Regulation (EU) 2023/1769
This Annex establishes the common requirements as regards the rights and obligations of an applicant for, and a holder of, an organisation approval for the design or production of ATM/ANS equipment.
Regulation (EU) 2023/1769
Any natural or legal person who has demonstrated, or is set to demonstrate, their capability to design or produce ATM/ANS equipment in accordance with point DPO.OR.A.010, may apply for a design or production organisation approval under the conditions laid down in this Annex.
DPO.OR.A.010 Application for a design or production organisation approval and demonstration of capability
Regulation (EU) 2023/1769
(a) An application for a design or production organisation approval shall be made in a form and manner established by the Agency.
(b) In order to obtain an approval, an organisation involved in the design or production of ATM/ANS equipment shall comply with the requirements set out in this Regulation where those requirements are applicable to the design or production of ATM/ANS systems and ATM/ANS constituents that the organisation performs or intends to perform.
AMC1 DPO.OR.A.010(a) Application for a design or production organisation approval and demonstration of capability
ED Decision 2024/002/R
FORM
The dedicated EASA application form (FO.AOA.00085) should be obtained from the EASA website12https://www.easa.europa.eu/en/document-library/application-forms/foaoa0… and completed and signed by the accountable manager of the design or production organisation (DPO). The completed form should be submitted to EASA, accompanied by a copy of the organisation exposition and the company’s registration, in accordance with the instructions included in the form.
DPO.OR.A.015 Organisation exposition
Regulation (EU) 2023/1769
(a) An organisation involved in the design or production of ATM/ANS equipment shall establish and maintain an organisation exposition, which provides the following information:
(1) a statement signed by the accountable manager confirming that the organisation exposition and any associated manuals, which define the organisation’s compliance with the requirements will be complied with at all times;
(2) the title(s) and name(s) of the key manager(s) as referred to in point DPO.OR.B.020;
(3) the duties and responsibilities of the manager(s), including matters for which they may deal directly with the Agency on behalf of the organisation;
(4) an organisational chart showing lines of responsibility and accountability of the managers throughout the organisation, including a direct accountability of the accountable manager;
(5) a general description of the organisation’s manpower resources;
(6) a general description of the facilities located at each location specified in the organisation’s approval;
(7) a general description of the organisation’s scope of work relevant to the terms of approval;
(8) the procedure(s) for the verification and demonstration that the design of ATM/ANS equipment, or changes to it, complies with the applicable detailed specifications and requirements as established by Delegated Regulation (EU) 2023/1768 and has no unsafe or insecure features, as applicable;
(9) the procedure for the preparation and maintenance of the technical data and records, for each model of each piece of ATM/ANS equipment for which a certificate or declaration of design compliance has been issued in accordance with Delegated Regulation (EU) 2023/1768, as applicable;
(10) the procedure(s) for the notification of organisational changes to the Agency;
(11) the amendment procedure for the organisation’s exposition;
(12) a description, direct or by cross reference, of the organisation’s management system and procedure(s);
(13) a description, direct or by cross reference, of the contractors’ management and procedure(s) of supervision referred to in point DPO.OR.B.015 of this Annex.
(b) The organisation exposition shall be amended as necessary to remain an up-to-date description of the organisation, and a copy of it, including its amendments, shall be supplied to the Agency.
(c) An application for a change approval referred to in point DPO.OR.B.005 of this Annex shall be based on the submission of the proposed changes to the organisation exposition.
DPO.OR.A.025 Duration, continued validity and privileges of an organisation approval
Regulation (EU) 2023/1769
(a) An organisation’s approval shall remain valid for an unlimited period of time provided that:
(1) the organisation remains compliant with Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on its basis;
(2) the approval has not been surrendered by the organisation or suspended or revoked by the Agency.
(b) Upon revocation or surrender of the approval, if issued in a paper format, it shall be returned to the Agency without delay.
(c) The holder of an organisation approval shall be entitled, within the scope of its terms of approval and under the relevant procedures of the design management system:
(1) to classify changes to an ATM/ANS equipment as ‘major’ or ‘minor’;
(2) to approve minor changes to an ATM/ANS equipment certificate(s) and/or declaration(s) issued under Delegated Regulation (EU) 2023/1768;
(3) to approve certain major changes to an ATM/ANS equipment certificate issued under Delegated Regulation (EU) 2023/1768;
(4) to issue declarations of design compliance of ATM/ANS equipment pursuant to Article 5 of Delegated Regulation (EU) 2023/1768; and
(5) to issue statements of compliance of ATM/ANS equipment pursuant to Article 6 of Delegated Regulation (EU) 2023/1768.
DPO.OR.A.030 Facilitation and cooperation
Regulation (EU) 2023/1769
(a) An organisation involved in the design or production of ATM/ANS equipment shall facilitate the inspections and audits performed by the Agency or by a qualified entity that acts on its behalf, and it shall cooperate as necessary for the efficient and effective exercise of the powers of the Agency.
(b) An organisation involved in the design or production of ATM/ANS equipment shall cooperate with and support the ATM/ANS providers using its ATM/ANS equipment in their compliance demonstration process to the competent authorities concerned.
DPO.OR.A.035 Findings and corrective actions
Regulation (EU) 2023/1769
Following the receipt of the notification of findings from the Agency, the organisation involved in the design or production of ATM/ANS equipment shall:
(a) identify the root cause of the non-compliance;
(b) define a corrective action plan;
(c) demonstrate the implementation of the corrective action to the satisfaction of the Agency within the time period proposed and approved by the Agency, as defined in point (e)(2) of point DPO.AR.C.015.
