ANNEX II — Part-ATM/ANS.AR

REQUIREMENTS FOR COMPETENT AUTHORITIES — OVERSIGHT OF SERVICES AND OTHER ATM NETWORK FUNCTIONS

SUBPART A — GENERAL REQUIREMENTS

Regulation (EU) 2017/373

This Annex establishes the requirements for the administration and management systems of the competent authorities responsible for certification, oversight and enforcement in respect of the application of the requirements set out in Annexes III to XIII by the service providers in accordance with Article 6.

Regulation (EU) 2017/373

(a)The competent authority shall exercise certification, oversight and enforcement tasks in respect of the application of the requirements applicable to service providers, monitor the safe provision of their services and verify that the applicable requirements are met.

(b)The competent authorities shall identify and exercise the responsibilities for certification, oversight and enforcement in a manner which ensures that:

(1)specific points of responsibility exist to implement each provision of this Regulation;

(2)they are aware of the safety oversight mechanisms and their results;

(3)relevant information exchange is ensured between competent authorities.

The competent authorities concerned shall regularly review the agreement on the supervision of the service providers providing air navigation services in functional airspace blocks (FABs) that extend across the airspace falling under the responsibility of more than one Member States referred to in Article 2(3) of Regulation (EC) No 550/2004 and, in the case of cross-border provision of air navigation services, the agreement on the mutual recognition of supervisory tasks referred to in Article 2(5) of Regulation (EC) No 550/2004, as well as the practical implementation of those agreements, in particular in the light of achieved safety performance of the service providers under their supervision.

(c)The competent authority shall establish coordination arrangements with other competent authorities for notified changes to functional systems involving service providers under the oversight of the other competent authorities. Those coordination arrangements shall ensure the effective selection and review of those notified changes, in accordance with point ATM/ANS.AR.C.025.

ED Decision 2017/001/R

REVIEW OF THE AGREEMENT

The agreement on the supervision in a functional airspace block (FAB) or in cases of cross-border provision should include the frequency of the review.

ED Decision 2017/001/R

CONCLUSION OF AN AGREEMENT

The agreement on the supervision in a FAB or in cases of cross-border provision may be concluded among:

(a)the competent authorities nominated or established under agreements concluded among Member States in accordance with Article 2(3) of Regulation (EC) No 550/2004; or

(b)the competent authorities of the service providers in cases of cross-border provision.

ED Decision 2017/001/R

REVIEW OF THE AGREEMENT

During the review of the agreement, the competent authorities should address the practical implementation considering the results of the assessment performed in accordance with ATM/ANS.AR.C.001.

ED Decision 2017/001/R

COORDINATION ARRANGEMENTS BETWEEN COMPETENT AUTHORITIES FOR SELECTION AND REVIEW OF MULTI-ACTOR CHANGES

(a)When the notification of a change to a service provider’s functional system indicates, as per AMC1 ATM/ANS.OR.A.045(a), that the change will affect the services provided by other service providers either directly or by affecting the context in which these services are delivered, these other service providers and the notifying service provider are participating in a multi-actor change. Some or all of these other service providers may also notify their competent authorities because they either have to make a reactive change or they are participating in a cooperative change to their functional systems.

(b)If there are service providers participating in the multi-actor change who are proposing to make changes to their functional systems and are under the oversight of more than one competent authority, then the decision to review and the review itself of safety assessments and safety support assessments has to be a coordinated activity involving all the competent authorities that oversee the service providers participating in the multi-actor change.

(c)Normally, competent authorities act independently when making decisions on how to select and review safety assessments, but in the case of multi-actor changes that cross State boundaries, the only way to ensure the effective selection and review of the notified changes is through coordination with other competent authorities. Coordination arrangements, which are difficult to define in advance, are to be established when the need arises. The objective of these agreements should be to ensure that the overall change is safe, i.e. the overall safety case is based on a complete and correct set of assumptions and mitigations and the associated risk assessments are valid.

(d)The arrangements should ensure that:

(1)the competent authorities involved evaluate in a harmonised way the risk posed by the change, and as a consequence there is an agreement on what safety (support) assessments will be reviewed by each competent authority; and

(2)individual reviews of safety (support) assessments assure the necessary conditions are met, i.e. common assumptions and common mitigations are used correctly in each safety (support) assessment and the identified risks are valid.

(e)However, the assurance that the set of common assumptions and common mitigations are complete and correct cannot be provided in each individual safety case. The argument for that assurance has to be made in an overall safety case and reviewed collectively by the competent authorities involved in the overall change. The form of this collective review should be included in the coordination agreement.

Regulation (EU) 2017/373

The competent authority shall make available the relevant legislative acts, standards, rules, technical publications and related documents to its personnel in order to perform their tasks and to discharge their responsibilities.

Regulation (EU) 2017/373

(a)The Agency shall develop acceptable means of compliance (AMC) that may be used to establish compliance with the requirements of this Regulation. When AMC are complied with, the applicable requirements of this Regulation shall be deemed to have been met.

(b)Alternative means of compliance (AltMOC) may be used to establish compliance with the requirements of this Regulation.

(c)The competent authority shall establish a system to consistently evaluate that all AltMOC used by itself or by the service providers under its oversight allow the establishment of compliance with the requirements of this Regulation.

(d)The competent authority shall evaluate all AltMOC proposed by a service provider in accordance with point ATM/ANS.OR.A.020 by analysing the documentation provided and, if considered necessary, conducting an inspection of the service provider.

When the competent authority finds that the AltMOC are sufficient to ensure compliance with the applicable requirements of this Regulation it shall without undue delay:

(1)notify the applicant that the AltMOC may be implemented and, if applicable, amend the certificate of the applicant accordingly;

(2)notify the Agency of their content, including copies of all relevant documentation;

(3)inform other Member States about the AltMOC that were accepted.

(e)When the competent authority itself uses AltMOC to achieve compliance with the applicable requirements of this Regulation, it shall:

(1)make them available to all service providers under its oversight;

(2)notify the Agency without undue delay.

The competent authority shall provide the Agency with a full description of the AltMOC, including any revisions to procedures that may be relevant, as well as an assessment demonstrating that the applicable requirements of this Regulation are met.

ED Decision 2017/001/R

GENERAL

Alternative means of compliance used by a competent authority or by organisations under its oversight may be used by other competent authorities or service providers only if processed again in accordance with ATM/ANS.AR.A.015(d) and (e).

ED Decision 2017/001/R

GENERAL

The information to be provided to other Member States following approval of an alternative means of compliance (AltMoC) should contain a reference to the acceptable means of compliance (AMC) to which such means of compliance provides an alternative, where such AMC exists, as well as a reference to the corresponding implementing rule (IR), indicating, as applicable, the point(s) covered by the AltMoC.

Regulation (EU) 2023/203

(a)The competent authority shall without undue delay notify the Agency in case of any significant problems with the implementation of the relevant provisions of Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on its basis or of Regulations (EC) No 549/2004, (EC) No 550/2004 and (EC) No 551/2004 applicable to service providers.

(b)Without prejudice to Regulation (EU) No 376/2014 of the European Parliament and of the Council (*) and its delegated and implementing acts, the competent authority shall provide the Agency with safety-significant information stemming from the occurrence reports stored in its national database in accordance with Article 6(6) of Regulation (EU) No 376/2014, as soon as possible.

(c)The competent authority of the Member State shall provide the Agency as soon as possible with safety-significant information stemming from the information security reports it has received pursuant to point IS.I.OR.230 of Annex II (Part-IS.I.OR) to Implementing Regulation (EU) 2023/203.

