Easy Access Rules for Continuing Airworthiness (Regulation (EU) No 1321/2014)

ED Decision 2022/011/R

QUALIFICATION AND TRAINING — GENERAL

(a)It is essential for the competent authority to have the full capability to adequately assess the compliance and performance of an organisation by ensuring that the whole range of activities is assessed by appropriately qualified personnel.

(b)For each inspector, the competent authority should:

(1) define the competencies required to perform the allocated certification and oversight tasks;

(2) define the associated minimum qualifications that are required;

(3) establish initial and recurrent training programmes in order to maintain and to enhance the competency of inspectors at the level that is necessary to perform the allocated tasks; and

(4) ensure that the training provided meets the established standards, and is regularly reviewed and updated whenever necessary.

(c)The competent authority should ensure that training is provided by qualified trainers with appropriate training skills.

ED Decision 2022/011/R

QUALIFICATION AND TRAINING — INSPECTORS

(a)Competent authority inspectors should have:

(1)practical experience and expertise in the application of aviation safety standards and safe operating practices;

(2)comprehensive knowledge of:

(i)the relevant parts of the implementing rules, certification specifications and guidance material;

(ii)the competent authority’s procedures;

(iii)the rights and obligations of an inspector;

(iv)safety management systems based on the EU management system requirements and ICAO Annex 19, and compliance monitoring;

(v)continuing airworthiness management and maintenance;

(vi)operational procedures that affect the continuing airworthiness management of the aircraft or its maintenance;

(vii)maintenance-related human factors and human performance principles;

(3)training on auditing techniques and assessing and evaluating management systems and safety risk management processes;

(4)5 years of relevant work experience for them to be allowed to work independently as inspectors. This may include experience gained during training to obtain the qualifications mentioned below in point (a)(5);

(5)a relevant engineering degree or an aircraft maintenance technician qualification with additional education. ‘Relevant engineering degree’ refers to an engineering degree from aeronautical, mechanical, electrical, electronic, avionics or other studies that are relevant to the maintenance and continuing airworthiness of aircraft/aircraft components;

(6)knowledge of a relevant sample of the type(s) of aircraft or components, gained through a formalised training course. Aircraft/engine type training courses should be at least at a level equivalent to a Part-66 Appendix III Level 1 General Familiarisation.

‘Relevant sample’ refers to courses that cover the typical aircraft or components that are within the scope of work;

(7)knowledge of maintenance standards, including fuel tank safety (FTS) training as described in Appendix IV to AMC5 145.A.30(e) and AMC2 145.B.200(a)(3).

(b)In addition to technical competency, inspectors should have a high degree of integrity, be impartial in carrying out their tasks, be tactful, and have a good understanding of human nature.

(c)A programme for recurrent training should be developed that ensures that the inspectors remain competent to perform their allocated tasks. As a general policy, it is not desirable for the inspectors to obtain technical qualifications from those entities that are under their direct regulatory oversight.

ED Decision 2022/011/R

INITIAL AND RECURRENT TRAINING — INSPECTORS

(a)Initial training programme

The initial training programme for inspectors should include, to an extent appropriate to their role, current knowledge, experience and skills, at least all of the following:

(1)aviation legislation, organisation, and structure;

(2)the Chicago Convention, the relevant ICAO Annexes and Documents;

(3)Regulation (EU) No 376/2014 on the reporting, analysis and follow-up of occurrences in civil aviation;

(4)overview of Regulation (EU) 2018/1139 and its delegated and implementing acts and the related AMC, CS, and GM;

(5)Regulation (EU) No 1321/2014 as well as any other applicable requirements;

(6)management systems, including the assessment of the effectiveness of a management system, in particular hazard identification and risk assessment, and non-punitive reporting techniques in the context of the implementation of a ‘just culture’;

(7)auditing techniques;

(8)procedures of the competent authority that are relevant to the inspectors’ tasks;

(9)human factors principles;

(10)the rights and obligations of inspecting personnel of the competent authority;

(11)on-the-job training that is relevant to the inspector’s tasks;

(12)technical training that is appropriate to the role and tasks of the inspector, in particular for those areas that require approvals.

NOTE: The duration of the on-the-job training should take into account the scope and complexity of the inspector’s tasks. The competent authority should assess whether the required competency has been achieved before an inspector is authorised to perform a task without supervision.

(b)Recurrent training programme

Once qualified, the inspector should undergo training periodically, as well as whenever deemed necessary by the competent authority, in order to remain competent to perform the allocated tasks. The recurrent training programme for inspectors should include, as appropriate to their role, at least the following topics:

(1)changes in aviation legislation, the operational environment and technologies;

(2)procedures of the competent authority that are relevant to the inspector’s tasks;

(3)technical training that is appropriate to the role and tasks of the inspector; and

(4)results from past oversight.

(c)Assessments of an inspector’s competency should take place at regular intervals that do not exceed 3 years. The results of these assessments, as well as any actions taken following the assessments, should be recorded.

ED Decision 2022/011/R

SAFETY RISK MANAGEMENT PROCESS

(a)The safety risk management process required by point (a)(5) of point 145.B.200 should be documented. The following should be defined in the related documentation:

(1)means for hazard identification, and the related data sources, taking into account data that comes from other competent authorities with which the competent authority interfaces in the State, or from the competent authorities of other Member States;

(2)risk management steps including:

(i) analysis (in terms of the probability and the severity of the consequences of hazards and occurrences);

(ii) assessment (in terms of tolerability); and

(iii) control (in terms of mitigation) of risks to an acceptable level;

(3)who holds the responsibilities for hazard identification and risk management;

(4)who holds the responsibility for the follow-up of risk mitigation actions;

(5)the levels of management who have the authority to make decisions regarding the tolerability of risks;

(6)means to assess the effectiveness of risk mitigation actions; and

(7)the link with the compliance monitoring function.

