ATM/ANS.AR.C.001 Monitoring of safety performance
Regulation (EU) 2017/373
(a) The competent authorities shall regularly monitor and assess the safety performance of the service providers under their oversight.
(b) The competent authorities shall use the results of the monitoring of safety performance in particular within their risk-based oversight.
ATM/ANS.AR.C.005 Certification, declaration, and verification of service providers' compliance with the requirements
Regulation (EU) 2017/373
(a) Within the framework of point ATM/ANS.AR.B.001(a)(1), the competent authority shall establish a process in order to verify:
(1) service providers' compliance with the applicable requirements set out in Annexes III to XIII, and any applicable conditions attached to the certificate before the issue of that certificate. The certificate shall be issued in accordance with Appendix 1 to this Annex;
(2) compliance with any safety-related obligations in the designation act issued in accordance with Article 8 of Regulation (EC) No 550/2004;
(3) continued compliance with the applicable requirements of the service providers under its oversight;
(4) implementation of safety objectives, safety requirements and other safety-related conditions identified in declarations of verification of systems, including any relevant declaration of conformity or suitability for use of constituents of systems issued in accordance with Regulation (EC) No 552/2004;
(5) the implementation of safety directives, corrective actions and enforcement measures.
(b) The process referred to in point (a) shall:
(1) be based on documented procedures;
(2) be supported by documentation specifically intended to provide its personnel with guidance to perform their tasks related to certification, oversight and enforcement;
(3) provide the organisation concerned with an indication of the results of the certification, oversight and enforcement activity;
(4) be based on audits, reviews and inspections conducted by the competent authority;
(5) with regard to certified service providers, provide the competent authority with the evidence needed to support further action, including measures referred to in Article 9 of Regulation (EC) No 549/2004, Article 7(7) of Regulation (EC) No 550/2004, and by Articles 10, 25, and 68 of Regulation (EC) No 216/2008 in situations where requirements are not complied with;
(6) with regard to service providers making declarations, provide the competent authority with the evidence to take, if appropriate, remedial action which may include enforcement actions, including, where appropriate, under national law.
Regulation (EU) 2017/373
(a) The competent authority, or qualified entities acting on its behalf, shall conduct audits, in accordance with Article 5.
(b) The audits referred to in point (a) shall:
(1) provide the competent authority with evidence of compliance with the applicable requirements and with the implementing arrangements;
(2) be independent of any internal auditing activities undertaken by the service provider;
(3) cover complete implementing arrangements or elements thereof, and processes or services;
(4) determine whether:
(i) the implementing arrangements comply with the applicable requirements;
(ii) the actions taken comply with the implementing arrangements and the applicable requirements;
(iii) the results of actions taken match the results expected from the implementing arrangements.
(c) The competent authority shall, on the basis of the evidence at its disposal, monitor the continuous compliance with the applicable requirements of this Regulation of the service providers under its oversight.
GM1 ATM/ANS.AR.C.010 Oversight
ED Decision 2017/001/R
DEMONSTRATION OF COMPLIANCE — DAT PROVIDERS
In addition to the applicable requirements, the competent authority should assess the standards and processes applied by the DAT provider. The following specific areas should be overseen against EUROCAE ED-76A/RTCA DO-200B ‘Standards for Processing Aeronautical Data’, dated June 2015:
(a) plans and procedures, including:
(1) alteration procedures (i.e. informing the supplier or data originator of the data alteration and endeavouring to receive concurrence/agreement);
(2) data verification and validation (including the procedures that define the level of checking of the database prior to release). These procedures should be reviewed to ensure adequacy;
(3) reporting and handling procedures (including occurrence reporting);
(4) data configuration management;
(5) data transmission practices;
(6) tool qualification; and
(7) internal audit checks and response mechanisms;
(b) internal standards; and
(c) definition of ‘Data Quality Requirements’.
EUROCAE ED-76/RTCA DO-200A may be also used for the demonstration of compliance.
