Easy Access Rules for ATM/ANS — Provision of Services

ED Decision 2022/004/R

ORGANISATIONS THAT REPORT TO THE AGENCY

(a)Mandatory reports and, where possible, voluntary reports, should include the information below:

(1)when: UTC date;

(2)where: State/area of occurrence — location of occurrence;

(3)aircraft-related information: aircraft identification: State of registry, make–model–series, aircraft category, propulsion type, mass group, aircraft serial number, aircraft registration number, and call sign;

(4)aircraft operation and history of flight: operator, type of operation, last departure point, planned destination, flight phase;

(5)weather: relevant weather;

(6)where relevant, ANS-related information: ATM contribution, service(s) affected, ATS unit name;

(7)where relevant, aerodrome-related information: location indicator (ICAO airport code), location at the aerodrome; and

(8)information on aircraft damage or on injuries to persons: severity in terms of highest damage and injury level, number of injured persons, and type of injuries to them, on the ground and in the aircraft.

(b)Where the organisation identifies an actual or potential aviation safety risk as a result of its analysis of occurrences or a group of occurrences reported to the Agency, it should:

(1)transmit the following information to the Agency within 30 days from the date of notification of the occurrence to the Agency:

(i)the preliminary results of the risk assessment performed; and

(ii)any preliminary mitigation action to be taken;

(2)where required, transmit the final results of the risk analysis to the Agency as soon as they are available and, in principle, no later than 3 months from the date of initial notification of the occurrence to the Agency.

(c)The following list provides examples of what needs to be mandatorily reported in addition to those required by point ATM/ANS.OR.A.065(c). This list should not be understood as being an exhaustive collection of all the issues that may pose a significant risk to aviation safety and, therefore, reporting should not be limited to the items listed therein.

1.AIRCRAFT-RELATED OCCURRENCES

2.DEGRADATION OR A TOTAL LOSS OF SERVICES OR FUNCTIONS

3.OTHER OCCURRENCES

(1)Obstacle includes vehicles.

(2)This refers to a situation in which prescribed separation minima were not maintained between aircraft or between aircraft and airspace to which separation minima are prescribed.

(3)In the absence of prescribed separation minima, a situation in which aircraft were perceived to pass too close to each other for pilots to ensure safe separation.

(4)For example, air traffic service (ATS), automatic terminal information service (ATIS), meteorological services, navigation databases, aeronautical information service (AIS).

Regulation (EU) 2017/373

A service provider shall have in place contingency plans for all the services it provides in the case of events which result in significant degradation or interruption of its operations.

ED Decision 2023/018/R

MODE S INTERROGATOR CODES

(a)An air traffic service provider should assess the possible impact on air traffic services of interrogator code conflicts, and the corresponding potential loss of Mode S target surveillance data from the impacted Mode S interrogators, taking into account their operational requirements and available redundancy.

(b)Unless the potential loss of Mode S target surveillance data has been assessed to have no safety significance, the surveillance provider should:

(1)implement monitoring means to detect interrogator code conflicts caused by other Mode S interrogators impacting eligible Mode S interrogators that they operate on any operational interrogator code;

(2)ensure that the interrogator code conflict detection provided by the implemented monitoring means is achieved in a timely manner and within a coverage that satisfy their safety requirements;

(3)identify and implement as appropriate, a fallback mode of operation to mitigate the possible interrogator code conflict hazards on any operational code, identified in the assessment referred to in point (1);

(4)ensure that the implemented fallback mode of operation does not create any interrogator code conflict with other Mode S interrogators referred to in the interrogator code allocation plan.

ED Decision 2017/001/R

GENERAL

The contingency plan may include the definition of the measures, the coordination with other actors (i.e. the State, the competent authorities, possibly the other service providers, the insurance companies, aerodrome operators, as applicable) and alternative services needed in case of degradation or interruption of the services, while the applicability of emergency response planning may be attributable to or affected by an aviation safety occurrence.

Regulation (EU) 2017/373

(a)A service provider shall provide its services in an open and transparent manner. It shall publish the conditions of access to its services and changes thereto and establish a consultation process with the users of its services on a regular basis or as needed for specific changes in service provision, either individually or collectively.

(b)A service provider shall not discriminate on grounds of nationality or other characteristic of the user or the class of users of its services in a manner that is contrary to Union law.

ED Decision 2017/001/R

GENERAL — PROVIDERS OF AIR NAVIGATION SERVICES AND AIR TRAFFIC FLOW MANAGEMENT

Providers of air navigation services and air traffic flow management should consult with the users of their services at least once a year.

Commission Implementing Regulation (EU) 2020/469

(a)A service provider shall ensure that aeronautical data related to its services is provided in due time to the AIS provider.

(b)When aeronautical data related to its services is published, the service provider shall:

(1)monitor the data;

(2)notify the AIS provider of any changes necessary to ensure that the data is correct and complete;

(3)notify the AIS provider when the data is incorrect or inappropriate.

Commission Implementing Regulation (EU) 2017/373

When originating, processing or transmitting data to the AIS provider, the service provider shall:

(a)ensure that aeronautical data referred to in Appendix 1 conform to the specifications of the aeronautical data catalogue;

(b)ensure that the following data quality requirements are met:

(1)the accuracy of aeronautical data is as specified in the aeronautical data catalogue;

(2)the integrity of aeronautical data is maintained;

(3)based on the integrity classification specified in the aeronautical data catalogue, procedures are put in place so that:

(i)for routine data, corruption is avoided throughout the processing of the data;

(ii)for essential data, corruption does not occur at any stage of the entire process and additional processes are included, as needed, to address potential risks in the overall system architecture to further assure data integrity at this level;

(iii)for critical data, corruption does not occur at any stage of the entire process and additional integrity assurance processes are included to fully mitigate the effects of faults identified as potential data integrity risks by thorough analysis of the overall system architecture;

(4)the resolution of aeronautical data is commensurate with the actual data accuracy;

(5)the traceability of aeronautical data is ensured;

(6)the timeliness of the aeronautical data is ensured, including any limits on the effective period of the data;

(7)the completeness of the aeronautical data is ensured;

(8)the delivered data meet the specified format requirements;

(c)with regard to data origination, establish specific formal arrangements with the party originating data that contain instructions for data creation, modification or deletion, which include as a minimum:

(1)an unambiguous description of the aeronautical data to be created, modified or deleted;

(2)the entity to which the aeronautical data is to be provided;

(3)the date and time by which the aeronautical data is to be provided;

(4)the format of the data origination report to be used;

(5)the format of the aeronautical data to be transmitted;

(6)the requirement to identify any limitation on the use of the data;

(d)ensure that data validation and verification techniques are employed to ensure that the aeronautical data meets the associated data quality requirements and in addition:

(1)the verification shall ensure that aeronautical data is received without corruption and that corruption does not occur at any stage of the entire aeronautical data process;

(2)aeronautical data and aeronautical information entered manually shall be subject to independent verification to detect any errors that may have been introduced;

(3)when using aeronautical data to derive or calculate new aeronautical data, the initial data shall be verified and validated, except when provided by an authoritative source;

(e)transmit aeronautical data by electronic means;

(f)establish formal arrangements with:

(1)all parties transmitting data to them;

(2)other service providers or aerodrome operators when exchanging aeronautical data and aeronautical information;

(g)ensure that the information listed in point AIS.TR.505(a) is provided in due time to the AIS provider;

(h)collect and transmit metadata which include as a minimum:

(1)the identification of the organisations or entities performing any action of originating, transmitting or manipulating the aeronautical data;

(2)the action performed;

(3)the date and time the action was performed;

(i)ensure that tools and software used to support or automate aeronautical data and aeronautical information processes perform their functions without adversely impacting the quality of aeronautical data and aeronautical information;

(j)ensure that digital data error detection techniques are used during the transmission or storage of aeronautical data, or both, in order to support the applicable data integrity levels;

(k)ensure that the transfer of aeronautical data is subject to a suitable authentication process such that recipients are able to confirm that the data has been transmitted by an authorised source;

(l)ensure that errors identified during data origination and after data delivery are addressed, corrected or resolved and that priority is given to managing errors in critical and essential aeronautical data.

ED Decision 2020/008/R

URGENT DISTRIBUTION OF AERONAUTICAL INFORMATION

The obligation to comply with the relevant provisions of ATM/ANS.OR.085 should not inhibit the urgent distribution of aeronautical information necessary to ensure the safety of flight. It is recognised that in this case it is not always possible to comply with all the relevant provisions. However, it is also not possible to determine a priori all cases where this exception may apply; hence, this shall be dependent on a case-by-case individual assessment made by competent staff.

ED Decision 2020/008/R

AERONAUTICAL DATA CATALOGUE

The aeronautical data catalogue presents the scope of data that can be collected and maintained by the AIS providers and provides a common terminology that can be used by data originators and service providers.

ED Decision 2020/008/R

GENERAL

Minimum requirements for the processing of aeronautical data may be found in EUROCAE ED-76A, ‘Standards for Processing Aeronautical Data’, June 2015, which aims to assist aeronautical data chain actors.

