21.B.70 Certification specifications

Regulation (EU) 2019/897

The Agency, in accordance with Article 76(3) of Regulation (EU) 2018/1139, shall issue certification specifications and other detailed specifications, including certification specifications for airworthiness, operational suitability data and environmental protection, that competent authorities, organisations and personnel may use to demonstrate compliance of products, parts and appliances with the relevant essential requirements set out in Annexes II, IV and V to that Regulation, as well as with those for environmental protection set out in Article 9(2) and Annex III of that Regulation. Such specifications shall be sufficiently detailed and specific to indicate to applicants the conditions under which certificates are to be issued, amended or supplemented.

21.B.75  Special conditions

Regulation (EU) 2019/897

(a) The Agency shall prescribe special detailed technical specifications, named ‘special conditions, for a product if the related certification specifications do not contain adequate or appropriate safety standards for the product because:

1.  the product has novel or unusual design features relative to the design practices on which the applicable certification specifications are based;

2.  the intended use of the product is unconventional; or

3.  experience from other similar products in service or products having similar design features or newly identified hazards have shown that unsafe conditions may develop.

(b) Special conditions contain such safety standards as the Agency finds necessary in order to establish a level of safety equivalent to that of the applicable certification specifications.

GM1 21.B.75 Special conditions

ED Decision 2021/001/R

GENERAL

The term ‘novel or unusual design features’ should be judged in view of the applicable certification basis for the product. A design feature, in particular, should be judged to be a ‘novel or unusual design feature’ when the certification basis does not sufficiently cover this design.

The term ‘unsafe condition’ is used with the same meaning as described in GM1 21.A.3B(b).

The term ‘newly identified hazards’ is intended to address new risks that may be recognised in the design (e.g. questionable features) or its operational characteristics (e.g. volcanic ash) for which there is not yet enough in-service experience.

21.B.80  Type-certification basis for a type-certificate or restricted type-certificate

Regulation (EU) 2019/897

The Agency shall establish the type certification basis and notify it to the applicant for a type-certificate or restricted type-certificate. The type certification basis shall consist of:

(a) the certification specifications for airworthiness designated by the Agency from those applicable to the product at the date of application for that certificate, unless:

1. the applicant chooses to comply, or is required to comply in accordance with point 21.A.15(f), with certification specifications which became applicable after the date of the application; If an applicant chooses to comply with a certification specification which became applicable after the date of the application, the Agency shall include in the type-certification basis any other certification specification that is directly related; or

2.  the Agency accepts any alternative to a designated certification specification that cannot be complied with, for which compensating factors have been found that provide an equivalent level of safety; or

3.  the Agency accepts or prescribes other means that:

(i)  in the case of a type-certificate, demonstrate compliance with the essential requirements of Annex II to Regulation (EU) 2018/1139; or

(ii)  in the case of a restricted type-certificate, provide a level of safety adequate with regard to the intended use; and

(b) any special condition prescribed by the Agency in accordance with point 21.B.75(a).

GM 21.B.80  Type-certification basis for a type certificate (TC) or restricted type certificate (RTC)

ED Decision 2019/018/R

1. INTRODUCTION

This GM addresses the type-certification basis for a TC or an RTC.

2. APPLICABLE CERTIFICATION SPECIFICATIONS (CSs) (see point 21.B.80(a))

The type-certification basis for a TC or an RTC consists of the airworthiness CSs that were effective on the date of application and were applicable for that certificate.

The effectivity date of the initial application may be changed, as per point 21.A.15(f)(2), when the period of validity of an application for a type certificate is exceeded, or it is evident that it will be exceeded, and the applicant requests an extension; see GM 21.A.15(e) and (f).

The certification basis is then revised accordingly.

3. ELECT TO COMPLY (see point 21.B.80(a)(1))

It is also possible for an applicant to elect to comply with a CS that entered into force after the date on which the applicant has submitted the application.

EASA should assess whether the proposed certification basis is appropriate to ensure that the ‘elect to comply’ proposal includes any other CSs that are ‘directly related’ to one or several of the CSs in it. Directly related CSs are those that are deemed to contribute to the same safety objective by building on each other’s requirements, addressing complementary aspects of the same safety concern, etc. Typically, they are adopted simultaneously with, or prior to, the CSs with which the applicant has elected to comply.

4. EQUIVALENT LEVEL OF SAFETY (see point 21.B.80(a)(2))

In cases in which the applicable CSs cannot be literally complied with, either fully or in part, EASA may accept a suitable alternative which provides an equivalent level of safety through the use of appropriate compensating factors.

In cases in which the requirements contain not only objectives but also prescriptive parts, an equivalent level of safety may be accepted if:

      the objectives are met by designs or features other than those required in the CSs; or

      suitable compensating factors are proposed.

5. ALTERNATIVE MEANS OF COMPLIANCE (see point 21.B.80(a)(3))

If the intent of the CSs defined in point 21.B.80(a) cannot be met, EASA may accept mitigating factors to the CSs, provided that the safety objective is met.

In the case of a TC, the alternative means should provide a demonstration of compliance with the essential requirements for airworthiness laid down in Annex II to Regulation (EU) 2018/1139.

In the case of an RTC, the alternative means should provide a sufficient level of safety for the intended use.

Note: ‘Alternative means of compliance’ should not be confused with ‘AMC’.

6. SPECIAL CONDITIONS (see point 21.B.75)

EASA may also prescribe special conditions in accordance with point 21.B.75. Guidance on special conditions is provided in GM 21.B.75.

21.B.82  Operational suitability data certification basis for an aircraft type-certificate or restricted type-certificate

Regulation (EU) 2019/897

The Agency shall establish the operational suitability data certification basis and notify it to the applicant for an aircraft type-certificate or restricted type-certificate. The operational suitability data certification basis shall consist of:

(a) the certification specifications for operational suitability data designated by the Agency out of those applicable to the aircraft at the date of the application or at the date of the application supplement for operational suitability data, whichever date is later, unless:

1. the applicant chooses to comply, or in accordance with point 21.A.15(f) is required to comply with certification specifications which became applicable after the date of the application; If an applicant chooses to comply with a certification specification which became applicable after the date of the application, the Agency shall include in the type-certification basis any other certification specification that is directly related; or

2. the Agency accepts or prescribes alternative means to demonstrate compliance with the relevant essential requirements of Annexes II, IV and V to Regulation (EU) 2018/1139.