AMC1 ATM/ANS.AR.C.010(a) Oversight
ED Decision 2017/001/R
AUDITS
The audits should include oversight of changes to the functional system in order to:
(a) verify that changes made to the functional system:
(1) comply with ATM/ANS.OR.A.045;
(2) have been managed in accordance with the procedures identified in ATM/ANS.OR.B.010(a) that have been approved; and
(3) are being verified against the monitoring criteria that were identified in the assurance argument as a result of complying with ATM/ANS.OR.C.005(b)(2) or ATS.OR.205(b)(6), as appropriate; and
(b) verify that if, as a result of the monitoring referred to in (a)(3), the argument, referred to in ATS.OR.205(a)(2) and ATM/ANS.OR.C.005(a)(2), is found to be incomplete and/or incorrect, then the service provider has initiated a change or has revised the argument such that the inferences or evidence are now sufficient to justify the claim.
GM1 ATM/ANS.AR.C.010(b)(1) Oversight
ED Decision 2017/001/R
Implementing arrangements should be considered to be the service provider’s (safety) management system(s) documentation, manuals, service provision conditions or the certificate and the content of the declaration, as applicable.
ATM/ANS.AR.C.015 Oversight programme
Regulation (EU) 2017/373
(a) The competent authority shall establish and update annually an oversight programme taking into account the specific nature of the service providers, the complexity of their activities, the results of past certification and/or oversight activities and shall be based on the assessment of associated risks. It shall include audits, which shall:
(1) cover all the areas of potential safety concern, with a focus on those areas where problems have been identified;
(2) cover all the service providers under the supervision of the competent authority;
(3) cover the means implemented by the service provider to ensure the competency of personnel;
(4) ensure that audits are conducted in a manner commensurate with the level of the risk posed by the service provider operations and services provided; and
(5) ensure that for service providers under its supervision, an oversight planning cycle not exceeding 24 months is applied.
The oversight planning cycle may be reduced if there is evidence that the safety performance of the service provider has decreased.
For a service provider certified by the competent authority, the oversight planning cycle may be extended to a maximum of 36 months if the competent authority has established that, during the previous 24 months:
(i) the service provider has demonstrated an effective identification of aviation safety hazards and management of associated risks;
(ii) the service provider has continuously demonstrated compliance with the change management requirements under points ATM/ANS.OR.A.040 and ATM/ANS.OR.A.045;
(iii) no level 1 findings have been issued;
(iv) all corrective actions have been implemented within the time period accepted or extended by the competent authority as defined in point ATM/ANS.AR.C.050.
If, in addition to the above, the service provider has established an effective continuous reporting system to the competent authority on the safety performance and regulatory compliance of the service provider, which has been approved by the competent authority, the oversight planning cycle may be extended to a maximum of 48 months;
(6) ensure follow-up of the implementation of corrective actions;
(7) be subject to consultation with the service providers concerned and notification thereafter;
(8) indicate the envisaged interval of the inspections of the different sites, if any.
(b) The competent authority may decide to modify the objectives and the scope of pre-planned audits, including documentary reviews and additional audits, wherever that need arises.
(c) The competent authority shall decide which arrangements, elements, services, functions, physical locations, and activities are to be audited within a specified time frame.
(d) Audit observations and findings issued in accordance with point ATM/ANS.AR.C.050 shall be documented. The latter shall be supported by evidence, and identified in terms of the applicable requirements and their implementing arrangements against which the audit has been conducted.
(e) An audit report, including the details of the findings and observations, shall be drawn up and communicated to the service provider concerned.
AMC1 ATM/ANS.AR.C.015 Oversight programme
ED Decision 2017/001/R
(a) When establishing an oversight programme appropriate to each provider, the competent authority should take into account the safety performance of the service provider to be audited. Inspectors for the oversight of services provision and other ATM network functions should work in accordance with the schedule provided to them.
(b) Having regard to the performance of service providers, the competent authority may vary the frequency of the audits or inspections.
