ATM/ANS.OR.A.001 Scope

Regulation (EU) 2017/373

In accordance with Article 6, this Annex establishes the requirements to be met by the service providers.

GM1 ATM/ANS.OR.A.001 Scope

ED Decision 2020/008/R

DEFINITIONS AND SCOPE IN RELATION TO SERVICE PROVIDERS

(a) To recognise which of the annexes applies to which service provider, it is necessary to understand how services are defined. These definitions have determined the structure and the content of Annexes III to XIII.

(b) Article 3(q) of Regulation (EC) No 216/2008 defines ATM/ANS as ‘the air traffic management functions as defined in Article 2(10) of Regulation (EC) No 549/2004, air navigation services defined in Article 2(4) of that Regulation, and services consisting in the origination and processing of data and formatting and delivering data to general air traffic for the purpose of safety-critical air navigation’.

(c) It should, therefore, be noted that ATM/ANS include more services than ‘Air Traffic Management’ and ‘Air Navigation Services’ together.

(d) In this Regulation, ‘services’ refers to those specified in Annex VIII(2) to Regulation (EU) 2018/1139.

(e) As already defined, ‘ATM network functions’ refers to functions performed by the Network Manager in accordance with Regulation (EU) No 677/201132 Commission Regulation (EU) No 677/2011 of 7 July 2011 laying down detailed rules for the implementation of air traffic management (ATM) network functions and amending Commission Regulation (EU) No 691/2010 (OJ L 185, 15.7.2011, p. 1)..

(f) Figure 1 below provides a pictorial representation of the services and how they interrelate through the various definitions.

(g) Figure 1 indicates both a further breakdown of ATS into air traffic control services (ATC), alerting services, air traffic advisory services, and flight information services and groupings of:

(1) air traffic management (ATM): comprising ATS, ASM, and ATFM;

(2) air navigation services (ANS): comprising ATS, CNS, MET, and AIS; and

(3) flight procedure design services (FPD) and data services (DAT) and ATM network functions.

(h) It is important to note that ATS is included in ATM and ANS.

Figure 1: The scope of the services, subject to certification, as specified in Regulation (EU) 2018/1139.

SERVICES

(a) Annex III (Part-ATM/ANS.OR) applies to the service providers, as relevant, and contains the common requirements for the service providers. This Annex is broken down into four subparts:

(1) Subpart A — General requirements (ATM/ANS.OR.A);

(2) Subpart B — Management (ATM/ANS.OR.B);

(3) Subpart C — Specific organisational requirements for service providers other than ATS providers (ATM/ANS.OR.C); and

(4) Subpart D — Specific organisational requirements for ANS and ATFM providers and the Network Manager (ATM/ANS.OR.D).

(b) Subpart D applies only to ANS and ATFM providers and the Network Manager (and not to ASM and DAT providers).

(c) Thereafter, each specific requirement for various service providers is allocated to an annex (Annexes IV to XII) which contains specific requirements for that service provider. Table 1 below indicates which annexes are applicable to each service provided.

(d) Annex XIII contains requirements for service providers regarding personnel training and competence assessment.

AIR TRAFFIC SERVICES FOR FLIGHT TEST

(a) When the flight tests have one of the following characteristics:

(1) frequent changes in levels and headings, depending on the tests which are carried out with certain unpredictability;

(2) unless necessary for the purpose of the flight tests, navigation in general (route/destination, etc.) is not the primary objective of these flights;

(3) specific aircraft configurations sometimes resulting in reduced ability to manoeuvre;

(4) technical constraints, including airborne and ground testing facilities;

(5) airborne equipment is not proven to be up to the required certification level; and

(6) the planning for conducting flight tests can be of a very ad hoc nature giving little timing for carrying out strategy or pre-tactical air traffic flow management. (e.g. the need to test under specific weather conditions which would require flexibility for allocation of slots for these flight tests),

then the air traffic services provider providing services to this type of flight testing may need a specific privilege within the certificate issued by the competent authority because of the specificities of the air traffic services to be provided to this type of operations and because of the need to ensure safe operations in the airspace in which flight tests are being conducted.

(b) Given the characteristics in (a), flight tests can be made in cohabitation with other airspace users in controlled or non-controlled airspace, and sometimes in temporarily reserved areas when necessary.

ED Decision 2020/008/R

 

Annex III

(Part-ATM/ANS.OR)

Annex IV

(Part-ATS)

Annex V

(Part-MET)

Annex VI

(Part-AIS)

Annex VII

(Part-DAT)

Annex VIII

(Part-CNS)

Annex IX

(Part-ATFM)

Annex X

(Part-ASM)

Annex XI

(Part-FPD)

Annex XII

(Part-NM)

Annex XIII

(Part-PERS)

Subpart A

Subpart B

Subpart C

Subpart D

Air traffic services providers

(see Note 1)

X

X

 

X

X

 

 

 

 

 

 

 

 

 

Meteorological services providers

X

X

X

X

 

X

 

 

 

 

 

 

 

 

Aeronautical information services providers

X

X

X

X

 

 

X

 

 

 

 

 

 

 

Data services providers

X

X

X

 

 

 

 

X

 

 

 

 

 

 

Communication, navigation and surveillance service providers

X

X

X

X

 

 

 

 

X

 

 

 

 

 

Air traffic flow management service providers

X

X

X

X

 

 

 

 

 

X

 

 

 

 

Airspace management service providers

X

X

X

 

 

 

 

 

 

 

X

 

 

 

Flight procedure design services providers

X

X

X

 

 

 

 

 

 

 

 

X

 

 

Network Manager

X

X

X

X

 

 

 

 

 

 

 

 

X

 

service providers

(see Note 2)

 

 

 

 

 

 

 

 

 

 

 

 

 

X

Table 1: Applicability of annexes to service providers

ATM/ANS.OR.A.005 Application for a service provider certificate

Regulation (EU) 2017/373

(a) Application for a service provider certificate or an amendment to an existing certificate shall be made in a form and manner established by the competent authority, taking into account the applicable requirements of this Regulation.

(b) In accordance with Article 6, in order to obtain the certificate, the service provider shall comply with:

(1) the requirements referred to in Article 8b(1) of Regulation (EU) No 216/2008;

(2) the common requirements set out in this Annex;

(3) the specific requirements set out in Annexes IV to XIII, where those requirements are applicable in light of the services that the service provider provides or plans to provide.

EXPOSITION — DAT PROVIDERS

(a) The DAT provider should submit to the competent authority an exposition providing the following information:

(1) a statement signed by the accountable manager confirming that the exposition and any associated manuals which define the organisation’s compliance with the requirements will be complied with at all times;

(2) the duties and responsibilities of the manager(s) as required by ATM/ANS.OR.B.020 including matters on which they may deal directly with the competent authority on behalf of the organisation;

(3) an organisational chart showing lines of responsibility and accountability throughout the DAT provider, including a direct accountability of the accountable manager as required by ATM/ANS.OR.B.005(a)(1);

(4) a list of attesting staff as referred to in DAT.TR.100(b);

(5) a general description of manpower resources;

(6) a general description of the facilities of the DAT provider;

(7) a general description of the activities for which the DAT provider’s certificate is requested;

(8) the procedure for the notification of organisational changes to the competent authority;

(9) the amendment procedure for the exposition;

(10) a description of the management system and the procedures as required by DAT.OR.110; and

(11) a list of those contracted organisations referred to in ATM/ANS.OR.B.015(b).

(b) The exposition should be amended as necessary to remain an up-to-date description of the organisation, and copies of any amendments should be supplied to the competent authority.

EXPOSITION — DAT PROVIDERS

The exposition should contain the following table of contents:

1. General

Table of contents, document revision history, abbreviations, and terms.

2. Introduction

Purpose, scope, standards declaration, and reference documents.

3. Company description and policy

Description of the company, products and services, quality policy and objectives, customer requirements.

4. Terms of approval

Scope of work, notification of changes to the terms of approval, control of documents and records.

5. Management/resources responsibilities

Management team and personnel, organisation charts, duties and responsibilities of personnel.

Management review, human resources, competence, awareness, and training.

6. Production processes

Data production procedures, arrangements with suppliers, users/customers and other DAT providers, data receiving inspection and testing, data release, data distribution process, data products identification and quality checks, tailored data, data error reporting.

7. Management system

Introduction, document control, quality assurance, internal system audits, standards compliance plan audits, methods of improvement, occurrence management and reporting, record-keeping.