(b) any special condition prescribed by the Agency in accordance with point 21.B.75(a).

GM 21.B.82 Operational suitability data (OSD) certification basis for an aircraft type certificate (TC) or restricted type certificate (RTC)

ED Decision 2019/018/R

1. INTRODUCTION

This GM addresses the OSD certification basis for a TC or an RTC.

2. APPLICABLE CERTIFICATION SPECIFICATIONS (CSs) (see point 21.B.80(a))

The OSD certification basis for a TC or an RTC consists of the OSD CSs that were applicable for that certificate and that were effective on the date of application for the TC or RTC or, if applicable, on the date of the application supplement.

The effectivity date of the initial application for the TC or RTC may be changed, as per point 21.A.15(f)(2), when the period of validity for an application for a type certificate is exceeded, or it is evident that it will be exceeded, and the applicant requests an extension; see GM 21.A.15(e) and (f). As a consequence, the OSD certification basis will be revised accordingly.

3. ELECT TO COMPLY (see point 21.B.82(a)(1))

It is also possible for an applicant to elect to comply with a CS that entered into force after the date on which the applicant has submitted the application.

EASA should assess whether the proposed certification basis is appropriate to ensure that the ‘elect to comply’ proposal includes any other CSs that are ‘directly related’ to one or several of the CSs in it.

Directly related CSs are those that are deemed to contribute to the same safety objective by building on each other’s requirements, addressing complementary aspects of the same safety concern, etc. Typically, they are adopted simultaneously with, or prior to, the CSs with which the applicant has elected to comply.

4. EQUIVALENT LEVEL OF SAFETY (see point 21.B.82(a)(2))

In cases in which the applicable CS(s) cannot be literally complied with, either fully or in part, EASA may accept a suitable alternative which provides an equivalent level of safety through the use of appropriate compensating factors.

In cases in which the requirements contain not only objectives but also prescriptive parts, an equivalent level of safety may be accepted if:

      the objectives are met by designs or features other than those required in the CSs; or

      appropriate compensating factors are proposed.

5. ALTERNATIVE MEANS OF COMPLIANCE (see point 21.B.82(a)(2))

If the intent of the CSs defined in point 21.B.82(a) cannot be met, EASA may accept mitigating factors to the CSs, provided that the safety objective is met.

In the case of a TC, the alternative means should provide a demonstration of compliance with the essential requirements for airworthiness laid down in Annex II to Regulation (EU) 2018/1139.

In the case of an RTC, the alternative means should provide a sufficient level of safety for the intended use.

Note: ‘Alternative means of compliance’ should not be confused with ‘AMC’.

6.  SPECIAL CONDITIONS (see point 21.B.75)

EASA may also prescribe special conditions in accordance with point 21.B.75. Guidance on special conditions is provided in GM 21.B.75.

21.B.85 Designation of applicable environmental protection requirements for a type-certificate or restricted type-certificate

Regulation (EU) 2021/1088

(a) The Agency shall designate and notify to the applicant the applicable environmental protection requirements for a type-certificate or restricted type-certificate for an aircraft or for a type certificate for an engine. The designation and notification shall contain:

1. the applicable noise requirements established in:

(i) Annex 16 to the Chicago Convention, Volume I, Part II, Chapter 1 and:

(A) for subsonic jet aeroplanes, in Chapters 2, 3, 4 and 14;

(B) for propeller-driven aeroplanes, in Chapters 3, 4, 5, 6, 10, and 14;

(C) for helicopters, in Chapters 8 and 11;

(D) for supersonic aeroplanes, in Chapter 12; and

(E) for tilt rotors, in Chapter 13.

(ii) Annex 16 to the Chicago Convention, Volume I:

(A) Appendix 1 for aeroplanes for which Chapters 2 and 12 of Annex 16 to the Chicago Convention, Volume I, Part II are applicable;

(B) Appendix 2 for aeroplanes for which Chapters 3, 4, 5, 8, 13 and 14 of Annex 16 to the Chicago Convention, Volume I, Part II are applicable;

(C) Appendix 3 for aeroplanes for which Chapter 6 of Annex 16 to the Chicago Convention, Volume I, Part II is applicable;

(D) Appendix 4 for aeroplanes for which Chapter 11 of Annex 16 to the Chicago Convention, Volume I, Part II is applicable; and

(E) Appendix 6 for aeroplanes for which Chapter 10 of Annex 16 to the Chicago Convention, Volume I, Part II is applicable;

2. the applicable emissions requirements for preventions of intentional fuel venting for aircraft established in Annex 16 to the Chicago Convention, Volume II, Part II, Chapters 1 and 2;

3. the applicable smoke, gaseous and particulate matter engine emissions requirements established in:

(i) Annex 16 to the Chicago Convention, Volume II, Part III, Chapter 1 and:

(A) for smoke and gaseous emissions of turbojet and turbofan engines intended for propulsion only at subsonic speeds, in Chapter 2;

(B) for smoke and gaseous emissions of turbojet and turbofan engines intended for propulsion at supersonic speeds, in Chapter 3; and

(C) for particulate matter emissions of turbojet and turbofan engines intended for propulsion only at subsonic speeds, in Chapter 4;

(ii) Annex 16 to the Chicago Convention, Volume II:

(A) Appendix 1 for the measurement of reference pressure ratio;

(B) Appendix 2 for smoke emissions evaluation;

(C) Appendix 3 for instrumentation and measurement techniques for gaseous emissions;

(D) Appendix 4 for specifications for fuel to be used in aircraft turbine engine emissions testing;

(E) Appendix 5 for instrumentation and measurement techniques for gaseous emissions from afterburning gas turbine engines;

(F) Appendix 6 for compliance procedure for gaseous, smoke and particulate matter emissions; and

(G) Appendix 7 for instrumentation and measurement techniques for non-volatile particulate matter;

4. the applicable aeroplane CO2 emissions requirements established in:

(i) Annex 16 to the Chicago Convention, Volume III, Part II, Chapter 1, and:

(A) for subsonic jet aeroplanes, in Chapter 2; and

(B) for subsonic propeller-driven aeroplanes, in Chapter 2;.

(ii) Annex 16 to the Chicago Convention, Volume III, Appendices 1 and 2, for aeroplanes for which Chapter 2 of Annex 16 to the Chicago Convention, Volume III, Part II is applicable;

5. for engines, the applicable requirements in Annex 16 to the Chicago Convention, Volume II, Part IV and Appendix 8 concerning non-volatile particulate matter assessment for inventory and modelling purposes.