(c) When defining the oversight programme, the competent authority should assess the risks related to the activity of each service provider, certified or declared, or the Network Manager, and adapt the audits and inspections to the level of risk identified.
AMC1 ATM/ANS.AR.C.015(a) Oversight programme
ED Decision 2017/001/R
SPECIFIC NATURE AND COMPLEXITY OF THE ORGANISATION
(a) When determining the oversight programme for a service provider, the competent authority should consider in particular the following elements, as applicable:
(1) the implementation by the service provider of industry standards, directly relevant to the organisation’s activity subject to this Regulation;
(2) the procedure applied for and scope of changes not requiring prior approval in accordance with ATM/ANS.OR.A.040(b); and
(3) specific procedures implemented by the service provider related to any alternative means of compliance used.
(b) For the purpose of assessing the complexity of an organisation’s management system, AMC1 ATM/ANS.OR.B.005(e) should be used.
AMC1 ATM/ANS.AR.C.015(a)(1) Oversight programme
ED Decision 2017/001/R
AREA OF POTENTIAL SAFETY CONCERNS — DAT PROVIDERS
The competent authority should audit the DAT provider’s procedures for dealing with situations where resolution and corrections could not be obtained with the aeronautical data source or other DAT providers for data that has been called into question in accordance with AMC1 DAT.TR.105(a). Such audits should confirm that effective controls are in place to ensure that an unsafe product is not released and that such concerns are communicated to customers in accordance with the requirements laid down in DAT.OR.200.
ATM/ANS.AR.C.020 Issue of certificates
Regulation (EU) 2017/373
(a) Following the process laid down in point ATM/ANS.AR.C.005(a), upon receiving an application for the issuance of a certificate to a service provider, the competent authority shall verify the service provider's compliance with the applicable requirements of this Regulation.
(b) The competent authority may require any audits, inspections or assessments it finds necessary before issuing the certificate.
(c) The certificate shall be issued for an unlimited duration. The privileges of the activities that the service provider is approved to conduct shall be specified in the service provision conditions attached to the certificate.
(d) The certificate shall not be issued where a level 1 finding remains open. In exceptional circumstances, finding(s), other than level 1, shall be assessed and mitigated as necessary by the service provider and a corrective action plan for closing the finding(s) shall be approved by the competent authority prior to the certificate being issued.
GM1 ATM/ANS.AR.C.020(c) Issue of certificates
ED Decision 2020/008/R
OPERATIONAL CONDITIONS OR LIMITATIONS
(a) If, during the certification process, an operational condition or limitation has been determined as necessary to be imposed on or implemented by the service provider, the competent authority should ensure that such operational condition or limitation is prescribed in the service provision conditions attached to the service provider’s certificate.
(b) Limitations in the certification may be used to identify restrictions to be applied in the provision of services and any other particularity of the service provided (e.g. intended usage, type of operations).
(c) Limitations may also relate to some restrictions on the service(s) provided associated with non-compliances with respect to some performance requirements.
(d) Conditions may address actions that require to be accomplished to confirm the validity of the certificate.
GM2 ATM/ANS.AR.C.020(c) Issue of certificates
ED Decision 2020/008/R
EXAMPLES OF LIMITATIONS IN SERVICES
(a) Limitations for the provision of ILS Signal in Space could be:
(1) CAT I;
(2) CAT II; and
(3) CAT III.
(b) Limitations for the provision of Global Navigation Satellite System (GNSS) signal could be:
(1) based on the system used to provide Signal-in-Space:
(i) GNSS Core System;
(ii) Satellite-Based Augmentation System (SBAS); and
(iii) Ground-Based Augmentation System (GBAS); and/or
(2) based on the type of operations supported (e.g. en-route, en-route terminal, NPA, APV-I, APV-II, Cat I, from ICAO Annex 10)
(c) Limitations for the Aeronautical Mobile Service (air–ground communication) could be:
(1) for flight information services;
(2) for area control service;
(3) for approach control service; and
(4) for aerodrome control service.
(d) Limitations for the provision of data from the secondary surveillance radar (SSR) could be:
(1) mode A/C; and
(2) mode S.
