed by a third party provider, the competent authority should verify if the third party provider meets the criteria established in AMC2 ORO.AOC.115(b).

Regulation (EU) 2019/1384

(a)The competent authority shall approve a lease agreement when satisfied that the operator certified in accordance with Annex III (Part-ORO) complies with:

(1)ORO.AOC.110(d), for dry leased-in third country aircraft;

(2)ORO.AOC.110(c), for wet lease-in of an aircraft from a third country operator;

(3)ORO.AOC.110(e), for dry lease-out of an aircraft to any operator, except for the cases specified in point ORO.GEN.310 of Annex III;

(4)relevant requirements of continuing airworthiness and air operations, for dry lease-in of an aircraft registered in the EU and wet lease-in of an aircraft from an EU operator.

(b)The approval of a wet lease-in agreement shall be suspended or revoked whenever:

(1)the AOC of the lessor or lessee is suspended or revoked;

(2)the lessor is subject to an operating ban pursuant to Regulation (EC) No 2111/2005⁴⁹ of the European Parliament and of the Council⁵⁰;

(3)the authorisation issued in accordance with Commission Regulation (EU) No 452/2014⁵¹ has been suspended, revoked or surrendered.

(c)The approval of a dry lease-in agreement shall be suspended or revoked whenever:

(1)the certificate of airworthiness of the aircraft is suspended or revoked;

(2)the aircraft is included in the list of operators subject to operational restrictions or it is registered in a State of which all operators under its oversight are subject to an operating ban pursuant to Regulation (EC) No 2111/2005.

(d)When asked for the prior approval of a dry-lease out agreement in accordance with ORO.AOC.110(e), the competent authority shall ensure:

(1)proper coordination with the competent authority responsible for the continuing oversight of the aircraft, in accordance with Commission Regulation (EU) No 1321/2014⁵², or for the operation of the aircraft, if it is not the same authority;

(2)that the aircraft is timely removed from the operator’s AOC except for the cases specified in point ORO.GEN.310 of Annex III.

(e)When asked for prior approval of a dry lease-in agreement in accordance with point ORO.AOC.110(d), the competent authority shall ensure proper coordination with the State of Registry of the aircraft as necessary to exercise the oversight responsibilities of the aircraft.

ED Decision 2018/003/R

WET LEASE-IN

(a)Before approving a wet lease-in agreement, the competent authority of the lessee should assess available reports on ramp inspections performed on aircraft of the lessor.

(b)The competent authority should only approve a wet lease-in agreement if the routes intended to be flown are contained within the authorised areas of operations specified in the AOC of the lessor.

ED Decision 2018/003/R

SHORT TERM WET LEASE-IN

The competent authority of the lessee may approve third country operators individually or a framework contract with more than one third country operator in anticipation of operational needs or to overcome operational difficulties taking into account the conditions defined in Article 13(3) of Regulation (EC) No 1008/2008.

ED Decision 2018/003/R

APPROVAL

(a)Except for wet lease-out, approval for an EU operator to lease an aircraft of another operator should be issued by the competent authority of the lessee and the competent authority of the lessor.

(b)When an EU operator leases an aircraft of an undertaking or person other than an operator, the competent authority of the lessee should issue the approval.

ED Decision 2019/019/R

DRY LEASE-OUT

The purpose of the requirement for the competent authority to ensure proper coordination with the authority that is responsible for the oversight of the continuing airworthiness of the aircraft in accordance with Commission Regulation (EU) No 1321/2014⁵³ is to ensure that appropriate arrangements are in place to allow:

(a)the transfer of regulatory oversight over the aircraft, if relevant; or

(b)continued compliance of the aircraft with the requirements of Commission Regulation (EU) No 1321/2014.