[applicable from 22 February 2026 - Regulation (EU) 2023/203]

_____________

(*) Regulation (EU) No 376/2014 of the European Parliament and of the Council of 3 April 2014 on the reporting, analysis and follow-up of occurrences in civil aviation, amending Regulation (EU) No 996/2010 of the European Parliament and of the Council and repealing Directive 2003/42/EC of the European Parliament and of the Council and Commission Regulations (EC) No 1321/2007 and (EC) No 1330/2007 (OJ L 122, 24.4.2014, p. 18).

ED Decision 2022/004/R

PROVISION OF SAFETY-SIGNIFICANT INFORMATION TO THE AGENCY

Each competent authority should appoint a coordinator to act as the point of contact for the provision of safety-significant information to the Agency.

ED Decision 2022/004/R

MEANING OF SAFETY-SIGNIFICANT INFORMATION STEMMING FROM OCCURRENCE REPORTS

Safety-significant information stemming from occurrence reports means a conclusive safety analysis that summarises individual occurrence data and provides an in-depth analysis of a safety issue, which may be relevant for the Agency’s safety action planning.

ED Decision 2022/004/R

SAFETY-SIGNIFICANT INFORMATION STEMMING FROM THE OCCURRENCE REPORTS

The conclusive safety analysis based on the occurrence reports should contain the following:

(a)a detailed description of the safety issue, including the scenario in which the safety issue takes place; and

(b)an indication of the stakeholders affected by the safety issue, including types of operations and organisations;

and, as appropriate:

(c)a risk assessment establishing the severity and probability of all the possible consequences of the safety issue;

(d)information about the existing safety barriers that the aviation system has in place to prevent the likely safety issue consequences from occurring;

(e)any mitigating actions already in place or developed to address the safety issue;

(f)recommendations for future actions to control the risk; and

(g)any other element(s) the competent authority considers essential for the Agency to properly assess the safety issue.

ED Decision 2017/001/R

REPORTING CRITERIA FOR SAFETY-SIGNIFICANT INFORMATION STEMMING FROM OCCURRENCE REPORTS WHERE THE AGENCY IS THE COMPETENT AUTHORITY

In the case of occurrences related to organisations certified by the Agency, safety-significant information stemming from occurrence reports should be notified to the Agency if:

(a)the occurrence is defined as a reportable occurrence for organisations certified as Pan-European service providers and service providers in the airspace of the territory to which the Treaty applies and having their principal place of operation or, if any, their registered office located outside the territory subject to the provisions of the Treaty; and

(b)the competent authority has come to the conclusion that:

(1)the organisation certified by the Agency to which the occurrence relates, has not been informed of the occurrence; or

(2)the occurrence has not been properly addressed or has been left unattended by the organisation certified by the Agency.

Such occurrence data should be reported in a format compatible with the European Coordination Centre for Accident and Incident Reporting Systems (ECCAIRS) and should provide all relevant information for its assessment and analysis, including necessary additional files in the form of attachments.

Regulation (EU) 2017/373

(a)Without prejudice to Regulation (EU) No 376/2014, the competent authority shall implement a system to appropriately collect, analyse, and disseminate safety information.

(b)The Agency shall implement a system to appropriately analyse any relevant safety information received from the competent authorities and without undue delay provide to Member States and the Commission, as appropriate, any information, including recommendations or corrective actions to be taken, necessary for them to react in a timely manner to a safety problem involving the service providers.

(c)Upon receiving the information referred to in points (a) and (b), the competent authority shall take adequate measures to address the safety problem, including the issuing of safety directives in accordance with point ATM/ANS.AR.A.030.

(d)Measures taken under point (c) shall immediately be notified to the service providers concerned to comply with them, in accordance with point ATM/ANS.OR.A.060. The competent authority shall also notify those measures to the Agency and, when combined action is required, the other competent authorities concerned.

Regulation (EU) 2023/203

(a)The competent authority shall implement a system to appropriately collect, analyse, and disseminate information related to information security incidents and vulnerabilities with a potential impact on aviation safety that are reported by organisations. This shall be done in coordination with any other relevant authorities responsible for information security or cybersecurity within the Member State to increase the coordination and compatibility of reporting schemes.

(b)The Agency shall implement a system to appropriately analyse any relevant safety-significant information received in accordance with point ATM/ANS.AR.A.020(c), and without undue delay provide the Member States and the Commission with any information, including recommendations or corrective actions to be taken, necessary for them to react in a timely manner to an information security incident or vulnerability with a potential impact on aviation safety involving products, parts, non-installed equipment, persons or organisations subject to Regulation (EU) 2018/1139 and its delegated and implementing acts.

(c)Upon receiving the information referred to in points (a) and (b), the competent authority shall take adequate measures to address the potential impact on aviation safety of the information security incident or vulnerability.

(d)Measures taken in accordance with point (c) shall immediately be notified to all persons or organisations that shall comply with them under Regulation (EU) 2018/1139 and its delegated and implementing acts. The competent authority of the Member State shall also notify those measures to the Agency and, when combined action is required, the competent authorities of the other Member States concerned.

[applicable from 22 February 2026 - Regulation (EU) 2023/203]

ED Decision 2023/010/R

(a)To appropriately collect and analyse information related to information security incidents and vulnerabilities with a potential impact on aviation safety, the competent authority should implement means that ensure the necessary confidentiality.

(b)When disseminating information related to information security incidents and vulnerabilities with a potential impact on aviation safety, the competent authority should properly select the appropriate recipient(s) to prevent the content of a report from being exploited to the detriment of aviation safety, by revealing, for instance, uncorrected vulnerabilities.

[applicable from 22 February 2026 - ED Decision 2023/010/R]

ED Decision 2023/010/R

When deemed necessary, a two-step mechanism could be used: a report alerting about the information security event or incident and the availability of additional data that would require controlled and confidential distribution. This report should only alert recipients of the urgency and the necessity for organisations and competent authorities to establish further communication through secure means.

Therefore, the report should consist of two parts: one limited to mostly public information and one containing the sensitive data that should be restricted to the recipients who need to know. Wherever possible, reports should be based on an agreed taxonomy.

[applicable from 22 February 2026 - ED Decision 2023/010/R]

Regulation (EU) 2023/1771

(a)The competent authority shall issue a safety directive when it has determined the existence of any of the following:

(1)an unsafe condition in a functional system requiring immediate action;

(2)an unsafe, insecure, underperformance or non-interoperability condition in the equipment subject to the statement of compliance in accordance with Article 6 of Delegated Regulation (EU) 2023/1768 and this condition is likely to exist or develop in other ATM/ANS equipment.

(b)The safety directive shall be forwarded to the ATM/ANS providers concerned and contain, as a minimum, the following information:

(1)the identification of the unsafe condition;

(2)the identification of the affected functional system;

(3)the actions required and their rationale;

(4)the time limit for completing the actions required;

(5)its date of entry into force.

(c)The competent authority shall forward a copy of the safety directive to the Agency and any other competent authorities concerned within one month from its issuance.

(d)The competent authority shall verify the compliance of the ATM/ANS providers with the safety directives and with the ATM/ANS equipment directives, as applicable.

ED Decision 2017/001/R

GENERAL

(a)The safety directive is a document issued by the competent authority, mandating actions to be performed by one or more service providers, when evidence shows that aviation safety may otherwise be compromised. Thus, the competent authority is responsible for the determination of the actions required and their rationale.

(b)The competent authority is required to perform a verification of compliance of the service providers with the safety directives in accordance with ATM/ANS.AR.A.030(d). In this respect, ATM/ANS.AR.C.005(a)(6) requires the competent authority to establish a process to verify the implementation of safety directives by the service providers. The actions that need to be taken depend on the content of the safety directive and the nature of the unsafe condition.