(b)To demonstrate that the safety risk management process is operational, competent authorities should be able to provide evidence that:

(1)the persons involved in internal safety risk management activities are properly trained;

(2)hazards that could impact the authority’s capabilities to perform its tasks and discharge its responsibilities have been identified and the related risk assessment is documented;

(3)regular meetings take place at appropriate levels of management of the competent authority to discuss the risks identified, and to decide on the tolerability of risks and possible risk mitigations;

(4)in addition to the initial hazard identification exercise, the risk management process is triggered as a minimum whenever changes occur that may affect the competent authority’s capability to perform any of the tasks required by Part-145;

(5)a record of the actions taken to mitigate risks is maintained, showing the status of each action and the owner of the action;

(6)there is a follow-up on the implementation of all risk mitigation actions;

(7)risk mitigation actions are assessed for their effectiveness;

(8)the results of risk assessments are periodically reviewed to check whether they remain relevant. (Are the assumptions still valid? Is there any new information?).

ED Decision 2022/011/R

SAFETY RISK MANAGEMENT PROCESS

The purpose of safety risk management as part of the management system framework for competent authorities is to ensure the effectiveness of the management system. As for any organisation, hazard identification and risk management are expected to contribute to effective decision-making, to guide the allocation of resources and contribute to organisational success.

The safety risk management process required by point 145.B.200 is intended to address the safety risks that are directly related to the competent authority’s organisation and processes, and which may affect its capability to perform its tasks and discharge its responsibilities. This process is not intended to be a substitute for the State safety risk management SARPs defined in ICAO Annex 19, Chapter 3, component 3.3. This does not mean, however, that the competent authority may not use information and data that is obtained through its State Safety Programme (SSP), including oversight data and information, for the purposes of safety risk management as part of its management system.

The safety risk management process is also to be applied to the management of changes (145.B.210), which is intended to ensure that the management system remains effective whenever changes occur.

ED Decision 2022/011/R

PROCEDURES AVAILABLE TO EASA

(a)Copies of the procedures related to the competent authority’s management system, and their amendments, that should be made available to EASA for the purpose of standardisation, should provide at least the following information:

(1)the competent authority’s organisational structure for the continuing oversight functions that it undertakes, with a description of the main processes. This information should demonstrate the allocation of responsibilities within the competent authority, and that the competent authority is capable of carrying out the full range of tasks for the size and complexity of the Member State’s aviation industry. It should also consider the overall proficiency and the scope of authorisation of the competent authority’s personnel;

(2)for personnel who are involved in oversight activities, the minimum required professional qualifications and amount of experience, and the principles that are used to guide their appointment (e.g. assessment);

(3)how the following are carried out: assessments of applications and evaluations of compliance, the issuing of certificates, continuing oversight activities, the follow-up of findings, enforcement measures and the resolution of safety concerns;

(4)the principles used for the management of exemptions and derogations;

(5)the processes that are in place to distribute the applicable safety information to enable a timely reaction to a safety problem;

(6)the criteria for planning continuing oversight activities (i.e. an oversight programme), including the management of interfaces when conducting continuing oversight activities (of air operations and of continuing airworthiness management, for example);

(7)an outline of the initial training of newly recruited oversight personnel (taking future activities into account), and the basic framework for the recurrent training of oversight personnel.

(b)As part of the continuous monitoring of a competent authority, EASA may request details of the working methods used, in addition to a copy of the procedures of the competent authority’s management system (and any amendments). These additional details are the procedures and the related guidance material that describes the working methods for the personnel of the competent authority who conduct oversight activities.

(c)Information related to the competent authority’s management system may be submitted in an electronic format.

Regulation (EU) 2023/203

(a)The competent authority may allocate tasks related to the initial certification or to the continuing oversight of organisations subject to Regulation (EU) 2018/1139 and its delegated and implementing acts, to qualified entities. When allocating tasks, the competent authority shall ensure that it has:

(1)put a system in place to initially and continuously assess whether the qualified entity complies with Annex VI to Regulation (EU) 2018/1139. That system and the results of the assessments shall be documented;

(2)established a written agreement with the qualified entity, approved by both parties at the appropriate management level, which stipulates:

(i)the tasks to be performed;

(ii)the declarations, reports and records to be provided;

(iii)the technical conditions to be met when performing such tasks;

(iv)the related liability coverage;

(v)the protection given to the information acquired when carrying out such tasks.

(b)The competent authority shall ensure that the internal audit process and safety risk management process established pursuant to point 145.B.200(a)(5) cover all the certification and continuing oversight tasks performed by the qualified entity on its behalf.

(c)For the certification and oversight of the organisation’s compliance with point 145.A.200A, the competent authority may allocate tasks to qualified entities in accordance with point (a), or to any relevant authority responsible for information security or cybersecurity within the Member State. When allocating tasks, the competent authority shall ensure that:

(1)all aspects related to aviation safety are coordinated and taken into account by the qualified entity or relevant authority;

(2)the results of the certification and oversight activities performed by the qualified entity or relevant authority are integrated in the overall certification and oversight files of the organisation;

(3)its own information security management system established in accordance with point 145.B.200(e) covers all the certification and continuing oversight tasks performed on its behalf.

[Applicable from 22 February 2026 – Regulation (EU) 2023/203]

ED Decision 2023/010/R

[Applicable until 21 February 2026 – ED Decision 2022/011/R]

GM1 145.B.205 Allocation of tasks

[Applicable from 22 February 2026 – Regulation (EU) 2023/203]

CERTIFICATION TASKS

The tasks that may be performed by a qualified entity on behalf of the competent authority include those that are related to the initial certification and to the continuing oversight of organisations as defined in Regulation (EU) No 1321/2014.

Regulation (EU) 2021/1963

(a)The competent authority shall have a system in place to identify the changes that affect its capability to perform its tasks and discharge its responsibilities as defined in Regulation (EU) 2018/1139 and its delegated and implementing acts. That system shall enable the competent authority to take action necessary to ensure that its management system remains adequate and effective.

(b)The competent authority shall update in a timely manner its management system to reflect any changes to Regulation (EU) 2018/1139 and its delegated and implementing acts so as to ensure its effective implementation.

(c)The competent authority shall notify the Agency of any changes affecting its capability to perform its tasks and discharge its responsibilities as provided for in Regulation (EU) 2018/1139 and its delegated and implementing acts.

