Easy Access Rules for U-space (Regulation (EU) 2021/664)

ED Decision 2022/022/R

FLOW OF TRAFFIC INFORMATION

Traffic information is originally generated on board manned or unmanned aircraft by systems that compute, for example, own time, position and speed of the aircraft.

(a)Operators of unmanned aircraft in U-space airspace provide traffic information to USSPs by means of network identification service.

(b)Operators of manned aircraft not subject to ATC in U-space airspace provide traffic information to USSPs in accordance with point SERA.6005(c) of Regulation (EU) No 923/2012.

(c)Inside controlled airspace, ATSPs provide traffic information on manned aircraft to USSPs.

(d)USSPs share traffic information among themselves and with UAS operators.

(e)There is no direct flow of traffic information from USSPs to operators of manned aircraft.

ED Decision 2022/022/R

PERFORMANCE OF THE TRAFFIC INFORMATION DISTRIBUTION

USSPs should demonstrate a latency for distributing traffic information that is lower than 5 seconds for at least 99 % of the time.

Implementing Regulation (EU) 2021/664

1.When providing a weather information service, U-space service providers shall:

(a)collect weather data, provided by trusted sources, to maintain safety and support operational decisions of other U-space services;

(b)provide the UAS operator with weather forecasts and actual weather information either before or during the flight.

2.The weather information service shall include, as a minimum:

(a)wind direction measured clockwise through the true north and speed in metres per second, including gusts;

(b)the height of the lowest broken or overcast layer in hundreds of feet above ground level;

(c)visibility in metres and kilometres;

(d)temperature and dew point;

(e)indicators of convective activity and precipitation;

(f)the location and time of the observation, or the valid times and locations of the forecast;

(g)appropriate QNH with geographical location of its applicability.

3.U-space service providers shall provide weather information that is up-to-date and reliable to support UAS operation.

ED Decision 2022/022/R

GENERAL

(a)The USSP collects the weather information necessary to support UAS operational decisions in a specific U-space airspace and supports the provision of other U-space services, such as the UAS flight authorisation service.

(b)It is recognised that the weather information service intended for UAS operations is different from that provided by today’s meteorological service providers, especially when it comes to UAS operations in the ‘open’ and ‘specific’ category. UAS may fly near buildings and in areas where current aeronautical meteorological information is not always provided. Therefore, Article 12 of Regulation (EU) 2021/664 specifies the minimum content of weather information to be available for the purpose of UAS operations. It does not exclude the possibility that current aeronautical meteorological service providers may also provide this service.

ED Decision 2022/022/R

TRUSTED SOURCES

(a)USSPs should use weather data that comes from authoritative sources.

(b)Where such weather data is not formally available from an authoritative source, but is required by end users, USSPs should use weather data from other (non-authoritative) sources, provided they have been verified and validated by the USSP to conform with the data quality requirements.

(c)USSPs should enable the identification of the source of the weather data in accordance with the contractual arrangements concluded with their UAS operators.

ED Decision 2022/022/R

TRUSTED SOURCES

(a)An authoritative source may be an organisation that is formally recognised by the Member State to originate and/or publish weather information which meets the data quality requirements as specified by that Member State. An authoritative source may be a meteorological service provider certified in accordance with Regulation (EU) 2017/373.

(b)A non-authoritative source may be an organisation other than that defined in point (a), but which originates and/or publishes weather data derived through data gathering or measuring (e.g. by the USSPs themselves, aircraft operators, or other relevant weather information organisations, or a combination of them), which conforms with the data quality requirements as specified by the Member State.

ED Decision 2022/022/R

WEATHER INFORMATION

USSPs should provide weather information that contains:

(a)the location of the observation or forecast using:

(1)the ICAO designator, where available; or

(2)the geographic position expressed in the WGS 84 coordinate;

(b)the validity of the observation or forecast by specifying:

(1)the validity area/volume either via the ICAO designator and, where available, the WGS 84 position or WGS 84 area of validity; and

(2)the time of the observation and/or the validity of the forecast in UTC time.

ED Decision 2022/022/R

WEATHER REPORTS

Article 12(2) of Regulation (EU) 2021/664 defines the minimum weather information set to be provided by the USSP. In certain cases, USSPs may either display a subset of, or enrich, this weather data set (or additional sources of information) to:

(a)provide the information to the end user for awareness;

(b)complete the weather data set with weather information that is publicly available, such as MET information.

ED Decision 2022/022/R

UP-TO-DATE INFORMATION

(a)Upon receipt of updated weather information related to current weather, the USSP should provide it to the UAS operator within maximum 30 seconds.

(b)Upon receipt of an updated weather forecast, the USSP should provide it to the UAS operator within maximum 5 minutes from the time the USSP starts processing the data.

(c)The USSP should inform the end user when the information is not up to date.

RELIABILITY

(d)The USSP should inform the end user of the source of the data at the request of the UAS operator.

(e)The USSP should provide a confidence level of the data being provided, where available, or indicate that the confidence level is unknown.

ED Decision 2022/022/R

UP-TO-DATE INFORMATION

(a)It is the responsibility of the USSP to ensure that the data being consumed or referred to is the last available data set from the trusted source.

(b)The USSP is not responsible for ensuring that the data being exposed by the trusted source is effectively the last available data. This responsibility lies with the trusted source.

RELIABILITY

(c)The reliability of the data pertains mostly to the security, availability, and status reporting to the end user. USSPs should ensure that the UAS operator is presented with accurate information that has not been tampered with, and with information regarding the confidence level of the data where this is available at the source.

(d)When MET data is provided using the standard MET products (such as METAR or aerodrome local report), the confidence levels are contained within the MET standards that define these products, as specified in ICAO Annex 3 ‘Meteorological Service for International Air Navigation’.

Implementing Regulation (EU) 2021/664

1.A conformance monitoring service shall enable the UAS operators to verify whether they comply with the requirements set out in Article 6(1) and the terms of the UAS flight authorisation. To this end, this service shall alert the UAS operator when the flight authorisation deviation thresholds are violated and when the requirements in Article 6(1) are not complied with.

2.Where the conformance monitoring service detects a deviation from the flight authorisation, the U-space service provider shall alert the other UAS operators operating in the vicinity of the UAS concerned, other U-space service providers offering services in the same airspace and relevant air traffic services units, which shall acknowledge the alert.

ED Decision 2022/022/R

GENERAL

(a)Article 13 of Regulation (EU) 2021/664 contains a general description of the objective of the conformance monitoring service, as well as the requirements for the USSPs that provide such service. This service checks the current in-flight information of each UAS with respect to the actual progress of the UAS flight as reported by the UAS operator or obtained from the remote identification service. The monitoring is performed per UAS flight.

(b)When any non-conformance of the UAS flight is detected, the USSP alerts:

(1)the UAS operator of the flight for which the non-conformance is detected;

(2)other air traffic,

(3)other USSPs;

(4)the single CIS provider, where applicable; or

(5)other relevant authorities.