ED Decision 2020/008/R

RESOLUTION

(a)Stating that resolution needs to be commensurate with the actual accuracy means that digital data needs to have sufficient resolution to maintain accuracy. Typically, if an accuracy of .1 unit is needed, then a resolution of 0.01 or .001 units would enable a data chain to preserve the accuracy without issue. A finer resolution could be misleading as one could assume that it supports a finer accuracy. This factor range of 10 to 100 between accuracy and resolution is applicable regardless of the units of measurements used.

(b)The resolution should be enough to capture the accuracy of the data.

ED Decision 2020/008/R

TRACEABILITY

Traceability is supported by maintaining the metadata.

ED Decision 2020/008/R

FORMAT

The format requirements should be specified in the formal arrangements.

ED Decision 2020/008/R

VALIDATION AND VERIFICATION

(a)The processes implemented to carry out validation and verification should define the means used to:

(a)verify received data and confirm that the data has been received without corruption;

(b)preserve data quality and ensure that stored data is protected from corruption; and

(c)confirm that originated data has not been corrupted prior to being stored.

(b)Those processes should define the:

(1)actions to be taken when data fails a verification or validation check; and

(2)tools required for the verification and validation process.

ED Decision 2020/008/R

VALIDATION AND VERIFICATION — GENERAL

(a)Validation

(1)Validation is the activity where a data element is checked as having a value that is fully applicable to the identity ascribed to the data element, or where a set of data elements are checked as being acceptable for their intended use.

(2)The application of validation techniques considers the entire aeronautical data chain. This includes the validation performed by prior data chain participants and any requirements levied on the data supplier.

(3)Examples of validation techniques

(i)Validation by application

One method of validation is to apply data under test conditions. In certain cases, this may not be practical. Validation by application is considered to be the most effective form of validation. For example, flight inspection of final approach segment data prior to publication can be used to ensure that the published data is acceptable.

(ii)Logical consistency

Logical consistency validates by comparing two different data sets or elements and identifying inconsistencies between values based on operative rules (e.g. business rules).

(iii)Semantic consistency

Semantic consistency validates by comparing data to an expected value or range of values for the data characteristics.

(iv)Validation by sampling

Validation by sampling evaluates a representative sample of data and applies statistical analysis to determine the confidence in the data quality.

(b)Verification

(1)Verification is a process for checking the integrity of a data element whereby the data element is compared to another source, either from a different process or from a different point in the same process. While verification cannot ensure that the data is correct, it can be effective to ensure that the data has not been corrupted by the data process.

(2)The application of verification techniques considers only the portion of the aeronautical data chain controlled by the organisation. Yet, verification techniques may be applied at multiple phases of the data processing chain.

(3)Examples of verification techniques

(i)Feedback

Feedback testing is the comparison between the output and input state of a data set.

(ii)Independent redundancy

Independent redundancy testing involves processing the same data through two or more independent processes and comparing the data output of each process.

(iii)Update comparison

Updated data can be compared to its previous version. This comparison can identify all data elements that have changed. The list of changed elements can then be compared to a similar list generated by the supplier. A problem can be detected if an element is identified as changed on one list and not on the other.

ED Decision 2020/008/R

VALIDATION AND VERIFICATION TECHNIQUES

Validation and verification techniques are employed throughout the data processing chain to ensure that the data meets the associated DQRs. More explanatory material may be found in Appendix C (Guidance on compliance with data processing requirements) to EUROCAE ED-76A ‘Standards for Processing Aeronautical Data’.

ED Decision 2020/008/R

ELECTRONIC MEANS

The transmission of aeronautical data and aeronautical information may be done by various electronic means.

ED Decision 2020/008/R

FORMAL ARRANGEMENTS

Formal arrangements should include the following minimum content:

(a)the aeronautical data to be provided;

(b)the data quality requirements (DQRs) for each data item supplied according to the aeronautical data catalogue;

(c)the method(s) for demonstrating that the data provided conforms with the specified requirements;

(d)the action to be taken in the event of discovery of a data error or inconsistency in any data provided;

(e)the following minimum criteria for notification of data changes:

(1)criteria for determining the timeliness of data provision based on the operational or safety significance of the change;

(2)any prior notice of expected changes; and

(3)the means to be adopted for notification;

(f)the party responsible for documenting data changes;

(g)data exchange details such as format or format change processes;

(h)any limitations on the use of data;

(i)requirements for the production of data origination quality reports;

(j)metadata to be provided; and

(k)contingency requirements concerning the continuity of data provision

ED Decision 2020/008/R

FORMAL ARRAGNEMENTS

ATM/ANS providers may use the predetermined template ‘Data Provision Agreement’ developed by EUROCONTROL (ADQ Formal Arrangement Template, version 1.1. issued on 22 February 2016.)

ED Decision 2020/008/R

SOFTWARE

(a)A means by which the requirement in ATM/ANS.OR.A.085(i) can be met, is through the verification of software applied to a known executable version of the software in its target operating environment.

(b)The verification of software is a process of ensuring that the software meets the requirements for the specified application or intended use of the aeronautical data and aeronautical information.

(c)The verification of software is an evaluation of the output of an aeronautical data and/or aeronautical information software development process to ensure correctness and consistency with respect to the inputs and applicable software standards, rules and conventions used in that process.

ED Decision 2020/008/R

TOOLS

Tools can be qualified meeting point 2.4.5 Aeronautical Data Tool Qualification of EUROCAE ED-76A/RTCA DO-200B ‘Standards for Processing Aeronautical Data’, dated June 2015.

ED Decision 2020/008/R

DATA ERROR DETECTION TECHNIQUES

(a)Digital error detection techniques can be used to detect errors during the transmission or storage of data. An example of a digital error detection technique is the use of cyclic redundancy checks (CRCs). Coding techniques can be effective regardless of the transmission media (e.g. computer disks, modem communication, or internet).

(b)Transmission of data via electronic/digital means (e.g. file transfer protocol (FTP) sites, web downloads, or email) may be subject to malicious attack that can corrupt the integrity of data for its intended use. Provision of means to mitigate the intentional corruption of digitally transmitted data may already exist within the organisational construct and operating procedures of participating entities.

(c)The objective of data security is to ensure that data is received from a known source and that there is no intentional corruption during processing and exchange of data.

(d)Records should be maintained to show what data security provisions have been implemented.

(e)Provisions supporting this objective may include:

(1)implementation of technical data security measures to provide authentication and prevent intentional corruption during exchange of data (e.g. secure hashes, secure transmissions, digital signatures); and

(2)implementation of organisational data security measures to protect processing resources and prevent intentional corruption during processing of data.

ED Decision 2020/008/R

DATA ERROR PROCESSING

More explanation and guidance may be found in Appendix C (Guidance on compliance with data processing requirements) to EUROCAE ED-76A.

ED Decision 2020/008/R

ERROR HANDLING

(a)The term ‘error’ is understood as being defective, degraded, lost, misplaced or corrupted data elements, or data elements not meeting stated DQRs.

(b)Guidance on how to detect, identify, report and address/resolve aeronautical data errors may be found in Appendix C (Guidance on compliance with data processing requirements) to EUROCAE ED-76A ‘Standards for Processing Aeronautical Data’.

Commission Implementing Regulation (EU) 2020/469

For the purpose of air navigation, service providers shall use:

(a)the World Geodetic System – 1984 (WGS-84) as the horizontal reference system;

(b)the mean sea level (MSL) datum as the vertical reference system;

(c)the Gregorian calendar and coordinated universal time (UTC) as the temporal reference systems.

ED Decision 2020/008/R

HORIZONTAL REFERENCE SYSTEM — WGS-84

(a)A reference system provides a definition of a coordinate system in terms of the position of an origin in space, the orientation of an orthogonal set of Cartesian axes, and a scale. A terrestrial reference system defines a spatial reference system in which positions of points anchored on the Earth’s solid surface have coordinates. Examples are WGS-84, ITRS/European Terrestrial Reference System (ETRS) and national reference systems.

(b)WGS-84 defines, inter alia, a conventional terrestrial reference system, a reference frame and a reference ellipsoid. WGS-84 is currently the reference system ICAO requires for geo-referencing aeronautical information.

(c)Further explanation and guidance may be found in Annex B (Horizontal reference systems) to EUROCONTROL Specification for the Origination of Aeronautical Data, Volume 2: Guidance material (EUROCONTROL-SPEC-154, Edition 1.0 of 04/02/2013).

ED Decision 2020/008/R

TEMPORARY NON-COMPLIANCE OF GEOGRAPHICAL COORDINATES

In those particular cases where geographical coordinates have been transformed into WGS-84 coordinates by mathematical means and whose accuracy of original field work does not meet the applicable requirements contained in the aeronautical data catalogue, they should be identified until the time when they can be compliant.