Regulation (EU) 2021/1963

(a)The competent authority shall establish a record-keeping system that allows the adequate storage, accessibility and reliable traceability of:

(1)the management system’s documented policies and procedures;

(2)the training, qualifications and authorisations of its personnel;

(3)the allocation of tasks, covering the elements required by point 145.B.205, as well as the details of tasks allocated;

(4)certification processes and continuing oversight of certified organisations, including:

(i)the application for an organisation certificate;

(ii)the competent authority’s continuing oversight programme, including all the assessments, audits and inspection records;

(iii)the organisation certificate, including any changes to it;

(iv)a copy of the oversight programme, listing the dates when audits are due and when audits were carried out;

(v)copies of all formal correspondence;

(vi)recommendations for the issue or continuation of a certificate, details of findings and actions taken by the organisations to close those findings, including the date of closure, enforcement actions and observations;

(vii)any assessment, audit and inspection report issued by another competent authority pursuant to point 145.B.300(d);

(viii)copies of all the organisation MOEs or manuals, and of any amendments to them;

(ix)copies of any other documents approved by the competent authority;

(5)documents supporting the use of alternative means of compliance;

(6)safety information provided in accordance with point 145.B.125 and follow-up measures;

(7)the use of safeguard and flexibility provisions in accordance with Article 70, Article 71(1) and Article 76(4) of Regulation (EU) 2018/1139.

(b)The competent authority shall maintain a list of all the organisation certificates it has issued.

(c)All the records referred to in points (a) and (b) shall be kept for a minimum period of 5 years, subject to applicable data protection law.

(d)All the records referred to in points (a) and (b) shall be made available, upon request, to a competent authority of another Member State or to the Agency.

ED Decision 2022/011/R

GENERAL

(a)The record-keeping system should ensure that all records are accessible within a reasonable time whenever they are needed. These records should be organised in a manner that ensures their traceability and retrievability throughout the required retention period.

(b)All records that contain sensitive data regarding applicants or organisations should be stored in a secure manner with controlled access to ensure their confidentiality.

(c)Records should be kept in paper form, or in an electronic format, or a combination of the two. Records that are stored on microfilm or optical discs are also acceptable. The records should remain legible and accessible throughout the required retention period. The retention period starts when the record is created.

(d)Paper systems should use robust material which can withstand normal handling and filing. Computer record systems should have at least one backup system, which should be updated within 24 hours of any new entry. Computer record systems should include safeguards to prevent any unauthorised personnel from altering the data.

(e)All computer hardware that is used to ensure the backup of data should be stored in a different location from the one that contains the working data, and in an environment that ensures that the data remains in a good condition. When hardware or software changes take place, special care should be taken to ensure that all the necessary data continues to be accessible throughout at least the full period specified in point 145.B.220(c).

ED Decision 2022/011/R

COMPETENT AUTHORITY MANAGEMENT SYSTEM

Records that are related to the competent authority’s management system should include, as a minimum, and as applicable:

(a)the documented policies and procedures;

(b)the personnel files of the competent authority’s personnel, with the supporting documents related to their training and qualifications;

(c)the results of the competent authority’s internal audits and safety risk management processes, including audit findings, and corrective, preventive and risk mitigation actions; and

(d)the contract(s) established with any qualified entities that perform certification or oversight tasks on behalf of the competent authority.

Regulation (EU) 2023/203

(a)The competent authority shall verify:

(1)compliance with the requirements that are applicable to organisations, prior to issuing an organisation certificate;

(2)continued compliance with the applicable requirements of the organisations it has certified;

(3)the implementation of appropriate safety measures mandated by the competent authority in accordance with points 145.B.135(c) and (d).

(b)This verification shall:

(1)be supported by documentation specifically intended to provide personnel responsible for oversight with guidance to perform their functions;

(2)provide the organisations concerned with the results of oversight activities;

(3)be based on assessments, audits and inspections and, if needed, unannounced inspections;

(4)provide the competent authority with the evidence needed in case further action is required, including the measures provided for in point 145.B.350.

(c)The competent authority shall establish the scope of the oversight set out in points (a) and (b) taking into account the results of past oversight activities and the safety priorities.

(d)If the facilities of an organisation are located in more than one State, the competent authority, as defined in point 145.1, may agree to have the oversight tasks performed by the competent authority(ies) of the Member State(s) where the facilities are located, or by the Agency for facilities that are located outside a territory for which Member States are responsible under the Chicago Convention. Any organisation that is subject to such an agreement shall be informed of its existence and of its scope.

(e)For any oversight activities that are performed at facilities located in a Member State other than where the organisation has its principal place of business, the competent authority, as defined in point 145.1, shall inform the competent authority of that Member State before performing any on-site audit or inspection of the facilities.

(f)The competent authority shall collect and process any information deemed necessary for performing oversight activities.

(g)With regard to the certification and oversight of the organisation’s compliance with point 145.A.200A, in addition to complying with points (a) to (f), the competent authority shall review any approval granted under point IS.I.OR.200(e) of this Regulation or point IS.D.OR.200(e) of Delegated Regulation (EU) 2022/1645 following the applicable oversight audit cycle and whenever changes are implemented in the scope of work of the organisation.

[Applicable from 22 February 2026 – Regulation (EU) 2023/203]

ED Decision 2022/011/R

MANAGEMENT SYSTEM ASSESSMENT

As part of the initial certification of an organisation, the competent authority should assess the organisation’s management system and processes to make sure that all the required enablers of a functioning management system are present and suitable.

As part of its continuing oversight activities, the competent authority should verify that the required enablers remain present and operational, and assess the effectiveness of the organisation’s management system and processes.

When significant changes take place in the organisation, the competent authority should determine whether there is a need to review the existing assessment to ensure that it is still valid.

