4.1 What is the reporting flow implied by the Regulation?
GM to Reg. (EU) No 376/2014 and its IRs
The green boxes and lines in the diagram below illustrate the obligation of the competent authority in terms of reporting flow. From the day of the reception of the initial report, it has 30 days to integrate this report in the ECR. In the case of follow-up it has two months to send updated information to the ECR. These workflow and timeline are applicable to occurrences receive both in the context of organisations’ mandatory and voluntary reporting schemes.
Diagram 5. Flow of information under Regulation 376/2014
4.2 What information shall be collected by the competent authority and how should it be handled?
GM to Reg. (EU) No 376/2014 and its IRs
Detailed information on the type of information to be collected by the competent authority is provided in Section 3.7.
Regulation 376/2014 establishes two different systems, the mandatory one and the voluntary one, in order to clarify reporting obligations for reporters and for organisations. It is understood that this differentiation has no impact at the level of the competent authority.
|
Key principle All occurrences reported by an organisation to its competent authority in application of Regulation 376/2014 and its implementing rules shall be handled and addressed in the same manner by this competent authority. All occurrences directly by an individual reporter to a competent authority, whether or not it is reported on the basis of Regulation 2015/1018, shall be handled and addressed in the same manner by that competent authority In general, Regulation 376/2014 does not differentiate the way mandatorily reportable and voluntarily reportable occurrences shall be addressed by the competent authority. It does, however, impose differentiated requirements to the competent authority for handling, from one side, occurrences transferred by an organisation and, from the other side, occurrences directly reported by an individual. |
All information collected from organisations, whether it was reported in application of Article 4 or of Article 5, is subject to similar handling by the competent authority. And all information directly reported by individuals to the competent authority, whether it was reported in application of Article 4 or of Article 5, is subject to the same analysis and follow-up obligations.
More detailed information on the way information collected should be handled is included in the questions below.
4.3 How is the information shared among the competent authorities?
GM to Reg. (EU) No 376/2014 and its IRs
|
Key principle The competent authorities (EASA Member States and EASA) share, among them, all information collected and registered in the respective databases through the means of the European Central Repository (ECR) (Article 9). |
This includes information on occurrences (Article 9(1)) which shall be transferred within 30 days of receipt as well as information related to their analysis and follow-up which shall be transferred within 2 months of receipt (Article 13(9)). This also includes detailed information about accidents and serious incidents such as the investigation report (Article 9(2)).
Regulation 376/2014 (Article 10(1)) provides secure full online access to the ECR to any entity entrusted with regulating civil aviation safety, or any safety investigation authority, within the Union. It is understood that this includes the Member States Civil Aviation Authorities and Safety Investigation Authorities, as well as the European Commission, EASA and Eurocontrol. This access covers the entire content of the ECR i.e. occurrences entered after 15 November 2015 as well as those which were already contained in the ECR before that date.
|
Key principle In addition, if, while handling occurrences, a competent authority identifies safety matters which may be of interest to another competent authority or which possibly requires safety action to be taken by another competent authority, it is required to forward all pertinent safety-related information to that relevant competent authority as soon as possible (Article 9(3)). |
It is understood that Regulation 376/2014 does not intend to unnecessarily duplicate the flow of information between the Member States and EASA.
Therefore, it is understood that certain criteria should be applied in order to identify those occurrences which may be of interest to another competent authority or possibly requiring safety action to be taken, and therefore to be communicated to another competent authority.
Situations where information on occurrences should be shared as soon as possible with the relevant competent authority should be understood as situations where:
— A conclusive safety analysis that summarises individual occurrence data and provides an in‑depth analysis of a safety issue is or may be relevant for another Member State or for EASA. In the case of EASA this information could be connected to the European Plan for Aviation Safety or to the role of EASA in safety promotion.
or
— The following criteria are met
i. the occurrence falls in the scope of Regulation 376/2014 (i.e. a Member State or EASA is the competent authority, the occurrence is reportable under Regulation 376/2014 and the organisation responsible of addressing the occurrence is subject to Regulation 376/2014), and
ii. the competent authority that received the occurrence has come to the conclusion that
— the organisation to which the occurrence relates and its competent authority have not been informed of the occurrence; or
— the occurrence has not been properly addressed or has been left unattended by the organisation.
This mechanism may be supported through exchange of information in the context of the Network of Aviation Safety Analysts.