(c)The USSP that detects a non-conformance should:

(1)add the information on deviation in the traffic information message if an unmanned aircraft is non-compliant;

(2)alert the UAS operators whose unmanned aircraft fail to comply with their planned operation; and

(3)monitor all current flight operations of their subscribed UAS operators; all USSPs have collective responsibility to dispatch relevant information to the UAS operators concerned.

ED Decision 2022/022/R

NON-CONFORMANCE — EXAMPLES

A non-conformance may occur when a UAS flight does not comply:

(a)with any of the operational conditions or airspace constraints referred to in Article 3(4)(c) of Regulation (EU) 2021/664;

(b)with any of the terms or conditions of its flight authorisation in accordance with Article 10(1) of Regulation (EU) 2021/664;

(c)with any of the deviation thresholds of its flight authorisation in accordance with Article 10(2)(d) of Regulation (EU) 2021/664.

ED Decision 2022/022/R

DETERMINATION OF CONFORMANCE

The USSP should perform the following sequence:

(a)match the unmanned aircraft with a corresponding flight authorisation(s);

(b)determine whether the unmanned aircraft is subject to an accepted and activated flight authorisation;

(c)determine whether the unmanned aircraft complies with the deviation thresholds of the flight authorisation;

(d)when possible, determine whether the unmanned aircraft complies with the requirements laid down in Article 6(1) of Regulation (EU) 2021/664, and the terms and conditions of the UAS flight authorisation;

When the UAS is detected to be non-conformant, the USSP should provide the details of the nonconformance in the alert.

ED Decision 2022/022/R

NON-CONFORMANCE WITH THE DEVIATION THRESHOLDS

The USSP should consolidate the deviation with the flight authorisation, and should confirm the nonconformance, when the UAS is outside the authorised 4D volume, including the deviation thresholds, for more than 5 % of the time as validated over time.

ED Decision 2022/022/R

NON-CONFORMANCE WITH THE FLIGH ACTIVATION/DEACTIVATION

The USSP should detect a non-conformance when a UAS flight:

(a)is performed without flight authorisation or proper flight activation (i.e. accepted by the USSP);

(b)has not ended, and the time limit of the flight authorisation has passed.

ED Decision 2022/022/R

PERFORMANCE OF THE NON-CONFORMANCE ALERTING

To ensure safety of operations through the timely reaction of UAS operators, the USSP should alert UAS operators within 5 seconds, for 99 % of the time, when a non-conformance is detected.

ED Decision 2022/022/R

PRELIMINARY ALERT TO THE INFRINGEMENT OF THE 4D VOLUME

When the UAS flight approaches the boundaries of the authorised 4D volume, a preliminary alert may be generated by the USSP to raise awareness of the UAS operator about the potential for infringement and non-conformance.

ED Decision 2022/022/R

NON-CONFORMANCE WITH THE FLIGH ACTIVATION/DEACTIVATION

A flight which remains airborne after the time limit of its flight authorisation has passed may no longer be conflict free, and poses a hazard to other flights which conform with their flight authorisations. Therefore, a flight which has not ended by the time its flight authorisation time limit has passed is non-conformant.

ED Decision 2022/022/R

NON-CONFORMANCE NOTIFICATION

The aim of the non-conformance notification is to provide information with regard to the specific position of the unmanned aircraft at the time it became non-conformant with respect to its flight authorisation. The information about a non-conformant unmanned aircraft comprises the time, the position, and the number of non-conformant occurrences, each with an indication of deviation when possible.

ED Decision 2022/022/R

ALERTS TO THE AIR TRAFFIC CONTROL UNIT

The USSP should issue a non-conformance alert to the relevant ATC unit when a non-conformant unmanned aircraft is likely to represent a threat to manned aircraft in controlled airspace, i.e. the unmanned aircraft exits the U-space airspace, or enters an area where the implementation of an airspace restriction or a dynamic reconfiguration is in progress.

CHAPTER V — CERTIFICATION OF U-SPACE SERVICE PROVIDERS AND SINGLE COMMON INFORMATION SERVICE PROVIDERS

Implementing Regulation (EU) 2021/664

1.U-space service providers and, when designated, single common information service providers shall hold a certificate issued by the competent authority of the Member State of their principal place of business.

2.U-space service providers and, when designated, single common information service providers that have their principal place of business, are established, or reside in a third country, shall apply for a certificate to the European Union Aviation Safety Agency (‘the Agency’).

3.The U-space service provider’s certificate shall be issued in accordance with Annex VI.

4.The single common information service provider’s certificate shall be issued in accordance with Annex VII.

5.The certificate shall determine the rights and privileges of its holder to provide services to which it relates.

6.An application for a U-space service provider or a single common information service provider certificate, or for an amendment to an existing certificate, shall be submitted in a form and manner established by the competent authority, or by the Agency, as applicable.

ED Decision 2022/022/R

GENERAL

(a)The provision of U-space services and single CIS is subject to certification by the relevant competent authority.

(b)The competent authority may be:

(1)the national competent authority of the Member States where the USSPs and, when designated, the single CIS providers have their principal place of business;

(2)the Agency for USSPs and single CIS providers from third countries;

(3)the Agency, at the request of the USSPs or the single CIS providers that provide services in more than one Member State, following a coordination process described in Article 64 (at the request of the organisation) or Article 65 (at the request of the national competent authority) of Regulation (EU) 2018/1139.

(c)The certification scheme aims to preserve public interest, most notably in terms of safety. The certificate confirms that the single CIS provider or the USSP meets the requirements of Regulation (EU) 2021/664 as regards the provision of specific U-space services in the U-space airspace, commensurate with the risk associated with the U-space services they provide. The certificate specifies the rights and obligations of the single CIS provider or the USSP, with particular regard to safety.

(d)Annexes VI and VII to Regulation (EU) 2021/664 establish the certificate form templates for the USSP and the single CIS provider respectively. By introducing this single certificate concept, all the privileges of a USSP are to be mentioned in the attachment to the certificate specifying the type of U-space services, and the respective conditions and associated limitations. For the CIS provider, the certificate form does not include an attachment specifying the type of U-space services, conditions and limitations of the certificate because the CIS provider should always provide the required CIS in the U-space airspace for which the CIS provider has been designated.

ED Decision 2022/022/R

OPERATIONAL CONDITIONS AND LIMITATIONS IN THE USSP CERTIFICATE

(a)The ‘Limitations’ section of the certificate may be used to identify the restrictions to be applied in the provision of services and any other particularity of the service(s) provided (e.g. intended usage, type of operations).

(b)Limitations may also relate to some restrictions on the service(s) provided associated with noncompliances with respect to some performance requirements.

(c)The ‘Conditions’ may address actions that require to be accomplished to confirm the validity of the certificate.