ED Decision 2022/011/R

INFORMATION DEEMED NECESSARY FOR OVERSIGHT

This information should include, as a minimum:

(a)any occurrence reports received by the competent authority;

(b)the reports received following the issuing of any one-off certification authorisations as defined in point 145.A.30(j)(5);

(c)the results of the following types of inspections and surveys if they indicate an issue that originates from a Part-145 organisation:

(i)ramp inspections performed in accordance with Subpart RAMP of Annex II (Part-ARO) to Commission Regulation (EU) No 965/2012 on air operations;

(ii)product surveys of aircraft, pursuant to point M.B.303 or point ML.B.303;

(iii)product audits conducted pursuant to point CAMO.B.305(b)(1) or point 145.B.305(b)(1); and

(iv)physical surveys or partial airworthiness reviews performed by the competent authority in line with AMC M.B.901.

Regulation (EU) 2021/1963

(a)The competent authority shall establish and maintain an oversight programme covering the oversight activities required by point 145.B.300.

(b)The oversight programme shall take into account the specific nature of the organisation, the complexity of its activities, the results of past certification or oversight activities, or both, and it shall be based on the assessment of the associated risks. It shall include, within each oversight planning cycle:

(1)assessments, audits and inspections, including, as appropriate:

(i)management system assessments and process audits;

(ii)product audits of a relevant sample of the maintenance carried out by the organisation;

(iii)sampling of the airworthiness reviews performed;

(iv)unannounced inspections;

(2)meetings convened between the accountable manager and the competent authority to ensure that both parties remain informed of all significant issues.

(c)The oversight planning cycle shall not exceed 24 months.

(d)Notwithstanding point (c), the oversight planning cycle may be extended to 36 months if the competent authority has established that during the previous 24 months:

(1)the organisation has demonstrated that it can effectively identify aviation safety hazards and manage the associated risks;

(2)the organisation has continuously demonstrated compliance with point 145.A.85 and it has full control over all changes;

(3)no level 1 findings have been issued;

(4)all corrective actions have been implemented within the time period that was accepted or extended by the competent authority as provided for in point 145.B.350.

Notwithstanding point (c), the oversight planning cycle may be further extended to a maximum of 48 months if, in addition to the conditions provided in points (d)(1) to (4), the organisation has established, and the competent authority has approved, an effective continuous system for reporting to the competent authority on the safety performance and regulatory compliance of the organisation itself.

(e)The oversight planning cycle may be shortened if there is evidence that the safety performance of the organisation has decreased.

(f)The oversight programme shall include records of the dates when assessments, audits, inspections and meetings are due, and when assessments, audits, inspections and meetings have been effectively carried out.

(g)At the completion of each oversight planning cycle, the competent authority shall issue a recommendation report on the continuation of the approval, reflecting the results of the oversight.

ED Decision 2022/011/R

ANNUAL REVIEW

(a)The oversight planning cycle and the related oversight programme for each organisation should be reviewed annually to ensure that they remain adequate regarding any changes in the nature of the organisation, the complexity of its activities or the safety performance of the organisation.

(b)When reviewing the oversight planning cycle and the related oversight programme, the competent authority should also consider any relevant information collected in accordance with points 145.A.60 and 145.B.300(f).

ED Decision 2022/011/R

SPECIFIC NATURE OF THE ORGANISATION AND COMPLEXITY OF ITS ACTIVITIES — RESULTS OF PAST CERTIFICATION OR OVERSIGHT ACTIVITIES

When determining the oversight programme, including the product audits, the competent authority should consider in particular the following elements, as applicable:

(1)the effectiveness of the organisation’s management system in identifying and addressing noncompliances and safety hazards;

(2)the implementation by the organisation of any industry standards that are directly relevant to the organisation’s activities subject to this Regulation;

(3)the procedure applied for and the scope of changes not requiring prior approval;

(4)any specific procedures implemented by the organisation that are related to any alternative means of compliance used;

(5)the number of approved locations and the activities performed at each location;

(6)the number and type of any subcontractors that perform maintenance tasks; and

(7)the volume of activity for each A, B, C and D class rating, as applicable.

ED Decision 2022/011/R

SUBCONTRACTED ACTIVITIES

If a Part-145 organisation subcontracts maintenance tasks, the competent authority should determine whether the subcontracted organisation needs to be audited and included in the oversight programme, taking into account the specific nature and complexity of the subcontracted activities, the results of previous oversight activities of the approved organisation, and the assessment of the associated risks.

For such audits, competent authority inspectors should ensure that they are accompanied throughout the audit by a senior technical member of the Part-145 organisation.

NOTE: If a Part-145 organisation subcontracts maintenance tasks, the competent authority should ensure that the Part-145 organisation manages the risks related to, and that it has sufficient control over, the subcontracted activities (see AMC1 145.A.75(b)).

ED Decision 2022/011/R

AUDIT

(a)The oversight programme should indicate which aspects of the approval will be covered by each audit.

(b)Part of each audit should concentrate on the audit reports produced by the organisation’s compliance monitoring function, to determine whether the organisation has been identifying and correcting its problems.

(c)At the conclusion of the audit, the auditing inspector should complete an audit report that identifies the areas and processes that were audited, and includes all the findings that were raised.

(d)At the completion of each oversight planning cycle, a new EASA Form 6 should be issued.

ED Decision 2022/011/R

OVERSIGHT PLANNING CYCLE — AUDIT AND INSPECTION

(a)When determining the oversight planning cycle and defining the oversight programme, the competent authority should assess the risks related to the activity and set-up of each organisation, and adapt the oversight to the level of risk identified and to the effectiveness of the organisation’s management system, in particular its ability to effectively manage safety risks.

(b)The competent authority should establish a schedule of audits and inspections that is appropriate to each organisation. The planning of audits and inspections should take into account the results of the hazard identification and the risk assessment conducted and maintained by the organisation as part of the organisation’s management system. Inspectors should work in accordance with the schedule provided to them.

(c)When the competent authority, having regard to the level of risk identified and the effectiveness of the organisation’s management system, varies the frequency of an audit or inspection, it should ensure that all aspects of the organisation’s activity are audited and inspected within the applicable oversight planning cycle.

ED Decision 2022/011/R

OVERSIGHT PLANNING CYCLE — AUDIT

(a)For each organisation certified by the competent authority, all applicable requirements including relevant processes should be audited at periods that do not exceed the applicable oversight planning cycle. The beginning of the first oversight planning cycle is normally determined by the date of issue of the first certificate. If the competent authority wishes to align the oversight planning cycle with the calendar year, it should shorten the first oversight planning cycle accordingly.