4.4 When shall information be transferred to the ECR?
GM to Reg. (EU) No 376/2014 and its IRs
|
Key principle Competent authorities are required to send to the ECR initial notifications received from organisations and individuals within 30 days after registering them in their database (Article 9(1)). |
As imposing ECCAIRS and ADREP compatible reporting will provide an immediate data entry in the ECCAIRS environment of the competent authority, the time between the reception and registration of the information should be consider negligible and in practice doable in 30 days since the reception of the initial notification.
|
Key principle Competent authorities are required to send to the ECR information related to analysis and follow‑up no later than 2 months from the registration of the follow-up or final report (Article 13(9)). |
Any additional safety-related information obtained by a Member State or by EASA on any reported occurrence should be also transmitted to the ECR within the next 2 months after registering such information.
To facilitate the processing of follow-ups and final reports, the use of standard means should be promoted. The Network of Aviation Safety Analysts (NoA) and the ECCAIRS Steering Committee will contribute to develop and promote such standard means.
4.5 What is the required format to record and transfer occurrences?
GM to Reg. (EU) No 376/2014 and its IRs
Regulation 376/2014 imposes requirements on competent authorities (Article 7). These requirements apply to all occurrences collected (MOR and VOR) and are similar to those imposed on their organisations except for risk classification.
|
Key principle Occurrence reports sent to the ECR shall comply with format specifications that include (Article 7)): — the compatibility with the ECCAIRS software and the ADREP taxonomy — the use of standardised formats — the provision of mandatory data fields — the use of data quality checking processes — the classification of collected occurrences according to the European common risk classification scheme |
Detailed information about these requirements is provided in Section 3.10 to 3.14.
EASA and the Commission are developing tools to support harmonised data quality and completeness across the EU by:
— publishing standard quality rules that could be implemented in any IT or database environment
— developing the necessary methods in ECCAIRS environment to facilitate Member States to comply with mandatory data fields requirements, and
— providing training to Members States to facilitate the proper use of the ADREP taxonomy.
In addition, the European Commission is developing reference material intended to help Member States to develop their own quality rules. This reference material will contain coding guidelines for all mandatorily occurrences listed in Regulation 2015/1018 and will be accompanied by the corresponding libraries detailing the necessary quality checks in the ECCAIRS environment. This reference material will be made available in the European Reporting Portal as soon as finalised.
Regulation 376/2014 requires Member States and EASA to store and transmit the risk value of each occurrence received. This value should reflect the risk assessment done (Article 7(2)).
|
Key principle When receiving from an organisation the risk classification of an occurrence, the competent authority is required to review it and if necessary to amend it. It shall then endorse it in accordance with the common European Risk Classification Scheme (Article 7(2)). |
The European Risk Classification Scheme is under development and relevant legal acts should be adopted by May 2017 to ensure its proper implementation.
Regulation 376/2014 foresees that Article 7(2) will become applicable only after the adoption relevant legislation defining and proving the implementation rules applicable to the European Risk Classification Scheme. However, Article 7(1) and Annex I.1 of Regulation 376/2014 require the risk classification from the application date of the Regulation.
|
Key principle Member States and EASA are required to provide the risk classification for each occurrence registered in their database from 15 November 2015. However, they are not required to review and amend risk classification transmitted by the organisation, and endorse it in accordance with the common European Risk Classification Scheme before the adoption of that scheme. |
4.6 What are the competent authority obligations in terms of oversight?
GM to Reg. (EU) No 376/2014 and its IRs
Article 13(8) of Regulation 376/2014 establishes that the competent authority shall have access to the analysis made and actions taken by organisations it is responsible for. This is notably ensured by the obligation for organisations to transfer certain information to their competent authority (Article 13(4) and (5)) and to the possibility for their competent authority to request other information to be transmitted to it.
|
Key principle Regulation 376/2014 requires each competent authority to appropriately monitor actions of the organisations it is responsible for (Article 13(8)). It is understood that this monitoring obligation does not require the competent authority to perform a detailed investigation of each single occurrence it is notified of. This monitoring is notably expected to participate to the overall oversight functions of a competent authority on organisations it is responsible for. |
It is understood that, to perform this responsibility, the competent authority needs to establish a process to assess the information reported. This process should notably allow the competent authority to require additional appropriate action to be taken and implemented by the organisation in situation where it has assessed that the action was inappropriate to address actual or potential safety deficiencies (Article 13(8)). It should also enable reviewing and validating the risk classification of the occurrence.