8. Appendix 1 — List of relevant personnel

EXPOSITION — DAT PROVIDERS

A means to develop the exposition may be by cross-referring to the procedures of the quality manual, which are needed to demonstrate compliance with these requirements.

GENERAL — AIS PROVIDER

Terrain data sets are part of the digital data sets, but are typically originated and maintained by organisations different than AIS providers. The provision of terrain data sets by an AIS provider for the purpose of air navigation is consequently limited to the mere distribution of a finished product or even only the provision of information on how the product can be obtained, in accordance with the applicable requirements of Regulation (EU) 2017/373.

ATM/ANS.OR.A.010 Application for a limited certificate

Regulation (EU) 2017/373

(a) Notwithstanding point (b), the air traffic services provider may apply for a certificate limited to the provision of services in the airspace under the responsibility of the Member State where its principal place of operation or, if any, registered office is located, when it provides or plans to provide services only with respect to one or more of the following categories:

(1) aerial work;

(2) general aviation;

(3) commercial air transport limited to aircraft with less than 10 tonnes of maximum take-off mass or less than 20 passenger seats;

(4) commercial air transport with less than 10 000 movements per year, regardless of the maximum take-off mass and the number of passenger seats; for the purposes of this provision, ‘movements’ means, in a given year, the average over the previous three years of the total number of take-offs and landings.

(b) In addition, the following air navigation service providers may also apply for a limited certificate:

(1) an air navigation service provider, other than a provider of air traffic services, with a gross annual turnover of EUR 1 000 000 or less in relation to the services they provide or plan to provide;

(2) an air navigation service provider providing aerodrome flight information services by operating regularly not more than one working position at any aerodrome.

(c) As determined by the competent authority, an air navigation service provider applying for a limited certificate in accordance with points (a) or (b)(1) shall comply, as a minimum, with the following requirements set out in:

(1) point ATM/ANS.OR.B.001 Technical and operational competence and capability;

(2) point ATM/ANS.OR.B.005 Management system;

(3) point ATM/ANS.OR.B.020 Personnel requirements;

(4) point ATM/ANS.OR.A.075 Open and transparent provision of services;

(5) Annexes IV, V, VI and VIII, where those requirements are applicable in light of the services that the service provider provides or plans to provide, in accordance with Article 6.

(d) As determined by the competent authority, the air navigation service provider applying for a limited certificate in accordance with point (b)(2) shall comply, as a minimum, with the requirements set out in points (c)(1) to (c)(4) and with the specific requirements set out in Annex IV.

(e) An applicant for a limited certificate shall submit an application to the competent authority in a form and manner established by the competent authority.

GENERAL

The relationship between the type of service provision, criteria to be complied with and the applicable rules are indicated in Table 2 below.

Type of service

Type of approval

Criteria to be
complied with

Applicable Rules

Air traffic service providers

Limited Certificate

ATM/ANS.OR.A.010(a)

ATM/ANS.OR.B.001

ATM/ANS.OR.B.005

ATM/ANS.OR.B.020

ATM/ANS.OR.A.075

Annex IV

Air navigation service providers

(other than the air traffic services providers)

(gross annual turnover of EUR 1 000 000 or less)

Limited Certificate

ATM/ANS.OR.A.010(b)(1)

ATM/ANS.OR.B.001

ATM/ANS.OR.B.005

ATM/ANS.OR.B.020

ATM/ANS.OR.A.075

Annexes V, VI and VIII depending upon service provision

Air navigation service providers

(aerodrome flight information services providers operating regularly not more than one working position at any aerodrome)

Limited Certificate

ATM/ANS.OR.A.010(b)(2)

ATM/ANS.OR.B.001

ATM/ANS.OR.B.005

ATM/ANS.OR.B.020

ATM/ANS.OR.A.075

Annex IV
 

Table 2: Type of service provision, criteria to be complied with, and the applicable rules

ATM/ANS.OR.A.015 Declaration by flight information services providers

Regulation (EU) 2017/373

(a) Pursuant to Article 7, a flight information services provider may declare its capability and means of discharging the responsibilities associated with the services provided where it meets, in addition to the requirements referred to in Article 8b(1) of Regulation (EU) No 216/2008, the following alternative requirements:

(1) the flight information services provider provides, or plans to provide, its services by operating regularly not more than one working position;

(2) those services are of a temporary nature, for a duration agreed with the competent authority as necessary to ensure proportional safety assurance.

(b) A flight information services provider declaring its activities shall:

(1) provide the competent authority with all the relevant information prior to commencing operations, in a form and manner established by the competent authority;

(2) provide the competent authority with a list of the alternative means of compliance used, in accordance with point ATM/ANS.OR.A.020;

(3) maintain compliance with the applicable requirements and with the information given in the declaration;

(4) notify the competent authority of any changes to its declaration or the means of compliance it uses through submission of an amended declaration;

(5) provide its services in accordance with its operations manual and comply with all the relevant provisions contained therein.

(c) Before ceasing the provision of its services, the flight information services provider declaring its activities shall notify the competent authority within a period determined by the competent authority.

(d) A flight information services provider declaring its activities shall comply with the following requirements set out in:

(1) point ATM/ANS.OR.A.001 Scope;

(2) point ATM/ANS.OR.A.020 Means of compliance;

(3) point ATM/ANS.OR.A.035 Demonstration of compliance;

(4) point ATM/ANS.OR.A.040 Changes — general;

(5) point ATM/ANS.OR.A.045 Changes to the functional system;

(6) point ATM/ANS.OR.A.050 Facilitation and cooperation;

(7) point ATM/ANS.OR.A.055 Findings and corrective actions;

(8) point ATM/ANS.OR.A.060 Immediate reaction to a safety problem;

(9) point ATM/ANS.OR.A.065 Occurrence reporting;

(10) point ATM/ANS.OR.B.001 Technical and operational competence and capability;

(11) point ATM/ANS.OR.B.005 Management system;

(12) point ATM/ANS.OR.B.020 Personnel requirements;

(13) point ATM/ANS.OR.B.035 Operations manuals;

(14) point ATM/ANS.OR.D.020 Liability and insurance cover,

(15) Annex IV.

(e) A flight information services provider declaring its activities shall only start operation after receiving the acknowledgement of receipt of the declaration from the competent authority.

MODEL TEMPLATE OF DECLARATION OF COMPLIANCE

DECLARATION OF COMPLIANCE FOR THE PROVISION OF FLIGHT INFORMATION SERVICES

in accordance with Commission Implementing Regulation (EU) 2017/373

Provider of flight information service

Name:

Principal place of operation and, if any, registered office:

Name and contact details of the accountable manager:

Flight Information Service

Starting date of provision of flight information services/applicability date of the change:

Scope of flight information services:

  Aerodrome flight information services (AFIS)

  En-route flight information services (En-route FIS)

List of alternative means of compliance with references to the AMCs they replace (to be attached to the declaration)

Statements

  The management system documentation, including the operations manual, complies with the applicable requirements set out in Part-ATM/ANS.OR and Part-ATS.

  The provision of flight information services will be carried out in accordance with the requirements of Regulation (EC) No 216/2008 and its implementing rules, as well as Regulations (EC) Nos 549/2004, 550/2004, 551/2004, and 552/2004 and their implementing rules, and the procedures and instructions specified in the operations manual.

  All personnel are qualified, competent and trained in accordance with the applicable requirements.

  (If applicable)

The provider of flight information services has implemented and demonstrated conformance to an officially recognised industry standard.

Reference of the standard:

Certification body:

Date of the last conformance audit:

  Any change in the provision of flight information services that affects the information disclosed in this declaration will be notified to the competent authority.

  The provider of flight information service confirms that the information disclosed in this declaration is correct.

 

Date, name, and signature of the accountable manager

ATM/ANS.OR.A.020 Means of compliance

Regulation (EU) 2017/373

(a) Alternative means of compliance (AltMOC) to the AMC adopted by the Agency may be used by the service provider to establish compliance with the requirements of this Regulation.

(b) When the service provider wishes to use an AltMOC, it shall, prior to implementing it, provide the competent authority with a full description of the AltMOC. The description shall include any revisions to manuals or procedures that may be relevant, as well as an assessment demonstrating compliance with the requirements of this Regulation.

A service provider may implement these alternative means of compliance subject to prior approval by the competent authority and upon receipt of the notification as prescribed in point ATM/ANS.AR.A.015(d).