(b)Audits should include at least one on-site audit within each oversight planning cycle. For organisations that carry out their regular activities at more than one site, the determination of the sites and the requirements at these sites to be audited should consider the results of past oversight activities and the volume of activities at each site, as well as the main risk areas identified.

(c)For organisations that hold more than one certificate under Regulation (EU) 2018/1139, the competent authority may define an integrated oversight schedule that includes all the applicable audit items. In order to avoid any duplication of audits, credit may be granted for specific audit items that have already been completed during the current oversight planning cycle, provided that:

(1)the specific audit item is the same for all the certificates under consideration;

(2)there is satisfactory evidence on record that those specific audit items were carried out, and that all the related corrective actions have been implemented to the satisfaction of the competent authority;

(3)the competent authority is satisfied that there is no evidence that standards have deteriorated regarding those specific audit items for which credit is granted.

ED Decision 2022/011/R

The expression ‘shall not exceed 24 months’ does not imply that 24 months is a minimum duration for the oversight cycle. Based on the elements specified in 145.B.300(c) and 145.B.305(b) (e.g. safety priorities, assessment of the risks, complexity of activities), the competent authority may decide to apply a cycle of less than 24 months (e.g. 12 months).

ED Decision 2022/011/R

EXTENSION OF THE OVERSIGHT PLANNING CYCLE BEYOND 24 MONTHS

(a)If the competent authority applies an oversight planning cycle that exceeds 24 months, it should, at a minimum, perform one focused inspection of the organisation (inspection of a specific area, element or aspect of the organisation) within each 12-month segment of the applicable oversight planning cycle to support the extended oversight programme.

(b)If the results of this inspection indicate a decrease in the safety performance or regulatory compliance of the organisation, the competent authority should revert back to a 24-month (or less) oversight planning cycle and review the oversight programme accordingly.

(c)In order to be able to apply an oversight planning cycle beyond 36 months, the competent authority should agree on the format and contents of the continuous reporting to be made by the organisation on its safety performance and regulatory compliance.

ED Decision 2022/011/R

ORGANISATION’S CONTROL OVER THE CHANGES

For the purpose of extending the oversight planning beyond 24 months, the continuous compliance of the organisation with 145.A.85 and the full control over all changes referred to in point 145.B.305(d)(2) includes in particular the ability of the organisation to manage adequately the changes not requiring prior approval foreseen in 145.A.85(c).

Regulation (EU) 2021/1963

(a)Upon receiving an application from an organisation for the initial issue of a certificate, the competent authority shall verify the organisation’s compliance with the applicable requirements.

(b)A meeting with the accountable manager of the organisation shall be convened at least once during the investigation for initial certification to ensure that that person understands his or her role and accountability.

(c)The competent authority shall record all the findings issued, closure actions as well as the recommendations for the issue of the certificate.

(d)The competent authority shall confirm to the organisation in writing all the findings raised during the verification. For initial certification, all findings must be corrected to the satisfaction of the competent authority before the certificate can be issued.

(e)When satisfied that the organisation complies with the applicable requirements, the competent authority shall:

(1)issue the certificate as established in Appendix III “EASA Form 3-145” in accordance with the class and rating system provided for in Appendix II;

(2)formally approve the MOE.

(f)The certificate reference number shall be included on the EASA Form 3-145 certificate in a manner specified by the Agency.

(g)The certificate shall be issued for an unlimited duration. The privileges and the scope of the activities that the organisation is approved to conduct, including any limitations as applicable, shall be specified in the terms of approval attached to the certificate.

(h)To enable the organisation to implement changes without prior competent authority approval in accordance with point 145.A.85(c), the competent authority shall approve the relevant MOE procedure that sets out the scope of such changes and describes how such changes will be managed and notified to the competent authority.

ED Decision 2022/011/R

VERIFICATION OF COMPLIANCE

(a)In order to verify the organisation’s compliance with the applicable requirements, the competent authority should conduct an audit of the organisation, including interviews of the personnel, and inspections carried out at the organisation’s facilities.

(b)The competent authority should only conduct such an audit if it is satisfied that the application and the supporting documentation, including the results of the pre-audit performed by the organisation, are in compliance with the applicable requirements.

(c)The audit should focus on the following areas:

(1)the detailed management structure, including the names and qualifications of personnel as required by points (a), (b), (c) and (ca) of point 145.A.30, and the adequacy of the organisation and its management structure;

(2)the personnel:

(i)the adequacy of the number of staff, and of their qualifications and experience with regard to the intended terms of approval and the associated privileges;

(ii)the validity of any licences and/or authorisations, as applicable;

(3)the processes used for safety risk management and compliance monitoring;

(4)the facilities and their adequacy regarding the organisation’s scope of work;

(5)the documentation based on which the certificate should be granted (i.e. the documentation required by Part-145):

(i)verification that the procedures specified in the MOE comply with the applicable requirements; and

(ii)verification that the accountable manager has signed the exposition statement.

(d)If an application for an organisation certificate is refused, the applicant should be informed of the right of appeal that exists under national law.

ED Decision 2022/011/R

AUDIT

(a)The competent authority should determine how and by whom the audit shall be conducted. For example, it will be necessary to determine whether one large team audit, a short series of small team audits, or a long series of single inspector audits is most appropriate for the particular situation.

(b)The audit may be structured so as to verify the organisation’s processes related to a product line. For example, in the case of an organisation with Airbus A310 and A320 ratings, the audit should concentrate on the maintenance processes of one aircraft type only for a full compliance check, and depending upon the result, the second aircraft type may only require a sample check against those aspects that were seen to be weak regarding compliance for the first type.

(c)In determining the scope of the audit and which activities of the organisation will be assessed during the audit, the privileges of the approved organisation should be taken into account, e.g. their approval to carry out airworthiness reviews.

(d)Competent authority auditing inspectors should always ensure that they are accompanied throughout the audit by a senior member of the organisation, who is normally the compliance monitoring manager. The reason for being accompanied is to ensure that the organisation is fully aware of any findings raised during the audit.