(d)The certificate captures the specification of ‘services’, including the relevant performance requirements addressed in AMC2 to Article 3(4) of Regulation (EU) 2021/664, demonstrated to the competent authority.

ED Decision 2022/022/R

APPLICATION FORM — TEMPLATE

Competent authorities may wish to consider using the following application form template, for the purpose of facilitating the harmonised implementation of Regulation (EU) 2021/664.

Implementing Regulation (EU) 2023/203

1.U-space service providers and, when designated, single common information service providers shall be granted certificates if they demonstrate that they:

(a)are able to provide their services in a safe, secure, efficient, continuous and sustainable manner, consistent with the intended UAS operations and in compliance with the level of performance established by the Member States for the U-space airspace in accordance with Article 3(4);

(b)use systems and equipment that guarantee the quality, latency and protection of the Uspace or common information services in accordance with this Regulation;

(c)have the appropriate net capital commensurate with the costs and risks associated with the provision of U-space or common information services;

(d)are able to report occurrences in accordance with point ATM/ANS.OR.A.065 in Subpart A of Annex III to Implementing Regulation (EU) 2017/373;

(e)implement and maintain a management system in accordance with Subpart B of Annex III to Implementing Regulation (EU) 2017/373;

(f)implement and maintain a security management system in accordance with point ATM/ANS.OR.D.010 in Subpart D of Annex III to Implementing Regulation (EU) 2017/373;

[applicable until 21 February 2026 — Implementing Regulation (EU) 2021/664]

(f)implement and maintain a security management system in accordance with point ATM/ANS.OR.D.010 in Subpart D of Annex III to Implementing Regulation (EU) 2017/373 and an information security management system in accordance with Annex II (PartIS.I.OR) to Implementing Regulation (EU) 2023/203;

[applicable from 22 February 2026 — Implementing Regulation (EU) 2023/203]

(g)retain for a period of, at least 30 days, recorded operational information and data or longer, where the recordings are pertinent to accident and incident investigations until it is evident that they will no longer be required;

(h)have a robust business plan indicating that they can meet their actual obligations to provide services in a continuous manner for a period of at least 12 months from the start of operations;

(i)have in place arrangements to cover liabilities related to the execution of their tasks appropriate to the potential loss and damage;

(j)where they avail themselves of services of another service provider, they have the agreements concluded to that effect, specifying the allocation of liability between them;

(k)have developed a contingency plan in the case of events, including security breaches impacting the delivery of services, which result in significant degradation or interruption of their operations;

2.In addition to the requirements laid down in paragraph 1, U-space service providers shall have an emergency management plan to assist the UAS operator experiencing an emergency and a communication plan to inform those concerned.

ED Decision 2022/022/R

GENERAL

(a)Article 15 of Regulation (EU) 2021/664 contains the conditions for obtaining a certificate. They are inspired from the requirements that apply for ATM/ANS providers (i.e. those contained in Subpart B of Annex III to Regulation (EU) 2017/373) to obtain and maintain their respective certificates, but tailored to the particularities of the U-space.

(b)USSPs and single CIS providers are organisations that directly contribute to safe UAS operations within the U-space airspace, and it is important that they have a risk-based management system in place. It is, therefore, essential that they comply with an appropriate management system established for that purpose. To apply this management system, taking into account the different types of providers and the performance of the services they provide, Regulation (EU) 2021/664 lays down some management system requirements. The elements of this management system are, therefore, harmonised for all the different types of single CIS providers or USSPs, but their application may be different depending on the different services provided, especially for the USSPs. Therefore, the proposed management system provides for a proportionate application of the requirements for both providers.

(c)USSPs and single CIS providers are also required to implement a security management system based on the requirements laid down in point ATM/ANS.OR.D.010 of Subpart D of Annex III to Regulation (EU) 2017/373. It has to be noted that Opinion No 03/2021 ‘Management of information security risks’²⁶ proposes amendments, among others, to Subpart D of Annex III to Regulation (EU) 2017/373, which will become applicable to USSPs and single CIS providers once the related regulation is published.

(d)To become a certified USSP, the applicant should demonstrate its capability to provide at least the four mandatory U-space services referred to in Article 3(2) of Regulation (EU) 2021/664. Whenever required by a Member State as per Article 3(3) of Regulation (EU) 2021/664, the applicant should also demonstrate its capability to provide the additional U-space services.

(e)Once an applicant becomes a certified USSP, it may provide services in any U-space airspace across the European Union. However, before the USSP starts providing services, the competent authority of the U-space airspace where the provision of services is intended to take place may need to validate that the USSP satisfies the local conditions (e.g. performance requirements and constraints).

ED Decision 2022/022/R

SAFETY SUPPORT ASSESSMENT

The applicant should provide the assurance with sufficient confidence that the provision of services that support the conduct of UAS operations will comply with the required level of performance and constraints via a complete, documented and valid argument that the services will be provided and will continue to be provided only as specified in the specified context. The safety support assessment undertaken by the applicant should encompass any contracted activities or specific arrangements.

For that purpose, the applicant should define its ‘functional systems’, ‘specification of services’ and ‘safety support requirements’.

ED Decision 2022/022/R

VERIFICATION OF THE SAFETY SUPPORT ASSESSMENT PROCESS

The applicant should ensure that the verification activities as regards the safety support assessment process ensure the completeness and correctness of the argument and include the verification that:

(a)the risk analysis is complete;

(b)the safety criteria are correct and commensurate with the risk analysis;

(c)all the elements of the ‘functional system’ or environment of operation are identified;

(d)the specification of the operational context is complete and correct;

(e)that the specification of the way the service behaves is complete and correct;

(f)the specification is analysed in the context in which the services are intended to be provided;

(g)the ‘safety support requirements’ are correct and complete in relation to the specification;

(h)the design is complete and correct with reference to the ‘specification of services’ and ‘safety support requirements’, and correctly addresses the safety criteria;

(i)the design is the one analysed;

(j)the implementation, to the intended degree of confidence, corresponds to the design analysed and behaves only as specified in the given operational context; and

(k)the way the service behaves complies with and does not contradict other applicable requirements.

ED Decision 2022/022/R

CONCEPT OF OPERATIONS (CONOPS)

The applicant should develop its concept of operations, which is meant to:

(a)increase the competent authority’s understanding of the applicant’s use case;

(b)define the scope of the functional system submitted for certification;

(c)establish the depth and boundaries of the certification, and ultimately the scope of the certificate;

(d)capture the assumptions on the U-space performance requirements to be satisfied as per Article 3(4) of Regulation (EU) 2021/664.

ED Decision 2022/022/R

COMPLIANCE MATRIX

The applicant should develop a compliance matrix for the competent authority to ensure the soundness and completeness of the compliance demonstration. The compliance matrix should:

(a)cover all the layers of items to be satisfied (i.e. requirements of Regulation (EU) 2021/664, the related AMC and GM, and applicable industry standards);

(b)capture how each item is intended to be satisfied; and

(c)link each item with supporting evidence (e.g. documents, tests, engineering documents).