ATM/ANS.OR.A.025 Continued validity of a certificate

Regulation (EU) 2017/373

(a) A service provider's certificate shall remain valid subject to:

(1) the service provider remaining in compliance with the applicable requirements of this Regulation, including those concerning facilitating and cooperating for the purposes of the exercise of the powers of the competent authorities and those concerning the handling of findings as specified in points ATM/ANS.OR.A.050 and ATM/ANS.OR.A.055 respectively;

(2) the certificate not having been surrendered, suspended or revoked.

(b) Upon revocation or surrender, the certificate shall be returned to the competent authority without delay.

ATM/ANS.OR.A.030 Continued validity of a declaration of a flight information services provider

Regulation (EU) 2017/373

A declaration made by the flight information services provider in accordance with point ATM/ANS.OR.A.015 shall remain valid subject to:

(a) the flight information services remaining in compliance with the applicable requirements of this Regulation, including those concerning facilitating and cooperating for the purposes of the exercise of the powers of the competent authorities and those concerning the handling of findings as specified in point ATM/ANS.OR.A.050 and ATM/ANS.OR.A.055 respectively;

(b) the declaration not having been withdrawn by the provider of such services or deregistered by the competent authority.

ATM/ANS.OR.A.035 Demonstration of compliance

Regulation (EU) 2017/373

A service provider shall provide all the relevant evidence to demonstrate compliance with the applicable requirements of this Regulation at the request of the competent authority.

EVIDENCE — DAT PROVIDERS

The exposition as referred to in AMC1 ATM/ANS.OR.A.005 ‘Application for service provider certificate’ EXPOSITION — DAT PROVIDERS should be considered as one of the means to demonstrate compliance with the applicable requirements.

GENERAL — DAT PROVIDERS

In order to demonstrate compliance with the applicable requirements, the DAT provider should produce a compliance matrix/checklist detailing how its data production processes relate to EUROCAE ED-76A/RTCA DO-200B ‘Standards for Processing Aeronautical Data’, dated June 2015. EUROCAE ED-76/RTCA DO-200A may be also used for the demonstration of compliance.

RELEVANT EVIDENCE

ATM/ANS.OR.B.005(e) requires ‘The management system shall be proportionate to the size of the service provider and the complexity of its activities, taking into account the hazards and associated risks inherent in those activities.’ Consequently, the relevant evidence to demonstrate compliance with the applicable requirements of this Regulation should be also proportionate to the size of the service provider and the complexity of its activities.

ATM/ANS.OR.A.040 Changes — general

Regulation (EU) 2017/373

(a) The notification and management of:

(1) a change to the functional system or a change that affects the functional system shall be carried out in accordance with point ATM/ANS.OR.A.045;

(2) a change to the provision of service, the service provider's management system and/or safety management system, that does not affect the functional system, shall be carried out in accordance with point (b).

(b) Any change as referred to in point (a)(2) shall require prior approval before implementation, unless such a change is notified and managed in accordance with a procedure approved by the competent authority as laid down in point ATM/ANS.AR.C.025(c).

CHANGE OF THE OWNERSHIP AND/OR THE LOCATION

A change of the service provider’s ownership and/or the location of its facilities should comply with ATM/ANS.OR.A.040(a)(2) and should not be subject to the procedure identified in ATM/ANS.AR.C.025(c).

PROCEDURE FOR CHANGES REQUIRING PRIOR APPROVAL

For changes requiring prior approval, a procedure should define how the service provider should notify the competent authority and obtain an approval issued by that authority:

(a) Notifications should be submitted before any such change is made in order to enable the competent authority to determine continued compliance with Regulation (EC) No 216/2008 and its implementing rules and also to amend, if necessary, the certificate and the related conditions attached to it.

(b) Changes should only be implemented upon receipt of approval by the competent authority in accordance with the procedure established by that authority.

(c) The service provider should operate under the conditions prescribed by the competent authority during such changes, as applicable.

AMC2 ATM/ANS.OR.A.040(b) Changes — general

ED Decision 2017/001/R

PROCEDURE FOR CHANGES NOT REQUIRING PRIOR APPROVAL

(a) For changes not requiring prior approval, the procedure should define how the service provider should notify and manage the change.

(b) The service provider should inform the competent authority of any changes to nominated persons specified in ATM/ANS.OR.B.020(b) and ATS.OR.200(1)(iii), as applicable.

GM1 ATM/ANS.OR.A.040(b) Changes — general

ED Decision 2017/001/R

PROCEDURE FOR CHANGES NOT REQUIRING PRIOR APPROVAL

The procedure agreed by the service provider and the competent authority may also include the process for the reaction by the service provider to an unplanned change that may arise with the need for urgent action that would normally require prior approval of the competent authority. This is the case in which the service provider responds immediately to a safety problem as required in ATM/ANS.OR.A.060 or when an emergency situation arises in which the service provider has to take immediate action to ensure the safety of the services.

ATM/ANS.OR.A.045 Changes to a functional system

Regulation (EU) 2017/373

(a) A service provider planning a change to its functional system shall:

(1) notify the competent authority of the change;

(2) provide the competent authority, if requested, with any additional information that allows the competent authority to decide whether or not to review the argument for the change;

(3) inform other service providers and, where feasible, aviation undertakings affected by the planned change.

(b) Having notified a change, the service provider shall inform the competent authority whenever the information provided in accordance with points (a)(1) and (2) is materially modified, and the relevant service providers and aviation undertakings whenever the information provided in accordance with point (a)(3) is materially modified.

(c) A service provider shall only allow the parts of the change, for which the activities required by the procedures referred to in point ATM/ANS.OR.B.010 have been completed, to enter into operational service.

(d) If the change is subject to competent authority review in accordance with point ATM/ANS.AR.C.035, the service provider shall only allow the parts of the change for which the competent authority has approved the argument to enter into operational service.

(e) When a change affects other service providers and/or aviation undertakings, as identified in point (a)(3), the service provider and these other service providers, in coordination, shall determine:

(1) the dependencies with each other and, where feasible, with the affected aviation undertakings;

(2) the assumptions and risk mitigations that relate to more than one service provider or aviation undertaking.

(f) Those service providers affected by the assumptions and risk mitigations referred to in point (e)(2) shall only use, in their argument for the change, agreed and aligned assumptions and risk mitigations with each other and, where feasible, with aviation undertakings.

NOTIFICATION

The notification of a change should not be considered complete until the following information is provided:

(a) Name of the organisation notifying the change;

(b) Unique identifier of change;

(c) Version number of notification;

(d) Title of the change;

(e) Date of the submission of the original of this change notification;

(f) Scheduled date of entry into service (even if only approximate);

(g) Details of the change and its impact;

(h) The list of the service providers and other aviation undertakings that are affected by the change as identified in ATM/ANS.OR.A.045(a)(3);

(i) Entity in charge of the assurance case; and

(j) Identity of a point of contact for communications with the competent authority.

NOTIFICATION

(a) A change should be notified as soon as the data defined in AMC1 ATM/ANS.OR.A.045(a) is available. The decision to review a change by the competent authority will be based, in most circumstances, on the notification data. Exceptions to this are cases where the competent authority is not familiar with the type of change or the complexity of the change requires a more thorough consideration.

(b) Early and accurate notification facilitates the interactions between the provider and the competent authority and, thus, maximises the likelihood of introducing a change into service in due time and according to the service provider’s initial schedule when the competent authority has decided to review an assurance case. Therefore, it is advisable that the change description identified in AMC1 ATM/ANS.OR.A.045(a) is completed as soon as possible and contains the following data:

(1) Purpose of the change;

(2) Reasons for the change;

(3) Place of implementation;

(4) New/modified functions/services brought about by the change;

(5) High-level identification of the constituents of the functional system being changed, and what is modified in their functionality;

(6) Consequence of the change, i.e. the harmful effects of the hazards associated with the change — see (f) below and also the definition of ‘risk’ in Annex I (85).

(c) The information provided in (b) may expedite the decision whether to review or not the proposed change, because it will allow the competent authority to gain complete knowledge of the change and, consequently, reduces the need for additional information. However, lack of some of this data should not delay the service provider’s submission of the notification if to do so is likely to impede the introduction of the change. It should be noted that early interaction with its competent authority may help to complete the missing data.

(d) The service provider should take into account that an early, clear and accurate change notification will assist the competent authority in making the decision to review or not the change and may prevent any inconvenience such as:

(1) the competent authority having to ask for more information about the change in order to make its decision as required in ATM/ANS.OR.A.045(a)(2);

(2) the competent authority deciding to review a change unnecessarily because the notification is not clear enough; or

(3) the delay in the competent authority deciding whether to review a change, caused by the lack of information, having an impact on the proposed date of entry into service.

