21.B.10 Oversight documentation
Regulation (EU) 2022/203
The competent authority shall provide all the legislative acts, standards, rules, technical publications and related documents to the relevant personnel in order to allow them to perform their tasks and to discharge their responsibilities.
21.B.15 Information to the Agency
Regulation (EU) 2022/203
(a) The competent authority of the Member State shall notify the Agency in case of any significant problems with the implementation of Regulation (EU) 2018/1139 and its delegated and implementing acts within 30 days from the time the competent authority became aware of the problem.
(b) Without prejudice to Regulation (EU) No 376/2014 of the European Parliament and of the Council and its delegated and implementing acts, the competent authority of the Member State shall provide the Agency as soon as possible with any safety-significant information stemming from the occurrence reports stored in the national database pursuant to Article 6(6) of Regulation (EU) No 376/2014.
AMC1 21.B.15(b) Information to the Agency
ED Decision 2022/021/R
AIRWORTHINESS DIRECTIVES
When the competent authority of a Member State receives an airworthiness directive from the competent authority of a non-Member State, that airworthiness directive should be transferred to EASA for dissemination in accordance with Article 76 of Regulation (EU) 2018/1139.
AMC2 21.B.15(b) Information to the Agency
ED Decision 2022/021/R
EXCHANGE OF SAFETY-SIGNIFICANT INFORMATION WITH EASA
Each competent authority should appoint a coordinator to act as the contact point for the exchange of safety-significant information between the competent authority and EASA.
GM1 21.B.15(b) Information to the Agency
ED Decision 2022/021/R
MEANING OF SAFETY-SIGNIFICANT INFORMATION THAT STEMS FROM OCCURRENCE REPORTS
Safety-significant information that stems from occurrence reports means:
(a) a conclusive safety analysis that summarises individual occurrence data and provides an in‑depth analysis of a safety issue, and that may be relevant for EASA’s safety action planning; and
(b) individual occurrence data for the cases in which EASA is the competent authority and which fulfils the reporting criteria of GM3 21.B.15(b).
GM2 21.B.15(b) Information to the Agency
ED Decision 2022/021/R
RECOMMENDED CONTENT FOR CONCLUSIVE SAFETY ANALYSES
A conclusive safety analysis should contain the following:
(a) a detailed description of the safety issue, including the scenario in which the safety issue takes place; and
(b) an indication of the stakeholders that are affected by the safety issue, including types of operations and organisations;
and, as appropriate:
(c) a risk assessment that establishes the severity and probability of all the possible consequences of the safety issue;
(d) information about the existing safety barriers that the aviation system has in place to prevent the likely consequences of the safety issue from occurring;
(e) any mitigating action that is already in place or developed to deal with the safety issue;
(f) recommendations for future action to control the risk; and
(g) any other element that the competent authority considers essential for EASA to properly assess the safety issue.
GM3 21.B.15(b) Information to the Agency
ED Decision 2022/021/R
OCCURRENCES IN WHICH EASA IS THE COMPETENT AUTHORITY
Occurrences that are related to organisations or products that are certified by EASA should be notified to EASA if:
(a) the occurrence is defined as a reportable occurrence in accordance with the applicable regulation;
(b) the organisation that is responsible for addressing the occurrence is certified by EASA; and
(c) the competent authority of the Member State comes to the conclusion that:
(1) the organisation that is certified by EASA to which the occurrence relates was not informed of the occurrence; or
(2) the occurrence was not properly addressed or was left unattended by the organisation that is certified by EASA.
Such occurrence data should be reported in a format that is compatible with the European Coordination Centre for Accident and Incident Reporting Systems (ECCAIRS) and should provide all the relevant information for its assessment and analysis, including necessary additional files in the form of attachments.
21.B.20 Immediate reaction to a safety problem
Regulation (EU) 2022/203
(a) Without prejudice to Regulation (EU) No 376/2014 of the European Parliament and of the Council and its delegated and implementing acts, the competent authority shall implement a system to appropriately collect, analyse and disseminate safety information.