ED Decision 2022/022/R

INFORMATION THAT SUPPORTS CERTIFICATION

The applicant should provide all necessary information to the competent authority during the certification activities, especially in presenting its strategy for the purpose of certification and seeking agreement on the scope and depth of the assessment of the certification. The applicant should develop evidence, and make it available to the competent authority for investigation, which demonstrates that its ‘functional system’ allows for the safe provision of the services.

Additionally, the applicant should report to the competent authority any deficiencies (including those related to information security) and/or errors identified in the functional system, especially those that could lead to an unsafe condition. Such reports should be made in a form and manner acceptable to the competent authority.

ED Decision 2022/022/R

CORRELATION BETWEEN REGULATION (EU) 2017/373 AND THE AMC AND GM TO REGULATION (EU) 2021/664

Subpart B, and some requirements in Subpart A and D of Annex III to Regulation (EU) 2017/373 are also applicable to USSPs and single CIS providers by virtue of the specific applicability references made in Article 15 of Regulation (EU) 2021/664. However, the AMC and GM to Regulation (EU) 2017/373 are naturally not addressed to USSPs or to single CIS providers and are, therefore, not applicable to them.

To facilitate the reading and implementation of the relevant requirements, the following table contains the correlation between the applicable requirements of Subparts A, B and D of Annex III to Regulation (EU) 2017/373 and the AMC and GM to Article 15 of Regulation (EU) 2021/664. In this context, the table below contains the acceptable means of compliance and guidance material for USSPs and single CIS providers to ensure compliance with the listed requirements of Regulation (EU) 2017/373. For the applicable requirements in Subparts A, B and D of Annex III to Regulation (EU) 2017/373, listed in the table below, for which no AMC and GM are provided, USSPs and single CIS providers may propose their own means to comply with the applicable requirements.

ED Decision 2022/022/R

‘APPLICANT’ IN THE CONTEXT OF THE U-SPACE

For the purposes of Articles 14 and 15 of Regulation (EU) 2021/664, ‘applicant’ means the USSP or the designated single CIS provider that seeks the obtention and approval of a certificate as per Article 14 of Regulation (EU) 2021/664.

ED Decision 2022/022/R

‘UNSAFE CONDITION’ IN THE CONTEXT OF THE U-SPACE

For the purposes of Regulation (EU) 2021/664, ‘unsafe condition’ may be considered a situation which, due to data error or data alteration (e.g. in case of malicious interactions), a procedure error, or a system excessive response time or malfunction may result (but is not limited to) in the following:

(a)insufficient separation/spacing, or air proximity between manned and unmanned aircraft within the U-space airspace, which may result in mid-air collision;

(b)a lack of separation between unmanned aircraft, which may result in mid-air collision leading to an increase of the ground risk;

(c)an unmanned aircraft exiting the boundaries of the U-space airspace;

(d)an unmanned aircraft entering a prohibited (no-fly zone) or a restricted access geographical zone (as per Article 15 of Regulation (EU) 2019/947), which could be established within the Uspace airspace.

ED Decision 2022/022/R

‘FUNCTIONAL SYSTEM’ IN THE CONTEXT OF THE U-SPACE

For the purposes of Regulation (EU) 2021/664, ‘functional system’ means a combination of procedures, human resources and equipment, including hardware and software, organised to provide services within the context of the U-space airspace.

ED Decision 2022/022/R

SAFETY SUPPORT REQUIREMENTS

Safety support requirements are the characteristics/items of the functional system to ensure that the service performs as specified. The following non-exhaustive list contains examples of safety support requirements that specify:

(a)for software (and equipment), the complete behaviour in terms of functions, accuracy, timing, order, format, capacity, resource usage, robustness to abnormal conditions, overload tolerance, availability, reliability, confidence and integrity;

(b)for people, their performance in terms of tasks (e.g. accuracy, response times, acceptable workload, resilience to distraction, self-awareness, team-player capacity, adaptability, reliability, confidence, skills, and knowledge in relation to their tasks);

(c)for procedures, the circumstances for their enforcement, the resources needed to perform them (i.e. people and equipment), the sequence of actions to be performed, and the timing and accuracy of the actions; and

(d)interactions between all parts of the system.

ED Decision 2022/022/R

SPECIFICATION OF SERVICES

As per the AMC and GM to Article 3 of Regulation (EU) 2021/664, the acceptable level of safety (ALS) is determined during the airspace risk assessment and materialised upon the U-space airspace definition and the related performance requirements and constraints. These ‘high-level design characteristics’ of the functional system, complemented with those derived from the applicant’s safety assessment form the ‘specification of services’, which is the baseline applicants should use for their safety support assessments alongside the ‘safety support requirements’.

In the absence of established U-space performance requirements and constraints, as per the AMC and GM to Article 3 of Regulation (EU) 2021/664, the applicant should make reasonable assumptions to define a suitable set of performance requirements.

The applicant should demonstrate to the competent authority that the specification is complete and correct with regard to its concept of operations (CONOPS) and safety assessment.

ED Decision 2022/022/R

CERTIFICATION DATA AND EVIDENCE

The data and evidence that support the applicant’s certification cover both procedural and technical aspects, and encompass the following items:

(a)concept of operations (CONOPS);

(b)compliance matrix with Regulation (EU) 2021/664, the related AMC and GM, and applicable industry standards;

(c)description of the engineering processes and procedures (e.g. software assurance);

(d)engineering and design documentation;

(e)safety assessment;

(f)security risk assessment;

(g)operational procedures and instructions to other dependent stakeholders (e.g. USSPs, UAS operators);

(h)analyses and tests;

(i)records (e.g. review, configuration and changes, statement of works, quality, etc.);

(j)residual defects and limitations.

Given that certification is a dynamic process, other items may be considered necessary to be documented during the certification activities.

ED Decision 2022/022/R

CONCEPT OF OPERATIONS (CONOPS) — CONTENT

The content of the CONOPS should be agreed with the competent authority, and may cover the following:

(a)For the USSP and the single CIS provider:

(1)description of the applicant’s business case;

(2)when known, description of the U-space environment where the service(s) is (are) intended to be provided (e.g. identification of the stakeholders);

(3)whether the provision of services is intended in controlled and/or uncontrolled airspace and/or in airspace where both controlled and uncontrolled manned aircraft operations take place;

(4)description of the infrastructure, and how the availability/continuity of the provision of the service(s) is satisfied;

(5)operational capacity (e.g. number of simultaneous operations supported, growth potential/scalability);

(6)specific arrangements (e.g. service acquired from a third party, or through subcontracted activities);

(7)a description of each of the services provided by the applicant, and the operational functions and design principles that drive the implementation of the services delivered to U-space airspace actors;

(8)description of the applicant’s ‘functional system’;

(9)if any, the targeted level of integrity or reliability of the functional systems;

(10)the technical measures regarding cybersecurity (e.g. authentication means, encryption);

(11)when relevant, description of previous certification/approval experience;

(12)declaration of any additional features which are not required to comply with Regulation (EU) 2021/664 (and thus outside the scope of the certification);

(13)the assumptions on the U-space performance requirements addressed in the AMC and GM to Article 3(4) of Regulation (EU) 2021/664;

(14)any other considerations that may help the competent authority to gain a good understanding of the applicant’s use case.