(e) Limitations for the provision of data from automatic dependant surveillance (ADS) could be:
(1) ADS-C; and
(2) ADS-B.
(f) Limitations for the provision of flight procedure design services could be:
(1) conventional navigation AIDs procedure design;
(2) performance-based navigation (PBN) procedure design; and
(3) design procedure for helicopters.
GM3 ATM/ANS.AR.C.020(c) Issue of certificates
ED Decision 2020/008/R
EXAMPLES OF CONDITIONS ATTACHED TO THE CERTIFICATE
Conditions attached to certificates may, as appropriate, be related to:
(a) non-discriminatory access to services for airspace users and the required level of performance of such services, including safety and interoperability levels;
(b) the time by which the services should be provided;
(c) ring-fencing or restriction of operations of services other than those related to the provision of services;
(d) contracts, agreements or other arrangements between the service provider and a third party and which concern the service(s);
(e) provision of information reasonably required for the verification of the continuous compliance with the requirements;
(f) any other legal conditions which are not specific to the services.
For further reference, please consult Annex II to Regulation (EC) No 550/2004.
Regulation (EU) 2017/373
(a) Upon receiving a notification for a change in accordance with point ATM/ANS.OR.A.045, the competent authority shall comply with points ATM/ANS.AR.C.030, ATM/ANS.AR.C.035 and ATM/ANS.AR.C.040.
(b) Upon receiving a notification for a change in accordance with point ATM/ANS.OR.A.040(a)(2) that requires prior approval, the competent authority shall:
(1) verify the service provider's compliance with the applicable requirements before issuing the change approval;
(2) take immediate appropriate action, without prejudice to any additional enforcement measures, when the service provider implements changes requiring prior approval without having received competent authority approval referred to in point (1).
(c) To enable a service provider to implement changes to its management system and/or safety management system, as applicable, without prior approval in accordance with point ATM/ANS.OR.A.040(b), the competent authority shall approve a procedure defining the scope of such changes and describing how such changes will be notified and managed. In the continuous oversight process, the competent authority shall assess the information provided in the notification to verify whether the actions taken comply with the approved procedures and applicable requirements. In case of any non-compliance, the competent authority shall:
(1) notify the service provider of the non-compliance and request further changes;
(2) in case of level 1 and level 2 findings, act in accordance with point ATM/ANS.AR.C.050.
AMC1 ATM/ANS.AR.C.025(b) Changes
ED Decision 2017/001/R
CHANGES REQUIRING PRIOR APPROVAL
(a) Upon receipt of a notification for a proposed change that requires prior approval, the competent authority should:
(1) formally acknowledge the receipt of the notification in writing within 10 working days;
(2) assess the proposed change in relation to the service provider’s certificate or the conditions attached or management system of it, and the applicable requirements of Part-ATM/ANS.OR, as well as any other applicable requirements within 30 working days after the receipt of all the evidence supporting the proposed change;
(3) assess the actions proposed by the service provider in order to show compliance; and
(4) notify the service provider of its approval/rejection without delay.
(b) A simple management system documentation system status sheet should be maintained, which contains information on when an amendment was received by the competent authority and when it was approved, if applicable.
(c) The competent authority should, in due time, verify the compliance of the service provider and, depending on the change, examine the need for prescribing any condition for the operation of it during the change.
(d) For changes requiring prior approval, the competent authority may conduct an audit of the service provider in order to verify the service provider’s compliance with the applicable requirements.
(e) When notifying, the competent authority should also inform the service provider of the right of appeal, as exists under the applicable national legislation.
AMC2 ATM/ANS.AR.C.025(b) Changes
ED Decision 2017/001/R
CHANGE OF NAME OF THE SERVICE PROVIDER
Upon receipt of the notification and the relevant parts of the service provider’s documentation as required by Part-ATM/ANS.OR, the competent authority should reissue the certificate.