ED Decision 2019/019/R

LONG-TERM WET LEASE-IN AGREEMENTS BETWEEN OPERATORS REGISTERED IN DIFFERENT EU MEMBER STATES

In case of a long-term wet lease-in agreement between operators having their principal place of business in different EU Member States, the competent authorities of the lessee and the competent authority of the lessor may consider a mutual exchange of all necessary information in accordance with ARO.GEN.200(c).

SECTION Ia – Authorisation of high risk commercial specialised operations

Regulation (EU) 2019/1384

(a)Upon receiving an application for the issue of a high risk commercial specialised operations authorisation, the competent authority of the operator shall review the operator’s risk assessment documentation and standard operating procedures (SOP), related to one or more planned operations and developed in accordance with the relevant requirements of Annex VIII (Part-SPO).

(b)When satisfied with the risk assessment and SOP, the competent authority of the operator shall issue the authorisation, as established in Appendix IV. The authorisation may be issued for a limited or for unlimited duration. The conditions under which an operator is authorised to conduct one or more high risk commercial specialised operations shall be specified in the authorisation.

(c)Upon receiving an application for a change to the authorisation, the competent authority of the operator shall comply with (a) and (b). It shall prescribe the conditions under which the operator may operate during the change, unless the competent authority determines that the authorisation needs to be suspended.

(d)Upon receiving an application for the renewal of the authorisation, the competent authority of the operator shall comply with (a) and (b). It may take into account the past authorisation process and oversight activities.

(e)Without prejudice to any additional enforcement measures, when the operator implements changes without having submitted an amended risk assessment and SOP, the competent authority of the operator shall suspend, limit or revoke the authorisation.

(f)Upon receiving an application for the issue of an authorisation for a cross-border high risk commercial specialised operation, the competent authority of the operator shall review the operator’s risk assessment documentation and standard operating procedures (SOP) in coordination with the competent authority of the place where the operation is planned to be conducted. When both authorities are satisfied with the risk assessment and SOP, the competent authority of the operator shall issue the authorisation.

ED Decision 2014/025/R

GENERAL

The competent authority should make publicly available a list of activities of high risk commercial specialised operations so that operators are informed when to apply for an authorisation.

ED Decision 2014/025/R

VERIFICATION OF COMPLIANCE

(a)For the purpose of verifying the operator’s standard operating procedures (SOPs), the competent authority may conduct an audit at the operator’s facilities or require the conduct of one or more demonstration flights operated as if they were high risk commercial specialised operations.

(b)An individual should be nominated by the competent authority to become the focal point for all aspects of the authorisation process and to coordinate all necessary activity. This nominated person should confirm to the responsible person of the competent authority issuing the authorisation that all appropriate audits and inspections have been carried out.

(c)When the verification process is complete, the person, nominated in accordance with (b), should present the application to the person responsible for the issuance of an authorisation together with a written recommendation and evidence of the result of the review of the operator’s risk assessment documentation and SOPs, which is required before the authorisation is issued. The competent authority should inform the applicant of its decision concerning the application. In cases where an application for an authorisation is refused, the applicant should be informed of the right of appeal as exists under national law.

ED Decision 2014/025/R

LIMITATIONS

The competent authority may issue the authorisation for a limited duration, e.g. for a single event or a defined series of flights, or limit the operating area.

ED Decision 2014/025/R

CHANGE OF NAME OF THE ORGANISATION

(a)Upon receipt of the application for a change of the authorisation, the competent authority should re-issue the authorisation.

(b)A name change alone does not require the competent authority to re-assess the risk assessment and SOPs, unless there is evidence that other aspects of the operation have changed.

ED Decision 2014/025/R

AUTHORISATION OF CROSS-BORDER HIGH RISK COMMERCIAL SPECIALISED OPERATION

(a)An authorisation for cross-border high risk commercial specialised operations should be issued by the competent authority, when both the competent authority itself and the competent authority of the place where the operation is planned to be conducted are satisfied that the risk assessment and SOPs are appropriate for the area overflown.