In situations where the monitoring is done over organisations which are outside oversight responsibilities of the competent authority (ground handling organisations, small aerodromes) it is understood that the monitoring obligations do not require creating comprehensive oversight mechanisms such as inspections. It is however expected to allow analysing information transmitted with the view to monitor the appropriateness of actions adopted.
|
Key principle It is understood that not all occurrences reported will require action and that preliminary assessment made by the competent authority following initial notification may conclude that certain occurrences should be closed on receipt (no action or further analysis needed). |
In such situation, those occurrences should be reviewed if the organisation provides a follow-up or if additional information gathered by the competent authority questions the initial assessment made (i.e. by the reception of another report on the same occurrence from a different source).
4.7 How shall information collected be handled?
GM to Reg. (EU) No 376/2014 and its IRs
|
Key principle Member States and EASA shall not be prevented from taking any action necessary for maintaining or improving aviation safety (Article 16(5)). |
Detailed information on those aspects is contained in Section 2.12 and 2.13.
|
Key principle Member States and EASA are not allowed to record personal details in their database. Furthermore, they are required to take the necessary measures to ensure the appropriate confidentiality of occurrences they collect and to comply with rules on the processing of personal data. |
Regulation 376/2014 ensures the confidentiality of individual reporter identity and of any other person involved in reports stored in Member States national occurrence databases and in the EASA database. Indeed it prohibits the recording of personal details (e.g. name of the reporter or anyone else mentioned in the report, addresses of natural persons) in the competent authority database (Article 16(1), (2) and (3) and Recital 35).
In addition, requirements on the confidentiality of information and processing of personnel data similar to those imposed to organisations are applicable to the Member States and EASA. Finally, Recital 33 highlights the need for national rules on freedom of information to take into account the necessary confidentiality of information.
In addition to limitations to the use and disclosure within and by organisations, Regulation 376/2014 also includes provisions limiting the use of an occurrence report by a State or EASA and guaranteeing its confidentiality.
|
Key principle States cannot institute disciplinary, administrative or legal proceedings in respect of unpremeditated or inadvertent infringements of the law which come to their attention only because they have been reported pursuant to Regulation 376/2014 unless where otherwise provided by applicable national criminal law (Article 16(6) and Recital 43). In the cases where disciplinary or administrative proceedings have been instituted under national law, information contained in occurrence reports cannot be used against the reporters or the persons mentioned in occurrence reports (Article 16(7) and Recital 44). |
|
Key principle Regulation 376/2014 recognises two exceptions to these principles (Article 16(10)): — wilful misconduct; and — situations where there has been a manifest, severe and serious disregard of an obvious risk and profound failure of professional responsibility to take such care as is evidently required in the circumstances, causing foreseeable damage to a person or property, or which seriously compromises the level of aviation safety. |
The objective is to clearly set, in the legislation, the line between acceptable behaviours (which shall not be punished) and unacceptable behaviours (which can be punished).
This means that outside those unacceptable behaviours situations, a State is not allowed to open a proceeding if it is only made aware of a situation because an occurrence was reported under Regulation 376/2014. It is however understood that in those cases where the opening of a criminal proceeding on the basis of an occurrence report is allowed under national law, national law has precedent and applies. But limitation to the possibility of disclosing information on occurrences (see below) remains applicable in all cases.
|
Key principle Competent authorities can only use an occurrence report for the purpose for which it has been collected (Article 15(1)). They are not allowed to make available or use occurrence reports: — in order to attribute blame or liability; or — for any purpose other than the maintenance or improvement of aviation safety (Article 15(2)). |
Those limitations to the disclosure or use of occurrence reports apply within the competent authority as well as outside of it.
It is therefore understood that sharing information on occurrences with press and media is not allowed by Regulation 376/2014. Disclosure of information on occurrence reports to judicial authorities is similarly not allowed.
|
Key principle There are however few exceptions to those principles. Firstly, it is understood that in a situation where safety might be endangered, information on occurrences may be shared or used with a view to maintain or improve aviation safety. It is therefore understood that sharing or using information on occurrences in the cases detailed in Article 16(10) with the view to address the risks to safety is allowed by the Regulation. In addition, any measure necessary for safety can be adopted, including where necessary the suspension of a licence or requesting a person to do additional training. This is reinforced with the principle that Member States and EASA shall not be prevented from taking any action necessary for maintaining or improving aviation safety as stated in Article 16(5). Secondly, exception may apply in a situation where an investigation under Regulation (EU) No 996/2010 has been instituted, as the provisions of Regulation 996/2010 have precedent in such case (Article 15(2)). |
Regulation 996/2010 foresees in its Article 14(2) and (3) that, in cases where it applies (opening of a formal technical accident or incident investigation), occurrences reports shall not be made available or used for purposes other than aviation safety unless the administration of justice or the authority competent to decide on the disclosure of records according to national law decides that the benefits of the disclosure of the occurrence report outweigh the adverse domestic and international impact that such action may have on that or any future safety investigation (balancing test). If this balancing test concludes that the information on occurrences should be disclosed, then the organisation should make it available to the requesting authority.