GM1 ATM/ANS.AR.C.025(b) Changes
ED Decision 2017/001/R
CHANGE OF NAME OF THE SERVICE PROVIDER
A name change alone does not require the competent authority to audit the organisation unless there is evidence that other aspects of the organisation have changed.
GM2 ATM/ANS.AR.C.025(b) Changes
ED Decision 2017/001/R
Appropriate action by the competent authority may include suspension, limitation or revocation of the service provider’s certificate.
AMC1 ATM/ANS.AR.C.025(c) Changes
ED Decision 2017/001/R
CHANGES NOT REQUIRING PRIOR APPROVAL
(a) When the service provider submits the name of the nominee for the nominated persons in accordance with AMC2 ATM/ANS.OR.A.040(b), the competent authority should consider his or her qualification.
(b) Upon receipt of a notification for a proposed change that does not require prior approval by the competent authority, it should acknowledge receipt of the notification in writing within 10 working days from receipt unless it is not specified under the relevant national legislation.
ATM/ANS.AR.C.030 Approval of change management procedures for functional systems
Regulation (EU) 2017/373
(a) The competent authority shall review:
(1) change management procedures for functional systems or any material modification to those procedures submitted by the service provider in accordance with point ATM/ANS.OR.B.010(b);
(2) any deviation from the procedures referred to in point (1) for a particular change, when requested by a service provider in accordance with point ATM/ANS.OR.B.010(c)(1).
(b) The competent authority shall approve the procedures, modifications and deviations referred to in point (a) when it has determined that they are necessary and sufficient for the service provider to demonstrate compliance with points ATM/ANS.OR.A.045, ATM/ANS.OR.C.005, ATS.OR.205, and ATS.OR.210, as applicable.
GM1 ATM/ANS.AR.C.030 Approval of change management procedures for functional systems
ED Decision 2017/001/R
The review by the competent authority is focused on the change management procedures and not on the project management part of these procedures that are not required by the regulations, even though they may be useful for the smooth execution of the project dealing with the change. Consequently, not all parts of a procedure may be approved by the competent authority. The approved parts should be identified in the record (see AMC1 ATM/ANS.AR.B.015(a)(8)) and communicated to the service provider.
AMC1 ATM/ANS.AR.C.030(a) Approval of change management procedures for functional systems
ED Decision 2017/001/R
MEANS AND METHOD OF SUBMITTING PROCEDURES
The competent authority should agree with the service provider on the means and method of submitting the procedures, modifications and deviations referred to in ATM/ANS.AR.C.030(a). Until an agreement is reached, the competent authority will prescribe the means and method of submission.
AMC1 ATM/ANS.AR.C.030(b) Approval of change management procedures for functional systems
ED Decision 2017/001/R
(a) When approving the change management procedures for functional systems as per ATM/ANS.OR.B.010, the competent authority should perform the following:
(1) check that the procedures used by a service provider to manage changes cover the life cycle of a change as defined in ATM/ANS.OR.C.005(a)(1) or ATS.OR.205(a)(1);
(2) use the compliance matrix provided by the service provider (referred to in AMC1 ATM/ANS.OR.B.010(a)), when reviewing the content of the procedures, modifications and/or deviations referred to in ATM/ANS.AR.C.030(a); as part of the oversight activity, the competent authority should check that the compliance matrix covers all the aforementioned requirements.
(3) check that the procedures make mandatory provisions that require actions to be undertaken and all required evidence to be produced to comply with requirements laid down in ATM/ANS.OR.A.045, ATM/ANS.OR.C.005, ATS.OR.205 and ATS.OR.210;
(4) check that the procedures identify the roles and responsibilities of the service provider in the change management processes;
(5) check that the procedures state that it is not allowed to use new, modified or deviating change management procedures until approval is granted; and
(6) check that the procedures state that any change selected for review must not enter into operational service before the approval is granted.
(b) The competent authority should provide a response to the service provider’s notification of change referred to in ATM/ANS.OR.A.045(a) without undue delay.