ED Decision 2020/008/R

VERTICAL REFERENCE SYSTEM

(a)A service provider should use the Earth Gravitational Model — 1996 (EGM-96), as the global gravity model.

(b)When a geoid model other than the EGM-96 model is used, a description of the model used, including the parameters required for height transformation between the model and EGM-96, should be provided in the aeronautical information publication (AIP).

ED Decision 2020/008/R

MEAN SEA LEVEL

(a)The geoid globally most closely approximates mean sea level (MSL). It is defined as the equipotential surface in the gravity field of the Earth which coincides with the undisturbed MSL extended continuously through the continents.

(b)Gravity-related heights (elevations) are also referred to as ‘orthometric heights’, while distances of points above the ellipsoid are referred to as ‘ellipsoidal heights’.

(c)Global and local geoids differ in their origin: global geoids consider only the long- and middle-wave part of the Earth’s gravity field, whilst local geoids also consider the short-wave part of the gravity field. Global geoids are used when consistent orthometric heights, over long distances (continent or earth surveying), are required. Currently, the world’s best global geoid model is EGM 200846. It was determined using satellite tracking, gravity anomalies and satellite altimetry. Its accuracy is in the range of ± 0.05 m (oceans) and ± 0.5 m (on land). This accuracy is higher in flat regions than in topographically mountainous terrain, such as the Alps.

(d)For local engineering applications and cadastre-surveying, global geoids are not as accurate as needed. For such applications, local geoid models are calculated. These can only be developed using local field measurements. They offer centimetre accuracy over several hundred kilometres, with a high resolution. Local geoids are not suitable for height comparison over large distances since they are based on different origins and reference heights (different equipotential levels).

ED Decision 2020/008/R

VERTICAL REFERENCE SYSTEM

Further explanation and guidance may be found in Annex C (Vertical reference systems) to EUROCONTROL Specification for the Origination of Aeronautical Data, Volume 2 (EUROCONTROL-SPEC-154, Edition 1.0 of 04/02/2013).

ED Decision 2020/008/R

TEMPORAL REFERENCE SYSTEM

(a)A value in the time domain is a temporal position measured relative to a temporal reference system.

(b)ISO Standard 8601 specifies the use of the Gregorian calendar and 24-hour local or UTC for information interchange, while ISO Standard 19108 prescribes the Gregorian calendar and UTC as the primary temporal reference system for use with geographic information.

SUBPART B — MANAGEMENT (ATM/ANS.OR.B)

Regulation (EU) 2017/373

A service provider shall ensure that it is able to provide its services in a safe, efficient, continuous and sustainable manner, consistent with any foreseen level of overall demand for a given airspace. To this end, it shall maintain adequate technical and operational capacity and expertise.

ED Decision 2017/001/R

TECHNICAL AND OPERATIONAL CAPACITY

Technical and operational capacity should include a sufficient number of personnel to perform its tasks and discharge its responsibilities.

Regulation (EU) 2023/1771

(a)A service provider shall implement and maintain a management system that includes:

(1)clearly defined lines of responsibility and accountability throughout its organisation, including a direct accountability of the accountable manager;

(2)a description of the overall philosophies and principles of the service provider with regard to safety, quality, and security of its services, collectively constituting a policy, signed by the accountable manager;

(3)the means to verify the performance of the service provider's organisation in light of the performance indicators and performance targets of the management system;

(4)a process to identify changes within the service provider's organisation and the context in which it operates, which may affect established processes, procedures and services and, where necessary, change the management system and/or the functional system to accommodate those changes;

(5)a process to review the management system, identify the causes of substandard performance of the management system, determine the implications of such substandard performance, and eliminate or mitigate such causes;

(6)a process to ensure that the personnel of the service provider are trained and competent to perform their duties in a safe, efficient, continuous and sustainable manner. In this context, the service provider shall establish policies for the recruitments and training of its personnel;

(7)a formal means for communication that ensures that all personnel of the service provider are fully aware of the management system that allows critical information to be conveyed and that makes it possible to explain why particular actions are taken and why procedures are introduced or changed;

(8)a process to ensure that the design of ATM/ANS equipment, or the changes to its design, subject to Article 6 of Delegated Regulation (EU) 2023/1768 comply with the applicable specifications, including independent checking function of the demonstration of compliance on the basis of which the ATM/ANS provider issues a statement of compliance and the associated compliance documentation thereto.

(b)A service provider shall document all management system key processes, including a process for making personnel aware of their responsibilities, and the procedure for the amendment of those processes.

(c)A service provider shall establish a function to monitor compliance of its organisation with the applicable requirements and the adequacy of the procedures. Compliance monitoring shall include a feedback system of findings to the accountable manager to ensure effective implementation of corrective actions as necessary.

(d)A service provider shall monitor the behaviour of its functional system and, where underperformance is identified, it shall establish its causes and eliminate them or, after having determined the implication of the underperformance, mitigate its effects.

(e)The management system shall be proportionate to the size of the service provider and the complexity of its activities, taking into account the hazards and associated risks inherent in those activities.

(f)Within its management system, the service provider shall establish formal interfaces with the relevant service providers and aviation undertakings in order to:

(1)ensure that the aviation safety hazards entailed by its activities are identified and evaluated, and the associated risks are managed and mitigated as appropriate;

(2)ensure that it provides its services in accordance with the requirements of this Regulation.

(g)In the case that the service provider holds also an aerodrome operator certificate, it shall ensure that the management system covers all activities in the scope of its certificates.

ED Decision 2020/008/R

DEFINITIONS AND CONCEPT OF MANAGEMENT SYSTEM

(a)ISO 9000 series of standards define a management system as a 'set of interrelated or interacting elements to establish policy and objectives and to achieve those objectives'.

(b)Another available definition of management system is the following: ‘The structure, processes and resources needed to establish an organisation's policy and objectives and to achieve those objectives.'

(c)Traditionally, separate management systems were developed to address issues such as safety, quality, environment, health and safety, finance, human resources, information technology and data protection. However, it is foreseen that more and more the services providers will establish integrated management systems following the harmonised set of requirements in this Regulation.

(d)The Regulation does not require that the different management systems are integrated but it facilitates their integration.

ED Decision 2017/001/R

RELATIONSHIP BETWEEN THE TYPE OF SERVICE AND SAFETY MANAGEMENT — QUALITY MANAGEMENT

(a)All service providers are required to establish and maintain a management system. However, only an air traffic services provider can have managerial control over functions directly affecting the safety of the flight (e.g. the ATCO to separate aircraft from each other). Hence, the management system requirements in Annex III, which apply to all service providers, are more broadly associated with the quality of the service rather than the safety of the service. Annex IV (Part-ATS) has specific safety management requirements for the provision of air traffic services. Therefore, only the air traffic services provider (that providing air traffic control, alerting service, air traffic advisory service or flight information service) is required to have a safety management system and undertake safety assessment of changes to the functional system.

(b)Service providers other than the air traffic services provider can still affect the safety of the flight through functions or services they provide, but this will always be influenced by the way in which the air traffic services provider or airspace user are using those functions or services. Therefore, service providers other than air traffic services providers have a management system which manages the performance of service (rather than the safe use of their services for flight navigation and the control which is beyond the managerial control of the service provider). This performance of the service refers to such properties of the service provided such as accuracy, reliability, integrity, availability, timeliness, etc.

(c)It is quite likely that air traffic services providers have contractual arrangements in place with other service providers, whose services they use, specifying the required performance and requiring the service provider to inform, in a timely manner, the air traffic services provider of any impact on the performance of services supplied.

(d)When the service provider other than an air traffic services provider provides services or functions directly to a flight (e.g. MET) without involving air traffic services, then the safe use of those services is the responsibility of the users of those services.

(e)When the air traffic services provider also provides other services, it may choose to combine the necessary performance and safety management activities into an integrated management system covering all services.

ED Decision 2017/001/R

GENERAL

An ISO 9001 certificate, issued by an appropriately accredited organisation, addressing the quality management elements required in this Subpart should be considered a sufficient means of compliance for the service provider. In this case, the service provider should accept the disclosure of the documentation related to the certification to the competent authority upon the latter’s request.

ED Decision 2017/001/R

GENERAL

ISO 9001 Certificate(s) covers (cover) the quality management elements of the management system. Other elements required by this Regulation in reference to the management system that are not covered by the ISO 9001 certificate issued by an appropriately accredited organisation should be subject to oversight by the competent authority.

ED Decision 2017/001/R

GENERAL — FOR ATS PROVIDERS

An ISO 9001 certificate may not give the presumption of compliance with the provisions of ATS.OR.200 ‘Safety management system’.

ED Decision 2017/001/R

GENERAL — TYPE 1 DAT PROVIDERS

An ISO 9001 or EN 9100 certificate issued by an appropriately accredited organisation addressing the quality management elements required in the respective Subparts should be considered a sufficient means of compliance for the Type 1 DAT provider. In this case, the Type 1 DAT provider should accept the disclosure of the documentation related to the certification to the competent authority upon its request.