(e) It is recognised that the understanding of the change will improve as the change process progresses and the interaction between the competent authority and the service provider strengthens. The service provider should notify the competent authority when the information provided in the previous notification is no longer valid or when the information previously missing becomes available. When additional information — other than the data specified in AMC1 ATM/ANS.OR.A.045(a) — is supplied at the competent authority’s request, then no update of the notification is required.

(f) For air traffic services (ATS) providers, the consequences of the change specified in (b)(6), should be expressed in terms of the harmful effects of the change, i.e. the effects of the hazards associated with safety risks. These could be the result of a preliminary safety assessment, if available, or an early hazard analysis that concentrates on the service level effects. For service providers other than air traffic services providers, the consequences should be expressed in terms of what aspects of the performance of the service are impacted by the change.

(g) The point of contact, as required in point (j) in AMC1 ATM/ANS.OR.A.045(a), provides a focal point for the competent authority to contact when seeking complementary information about the change when required. The aim is to improve communications between the provider and the competent authority about the change.

(h) All notified changes should be unambiguously identified. The service provider and its competent authority should agree on a means of referencing so as to associate a unique identifier to a given notified change.

(i) For routine changes, the notification to the competent authority may be done in a simpler manner, e.g. using forms less detailed than those specified in AMC1 ATM/ANS.OR.A.045(a) or notifying these changes collectively after being implemented at regular periods of times agreed between the provider and the competent authority. A service provider and its competent authority should coordinate so as to reach a common agreement on these types of changes that may not be reviewed by the competent authority. The list of such changes should be documented and formalised. The formalised agreement becomes part of the change management procedures identified in ATM/ANS.OR.B.010. Consequently, the list will be reviewed by the competent authority as part of the audits it performs that are described in ATM/ANS.AR.C.010(a). The relevant audit activity is detailed in AMC1 ATM/ANS.AR.C.010(a)(a)(2).

NOTIFICATION — SOFTWARE CRITICALITY

Depending on the complexity of the change to the functional system and the criticality of the software, the depth of the evaluation may vary. The service provider should coordinate as soon as possible with the competent authority in order to define a software oversight strategy as part of the change review activities, if a decision for change review is taken.

NOTIFICATION TO USERS OF THE SERVICE

Having notified a change, the service provider should:

(a) individually inform all known service providers potentially affected by the notified change; and

(b) inform all aviation undertakings potentially affected by the change either individually or via a representative body of aviation undertakings or by publishing details of the planned change in a dedicated publication of the service provider or aeronautical information publications such as an aeronautical information circular (AIC).

DEDICATED PUBLICATION FOR PROPOSED CHANGES

The final users of services potentially affected by a change to a functional system may not be known by the service provider proposing the change. However, this should not prevent the service provider from using other means for notification than direct communication with the interested parties. In that case, the changes may be published in a dedicated website where the users of the service can periodically check for current proposed changes to the functional system that may affect them.

MODIFICATION OF A NOTIFIED CHANGE

(a) The service provider should inform the competent authority that was initially notified about any update in the notification data when the information provided in a previous notification about the same change is no longer valid or when information previously missing becomes available. The other service providers and aviation undertakings should also be informed, when they are affected by the new data.

(b) The cancellation of a previously notified change should be considered as a modification of a notified change. Therefore, the service provider should inform about this update the competent authority, and inform other service providers and aviation undertakings that were initially informed about the change.

ENTRY INTO OPERATIONAL SERVICE OF A CHANGE SELECTED FOR REVIEW

The service provider should not start the implementation of any part of the change that has the potential to affect the safety of the services currently being provided until a valid safety (support) assessment for that part of the change exists and, if the change is subject to competent authority review, it has been approved by the competent authority.

TRANSITION INTO SERVICE

(a) No matter whether the competent authority has decided to review the notified change or not, the service provider should not start the implementation of any part of the change that has the potential to affect the safety of any of the services it provides, e.g. the functions performed or the performance of the services, until it has produced a valid argument in accordance with ATS.OR.205(a)(2) or/and ATM/ANS.OR.C.005(a)(2), as appropriate.

(b) Implementation of the change, which means the creation and installation of the items to be used in the changed operational system may or may not affect the performance of the current services offered by the service provider. For example, much of the implementation of equipment and procedures can be performed ‘off line’, i.e. in development facilities that do not interact with the operational services and installation may be started, provided the items are not connected to the operational system and their presence in the operational environment does not affect the current services. However, these items must not be introduced into the operational system, i.e. they must not affect the behaviour of any operational service, until a valid assurance case exists and, if the change is subject to competent authority review, before the competent authority has approved the change.

(c) The installation of an artefact may have an impact on services other than the service being changed. This can happen where the installation involves disrupting these other services, e.g. aerodrome operations may be disrupted because runways or taxiways are being used by constructor’s vehicles or are being interfered with. In this case, the scope of the change includes these other services (please refer to ATM/ANS.OR.C.005(a)(1)(iii) & (iv) or ATS.OR.205(a)(1)(iii) & (iv), as appropriate) and the assessment of the change includes the effects installation may have on them, including where the installation does not go according to plan.

CHANGES AFFECTING MULTIPLE SERVICE PROVIDERS — OVERARCHING SAFETY ARGUMENT

A change as defined in ATM/ANS.OR.A.045(e) may involve more than one service provider changing their functional systems. In this case, the change will consist of a set of changes to different ATM/ANS functional systems or their context. However, no matter how many individual changes to service providers’ functional systems are part of the change, they should be coordinated. An overarching safety argument, coherent with the arguments of the individual changes, that claims the complete change is safe should be provided.

CHANGES AFFECTING MULTIPLE SERVICE PROVIDERS AND AVIATION UNDERTAKINGS — GENERAL

(a) Any change proposed by a service provider as defined in ATM/ANS.OR.A.045(a) affects other service providers and/or aviation undertakings when:

(1) the proposed change may alter the service delivered to other service providers and aviation undertakings as users of that service; or

(2) the proposed change may alter the operational context in which the services of other service providers and aviation undertakings are delivered or in which the aviation undertakings are operating.

(b) The changes referred to in ATM/ANS.OR.A.045(e) could be considered ‘multi-actor changes’ and are those changes that require coordination between the service provider(s) proposing the change and any service providers and aviation undertakings affected by the change(s) due to the presence of dependencies between the service providers that planned the change and other affected service providers and/or other aviation undertakings. This coordination is essential to ensure a correct safety (support) assessment when there are dependencies.

(c) A single-actor change is one that is limited to those cases where a change to a service provider’s functional system alters neither the service nor the operational context of other service providers and aviation undertakings.

AFFECTED STAKEHOLDERS — SERVICE PROVIDERS AND AVIATION UNDERTAKINGS

(a) ‘Other service providers’ mentioned in ATM/ANS.OR.A.045(e) refers to European service providers other than the service provider proposing the change, that are regulated in accordance with Regulation (EC) No 216/2008 and its implementing rules;

(b) Aviation undertakings affected by the change included in ATM/ANS.OR.A.045(e) can be understood as the stakeholders and professional associations with dependencies with the changed service, and may include the following:

(1) service providers that do not fall under the remit of Regulation (EC) No 216/2008 and its implementing rules, e.g. non-European service providers;

(2) aerodrome operators;

(3) aircraft operators;

(4) airframe and equipment manufacturers;

(5) maintenance organisations;

(6) regulatory bodies, e.g. European Commission, EASA, national aviation authorities (NAAs); and

(7) other bodies not regulated by Regulation (EC) No 216/2008 and its implementing rules, e.g. power suppliers or military authorities.

CHANGE AFFECTING MULTIPLE SERVICE PROVIDERS AND AVIATION UNDERTAKINGS — COORDINATION

(a) ATM/ANS.OR.A.045(e) applies to all the affected service providers involved in the change, and, therefore, they should coordinate dependencies as well as shared assumptions and shared risk mitigations. They should only use the agreed and aligned assumptions and mitigations that are related to more than one service provider or aviation undertaking in their safety or safety support cases, as required by ATM/ANS.OR.A.045(f).

(b) Assumptions and risk mitigations used during the assessment of the change that are not shared by the affected service providers, can be handled independently by each service provider, and do not need agreement.