ED Decision 2017/001/R

CONTENT

ED Decision 2017/001/R

FORWARDING OF SAFETY DIRECTIVES

For instance, a safety directive that should be forwarded to the Agency under ATM/ANS.AR.A.030 could be a case:

(a)where the competent authority has determined that there is an immediate need to take certain actions in order to respond to a safety recommendation; or

(b)following an accident or serious incident; or

(c)when this or a similar unsafe condition may be present in other service providers of the same Member State.

SUBPART B — MANAGEMENT (ATM/ANS.AR.B)

Regulation (EU) 2023/203

(a)The competent authority shall establish and maintain a management system, including, as a minimum, the following elements:

(1)documented policies and procedures to describe its organisation, means and methods to achieve compliance with Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on the basis thereof, as necessary, for the exercise of its certification, oversight and enforcement tasks. The procedures shall be kept up to date and serve as the basic working documents within that competent authority for all related tasks;

(2)a sufficient number of personnel, including inspectors, to perform its tasks and discharge its responsibilities under this Regulation. Such personnel shall be qualified to perform their allocated tasks and have the necessary knowledge, experience, initial, on-the-job and recurrent training to ensure continuing competence. A system shall be in place to plan the availability of personnel, in order to ensure the proper completion of all related tasks;

(3)adequate facilities and office accommodation to perform those allocated tasks;

(4)a process to monitor compliance of the management system with the relevant requirements and adequacy of the procedures, including the establishment of an internal audit process and a safety risk management process. Compliance monitoring shall include a feedback system of audit findings to the senior management of the competent authority to ensure implementation of corrective actions as necessary;

(5)a person or group of persons ultimately responsible to the senior management of the competent authority for the compliance monitoring function.

(b)The competent authority shall, for each field of activity included in the management system, appoint one or more persons with the overall responsibility for the management of the relevant task(s).

(c)The competent authority shall establish procedures for the participation in a mutual exchange of all necessary information and assistance with other competent authorities concerned, whether from within the Member State or in other Member States, including the following information:

(1)the relevant findings raised and follow-up actions taken as a result of oversight of ATM/ANS providers exercising activities in the territory of a Member State, but certified by the competent authority of another Member State or the Agency; and

(2)stemming from mandatory and voluntary occurrence reporting as required by point ATM/ANS.OR.A.065.

(d)A copy of the procedures related to the management system and their amendments shall be made available to the Agency for the purpose of standardisation.

(e)In addition to the requirements contained in point (a), the management system established and maintained by the competent authority shall comply with Annex I (Part-IS.AR) of Implementing Regulation (EU) 2023/203 in order to ensure the proper management of information security risks which may have an impact on aviation safety.

[applicable from 22 February 2026 - Regulation (EU) 2023/203]

ED Decision 2017/001/R

QUALIFIED PERSONNEL

The competent authority should:

(a)define and document the education, training, technical and operational knowledge, experience and qualifications relevant to the duties of each position involved in oversight activities within their structure;

(b)ensure specific training for those involved in oversight activities within their structure; and

(c)ensure that personnel designated to conduct safety regulatory audits, including auditing personnel from qualified entities, meet specific qualification criteria defined by the competent authority. The criteria should address:

(1)the knowledge and understanding of the requirements related to the services provision in ATM/ANS and other ATM network functions against which safety regulatory audits may be performed;

(2)the use of assessment techniques;

(3)the skills required for managing an audit; and

(4)the demonstration of competence of auditors through evaluation or other acceptable means.

ED Decision 2017/001/R

TRAINING PROGRAMME AND RECURRENT TRAINING

(a)The competent authority should establish a training programme for its personnel, including its inspectors for the oversight of services provision in ATM/ANS and other ATM network functions, and a plan for its implementation. The training programme should include, as appropriate to the role, current knowledge, experience and skills of the personnel, at least the following:

(1)organisation and structure of the aviation legislation;

(2)the Chicago Convention, relevant ICAO annexes and documents, the applicable requirements of Regulation (EC) No 216/2008²², its IRs, as well as Regulations (EC) Nos 549/2004²³, 550/2004²⁴, 551/2004²⁵, and 552/2004²⁶ and their IRs and related acceptable means of compliance (AMC), certification specifications (CSs) and guidance material (GM), as well as assessment methodology of the alternative means of compliance and the applicable national legislation;

(3)the applicable requirements and procedures; and

(4)areas of particular interest.

(b)The training programme and the training plan should be updated, as needed, to reflect at least changes in aviation legislation and industry. The training programme should also cover specific needs of the personnel and the competent authority.

(c)The competent authority should ensure that its personnel, including its inspectors for the oversight of services provision in ATM/ANS and other ATM network functions, undergo recurrent training at regular intervals as defined by the competent authority or whenever deemed necessary in order to keep being up to date.

ED Decision 2017/001/R

SUFFICIENT PERSONNEL

(a)This guidance material for the determination of the required personnel is limited to the performance of certification and oversight tasks, excluding personnel required to perform tasks subject to any national regulatory requirements.

(b)The elements to be considered when determining required personnel and planning their availability may be divided into quantitative and qualitative:

(1)Quantitative elements:

(i)number of initial certificates to be issued;

(ii)number of service providers certified by the competent authority; and

(iii)number of flight information services providers having declared their activity to the competent authority.

(2)Qualitative elements:

(i)size, nature, and complexity of activities of service providers (cf. AMC1 ATM/ANS.OR.B.005(e));

(ii)results of past oversight activities, including audits, inspections and reviews, in terms of risks and regulatory compliance:

(A)number and level of findings; and

(B)implementation of corrective actions; and

(iii)size of the Member State’s aviation industry and potential growth of activities in the field of civil aviation, which may be an indication of the number of new applications and changes to existing certificates to be expected.

(c)Based on existing data from previous oversight planning cycles and taking into account the situation within the Member State’s aviation industry, the competent authority may estimate:

(1)the standard working time required for processing applications for new certificates;

(2)the standard working time required for processing declarations;

(3)the number of new declarations or changed declarations;

(4)the number of new certificates to be issued for each planning period; and

(5)the number of changes to existing certificates and changes to functional systems to be processed for each planning period.

(d)In line with the competent authority’s oversight policy, the following planning data should be determined specifically for each service provider, certified or declared, as well as for the Network Manager:

(1)standard number of audits/inspections to be performed per oversight planning cycle;

(2)standard duration of each audit/inspection;

(3)standard working time for audit/inspection preparation, on-site audit/inspection, reporting and follow-up per inspector for the oversight of services provision and other ATM network functions; and

(4)minimum number and required qualification of inspectors for the oversight of services provision and other ATM network functions for each audit/inspection.

(e)Standard working time could be expressed either in working hours or in working days per inspector for the oversight of services provision and other ATM network functions. All planning calculations should then be based on the same unit (hours or working days).

(f)For each service provider, the number of working hours/days per planning period for each qualified inspector for the oversight of services provision and other ATM network functions that may be allocated for certification, oversight and enforcement activities should be determined taking into account:

(1)purely administrative tasks not directly related to oversight and certification;

(2)training;

(3)participation in other projects;

(4)planned absence; and

(5)the need to include a reserve for unplanned tasks or unforeseeable events.

(g)The determination of working time available for certification, oversight and enforcement activities should also take into account the possible use of third parties.

ED Decision 2017/001/R

COMPLIANCE MONITORING PROCESS

The formal process to monitor the compliance of the management system with the relevant requirements, and the adequacy of the procedures should:

(a)include a feedback system of audit findings to ensure implementation of corrective actions as necessary; and

(b)be the responsibility of a person or group of persons who should be responsible to the senior management of the competent authority and who perform(s) compliance monitoring activities with functional independence from the units/departments (s)he (they) oversees (oversee) and with direct access to the senior management of the competent authority and to appropriate management for safety matters.