ED Decision 2017/001/R

GENERAL — TYPE 1 DAT PROVIDERS

ISO 9001/EN 9100 Certificate(s) covers (cover) the quality management elements of the management system. Other elements required by this Regulation in reference to the management system that are not covered by the ISO 9001/EN 9100 certificate issued by an appropriately accredited organisation should be subject to oversight by the competent authority.

ED Decision 2017/001/R

GENERAL — TYPE 2 DAT PROVIDERS

An EN 9100 certificate issued by an appropriately accredited organisation addressing the quality management elements required in the respective Subparts should be considered as a sufficient means of compliance for the Type 2 DAT provider. In this case, the Type 2 DAT provider should accept the disclosure of the documentation related to the certification to the competent authority upon its request.

ED Decision 2017/001/R

EN 9100 CERTIFICATE — TYPE 2 DAT PROVIDERS

EN 9100 Certificate(s) covers (cover) the quality management elements of the management system. Other elements required by this Regulation in reference to the management system that are not covered by EN 9100 certificate issued by an appropriately accredited organisation should be subject to oversight by the competent authority.

ED Decision 2017/001/R

GENERAL — NON-COMPLEX SERVICE PROVIDERS

(a)The policy should include a commitment to improve towards the highest standards, comply with all the applicable legal requirements, meet all the applicable standards, consider the best practices, and provide the appropriate resources.

(b)The compliance monitoring task may be exercised by the accountable manager, provided that he or she has demonstrated having the related competence as defined in point (b)(4) of GM1 ATM/ANS.OR.B.005(c).

(c)Risk management may be performed using hazard checklists or similar risk management tools or processes, which are integrated into the activities of the service provider.

(d)A service provider should manage associated risks related to changes, as applicable. Management of changes should be a documented process to identify external and internal changes.

(e)A service provider should identify persons who fulfil the role of managers and who are responsible with regard to safety, quality and security of its services, as applicable. These persons may be accountable managers or individuals with an operational role in the service provider.

ED Decision 2017/001/R

RESPONSIBILITIES AND ACCOUNTABILITIES

(a)Senior management should ensure that responsibilities and accountabilities are defined and communicated within the service provider and documented within the management system. In the context of this rule, ‘responsibilities’ refers to obligations that can be delegated and ‘accountabilities’ refers to obligations that cannot be delegated.

(b)The appointment of an accountable manager who is given the required authorities and responsibilities, requires that the individual has the necessary attributes to fulfil the role. The accountable manager may have more than one function in the organisation. Nonetheless, the accountable manager’s role is to ensure that the management system is properly implemented and maintained through the allocation of resources and tasks.

ED Decision 2017/001/R

POLICY

(a)The policy should:

(1)be signed by the accountable manager;

(2)reflect organisational commitments regarding performance of its services and safety, where applicable, and its proactive and systematic management;

(3)include reporting principles; and

(4)include a commitment to:

(i)improve towards the highest performance standards so as to support the achievement of the highest level of safety;

(ii)comply with all applicable legislation and requirements, meet all applicable standards and consider best practices;

(iii)continually improve the effectiveness of the management system;

(iv)provide appropriate resources;

(v)enforce the performance of the service required to support the achievement of the highest level of safety in the airspace where the service is provided as one primary responsibility of all managers; and

(vi)that the purpose of reporting is improvement and not to apportion blame to individuals.

(b)Senior management should:

(1)ensure that the policy:

(i)is appropriate to the purpose of service providers;

(ii)provides a framework for establishing and reviewing objectives in relation to the provision of the service;

(iii)is communicated and understood within the service provider; and

(iv)is reviewed for continuing suitability;

(2)continually promote the policy to all personnel and demonstrate their commitment to it;

(3)provide necessary and appropriate human and financial resources for its implementation; and

(4)establish objectives in relation to the provision of the services and performance standards.

ED Decision 2017/001/R

POLICY FOR AIR TRAFFIC SERVICES PROVIDERS VS POLICY FOR ALL OTHER SERVICE PROVIDERS

If a service provider does not undertake the provision of air traffic services, then the policy will be recognisable more as a quality policy that is concerned with the performance of the service and conformance to the service provision requirements supporting the achievement of the highest level of safety in the airspace where the service is provided. Should the service provider undertake the provision of air traffic services, then ATS.OR.200 also applies and the policy will need to be expanded to include both the safety and the quality of the service.

ED Decision 2017/001/R

POLICY — NON-COMPLEX SERVICE PROVIDERS

The policy is the means whereby the service provider states its intention to maintain and, where practicable, improve performance levels in all their activities and to minimise their contribution to the risk of an aircraft accident as far as is reasonably practicable.

ED Decision 2017/001/R

SAFETY CULTURE

The policy should actively encourage effective safety reporting and, by defining the line between acceptable performance (often unintended errors) and unacceptable performance (such as negligence, recklessness, violations or sabotage), provide fair protection to reporters. A safety or just culture may not, however, preclude the ‘criminalisation of error’, which is legally, ethically and morally within the sovereign rights of any Member State, provided that European Union law and established international agreements are observed. A judicial investigation, and consequences of some form, may be expected following an accident or serious incident especially if a system failure resulted in lives lost or property damaged, even if no negligence or ill intent existed. A potential issue could, therefore, exist if voluntary hazard reports, which relate to latent deficiencies of a system or its performance, are treated in the same way as those concerning accident and serious incident investigations. The intent of protecting hazard reports should not challenge the legitimacy of a judicial investigation or demand undue immunity.

ED Decision 2017/001/R

MANAGEMENT OF METEOROLOGICAL SERVICES PERFORMANCE

(a)The management system of the meteorological service provider should provide users with assurance that the meteorological information supplied complies with the stated requirements in terms of geographical and spatial coverage, format and content, time and frequency of issuance and period of validity, as well as the accuracy of measurements, observations and forecasts.

(b)When the management system indicates that the meteorological information to be supplied to users does not comply with the stated requirements, and automatic error correction procedures are not appropriate, such information should not be supplied to users unless it is validated with the originator.

(c)In regard to the exchange of meteorological information for operational purposes, the management system should include verification and validation procedures and resources for monitoring adherence to the prescribed transmission schedules for individual messages and/or bulletins required to be exchanged as well as the times of their filing for transmission. The management system should be capable of detecting excessive transit times of messages and bulletins received.

ED Decision 2017/001/R

SAFETY PERFORMANCE MONITORING AND MEASUREMENT — ATS PROVIDER

(a)Safety performance monitoring and measurement should be the process by which the safety performance of the air traffic services providers is verified in comparison to the safety policy and the safety objectives established by the air traffic services provider.

(b)This process should include:

(1)safety reporting;

(2)safety studies encompassing broad safety concerns;

(3)safety reviews including trends reviews, which would be conducted during introduction and deployment of new technologies, change or implementation of procedures, or in situations of structural change in operations;

(4)safety audits focusing on the integrity of the air traffic services provider’s management system, and periodically assessing the status of safety risk controls; and

(5)safety surveys, examining particular elements or procedures of a specific operation, such as problem areas or bottlenecks in daily operations, perceptions and opinions of operational personnel, and areas of dissent or confusion.

ED Decision 2017/001/R

SAFETY SURVEYS — COMPLEX AIR TRAFFIC SERVICES PROVIDER

(a)An air traffic services provider should:

(1)initiate safety surveys and ensure that all safety-related activities within its scope are addressed periodically;

(2)appoint an appropriate survey leader and survey team whose expertise is in accordance with the particular requirements of the intended survey, taking due account of the desirability of including staff from outside areas where relevant, and being mindful of the opportunity such an activity provides for staff development and engagement;

(3)define an annual safety survey plan;

(4)take immediate remedial action as soon as any safety-related shortcomings are identified;

(5)ensure that the actions identified in the action plans are carried out within the specified timescales; and

(6)ensure that examples of lesson learning and good practice arising from safety surveys are disseminated and acted upon.

(b)The survey leader should:

(1)carry out the survey;

(2)record the results;

(3)make recommendations; and

(4)agree actions with the relevant operational management.

(c)The survey team should assist the survey leader in fulfilling their responsibilities as determined by the survey leader.

(d)Safety surveys may be initiated by a number of means such as occurrence reports, safety performance, suggestions from members of staff, etc.

(e)Safety surveys may be documented in a safety survey report which should also contain the specific actions that will be taken to address the recommendations. The actions should specify those responsible for completion and the target dates. The actions should be tracked to closure through an action plan. This action plan may be implemented as part of an existing locally or centrally managed action tracker.

(f)A typical safety survey report would require the following content:

(1)Front sheet:

(i)reference number;

(ii)title;

(iii)survey period;

(iv)team members and team leader; and

(v)survey initiator;

(2)Survey description:

(i)introduction;

(ii)objective;

(iii)scope;

(iv)record of results;

(v)conclusions; and

(vi)recommendations and actions.

(g)Survey leader

The survey leader should be adequately trained and competent for the subject of the survey. Where this is not possible, at least one member of the survey team should be competent in the subject of the survey.