(b) (reserved).

GM1 21.B.85(a) Applicable environmental protection requirements

ED Decision 2021/011/R

1. APPLICABLE ENVIRONMENTAL PROTECTION REQUIREMENTS

The applicable environmental protection requirements are the Standards and Recommended Practices in Volume I, Volume II and Volume III of Annex 16 to the Chicago Convention for aircraft and engines for which the first subparagraph of Article 9(2) of Regulation (EU) 2018/1139 applies. The applicable levels of amendment to Annex 16 to the Chicago Convention are those adopted in the first subparagraph of Article 9(2) of Regulation (EU) 2018/1139.

2. AIRCRAFT NOISE

Guidance material for the application of the certification procedures for aircraft noise is presented in:

(a) Volume I of Annex 16 to the Chicago Convention:

(1) in Attachment A for equations for the calculation of maximum permitted noise levels as a function of take-off mass;

(2) in Attachment D for evaluating an alternative method of measuring helicopter noise during approach;

(3) in Attachment E for applicability of noise certification standards for propeller‑driven aeroplanes; and

(4) in Attachment F for guidelines for noise certification of tilt rotors; and

(b) ICAO Doc 9501 ‘Environmental Technical Manual’, Volume I ‘Procedures for the Noise Certification of Aircraft’, except Chapter 8.

3. FUEL VENTING

Guidance material for the application of the certification procedures for aircraft engine emissions is presented in ICAO Doc 9501 ‘Environmental Technical Manual’ Volume II ‘Procedures for the Emissions Certification of Aircraft Engines’.

4. ENGINE EMISSIONS

4.1. Guidance material related to engine emissions requirements

Guidance material for the application of the certification procedures for aircraft engine emissions is presented in:

(a) Attachment E to Appendix 3 to Volume II of Annex 16 to the Chicago Convention for the calculation of the emissions parameters; and

(b) ICAO Doc 9501 ‘Environmental Technical Manual’ Volume II ‘Procedures for the Emissions Certification of Aircraft Engines’.

4.2. Engine emissions requirements for inventory and modelling purposes

Aircraft engine manufacturers are required to calculate the nvPM mass and nvPM number system loss correction factors as per Appendix 8 to Volume II of Annex 16 to the Chicago Convention and to report them to the competent authority. The nvPM mass and number system loss correction factors permit an estimation of the nvPM mass and number emissions at the exhaust of the aircraft engine from the nvPM mass and number concentration obtained in accordance with the procedures laid down in Appendix 7 to Volume II of Annex 16 to the Chicago Convention.

5. AEROPLANE CO2 EMISSIONS

Guidance material for the application of the certification procedures for aeroplane CO2 emissions is contained in ICAO Doc 9501 ‘Environmental Technical Manual’, Volume III ‘Procedures for the CO2 Emissions Certification of Aeroplanes’.

21.B.100  Level of involvement

Regulation (EU) 2019/897

(a) The Agency shall determine its involvement in the verification of the compliance demonstration activities and data related to the application for a type-certificate, restricted type-certificate, major change approval, supplemental type certificate, major repair design approval or ETSO authorisation for APU. It shall do so on the basis of an assessment of meaningful groups of compliance demonstration activities and data of the certification programme. That assessment shall address:

      the likelihood of an unidentified non-compliance with the type-certification basis, operational suitability data certification basis or environmental protection requirements; and

      the potential impact of that non-compliance on product safety or environmental protection,

and consider at least the following elements:

1.  novel or unusual features of the certification project, including operational, organisational and knowledge management aspects;

2.  complexity of the design and/or demonstration of compliance;

3.  criticality of the design or technology and the related safety and environmental risks, including those identified on similar designs; and

4.  performance and experience of the design organisation of the applicant in the domain concerned.

(b) For the approval of a minor repair design, minor change or ETSO authorisation other than for APU, the Agency shall determine its involvement at the level of the entire certification project, taking into account any novel or unusual features, complexity of the design and/or demonstration of compliance, criticality of the design or technology, as well as the performance and experience of the applicant's design organisation.

(c) The Agency shall notify its level of involvement to the applicant and it shall update its level of involvement when this is warranted by information which has an appreciable impact on the risk previously assessed pursuant to point (a) or (b). The Agency shall notify the applicant about the change in the level of involvement.

AMC 21.B.100(a) and 21.A.15(b)(6)  Level of involvement (LoI) in a certification project for a type certificate (TC), a major change to a TC, a supplemental type certificate (STC), a major repair design or European technical standard order (ETSO) authorisation for an auxiliary power unit (APU)

ED Decision 2019/018/R

1. Definitions

Risk: the combination of the likelihood and the potential impact of a non-compliance with part of the certification basis.

Likelihood: a prediction of how likely an occurrence of non-compliance with part of the certification basis is, based on a combination of the novelty and complexity of the proposed design and its related compliance demonstration activities, as well as on the performance of the design organisation.

Criticality: a measure of the potential impact of a non-compliance with part of the certification basis on product safety or on the environment.

Compliance demonstration item (CDI): a meaningful group of compliance demonstration activities and data of the certification programme, which can be considered in isolation for the purpose of performing a risk assessment.

EASA panel: an EASA panel is composed of one or more experts who are responsible for a particular technical area. Each technical area addressed during product certification is covered by an EASA panel.

EASA discipline: an EASA discipline is a technical subarea of an EASA panel.

EASA’s level of involvement (LoI): the compliance demonstration activities and data that EASA retains for verification during the certification process, as well as the depth of the verification.

2. Background

The applicant has to submit a certification programme for their compliance demonstrations in accordance with point 21.A.15(b). The applicant has to break down the certification programme into meaningful groups of compliance demonstration activities and data, hereinafter referred as ‘CDIs’, and provide their proposal for EASA’s LoI.

The applicant should also indicate the EASA panel(s) that is (are) affected by each CDI.

This AMC explains:

(a)  how to propose EASA’s LoI for each CDI as per points 21.A.15(b)(6), 21.A.93(b)(3)(iii), 21.A.432C(b)(6) as well as 21.A.113(b); and

(b)  how EASA will determine its LoI on the basis of the criteria established in point 21.B.100.

EASA will review the proposal and determine its LoI. Both parties, in mutual trust, should ensure that the certification project is not delayed through the LoI proposal and determination.