(c) This coordination means that the affected service providers:

(1) have jointly identified the scope of their responsibilities with regard to the change, and in particular their safety responsibilities, e.g. what part of the change will be covered in whose safety (support) assessment case;

(2) have jointly identified the dependencies;

(3) have jointly identified the hazards associated with the change in the common context;

(4) have mutually agreed on the assumptions for the change that jointly relate to them; and

(5) have mutually agreed on the mitigations for risks that require joint implementation.

(d) Service providers would need to achieve a common understanding about:

(1) consequences in the shared operational context; and

(2) chains of causes/consequences.

(e) Service providers would jointly need to identify their dependencies to be able to assess the change to their functional systems.

(f) Where necessary in relation to the dependences identified in accordance with GM1 ATM/ANS.OR.A.045(e)(1), the service providers may perform together:

(1) identification of hazards/effects;

(2) assessment of risks;

(3) evaluation of risks;

(4) planning and assessment of risk mitigations; and

(5) verification.

(g) The level of interaction and coordination between service providers and aviation undertakings will vary depending on the particular needs of the change at hand.

COORDINATION WITH AFFECTED AVIATION UNDERTAKINGS

(a) The aviation undertakings are the entities, persons or organisations as defined in point 34 of Annex I to Regulation (EU) 2017/373 and thus, ATM/ANS.OR.A.045(e) does not apply to them. However, any service provider affected by a change should seek the participation of aviation undertakings when assumptions and risk mitigations used in the safety (support) assessment are shared with those aviation undertakings.

(b) When the number of aviation undertakings affected by the change is large, the service providers may not need to involve every individual stakeholder. If a body can represent the views of a group of affected aviation undertakings, it may suffice to involve that representative body to obtain the supporting evidence to move forward with the assessment of the change.

CHANGE AFFECTING MULTIPLE SERVICE PROVIDERS AND AVIATION UNDERTAKINGS — ASSUMPTIONS AND RISK MITIGATIONS

In order to satisfy ATM/ANS.OR.A.045(e)(2), the affected service providers coordination will identify those assumptions and risk mitigations that relate to:

(a) more than one service provider;

(b) a service provider and one or more aviation undertakings; or

(c) multiple service providers and aviation undertakings.

LACK OF COORDINATION

(a) If an aviation undertaking decides not to cooperate, the service provider, who has identified dependencies with the aviation undertaking, in accordance with ATM/ANS.OR.A.045(e)(1), needs to consider the impact of having the assumptions and risk mitigations not agreed with that aviation undertaking. It should propose a way forward by doing one or more of the following:

(1) making the assumptions themselves and providing evidence that supports them;

(2) adding additional mitigating measures so that the change remains acceptably safe;

(3) modifying the scope of the change, or even reconsidering and cancelling the change.

(b) The service provider affected by a lack of cooperation with an aviation undertaking may wish to inform its competent authority about those aviation undertakings that are not participating and its form of non-participation, in order to seek the assistance of the competent authority in trying to persuade the aviation undertaking to participate.

ATM/ANS.OR.A.050 Facilitation and cooperation

Regulation (EU) 2017/373

A service provider shall facilitate inspections and audits by the competent authority or by a qualified entity acting on its behalf and it shall cooperate as necessary for the efficient and effective exercise of the powers of the competent authorities referred to in Article 5.

AUDITS — SOFTWARE ASSURANCE PROCESSES BY THE COMPETENT AUTHORITY

(a)  The assessment of an effective application of the documented software assurance processes may necessitate a technical evaluation of the evidence and arguments produced for the software assurance by the competent authority when reviewing a notified change. In this context, the service provider should ensure access to the configuration management system for the competent authority, which may need to verify:

(1)  the consistency of all the evidence; and

(2)  the fact that all the evidence is derived from a known version of the software (i.e. all evidence and arguments are actually available and can be traced without ambiguity to the executable version).

(b)  The service provider should:

(1)  anticipate the possibility for on-site audits or inspections by the competent authority; and

(2) when evidence and arguments are developed by contracted organisations, include the corresponding rights of the competent authority to assess said organisations during onsite audits or inspections.

ATM/ANS.OR.A.055 Findings and corrective actions

Regulation (EU) 2017/373

After receipt of notification of findings from the competent authority, the service provider shall:

(a) identify the root cause of the non-compliance;

(b) define a corrective action plan that meets the approval by the competent authority;

(c) demonstrate corrective action implementation to the satisfaction of the competent authority within the time period proposed by the service provider and agreed with that authority, as defined in point ATM/ANS.AR.C.050(e).

GENERAL

(a) Corrective action is the action taken to eliminate or mitigate the root cause(s) and prevent the recurrence of existing detected non-compliance or other undesirable condition or situation.

(b) The proper determination of the root cause is crucial for defining effective corrective actions.

GENERAL

The corrective action plan defined by the service provider should address the effects of the non-conformity and its root cause.

CORRECTIVE ACTION IMPLEMENTATION PERIOD — DAT PROVIDERS

In case of a Level 1 finding, the DAT provider should demonstrate corrective action to the satisfaction of the competent authority within a period of no more than 21 working days following receipt of written confirmation of the finding. At the end of this period and subject to the nature of the finding, the 21-working-day period may be extended and agreed by the competent authority when the safety issue is mitigated.

ATM/ANS.OR.A.060 Immediate reaction to a safety problem

Regulation (EU) 2017/373

A service provider shall implement any safety measures, including safety directives, mandated by the competent authority in accordance with point ATM/ANS.AR.A.025(c).

ATM/ANS.OR.A.065 Occurrence reporting

Regulation (EU) 2021/1338

(a) As part of its management system, the ATM/ANS provider shall establish and maintain an occurrence-reporting system, including mandatory and voluntary reporting. ATM/ANS providers established in a Member State shall ensure that the system complies with the requirements of Regulation (EU) No 376/2014 and Regulation (EU) 2018/1139, as well as with the delegated and implementing acts adopted on the basis of those regulations.

(b) The ATM/ANS provider shall report to the competent authority and to any other organisation required to be informed by the Member State, where the ATM/ANS provider provides its services, any safety-related event or condition that endangers or, if not corrected or addressed, could endanger an aircraft, its occupants or any other person, and in particular any accident or serious incident.

(c) Without prejudice to point (b), the ATM/ANS provider shall report to the competent authority and to the organisation responsible for the design and/or maintenance of the ATM/ANS systems and constituents, if different from the ATM/ANS provider, any malfunction, technical defect, exceedance of technical limitations, occurrence, or other irregular circumstance that has or may have endangered the safety of services and has not resulted in an accident or serious incident.

(d) Without prejudice to Regulation (EU) No 376/2014 and the delegated and implementing acts adopted on the basis thereof, reports shall:

(1) be made as soon as practicable, but in any case within 72 hours after the ATM/ANS provider has become aware of the event or condition to which the report relates, unless exceptional circumstances prevent this;

(2) be made in a form and manner established by the competent authority;

(3) contain all pertinent information about the condition known to the ATM/ANS provider.

(e) For ATM/ANS providers that are not established in a Member State, initial mandatory reports shall:

(1) appropriately safeguard the confidentiality of the identity of the reporter and of the persons mentioned in the report;

(2) be made as soon as practicable, but in any case within 72 hours after the ATM/ANS provider has become aware of the occurrence, unless exceptional circumstances prevent this;

(3) be made in a form and manner established by the competent authority;

(4) contain all pertinent information about the condition known to the ATM/ANS provider.

(f) Without prejudice to Regulation (EU) No 376/2014 and its delegated and implementing acts, where relevant, a follow-up report providing details of actions the organisation intends to take to prevent similar occurrences in the future shall be made as soon as these actions have been identified; those follow-up reports shall:

(1) be sent to the relevant entities initially reported to in accordance with points (b) and (c); and

(2) be made in a form and manner established by the competent authority.

AMC1 ATM/ANS.OR.A.065 Occurrence reporting

ED Decision 2022/004/R

REPORTING RESPONSIBILITIES AND REPORTING PROCEDURES

(a) The ATM/ANS provider should assign one or more suitably qualified persons that has or have clearly defined authority and responsibility to coordinate actions on occurrences and to initiate any necessary further investigation and follow-up activity.

(b) If more than one person is assigned such responsibility, the ATM/ANS provider should identify a single person to act as the main focal point for ensuring a single reporting channel is established to the accountable manager. This should in particular apply to ATM/ANS providers that hold one or more additional organisation certificates within the scope of Regulation (EU) 2018/1139 and its delegated and implementing acts where the occurrence-reporting system is fully integrated with that required under the additional certificate(s) held.