DPO.OR.A.040 Immediate reaction to a safety, security and interoperability problem
Regulation (EU) 2023/1769
An organisation involved in the design or production of ATM/ANS equipment shall implement any safety and security measures, including ATM/ANS equipment directives, taken by the Agency in accordance with points DPO.AR.A.010 and DPO.AR.A.015.
DPO.OR.A.045 Failures, malfunctions, and defects
Regulation (EU) 2023/1769
(a) The holder of an approval issued in accordance with this Regulation shall:
(1) establish and maintain a system for collecting, investigating and analysing reports of and information on failures, malfunctions, defects or other occurrences which have caused or might cause adverse effects on the continuing compliance of the ATM/ANS equipment with the applicable requirements;
(2) inform all known users of the ATM/ANS equipment concerned and, on request, any person mandated under other associated regulations, about the system established in accordance with point (1) and about how to provide such reports of and information on failures, malfunctions, defects or other occurrences.
(b) For organisations that have their principal place of business in a Member State, the system established in accordance with point (a)(1) shall include provisions for occurrence reporting and follow-up that meet the requirements of Regulations (EU) No 376/2014 and (EU) No 2018/1139 and the delegated and implementing acts adopted on their basis.
(c) The approval holder shall report to the Agency any failure, malfunction, defect or other occurrence of which it is aware, and which has resulted or may result in an unsafe, insecure, or under-performing condition.
(d) For approval holders that do not have their principal place of business in a Member State, reports shall be made in a form and manner established by the Agency, as soon as practicable and in any case submitted not later than 72 hours after the person or organisation has become aware of the particular occurrence, unless exceptional circumstances prevent this.
(e) The approval holder shall investigate an occurrence that has been reported under point (c), including the deficiencies that have led to that occurrence, and report to the Agency the results of its investigation and any action it intends to take or proposes to take to correct these deficiencies.
AMC1 DPO.OR.A.045(a)(1) Failures, malfunctions, and defects
ED Decision 2024/002/R
COLLECTION, INVESTIGATION AND ANALYSIS OF OCCURRENCES
The ‘collection’, ‘investigation’ and ‘analysis’ functions of the DPO’s reporting system should include means to:
— analyse occurrences, and related available information;
— identify adverse trends;
— investigate associated root cause(s); and
— establish any necessary corrective action(s).
GM1 DPO.OR.A.045(a)(1) Failures, malfunctions, and defects
ED Decision 2024/002/R
COLLECTION FUNCTION
The word ‘collection’ refers to the setting up of procedures which will enable relevant failures, malfunctions and defects or other occurrences to be properly collected when they occur.
As the collection system needs to accept reports that originate outside the organisation (from ATM/ANS providers, suppliers, etc.), it is necessary to inform possible reporters of the existence of the DPO’s reporting system and the appropriate means to submit reports into it. This does not presume that direct access to the system is to be granted if other mechanisms are more appropriate.
GM1 DPO.OR.A.045(c) Failures, malfunctions, and defects
ED Decision 2024/002/R
REPORTING TO EASA
The reporting process could include:
— a description of the applicable requirements for the reporting;
— a description of the reporting mechanism, including forms, means and deadlines;
— the personnel responsible for reporting.
GM1 DPO.OR.A.045(c);(d) Failures, malfunctions and defects
ED Decision 2024/002/R
REPORTING TO EASA — ‘AWARE’
The reference to being ‘aware’ of an occurrence implies that the organisation identifies the event as one that falls into the category of occurrences to be reported. The 72-hour period starts when the possible unsafe condition is identified by the DPO.
AMC1 DPO.OR.A.045(e) Failures, malfunctions and defects
ED Decision 2024/002/R
FOLLOW-UP AND CLOSURE OF REPORTED OCCURRENCES
(a) The organisation should transmit the following information to EASA within 30 days from the date of notification of the occurrence to EASA:
(1) the latest position of the organisation responsible for design as to whether an unsafe, insecure or under-performing condition is confirmed;
(2) the results of the occurrence analysis and of the first investigation — including the cause(s) of the occurrence and missing information, if known; and
(3) the measures it has taken, intends to take or proposes to take, including an assessment evaluating whether the product can be operated safely until the corrective action is defined and implemented, or that immediate mitigation measures need to be implemented until a more refined assessment can be provided.
(b) The final (close-out) report, as soon as available and, in principle, no later than 3 months after the occurrence notification, should include:
— the final position of the organisation involved in the design as to whether an unsafe, insecure or under-performing condition exists;
— the results of the occurrence analysis and of the final investigation — including the cause(s) of the occurrence and missing information;
— any corrective and preventive measures taken by the reporting organisation; and
— an assessment evaluating whether these corrective and preventive measures allow the product to be operated as intended.
(c) Notwithstanding point (a), when the organisation identifies that no unsafe, insecure or under-performing condition exists as a result of their analysis of a voluntarily reported occurrence, it can delay further communication to EASA up to the issuance of the final report and report the occurrence as closed upon issue (data exchange). In such cases, no follow-up report should be submitted. The final report to EASA should include confirmation and justification that no unsafe, insecure or under-performing condition exists. The organisation is requested to provide information on the cause(s) of the occurrence and on the corrective or preventive measures that were taken by the organisation.
This way of reporting should not be understood as an accepted deviation from the applicable requirements. If, at any stage during the investigation, the organisation identifies that a possible unsafe, insecure or under-performing condition exists, it should be communicated to EASA via a mandatory report within 72 hours.
DPO.OR.A.050 Approval transferability
Regulation (EU) 2023/1769
An organisation approval is not transferable, except as a result of a change in the ownership of the organisation.