GM1 ATM/ANS.AR.C.030(b) Approval of change management procedures for functional systems
ED Decision 2017/001/R
Some changes might stem from the need to implement immediate action and, therefore, their implementation cannot be delayed until they receive approval or communication that the change is not being reviewed from the competent authority such as changes due to urgent unforeseen circumstances that would, if uncorrected, lead to an immediate unsafe condition, presence of volcanic ash, etc.
The competent authority may consider this type of changes as part of the approval of change management procedures for functional systems.
ATM/ANS.AR.C.035 Decision to review a notified change to the functional system
Regulation (EU) 2017/373
(a) Upon receipt of a notification in accordance with point ATM/ANS.OR.A.045(a)(1), or upon receipt of modified information in accordance with point ATM/ANS.OR.A.045(b), the competent authority shall make a decision on whether to review the change or not. The competent authority shall request any additional information needed from the service provider to support this decision.
(b) The competent authority shall determine the need for a review based on specific, valid and documented criteria that, as a minimum, ensure that the notified change is reviewed if the combination of the likelihood of the argument being complex or unfamiliar to the service provider and the severity of the possible consequences of the change is significant.
(c) When the competent authority decides the need for a review based on other risk based criteria in addition to point (b), these criteria shall be specific, valid and documented.
(d) The competent authority shall inform the service provider of its decision to review a notified change to a functional system and provide the associated rationale to the service provider upon request.
AMC1 ATM/ANS.AR.C.035(a) Decision to review a notified change to the functional system
ED Decision 2017/001/R
MEANS AND METHOD OF SUBMITTING NOTIFICATION OF CHANGES TO FUNCTIONAL SYSTEMS
The competent authority should agree with the service provider on the means and method of submitting the notification of changes and additional information referred to in ATM/ANS.OR.A.045(a). Until an agreement is reached, the competent authority will prescribe the means of submission.
GM1 ATM/ANS.AR.C.035(b) Decision to review a notified change to the functional system
ED Decision 2017/001/R
SELECTION CRITERIA FOR REVIEWING A NOTIFIED CHANGE TO THE FUNCTIONAL SYSTEM
The need for review should be based on a combination of the likelihood that the safety (support) argument may be complex or unfamiliar to the service provider undertaking the change and the severity of the consequences associated with the change. This is a risk function and is referred to as the ‘risk posed by the change’.
The following two aspects of the change:
— the novelty of the change; and
— the capabilities of the service provider (e.g. the effectiveness of the service provider’s (safety) management system),
as well as the service provider performing the change contribute to the service provider’s unfamiliarity of the necessary argument. The assessment of the severity of the consequence is made at a very early stage in the development of the change and, therefore, will be based on coarse data. It should, therefore, be conservative.
The risk posed by a change could be a scalar measure associated with the change and be some combination of the two inputs: the probability of a complex or unfamiliar argument and the severity of the consequences of the proposed change. The result is that the risk posed by a particular change is the sum of the inputs.
One possibility may be based on the use of a risk matrix in which risk parameters are represented according to a coarse-grained measurement scheme, and the selection criteria establish the boundary beyond which changes will be selected for review, as shown below:
The selection criterion, a function of risk with the value ‘significant’, is then a straight line, if the scales are logarithmic.
GM1 ATM/ANS.AR.C.035(c) Decision to review a notified change to the functional system
ED Decision 2017/001/R
(a) Some changes may not necessarily need to be reviewed providing that, even though they relate to safety, they can be considered as routine by the provider as they have been consistently assessed, implemented and proved safe in the past and, therefore, the competent authority has sufficient confidence that the provider will address them in a similar manner.
(b) The selection criterion for review may deviate from a simple threshold on the scalar risk metric (distance from the origin), to deal with concerns due to the coarse grain and high uncertainty of the inputs. For instance, a separate threshold on the ‘severity’ axis may be used to specify, for instance:
(1) that changes with very high potential severity should always be reviewed, irrespective of the probability of the safety argument being incomplete and/or incorrect (Figure below). This criterion may well respond to common perceptions and could be justified by the fact that judgements of low probabilities based on limited information are often unreliable, and errors in the judgment of risk are proportional to the error on probability and the size of the loss; and
(2) that changes with minor potential severity need not be reviewed, irrespective of the probability of the safety argument being incomplete and/or incorrect (Figure below) (though the process may retain the option for the competent authority to review the change, since the estimate itself of potential severity may be suspected of being erroneous).