(b)For the single CIS provider:

(1)the type of information collected from the CIS, and from which organisation;

(2)interfaces with USSPs, ATSPs and other relevant entities that are entitled to provide information through the CIS;

(3)a description of the service and information provided to the USSPs.

(c)For the USSP:

(1)whether the provision of services is intended in centralised and/or decentralised CIS;

(2)how the information is intended to be exchanged with other USSPs and, when relevant, with the CIS;

(3)the U-space services provided as per Article 3(2) and (3) of Regulation (EU) 2021/664;

(4)the type of supported operations, such as VLOS/BVLOS, over congested environment;

(5)how the services are intended to be delivered to UAS operators (e.g. API or HMI);

(6)the operational limits of their system, e.g. range, altitude, etc.;

(7)the solution implemented to receive the UAS remote identification.

ED Decision 2022/022/R

COMPLIANCE MATRIX

The applicant is free to select the way of packaging the evidence that supports compliance. The development of the compliance matrix may also be an iterative process, as the evidence may not be fully available or characterised at an initial version of the compliance matrix, and several versions of the compliance matrix may be delivered during the initial certification process and subsequently updated during the continued oversight process.

However, even at an initial version of the compliance matrix, the early identification of the documents that support compliance remains necessary in order to provide an overview of the compliance approach.

ED Decision 2022/022/R

APPROACH TO CERTIFICATION

Based on the presentation of the applicant’s CONOPS, strategy for certification, and the associated set of data and evidence, the competent authority defines the scope and depth of the certification investigations and selects the documents, set of data, and activities (e.g. onboarding process, software development, tests, change management procedures, etc.) to be assessed.

The competent authority’s investigation comprises two main types of investigation:

(a)Desktop reviews: mostly dedicated to documentation reviews performed remotely, without visiting the applicant’s facilities.

(b)Audits: to perform an in-depth and comprehensive assessment/inspection of the applicant’s organisation, activities, processes, and evidence. Depending on whether or not a physical inspection is necessary, audits may be performed on-site or remotely considering, for example, the efficiency of the access and the assessment of the items subject to investigation, and access to personnel in charge of the applicant’s activities.

ED Decision 2022/022/R

SOFTWARE ASSURANCE

The applicant should ensure that a documented software assurance process is established to produce evidence and arguments that demonstrate that the provision of services satisfies the required U-space performance requirements.

Accordingly, the applicant should control the development of its software and follow a structured process, including planned and systematic activities (procedures), to substantiate with sufficient confidence that:

(a)development errors (e.g. mistakes made in the determination, design or implementation of the requirements) have been identified, corrected or mitigated, and that the potential residual defects in the implementation are minimised; and

(b)the software behaves as intended in the specified context.

When relevant, the applicant should also demonstrate that the implementation of potential additional features, except those required for ensuring the safe provision of services, do not interfere with the safe provision of the required services.

When software assurance relies on credit taken from simulated environments and/or automated activities (e.g. automated verification) the applicant should:

(a)identify the scope and the credit taken from those activities and substantiate their relevance for the arguments that demonstrate that the provision of services satisfies the U-space performance requirements; and

(b)demonstrate that the simulated or automated environments:

(1)are representative of, or sufficiency close to, the real operational conditions; and

(2)can be trusted, in producing evidence of their proper behaviour and products.

ED Decision 2022/022/R

INFORMATION SECURITY ASSURANCE

In conjunction with point B of Annex III to Regulation (EU) 2021/664, the applicant should ensure a level of security consistent with the intended UAS operations by evaluating and mitigating the risks induced by potential intentional unauthorised electronic interaction (IUEI) on the components of the functional systems (e.g. including the hardware and software, interfaces with the other U-space airspace stakeholders, e-conspicuity, or Network R-ID receivers).

The applicant should follow a continued risk-based approach as regards the following:

(a)To assess the provision of services against any potential information security threat and vulnerability that could affect the confidentiality, availability and integrity of the provision of services.

(b)The result of this assessment, following the identification of any necessary mitigation means, should be that the provision of services entails no identifiable vulnerabilities, or if any, they cannot be exploited to create a hazard or generate a failure that would have an effect that is considered unacceptable, in particular when they may result in an unsafe condition.

(c)When a risk needs to be mitigated, the applicant should provide evidence that the mitigation means provide sufficient grounds for evaluating that the residual risk is acceptable. Accordingly, the effectiveness and robustness of the mitigation means should be demonstrated through (a potential combination of) security-oriented robustness testing, inspection/analysis, refutation/penetration testing, etc., as agreed with the competent authority.

(d)Once the overall residual risk is considered acceptable, the applicant should develop instructions, for example physical and operational security procedures, auditing and monitoring of the security effectiveness, to ensure a continued and effective protection of the provision of services.

(e)When the mitigation means rely on operational security measures to be fulfilled by a third party (e.g. UAS operator, USSP), they should be properly documented and shared with the relevant stakeholder.

(f)The applicant should dynamically reassess the potential for new vulnerabilities and the level of threat that were not foreseen during previous security risk assessments of the functional systems. If the continued assessment identifies an unacceptable threat condition, the applicant should notify the relevant stakeholders and the competent authority in a timely manner of the need and the means to mitigate the new risk.

This risk assessment is referred to as ‘security risk assessment’.

ED Decision 2022/022/R

SOFTWARE ASSURANCE — SOFTWARE ASSURANCE PROCESSES

The software assurance processes should provide evidence and arguments that they support, as a minimum, the following:

(a)The software requirements correctly state what is required by the software in order to meet the ‘specification of services’ and the ‘safety support requirements’. For that purpose, the software requirements should:

(1)be correct, complete and, when available, compliant with upper-level requirements; and

(2)specify the functional behaviour in nominal and degraded modes, and in terms of timing performance, capacity, accuracy, resource usage, robustness to abnormal operating conditions and overload tolerance, as appropriate, of the implemented software.

(b)The software implementation does not contain functions that could adversely affect the satisfaction of the service specification and/or does not cause undesirable behaviour that may impair the safe provision of services.

(c)Traceability is addressed in respect of all software requirements as follows:

(1)Traceable to the ‘specification of services’ or the ‘safety support requirements’.

(2)Each software requirement allocated to a component should either be traced to an upper-level requirement, or its need should be justified and assessed that it does not affect the satisfaction of the safety support requirements allocated to the component.

(3)Each software requirement is linked to a verification activity (e.g. analysis and/or tests), granular enough to efficiently demonstrate that the requirements are met.