Additionally, in accordance with point 21.A.20, the applicant has the obligation to update the certification programme, as necessary, during the certification process, and report to EASA any difficulty or event encountered during the compliance demonstration process which may require a change to the LoI that was previously notified to the applicant.

In such a case, or when EASA has other information that affects the assumptions on which the LoI was based, EASA will revisit its LoI determination.

In accordance with points 21.A.33, 21.A.447 and 21.A.615, irrespective of the LoI, EASA has the right to review any data and information related to compliance demonstration.

Note: This AMC should not be considered to be interpretative material for the classification of changes or repairs.

3. Principles and generic criteria for the LoI determination EASA determines its LoI based on the applicant’s proposal in view of the risk (the combination of the likelihood of an unidentified non-compliance and its potential impact). This is performed after proper familiarisation with the certification project in three steps:

      Step 1: identification of the likelihood of an unidentified non-compliance,

      Step 2: identification of the risk class, and

      Step 3: determination of EASA’s LoI.

This AMC contains criteria, common to all EASA panels, for the determination of:

      any novel or unusual features of the certification project, including operational, organisational and knowledge management aspects;

      the complexity of the design and/or compliance demonstration;

      the performance and experience of the design organisation of the applicant in the domain concerned;

      the criticality of the design or technology and the related safety and environmental risks, including those identified on similar designs; and

      the data and activities to be retained by EASA.

Note: Additional panel-specific criteria are available in further informative material published by EASA36 Such additional criteria are contained as an attachment to the EASA Certification Memorandum (CM) CM-21.A/21.B-001, available at: https://www.easa.europa.eu/document-library/product-certification-consu….. This material should not be considered to be AMC.

For CS-23 commuter (or CS-23 level 4 airplanes as defined in CS-23 Amdt 5), CS-25, CS-27 and CS-29 aircraft, all the panel-specific additional criteria should be considered. For the other products, the panel-specific criteria should only be considered for CDIs that affect noise, propulsion, development assurance and safety assessment (DASA), operational suitability data (OSD) and software and airborne electronic hardware.

The criteria used to determine the likelihood and the potential impact of an unidentified non-compliance generally allow a proportionate approach to be applied, in particular in order to differentiate between CS-25 and general aviation (GA) aircraft projects.

3.1. LoI determination at CDI level

The determination of EASA’s LoI is performed at the level of the CDI (please refer to AMC 21.A.15(b)(5)).

The applicant should demonstrate that all the affected elements of the type-certification basis as specified in point 21.B.80, of the OSD certification basis as specified in point 21.B.82, and of the environmental protection requirements as specified in 21.B.85, the corresponding means and methods of compliance, as well as the corresponding certification activities and data, are fully covered by the proposed CDIs. If the provided data does not clearly show that this is the case, the applicant should clearly state to EASA that all the above-mentioned elements are fully covered.

Note: There could be different ways to ‘clearly show’ that all the elements of the certification basis are included in at least one CDI. For instance, this could be achieved by means of a ‘CDI reference’ column added in the table that lists all the elements of the certification basis.

3.2. Method for determining the likelihood of an unidentified non-compliance

3.2.1. Principle The likelihood of an unidentified non-compliance is assessed on the basis of the following criteria:

      novelty,

      complexity, and

      the performance of the design organisation.

3.2.2. Novelty

For the purpose of risk class determination, the following simplification has been made: a CDI may be either novel or non-novel.

Whether or not a CDI is novel is based on the extent to which the respective elements of the certification project, as well as the related requirement or means of compliance, are new/novel to either the industry as a whole, or to the applicant, including their subcontractors, or from an EASA panel perspective.

The determination that a CDI is novel may be driven by the use of new technology, new operations, new kind of installations, the use of new requirements or the use of new means of compliance.

When an applicant utilises a type of technology for the first time, or when that applicant is relatively unfamiliar with the technology, this technology is considered to be ‘novel’, even if other applicants may be already familiar with it. This also means that a type of technology may no longer be novel for one applicant, while it may still be novel for other applicants.

The following list includes some examples:

      new materials or combinations of materials;

      a new application of materials or combinations of materials;

      new manufacturing processes;

      a new or unusual aircraft configuration and/or system architecture;

      a novel reconfiguration of systems;

      a new interface or interaction with other parts or systems;

      the unusual location of a part or a system, or an unusual construction;

      a new or unusual use;

      new functions;

      new kinds of operations;

      the potential for new failure modes;

      the introduction of a new threat (e.g. new threats regarding fire, fuel, hydrogen, energy storage devices, etc.) or a new prevention/detection/mitigation method;

      new maintenance techniques;

      novel operating conditions or limitations;

      a new human-machine interface (HMI); or

      new flight or cabin crew tasks.

Another consideration is the extent to which the requirements, means of compliance or guidance have changed or need to be adapted due to particular novel features of the design.

The following list includes some examples:

      recently issued or amended CSs with which the applicant has little or no experience;

      new or adapted special conditions;

      new or adapted equivalent safety findings;

      new or adapted deviations;

      new or adapted guidance or interpretative material;

      new or adapted means of compliance (i.e. other than those previously applied by the applicant) or unusual means of compliance (different from the existing guidance material and/or different from industry standard practices), e.g. the replacing of tests by simulation, numerical models or analytical methods;

      the use of new or adapted industry standards or in-house methods, as well as EASA’s familiarity with these standards and methods;

      a change in methodology, tools or assumptions (compared with those previously applied by the applicant), including changes in software tools/programs; or

      novelty in the interpretation of the results of the compliance demonstration, e.g. due to in-service occurrences (compliance demonstration results are interpreted differently from the past).

Additional new guidance/interpretative material in the form of new certification memoranda (CM) may be considered for the determination of novelty if its incorrect application/use may lead to an unidentified non-compliance. In the context of novelty, the time between the last similar project and the current project of the applicant should also be considered.

Regardless of the extent of an organisation’s previous experience in similar projects, a CDI may be classified as novel if there are specific discontinuities in the process for transferring information and know-how within the organisation.