(b)The authorisation should be amended to include those areas for which the operator has received the authorisation to conduct cross-border high risk commercial specialised operation.

ED Decision 2014/025/R

AUTHORISATION OF CROSS-BORDER HIGH RISK COMMERCIAL SPECIALISED OPERATION

Cross-border high risk commercial specialised operation means a high risk commercial specialised operation in a territory other than the Member State than where the operator has its principle place of business.

Regulation (EU) No 379/2014

(a)The competent authority shall approve a lease agreement involving a third country registered aircraft or a third country operator when the SPO operator has demonstrated compliance with ORO.SPO.100.

(b)The approval of a dry lease-in agreement shall be suspended or revoked whenever the certificate of airworthiness of the aircraft is suspended or revoked.

ED Decision 2014/025/R

WET LEASE-IN

Since ICAO has not stipulated globally harmonised standards for specialised operators and their operation, the applicable requirements involving a third country registered aircraft of a third country operator will be of a local or national nature. Therefore, the competent authority approving a wet lease-in agreement is encouraged to collect information on the oversight system of the state of the operator or state of registry, if applicable, in order to have a better understanding of the operation.

ED Decision 2014/025/R

LEASE AGREEMENTS BETWEEN OPERATORS REGISTERED IN AN EU MEMBER STATE

No approval is required for any lease agreements between operators having their principle place of business in an EU Member State.

SECTION II – Approvals

Regulation (EU) 2024/1111

(a)Upon receiving an application for the issue of a specific approval or changes thereof, the competent authority shall assess the application in accordance with the relevant requirements of Annex V (Part-SPA) and conduct, where relevant, an appropriate inspection of the operator.

(b)When satisfied that the operator has demonstrated compliance with the applicable requirements, the competent authority shall issue or amend the approval. The approval shall be specified in:

(1)the operations specifications, as established in Appendix II, for commercial air transport operations with aeroplanes and helicopters and for innovative air mobility (IAM) operations with VCA; or

(2)the list of specific approvals, as established in Appendix III, for non-commercial operations and specialised operations.

ED Decision 2014/025/R

PROCEDURES FOR THE APPROVAL OF CARRIAGE OF DANGEROUS GOODS

When verifying compliance with the applicable requirements of SPA.DG.100, the competent authority should check that:

(a)the procedures specified in the operations manual are sufficient for the safe transport of dangerous goods;

(b)operations personnel are properly trained in accordance with the ICAO Technical Instructions for the Safe Transport of Dangerous Goods by Air (ICAO Doc 9284-AN/905); and

(c)a reporting scheme is in place.

ED Decision 2014/025/R

PROCEDURES FOR THE APPROVAL FOR REDUCED VERTICAL SEPARATION MINIMA (RVSM) OPERATIONS

(a)When verifying compliance with the applicable requirements of Subpart D of Annex V (SPA.RVSM), the competent authority should verify that:

(1)each aircraft holds an adequate RVSM airworthiness approval;

(2)procedures for monitoring and reporting height keeping errors have been established;

(3)a training programme for the flight crew involved in these operations has been established; and

(4)operating procedures have been established.

(b)Demonstration flight(s)

The content of the RVSM application may be sufficient to verify the aircraft performance and procedures. However, the final step of the approval process may require a demonstration flight. The competent authority may appoint an inspector for a flight in RVSM airspace to verify that all relevant procedures are applied effectively. If the performance is satisfactory, operation in RVSM airspace may be permitted.

(c)Form of approval documents

Each aircraft group for which the operator is granted approval should be listed in the approval.

(d)Airspace monitoring

For airspace, where a numerical target level of safety is prescribed, monitoring of aircraft height keeping performance in the airspace by an independent height monitoring system is necessary to verify that the prescribed level of safety is being achieved. However, an independent monitoring check of an aircraft is not a prerequisite for the grant of an RVSM approval.