(c) It is also possible that deviations be required on the basis of some of the component factors that affect either probability or severity, e.g. exempting changes based on small size of change and high competence of the air traffic services provider.
(d) In order to validate the process or provide data for the evolution of the process, it may be advisable to randomly select changes to review and then assess whether the safety argument is complete and/or correct or not and whether or not the case would have been selected for review using the current criteria for the selection process.
Figure 1: Criteria that may be used when severity is high
Figure 2: Criteria that may be used when severity is low
ATM/ANS.AR.C.040 Review of a notified change to the functional system
Regulation (EU) 2017/373
(a) When the competent authority reviews the argument for a notified change, it shall:
(1) assess the validity of the argument presented with respect to point ATM/ANS.OR.C.005(a)(2) or ATS.OR.205(a)(2);
(2) coordinate its activities with other competent authorities whenever necessary.
(b) The competent authority shall, alternatively:
(1) approve the argument referred to in point (a)(1), with conditions where applicable, when it is shown to be valid and so inform the service provider,
(2) reject the argument referred to in point (a)(1) and inform the service provider together with a supporting rationale.
ATM/ANS.AR.C.045 Declarations of flight information services providers
Regulation (EU) 2017/373
(a) Upon receiving a declaration from a provider of flight information services intending to provide such services, the competent authority shall verify that the declaration contains all the information required by point ATM/ANS.OR.A.015 and shall acknowledge receipt of the declaration to that service provider.
(b) If the declaration does not contain the required information, or contains information that indicates non-compliance with the applicable requirements, the competent authority shall notify the provider of flight information services concerned about the non-compliance and request further information. If necessary, the competent authority shall carry out an audit of the provider of flight information services. If the non-compliance is confirmed, the competent authority shall take action provided for in point ATM/ANS.AR.C.050.
(c) The competent authority shall keep a register of the declarations of providers of flight information services which were made to it in accordance with this Regulation.
ATM/ANS.AR.C.050 Findings, corrective actions, and enforcement measures
Regulation (EU) 2017/373
(a) The competent authority shall have a system to analyse findings for their safety significance and decide on enforcement measures on the basis of the safety risk posed by the service provider's non-compliance.
(b) In circumstances where no or very low additional safety risk would be present with immediate appropriate mitigation measures, the competent authority may accept the provision of services to ensure continuity of service whilst corrective actions are being taken.
(c) A level 1 finding shall be issued by the competent authority when any serious non-compliance is detected with the applicable requirements of Regulation (EC) No 216/2008 and its implementing rules as well as Regulations (EC) No 549/2004, (EC) No 550/2004, (EC) No 551/2004, and (EC) No 552/2004 and their implementing rules, with the service provider's procedures and manuals, with the terms of conditions of certificate or certificate, with the designation act, if applicable, or with the content of a declaration which poses a significant risk to flight safety or otherwise calls into question the service provider's capability to continue operations.
Level 1 findings shall include but not be limited to:
(1) promulgating operational procedures and/or providing a service in a way which introduces a significant risk to flight safety;
(2) obtaining or maintaining the validity of the service provider's certificate by falsification of submitted documentary evidence;
(3) evidence of malpractice or fraudulent use of the service provider's certificate;
(4) the lack of an accountable manager.
(d) A level 2 finding shall be issued by the competent authority when any other non-compliance is detected with the applicable requirements of Regulation (EC) No 216/2008 and its implementing rules as well as Regulations (EC) No 549/2004, (EC) No 550/2004, (EC) No 551/2004, and (EC) No 552/2004 and their implementing rules, with the service provider's procedures and manuals or with the terms of conditions or certificate, or with the content of a declaration.