3.2.3. Complexity For the purpose of risk class determination, the following simplification has been made: a CDI may be either complex or non-complex. For each CDI, the determination of whether it is complex or not may vary based on factors such as the design, technology, associated manufacturing process, compliance demonstration (including test set-ups or analysis), interpretation of the results of the compliance demonstration, interfaces with other technical disciplines/CDIs, and the requirements. The compliance demonstration may be considered to be ‘complex’ for a complex (or highly integrated) system, which typically requires more effort from the applicant. The following list includes some examples:

      Compliance demonstration in which challenging assessments are required, e.g.:

      for requirements of a subjective nature, i.e. they require a qualitative assessment, and do not have an explicit description of the means of compliance with that requirement, or the means of compliance are not a common and accepted practice; this is typically the case where the requirement uses terms such as ‘subjective’, ‘qualitative’, ‘assessment’ or ‘suitable’/‘unsuitable’

      in contrast, engineering judgement for a very simple compliance demonstration should not be classified as ‘complex’;

      a test for which extensive interpretation of the results may be anticipated;

      an analysis that is sensitive to assumptions and could potentially result in a small margin of safety;

      the classification of structures, depending on the conservatism of the method;

      an advanced analysis of dynamic behaviour;

      a multidisciplinary compliance demonstration in which several panels are involved and interface areas need to be managed (e.g. sustained engine imbalance, extended-range twin-engine operation performance standards (ETOPS), 2X.1309 assessment, flight in known icing conditions, full authority digital engine control (FADEC)-controlled engines, etc.);

      when the representativeness of a test specimen is questionable, e.g. due to its complexity;

      the introduction of complex work-sharing scheme with system or equipment suppliers.

For major changes, the complexity of the change should be taken into account, rather than the complexity of the original system.

Whether or not a CDI is complex should be determined in a conservative manner if this cannot be determined at an early stage of the certification project. When greater clarity has been achieved, the complexity may be re-evaluated and the LoI adapted accordingly.

3.2.4. Performance of the design organisation

The assessment of the level of performance of the design organisation takes into account the applicant’s experience with the applicable certification processes, including their performance on previous projects and their degree of familiarity with the applicable certification requirements.

For approved design organisations, EASA uses relevant data to consider the design organisation’s expected performance at an organisational, panel or discipline level, depending on the availability of data37 The ultimate objective is to define the organisation’s performance at the discipline level..

This data stems from design organisation audits, the applicant’s measured level of performance on previous projects, and their performance during the familiarisation phase. EASA shares this data with the respective design organisations (in the form of the design organisation approval (DOA) dashboard).

For each CDI proposed by the applicant, the DOA holder’s performance associated with the affected disciplines or panels is to be considered.

If one CDI affects more panels or disciplines than the others, a conservative approach should be followed in selecting the lower performance level. As an alternative, that CDI may be assessed separately for each affected EASA panel or discipline.

If, for a well-established organisation, there is no shared performance data available at the panel level, it may be acceptable to propose the overall DOA holder’s performance. If the organisation or its scope are fundamentally new, the ‘unknown’ level of performance should be conservatively proposed by the applicant.

The determination of the performance of the design organisation may also take into consideration information that is more specific or more recent than the information on the DOA holder’s dashboard, e.g. experience gained during technical familiarisation with the current certification project, the performance of compliance verification engineers and of the affected technical areas, as well as the performance of the design organisation in overseeing subcontractors and suppliers.

The performance of some applicants’ organisations is not known if:

      EASA has agreed in accordance with point 21.A.14(b) that the applicants may use procedures that set out specific design practices, as an alternative means to demonstrate their capability (excluding European technical standard order (ETSO) applicants for other than APU, covered by point 21.B.100(b)); or

      the applicants demonstrate their capability by providing EASA with the certification programme in accordance with point 21.A.14(c).

In these cases, the assumed level of performance is ‘unknown’.

Exceptionally, EASA may consider a higher level of performance for a specific CDI if that is proposed and properly justified by the applicant.

The following list includes some examples:

      a CDI with which EASA is fully familiar and satisfied (from previous similar projects) regarding the demonstration of compliance proposed by the applicant;

      if the applicant fully delegates the demonstration of compliance to a supplier that holds a DOA, the performance level of the supplier may be proposed.

3.2.5. Likelihood of an unidentified non-compliance

Assessing the likelihood of an unidentified non-compliance is the first step that is necessary to determine the risk class.

The likelihood of an unidentified non-compliance should not be confused with the likelihood of occurrence of an unsafe condition as per AMC 21.A.3B(b). In fact, that AMC provides EASA’s confidence level that the design organisation addresses all the details of the certification basis for the CDI concerned, and that a non-compliance will not occur.

The likelihood of an unidentified non-compliance is established as being in one of four categories (very low, low, medium, high), depending on the level of performance of the design organisation as assessed by EASA, and on whether the CDI is novel or complex, as follows:

Step 1 — Likelihood of an unidentified non-compliance

CDI

Performance level of the DOAH

No novel aspects,

no complex aspects

No novel aspects, but complex ones;

Novel aspects, but no complex ones

Novel and complex aspects

High

Very low

Low

Medium

Medium

Low

Medium

High

Low or unknown

Medium

High

High

3.3. Criticality

The second step that is necessary to determine the risk class is the assessment of the potential impact of a non-compliance on part of the certification basis regarding the airworthiness or the environmental protection of the product. For the purpose of risk class determination, the following simplification has been made: the impact of a non-compliance can be either critical or non-critical.

Some of the guidance below has been derived from GM 21.A.91, not due to a major/minor change classification, but because the same considerations may be applied to determine the effect of a non-compliance on the airworthiness or environmental protection at the CDI level. It is therefore normal that some of the CDIs of a major change that consists of several CDIs may be critical, and others may be non-critical.

The potential impact of a non-compliance within a CDI should be classified as critical if, for example:

      a function, component or system is introduced or affected where the failure of that function, component or system may contribute to a failure condition that is classified as hazardous or catastrophic at the aircraft level, for instance for ‘equipment, systems and installations’, e.g. where applicable as defined in 2X.1309;

      a CDI has an appreciable effect on the human–machine interface (HMI) (displays, approved procedures, controls or alerts);

      airworthiness limitations or operating limitations are established or potentially affected;

      a CDI is affected by an existing airworthiness directive (AD), or affected by an occurrence (or occurrences) potentially subject to an AD, a known in-service issue or by a safety information bulletin (SIB); or

      a CDI affects parts that are classified as critical as per CS 27.602/29.602, CS-E 515, or that have a hazardous or catastrophic failure consequence (e.g. a principal structural element as per CS 25.571).