(h)Survey team

It is advantageous for the survey team to be multi-disciplined and, where possible, be drawn from differing parts of the air traffic services provider’s organisation.

ED Decision 2017/001/R

SAFETY PERFORMANCE MONITORING AND MEASUREMENT — ATS PROVIDER

(a)The means to monitor performance is often through one or more leading or lagging indicators.

(b)Indicators and performance measures provide feedback on what is happening so that the air traffic services provider can take appropriate actions to respond to changing circumstances. The indicators provide information on:

(1)what is happening around the air traffic services provider;

(2)how well the air traffic services provider is doing;

(3)what has happened so far; and

(4)warning of impending problems or dangers that the air traffic services provider may need to take action to avoid.

(c)Although ‘lagging’ performance indicators that measure the final outcomes resulting from the air traffic services provider’s activities are often considered as the most interesting, lagging indicators themselves may not provide enough information to guide the air traffic services provider’s actions and ensure success.

(d)By measuring the inputs to a process, leading performance indicators can complement the use of lagging indicators and compensate for some of their shortcomings. Leading indicators can be used to monitor the effectiveness of control systems and give advance warning of any developing weaknesses before problems occur. One purpose of leading performance indicators is, therefore, to show the condition of systems before accidents, incidents, harm, damage or failure occurs. In this way, they can help to control risks and prevent mishaps.

(e)There is good evidence that when leading performance indicators are used correctly, they are effective in improving performance. However, there is also good evidence that they can be misused.

(f)For leading performance indicators to play an effective role in the improvement process, there should be an association between the inputs that the leading performance indicators measure and the desired lagging outputs. There needs to be a reasonable belief that the actions taken to improve leading performance indicators will be followed by an improvement in the associated lagging output indicators.

(g)The process for effective use of leading performance indicators can be summarised as:

(1)Identify where there are potential weaknesses or opportunities for improvement;

(2)Identify what can be done to counter weaknesses or deliver improvement;

(3)Set performance standards for the actions identified;

(4)Monitor performance against the standards;

(5)Take corrective actions to improve performance; and

(6)Repeat the process by using the following continuous improvement model:

(h)For any performance indicator to be effective, it is important that it is:

(1)objective and easy to measure and collect;

(2)relevant to the air traffic services provider whose performance is being measured;

(3)capable of providing immediate and reliable indications of the level of performance;

(4)cost-efficient in terms of the equipment, personnel and additional technology required to gather the information;

(5)understood and owned by the air traffic services provider whose performance is being measured;

(6)related to activities considered to be important for future performance;

(7)amenable to intervention/influence by the air traffic services provider whose performance is being measured;

(8)related to something where there is scope to improve; and

(9)a clear indication of a means to improve performance.

ED Decision 2017/001/R

PERFORMANCE MONITORING AND MEASUREMENT — SERVICE PROVIDER OTHER THAN AIR TRAFFIC SERVICES PROVIDER

A performance indicator (PI) is a type of performance measurement. An organisation may use PIs to evaluate its success, or to evaluate the success of a particular activity in which it is engaged. Sometimes success is defined in terms of making progress towards strategic goals, but often success is simply the repeated, periodic achievement of some level of operational goal (e.g. zero defects). Accordingly, choosing the right PIs relies upon a good understanding of what is important to the organisation. Since there is a need to understand well what is important, various techniques to assess the present state of the business, and its key activities, are associated with the selection of PIs. These assessments often lead to the identification of potential improvements, so performance indicators are routinely associated with 'performance improvement' initiatives. When PIs have performance targets associated with them, they are known as key performance indicators (KPIs).

ED Decision 2017/001/R

IDENTIFICATION OF CHANGES TO FUNCTIONAL SYSTEMS

This process is used by the service provider to correctly identify proposed changes. The changes dealt with in this GM are the proposed changes to the functional system. These can be triggered internally by changing circumstances that are related to the service provider of concern or externally by changing circumstances that are related to others or to the context in which the service operates, i.e. in situations where the service provider does not have managerial control over them. The triggers are called ‘change drivers’.

(a)Identification of internal circumstances

(1)The procedure to identify changes needs to be embedded in all parts of the organisation that can modify the functional system, i.e. the operational system used to support the services provided. Examples of proposed changes to the functional system as a response to changing circumstances under the control of the organisation, therefore, include:

(i)changes to the way the components of the functional system are used;

(ii)changes to equipment, either hardware or software;

(iii)changes to roles and responsibilities of operational personnel;

(iv)changes to operating procedures;

(v)changes to system configuration, excluding changes during maintenance, repair and alternative operations that are already part of the accepted operational envelope;

(vi)changes that are necessary as a result of changing circumstances to the operational context under the managerial control of the provider that can impact the service, e.g. provision of service under new conditions;

(vii)changes that are necessary as a result of changing circumstances to the local physical (operational) environment of the functional system; and

(viii)changes to the working hours and/or shift patterns of key personnel which could impact on the safe delivery of services.

(2)These changes are often identified by the service provider using business processes, which will be used to identify changes planned for the medium and long term. Such processes can include:

(i)annual business plans;

(ii)strategic safety boards;

(iii)equipment replacement projects;

(iv)airspace reorganisation plans;

(v)introduction of new operational concepts, e.g. Free Flight;

(vi)accident and incident investigation reports; and

(vii)safety monitoring and safety surveys.

(b)Identification of external circumstances

The service provider should have processes in place to react appropriately to notifications received from those service providers that supply services to them. In addition, changes to the context that can impact on the service provided and are not under the managerial control of the service provider should be identified and treated as potential triggers. Furthermore, the service provider should negotiate contracts with unregulated service providers in accordance with ATM/ANS.OR.B.015 ‘Contracted activities’ that place a responsibility on such organisations to inform them of planned changes to their services.

ED Decision 2017/001/R

ASSESSMENT OF THE MANAGEMENT SYSTEM

(a)Senior management should assess the service provider’s management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness.

(b)The review should include assessing opportunities for improvement and the need for changes to the management system, including the policy and objectives.

(c)Records from management assessments should be maintained.

ED Decision 2017/001/R

TRAINING AND COMPETENCY

A service provider should:

(a)determine the necessary competence for personnel performing activities supporting services provision;

(b)where applicable, provide training or take other actions to achieve the necessary competence;

(c)evaluate the effectiveness of the actions taken;

(d)ensure that personnel are aware of the relevance and importance of their activities and how they contribute to the achievement of the objectives; and

(e)maintain appropriate records of education, training, skills and experience.

ED Decision 2022/004/R

TRAINING AND COMPETENCIES— MET PROVIDERS

Information and guidance concerning the qualifications, competencies, education and training of meteorological personnel in aeronautical meteorology are given in the Technical Regulations (WMO No 49), Volume I General Meteorological Standards and Recommended Practices, Part V Qualifications and Competencies of Personnel Involved in the Provision of Meteorological (Weather and Climate) and Hydrological Services; Part VI Education and Training of Meteorological Personnel, Appendix A Basic Instruction Packages, WMO 1083 Guide to the Implementation of Education and Training Standards in Meteorology and Hydrology, Volume I, and WMO 1205 Guide to Competency.

ED Decision 2017/001/R

COMMUNICATION RESPONSIBILITIES

The senior management should ensure that appropriate communication processes are established within the service provider and that communication takes place regarding the effectiveness of the management system.

ED Decision 2023/018/R

COMPLIANCE PROCEDURE FOR THE ISSUE OF A STATEMENT OF COMPLIANCE

The ATM/ANS provider should establish a compliance procedure for making a statement of compliance in accordance with Article 6 of Delegated Regulation (EU) 2023/1768 as part of its management system. The compliance procedure should encompass all compliance activities for demonstrating with sufficient confidence the compliance of the design of ATM/ANS equipment with the applicable DSs established in accordance with Article 6(1) of Delegated Regulation (EU) 2023/1768.

ED Decision 2023/018/R

STAFF INVOLVED IN THE COMPLIANCE PROCEDURE

The compliance procedure referred to in AMC1 ATM/ANS.OR.B.005(a)(8) should encompass:

(a)the training, knowledge and competence for the personnel involved in the deployment process; and

(b)the necessary measures to prevent any situation of conflict of interest as regards the demonstration of compliance of the design of ATM/ANS equipment, in particular regarding the staff who should evaluate the results of the deployment checks in an impartial and objective manner.

ED Decision 2023/018/R

COMPLIANCE PROCEDURE FOR THE ISSUE OF A STATEMENT OF COMPLIANCE

When classifying the change to the ATM/ANS equipment subject to Article 6 of Regulation (EU) 2023/1768 as minor or major in accordance with AMC1 Article 6 of the said Regulation, the ATM/ANS provider may establish a compliance procedure for each type of change as part of the change management procedures in accordance with AMC1 ATM/ANS.OR.B.010(a).