Regulation (EU) 2023/203

[applicable until 21 February 2026 - Regulation (EU) 2017/373]

ATM/ANS.AR.B.005 Allocation of tasks

[applicable from 22 February 2026 - Regulation (EU) 2023/203]

(a)The competent authority may allocate its tasks related to the certification or oversight of service providers under this Regulation, other than the issuance of certificates themselves, to qualified entities. When allocating such tasks, the competent authority shall ensure that it has:

(1)a system in place to initially and continuously assess that the qualified entity complies with Annex V to Regulation (EC) No 216/2008. This system and the results of the assessments shall be documented; and

(2)established a documented agreement with the qualified entity, approved by both parties at the appropriate management level, which clearly defines:

(i)the tasks to be performed;

(ii)the declarations, reports and records to be provided;

(iii)the technical conditions to be met when performing such tasks;

(iv)the related liability coverage;

(v)the protection given to information acquired when carrying out such tasks.

(b)The competent authority shall ensure that the internal audit process and the safety risk management process required by point ATM/ANS.AR.B.001(a)(4) cover all tasks performed on its behalf by the qualified entity.

(c)With regard to the certification and oversight of the organisation’s compliance with point ATM/ANS.OR.B.005A, the competent authority may allocate tasks to qualified entities in accordance with point (a), or to any relevant authority responsible for information security or cybersecurity within the Member State. When allocating tasks, the competent authority shall ensure that:

(1)all aspects related to aviation safety are coordinated and taken into account by the qualified entity or relevant authority;

(2)the results of the certification and oversight activities performed by the qualified entity or relevant authority are integrated in the overall certification and oversight files of the organisation;

(3)its own information security management system established in accordance with point ATM/ANS.AR.B.001(e) covers all the certification and continuing oversight tasks performed on its behalf.

[applicable from 22 February 2026 - Regulation (EU) 2023/203]

ED Decision 2023/010/R

[applicable until 21 February 2026 - ED Decision 2017/001/R]

AMC1 ATM/ANS.AR.B.005 Allocation of tasks

[applicable from 22 February 2026 - ED Decision 2023/010/R]

ASSESSMENT OF THE QUALIFIED ENTITIES

(a)The competent authority should include in its system to initially and continuously assess the qualified entity’s (ies’) compliance with Annex V to Regulation (EC) No 216/2008, the possibility for the competent authority to perform audits of the qualified entity (ies).

(b)The competent authority should verify that all qualified entities’ personnel concerned with the conduct of audits or reviews should be adequately trained and qualified. The competent authority should verify how the qualified entities:

(1)define and document the education, training, technical and operational knowledge, experience and qualifications for those involved in oversight activities;

(2)ensure specific training for those involved in oversight activities; and

(3)ensure that personnel designated to conduct audits meet specific qualification criteria. The criteria should address:

(i)the knowledge and understanding of the requirements related to the services provision in ATM/ANS and other ATM network functions against which audits may be performed;

(ii)the use of assessment techniques;

(iii)the skills required for managing an audit; and

(iv)the demonstration of competence of auditors through evaluation or other acceptable means.

ED Decision 2023/010/R

[applicable until 21 February 2026 - ED Decision 2019/022/R]

GM1 ATM/ANS.AR.B.005 Allocation of tasks

[applicable from 22 February 2026 - ED Decision 2023/010/R]

GENERAL

The competent authority may decide to allocate to qualified entities certain or all of its tasks that are assigned to such authority under this Regulation.

Regulation (EU) 2021/1338

(a)The competent authority shall have a system in place to identify changes that affect its capability to perform its tasks and discharge its responsibilities under Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on the basis thereof. This system shall enable it to take action, as appropriate, to ensure that the management system remains adequate and effective.

(b)The competent authority shall update its management system to reflect any changes to Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on the basis thereof, in a timely manner, so as to ensure the effective implementation of its management system.

(c)The competent authority shall notify the Agency of changes affecting its capability to perform its tasks and discharge its responsibilities under Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on the basis thereof.

Regulation (EU) 2017/373

(a)The competent authority shall establish a system of record-keeping providing for adequate storage, accessibility, and reliable traceability of:

(1)the management system's documented policies and procedures;

(2)training, qualification, and authorisation of personnel as required by point ATM/ANS.AR.B.001(a)(2);

(3)the allocation of tasks, covering the elements required by point ATM/ANS.AR.B.005, as well as the details of tasks allocated;

(4)certification and/or declaration processes;

(5)designations of air traffic services and meteorological services providers, as appropriate;

(6)certification and oversight of service providers exercising activities within the territory of the Member State, but certified by the competent authority of another Member State or the Agency, as agreed between those authorities;

(7)the evaluation and notification to the Agency of AltMOC proposed by service providers and the assessment of AltMOC used by the competent authority itself;

(8)compliance of service providers with the applicable requirements of this Regulation after the issuance of the certificate or, where relevant, submission of a declaration, including the reports of all audits, covering findings, corrective actions, and date of action closure, and observations as well as other safety-related records;

(9)enforcement measures taken;

(10)safety information, safety directives and follow-up measures;

(11)the use of flexibility provisions in accordance with Article 14 of Regulation (EC) No 216/2008.

(b)The competent authority shall maintain a list of all service provider certificates issued and declarations received.

(c)All records shall be kept for a minimum period of 5 years after the certificate ceases to be valid or the declaration is withdrawn, subject to the applicable data protection law.

ED Decision 2017/001/R

DURATION OF RETENTION PERIOD OF RECORDS

Records related to the training and qualification of the personnel of the competent authority should be kept until the end of their employment.

ED Decision 2017/001/R

RECORD-KEEPING FOR FUNCTIONAL SYSTEMS CHANGE MANAGEMENT PROCEDURES

The competent authority should keep a record of all the change management procedures, modifications and deviations it has approved in accordance with ATM/ANS.AR.C.030(a) and those that have been rejected, together with a rationale. The competent authority should be able to cross-reference them to the requirement of the associated requirement in the Regulation that they intend to comply with.

SUBPART C — OVERSIGHT, CERTIFICATION AND ENFORCEMENT (ATM/ANS.AR.C)

Regulation (EU) 2017/373

(a)The competent authorities shall regularly monitor and assess the safety performance of the service providers under their oversight.

(b)The competent authorities shall use the results of the monitoring of safety performance in particular within their risk-based oversight.

Regulation (EU) 2023/1771

(a)Within the scope of point ATM/ANS.AR.B.001(a)(1), the competent authority shall establish a process in order to verify:

(1)service providers’ compliance with the applicable requirements set out in Annexes III to XIII, and any applicable conditions attached to the certificate before the issue of that certificate. The certificate shall be issued in accordance with Appendix 1 to this Annex;

(2)the compliance with any safety-related obligations in the designation act issued in accordance with Article 8 of Regulation (EC) No 550/2004;

(3)the continued compliance with the applicable requirements of the service providers under its oversight;

(4)the implementation of safety, security and interoperability objectives, applicable requirements and other conditions identified in the statement of compliance for ATM/ANS equipment; technical and performance limitations and conditions identified in ATM/ANS equipment certificates and/or ATM/ANS equipment declarations; and of safety measures, including ATM/ANS equipment directives mandated by the Agency in accordance with point ATM/ANS.EQMT.AR.A.030 of Annex I to Delegated Regulation (EU) 2023/ 1768;

(5)the implementation of safety directives, corrective actions and enforcement measures.