If the classification of the potential impact of a non-compliance within a CDI as critical is based on the criterion that the CDI is affected by an AD, then the impact of a non-compliance within that CDI may be reclassified by EASA as non-critical due to the involvement of EASA in the continued-airworthiness process.

During the early stages of a project, the criticality in terms of the potential safety consequence of a failure may not always be known, but should be conservatively estimated and the LoI should be subsequently re-evaluated, if appropriate. 3.4. Method for the determination of risk classes The risk is determined as a combination of the potential impact of an unidentified non-compliance with part of the certification basis (vertical axis) and of the likelihood of the unidentified non-compliance (horizontal axis) using the following matrix. As a consequence, four qualitative risk classes are established at the CDI level.

Step 2 — Risk classes

Likelihood (see Section 3.2.5)

Criticality (see Section 3.3)

Very low

Low

Medium

High

Non-critical

Class 1

Class 1

Class 2

Class 3

Critical

Class 1

Class 2

Class 3

Class 4

The various inputs and the resulting risk class determination are of a continuous nature, rather than consisting of discrete steps. The selected risk class provides the order of magnitude of EASA’s involvement and is used as a qualitative indicator for the determination of EASA’s involvement described in Section 3.5 below.

Under specific circumstances, the risk class that is determined on the basis of the above criteria may be reduced or increased on the basis of justified and recorded arguments. For a reused and well-proven item of compliance demonstration for which:

      the CDI is independent of the affected product type or model; and

      the design, operation, qualification, and installation of the product are basically the same; and

      the certification process is identical to one that was used in a modification already approved by EASA,

the CDI may be accepted as being similar, resulting in reduced LoI, as the likelihood of an unidentified non-compliance is low. Furthermore, when an identical CDI is reused for the compliance demonstration in a new project, there is no involvement in the compliance demonstration verification, as the likelihood of an unidentified non-compliance is very low.

3.5. Determination of EASA’s LoI

EASA’s LoI in the verification of compliance demonstration is proposed by the applicant and determined by EASA in Step 3 on the basis of the qualitative risk class identified per CDI in Step 2, as well as by applying sound engineering judgement.

EASA’s LoI is reflected in a list of activities and data, in which EASA retains the verification of compliance demonstration (e.g. review and acceptance of compliance data, witnessing of tests, etc.), as well as the depth of the verification. The depth of the verification for individual compliance reports, data, test witnessing, etc., may range from spot checks to extensive reviews. EASA always responds to those retained compliance demonstration activities and data with corresponding comments or a ‘statement of no objection’.

In addition, some data that is not retained for verification may be requested for information. In this case, no ‘statement of no objection’ will be provided.

It is recommended that an LoI should be proposed for each of the EASA disciplines involved. Depending on the risk classes determined in Section 3.4 above, EASA’s LoI in:

(a) compliance demonstration verification data; and

(b) compliance demonstration activities (witnessing of tests, audits, etc.),

may be as follows:

      risk Class 1: there is no EASA involvement in verifying the compliance data/activities performed by the applicant to demonstrate compliance at the CDI level;

      risk Class 2: EASA’s LoI is typically limited to the review of a small portion of the compliance data; there is either no participation in the compliance activities, or EASA participates in a small number of compliance activities (witnessing of tests, audits, etc.);

      risk Class 3: in addition to the LoI defined for Class 2, EASA’s LoI typically comprises the review of a large amount of compliance data, as well as the participation in some compliance activities (witnessing of tests, audits, etc.); and

      risk Class 4: in addition to the LoI defined for Class 3, EASA’s LoI typically comprises the review of a large amount of compliance data, the detailed interpretation of test results, and the participation in a large number of compliance activities (witnessing of tests, audits, etc.).

By default, the following activities require EASA’s involvement in all cases:

      initial issues of, and changes to, a flight manual (for those parts that require EASA approval and that do not fall under the DOA holder’s privilege);

      classification of failure cases that affect the handling qualities and performance, when:

      performed through test (in flight or in a simulator); and

      initial issues of, and non-editorial changes to, airworthiness limitations.

If the risk assessment (Steps 1 and 2 above) is made on the level of a compliance demonstration activity or on the level of a document, the risk class provides an indication for the depth of the involvement, i.e. the verification may take place only for certain compliance data within a compliance document.

4. Documentation of the LoI

The LoI proposal in the certification programme should include the applicant’s proposal regarding the compliance demonstration verification activities and data that would be retained by EASA, as well as the data on which the LoI proposal has been based. For this purpose, the applicant should appropriately document the analysis per CDI, considering the above criteria. In cases where the rationale for the assessment is obvious, it is considered to be sufficient for the applicant to indicate whether or not a CDI is novel or complex, and whether or not the impact is critical.

EASA documents the LoI determination by accepting the certification programme or, if it deviates from the proposal, by recording its analysis regarding the deviations from the proposal, and notifies the applicant accordingly.

5. Sampling during surveillance of the DOA holder

It should be noted that all the previously defined risk classes may be complemented by the sampling of project files during surveillance of the DOA holder, independently from the ongoing certification project. This is necessary in order to maintain confidence in the DOA system and to constantly monitor its performance.

AMC No 1 to 21.B.100(b) Level of involvement (LoI) in projects for minor changes and minor repairs

ED Decision 2019/018/R

In contrast to 21.B.100(a), the assessment of the LoI for minor repair designs and minor changes is performed by EASA at the level of the certification project.

EASA reviews the information provided by the applicant in accordance with point 21.A.93(b) for novel or unusual features, the complexity of the design and/or the compliance demonstration, as well as the criticality of the design or technology.

An application for EASA’s approval of a minor change implies that the applicant either does not hold a design organisation approval (DOA) or that the change is outside the DOA holder’s terms of approval. However, EASA takes into account the performance and experience of the applicant with similar design changes, for which data may be already available at EASA. The applicant may be also requested to present its experience with similar design changes if insufficient information is available at EASA.

By definition (see point 21.A.91), a minor change has no appreciable effect on the airworthiness of the product. Therefore, the potential impact of a non-compliance with part of the certification basis regarding the airworthiness or environmental protection aspects of the product should, in most cases, be non-critical.

This facilitates the assessment of the likelihood of an unidentified non-compliance.

A process similar to the one described in AMC 21.B.100(a) and 21.A.15(b)(6) should be used to justify and document EASA’s LoI.