(d)The functional behaviour, timing performance, capacity, accuracy, resource usage (potentially on the target hardware), robustness to abnormal operating conditions and overload tolerance of the implemented software comply with the software requirements.

(e)The software verification:

(1)is correct and completely verifies the software requirements, with a sufficient level of detail demonstrating that the requirements are fully met (e.g. intent of the test; analysis; clear, expected behaviour; and pass–fail criteria);

(2)confirms that the service behaves as specified in an environment representative of the intended operational environment;

(3)allows to verify all the interfaces and the robustness of the implementation;

(4)is performed through review, analysis and/or testing and/or other equivalent means, as agreed with the competent authority; and

(5)generates traceable results, with clear identification of any failed item.

(f)The evidence and arguments produced by the software assurance processes should be traceable to:

(1)a known executable version of the software;

(2)a known range of configuration data; and

(3)a known set of software items and descriptions, including specifications, which have been used in the production of that version, or can be justified as applicable to that version.

(g)The software assurance processes should include the necessary activities to ensure that the software life cycle data can be shown to be under configuration control throughout the software’s life cycle, including the possible evolutions due to changes or correction of problems.

The activities should include, as a minimum:

(1)configuration identification, traceability and status-accounting activities, including archiving procedures;

(2)problem reporting, tracking, and management of corrective actions; and

(3)retrieval and release procedures.

(h)Software quality control should be undertaken to assess the conformance of the development of the software with established processes and related procedures, and should be supported by any necessary corrective actions according to the findings. The software quality control should be performed independently from the software development team to ensure impartiality of the control.

ED Decision 2022/022/R

SOFTWARE ASSURANCE — USE OF EXISTING INDUSTRY STANDARDS

The applicant is responsible for defining the software assurance processes. The applicant may directly develop its own method, provided it allows to properly structure the software activities and addresses the key software engineering principles and associated software life cycle data upon which the software process assurance is built:

(a)software specification (requirements and design information);

(b)software verification;

(c)traceability (between items);

(d)configuration and change management; and

(e)quality assurance.

Nevertheless, it is recommended that the applicant consider the guidance material contained in existing industry standards for software assurance considerations. It should be considered that not all standards address all aspects required, and the applicant may need to define additional software assurance processes.

Guidance material typically includes:

(f)objectives of the software life cycle processes;

(g)activities to meet the objectives;

(h)description of the evidence, in the form of software life cycle data, which indicates that the objectives have been met; and

(i)particular aspects (e.g. previously developed or COTS software) that may be applicable to certain applications.

ED Decision 2022/022/R

SOFTWARE ASSURANCE — TESTING INFRASTRUCTURE

The applicant, and especially the USSPs, may set up a testing infrastructure against which authorised users may test their capability to exchange data. Upon agreement on the retrieval of a set of predefined testing data, the applicant may set up an environment to check at regular intervals its capability to conform with the requirements for providing the services. The same infrastructure may then be used by oversight authorities to audit the applicant.

ED Decision 2022/022/R

SOFTWARE ASSURANCE — MONITORING

The applicant may use feedback of software experience to confirm that the software assurance processes are effective. For that purpose, the effects from software malfunctions (i.e. the inability of a programme to perform a required function correctly) or failures (i.e. the inability of a programme to perform a required function) reported according to the relevant requirements on reporting and assessment of service occurrences should be assessed in comparison with the effects identified for the service concerned as per the service specification demonstration.

Additionally, within the safety support assessment process, the applicant may ensure that the monitoring criteria to be used to demonstrate that the safety support case remains valid during the operation of the functional system (i.e. that the service continues to meet its specification) are identified and documented.

These criteria should be such that:

(a)they indicate that the assumptions made in the safety support case remain valid; and

(b)if the properties being monitored remain within the bounds set by these criteria, the service will behave as specified.

ED Decision 2022/022/R

SECURITY RISK ASSESSMENT

The security risk assessment may cover the following steps and security items:

(a)determination of the operational environment of the functional system;

(b)identification of the digital interfaces and assets (i.e. the items contributing to, or sustaining, cybersecurity);

(c)identification of the attack paths;

(d)considering the usual attack (e.g. DoS), assessment of the consequences and severity of the identified threat on the affected items;

(e)evaluation of the potentiality of a successful exploit, or of the difficulty of performing a successful attack that would have an impact on the typical security attributes: confidentiality, availability, integrity;

(f)an iterative approach to converge on an acceptable level of residual risk:

(1)evaluate the severities in conjunction with the potential for attack (or, inversely, the difficulty of attacking);

(2)the outcome of the evaluation is acceptable and does not need additional or strengthened mitigation means;

(3)the outcome of the evaluation is not acceptable and requires an analysis to identify mitigation means to reach an acceptable level of safety;

(4)evaluation of the effectiveness of the mitigation means with respect to the level of risk (combination of the level of threat and severity of the threat condition).

ED Decision 2022/022/R

INFORMATION SECURITY — DEFINITIONS

For the purposes of Regulation (EU) 2021/664, the following is defined regarding ‘information security’:

(a)‘vulnerability’: a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. [Source: NIST SP800-53, Rev 2]

(b)‘threat’: a potential for violation of security, which exists when there is an entity, circumstance, capability, action, or event that could cause harm. [Source: IETF RFC 4949]

(c)‘threat scenario’: the specification of intentional unauthorised electronic interaction (IUEI), consisting of the contributing threat source (attacker and attack vector), vulnerabilities, operational conditions, and resulting threat conditions, and events by which the target was attacked. [Source: ED-202A / DO-326A]

(d)‘severity’: qualitative indication of the magnitude of the adverse effect of a threat condition [Source: ED-202A / DO-326A]

ED Decision 2022/022/R

OCCURRENCE REPORTING

The applicant should establish procedures for reporting occurrences to the competent authority and to any other organisation necessary, which should include a description of:

(a)the applicable requirements for reporting;

(b)the reporting mechanism, including reporting forms, means, and deadlines;

(c)the personnel responsible for reporting; and

(d)the mechanism for identifying root causes, and the actions to be taken to prevent similar occurrences in the future, as appropriate.

ED Decision 2022/022/R

MANAGEMENT SYSTEM — TECHNICAL AND OPERATIONAL CAPACITY

The applicant should ensure that it has sufficient technical and operational capacity, that is, adequate and appropriate resources to perform its tasks and discharge its responsibilities.

ED Decision 2022/022/R

MANAGEMENT SYSTEM — ISO

An ISO 9001 certificate, issued by an appropriately accredited organisation, addressing the quality management elements should be considered a sufficient means of compliance. In this case, the applicant should accept the disclosure of the documentation related to the certification to the competent authority upon its request.

ED Decision 2022/022/R

MANAGEMENT SYSTEM — RESPONSIBILITIES AND ACCOUNTABILITIES

The applicant should ensure that senior management defines and communicates the responsibilities and accountabilities within the organisation, and documents them within the management system.