ED Decision 2023/018/R

COMPLIANCE PROCEDURE FOR THE ISSUE OF A STATEMENT OF COMPLIANCE | COMPLIANCE ACTIVITIES

Compliance activities that may be conducted as part of a compliance procedure may include the following:

(a)record the justification of compliance within compliance documents;

(b)perform testing and inspections, as necessary;

(c)ensure and record the conformity of the test of ATM/ANS equipment and ensure that the test specimen conforms, as applicable, to the:

(1)specifications,

(2)drawings,

(3)manufacturing processes,

(4)software development standards,

(5)construction, and

(6)assembly means;

(d)ensure that the test and measuring equipment to be used for testing is adequate for testing and appropriately calibrated;

(e)carry out testing and inspections, as necessary, in accordance with the methods for such testing and inspections, to determine whether the ATM/ANS equipment complies with the applicable detailed specifications.

ED Decision 2017/001/R

SERVICE PROVIDER’S MANAGEMENT SYSTEM DOCUMENTATION

A service provider’s management system documentation should at least include the following information:

(a)a statement signed by the accountable manager to confirm that the service provider will continuously work in accordance with the applicable requirements and the service provider’s documentation as required by this Part and other applicable Parts;

(b)the service provider’s scope of activities;

(c)the titles and names of nominated postholders referred to in ATM/ANS.OR.B.020(b);

(d)the service provider’s chart showing the lines of responsibility between the persons referred to in ATM/ANS.OR.B.020(b);

(e)a general description and location of the facilities referred to in ATM/ANS.OR.B.025;

(f)procedures describing the function and specifying how the service provider monitors and ensures compliance with the applicable requirements referred to in ATM/ANS.OR.B.005(c); and

(g)the amendment procedure for the service provider’s management system documentation.

ED Decision 2017/001/R

SERVICE PROVIDER’S MANAGEMENT SYSTEM DOCUMENTATION

(a)It is not required to duplicate information in several manuals. The information may be contained in the service provider’s manuals (e.g. operations manual, training manual), which may also be combined.

(b)A service provider may also choose to document some of the information required to be documented in separate documents (e.g. procedures). In this case, it should ensure that manuals contain adequate references to any document kept separately. Any such documents are then to be considered an integral part of the service provider’s management system documentation.

(c)A service provider’s management system documentation may be included in a separate manual or in (one of) the manual(s) as required by the applicable subpart(s). A cross reference should be included.

ED Decision 2017/001/R

COMPLIANCE MONITORING — GENERAL FOR COMPLEX SERVICE PROVIDERS

(a)Compliance monitoring

The implementation and use of a compliance monitoring function should enable the service provider to monitor compliance with the relevant requirements of this Part and other applicable Parts.

(1)A service provider should specify the basic structure of the compliance monitoring function applicable to the activities conducted.

(2)The compliance monitoring function should be structured according to the size of the service provider and the complexity of the activities to be monitored, including those which have been subcontracted.

(b)A service provider should monitor compliance with the procedures they have designed to ensure that services are provided with the required safety levels and quality, as applicable. In doing so, they should as a minimum, and where appropriate, monitor:

(1)manuals, logs, and records;

(2)training standards; and

(3)management system procedures.

(c)Organisational set-up

(1)A person should be responsible for compliance monitoring to ensure that the service provider continues to meet the requirements of this Part and other applicable Parts. The accountable manager should ensure that sufficient resources are allocated for compliance monitoring.

(2)Personnel involved in the compliance monitoring should have access to all parts of service provider and, as necessary, any contracted organisation.

(3)In the case the person responsible for compliance monitoring acts also as safety manager, the accountable manager, with regard to his or her direct accountability for safety, should ensure that sufficient resources are allocated to both functions, taking into account the size of the service provider and the nature and complexity of its activities.

(4)The independence of the compliance monitoring function should be established by ensuring that audits and inspections are carried out by personnel not directly involved in the activity being audited.

(d)Compliance monitoring documentation

(1)Relevant documentation should include relevant part(s) of the service provider’s management system documentation.

(2)In addition, relevant documentation should also include:

(i)terminology;

(ii)specified activity standards;

(iii)a description of the service provider;

(iv)allocation of duties and responsibilities;

(v)procedures to ensure compliance;

(vi)the compliance monitoring programme, reflecting:

(A)the schedule of the monitoring programme;

(B)audit procedures;

(C)reporting procedures;

(D)follow-up and corrective action procedures; and

(E)the record-keeping system;

(vii)the training syllabus referred to in (e)(2); and

(viii)document control.

(e)Training

(1)Correct and thorough training is essential to optimise compliance in every service provider. In order to achieve significant outcomes of such training, the service provider should ensure that all personnel understand the objectives as laid down in the service provider’s management system documentation.

(2)Those responsible for managing the compliance monitoring function should receive training on this task. Such training should cover the requirements of compliance monitoring, manuals and procedures related to the task, audit techniques, reporting and recording.

(3)Time should be provided to train all personnel involved in compliance management and for briefing the remainder of the personnel.

(4)The allocation of time and resources should be governed by the volume and complexity of the activities concerned.

ED Decision 2017/001/R

COMPLIANCE MONITORING ORGANISATIONAL SET-UP

(a)The role of the compliance monitoring may be performed by a compliance monitoring manager to ensure that the activities of the service provider are monitored for compliance with the applicable regulatory requirements and any additional requirements established by the service provider, and that these activities are being carried out properly under the supervision of other relevant nominated postholders and line managers.

(b)The compliance monitoring manager should:

(1)be responsible for ensuring that the compliance monitoring programme is properly implemented, maintained, and continually reviewed and improved;

(2)have direct access to the accountable manager;

(3)not be one of the line managers; and

(4)be able to demonstrate relevant knowledge, background and appropriate experience related to the activities of the service provider, including knowledge and experience in compliance monitoring.

(c)The compliance monitoring manager may perform all audits and inspections himself/herself or appoint one or more auditors by choosing personnel having the related competence as defined in point (b)(iii), either from within or outside the service provider.

(d)Regardless of the option chosen, it needs to be ensured that the independence of the audit function is not affected, in particular in cases where those performing the audit or inspection are also responsible for other activities within the service provider.

(e)In case external personnel are used to perform compliance audits or inspections:

(1)any such audits or inspections are performed under the responsibility of the compliance monitoring manager; and

(2)the compliance monitoring manager remains responsible for ensuring that the external personnel has relevant knowledge, background and experience as appropriate to the activities being audited or inspected, including knowledge and experience in compliance monitoring.

(f)A service provider retains the ultimate responsibility for the effectiveness of the compliance monitoring function, in particular for the effective implementation and follow-up of all corrective actions.

ED Decision 2017/001/R

REACTION TO UNDERPERFORMANCE OF FUNCTIONAL SYSTEMS

If the cause of the underperformance is found to be:

(a)a flaw in the functional system, the service provider should initiate a change to the functional system either to remove the flaw or mitigate its effects;

(b)a flawed argument associated with a change to that functional system, the service provider should either:

(1)provide a valid argument; or

(2)where the service provider considers it more feasible, initiate a change to the functional system.

ED Decision 2023/018/R

MONITORING

This behaviour could be understood as performance of the service(s) delivered by the functional system of the ATM/ANS provider (e.g. specification such as function, accuracy, availability, continuity, timeliness, reliability, integrity, etc.). When the monitoring activity identifies underperformance of the service provided with respect to the specification of the service, the ATM/ANS provider should introduce mitigation measures.

For example, the ATC provider should monitor the quality of communication services and verify the conformance with the level of performance required for the operational environment under its responsibility with regard to the provision of ATC with data link services.

ED Decision 2017/001/R

SIZE, NATURE AND COMPLEXITY OF THE ACTIVITY

(a)An air traffic services provider should be considered as complex unless it is eligible to apply for a limited certificate and fulfils the criteria set out in ATM/ANS.OR.A.010(a).

(b)An air navigation services provider, other than an air traffic services provider, should be considered as complex unless it is eligible to apply for a limited certificate and fulfils the criteria set out in ATM/ANS.OR.A.010(b)(1).

(c)An aerodrome flight information services provider should be considered as complex unless it is eligible to apply for a limited certificate and fulfils the criteria set out in ATM/ANS.OR.A.010(b)(2).

(d)A service provider, other than an air navigation services provider, should be considered as complex when it has a workforce of more than 20 full-time equivalents (FTEs) involved in the activity subject to Regulation (EC) No 216/2008 and its implementing rules.

ED Decision 2017/001/R

SIZE, NATURE AND COMPLEXITY OF THE ACTIVITY

(a)In consideration of the EUR 1 000 000 gross annual turnover referred to in ATM/ANS.OR.A.010(b)(1), this is assessed against the income the air navigation services provider generates in the provision of the services specified in Annex Vb to Regulation (EC) No 216/2008 and does not include any income generated by the air navigation services provider who undertakes other commercial activity that generates income.

(b)In consideration of operating regularly not more than one working position at any aerodrome referred to in ATM/ANS.OR.A.010(b)(2), this means that for the majority (i.e. greater than 50 %) of time an aerodrome is operational, only one working position is used.