(c) The ATM/ANS provider should establish procedures to be used for reporting to the competent authority and to any other organisation required, which include as a minimum:

(1) a description of the applicable requirements for reporting;

(2) the scope of reporting to other organisations, considering the service provider’s interfaces with other organisations, including organisations contracted in accordance with point ATM/ANS.OR.B.015;

(3) a description of the reporting mechanism, including reporting forms, means and deadlines;

(4) safeguards to ensure the protection of the reporter’s confidentiality and the protection of personal data;

(5) responsibilities of the organisation and personnel involved in the reporting; and

(6) a description of the mechanism and personnel responsibilities for identifying root causes, and the actions that may be needed to be taken to prevent similar occurrences in the future, as appropriate.

Such procedures should be included in the organisation’s management system documentation.

AMC2 ATM/ANS.OR.A.065 Occurrence reporting

ED Decision 2022/004/R

MANDATORY REPORTING — GENERAL

(a) For ATM/ANS providers that have their principal place of operation and, if any, their registered office located in a Member State, Commission Implementing Regulation (EU) 2015/1018 of 29 June 2015 lays down a list classifying occurrences in civil aviation to be mandatorily reported according to Regulation (EU) No 376/2014. This list should not be understood as being an exhaustive collection of all issues that may pose a significant risk to aviation safety and, therefore, reporting should not be limited to the items listed in that Regulation and the additional items referred to in point ATM/ANS.OR.A.065(c).

(b) In addition to the reports referred to in point (a), ATM/ANS providers should report volcanic ash clouds, encountered by aircraft operators, of which they have become aware.

AMC3 ATM/ANS.OR.A.065 Occurrence reporting

ED Decision 2022/004/R

GENERAL

Where the ATM/ANS provider holds one or more additional organisation certificates within the scope of Regulation (EU) 2018/1139 and its delegated and implementing acts:

(a) the ATM/ANS provider may establish an integrated occurrence-reporting system covering all certificate(s) held; and

(b) single occurrence reports should only be provided if all the following conditions are met:

(1) the report includes all relevant information from the perspective of the different organisation certificates held;

(2) the report addresses all relevant and specific mandatory data fields and clearly identifies all certificate holders for which the report is made;

(3) the competent authority for all certificates is the same and such single reporting was agreed with that competent authority.

AMC1 ATM/ANS.OR.A.065(c) Occurrence reporting

ED Decision 2022/004/R

REPORTING BETWEEN ORGANISATIONS

(a) The reporting to the organisations defined in point ATM/ANS.OR.A.065 does not affect the need to report to other organisations with which the ATM/ANS provider interfaces, and which might be involved in or be affected by the reported event (e.g. other service providers, including contracted parties in accordance with point ATM/ANS.OR.B.015, involved in an occurrence, aerodrome operators, etc.).

(b) Any ATM/ANS provider that reports to the organisation responsible for the design of the air traffic management (ATM)/air navigation services (ANS) systems and ATM/ANS constituents should actively support any investigations that may be initiated by that organisation. Support should be provided by a timely response to information requests and by making available affected system components or constituents, for the purpose of the investigation, subject to an agreement with the respective system component or constituent owners.

(c) In addition to reporting to the organisation responsible for the design of the ATM/ANS systems and ATM/ANS constituents, if different from the ATM/ANS provider, the ATM/ANS provider may be required to report to the aerodrome operator, to other ATM/ANS providers or air operators.

(d) To ensure effective reporting between organisations, it is important that:

(1) an interface is established between the organisations to ensure that there is an effective and timely exchange of occurrence-related information; and

(2) any relevant safety issue is identified, and it is clearly established which party is responsible for taking further action, if required.

SYSTEMS AND CONSTITUENTS

(a) When determining which failures of systems and constituents are to be reported, a degree of practicality is required as it is not intended that every failure is reported. Only those that have or may have an impact on the safety of the provision of services are reported.

(b) When nothing is defined in European Union or national legislation, the determination of the failures of systems and constituents that need to be reported is done by the service provider and needs to be approved by the competent authority. This determination can be done as a result of an assessment of the installations or changes to the systems and constituents. 

(c) The organisation responsible for the design of the systems and constituents may no longer exist or may no longer support the design. In this case, the service provider will have made arrangements to ensure that the safety of the systems and constituents can be assured by appropriate and practical means. In many cases, this means that the service provider has taken over the design responsibilities.

(d) Within the application of Regulation (EC) No 552/2004, the organisation responsible for the design of the constituent will be the entity that signs the Declaration of Conformity or Suitability for use. For systems and constituents which existed before the applicability date of Regulation (EC) No 552/2004, the service provider should identify the responsible organisation, otherwise the service provider should make appropriate arrangements.

AMC1 ATM/ANS.OR.A.065(e) Occurrence reporting

ED Decision 2022/004/R

ORGANISATIONS THAT REPORT TO THE AGENCY

(a) Mandatory reports and, where possible, voluntary reports, should include the information below:

(1) when: UTC date;

(2) where: State/area of occurrence — location of occurrence;

(3) aircraft-related information: aircraft identification: State of registry, make–model–series, aircraft category, propulsion type, mass group, aircraft serial number, aircraft registration number, and call sign;

(4) aircraft operation and history of flight: operator, type of operation, last departure point, planned destination, flight phase;

(5) weather: relevant weather;

(6) where relevant, ANS-related information: ATM contribution, service(s) affected, ATS unit name;

(7) where relevant, aerodrome-related information: location indicator (ICAO airport code), location at the aerodrome; and

(8) information on aircraft damage or on injuries to persons: severity in terms of highest damage and injury level, number of injured persons, and type of injuries to them, on the ground and in the aircraft.

(b) Where the organisation identifies an actual or potential aviation safety risk as a result of its analysis of occurrences or a group of occurrences reported to the Agency, it should:

(1) transmit the following information to the Agency within 30 days from the date of notification of the occurrence to the Agency:

(i) the preliminary results of the risk assessment performed; and

(ii) any preliminary mitigation action to be taken;

(2) where required, transmit the final results of the risk analysis to the Agency as soon as they are available and, in principle, no later than 3 months from the date of initial notification of the occurrence to the Agency.

(c) The following list provides examples of what needs to be mandatorily reported in addition to those required by point ATM/ANS.OR.A.065(c). This list should not be understood as being an exhaustive collection of all the issues that may pose a significant risk to aviation safety and, therefore, reporting should not be limited to the items listed therein.

1. AIRCRAFT-RELATED OCCURRENCES

(1)

A collision or a near collision on the ground or in the air, between an aircraft and another aircraft, terrain or obstacle1, including near-controlled flight into terrain (near CFIT)

(2)

Separation minima infringement2

(3)

Inadequate separation3

(4)

ACAS RAs

(5)

Wildlife strike, including bird strike

(6)

Taxiway or runway excursion

(7)

Actual or potential taxiway or runway incursion

(8)

Final approach and take-off area (FATO) incursion

(9)

Aircraft deviation from ATC clearance

(10)

Aircraft deviation from applicable ATM regulations:

(a)

aircraft deviation from applicable published ATM procedures

(b)

airspace infringement, including unauthorised penetration of airspace

(c)

deviation from aircraft ATM-related equipment carriage and operations, as mandated by the applicable regulations

(11)

Occurrences related to call-sign confusion

2. DEGRADATION OR A TOTAL LOSS OF SERVICES OR FUNCTIONS

(1)

Inability to provide ATM services or to execute ATM functions:

(a)

inability to provide ATS or to execute ATS functions

(b)

inability to provide airspace management services or to execute airspace management functions

(c)

inability to provide air traffic flow management and capacity services or to execute air traffic flow management and capacity functions

(2)

Missing or significantly incorrect, corrupted, inadequate or misleading information from any support service4, including relating to poor runway surface conditions

(3)

Failure of communication service

(4)

Failure of surveillance service

(5)

Failure of data processing and distribution function or service

(6)

Failure of navigation service

(7)

Failure of the ATM system security which had or could have a direct negative impact on the safe provision of the service

(8)

Significant ATS sector/position overload leading to a potential deterioration in the provision of the service

(9)

Incorrect receipt or incorrect interpretation of significant communications, including lack of understanding of the language used, when this had or could have a direct negative impact on the safe provision of the service

(10)

Prolonged loss of communication with an aircraft or with other ATS units

3. OTHER OCCURRENCES

(1)

Declaration of an emergency (‘Mayday’ or ‘PAN’ call)

(2)

Significant external interference with ANS (for example, radio broadcast stations transmitting in the FM band, interfering with the instrument landing system (ILS), VHF omni-directional radio range (VOR) and communication)

(3)

Interference with an aircraft, an ATS unit or a radio communication transmission including by firearms, fireworks, flying kites, laser illumination, high-powered lights lasers, remotely piloted aircraft systems, model aircraft, or by similar means

(4)

Fuel dumping

(5)

Bomb threat or hijack

(6)

Fatigue impacting or potentially impacting on the ability of related staff to perform safely their air navigation or air traffic duties

(7)

Any occurrence where the human performance has directly contributed to or could have contributed to an accident or a serious incident

ATM/ANS.OR.A.070 Contingency plans

Regulation (EU) 2017/373

A service provider shall have in place contingency plans for all the services it provides in the case of events which result in significant degradation or interruption of its operations.