Following a first assessment of the criticality of the described design or technology, EASA evaluates the existence of any novel or unusual features, as well as the complexity of the design and/or the compliance demonstration.

Depending on the results of this evaluation, and based on the table below, EASA determines its LoI as follows:

 

Risk class

Non-critical

Non-novel and non-complex

Class A

Class A

Novel and/or complex

Class B

Class C

Critical

All cases

Class C

Class C

 

Level of experience:
high or medium

Level of experience:
low or unknown

      Class A: EASA’s involvement is limited to the review of the information that summarises the main results of the compliance demonstration, without any participation in compliance activities (witnessing of tests, audits, etc.).

      Class B: in addition to the LoI defined for risk Class A, EASA’s involvement is limited to the review of those compliance elements that are related to the identified novel or unusual features, complexity of the design and/or compliance demonstration. EASA may exceptionally participate in the related compliance activities (by witnessing tests, audits, etc.).

      Class C: EASA’s involvement is limited to the review of all the compliance documents that are related to the identified criticality of the design or technology, if applicable, or to the identified novel or unusual features. EASA may participate in the related compliance activities (by witnessing tests, audits, etc.).

AMC No 2 to 21.B.100(b)  Level of involvement (LoI) in European technical standard order authorisation (ETSOA) projects

ED Decision 2019/018/R

The applicant for an ETSOA is required to demonstrate its capability by obtaining EASA’s agreement for the use of procedures that incorporate its specific design practices.

The assessment by EASA that these procedures are properly applied is performed solely through the various ETSOA projects of the applicant. No regular audits of the organisation are performed by EASA outside the ETSOA projects.

A properly completed Form 34 and the certification programme, including a technical description of the proposed design of the ETSO article, are the basis for the determination of EASA’s initial LoI.

EASA assesses the compliance of the proposed ETSO article with the ETSO requirements as defined in the applicable CS-ETSO standards, as well as compliance with Part 21 Subpart O (e.g. the declaration of design and performance (DDP), ETSO marking, rating of performance, etc.). The ETSOA applicant should deliver a complete data package per point 21.A.605.

EASA’s LoI is further reassessed and adapted throughout the certification project until the ETSOA is issued, depending on the applicant’s data, as well as on the ETSO project changes regarding the applicant’s compliance demonstration (e.g. methods, design changes, deviations, limitations, problem reports, etc.).

1. Principles

EASA’s LoI in ETSO projects is defined based both on the responsibility of EASA to assess the applicant’s demonstration of compliance, and on the risk evaluated, according to the following criteria:

      the applicant’s level of experience in the ETSO process and scope of work;

      the applicant’s level of performance in the ETSO scope of work;

      the use of novelties in the technology/design or in the means of compliance; and

      the complexity of the ETSO article.

1.1. Applicant’s experience in the ETSOA process and scope of work

This Section addresses the experience of the applicant’s organisation in the ETSOA process, as well as in the scope of the certification basis of the ETSO article, and of the related requirements. The presence of any of the following aspects contributes to EASA’s identification of the risk related to the level of experience of the applicant in the ETSOA process, or to the scope of work of the article:

      the applicant is new and has just applied for the acceptance of its procedures by EASA, or it is the first project of the applicant after EASA has accepted such procedures;

      the organisation has changed significantly the agreed procedures; and

      the scope of work of the ETSOA project (ETSO standards) is new to the applicant.

1.2. ETSOA applicant’s performance within its scope of work

The ETSOA applicant’s level of performance within its scope of work is evaluated using criteria that enable EASA to identify risks in the applicant’s performance due to the following situations:

      the applicant has deficiencies in the procedures that it uses to demonstrate compliance with the certification requirements;

      the applicant has changed its methods or procedures to demonstrate compliance with the certification requirements;

      the assessment of the applicant’s compliance on previous projects in the same ETSO scope of work has revealed significant issues in complying with the certification requirements, in the completion of data, or in the repetition of errors;

      the scope of work is new to the applicant’s team at the facilities where the project is developed, or the team had significant issues on preceding projects;

      EASA has not conducted an ETSOA project assessment of the applicant in the same ETSO scope of work for a long period (i.e. 2 or 3 years); and

      the applicant did not regularly report minor changes or occurrences in a timely manner.

1.3. Novelty in the technology or in the means of compliance

A ‘novelty’ is understood to be the use of new technology, new sensors, new material, the use of new requirements or the use of new means of compliance. When an applicant is faced with a technology for the first time, or when that applicant is relatively unfamiliar with the technology, this is considered to be ‘novel’ even if other applicants may be already familiar with that technology.

Also related to novelty is the extent to which requirements, means of compliance or guidance need to be adapted due to particular novel features of the design. The following list includes some examples:

      recently issued CS-ETSO standards, with which the applicant has limited experience;

      novel deviations;

      new guidance;

      new means of compliance (i.e. other than those previously applied by the applicant) or unusual means of compliance (different from the existing guidance material and/or different from industry standard practices);

      the use of new industry standards or new in-house methods, as well as EASA’s familiarity with these new standards and methods;

      changes in methodology, tools or assumptions (compared with those previously applied by the applicant), including changes in software tools/programs.

Technology or means of compliance may be new/novel either from a global industry, applicant or EASA perspective.

1.4. Complexity

Complexity may result from the design, technology, associated manufacturing process, compliance demonstration (including test set-ups or analysis), as well as from the variety of ETSOs with which the applicant intends to comply, and their possible interactions.

The demonstration of compliance may be ‘complex’ for complex (or highly integrated) equipment, so it typically requires more effort from the applicant.

1.5. Criticality of the design and of the technology

The criticality levels of the design and of the technology of the ETSO article are considered, but have a minor impact on the definition of EASA’s LoI. The main reasons are:

      the assessment of ETSO compliance is as important for an ETSO article that hosts a critical function as it is for equipment that host less critical functions (e.g. flight data recorders); and

      the criticality of the design or technology is not always defined for an ETSO article, and it may depend on the installation of the design or technology (e.g. a multifunction display), which may only occur later.

2. Determination of EASA’s LoI

EASA’s LoI in the assessment of the applicant’s compliance demonstration is determined by EASA on the basis of the qualitative risk class and EASA’s responsibilities in assessing the ETSO project certification data package, together with the procedures for compliance with the ETSO requirements (Part 21 Subpart O, and CS-ETSO).