(c)Table 3 below illustrates the circumstances under which the service provider could be considered as non-complex.

Table 3: Non-complex service provider

ED Decision 2023/018/R

FORMAL INTERFACES — ATS PROVIDERS

Where data link communications are used, the ATS provider should make appropriate arrangements with a communication services provider to ensure that data exchanges can be established with all aircraft flying in the airspace under their responsibility and having data link capability in accordance with the applicable requirements, with due regard to possible coverage limitations inherent in the communication technology used.

ED Decision 2017/001/R

GENERAL

Within the scope of this Regulation, only the air traffic services provider can identify hazards, assess the associated risks and mitigate or propose mitigating measures where necessary. This requirement implies that all service providers (air traffic services and non-air traffic services) establish formal interfaces (e.g. service level agreements, letters of understanding, memorandum of cooperation) between the relevant services providers themselves or between the service providers and other aviation undertakings (e.g. aerodrome operators) so as to ensure that hazards associated with the use of the services they provide are identified and the risks assessed and whenever needed mitigated. It does not imply that this has to be done by the service providers themselves (e.g. MET or AIS providers cannot do this by themselves) as only the air traffic services provider can, but they need to establish the interfaces with those service providers (ATS providers) or other aviation undertaking (e.g. aerodrome operators) who are able to do so. The formal interfaces could address the mitigation means put on the different providers (e.g. via requirements in a service level agreement).

ED Decision 2017/001/R

LOCAL RUNWAY SAFETY TEAM

The service provider should participate in the local runway safety team (LRST) established by the aerodrome operator in accordance with AMC1 ADR.OR.D.027 and GM2 ADR.OR.D.027.

Regulation (EU) 2023/203

In addition to the management system referred to in point ATM/ANS.OR.B.005, the service provider shall establish, implement and maintain an information security management system in accordance with Implementing Regulation (EU) 2023/203 in order to ensure the proper management of information security risks which may have an impact on aviation safety.

[applicable from 22 February 2026 - Regulation (EU) 2023/203]

Regulation (EU) 2017/373

(a)A service provider shall use procedures to manage, assess and, if necessary, mitigate the impact of changes to its functional systems in accordance with points ATM/ANS.OR.A.045, ATM/ANS.OR.C.005, ATS.OR.205 and ATS.OR.210, as applicable.

(b)The procedures referred to in point (a) or any material modifications to those procedures shall:

(1)be submitted, for approval, by the service provider to the competent authority;

(2)not be used until approved by the competent authority.

(c)When the approved procedures referred to in point (b) are not suitable for a particular change, the service provider shall:

(1)make a request to the competent authority for an exemption to deviate from the approved procedures;

(2)provide the details of the deviation and the justification for its use to the competent authority;

(3)not use the deviation before being approved by the competent authority.

ED Decision 2017/001/R

GENERAL

(a)The procedures, and the change of the procedures, used by a service provider to manage changes should cover the complete lifecycle of a change.

(b)The service provider should show that the procedures address all the actions and all the evidence needed in order to comply with the requirements laid down in ATM/ANS.OR.A.045, ATS.OR.205, ATS.OR.210, and ATM/ANS.OR.C.005, as appropriate. For that purpose, the service provider should use a compliance matrix, which shows:

(1)which part of a procedure addresses which part of the Regulation (i.e. the requirement of the implementing rule); and

(2)the rationale explaining how the procedures demonstrate compliance with the Regulation.

(c)The service provider should ensure that the roles and responsibilities for the change management processes are identified in the procedures.

(d)Procedures should be submitted in a manner agreed between the service provider and the competent authority. Until an agreement is reached, the competent authority will prescribe the means of submission.

(e)The procedure that defines the notification process for changes includes:

(1)the point of contact in charge of the notification of changes, e.g. person, or part of the organisation and the role;

(2)the means used for notification, e.g. fax, email, mail, use of database or others.

(f)The management of change procedures should include a change identification procedure. This procedure, which is a precursor of the change notification process, should seek out potential changes, confirm that there is a real intent to implement them (propose the change) and, if so, initiate the notification process.

ED Decision 2017/001/R

COMPLIANCE MATRIX

The following example of a matrix could be used by the service provider to document the compliance status of its change management procedures.

ED Decision 2017/001/R

GENERAL

(a)As part of the change management procedures, the service provider should keep a register of the records of all notified changes. The register should include:

(1)the status of the implementation of the change, i.e. planned, under review, under implementation, implemented, or cancelled;

(2)the notification;

(3)(a link to) the location of the actual record, including a reference to all information passed to the competent authority in accordance with ATM/ANS.OR.A.045(a)(2).

(b)In addition, when the changes are selected for review, the register should also include:

(1)the review decision from the competent authority; and

(2)a link to records of the change approval by the competent authority.

ED Decision 2017/001/R

GENERAL

(a)The change management procedures for changes to functional systems should include:

(1)the identification and notification of proposed changes;

(2)the identification of the scope of the change, i.e. the identification of what parts of the functional system are to be changed or are affected by the change;

(3)the assessment and assurance of the change;

(4)the approval of the change; and

(5)the establishment of the monitoring criteria to ensure that the change will remain acceptable as long as it is in operation (acceptably safe for air traffic service providers or acceptably trustworthy for other service providers). The monitoring of the changed system is part of the activities related to the management system of the service provider. It is not covered by the change management procedures themselves.

(b)The procedures that manage changes to functional systems do not include the processes to identify the circumstances that will trigger the change. These should be part of the management system(s) as laid down in ATM/ANS.OR.B.005 and/or ATS.OR.200, as applicable.

(c)The change management procedures should address the following:

(1)procedural-oriented content, which details:

(i)the roles and activities with regard to change management, safety assessment and safety support assessment;

(ii)the identification of the parts of the functional system affected by the proposed change;

(iii)the type of safety assessment or safety support assessment that has to be used for the identified type of changes;

(iv)the competence of the persons performing change management, safety assessments and safety support assessments;

(v)the identified triggers for performing a safety assessment and a safety support assessment;

(vi)the means of change notification; ‘means’ includes the form of notification;

(vii)the means of identifying any organisations or aviation undertakings using the service that are potentially affected by the change; and

(viii)the means of informing those identified in (vii).

(2)Method-oriented content, which details description of the safety assessments and safety support assessments methods and mitigation methods used by the service provider.

(d)For each change management procedure or part of a change management procedure approved, the agreement on notification of any change over them should be documented and formalised. In any case, the service provider should keep records of these changes.

Regulation (EU) 2017/373

(a)Contracted activities include all the activities within the scope of the service provider's operations, in accordance with the terms of the certificate, that are performed by other organisations either themselves certified to carry out such activity or if not certified, working under the service provider's oversight. A service provider shall ensure that when contracting or purchasing any part of its activities to external organisations, the contracted or purchased activity, system or constituent conforms to the applicable requirements.

(b)When a service provider contracts any part of its activities to an organisation that is not itself certified in accordance with this Regulation to carry out such activity, it shall ensure that the contracted organisation works under its oversight. The service provider shall ensure that the competent authority is given access to the contracted organisation to determine continued compliance with the applicable requirements under this Regulation.

ED Decision 2017/001/R

RESPONSIBILITY WHEN CONTRACTING ACTIVITIES

(a)A contract should exist between the service provider and the contracted organisation clearly defining the contracted activities and the applicable requirements, including training and competences requirements for air traffic safety electronics personnel (ATSEP) employed by the contracted organisation, where applicable.

(b)The contracted activities, performed by an organisation that is not itself certified in accordance with this Regulation to carry out such activity, should be included in the service provider’s oversight process. In this context, where the contracted activity requires the ATSEP employed by contracted organisation to undertake any aspect of this activity, the service provider should ensure that those ATSEP have received the applicable training and competences foreseen in Subpart A of Annex XIII.

(c)A service provider should ensure that the contracted organisation has the necessary authorisation, declaration or approval when required, and commands the resources and competence to undertake the task.

ED Decision 2017/001/R

RESPONSIBILITY WHEN CONTRACTING ACTIVITIES

The applicable requirements may include the necessary elements from the training and competence assessment of ATSEP laid down in Annex XIII to this Regulation in accordance with ATSEP.OR.105 in order to ensure equivalent level of safety and level playing field for the maintenance of systems and equipment regardless of whether such services are provided internally in the service provider or outsourced.

ED Decision 2017/001/R

RESPONSIBILITY WHEN CONTRACTING ACTIVITIES

(a)When the contracted organisation is itself certified in accordance with this Regulation to carry out the contracted activities, the service providers’ compliance monitoring should at least check that the approval effectively covers the contracted activities and that it is still valid.

(b)When the service provider is not certified itself to provide the service, it should only contract or purchase services from a certified organisation when so required by this Regulation.

ED Decision 2017/001/R

SAFETY — ATS PROVIDER

An air traffic services provider should ensure adequate justification of the safety of the externally provided and supplied services, having regard to their safety significance within the provision of its services.