(b) The Agency shall implement a system to appropriately analyse any relevant safety information received and, without undue delay, provide the relevant authority of the Member States and the Commission with any information, including recommendations or corrective actions to be taken, that is necessary for them to react in a timely manner to a safety problem involving products, parts, appliances, persons or organisations that are subject to Regulation (EU) 2018/1139 and its delegated and implementing acts.
(c) Upon receiving the information referred to in points (a) and (b), the competent authority shall take adequate measures to address the safety problem.
(d) The competent authority shall immediately notify measures taken under point (c) to all persons or organisations which need to comply with them under Regulation (EU) 2018/1139 and its delegated and implementing acts. The competent authority of the Member State shall also notify those measures to the Agency and, when combined action is required, to the other Member States concerned.
Regulation (EU) 2022/203
(a) The competent authority shall establish and maintain a management system, including as a minimum:
1. documented policies and procedures to describe its organisation, the means and methods for establishing compliance with Regulation (EU) 2018/1139 and its delegated and implementing acts. The procedures shall be kept up to date, and serve as the basic working documents within that competent authority for all its related tasks;
2. a sufficient number of personnel to perform its tasks and discharge its responsibilities. A system shall be in place to plan the availability of personnel in order to ensure the proper completion of all tasks;
3. personnel that are qualified to perform their allocated tasks and that have the necessary knowledge and experience, and receive initial and recurrent training to ensure continuing competency;
4. adequate facilities and office accommodation for personnel to perform their allocated tasks;
5. a function to monitor the compliance of the management system with the relevant requirements, and the adequacy of the procedures, including the establishment of an internal audit process and a safety risk management process. Compliance monitoring shall include a feedback system of audit findings to the senior management of the competent authority to ensure the implementation of corrective actions as necessary;
6. a person or group of persons having a responsibility to the senior management of the competent authority for the compliance monitoring function.
(b) The competent authority shall, for each field of activity, including the management system, appoint one or more persons with the overall responsibility for the management of the relevant task(s).
(c) The competent authority shall establish procedures for the participation in a mutual exchange of all necessary information and assistance with any other competent authorities concerned, whether from the same Member State or from other Member States, including on:
1. all findings raised and any follow-up actions taken as a result of the oversight of persons and organisations that carry out activities in the territory of a Member State, but certified by the competent authority of another Member State or by the Agency;
2. information stemming from mandatory and voluntary occurrence reporting as required by 21.A.3A.
(d) A copy of the procedures related to the management system of the competent authority of the Member State and their amendments shall be made available to the Agency for the purpose of standardisation.
ED Decision 2012/020/R
The competent authority designated by each Member State should have an organisation in such a way that -
a) there is specific and effective management authority in the conduct of all relevant activities,
b) the functions and processes described in Part 21 and its AMC and GM may be properly implemented,
c) the competent authority of the Member State policy, organisation and operating procedures for the implementation of Part 21 are properly documented and applied,
d) all competent authority of the Member State personnel involved in the related activities are provided with training where necessary,
e) specific and effective provision is made for the communication and interface as necessary with the Agency and the competent authorities of the Member States,
f) all functions related to the implementation of Part 21 are adequately described and shown (Standardisation).
A general policy in respect of Part 21 activities should be developed, sponsored and implemented by the manager at the highest appropriate level, for example the top of the functional area of the competent authority of the Member State that is responsible for the related matters.
Appropriate steps should be taken to ensure that the policy is known and understood by all staff involved, and all necessary steps should be taken to implement and maintain the policy.
Whilst satisfying also additional national regulatory responsibilities, the general policy should in particular take into account:
a) the provisions of the Regulation (EC) No 216/2008
b) the provisions of Part 21 and its AMC and GM
c) the needs of industry
d) the needs of the Agency and of the competent authorities of the Member States.