(1)Suspension, revocation and reinstatement of RVSM approval

The incidence of height keeping errors that can be tolerated in an RVSM environment is small. It is expected of each operator to take immediate action to rectify the conditions that cause an error. The operator should report an occurrence involving poor height keeping to the competent authority within 72 hours. The report should include an initial analysis of causal factors and measures taken to prevent repeat occurrences. The need for follow-up reports should be determined by the competent authority. Occurrences that should be reported and investigated are errors of:

(i)total vertical error (TVE) equal to or greater than ±90 m (±300 ft);

(ii)altimeter system error (ASE) equal to or greater than ±75 m (±245 ft); and

(iii)assigned altitude deviation equal to or greater than ±90 m (±300 ft).

Height keeping errors fall into two broad categories:

—errors caused by malfunction of aircraft equipment; and

—operational errors.

(2)An operator that consistently experiences errors in either category should have approval for RVSM operations suspended or revoked. If a problem is identified that is related to one specific aircraft type, then RVSM approval may be suspended or revoked for that specific type within that operator's fleet.

(3)Operators’ actions:

The operator should make an effective, timely response to each height keeping error. The competent authority may consider suspending or revoking RVSM approval if the operator's responses to height keeping errors are not effective or timely. The competent authority should consider the operator's past performance record in determining the action to be taken.

(4)Reinstatement of approval:

The operator should satisfy the competent authority that the causes of height keeping errors are understood and have been eliminated and that the operator's RVSM programmes and procedures are effective. At its discretion and to restore confidence, the competent authority may require an independent height monitoring check of affected aircraft to be performed.

ED Decision 2016/022/R

APPROVAL OF HELICOPTER OFFSHORE OPERATIONS

(a)Approval

When verifying compliance with the applicable requirements of Subpart K of Annex V (Part-SPA) to Regulation (EU) No 965/2012, the competent authority should ensure prior to issuing an approval that:

(1)the hazard identification, risk assessment and risk mitigation processes are in place;

(2)operating procedures have been established applicable to the area of operation;

(3)helicopters are appropriately certified and equipped for the area of operation;

(4)flight crew involved in these operations are trained and checked in accordance with the training and checking programmes established by the operator; and

(5)all requirements of Part-SPA, Subpart K are met.

(b)Demonstration flight(s)

The final step of the approval process may require a demonstration flight performed in the area of operation. The competent authority may appoint an inspector for a flight to verify that all relevant procedures are applied effectively. If the performance is satisfactory, helicopter offshore operations may be approved.

ED Decision 2017/004/R

PROCEDURES FOR THE APPROVAL OF COMMERCIAL AIR TRANSPORT OPERATIONS WITH SINGLE-ENGINED TURBINE AEROPLANES AT NIGHT OR IN INSTRUMENT METEOROLOGICAL CONDITIONS (SET-IMC)

(a)When verifying compliance with the applicable requirements of Subpart L (SET-IMC) of Annex V (Part-SPA) to Regulation (EU) No 965/2012, the competent authority should check that:

(1)the aeroplane is eligible for SET-IMC operations;

(2)the maintenance and operational procedures are adequate;

(3)a training programme for the flight crew involved in these operations has been established; and

(4)the operator has adequately assessed the risks of the intended operations.

In particular, the competent authority should assess the operator’s safety performance, experience and flight crew training, as reflected in the data provided by the operator with its application, to ensure that the intended safety level is achieved.

With regard to the operator’s specific SET-IMC flight crew training, the competent authority should ensure that it complies with the applicable requirements of Subpart FC (FLIGHT CREW) of Annex III (Part-ORO) and Subpart L (SET-IMC) of Annex V (Part-SPA) to Regulation (EU) No 965/2012, and that it is appropriate to the operations envisaged.

The competent authority should assess the operator’s ability to achieve and maintain an acceptable level of power plant reliability by reviewing its engine-trend-monitoring programme and propulsion reliability programme, which are established in accordance with Annex I (Part-M) to Regulation (EU) No 1321/2014.