(e)At the end of the audit, the auditing inspector should inform the senior member of the organisation of all the findings that were raised during the audit.

ED Decision 2022/011/R

There may be occasions when the competent authority inspector is unsure about the compliance of some aspects of the organisation applying for the initial issue of a certificate. If this occurs, the inspector should inform the organisation about the possible non-compliance at the time, and about the fact that the situation will be reviewed within the competent authority before a decision is made. If the review concludes that there is no finding, then a verbal confirmation to the organisation should suffice.

ED Decision 2022/011/R

(a)The audit should be recorded using the audit report EASA Form 6 (Appendix II to AMC2 145.B.310(c)).

(b)A review of the EASA Form 6 audit report form should be carried out by a competent independent person nominated by the competent authority. A satisfactory review of the audit report should be indicated by a signature on the EASA Form 6.

(c)The audit reports should include the date when each finding was closed, together with a reference to the closure actions.

ED Decision 2022/011/R

All findings should be confirmed in writing to the applicant organisation within 2 weeks of the on-site audit.

Regulation (EU) 2021/1963

(a)Upon receiving an application for a change that requires prior approval, the competent authority shall verify the organisation’s compliance with the applicable requirements before issuing the approval.

(b)The competent authority shall establish the conditions under which the organisation may operate during the change unless the competent authority determines that the organisation’s certificate needs to be suspended.

(c)When it is satisfied that the organisation complies with the applicable requirements, the competent authority shall approve the change.

(d)Without prejudice to any additional enforcement measures, if the organisation implements changes requiring prior approval without having received the approval of the competent authority pursuant to point (c), the competent authority shall consider the need to suspend, limit or revoke the organisation’s certificate.

(e)For changes not requiring prior approval, the competent authority shall include the review of such changes in its continuing oversight in accordance with the principles set forth in point 145.B.300. If any non-compliance is found, the competent authority shall notify the organisation, request further changes, and act in accordance with point 145.B.350.

ED Decision 2022/011/R

(a)The competent authority should have adequate control over any changes to the personnel specified in points (a), (b), (c), (ca) and (k) of point 145.A.30. Such changes in personnel will require an amendment to the exposition.

(b)When an organisation submits the name of a new nominee for any of the personnel specified in points (a), (b), (c), (ca) and (k) of point 145.A.30, the competent authority may require the organisation to produce a written résumé of the proposed person’s qualifications. The competent authority should reserve the right to interview the nominee or to call for additional evidence of their suitability before deciding upon them being acceptable.

(c)For changes requiring prior approval, in order to verify the organisation’s compliance with the applicable requirements, the competent authority should conduct an audit of the organisation, limited to the extent of the changes. The competent authority may also request the organisation to provide the risk assessment referred to in AMC2 145.A.85 for review.

(d) If required, the audit may include interviews and inspections carried out at the organisation’s facilities.

(e)The applicable part(s) of EASA Form 6 should be used to document the assessment of any changes to the Part-145 approval.

ED Decision 2022/011/R

CHANGE OF THE NAME OF THE ORGANISATION

(a)On receipt of the application and the amendment to the relevant parts of the MOE, the competent authority should reissue the certificate.

(b)A change of only the name does not require the competent authority to audit the organisation unless there is evidence that other aspects of the organisation have changed.

ED Decision 2022/011/R

REVIEW OF CHANGES NOT REQUIRING PRIOR APPROVAL

The authority should implement a process to review the changes not requiring prior approval. This should include at least, as part of the continuing oversight activities during the oversight cycle:

•auditing the organisation process for changes not requiring prior approval;

•selecting a sample of these changes and verifying their compliance with the applicable requirements.

Regulation (EU) 2023/203

(a)For changes managed and notified to the competent authority in accordance with the procedure set out in point IS.I.OR.255(a) of Annex II (Part-IS.I.OR) to Implementing Regu­ lation (EU) 2023/203, the competent authority shall include the review of such changes in its continuing oversight in accordance with the principles laid down in point 145.B.300. If any non-compliance is found, the competent authority shall notify the organisation thereof, request further changes and act in accordance with point 145.B.350.

(b)For other changes requiring an application for approval in accordance with point IS.I.OR.255(b) of Annex II (Part-IS.I.OR) to Implementing Regulation (EU) 2023/203:

(1)upon receiving the application for the change, the competent authority shall check the organisation’s compliance with the applicable requirements before issuing the approval;

(2)the competent authority shall establish the conditions under which the organisation may operate during the implementation of the change;

(3)if it is satisfied that the organisation complies with the applicable requirements, the competent authority shall approve the change.

[Applicable from 22 February 2026 – Regulation (EU) 2023/203]

Regulation (EU) 2021/1963

(a)The competent authority shall have a system in place to analyse findings for their safety significance.

(b)A level 1 finding shall be issued by the competent authority when any significant non-compliance is detected with the applicable requirements of Regulation (EU) 2018/1139 and its delegated and implementing acts, with the organisation’s procedures and manuals, or with the organisation’s certificate including the terms of approval, which lowers safety or seriously endangers flight safety.

Level 1 findings shall also include:

(1)any failure to grant the competent authority access to the organisation’s facilities referred to in point 145.A.140 during normal operating hours and after two written requests;

(2)obtaining the organisation certificate or maintaining its validity by falsification of the submitted documentary evidence;

(3)any evidence of malpractice or fraudulent use of the organisation certificate;

(4)the lack of an accountable manager.

(c)A level 2 finding shall be issued by the competent authority when any non-compliance is detected with the applicable requirements of Regulation (EU) 2018/1139 and its delegated and implementing acts, with the organisation’s procedures and manuals, or with the organisation’s certificate including the terms of approval, which is not classified as a level 1 finding.

(d)When a finding is detected during oversight or by any other means, the competent authority shall, without prejudice to any additional action required by Regulation (EU) 2018/1139 and its delegated and implementing acts, communicate in writing the finding to the organisation and request corrective action to address the non-compliance identified. If a level 1 finding directly relates to an aircraft, the competent authority shall inform the competent authority of the Member State in which the aircraft is registered.