EASA’s LoI is defined in the following paragraph 2.1 and, as per point 21.B.100(c), the EASA’s LoI that is applicable to each project is notified to the applicant.

To every LoI class corresponds a list of activities that govern EASA’s involvement. By means of these activities, EASA verifies the demonstration of compliance (e.g. by document review and acceptance, test witnessing, sampling on the applicant’s site, desktop assessments, etc.).

The ETSO applicant is responsible for providing a complete ETSO certification data package.

2.1. Definition of the LoI classes

EASA’s LoI for an ETSO certification project is classified as one of the following:

      class high,

      class high reduced,

      class medium, or

      class basic.

Class ‘high reduced’ is, by default, EASA’s initial LoI in an ETSO project.

The following is a description of each LoI class:

      High

EASA evaluates and samples/checks in an extensive manner all the compliance data to assess the applicant’s demonstration of compliance with the applicable ETSO standards. EASA assesses the applicant’s DDP and general compliance with Part 21 Subpart O. EASA performs desktop reviews, as well as on-site assessments of compliance demonstrations. This occurs when design and verification evidence is available.

      High reduced

EASA assesses all the compliance data; sampling/checking is significant and adapted to the likelihood of an unidentified non-compliance. The sampling rate may be reduced if the content of the life cycle data provides confidence in compliance and is focused in the area where confidence needs to be gained. EASA assesses the DDP and general compliance with Part 21 Subpart O. EASA performs desktop reviews, as well as an on-site assessment of the applicant’s compliance demonstration. This occurs when design and verification evidence is available.

      Medium

EASA assesses all the compliance data, but for some compliance data, it performs no or limited sampling/checking. EASA adapts its sampling and focuses on the likelihood of an unidentified non-compliance, taking into account the level of complexity and novelty of the project. EASA assesses the DDP and general compliance with Part 21 Subpart O. EASA performs desktop reviews and may perform an on-site assessment of the applicant’s compliance demonstration.

      Basic

EASA assesses the DDP and general compliance with Part 21 Subpart O, and verifies the completeness of the data package.

Generally, EASA performs a desktop assessment.

3. The process of determining EASA’s LoI

The determination of EASA’s LoI is captured as a process. This process is performed mainly in three steps and is illustrated in the following figure:

Figure 1: Process of determination of EASA’s LoI in ETSO certification projects

Step 1 consists of the initial LoI determination which EASA evaluates by assessing:

      the applicant’s experience in the ETSOA process and scope of work according to Section 1.1 above, and

      the ETSOA applicant’s performance within its scope of work according to Section 1.2 above.

The result of this determination of EASA’s initial LoI is either high or high reduced.

Step 2 consists of reassessing EASA’s LoI. Throughout the ETSO project, EASA receives project deliverables (e.g. plans, reports), means of compliance, requests for deviations, limitations, etc., and interacts with the applicant.

If EASA’s LoI has been initially set to high reduced, EASA re-evaluates it considering:

      the novelty in the technology or in the means of compliance according to Section 1.3 above, and

      the complexity of the ETSO project according to Section 1.4 above.

The result of this reassessment may vary from high to medium according to the following table:

Assessment results

LoI adaptation

The ETSO article is novel and complex or a significant issue is detected during the compliance demonstration.

LoI is increased to high.

The ETSO article is novel or complex or a new deviation is requested (1).

LoI is confirmed as high reduced.

The ETSO article is non-novel and non-complex, no issue is detected during the compliance demonstration or method, and no novel deviation or new limitation is requested.

LoI is decreased to medium.

There is a major change with straightforward redemonstration of the ETSO compliance (2).

LoI is reduced to basic.

1 It refers to deviations from ETSO minimum operational performance standards (MOPSs), excluding deviations for requesting compliance with a new revision of an industry MOPS standard.

2 When EASA agrees that a major change only requires a straightforward redemonstration of the ETSO compliance using previous methods, without any identified risk, then EASA’s LoI is reduced to basic. Please note that this may only be defined after a minimum assessment of the applicant’s compliance demonstration methods.

Note: For a minor change, this process does not apply; in that case, EASA’s LoI consists of an assessment of the minor change classification, an update of the certificate, and, when needed, an assessment of the DDP.

21.B.103 Issuance of a type-certificate or a restricted type-certificate

Regulation (EU) 2022/201

(a) The Agency shall issue an aircraft, engine or propeller type-certificate or an aircraft restricted type-certificate, provided that:

1.  the applicant has complied with point 21.A.21;

2.  the Agency, through verifications of the demonstration of compliance in accordance with its involvement determined pursuant to point 21.B.100, has not found any non-compliance with the type-certification basis, the operational suitability data certification basis where applicable in accordance with point 21.B.82, and the environmental protection requirements; and

3.  no feature or characteristic has been identified that may make the product unsafe for the uses for which the certification is requested.

(b) By derogation from point (a), at the applicant's request included in the declaration referred to in point 21.A.20(d), the Agency may issue an aircraft type-certificate before compliance with the operational suitability data certification basis has been demonstrated, provided that the applicant demonstrates such compliance before the date at which those data are to be actually used.

GM 21.A.21(b), 21.A.95(c), 21.A.97(c), 21.A.115(c), 21.B.103(b), 21.B.107(b) and 21.B.111(b) Approval of operational suitability data (OSD)

ED Decision 2019/018/R

It is acknowledged that it may not always be possible to have the OSD available on the date of the issue of the (restricted) type certificate ((R)TC), change approval or supplemental type certificate (STC). The derogation provided by 21.A.21(b), 21.A.95(c), 21.A.97(c), 21.A.115(c), 21.B.103(b), 21.B.107(b) and 21.B.111(b) is intended for that case. The (R)TC, change approval or STC can be issued before compliance with the OSD certification basis has been demonstrated.

However, the OSD needs to be approved before the data is used by a training organisation for the purpose of obtaining a European Union (EU) licence, rating or attestation, or by an EU operator. This is normally done before the entry into service of the first aircraft by an EU operator but it could also be done later for some of the OSD constituents, such as the definition of the scope of validation source data to support the objective qualification of a simulator, which should only be available when a simulator has to be qualified.

The derogation provided in points 21.A.97(c), 21.A.115(c), 21.B.103(b), 21.B.107(b), and 21.B.111(b) is applicable to all major changes to a TC, so it is also applicable to minor design changes when triggering a major master minimum equipment list (MMEL) change, as well as to changes in which at least one of the OSD constituent changes is major.