(b)The process referred to in point (a) shall:

(1)be based on documented procedures;

(2)be supported by documentation specifically intended to provide its personnel with guidance to perform their tasks related to certification, oversight and enforcement;

(3)provide the organisation concerned with an indication of the results of the certification, oversight and enforcement activity;

(4)be based on audits, reviews and inspections conducted by the competent authority;

(5)with regard to certified service providers, provide the competent authority with the evidence needed to support further action, including measures referred to in Article 9 of Regulation (EC) No 549/2004, Article 7(7) of Regulation (EC) No 550/2004, and by Articles 10, 25, and 68 of Regulation (EC) No 216/2008 in situations where requirements are not complied with;

(6)with regard to service providers making declarations, provide the competent authority with the evidence to take, if appropriate, remedial action which may include enforcement actions, including, where appropriate, under national law.

ED Decision 2023/018/R

VERIFICATION

Within the scope of point ATM/ANS.AR.B.001(a)(1) of Regulation (EU) 2017/373, the competent authority for the oversight of a statement of compliance (SoC) should establish a process in order to verify, as part of its continuous oversight and as part of its review process for changes to a functional system in accordance with ATM/ANS.OR.A.045, when applicable, the ATM/ANS provider’s compliance with the applicable requirements as regards the verification and test activities and the ATM/ANS equipment compliance before the issue of the SoC.

Regulation (EU) 2023/203

(a)The competent authority, or qualified entities acting on its behalf, shall conduct audits, in accordance with Article 5.

(b)The audits referred to in point (a) shall:

(1)provide the competent authority with evidence of compliance with the applicable requirements and with the implementing arrangements;

(2)be independent of any internal auditing activities undertaken by the service provider;

(3)cover complete implementing arrangements or elements thereof, and processes or services;

(4)determine whether:

(i)the implementing arrangements comply with the applicable requirements;

(ii)the actions taken comply with the implementing arrangements and the applicable requirements;

(iii)the results of actions taken match the results expected from the implementing arrangements.

(c)The competent authority shall, on the basis of the evidence at its disposal, monitor the continuous compliance with the applicable requirements of this Regulation of the service providers under its oversight.

(d)With regard to the certification and oversight of the organisation’s compliance with point ATM/ANS.OR.B.005A, in addition to complying with points (a) to (c), the competent authority shall review any approval granted under point IS.I.OR.200(e) of this Regulation or point IS.D.OR.200(e) of Delegated Regulation (EU) 2022/1645 following the applicable oversight audit cycle and whenever changes are implemented in the scope of work of the organisation.

[applicable from 22 February 2026 - Regulation (EU) 2023/203]

ED Decision 2017/001/R

DEMONSTRATION OF COMPLIANCE — DAT PROVIDERS

In addition to the applicable requirements, the competent authority should assess the standards and processes applied by the DAT provider. The following specific areas should be overseen against EUROCAE ED-76A/RTCA DO-200B ‘Standards for Processing Aeronautical Data’, dated June 2015:

(a)plans and procedures, including:

(1)alteration procedures (i.e. informing the supplier or data originator of the data alteration and endeavouring to receive concurrence/agreement);

(2)data verification and validation (including the procedures that define the level of checking of the database prior to release). These procedures should be reviewed to ensure adequacy;

(3)reporting and handling procedures (including occurrence reporting);

(4)data configuration management;

(5)data transmission practices;

(6)tool qualification; and

(7)internal audit checks and response mechanisms;

(b)internal standards; and

(c)definition of ‘Data Quality Requirements’.

EUROCAE ED-76/RTCA DO-200A may be also used for the demonstration of compliance.

ED Decision 2017/001/R

AUDITS

The audits should include oversight of changes to the functional system in order to:

(a)verify that changes made to the functional system:

(1)comply with ATM/ANS.OR.A.045;

(2)have been managed in accordance with the procedures identified in ATM/ANS.OR.B.010(a) that have been approved; and

(3)are being verified against the monitoring criteria that were identified in the assurance argument as a result of complying with ATM/ANS.OR.C.005(b)(2) or ATS.OR.205(b)(6), as appropriate; and

(b)verify that if, as a result of the monitoring referred to in (a)(3), the argument, referred to in ATS.OR.205(a)(2) and ATM/ANS.OR.C.005(a)(2), is found to be incomplete and/or incorrect, then the service provider has initiated a change or has revised the argument such that the inferences or evidence are now sufficient to justify the claim.

ED Decision 2017/001/R

IMPLEMENTING ARRANGEMENTS

Implementing arrangements should be considered to be the service provider’s (safety) management system(s) documentation, manuals, service provision conditions or the certificate and the content of the declaration, as applicable.

Regulation (EU) 2017/373

(a)The competent authority shall establish and update annually an oversight programme taking into account the specific nature of the service providers, the complexity of their activities, the results of past certification and/or oversight activities and shall be based on the assessment of associated risks. It shall include audits, which shall:

(1)cover all the areas of potential safety concern, with a focus on those areas where problems have been identified;

(2)cover all the service providers under the supervision of the competent authority;

(3)cover the means implemented by the service provider to ensure the competency of personnel;

(4)ensure that audits are conducted in a manner commensurate with the level of the risk posed by the service provider operations and services provided; and

(5)ensure that for service providers under its supervision, an oversight planning cycle not exceeding 24 months is applied.

The oversight planning cycle may be reduced if there is evidence that the safety performance of the service provider has decreased.

For a service provider certified by the competent authority, the oversight planning cycle may be extended to a maximum of 36 months if the competent authority has established that, during the previous 24 months:

(i)the service provider has demonstrated an effective identification of aviation safety hazards and management of associated risks;

(ii)the service provider has continuously demonstrated compliance with the change management requirements under points ATM/ANS.OR.A.040 and ATM/ANS.OR.A.045;

(iii)no level 1 findings have been issued;

(iv)all corrective actions have been implemented within the time period accepted or extended by the competent authority as defined in point ATM/ANS.AR.C.050.

If, in addition to the above, the service provider has established an effective continuous reporting system to the competent authority on the safety performance and regulatory compliance of the service provider, which has been approved by the competent authority, the oversight planning cycle may be extended to a maximum of 48 months;

(6)ensure follow-up of the implementation of corrective actions;

(7)be subject to consultation with the service providers concerned and notification thereafter;

(8)indicate the envisaged interval of the inspections of the different sites, if any.

(b)The competent authority may decide to modify the objectives and the scope of pre-planned audits, including documentary reviews and additional audits, wherever that need arises.

(c)The competent authority shall decide which arrangements, elements, services, functions, physical locations, and activities are to be audited within a specified time frame.

(d)Audit observations and findings issued in accordance with point ATM/ANS.AR.C.050 shall be documented. The latter shall be supported by evidence, and identified in terms of the applicable requirements and their implementing arrangements against which the audit has been conducted.

(e)An audit report, including the details of the findings and observations, shall be drawn up and communicated to the service provider concerned.

ED Decision 2017/001/R

GENERAL

(a)When establishing an oversight programme appropriate to each provider, the competent authority should take into account the safety performance of the service provider to be audited. Inspectors for the oversight of services provision and other ATM network functions should work in accordance with the schedule provided to them.

(b)Having regard to the performance of service providers, the competent authority may vary the frequency of the audits or inspections.

(c)When defining the oversight programme, the competent authority should assess the risks related to the activity of each service provider, certified or declared, or the Network Manager, and adapt the audits and inspections to the level of risk identified.

ED Decision 2017/001/R

SPECIFIC NATURE AND COMPLEXITY OF THE ORGANISATION

(a)When determining the oversight programme for a service provider, the competent authority should consider in particular the following elements, as applicable:

(1)the implementation by the service provider of industry standards, directly relevant to the organisation’s activity subject to this Regulation;

(2)the procedure applied for and scope of changes not requiring prior approval in accordance with ATM/ANS.OR.A.040(b); and

(3)specific procedures implemented by the service provider related to any alternative means of compliance used.