(1)If there are any level 1 findings, the competent authority shall take immediate and appropriate action to prohibit or limit the activities of the organisation involved and, if appropriate, it shall take action to revoke the certificate or to limit or suspend it in whole or in part, depending on the extent of the level 1 finding, until successful corrective action has been taken by the organisation.

(2)If there are any level 2 findings, the competent authority shall:

(i)grant the organisation a corrective action implementation period that is appropriate to the nature of the finding, and that in any case shall initially not be more than 3 months. The period shall commence from the date of the written communication of the finding to the organisation requesting corrective action to address the non-compliance identified. At the end of that period, and subject to the nature of the finding, the competent authority may extend the 3-month period provided that a corrective action plan has been agreed with the competent authority;

(ii)assess the corrective action plan and implementation plan proposed by the organisation, and if the assessment concludes that they are sufficient to address the non-compliance, accept them.

(3)If the organisation fails to submit an acceptable corrective action plan, or fails to perform the corrective action within the time period accepted or extended by the competent authority, the finding shall be raised to level 1 and action shall be taken as laid down in point (d)(1).

(4)The competent authority shall record all the findings that it has raised or that have been communicated to it in accordance with point (e) and, where applicable, the enforcement measures it has applied, as well as all corrective actions and the dates of the action closures for all the findings.

(e)Without prejudice to any additional enforcement measures, when an authority performing the oversight tasks pursuant to point 145.B.300(d) identifies any non-compliance with the applicable requirements of Regulation (EU) 2018/1139 and its delegated and implementing acts by an organisation certified by the competent authority of another Member State or the Agency, it shall inform that competent authority and provide an indication of the level of the finding.

(f)The competent authority may issue observations for any of the following cases not requiring level 1 or level 2 findings:

(1)for any item whose performance has been assessed to be ineffective;

(2)when it has been identified that an item has the potential to cause a non-compliance under points (b) or (c);

(3)when suggestions or improvements are of interest for the overall safety performance of the organisation.

The observations issued under this point shall be communicated in writing to the organisation and recorded by the competent authority.

ED Decision 2022/011/R

DIFFERENCE BETWEEN ‘LEVEL 2 FINDING’ AND ‘OBSERVATION’

(a)‘Findings’ are issued for non-compliance with the Regulation, whereas ‘observations’ may be issued to an organisation remaining compliant with the Regulation while additional inputs for the organisation could be considered for continuous improvement.

However, the competent authority may decide to issue a ‘level 2’ finding when the ‘observations’ process is not managed correctly or overlooked.

(b)Examples to help differentiate between a ‘level 2 finding’ and an ‘observation’ are provided below, based on the provisions for the control and calibration of tools in accordance with point 145.A.40(b).

Example of a ‘level 2 finding’

The organisation could not demonstrate compliance with some elements of 145.A.40(b) regarding the control register of the tools, equipment and particularly test equipment process as evidenced by:

(1) the fact that some sampled tools physically available in the tools store were missing in the tools control register managed by the organisation;

(2) the fact that one tool has not been correctly identified (e.g. incorrect P/N, S/N) in the tools control register.

Examples of ‘observations’

Accumulation of tools in the store not sent yet for calibration. This situation could generate some consequences on the availability of tools and operational capabilities during a peak of activities (ineffectiveness of the process).

The process to manage the tools control register through the dedicated software is not detailed enough (potential to cause a level 2 finding).

The colour of the ‘unserviceable’ tag of the tools could generate some confusion. The organisation should consider changing the colour of this unserviceable tag to better alert the staff on the particular status of the unserviceable tools (potential improvement).

Regulation (EU) 2021/1963

The competent authority shall:

(a)suspend a certificate when it considers that there are reasonable grounds that such action is necessary to prevent a credible threat to aircraft safety;

(b)suspend, revoke or limit a certificate if such action is required pursuant to point 145.B.350;

(c)suspend or limit in whole or in part a certificate if unforeseeable circumstances outside the control of the competent authority prevent its inspectors from discharging their oversight responsibilities over the oversight planning cycle.

APPENDICES TO ANNEX II (Part-145)

Regulation (EU) No 1321/2014

The provisions of Appendix II to Annex I (Part-M) apply.

Regulation (EU) 2021/1963

(a)Except as stated otherwise for the smallest organisations referred to in point (m), the table referred to in point (l) provides the possible classes and ratings to be used to establish the terms of approval of the certificate of the organisation approved in accordance with Annex II (Part-145). An organisation must be granted terms of approval that range from a single class and rating with limitations to all classes and ratings with limitations.

(b)In addition to the table in point (l), each maintenance organisation is required to indicate its scope of work in its MOE.

(c)Within the approval class(es) and rating(s) established by the competent authority, the scope of work specified in the MOE defines the exact limits of its approval. It is therefore essential that the approval class(es) and rating(s) and the organisation’s scope of work match.

(d)A category A class rating means that the maintenance organisation may carry out maintenance on aircraft and components (including engines and/or auxiliary power units (APUs)), in accordance with the aircraft maintenance data or, if agreed by the competent authority, in accordance with the component maintenance data, only while such components are fitted to the aircraft. Nevertheless, such an A-rated maintenance organisation may temporarily remove a component for maintenance in order to improve access to that component, except when its removal generates the need for additional maintenance that the organisation is not approved to perform. Such removal of component for maintenance by A-rated maintenance organisation shall be subject to an appropriate control procedure in the MOE.

The limitation column must specify the scope of such maintenance, thereby indicating the extent of the approval.

(e)Category A class ratings are subdivided into “Base” or “Line” maintenance categories. Such an organisation may be approved for either “Base” or “Line” maintenance, or both. It should be noted that a “Line” facility located at a main base facility requires a “Line” maintenance approval.

(f)A category B class rating means that the maintenance organisation may carry out maintenance on uninstalled engines and/or APUs and engine and/or APU components, in accordance with the engine and/or APU maintenance data or, if agreed by the competent authority, in accordance with the component maintenance data, only while such components are fitted to the engine and/or the APU. Nevertheless, such a B-rated approved maintenance organisation may temporarily remove a component for maintenance in order to improve access to that component, except when its removal generates the need for additional maintenance that the organisation is not approved to perform.