The Member States are allowed to provide, at national level, a more protective framework (Article 16(8)) which may in particular provide full impunity to reporters.
|
Key principle All limitations applicable to disclosure and use of occurrences information contained in Regulation 376/2014 cover to the entire competent authority database i.e. it applies to all occurrences contained in the database including those registered in the database prior to 15 November 2015. |
The Regulation also requests the Member States competent authorities to cooperate with their competent authorities for the administration of justice through advance administrative arrangements (Article 15(4)). It is specified that these advance administrative arrangements shall seek to ensure the correct balance between the need for proper administration of justice, on the one hand, and the necessary continued availability of safety information, on the other. It is understood that these advance arrangements should notably cover the access to occurrence reports by judicial authorities in cases where Regulation 996/2010 is applicable.
4.8 Can the competent authority share information contained in the ECR and under what conditions?
GM to Reg. (EU) No 376/2014 and its IRs
The ECR being a European database, its access and use are subject to specific rules under EU law.
|
Key principle Member States and EASA shall ensure compliance with rules on ECR access and use including for local access they have to the ECR. Granting direct access to the ECR is limited to defined personnel in Member States Civil Aviation Authority and Safety Investigation Authority and in EASA. It is prohibited outside of these cases. |
The possibility to provide certain information from the ECR and the processes to be applied are described in Articles 10 to 12 of Regulation 376/2014.
In this context, third parties may request information contained in the ECR. The request shall be submitted to the Member State where the third party is established or to the European Commission when the place of establishment is not a Member State territory. The Member State or the European Commission will assess the suitability of the request and, if applicable, will provide the requested information.
Information from the ECR can only be supplied in aggregated (e.g. number of runway incursions for a given period) or anonymised form (removed of any details, including the name of the organisation involved in the occurrence, which may reveal the identity of the reporter or of a third party). Non anonymised information can only be provided if it relates to the requestor own equipment, operations or field of activity (Articles 2 and 11). It is understood that information unrelated to the requestor own equipment or operations but related to his field of activity will be provided anonymised.
Requests shall fulfil the criteria stablished in the Articles 10 and 11 of Regulation 376/2014 and will be subject to individual decision made by the relevant point of contact.
The third party receiving information from the ECR is responsible and liable of ensuring that information is only used for the purpose specified in the request form, that the information is not disclosed without the written consent of the information provider and that it has taken the necessary measures to ensure appropriate confidentiality of the information received.
4.9 How shall States implement Article 16(12) of Regulation 376/2014?
GM to Reg. (EU) No 376/2014 and its IRs
|
Key principle Article 16(2) requires the Member States to designate a body responsible for the implementation of Article 16 (6), (9) and (11). |
Article 16(6) states the principle of proceedings limitations; Article 16(9) establishes the principle of non-prejudice in a corporate context, both principles being subject to the two exceptions mentioned in Article 16(10). Article 16(11) sets the obligation for organisations to adopt, after consulting its staff representatives, internal rules describing how ‘Just Culture’ principles are guaranteed and implemented within that organisation.
|
Key principle Full flexibility is given to the Member States to decide which entity shall be entrusted with this role. |
It is understood that it could be an existing entity or an entity established specifically for fulfilling this responsibility. It is also understood that this entity might be elsewhere entrusted with aviation responsibilities, judicial responsibilities, ombudsman related responsibilities or with any other responsibility. Member States are however encouraged to designate an entity which acts independently from those responsible for the implementation of Article 16 (6), (9) and (11).
The designated entity is responsible for:
— Receiving and handling employees and contracted personnel alleged infringements of the rules
— Advise the relevant authorities of the Member States on the adoption of actions against those who infringe the principles of protection of the reporter and of other persons mentioned in occurrence reports, such as remedies or penalties
— Upon its decision, reviewing ‘Just Culture’ internal rules of organisations established in its Member State.
It is understood that this entity shall coordinate with the authorities of its Member State responsible for imposing penalties in infringement to the Regulation and shall advise them about remedies or penalties it intends to adopt (Article 16(12)).
A report detailing the activities of this entity shall be sent to the European Commission every five years.