The appointment of an accountable manager who is given the required authority and responsibilities requires that the individual has the necessary attributes to fulfil that role. The accountable manager may have more than one function in the organisation. Nonetheless, the accountable manager’s role is to ensure that the management system is properly implemented and maintained through the allocation of resources and tasks.

ED Decision 2022/022/R

MANAGEMENT SYSTEM — POLICY

The applicant should ensure that the management system policy includes a commitment to:

(a)comply with all applicable requirements and standards, and consider best practices;

(b)continually improve the effectiveness of the management system;

(c)provide appropriate resources; and

(d)enforce the performance of the services required to support the achievement of the highest level of safety in the U-space airspace.

The policy should be signed by the accountable manager of the organisation.

ED Decision 2022/022/R

MANAGEMENT SYSTEM — SAFETY PERFORMANCE MONITORING AND MEASUREMENT

The applicant should ensure that the safety performance monitoring and measurement process includes:

(a)safety reporting;

(b)safety reviews including trend reviews, which would be conducted, among others, during the introduction and deployment of new technologies, change or implementation of procedures, or in situations of structural changes in the operations; and

(c)safety surveys, examining elements or procedures of a specific operation, such as problem areas or bottlenecks in daily operations, perceptions and opinions of operational personnel, and areas of dissent or confusion.

ED Decision 2022/022/R

MANAGEMENT SYSTEM — SAFETY ASSESSMENT (OF THE APPLICANT’S SYSTEM)

As per the AMC and GM to Article 3 of Regulation (EU) 2021/664, the acceptable level of safety is established during the airspace risk assessment by defining safety criteria for the U-space airspace concerned. The results of the airspace risk assessment should be considered when conducting the safety assessment of the applicant’s U-space services that directly contribute to safety.

The applicant should ensure that the functional system that supports the provision of U-space services is complete and correct with regard to the acceptable level of safety of the U-space airspace (i.e. safety criteria, and high-level design characteristics of the functional system defined throughout the airspace risk assessment). A streamlined safety assessment should be conducted, and should comprise at least the following elements:

(a)the identification of additional hazards that may be induced by the decision as regards the design of the applicant’s functional system;

(b)the risk analysis and the related effects;

(c)the risk evaluation and, if required, the risk mitigation;

(d)safety criteria and requirements:

(1)complementing as necessary those already defined in the airspace risk assessment; and

(2)compliant with, and not contradicting, the high-level design characteristics of the functional system defined in the airspace risk assessment;

(e)the specification of the monitoring criteria necessary to demonstrate that the service delivered by the functional system will continue to meet the safety criteria.

ED Decision 2022/022/R

MANAGEMENT SYSTEM — ASSESSMENT OF THE MANAGEMENT SYSTEM

The applicant should ensure that:

(a)senior management assesses the service provider’s management system, at planned intervals, to ensure its continuous suitability, adequacy, and effectiveness;

(b)the assessment includes evaluating opportunities for improvement and the need for changes to the management system, including the policy and the objectives; and

(c)records of senior management assessments are maintained.

ED Decision 2022/022/R

MANAGEMENT SYSTEM — PERSONNEL TRAINING AND COMPETENCIES

The applicant should:

(a)determine the necessary competencies for personnel that perform activities which support the provision of services;

(b)where applicable, provide training or take other actions to achieve the necessary competencies;

(c)evaluate the effectiveness of the training or the actions taken;

(d)ensure that personnel are aware of the relevance and importance of their activities and how they contribute to the achievement of the objectives; and

(e)maintain appropriate records of education, training, skills, and experience.

ED Decision 2022/022/R

MANAGEMENT SYSTEM — COMMUNICATION RESPONSIBILITIES

The applicant should ensure that appropriate communication processes are established, and that communication takes place regarding the effectiveness of the management system.

ED Decision 2022/022/R

MANAGEMENT SYSTEM — DOCUMENTATION

The applicant should include in its documentation:

(a)a statement signed by the accountable manager confirming that the organisation will continuously work in accordance with the applicable requirements;

(b)the scope of the activities;

(c)the titles and names of the nominated postholders;

(d)the chart showing the lines of responsibility between the nominated postholders;

(e)a general description and location of the facilities;

(f)procedures describing the function and specifying how the organisation monitors and ensures compliance with the applicable requirements; and

(g)the amendment procedure for the management system documentation.

ED Decision 2022/022/R

MANAGEMENT SYSTEM — COMPLIANCE MONITORING

The applicant should:

(a)specify the basic structure of the compliance monitoring function, structured according to the size of the service provider and the complexity of the activities to be monitored, including those which have been subcontracted;

(b)monitor compliance with the procedures they have designed to ensure that services are provided with the required level of safety and quality, as applicable; in doing so, they should as a minimum, and where appropriate, monitor:

(1)manuals, logs, and records;

(2)training standards; and

(3)management system procedures;

(c)ensure that a staff member is responsible for compliance monitoring to ensure that the organisation continues to meet the applicable requirements; the accountable manager should ensure that adequate resources are allocated for compliance monitoring;

(d)ensure that the personnel involved in compliance monitoring have access to all parts of the applicant’s management system documentation and, as necessary, of any subcontracted organisation; in the case the person responsible for compliance monitoring also acts as safety manager, the accountable manager, with regard to their direct accountability for safety, should ensure that sufficient resources are allocated to both functions, taking into account the size of the applicant, and the nature and complexity of its activities; the independence of the compliance monitoring function should be established by ensuring that audits and inspections are carried out by personnel not directly involved in the activity being audited;

(e)ensure that the relevant documentation includes relevant part(s) of the applicant’s management system documentation; the relevant documentation should also include:

(1)terminology;

(2)a description of the service provider;

(3)allocation of duties and responsibilities;

(4)procedures for ensuring compliance; and

(5)the compliance monitoring programme, reflecting:

(i)the schedule of the monitoring programme;

(ii)audit procedures;

(iii)reporting procedures;

(iv)follow-up and corrective action procedures;

(v)the record-keeping system; and

(vi)document control;

(f)ensure that the personnel responsible for managing the compliance monitoring function receive training in this task; such training should cover compliance monitoring requirements, manuals and procedures related to the task, audit techniques, reporting and recording; the allocation of time and resources should be governed by the volume and complexity of the activities concerned.

ED Decision 2022/022/R

MANAGEMENT SYSTEM — FUNCTIONAL CHANGE MANAGEMENT PROCEDURE

The applicant should ensure that:

(a)the procedures for managing changes cover the complete life cycle of a change from definition to operations, including transition into service;

(b)the roles and responsibilities for the change management processes are identified;

(c)a notification process for changes includes:

(1)the point of contact in charge of the notification of changes; and

(2)the means used for the notification;

(d)the change management procedure includes a change identification procedure; this procedure should seek out potential changes, confirm that there is a real intent to implement them and, if so, initiate the notification process; and

(e)as part of the change management procedure, they keep a register of the records of all notified changes, including:

(1)the status of the implementation of the change;

(2)the notification;

(3)a link to the location of the actual record, including a reference to all information passed on to the competent authority; and

(4)the review decision from the competent authority and the records of the change approval, when the changes are selected for review.