GENERAL

The contingency plan may include the definition of the measures, the coordination with other actors (i.e. the State, the competent authorities, possibly the other service providers, the insurance companies, aerodrome operators, as applicable) and alternative services needed in case of degradation or interruption of the services, while the applicability of emergency response planning may be attributable to or affected by an aviation safety occurrence.

ATM/ANS.OR.A.075 Open and transparent provision of services

Regulation (EU) 2017/373

(a) A service provider shall provide its services in an open and transparent manner. It shall publish the conditions of access to its services and changes thereto and establish a consultation process with the users of its services on a regular basis or as needed for specific changes in service provision, either individually or collectively.

(b) A service provider shall not discriminate on grounds of nationality or other characteristic of the user or the class of users of its services in a manner that is contrary to Union law.

ATM/ANS.OR.A.080 Provision of aeronautical data

Commission Implementing Regulation (EU) 2020/469

(a) A service provider shall ensure that aeronautical data related to its services is provided in due time to the AIS provider.

(b) When aeronautical data related to its services is published, the service provider shall:

(1) monitor the data;

(2) notify the AIS provider of any changes necessary to ensure that the data is correct and complete;

(3) notify the AIS provider when the data is incorrect or inappropriate.

ATM/ANS.OR.A.085 Aeronautical data quality management

Regulation (EU) 2020/469

When originating, processing or transmitting data to the AIS provider, the service provider shall:

(a) ensure that aeronautical data referred to in Appendix 1 conform to the specifications of the aeronautical data catalogue;

(b) ensure that the following data quality requirements are met:

(1) the accuracy of aeronautical data is as specified in the aeronautical data catalogue;

(2) the integrity of aeronautical data is maintained;

(3) based on the integrity classification specified in the aeronautical data catalogue, procedures are put in place so that:

(i) for routine data, corruption is avoided throughout the processing of the data;

(ii) for essential data, corruption does not occur at any stage of the entire process and additional processes are included, as needed, to address potential risks in the overall system architecture to further assure data integrity at this level;

(iii) for critical data, corruption does not occur at any stage of the entire process and additional integrity assurance processes are included to fully mitigate the effects of faults identified as potential data integrity risks by thorough analysis of the overall system architecture;

(4) the resolution of aeronautical data is commensurate with the actual data accuracy;

(5) the traceability of aeronautical data is ensured;

(6) the timeliness of the aeronautical data is ensured, including any limits on the effective period of the data;

(7) the completeness of the aeronautical data is ensured;

(8) the delivered data meet the specified format requirements;

(c) with regard to data origination, establish specific formal arrangements with the party originating data that contain instructions for data creation, modification or deletion, which include as a minimum:

(1) an unambiguous description of the aeronautical data to be created, modified or deleted;

(2) the entity to which the aeronautical data is to be provided;

(3) the date and time by which the aeronautical data is to be provided;

(4) the format of the data origination report to be used;

(5) the format of the aeronautical data to be transmitted;

(6) the requirement to identify any limitation on the use of the data;

(d) ensure that data validation and verification techniques are employed to ensure that the aeronautical data meets the associated data quality requirements and in addition:

(1) the verification shall ensure that aeronautical data is received without corruption and that corruption does not occur at any stage of the entire aeronautical data process;

(2) aeronautical data and aeronautical information entered manually shall be subject to independent verification to detect any errors that may have been introduced;

(3) when using aeronautical data to derive or calculate new aeronautical data, the initial data shall be verified and validated, except when provided by an authoritative source;

(e) transmit aeronautical data by electronic means;

(f) establish formal arrangements with:

(1) all parties transmitting data to them;

(2) other service providers or aerodrome operators when exchanging aeronautical data and aeronautical information;

(g) ensure that the information listed in point AIS.TR.505(a) is provided in due time to the AIS provider;

(h) collect and transmit metadata which include as a minimum:

(1) the identification of the organisations or entities performing any action of originating, transmitting or manipulating the aeronautical data;

(2) the action performed;

(3) the date and time the action was performed;

(i) ensure that tools and software used to support or automate aeronautical data and aeronautical information processes perform their functions without adversely impacting the quality of aeronautical data and aeronautical information;

(j) ensure that digital data error detection techniques are used during the transmission or storage of aeronautical data, or both, in order to support the applicable data integrity levels;

(k) ensure that the transfer of aeronautical data is subject to a suitable authentication process such that recipients are able to confirm that the data has been transmitted by an authorised source;

(l) ensure that errors identified during data origination and after data delivery are addressed, corrected or resolved and that priority is given to managing errors in critical and essential aeronautical data.

URGENT DISTRIBUTION OF AERONAUTICAL INFORMATION

The obligation to comply with the relevant provisions of ATM/ANS.OR.085 should not inhibit the urgent distribution of aeronautical information necessary to ensure the safety of flight. It is recognised that in this case it is not always possible to comply with all the relevant provisions. However, it is also not possible to determine a priori all cases where this exception may apply; hence, this shall be dependent on a case-by-case individual assessment made by competent staff.

AERONAUTICAL DATA CATALOGUE

The aeronautical data catalogue presents the scope of data that can be collected and maintained by the AIS providers and provides a common terminology that can be used by data originators and service providers.

GENERAL

Minimum requirements for the processing of aeronautical data may be found in EUROCAE ED-76A, ‘Standards for Processing Aeronautical Data’, June 2015, which aims to assist aeronautical data chain actors.

RESOLUTION

(a) Stating that resolution needs to be commensurate with the actual accuracy means that digital data needs to have sufficient resolution to maintain accuracy. Typically, if an accuracy of .1 unit is needed, then a resolution of 0.01 or .001 units would enable a data chain to preserve the accuracy without issue. A finer resolution could be misleading as one could assume that it supports a finer accuracy. This factor range of 10 to 100 between accuracy and resolution is applicable regardless of the units of measurements used.

(b) The resolution should be enough to capture the accuracy of the data.

TRACEABILITY

Traceability is supported by maintaining the metadata.

FORMAT

The format requirements should be specified in the formal arrangements.

VALIDATION AND VERIFICATION

(a) The processes implemented to carry out validation and verification should define the means used to:

(a) verify received data and confirm that the data has been received without corruption;

(b) preserve data quality and ensure that stored data is protected from corruption; and

(c) confirm that originated data has not been corrupted prior to being stored.

(b) Those processes should define the:

(1) actions to be taken when data fails a verification or validation check; and

(2) tools required for the verification and validation process.

VALIDATION AND VERIFICATION — GENERAL

(a) Validation

(1) Validation is the activity where a data element is checked as having a value that is fully applicable to the identity ascribed to the data element, or where a set of data elements are checked as being acceptable for their intended use.

(2) The application of validation techniques considers the entire aeronautical data chain. This includes the validation performed by prior data chain participants and any requirements levied on the data supplier. 

(3) Examples of validation techniques

(i) Validation by application

 One method of validation is to apply data under test conditions. In certain cases, this may not be practical. Validation by application is considered to be the most effective form of validation. For example, flight inspection of final approach segment data prior to publication can be used to ensure that the published data is acceptable.

(ii) Logical consistency

 Logical consistency validates by comparing two different data sets or elements and identifying inconsistencies between values based on operative rules (e.g. business rules). 

(iii) Semantic consistency

Semantic consistency validates by comparing data to an expected value or range of values for the data characteristics.

(iv) Validation by sampling

Validation by sampling evaluates a representative sample of data and applies statistical analysis to determine the confidence in the data quality. 