(b)The competent authority may impose temporary restrictions to the operations (e.g. limitation to specific routes) until the operator is able to demonstrate that it has the capability to operate safely in compliance with all the applicable requirements.

(c)When issuing the approval, the competent authority should specify:

(1)the particular engine-airframe combination;

(2)the identification by registration of the individual aeroplanes designated for single-engined turbine aeroplane operations at night and/or in IMC; and

(3)the authorised areas and/or routes of operation.

VALIDATION OF OPERATIONAL CAPABILITY

Observation by the competent authority of a validation flight, simulating the proposed operation in the aeroplane, should be carried out before an approval is granted. This should include flight planning and preflight procedures, as well as a demonstration of the following simulated emergency procedures in simulated IMC/night:

(a)total failure of the propulsion system; and

(b)total loss of normally generated electrical power.

In order to mitigate the risks associated with the conduct of such emergency procedures, the following should be ensured:

(a)in case of planned single-pilot operations, the crew should be composed of the commander using view-limiting devices for the purpose of simulating IMC/night and a second rated pilot whose responsibility is to help maintain visual separation from other aircraft, clouds, and terrain;

(b)the flight should be conducted in visual meteorological conditions (VMC) by day, and additional, more restrictive weather minima may be established for the demonstration of the procedures involving higher risks; and

(c)touch drills should be used when simulating a total failure of the propulsion system.

ED Decision 2022/012/R

PROCEDURES FOR THE APPROVAL OF LOW-VISIBILITY OPERATIONS

Before issuing an approval for low-visibility operations (LVOs), the competent authority should verify that the applicant has:

(a)taken account of the relevant airworthiness requirements and limitations;

(b)established the relevant aerodrome operating minima;

(c)established and documented the relevant operating procedures;

(d)established and conducted adequate training and checking programmes;

(e)adopted the minimum equipment list (MEL) for the LVOs to be undertaken;

(f)processes to ensure that only runways and instrument procedures suitable for the intended operations are used; and

(g)established and conducted the relevant risk assessment and monitoring programmes.

ED Decision 2016/022/R

LIMITATIONS FOR HELICOPTER OFFSHORE OPERATIONS

The competent authority may impose limitations related to routes and areas of operation for offshore helicopter operations. Such limitations may be specified in the operations specifications (OPSSPEC) or specific approved documents or in the aeronautical information publication (AIP) or by other means.

For operations over sea areas, limitations may include a maximum significant wave height under which there is a good prospect of recovery of survivors. This should be linked with the available search and rescue capabilities in the different sea areas.

ED Decision 2019/019/R

SPECIFIC APPROVALS FOR TRAINING ORGANISATIONS

The specific approvals, as established in Appendix III, for non-commercial operations and specialised operations, also apply to training organisations with a principal place of business in a Member State.

ED Decision 2019/019/R

INSERTION OF RELEVANT INFORMATION INTO THE OPERATIONS SPECIFICATIONS

When issuing the operations specifications in accordance with Appendix II, where the operation does not include helicopter operations, the helicopter-related elements contained in the operations specifications may be omitted.

Regulation (EU) No 965/2012

(a)When receiving an application for initial approval of a minimum equipment list (MEL) or an amendment thereof from an operator, the competent authority shall assess each item affected, to verify compliance with the applicable requirements, before issuing the approval.

(b)The competent authority shall approve the operator’s procedure for the extension of the applicable rectification intervals B, C and D, if the conditions specified in ORO.MLR.105(f) are demonstrated by the operator and verified by the competent authority.

(c)The competent authority shall approve, on a case-by-case basis, the operation of an aircraft outside the constraints of the MEL but within the constraints of the master minimum equipment list (MMEL), if the conditions specified in ORO.MLR.105 are demonstrated by the operator and verified by the competent authority.