The limitation column must specify the scope of such maintenance, thereby indicating the extent of the approval.

A maintenance organisation that is approved with a category B class rating may also carry out maintenance on an installed engine during aircraft base and line maintenance, provided that an appropriate control procedure in the MOE has been approved by the competent authority. The scope of work in the MOE shall reflect those activities if they are permitted by the competent authority.

(g)A category C class rating means that the maintenance organisation may carry out maintenance on uninstalled components (excluding complete engines and APUs) that are intended to be fitted on the aircraft or the engine/APU.

The limitation column must specify the scope of such maintenance, thereby indicating the extent of the approval.

A maintenance organisation that is approved with a category C class rating may also carry out maintenance on an installed component (other than a complete engine/APU) during aircraft base and line maintenance, or at an engine/APU maintenance facility provided that an appropriate control procedure in the MOE has been approved by the competent authority. The scope of work in the MOE shall reflect those activities if they are permitted by the competent authority.

(h)A category D class rating is a self-contained class rating that is not necessarily related to a specific aircraft, engine or other component. The D1 – Non-Destructive Testing (NDT) rating is only necessary for a maintenance organisation that carries out NDT as a particular task for another organisation. A maintenance organisation that is approved with a class rating in the A, B or C category may carry out NDT on products that it maintains without the need for a D1 class rating provided that the MOE contains appropriate NDT procedures.

(i)The limitation column is intended to give competent authorities the flexibility to customise an approval for any particular organisation. Ratings may only be mentioned on the approval if they are appropriately limited. The table in point (l) specifies the types of limitations that are possible. It is acceptable to stress in the limitation column the maintenance task rather than the type or manufacturer of the aircraft or engine, if that is more appropriate to the organisation (an example could be avionics systems installations and the related maintenance). If that is mentioned in the limitation column, it indicates that the maintenance organisation is approved to carry out maintenance up to and including that particular type/task.

(j)When reference is made to the series, type and group in the limitation column of class A and B, it shall be understood as follows:

—“series” means a specific type series such as the Airbus 300, 310 or 319, or the Boeing 737-300 series, the RB211-524 series, the Cessna 150 or Cessna 172, the Beech 55 series, the continental O-200 series, etc.,

—“type” means a specific type or model such as the Airbus 310-240 type, the RB 211-524 B4 type, or the Cessna 172RG type.

Any number of series or types may be quoted,

—“group” means, for example, Cessna single piston engine aircraft or Lycoming non-supercharged piston engines, etc.

(k)By way of derogation from point 145.A.85(a)(1), when a component capability list is used that could be subject to frequent amendments, then the organisation may propose to include such amendments in the procedure referred to in point 145.A.85(c) for changes not requiring prior approval.

(l)Table

(m)A maintenance organisation which employs only one person to both plan and carry out all its maintenance activities can only hold limited terms of approval. The maximum permissible limits are as follows:

It should be noted that such an organisation may be further limited by the competent authority in the terms of approval depending on the capabilities of the particular organisation.

Regulation (EU) 2020/270

EASA Form 3-145 Issue 4

EASA Form 3-145 Issue 4

ED Decision 2022/011/R

The following fields on page 2 ‘Maintenance Organisation Terms of Approval’ of the maintenance organisation approval certificate should be completed as follows:

•Date of original issue: It refers to the date of the original issue of the maintenance organisation exposition

•Date of last revision approved: It refers to the date of the last revision of the maintenance organisation exposition affecting the content of the certificate. Changes to the maintenance organisation exposition which do not affect the content of the certificate do not require the reissuance of the certificate.

•Revision No: It refers to the revision No of the last revision of the maintenance organisation exposition affecting the content of the certificate. Changes to the maintenance organisation exposition which do not affect the content of the certificate do not require the reissuance of the certificate.

ED Decision 2022/011/R

The expression ‘or not’ at the end of the footnote ‘(****)’ on page 2 of 2 of the certificate does not constitute an obligation to introduce a negative statement in the terms of approval concerning the privilege to issue an airworthiness review certificate.

If the organisation holds the privilege to issue an airworthiness review certificate for an aircraft series, type and group, the competent authority will state it on the relevant line. If the organisation does not have that privilege, the competent authority may state it, but does not have to.

Regulation (EU) No 1321/2014

1.Certifying staff in compliance with all the following conditions are deemed to meet the intent of point 145.A.30(j)(1) and (2):

(a)The person shall hold a licence or a certifying staff authorisation issued under national regulations in full compliance with ICAO Annex 1.

(b)The scope of work of the person shall not exceed the scope of work defined by the national licence or the certifying staff authorisation, whatever is the most restrictive.

(c)The person shall demonstrate he/she received the training on human factors and aviation legislation referred to in modules 9 and 10 of Appendix I to Annex III (Part-66).

(d)The person shall demonstrate 5 years maintenance experience for line maintenance certifying staff and 8 years for base maintenance certifying staff. However, those persons whose authorised tasks do not exceed those of a Part-66 category A certifying staff, need to demonstrate 3 years maintenance experience only.

(e)Line maintenance certifying staff and base maintenance support staff shall demonstrate he/she received type training and passed examination at the category B1, B2 or B3 level, as applicable, referred to in Appendix III to Annex III (Part-66) for each aircraft type in the scope of work referred to in point (b). Those persons whose scope of work does not exceed those of a category A certifying staff may however receive task training in lieu of a complete type training.

(f)Base maintenance certifying staff shall demonstrate he/she received type training and passed examination at the category C level referred to in Appendix III to Annex III (Part-66) for each aircraft type in the scope of work referred to in point (b), except that for the first aircraft type, training and examination shall be at the category B1, B2 or B3 level of Appendix III.

2.Protected rights

(a)The personnel having privileges before the entry into force of the relevant requirements of Annex III (Part-66) may continue to exercise them without the need to comply with points 1(c) to 1(f).

(b)However after that date any certifying staff willing to extend the scope of their authorisation to include additional privileges shall comply with point 1.

(c)Notwithstanding point 2(b) above, in the case of additional type training, compliance with points 1(c) and 1(d) is not required.