(b) Verification

(1) Verification is a process for checking the integrity of a data element whereby the data element is compared to another source, either from a different process or from a different point in the same process. While verification cannot ensure that the data is correct, it can be effective to ensure that the data has not been corrupted by the data process.

(2) The application of verification techniques considers only the portion of the aeronautical data chain controlled by the organisation. Yet, verification techniques may be applied at multiple phases of the data processing chain. 

(3) Examples of verification techniques

(i) Feedback

Feedback testing is the comparison between the output and input state of a data set.

(ii) Independent redundancy

Independent redundancy testing involves processing the same data through two or more independent processes and comparing the data output of each process.

(iii) Update comparison

Updated data can be compared to its previous version. This comparison can identify all data elements that have changed. The list of changed elements can then be compared to a similar list generated by the supplier. A problem can be detected if an element is identified as changed on one list and not on the other.

VALIDATION AND VERIFICATION TECHNIQUES

Validation and verification techniques are employed throughout the data processing chain to ensure that the data meets the associated DQRs. More explanatory material may be found in Appendix C (Guidance on compliance with data processing requirements) to EUROCAE ED-76A ‘Standards for Processing Aeronautical Data’.

ELECTRONIC MEANS

The transmission of aeronautical data and aeronautical information may be done by various electronic means.

FORMAL ARRANGEMENTS

Formal arrangements should include the following minimum content:

(a) the aeronautical data to be provided;

(b) the data quality requirements (DQRs) for each data item supplied according to the aeronautical data catalogue;

(c) the method(s) for demonstrating that the data provided conforms with the specified requirements;

(d) the action to be taken in the event of discovery of a data error or inconsistency in any data provided;

(e) the following minimum criteria for notification of data changes:

(1) criteria for determining the timeliness of data provision based on the operational or safety significance of the change;

(2) any prior notice of expected changes; and

(3) the means to be adopted for notification;

(f) the party responsible for documenting data changes;

(g) data exchange details such as format or format change processes;

(h) any limitations on the use of data;

(i) requirements for the production of data origination quality reports;

(j) metadata to be provided; and

(k) contingency requirements concerning the continuity of data provision

FORMAL ARRAGNEMENTS

ATM/ANS providers may use the predetermined template ‘Data Provision Agreement’ developed by EUROCONTROL (ADQ Formal Arrangement Template, version 1.1. issued on 22 February 2016.)

SOFTWARE

(a) A means by which the requirement in ATM/ANS.OR.A.085(i) can be met, is through the verification of software applied to a known executable version of the software in its target operating environment.

(b) The verification of software is a process of ensuring that the software meets the requirements for the specified application or intended use of the aeronautical data and aeronautical information.

(c) The verification of software is an evaluation of the output of an aeronautical data and/or aeronautical information software development process to ensure correctness and consistency with respect to the inputs and applicable software standards, rules and conventions used in that process. 

TOOLS

Tools can be qualified meeting point 2.4.5 Aeronautical Data Tool Qualification of EUROCAE ED-76A/RTCA DO-200B ‘Standards for Processing Aeronautical Data’, dated June 2015.

DATA ERROR DETECTION TECHNIQUES

(a) Digital error detection techniques can be used to detect errors during the transmission or storage of data. An example of a digital error detection technique is the use of cyclic redundancy checks (CRCs). Coding techniques can be effective regardless of the transmission media (e.g. computer disks, modem communication, or internet).

(b) Transmission of data via electronic/digital means (e.g. file transfer protocol (FTP) sites, web downloads, or email) may be subject to malicious attack that can corrupt the integrity of data for its intended use. Provision of means to mitigate the intentional corruption of digitally transmitted data may already exist within the organisational construct and operating procedures of participating entities.

(c) The objective of data security is to ensure that data is received from a known source and that there is no intentional corruption during processing and exchange of data.

(d) Records should be maintained to show what data security provisions have been implemented.

(e) Provisions supporting this objective may include:

(1) implementation of technical data security measures to provide authentication and prevent intentional corruption during exchange of data (e.g. secure hashes, secure transmissions, digital signatures); and

(2) implementation of organisational data security measures to protect processing resources and prevent intentional corruption during processing of data.

DATA ERROR PROCESSING

More explanation and guidance may be found in Appendix C (Guidance on compliance with data processing requirements) to EUROCAE ED-76A.

ERROR HANDLING

(a) The term ‘error’ is understood as being defective, degraded, lost, misplaced or corrupted data elements, or data elements not meeting stated DQRs.

(b) Guidance on how to detect, identify, report and address/resolve aeronautical data errors may be found in Appendix C (Guidance on compliance with data processing requirements) to EUROCAE ED-76A ‘Standards for Processing Aeronautical Data’.

ATM/ANS.OR.A.090 Common reference systems for air navigation

Commission Implementing Regulation (EU) 2020/469

For the purpose of air navigation, service providers shall use:

(a) the World Geodetic System – 1984 (WGS-84) as the horizontal reference system;

(b) the mean sea level (MSL) datum as the vertical reference system;

(c) the Gregorian calendar and coordinated universal time (UTC) as the temporal reference systems.

HORIZONTAL REFERENCE SYSTEM — WGS-84

(a) A reference system provides a definition of a coordinate system in terms of the position of an origin in space, the orientation of an orthogonal set of Cartesian axes, and a scale. A terrestrial reference system defines a spatial reference system in which positions of points anchored on the Earth’s solid surface have coordinates. Examples are WGS-84, ITRS/European Terrestrial Reference System (ETRS) and national reference systems.

(b) WGS-84 defines, inter alia, a conventional terrestrial reference system, a reference frame and a reference ellipsoid. WGS-84 is currently the reference system ICAO requires for geo-referencing aeronautical information.

(c) Further explanation and guidance may be found in Annex B (Horizontal reference systems) to EUROCONTROL Specification for the Origination of Aeronautical Data, Volume 2: Guidance material (EUROCONTROL-SPEC-154, Edition 1.0 of 04/02/2013).

TEMPORARY NON-COMPLIANCE OF GEOGRAPHICAL COORDINATES

In those particular cases where geographical coordinates have been transformed into WGS-84 coordinates by mathematical means and whose accuracy of original field work does not meet the applicable requirements contained in the aeronautical data catalogue, they should be identified until the time when they can be compliant. 

VERTICAL REFERENCE SYSTEM

(a) A service provider should use the Earth Gravitational Model — 1996 (EGM-96), as the global gravity model.

(b) When a geoid model other than the EGM-96 model is used, a description of the model used, including the parameters required for height transformation between the model and EGM-96, should be provided in the aeronautical information publication (AIP).

MEAN SEA LEVEL

(a) The geoid globally most closely approximates mean sea level (MSL). It is defined as the equipotential surface in the gravity field of the Earth which coincides with the undisturbed MSL extended continuously through the continents.

(b) Gravity-related heights (elevations) are also referred to as ‘orthometric heights’, while distances of points above the ellipsoid are referred to as ‘ellipsoidal heights’.

(c) Global and local geoids differ in their origin: global geoids consider only the long- and middle-wave part of the Earth’s gravity field, whilst local geoids also consider the short-wave part of the gravity field. Global geoids are used when consistent orthometric heights, over long distances (continent or earth surveying), are required. Currently, the world’s best global geoid model is EGM 200846. It was determined using satellite tracking, gravity anomalies and satellite altimetry. Its accuracy is in the range of ± 0.05 m (oceans) and ± 0.5 m (on land). This accuracy is higher in flat regions than in topographically mountainous terrain, such as the Alps.

(d) For local engineering applications and cadastre-surveying, global geoids are not as accurate as needed. For such applications, local geoid models are calculated. These can only be developed using local field measurements. They offer centimetre accuracy over several hundred kilometres, with a high resolution. Local geoids are not suitable for height comparison over large distances since they are based on different origins and reference heights (different equipotential levels).

VERTICAL REFERENCE SYSTEM

Further explanation and guidance may be found in Annex C (Vertical reference systems) to EUROCONTROL Specification for the Origination of Aeronautical Data, Volume 2 (EUROCONTROL-SPEC-154, Edition 1.0 of 04/02/2013).

TEMPORAL REFERENCE SYSTEM

(a) A value in the time domain is a temporal position measured relative to a temporal reference system.

(b) ISO Standard 8601 specifies the use of the Gregorian calendar and 24-hour local or UTC for information interchange, while ISO Standard 19108 prescribes the Gregorian calendar and UTC as the primary temporal reference system for use with geographic information.