(b)For the purpose of assessing the complexity of an organisation’s management system, AMC1 ATM/ANS.OR.B.005(e) should be used.

ED Decision 2017/001/R

AREA OF POTENTIAL SAFETY CONCERNS — DAT PROVIDERS

The competent authority should audit the DAT provider’s procedures for dealing with situations where resolution and corrections could not be obtained with the aeronautical data source or other DAT providers for data that has been called into question in accordance with AMC1 DAT.TR.105(a). Such audits should confirm that effective controls are in place to ensure that an unsafe product is not released and that such concerns are communicated to customers in accordance with the requirements laid down in DAT.OR.200.

Regulation (EU) 2017/373

(a)Following the process laid down in point ATM/ANS.AR.C.005(a), upon receiving an application for the issuance of a certificate to a service provider, the competent authority shall verify the service provider's compliance with the applicable requirements of this Regulation.

(b)The competent authority may require any audits, inspections or assessments it finds necessary before issuing the certificate.

(c)The certificate shall be issued for an unlimited duration. The privileges of the activities that the service provider is approved to conduct shall be specified in the service provision conditions attached to the certificate.

(d)The certificate shall not be issued where a level 1 finding remains open. In exceptional circumstances, finding(s), other than level 1, shall be assessed and mitigated as necessary by the service provider and a corrective action plan for closing the finding(s) shall be approved by the competent authority prior to the certificate being issued.

ED Decision 2020/008/R

OPERATIONAL CONDITIONS OR LIMITATIONS

(a)If, during the certification process, an operational condition or limitation has been determined as necessary to be imposed on or implemented by the service provider, the competent authority should ensure that such operational condition or limitation is prescribed in the service provision conditions attached to the service provider’s certificate.

(b)Limitations in the certification may be used to identify restrictions to be applied in the provision of services and any other particularity of the service provided (e.g. intended usage, type of operations).

(c)Limitations may also relate to some restrictions on the service(s) provided associated with non-compliances with respect to some performance requirements.

(d)Conditions may address actions that require to be accomplished to confirm the validity of the certificate.

ED Decision 2020/008/R

EXAMPLES OF LIMITATIONS IN SERVICES

(a)Limitations for the provision of ILS Signal in Space could be:

(1)CAT I;

(2)CAT II; and

(3)CAT III.

(b)Limitations for the provision of Global Navigation Satellite System (GNSS) signal could be:

(1)based on the system used to provide Signal-in-Space:

(i)GNSS Core System;

(ii)Satellite-Based Augmentation System (SBAS); and

(iii)Ground-Based Augmentation System (GBAS); and/or

(2)based on the type of operations supported (e.g. en-route, en-route terminal, NPA, APV-I, APV-II, Cat I, from ICAO Annex 10)

(c)Limitations for the Aeronautical Mobile Service (air–ground communication) could be:

(1)for flight information services;

(2)for area control service;

(3)for approach control service; and

(4)for aerodrome control service.

(d)Limitations for the provision of data from the secondary surveillance radar (SSR) could be:

(1)mode A/C; and

(2)mode S.

(e)Limitations for the provision of data from automatic dependant surveillance (ADS) could be:

(1)ADS-C; and

(2)ADS-B.

(f)Limitations for the provision of flight procedure design services could be:

(1)conventional navigation AIDs procedure design;

(2)performance-based navigation (PBN) procedure design; and

(3)design procedure for helicopters.

ED Decision 2020/008/R

EXAMPLES OF CONDITIONS ATTACHED TO THE CERTIFICATE

Conditions attached to certificates may, as appropriate, be related to:

(a)non-discriminatory access to services for airspace users and the required level of performance of such services, including safety and interoperability levels;

(b)the time by which the services should be provided;

(c)ring-fencing or restriction of operations of services other than those related to the provision of services;

(d)contracts, agreements or other arrangements between the service provider and a third party and which concern the service(s);

(e)provision of information reasonably required for the verification of the continuous compliance with the requirements;

(f)any other legal conditions which are not specific to the services.

For further reference, please consult Annex II to Regulation (EC) No 550/2004.

Regulation (EU) 2017/373

(a)Upon receiving a notification for a change in accordance with point ATM/ANS.OR.A.045, the competent authority shall comply with points ATM/ANS.AR.C.030, ATM/ANS.AR.C.035 and ATM/ANS.AR.C.040.

(b)Upon receiving a notification for a change in accordance with point ATM/ANS.OR.A.040(a)(2) that requires prior approval, the competent authority shall:

(1)verify the service provider's compliance with the applicable requirements before issuing the change approval;

(2)take immediate appropriate action, without prejudice to any additional enforcement measures, when the service provider implements changes requiring prior approval without having received competent authority approval referred to in point (1).

(c)To enable a service provider to implement changes to its management system and/or safety management system, as applicable, without prior approval in accordance with point ATM/ANS.OR.A.040(b), the competent authority shall approve a procedure defining the scope of such changes and describing how such changes will be notified and managed. In the continuous oversight process, the competent authority shall assess the information provided in the notification to verify whether the actions taken comply with the approved procedures and applicable requirements. In case of any non-compliance, the competent authority shall:

(1)notify the service provider of the non-compliance and request further changes;

(2)in case of level 1 and level 2 findings, act in accordance with point ATM/ANS.AR.C.050.

ED Decision 2017/001/R

CHANGES REQUIRING PRIOR APPROVAL

(a)Upon receipt of a notification for a proposed change that requires prior approval, the competent authority should:

(1)formally acknowledge the receipt of the notification in writing within 10 working days;

(2)assess the proposed change in relation to the service provider’s certificate or the conditions attached or management system of it, and the applicable requirements of Part-ATM/ANS.OR, as well as any other applicable requirements within 30 working days after the receipt of all the evidence supporting the proposed change;

(3)assess the actions proposed by the service provider in order to show compliance; and

(4)notify the service provider of its approval/rejection without delay.

(b)A simple management system documentation system status sheet should be maintained, which contains information on when an amendment was received by the competent authority and when it was approved, if applicable.

(c)The competent authority should, in due time, verify the compliance of the service provider and, depending on the change, examine the need for prescribing any condition for the operation of it during the change.

(d)For changes requiring prior approval, the competent authority may conduct an audit of the service provider in order to verify the service provider’s compliance with the applicable requirements.

(e)When notifying, the competent authority should also inform the service provider of the right of appeal, as exists under the applicable national legislation.

ED Decision 2017/001/R

CHANGE OF NAME OF THE SERVICE PROVIDER

Upon receipt of the notification and the relevant parts of the service provider’s documentation as required by Part-ATM/ANS.OR, the competent authority should reissue the certificate.

ED Decision 2017/001/R

CHANGE OF NAME OF THE SERVICE PROVIDER

A name change alone does not require the competent authority to audit the organisation unless there is evidence that other aspects of the organisation have changed.

ED Decision 2017/001/R

APPROPRIATE ACTION

Appropriate action by the competent authority may include suspension, limitation or revocation of the service provider’s certificate.

ED Decision 2017/001/R

CHANGES NOT REQUIRING PRIOR APPROVAL

(a)When the service provider submits the name of the nominee for the nominated persons in accordance with AMC2 ATM/ANS.OR.A.040(b), the competent authority should consider his or her qualification.

(b)Upon receipt of a notification for a proposed change that does not require prior approval by the competent authority, it should acknowledge receipt of the notification in writing within 10 working days from receipt unless it is not specified under the relevant national legislation.

Regulation (EU) 2023/203

(a)(a) For changes managed and notified to the competent authority in accordance with the procedure set out in point IS.I.OR.255(a) of Annex II (Part-IS.I.OR) to Implementing Regulation (EU) 2023/203, the competent authority shall include the review of such changes in its continuing oversight in accordance with the principles laid down in point ATM/ANS.AR.C.010. If any non-compliance is found, the competent authority shall notify the organisation thereof, request further changes and act in accordance with point ATM/ANS.AR.C.050.

