Regulation (EU) 2023/1768
This Annex establishes the requirements for the Agency concerning the conditions for conducting certification and other necessary activities to ensure effective oversight of ATM/ANS equipment and the conditions and procedures for the accreditation of qualified entities by the Agency.
ATM/ANS.EQMT.AR.A.020 Allocation of tasks to qualified entities
Regulation (EU) 2023/1768
(a) When the Agency decides to allocate tasks related to the certification of ATM/ANS equipment subject to this Regulation, the approval or the continuing oversight of organisations subject to Implementing Regulation (EU) 2023/ 1769 to qualified entities, it shall ensure that it has established and documented an agreement with the qualified entity(ies), approved by both parties to that agreement at the appropriate management level, which clearly defines:
(1) the tasks to be performed;
(2) the declarations, reports and records to be provided;
(3) the technical conditions to be met when performing the tasks;
(4) the related liability coverage;
(5) the protection given to information acquired when carrying out the tasks.
(b) The Agency shall ensure that the internal audit process and the safety risk management process required by point DPO.AR.B.001 (a)(5) of Implementing Regulation (EU) 2023/1769 cover all the tasks performed on its behalf by the qualified entity(ies).
(c) With regard to the approval and oversight of the organisation’s compliance with point DPO.OR.B.001 (d) of Implementing Regulation (EU) 2023/1769, the Agency may allocate tasks to qualified entities in accordance with point (a), or to any relevant authority responsible for information security or cybersecurity within the Union. When allocating tasks, the Agency shall ensure that:
(1) all aspects related to aviation safety are coordinated and taken into account by the qualified entity or relevant authority;
(2) the results of the approval and oversight activities performed by the qualified entity or relevant authority are integrated in the overall certification and oversight files of the organisation;
(3) its own information security management system established in accordance with point DPO.AR.B.001 (d) of Implementing Regulation (EU) 2023/1769 covers all the certification and continuing oversight tasks performed on its behalf.
ATM/ANS.EQMT.AR.A.030 ATM/ANS equipment directives
Regulation (EU) 2023/1768
(a) The Agency shall issue an ATM/ANS equipment directive when:
(1) an unsafe, insecure, underperformance or non-interoperability condition has been determined by the Agency to exist in the equipment as a result of a deficiency in the equipment; and
(2) that condition is likely to exist or develop in other ATM/ANS equipment.
(b) An ATM/ANS equipment directive shall contain at least the following information:
(1) identification of the unsafe, insecure, underperformance or non-interoperability condition;
(2) the affected ATM/ANS equipment;
(3) the required action(s) and the rationale;
(4) the accomplishment time for the required action(s);
(5) the date of entry into force.
GM1 ATM/ANS.EQMT.AR.A.030 ATM/ANS equipment directives
ED Decision 2024/001/R
ATM/ANS EQUIPMENT DIRECTIVE IN CASE OF DISCONTINUATION OF DPO APPROVAL
Certificates of ATM/ANS equipment issued in accordance with Article 4 and declarations of design compliance of ATM/ANS equipment issued in accordance with Article 5 lose their validity in case the holder of the certificate/issuer of the declaration of design compliance is no longer compliant with Implementing Regulation (EU) 2023/1769.
In the above situations, EASA would typically:
(a) revoke the certificate or deregister the declaration of design compliance, as appropriate;
(b) inform ATM/ANS providers that are users of the ATM/ANS equipment concerned and their competent authorities, as in the absence of an approved DPO with appropriate privileges from that moment on:
— the affected ATM/ANS equipment cannot be integrated into any functional system as the requirements in ATM/ANS.OR.A.045 (g) of Implementing Regulation (EU) 2017/373 will be no longer met;
— the affected ATM/ANS equipment already integrated into a functional system cannot be modified until a valid certificate or declaration is in place, in accordance with points ATM/ANS.OR.A.045 (g)(1) and (g)(2) of Implementing Regulation (EU) 2017/373. This requires another DPO with appropriate privileges to take responsibility for the compliance of the equipment with the applicable technical specifications;
— the continuous operation of the ATM/ANS equipment already integrated into the functional system of ATM/ANS providers may not necessarily be immediately impacted. However, ATM/ANS providers will have to consider how the absence of the DPO impacts the suitability for use of the equipment, the defined conditions of use, and any prescribed limitations; and
(c) issue an ATM/ANS equipment directive to replace the ATM/ANS equipment concerned in case an unsafe, insecure, under-performing or non-interoperability condition has been identified or is likely to develop, as in the absence of a DPO with appropriate privileges and responsibility for ensuring that the equipment continues complying with the applicable technical specifications, design changes to the ATM/ANS equipment to restore performance are not possible. This ATM/ANS equipment directive will be addressed to all known users of the ATM/ANS equipment and their competent authorities.
Note: In case the DPO approval is still valid, e.g. during a suspension/revocation process, EASA will require the DPO to make appropriate descriptive data and accomplishment instructions available to all known users of the ATM/ANS equipment and their competent authorities.
Urgent operational needs might require certain exceptions to the principles described above, allowing integration or modification of equipment without a valid certificate or declaration. In those cases, the exemptions are to be managed under the flexibility provisions in Article 71 of Regulation (EU) 2018/1139, subject to all relevant conditions laid down in such article. In particular, the Member State must provide adequate justification for the following aspects:
(1) it is not possible for another DPO to obtain a valid certificate or issue a declaration for the equipment;
(2) safety, environmental protection and compliance with the applicable essential requirements are ensured, where necessary through the application of mitigation measures;
(3) any possible distortion of market conditions as a consequence of the granting of the exemption will be mitigated as far as possible; and
(4) the exemption is limited in scope and duration to the extent strictly necessary and it is applied in a non-discriminatory manner; and
(d) take any other necessary further enforcement measures which are necessary to mitigate the consequences of the discontinuation of a DPO approval.
ATM/ANS.EQMT.AR.A.035 Detailed specifications for the equipment design compliance
Regulation (EU) 2023/1768
(a) The Agency shall establish and make available detailed specifications which organisations may use to demonstrate compliance with the relevant essential requirements set out in Annex VIII and, if applicable, Annex VII to Regulation (EU) 2018/1139 when they:
(1) apply for the certification of ATM/ANS equipment in accordance with Article 4;
(2) declare design compliance of ATM/ANS equipment in accordance with Article 5;
(3) make a statement of compliance in accordance with Article 6.
(b) The detailed specifications referred to in point (a) shall indicate design standards which reflect the state of the art and best design practices, and which build on valuable experience gained and scientific and technical progress, and on the best available evidence and analyses as regards ATM/ANS equipment.