Published

Reason for revision

October 2023

First Easy Access Rules document powered by eRules.

The EAR incorporate:

—Commission Implementing Regulation (EU) 2023/203 laying down rules for the application of Regulation (EU) 2018/1139 of the European Parliament and of the Council, as regards requirements for the management of information security risks with a potential impact on aviation safety for organisations covered by Commission Regulations (EU) No 1321/2014,
(EU) No 965/2012, (EU) No 1178/2011, (EU) 2015/340, Commission Implementing Regulations (EU) 2017/373 and (EU) 2021/664, and for competent authorities covered by Commission Regulations
(EU) No 748/2012, (EU) No 1321/2014, (EU) No 965/2012,
(EU) No 1178/2011, (EU) 2015/340 and (EU) No 139/2014, Commission Implementing Regulations (EU) 2017/373 and (EU) 2021/664 and amending Commission Regulations (EU) No 1178/2011, (EU) No 748/2012, (EU) No 965/2012, (EU) No 139/2014, (EU) No 1321/2014, (EU) 2015/340, and Commission Implementing Regulations (EU) 2017/373 and (EU) 2021/664;

—Commission Delegated Regulation (EU) 2022/1645 laying down rules for the application of Regulation (EU) 2018/1139, as regards requirements for the management of information security risks with a potential impact on aviation safety for organisations covered by Commission Regulations
(EU) No 748/2012 and (EU) No 139/2014, and amending said Regulations;

—ED Decision 2023/008/R ‘Management of information security risks’ that provides for AMC & GM to the Articles of Regulation (EU) 2022/1645 and Regulation (EU) 2023/203;

—ED Decision 2023/009/R ‘Management of information security risks’ that provides for AMC & GM to support the Part-IS regulatory package implementation - Part-IS.D.OR and Part-IS.I.OR; and

—ED Decision 2023/010/R ‘Management of information security risks’ that provides for AMC & GM to support the Part-IS regulatory package implementation - Part-IS.AR.

June 2024

This Revision incorporates:

—Commission Implementing Regulation (EU) 2023/1769 amending Articles 2 and 6 of Commission Implementing Regulation (EU) 2023/203;

—Commission Implementing Regulation (EU) 2024/1109 amending Articles 2 and 4 of Commission Implementing Regulation (EU) 2023/203; and

—editorial changes to:

—Article 15 and Annexes III, IV, V, VI, VII, VIII and IX to Commission Implementing Regulation (EU) 2023/203; and

—Articles 6 and 7 of Commission Delegated Regulation 2022/1645.

December 2025

This Revision includes:

—Commission Implementing Regulation (EU) 2025/2293 amending Implementing Regulation (EU) 2023/203 as regards the requirements applicable to organisations subject to a declaration, and correcting Regulations (EU) No 1178/2011, (EU) No 748/2012,
(EU) No 965/2012, (EU) No 139/2014, (EU) No 1321/2014, (EU) 2015/340, and Implementing Regulation (EU) 2017/373;

—Commission Delegated Regulation (EU) 2025/22 amending Articles 2 and 5 of, and the Annex to, Commission Delegated Regulation 2022/1645 as regards requirements on information security for organisations providing ground handling services;

—ED Decision 2025/013/R on the management of information security risks, amending the AMC & GM to the Articles of Regulations (EU) 2022/1645 and 2023/203;

—ED Decision 2025/014/R on the management of information security risks, amending the AMC & GM to Part-IS.I.OR and PartIS.D.OR;

—Corrigendum to ED Decision 2025/014/R;

—ED Decision 2025/015/R on the management of information security risks, amending the AMC & GM to Part-IS.AR;

—Corrigendum to ED Decision 2025/015/R; and

—a ‘List of acronyms and abbreviations’.