(b)With regard to other changes requiring an application for approval in accordance with point IS.I.OR.255(b) of Annex II (Part-IS.I.OR) to Implementing Regulation (EU) 2023/203:

(1)upon receiving the application for the change, the competent authority shall check the organisation’s compliance with the applicable requirements before issuing the approval;

(2)the competent authority shall establish the conditions under which the organisation may operate during the implementation of the change;

(3)if it is satisfied that the organisation complies with the applicable requirements, the competent authority shall approve the change.

[applicable from 22 February 2026 - Regulation (EU) 2023/203]

Regulation (EU) 2017/373

(a)The competent authority shall review:

(1)change management procedures for functional systems or any material modification to those procedures submitted by the service provider in accordance with point ATM/ANS.OR.B.010(b);

(2)any deviation from the procedures referred to in point (1) for a particular change, when requested by a service provider in accordance with point ATM/ANS.OR.B.010(c)(1).

(b)The competent authority shall approve the procedures, modifications and deviations referred to in point (a) when it has determined that they are necessary and sufficient for the service provider to demonstrate compliance with points ATM/ANS.OR.A.045, ATM/ANS.OR.C.005, ATS.OR.205, and ATS.OR.210, as applicable.

ED Decision 2023/018/R

PROCEDURES

The competent authority should include in the scope of the review the system engineering activities related to the demonstration of compliance of ATM/ANS equipment subject to SoC as per Article 6 of Regulation (EU) 2023/1768 and integration of all ATM/ANS equipment as prescribed in accordance with ATM/ANS.OR.A.045(g), (h), (i), and (j) before granting the approval of such procedures, modifications and deviations.

ED Decision 2017/001/R

GENERAL

The review by the competent authority is focused on the change management procedures and not on the project management part of these procedures that are not required by the regulations, even though they may be useful for the smooth execution of the project dealing with the change. Consequently, not all parts of a procedure may be approved by the competent authority. The approved parts should be identified in the record (see AMC1 ATM/ANS.AR.B.015(a)(8)) and communicated to the service provider.

ED Decision 2017/001/R

MEANS AND METHOD OF SUBMITTING PROCEDURES

The competent authority should agree with the service provider on the means and method of submitting the procedures, modifications and deviations referred to in ATM/ANS.AR.C.030(a). Until an agreement is reached, the competent authority will prescribe the means and method of submission.

ED Decision 2017/001/R

APPROVAL OF PROCEDURES

(a) When approving the change management procedures for functional systems as per ATM/ANS.OR.B.010, the competent authority should perform the following:

(1)check that the procedures used by a service provider to manage changes cover the life cycle of a change as defined in ATM/ANS.OR.C.005(a)(1) or ATS.OR.205(a)(1);

(2)use the compliance matrix provided by the service provider (referred to in AMC1 ATM/ANS.OR.B.010(a)), when reviewing the content of the procedures, modifications and/or deviations referred to in ATM/ANS.AR.C.030(a); as part of the oversight activity, the competent authority should check that the compliance matrix covers all the aforementioned requirements.

(3)check that the procedures make mandatory provisions that require actions to be undertaken and all required evidence to be produced to comply with requirements laid down in ATM/ANS.OR.A.045, ATM/ANS.OR.C.005, ATS.OR.205 and ATS.OR.210;

(4)check that the procedures identify the roles and responsibilities of the service provider in the change management processes;

(5)check that the procedures state that it is not allowed to use new, modified or deviating change management procedures until approval is granted; and

(6)check that the procedures state that any change selected for review must not enter into operational service before the approval is granted.

(b) The competent authority should provide a response to the service provider’s notification of change referred to in ATM/ANS.OR.A.045(a) without undue delay.

ED Decision 2017/001/R

DEVIATIONS

Some changes might stem from the need to implement immediate action and, therefore, their implementation cannot be delayed until they receive approval or communication that the change is not being reviewed from the competent authority such as changes due to urgent unforeseen circumstances that would, if uncorrected, lead to an immediate unsafe condition, presence of volcanic ash, etc.

The competent authority may consider this type of changes as part of the approval of change management procedures for functional systems.

Regulation (EU) 2017/373

(a)Upon receipt of a notification in accordance with point ATM/ANS.OR.A.045(a)(1), or upon receipt of modified information in accordance with point ATM/ANS.OR.A.045(b), the competent authority shall make a decision on whether to review the change or not. The competent authority shall request any additional information needed from the service provider to support this decision.

(b)The competent authority shall determine the need for a review based on specific, valid and documented criteria that, as a minimum, ensure that the notified change is reviewed if the combination of the likelihood of the argument being complex or unfamiliar to the service provider and the severity of the possible consequences of the change is significant.

(c)When the competent authority decides the need for a review based on other risk based criteria in addition to point (b), these criteria shall be specific, valid and documented.

(d)The competent authority shall inform the service provider of its decision to review a notified change to a functional system and provide the associated rationale to the service provider upon request.

ED Decision 2023/018/R

CRITERIA

The novelty of ATM/ANS equipment subject to certification/declaration/statement of compliance should be considered when the competent authority takes a decision to review a notified change to the functional system. New functionalities, new concept of operation, new technologies, etc. should be considered to be novelty.

ED Decision 2017/001/R

MEANS AND METHOD OF SUBMITTING NOTIFICATION OF CHANGES TO FUNCTIONAL SYSTEMS

The competent authority should agree with the service provider on the means and method of submitting the notification of changes and additional information referred to in ATM/ANS.OR.A.045(a). Until an agreement is reached, the competent authority will prescribe the means of submission.

ED Decision 2017/001/R

SELECTION CRITERIA FOR REVIEWING A NOTIFIED CHANGE TO THE FUNCTIONAL SYSTEM

The need for review should be based on a combination of the likelihood that the safety (support) argument may be complex or unfamiliar to the service provider undertaking the change and the severity of the consequences associated with the change. This is a risk function and is referred to as the ‘risk posed by the change’.

The following two aspects of the change:

—the novelty of the change; and

—the capabilities of the service provider (e.g. the effectiveness of the service provider’s (safety) management system),

as well as the service provider performing the change contribute to the service provider’s unfamiliarity of the necessary argument. The assessment of the severity of the consequence is made at a very early stage in the development of the change and, therefore, will be based on coarse data. It should, therefore, be conservative.

The risk posed by a change could be a scalar measure associated with the change and be some combination of the two inputs: the probability of a complex or unfamiliar argument and the severity of the consequences of the proposed change. The result is that the risk posed by a particular change is the sum of the inputs.

One possibility may be based on the use of a risk matrix in which risk parameters are represented according to a coarse-grained measurement scheme, and the selection criteria establish the boundary beyond which changes will be selected for review, as shown below:

The selection criterion, a function of risk with the value ‘significant’, is then a straight line, if the scales are logarithmic.

ED Decision 2017/001/R

OTHER SELECTION CRITERIA

(a)Some changes may not necessarily need to be reviewed providing that, even though they relate to safety, they can be considered as routine by the provider as they have been consistently assessed, implemented and proved safe in the past and, therefore, the competent authority has sufficient confidence that the provider will address them in a similar manner.