ED Decision 2014/025/R

EXTENSION OF RECTIFICATION INTERVALS

The competent authority should verify that the operator does not use the extension of rectification intervals as a means to reduce or eliminate the need to rectify MEL defects in accordance with the established category limit. The extension of rectification intervals should only be considered valid and justifiable when events beyond the operator’s control have precluded rectification.

Regulation (EU) No 965/2012

The competent authority may determine a distance or local area for the purpose of operations.

ED Decision 2014/025/R

GENERAL

The distance or local area should reflect the local environment and operating conditions.

Regulation (EU) No 965/2012

(a)The Member State shall designate those areas where helicopter operations may be conducted without an assured safe forced landing capability, as described in CAT.POL.H.420.

(b)Before issuing the approval referred to in CAT.POL.H.420 the competent authority shall have considered the operator’s substantiation precluding the use of the appropriate performance criteria.

ED Decision 2014/025/R

APPROVALS THAT REQUIRE ENDORSEMENT

(a)Whenever the operator applies for an approval in accordance with CAT.POL.H.420 for which an endorsement from another State is required, the competent authority should only grant the approval once endorsement of that other State has been received.

(b)The Operations Specification should be amended to include those areas for which endorsement was received.

ED Decision 2023/007/R

ENDORSEMENT BY ANOTHER STATE

(a)Whenever the operator applies for an endorsement to operate over hostile environment located outside a congested area in another State in accordance with CAT.POL.H.420, the competent authority of that other State should only grant the endorsement once it is satisfied that:

(1)the safety risk assessment is appropriate to the area overflown, considering which of the following operations are relevant to the application:

(i)HEMS operations, in accordance with SPA.HEMS.125(a)(2);

(ii)HEMS operations, in accordance with SPA.HEMS.125(a)(3);

(iii)CAT operations, other than the above; and

(2)the operator’s substantiation that preclude the use of the appropriate performance criteria are appropriate for the area overflown.

(b)The competent authority of that other State should inform the competent authority of the Member State responsible for issuing the approval.

ED Decision 2023/007/R

DESIGNATED AREAS

The authority may, based on its own assessment or on the substantiation of operators, designate different areas for the following operations:

(a)HEMS operations, in accordance with SPA.HEMS.125(a)(2);

(b)HEMS operations, in accordance with SPA.HEMS.125(a)(3);

(c)CAT operations, other than the above.

Regulation (EU) 2023/1020

(a)Upon receiving an application for the issue of, or changes to, an approval for a helicopter operation to or from a public interest site, the competent authority shall assess the application in accordance with point CAT.POL.H.225 of Annex IV and conduct any additional assessment of the operator as deemed necessary.

(b)The approval referred to in point CAT.POL.H.225 of Annex IV shall include a list of the public interest site or sites and helicopter type or types specified by the operator and to which the approval applies.

(c)The approval shall only apply to public interest sites established before 1 July 2002, or to public interest sites established before 28 October 2014 and for which a derogation from point CAT.POL.H.225 of Annex IV granted under Article 6(6) has been notified to the Commission and the Agency.

(d)If changes to the obstacle environment at a public interest site are notified or discovered, the competent authority shall assess whether the approvals it has granted covering helicopter operations to or from that site remain valid. Where permanent changes to the obstacle environment have a significantly negative safety impact, the following shall apply:

(1)the competent authority shall limit the privileges of the relevant approvals granted under point CAT.POL.H.225 of Annex IV to exclude helicopter operations to and from that site and remove the site from the list attached to the approval in accordance with point (b);

(2)the site shall no longer qualify for a public interest site approval under point CAT.POL.H.225 of Annex IV;

(3)where the new obstacles are removed, operators may apply or reapply for an approval for a helicopter operation under point CAT.POL.H.225 of Annex IV for the particular site.

(e)The competent authority shall not grant an approval under point CAT.POL.H.225 of Annex IV for a public interest site that was previously operated in performance class 1 following a change in the obstacle environment.