The policy should define specific objectives for key elements of the organisation and processes for implementation of related Part 21 activities, including the corresponding control procedures and the measurement of the achieved standard.
GM 21.B.25(b) Resources
ED Decision 2012/020/R
The organisation for related Part 21 activities should be clearly defined within the general organisation of the competent authority of the Member State, with the hierarchical and functional links, and the names of the senior staff. Although final responsibility should be placed at the top of the functional area that is responsible for the related Part 21 activities as a whole, all subordinate levels of management should be suitably resourced and empowered to fulfil their delegated tasks.
The definition of an organisation for the implementation of related Part 21 activities should include the specification of
a) a manager responsible for the specific Part 21 activity acting as internal and external focal point. The responsibility is best placed with the manager who is in control of the day-to-day functions concerning the specific Part 21 activity, although he may delegate specific tasks to other individuals;
b) individual or group responsibilities, duties and associated reporting lines;
c) the resources, human and material;
d) the documented procedures to be operated in respect of the relevant Part 21 activities.
The various tasks and responsibilities of the personnel involved in the related Part 21 activities should be clearly identified. The authority attached to the responsibilities should be enough to ensure that the activities will be performed correctly.
These responsibilities include among others:
a) the management of the organisation
b) the management of investigation teams
c) the team leadership/membership
d) the investigation and surveillance activities
e) the administrative management of certificates and approvals including record keeping
f) the external and internal interface activities including feedback to the Agency
g) the control and distribution of documentation
The definition of the organisation should include means to ensure continued effectivity of the organisation. The means should provide for a regular assessment of the organisation and its related activities as well as a feedback system for the follow up of necessary corrective actions (e.g., through the implementation of a quality system, internal audit system, etc.).
[This GM will be updated with an upcoming ED Decision - 21.B.25 amended with Regulation (EU) 2022/203]
GM 21.B.25(c) Qualification and training
ED Decision 2012/020/R
The competent authority of the Member State should ensure appropriate and adequate training of its personnel to meet the standard that is considered by the Agency necessary to perform the work. Arrangements should be made for initial and continuation training as required.
It is understood that the basic competence of the competent authority of the Member State staff is a matter of recruitment and normal management functions in selection of staff for particular duties. Moreover, it is understood that the competent authority of the Member State provides training in the basic skills as required for those duties.
However, to avoid differences in understanding and interpretation, it is considered important that all personnel involved in Part 21 activities should be provided with further training specifically related to the relevant Part 21 activity up to the common Agency standard.
The competent authority of the Member State should provide training through its own training organisation with qualified trainers or through another qualified training source (e.g., training provided by other competent authorities, the Agency or qualified entities).
[This GM will be updated with an upcoming ED Decision - 21.B.25 amended with Regulation (EU) 2022/203]
21.B.30 Allocation of tasks to qualified entities
Regulation (EU) 2022/203
(a) The competent authority may allocate tasks related to the initial certification or to the continuing oversight of products and parts, as well as of natural or legal persons subject to Regulation (EU) 2018/1139 and its delegated and implementing acts to qualified entities. When allocating tasks, the competent authority shall ensure that it has:
1. put a system in place to initially and continuously assess whether the qualified entity complies with Annex VI to Regulation (EU) 2018/1139. That system and the results of the assessments shall be documented;
2. established a written agreement with the qualified entity, approved by both parties at the appropriate management level, which stipulates:
(i) the tasks to be performed;
(ii) the declarations, reports and records to be provided;
(iii) the technical conditions to be met when performing such tasks;
(iv) the related liability coverage;
(v) the protection given to the information acquired when carrying out such tasks.
(b) The competent authority shall ensure that the internal audit process and safety risk management process established pursuant to point 21.B.25(a)(5) cover all the certification and continuing oversight tasks performed by the qualified entity on its behalf.