(b)The selection criterion for review may deviate from a simple threshold on the scalar risk metric (distance from the origin), to deal with concerns due to the coarse grain and high uncertainty of the inputs. For instance, a separate threshold on the ‘severity’ axis may be used to specify, for instance:

(1)that changes with very high potential severity should always be reviewed, irrespective of the probability of the safety argument being incomplete and/or incorrect (Figure below). This criterion may well respond to common perceptions and could be justified by the fact that judgements of low probabilities based on limited information are often unreliable, and errors in the judgment of risk are proportional to the error on probability and the size of the loss; and

(2)that changes with minor potential severity need not be reviewed, irrespective of the probability of the safety argument being incomplete and/or incorrect (Figure below) (though the process may retain the option for the competent authority to review the change, since the estimate itself of potential severity may be suspected of being erroneous).

(c)It is also possible that deviations be required on the basis of some of the component factors that affect either probability or severity, e.g. exempting changes based on small size of change and high competence of the air traffic services provider.

(d)In order to validate the process or provide data for the evolution of the process, it may be advisable to randomly select changes to review and then assess whether the safety argument is complete and/or correct or not and whether or not the case would have been selected for review using the current criteria for the selection process.

Figure 1: Criteria that may be used when severity is high

Figure 2: Criteria that may be used when severity is low

Regulation (EU) 2017/373

(a)When the competent authority reviews the argument for a notified change, it shall:

(1)assess the validity of the argument presented with respect to point ATM/ANS.OR.C.005(a)(2) or ATS.OR.205(a)(2);

(2)coordinate its activities with other competent authorities whenever necessary.

(b)The competent authority shall, alternatively:

(1)approve the argument referred to in point (a)(1), with conditions where applicable, when it is shown to be valid and so inform the service provider,

(2)reject the argument referred to in point (a)(1) and inform the service provider together with a supporting rationale.

ED Decision 2023/018/R

ARGUMENT

The supporting rationale for approval with conditions or rejection of the argument could relate, totally or partially, to topics associated with the integration of ATM/ANS equipment into the functional system.

Regulation (EU) 2017/373

(a)Upon receiving a declaration from a provider of flight information services intending to provide such services, the competent authority shall verify that the declaration contains all the information required by point ATM/ANS.OR.A.015 and shall acknowledge receipt of the declaration to that service provider.

(b)If the declaration does not contain the required information, or contains information that indicates non-compliance with the applicable requirements, the competent authority shall notify the provider of flight information services concerned about the non-compliance and request further information. If necessary, the competent authority shall carry out an audit of the provider of flight information services. If the non-compliance is confirmed, the competent authority shall take action provided for in point ATM/ANS.AR.C.050.

(c)The competent authority shall keep a register of the declarations of providers of flight information services which were made to it in accordance with this Regulation.

Regulation (EU) 2023/1771

(a)The competent authority shall have a system to analyse findings for their safety significance and decide on enforcement measures on the basis of the safety risk posed by the service provider's non-compliance.

(b)In circumstances where no or very low additional safety risk would be present with immediate appropriate mitigation measures, the competent authority may accept the provision of services to ensure continuity of service whilst corrective actions are being taken.

(c)A level 1 finding shall be issued by the competent authority when any serious non-compliance is detected with the applicable requirements of Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on its basis as well as Regulations (EC) No 549/2004, (EC) No 552/2004 and (EC) No 551/2004 and their implementing rules, with the ATM/ANS provider’s procedures and manuals, with the terms and conditions of the certificate, with the designation act, if applicable, or with the content of a declaration which poses a significant risk to flight safety or otherwise calls into question the service provider’s capability to continue operations.

Level 1 findings shall include but are not limited to:

(1)the promulgation of operational procedures and/or provision of a service in a way which introduces a significant risk to flight safety;

(2)the obtainment or maintenance of the validity of the service provider’s certificate through the submission of falsified documentary evidence;

(3)evidence of malpractice or fraudulent use of the service provider’s certificate;

(4)the lack of an accountable manager.

(d)A level 2 finding shall be issued by the competent authority when any other non-compliance is detected with the applicable requirements of Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on its basis, as well as Regulations (EC) No 549/2004, (EC) No 550/2004 and (EC) No 551/2004 and their implementing rules, with the ATM/ANS provider’s procedures and manuals or with the terms and conditions of the certificate, or with the content of the declaration.

(e)When a finding is detected, during oversight or by any other means, the competent authority shall, without prejudice to any additional action required by Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on its basis, as well as Regulations (EC) No 549/2004, (EC) No 550/2004, and (EC) No 551/2004 and their implementing rules, communicate the finding to the service provider in writing and require corrective action to address the non-compliance(s) identified.

(1)In the case of level 1 findings, the competent authority shall take immediate and appropriate action, and may, if appropriate, limit, suspend or revoke in whole or in part the certificate while ensuring the continuity of services provided that safety is not compromised, and in the case of the Network Manager, it shall inform the Commission. The measures taken shall depend upon the extent of the finding and shall remain in force until successful corrective action has been taken by the ATM/ANS provider.

(2)In the case of level 2 findings, the competent authority shall:

(i)grant the service provider a corrective action implementation period included in an action plan appropriate to the nature of the finding;

(ii)assess the corrective action and implementation plan proposed by the service provider, and, if the assessment concludes that they are sufficient to address the non-compliance(s), accept them.

(3)In the case of level 2 findings, where the service provider fails to submit a corrective action plan that is acceptable to the competent authority in the light of the finding, or where the service provider fails to perform the corrective action within the time period accepted or extended by the competent authority, the finding may be raised to a level 1 finding, and action shall be taken as laid down in point (1).

(f)Where the competent authority detects that the ATM/ANS provider integrates ATM/ANS equipment into its functional system without ensuring compliance with point ATM/ANS.OR.A.045(g), it shall, with due regard to the need to ensure the safety and continuity of operations, take all measures necessary to restrict the area of application of the ATM/ANS equipment concerned or prohibit its use by the ATM/ANS providers under its oversight.

(g)For those cases that do not require level 1 and 2 findings, the competent authority may issue observations.

ED Decision 2017/001/R

CATEGORIES OF FINDINGS — DOCUMENTARY EVIDENCE

Documentary evidence may include but is not limited to:

(a)operations or technical manuals;

(b)contracts or other types of arrangements;

(c)training, qualification or medical records;

(d)inspection records;

(e)test or exercise results;

(f)internal audit results;

(g)maintenance records; and

(h)other similar material required to be maintained by the service provider, etc.

ED Decision 2017/001/R

ENFORCEMENT MEASURES — FINANCIAL PENALTIES

In accordance with Article 7(7) of Regulation No 550/2004 and Articles 10, 22a(d), 25, and 68 of Regulation (EC) No 216/2008, the competent authority may additionally, and depending on the nature and the repetitiveness of the findings or the level of implementation of the corrective actions, impose appropriate enforcement measures that may include financial penalties, which are effective, proportionate, and dissuasive.

ED Decision 2017/001/R

CORRECTIVE ACTION AND CORRECTIVE ACTION IMPLEMENTATION PERIOD — DAT PROVIDERS

(a)In case of a Level 1 finding, the competent authority may extend the initial 21-working-day period for demonstration of corrective action by the DAT provider, depending on the nature of the finding.

(b)In case of a Level 2 finding, the initial corrective action implementation period granted by the competent authority should be appropriate to the nature of the finding but should not, in any case, exceed 3 months. At the end of this period and subject to the nature of the finding, the competent authority may extend the 3-month period subject to a satisfactory corrective action plan agreed by the competent authority.

ED Decision 2017/001/R

CORRECTIVE ACTION IMPLEMENTATION PERIOD

At the end of the corrective action implementation period included in an action plan approved by the competent authority and subject to the nature of the finding, the competent authority may extend it. It should be subject to a satisfactory corrective action plan agreed by the competent authority.

ED Decision 2017/001/R

OBSERVATIONS

The observation should be a way to communicate and draw future audit teams’ attention on specific matters that deserve scrutiny. It should be communicated to the audited service provider.