ED Decision 2023/018/R

DATA LINK COMMUNICATIONS — ATS PROVIDERS

ATS providers that rely upon other organisations for the provision of communication services for data exchanges with aircraft which are necessary for air-ground applications should ensure that those services are provided in accordance with the terms and conditions of a service level agreement, including in particular:

(a)the description of communication services in accordance with the requirements of the data link services;

(b)the description of the security policy put in place to secure data exchanges of the air-ground applications;

(c)the relevant materials to be supplied for the monitoring of the quality and performance of communication services.

ED Decision 2023/018/R

SERVICE LEVEL AGREEMENT — SURVEILLANCE DATA

(a)When transferring surveillance data from their surveillance systems and surveillance data processing systems to other air navigation service providers, ATM/ANS providers should establish formal arrangements with them for the exchange of the data.

(b)Formal arrangements between ATM/ANS providers for the exchange or provision of surveillance data should include the following minimum content:

(1)the parties to the arrangements;

(2)the period of validity of the arrangements;

(3)the scope of the surveillance data;

(4)the sources of the surveillance data;

(5)the exchange format of the surveillance data;

(6)the service delivery point of the surveillance data;

(7)agreed service levels in terms of;

(i)surveillance data performance;

(ii)procedures in case of unserviceability;

(8)change management procedures;

(9)reporting arrangements with respect to performance and availability including unforeseen outages;

(10)management and coordination arrangements;

(11)ground-based surveillance chain safeguarding and notification arrangements.

ED Decision 2017/001/R

GENERAL

(a)A service provider may contract certain activities to external organisations. ‘Contracted activities’ means those activities within the service provision conditions attached to the service provider’s certificate that are performed by other organisations either themselves certified to carry out such an activity or if not certified, working under the service provider’s oversight. The scope of the service provider's oversight covers the contracted activities performed by the external organisation that is not itself certified in accordance with this Regulation.

(b)Activities contracted to external organisations for the provision of services may include areas such as:

(1)aeronautical information services;

(2)meteorological services, etc.

(c)In the case of activities contracted, the service provider should define relevant management responsibilities within its own organisation.

(d)The ultimate responsibility for the services provided by contracted organisations should always remain with the contracting service provider.

ED Decision 2017/001/R

RESPONSIBILITY WHEN CONTRACTING ACTIVITIES

(a)A contract could take the form of a written agreement, letter of agreement, service letter agreement, memorandum of understanding, etc. as appropriate for the contracted activities.

(b)A service provider’s assurance process could be included into the service provider’s management system and compliance monitoring programmes.

(c)In order to ensure that the contracted organisation is able to perform the contracted activities, the service provider may conduct a prior audit of the contracted party.

ED Decision 2017/001/R

RESPONSIBILITY WHEN CONTRACTING ACTIVITIES

(a)Regardless of the approval status of the contracted organisation, the service provider is responsible for ensuring that all contracted activities are subject to compliance monitoring as required by ATM/ANS.OR.B.005(c), and in the case of air traffic services provider, also to hazard identification and risk management as required by ATS.OR.200(2).

(b)If a service provider requires a contracted organisation to conduct an activity which exceeds the privileges of the contracted organisation’s certificate, this will be considered as the contracted organisation working under the approval and oversight of the contracting service provider.

ED Decision 2017/001/R

RESPONSIBILITY WHEN CONTRACTING ACTIVITIES

Table 4 below illustrates the responsibilities when contracting.

Table 4: Responsibility when contracting activities

Regulation (EU) 2017/373

(a)A service provider shall appoint an accountable manager, who has the authority over ensuring that all activities can be financed and carried out in accordance with the applicable requirements. The accountable manager shall be responsible for establishing and maintaining an effective management system.

(b)A service provider shall define the authority, duties and responsibilities of the nominated post holders, in particular of the management personnel in charge of safety, quality, security, finance and human resources-related functions as applicable.

ED Decision 2017/001/R

ACCOUNTABLE MANAGER

Depending on the size, structure and complexity of the organisation, the accountable manager may be:

(a)the chief executive officer (CEO);

(b)the chief operating officer (COO);

(c)the chairperson of the board of directors;

(d)a partner; or

(e)the proprietor.

ED Decision 2017/001/R

GENERAL

Senior management should appoint a member of the service provider’s management who, irrespective of other responsibilities, should have responsibility and authority that includes:

(a)ensuring that processes needed for the management system are established, implemented and maintained;

(b)reporting to senior management on the performance of the management system and any need for improvement; and

(c)ensuring the promotion of awareness of performance and service requirements throughout the service provider and of the impact it has on safety.

ED Decision 2017/001/R

COMBINATION OF NOMINATED POSTHOLDERS RESPONSIBILITIES

(a)The acceptability of a single person holding more than one post, possibly in combination with being the accountable manager, should depend upon the service provider’s organisation and the complexity of its activities. The two main areas of concern should be competence and an individual’s capacity to meet his or her responsibilities.

(b)As regards competence in different areas of responsibility, there should not be any difference from the requirements applicable to persons holding only one post.

The capacity of an individual to meet his or her responsibilities should primarily be dependent upon the complexity of the service provider’s organisation and its activities. However, the complexity of the service provider’s organisation or of its activities may prevent or limit the combination of posts.

Regulation (EU) 2017/373

A service provider shall ensure that there are adequate and appropriate facilities to perform and manage all tasks and activities in accordance with the applicable requirements.

Regulation (EU) 2017/373

(a)A service provider shall establish a system of record-keeping that allows adequate storage of the records and reliable traceability of all its activities, covering in particular all the elements indicated in point ATM/ANS.OR.B.005.

(b)The format and the retention period of the records referred to in point (a) shall be specified in the service provider's management system procedures.

(c)Records shall be stored in a manner that ensures protection against damage, alteration and theft.

ED Decision 2017/001/R

GENERAL

(a)The record-keeping system should ensure that all the records required in ATM/ANS.OR.B.030(a) are accessible whenever needed. These records should be organised in a way that ensures traceability and retrieval throughout the retention period.

(b)Records should be kept in paper form or in electronic format or a combination of both. Records stored on microfilm or optical disc format are also acceptable. The records should remain legible throughout the required retention period. The retention period starts when a record has been created or last amended.

(c)Paper systems should use robust material which can withstand normal handling and filing.

(d)Computer systems should have at least one backup system which should be updated within 24 hours of any new entry. Computer systems should include safeguards against the probability of unauthorised personnel altering the data.

(e)All computer hardware used to ensure data backup should be stored in a different location from that containing the working data and in an environment that ensures they remain in good condition. When hardware or software changes take place, special care should be taken that all necessary data continues to be accessible at least through the full retention period.

ED Decision 2017/001/R

GENERAL

The record-keeping provision is intended to address the management system records rather than operational data which is covered by other record-keeping applicable requirements.

ED Decision 2017/001/R

RETENTION PERIOD

The records should be kept for a minimum period of at least 5 years unless otherwise specified by the competent authority.

Regulation (EU) 2017/373

(a)A service provider shall provide and keep up to date its operations manuals relating to the provision of its services for the use and guidance of operations personnel.

(b)It shall ensure that:

(1)operations manuals contain the instructions and information required by the operations personnel to perform their duties;

(2)relevant parts of the operations manuals are accessible to the personnel concerned;

(3)the operations personnel are informed of amendments to the operations manual applying to their duties in a manner that enables their application as of their entry into force.

SUBPART C — SPECIFIC ORGANISATION REQUIREMENTS FOR SERVICE PROVIDERS OTHER THAN ATS PROVIDERS (ATM/ANS.OR.C)

Regulation (EU) 2017/373

This Subpart establishes the requirements to be met by the service provider other than the air traffic services provider, in addition to the requirements set out in Subparts A and B.

Regulation (EU) 2017/373

(a)For any change notified in accordance with point ATM/ANS.OR.A.045(a)(1), the service provider other than the air traffic services provider shall:

(1)ensure that a safety support assessment is carried out covering the scope of the change which is:

(i)the equipment, procedural and human elements being changed;

(ii)interfaces and interactions between the elements being changed and the remainder of the functional system;

(iii)interfaces and interactions between the elements being changed and the context in which it is intended to operate;

(iv)the life cycle of the change from definition to operations including transition into service;

(v)planned degraded modes;

(2)provide assurance, with sufficient confidence, via a complete, documented and valid argument that the service will behave and will continue to behave only as specified in the specified context.

(b)A service provider other than an air traffic services provider shall ensure that the safety support assessment referred to in point (a) comprises:

(1)verification that:

(i)the assessment corresponds to the scope of the change as defined in point (a)(1);

(ii)the service behaves only as specified in the specified context;

(iii)the way the service behaves complies with and does not contradict any applicable requirements of this Regulation placed on the services provided by the changed functional system; and

(2)specification of the monitoring criteria necessary to demonstrate that the service delivered by the changed functional system will continue to behave only as specified in the specified context.