21.B.35 Changes in the management system
Regulation (EU) 2022/203
(a) The competent authority shall have a system in place to identify the changes that affect its capability to perform its tasks and discharge its responsibilities as defined in Regulation (EU) 2018/1139 and its delegated and implementing acts. That system shall enable the competent authority to take action necessary to ensure that its management system remains adequate and effective.
(b) The competent authority shall update in a timely manner its management system to reflect any changes to Regulation (EU) 2018/1139 and its delegated and implementing acts so as to ensure its effective implementation.
(c) The competent authority of the Member State shall notify the Agency of any changes affecting its capability to perform its tasks and discharge its responsibilities as provided for in Regulation (EU) 2018/1139 and its delegated and implementing acts.
Regulation (EU) 2022/203
(a) The competent authority shall establish a record-keeping system that allows the adequate storage, accessibility and reliable traceability of:
1. the management system’s documented policies and procedures;
2. the training, qualifications and authorisation of its personnel;
3. the allocation of tasks, covering the elements required by point 21.B.30, as well as the details of tasks allocated;
4. certification processes and continuing oversight of certified organisations, including:
(i) the application for a certificate, approval, authorisation and letter of agreement;
(ii) the competent authority’s continuing oversight programme, including all the assessments, audits and inspection records;
(iii) the certificates, approvals, authorisations and letters of agreement issued, including any changes to them;
(iv) a copy of the oversight programme, listing the dates when audits are due and when audits were carried out;
(v) copies of all formal correspondence;
(vi) recommendations for the issue or continuation of a certificate, an approval authorisation or a letter of agreement, detail of findings and actions taken by the organisations to close those findings, including the date of closure, enforcement actions and observations;
(vii) any assessment, audit and inspection report issued by another competent authority pursuant to points 21.B.120(d), 21.B.221(c) or 21.B.431(c);
(viii) copies of all the organisation expositions, handbooks or manuals, and of any amendments to them;
(ix) copies of any other documents approved by the competent authority;
5. Statements of Conformity (EASA Form 52, see Appendix VIII) and Authorised Release Certificates (EASA Form 1, see Appendix I) that it has validated for organisations that produce products, parts or appliances without a production organisation approval certificate according to Subpart F of Section A of this Annex.
(b) The competent authority shall include in the record-keeping:
1. documents supporting the use of alternative means of compliance
2. safety information in accordance with point 21.B.15 and follow-up measures;
3. the use of safeguard and flexibility provisions in accordance with Articles 70, 71(1) and 76(4) of Regulation (EU) 2018/1139.
(c) The competent authority shall maintain a list of all the certificates, approvals, authorisations and letters of agreement it has issued.
(d) All the records referred to in points (a), (b) and (c) shall be kept for a minimum period of 5 years, subject to applicable data protection law.
(e) All the records referred to in points (a), (b) and (c) shall be made available, upon request, to a competent authorities of another Member State or to the Agency.
GM 21.B.55 Record-keeping for design approvals transferred to the Agency
ED Decision 2021/007/R
Record-keeping related to design approvals, for which the responsibility is transferred to the Agency, will remain initially with the competent authority of the Member State that has granted the design approvals, but will be at the disposal of the Agency. This GM specifies the administrative documents to be kept for the various kinds of design approvals. It does not repeat the requirements for design approvals holders to keep records (ref.: 21.A.55, 21.A.605).