(e) When a finding is detected, during oversight or by any other means, the competent authority shall, without prejudice to any additional action required by Regulation (EC) No 216/2008 and this Regulation, as well as Regulations (EC) No 549/2004, (EC) No 550/2004, (EC) No 551/2004 and (EC) No 552/2004 and their implementing rules, communicate the finding to the service provider in writing and require corrective action to address the non-compliance(s) identified.
(1) In the case of level 1 findings, the competent authority shall take immediate and appropriate action, and may, if appropriate, limit, suspend or revoke in whole or in part the certificate while ensuring the continuity of services provided that safety is not compromised, and in the case of the Network Manager, it shall inform the Commission. The measure taken shall depend upon the extent of the finding and shall remain until successful corrective action has been taken by the service provider.
(2) In the case of level 2 findings, the competent authority shall:
(i) grant the service provider a corrective action implementation period included in an action plan appropriate to the nature of the finding;
(ii) assess the corrective action and implementation plan proposed by the service provider and, if the assessment concludes that they are sufficient to address the non-compliance(s), accept them.
(3) In the case of level 2 findings, where the service provider fails to submit a corrective action plan that is acceptable to the competent authority in light of the finding, or where the service provider fails to perform the corrective action within the time period accepted or extended by the competent authority, the finding may be raised to a level 1 finding, and action taken as laid down in point (1).
(f) For those cases not requiring level 1 and 2 findings, the competent authority may issue observations.
GM1 ATM/ANS.AR.C.050 Findings, corrective actions, and enforcement measures
ED Decision 2017/001/R
CATEGORIES OF FINDINGS — DOCUMENTARY EVIDENCE
Documentary evidence may include but is not limited to:
(a) operations or technical manuals;
(b) contracts or other types of arrangements;
(c) training, qualification or medical records;
(d) inspection records;
(e) test or exercise results;
(f) internal audit results;
(g) maintenance records; and
(h) other similar material required to be maintained by the service provider, etc.
GM2 ATM/ANS.AR.C.050 Findings, corrective actions, and enforcement measures
ED Decision 2017/001/R
ENFORCEMENT MEASURES — FINANCIAL PENALTIES
In accordance with Article 7(7) of Regulation No 550/2004 and Articles 10, 22a(d), 25, and 68 of Regulation (EC) No 216/2008, the competent authority may additionally, and depending on the nature and the repetitiveness of the findings or the level of implementation of the corrective actions, impose appropriate enforcement measures that may include financial penalties, which are effective, proportionate, and dissuasive.
AMC1 ATM/ANS.AR.C.050(e) Findings, corrective actions, and enforcement measures
ED Decision 2017/001/R
CORRECTIVE ACTION AND CORRECTIVE ACTION IMPLEMENTATION PERIOD — DAT PROVIDERS
(a) In case of a Level 1 finding, the competent authority may extend the initial 21-working-day period for demonstration of corrective action by the DAT provider, depending on the nature of the finding.
(b) In case of a Level 2 finding, the initial corrective action implementation period granted by the competent authority should be appropriate to the nature of the finding but should not, in any case, exceed 3 months. At the end of this period and subject to the nature of the finding, the competent authority may extend the 3-month period subject to a satisfactory corrective action plan agreed by the competent authority.
GM1 ATM/ANS.AR.C.050(e) Findings, corrective actions, and enforcement measures
ED Decision 2017/001/R
CORRECTIVE ACTION IMPLEMENTATION PERIOD
At the end of the corrective action implementation period included in an action plan approved by the competent authority and subject to the nature of the finding, the competent authority may extend it. It should be subject to a satisfactory corrective action plan agreed by the competent authority.
GM1 ATM/ANS.AR.C.050(f) Findings, corrective actions, and enforcement measures
ED Decision 2017/001/R
The observation should be a way to communicate and draw future audit teams’ attention on specific matters that deserve scrutiny. It should be communicated to the audited service provider.