1. Type-certificate
a) Copy of the type-certificate
b) Copy of the type-certificate data sheet
c) Environmental protection approval data
d) Documents defining the type-certification basis including information to justify special conditions, equivalent safety findings and exemptions (Certification Review Items or equivalent)
e) List of approved modifications,
f) List of the competent authority’s approved publications (Flight Manual, Repair Manual, Airworthiness Limitations, Certification Maintenance Requirements)
g) Airworthiness directives
h) Master Minimum Equipment List
i) Maintenance Review Board Report
2. Supplemental type certificate
— Copy of supplemental type certificate
— Environmental protection approval data
— Documents defining the certification basis including information to justify special conditions, equivalent safety findings and exemptions (Certification Review Items or equivalent)
— List of the competent authority’s approved documents
— Airworthiness directives
3. JTSO Authorisation
— Copy of JTSO authorisation letter
— Copy of Declaration of Design and Performance
— Statement of compliance with applicable standards
— Airworthiness directives
4. Other part or appliance approvals
a) Copy of approval letter,
b) Copy of Declaration of Design and Performance or equivalent
c) Statement of compliance with applicable standards
d) Airworthiness Directives
5. Changes from non TC or STC holders
a) Modification approval sheet, or equivalent document
b) Documents required by 21.A.105, or equivalent national requirement
Note: Not applicable to minor design changes approved under a DOA privilege, for which record keeping is under the DOA holder responsibility.
6. Repair design approvals
a) Repair approval sheet
b) Documents listed in 21.A.447, or equivalent national requirement
Note: Not applicable to repair design approved under a DOA privilege, for which record keeping is under the DOA holder responsibility.
AMC1 21.B.55(a) Record-keeping
ED Decision 2022/021/R
GENERAL
(a) The record-keeping system should ensure that all the records are accessible within a reasonable time whenever they are needed. Those records should be organised in a manner that ensures their traceability and retrievability throughout the required retention period.
(b) All the records that contain sensitive data on applicants or organisations should be stored in a secure manner with controlled access, to ensure their confidentiality.
(c) The records should be kept in paper form, or in an electronic format, or a combination of both. Records that are stored on microfilm or optical discs are also acceptable. The records should remain legible and accessible throughout the required retention period. The retention period starts when the record is created.
(d) Paper record systems should use robust material that can withstand normal handling and filing. Computer record systems should have at least one backup system that should be updated within 24 hours of any new entry. Computer record systems should include safeguards to prevent unauthorised personnel from altering the data.
(e) All the computer hardware that is used to ensure the backup of data should be stored in a different location from the one that contains the working data and in an environment that ensures that the data remains in a good condition. When hardware or software changes take place, special care should be taken that all the necessary data continues to be accessible throughout at least the full period that is specified in point 21.B.55(d).
AMC1 21.B.55(a)(1) and (a)(2) Record-keeping
ED Decision 2022/021/R
COMPETENT AUTHORITY MANAGEMENT SYSTEM
The records that are related to the competent authority’s management system should include, as a minimum, and as applicable:
(a) the documented policies and procedures;
(b) the personnel files of the competent authority personnel, with the supporting documents related to their training and qualifications;
(c) the results of the competent authority’s internal audits and safety risk management processes, including audit findings, as well as any corrective, preventive, and risk mitigation action; and
(d) the contracts that are established with the qualified entities that perform certification or oversight tasks on behalf of the competent authority.
ED Decision 2022/021/R
TRACEABILITY OF RELEASE CERTIFICATES
The record-keeping of those EASA Forms 52 and 1 that are validated by the competent authority should allow the verification of that validation by the parties concerned, including the recipients of the release certificates.
21.B.65 Suspension, limitation and revocation
Regulation (EU) 2022/203
The competent authority shall:
(a) suspend a certificate, approval, permit to fly, authorisation or letter of agreement when it considers that there are reasonable grounds that such action is necessary to prevent a credible threat to aircraft safety;
(b) suspend, revoke or limit a certificate, approval, permit to fly, authorisation or letter of agreement if such action is required pursuant to points 21.B.125, 21.B.225 or 21.B.433;
(c) suspend or revoke a certificate of airworthiness or a noise certificate upon evidence that some of the conditions specified in points 21.A.181(a) or 21.A.211(a) are not met;
(d) suspend or limit in whole or in part a certificate, approval, permit to fly, authorisation or letter of agreement if unforeseeable circumstances outside the control of the competent authority prevent its inspectors from discharging their oversight responsibilities over the oversight planning cycle.