ED Decision 2022/022/R

MANAGEMENT SYSTEM — CHANGE MANAGEMENT PROCEDURE

(a)The applicant should seek prior approval by the competent authority for any changes that affect the scope of its certificate or the terms of approval of its service.

(b)The applicant should:

(1)notify the competent authority before any such changes are implemented; and

(2)provide the competent authority with any relevant documentation.

(c)Changes that require prior approval may only be implemented upon receipt of the formal approval by the competent authority.

(d)The applicant should operate under the conditions prescribed by the competent authority during the implementation of such changes, as applicable.

(e)In order for an applicant to implement changes without prior approval, it should submit a procedure and obtain approval for it by the competent authority, defining the scope of such changes and describing how such changes will be managed and notified.

ED Decision 2022/022/R

MANAGEMENT SYSTEM — CONTRACTED ACTIVITIES

The applicant should ensure that:

(a)a contract exists with the contracted organisation that defines clearly the contracted activities and the applicable requirements;

(b)the contracted activities, performed by an organisation that is not itself certified in accordance with Regulation (EU) 2021/664 to carry out such activities, are included in its oversight process;

(c)when the contracted organisation is itself certified in accordance with Regulation (EU) 2021/664 to carry out the contracted activities, its compliance monitoring should at least check that the approval effectively covers the contracted activities and that it is still valid; and

(d)when not certified to provide the service / carry out the activities itself, it should only contract or purchase the services from a certified organisation when so required by Regulation (EU) 2021/664.

ED Decision 2022/022/R

MANAGEMENT SYSTEM — RECORD-KEEPING — GENERAL

The applicant should ensure that:

(a)all records are accessible whenever needed; the records should be organised in a way that ensures traceability and retrieval throughout their retention period;

(b)records are kept in paper or in electronic format, or a combination of the two, and should remain legible throughout the required retention period;

(c)paper record-keeping systems use robust material which can withstand normal handling and filing;

(d)computer record-keeping systems have at least one backup system which should be updated within 24 hours of any new entry made; computer record-keeping systems should include safeguards against the probability of unauthorised personnel altering the data;

(e)all computer hardware used to ensure data backup is stored in a different location from that containing the working data and in an environment that ensures it remains in a good condition; and

(f)the records are kept for a minimum period of 5 years unless otherwise specified by the competent authority.

ED Decision 2022/022/R

MANAGEMENT SYSTEM — OPERATIONS MANUAL

The applicant should ensure that the operations manual contains the instructions and information required for the intended operation.

The operations manual should:

(a)be signed by the accountable manager;

(b)be printed or available in electronic format and is easy to revise;

(c)have a system for version control management; and

(d)include a description of its amendment and revision process specifying:

(1)the person(s) who may approve amendments or revisions;

(2)the conditions for temporary revisions and/or immediate amendments, or revisions required in the interest of safety; and

(3)the methods and means by which all personnel and organisations are advised on changes to the operations manual.

ED Decision 2022/022/R

MANAGEMENT SYSTEM — ISO CERTIFICATE

An ISO 9001 certificate covers the quality management elements of the management system. Other elements required, which are not covered by the ISO 9001 certificate issued by an appropriately accredited organisation, should be subject to complementary evaluation by the competent authority.

ED Decision 2022/022/R

MANAGEMENT SYSTEM — SAFETY PERFORMANCE MONITORING AND MEASUREMENT

Safety performance monitoring and measurement is the process by which the safety performance is verified in relation to the safety policy and the safety objectives established by the applicant.

A performance indicator (PI) is a type of performance measurement. An organisation may use PIs to evaluate its success, or to evaluate the success of a particular activity in which it is engaged. Sometimes success is defined in terms of making progress towards strategic goals, but often success is simply the repeated, periodic achievement of some level of operational goal (e.g. zero defects). Accordingly, choosing the right PIs relies upon a good understanding of what is important to the organisation. Since there is a need to ensure a relevant assessment, various techniques to assess the present state of the business, and its key activities, are associated with the selection of appropriate PIs. These assessments often lead to the identification of potential improvements, so PIs are routinely associated with performance improvement initiatives. When PIs have performance targets associated with them, they are known as key performance indicators (KPIs).

ED Decision 2022/022/R

MANAGEMENT SYSTEM — SAFETY ASSESSMENT

(a)A safety assessment is conducted when an applicant initiates the process to be issued with a certificate, and when a change affects a part of the functional system used in the provision of its services. 

(b)The safety assessment is usually conducted by the applicant itself. It may also be conducted by another organisation, on its behalf, provided the responsibility with regard to the acceptability of the outcome remains with the applicant. 

ED Decision 2022/022/R

MANAGEMENT SYSTEM — COMPLIANCE MONITORING

(a)Compliance monitoring is performed by the compliance monitoring manager who should ensure that the activities of the organisation are monitored for compliance with the applicable regulatory requirements, and that these activities are carried out properly under the supervision of other relevant nominated postholders and line managers.

(b)The compliance monitoring manager is responsible for ensuring that the compliance monitoring programme is properly implemented, maintained, and continually reviewed and improved; to that end, they should be able to demonstrate relevant knowledge of the U-space framework and experience in the services provided, as well as in compliance monitoring.

(c)The compliance monitoring manager may perform all audits and inspections themselves or appoint one or more auditors by choosing personnel that have the related competencies, either from within or outside the service provider. Regardless of the option chosen, the independence of the audit function should not be affected in the case where those that perform the audit or inspection are also responsible for other activities within the organisation.

(d)In the case where compliance audits and inspection tasks are assigned to external personnel, compliance monitoring is performed under the responsibility of the compliance monitoring manager who remains responsible for ensuring that the external personnel have the relevant knowledge, background and experience as appropriate to the activities being audited or inspected, including knowledge of and experience in compliance monitoring.

(e)The organisation retains the ultimate responsibility for the effectiveness of the compliance monitoring function, as well as for the effective implementation of and follow-up to all corrective actions.

ED Decision 2022/022/R

MANAGEMENT SYSTEM — CONTRACTED ACTIVITIES

(a)‘Contracted activities’ means those activities within the service provision conditions attached to the certificate that are performed by other organisations either themselves certified to perform such activities or, if not certified, working under the service provider’s oversight. The scope of the oversight covers the contracted activities performed by the external organisation that is not itself certified in accordance with Regulation (EU) 2021/664.

(b)A contract could take the form of a written agreement, letter of agreement, service level agreement, memorandum of understanding, etc., as appropriate for the contracted activities.

(c)To ensure that the contracted organisation can perform the contracted activities, the applicant should first audit the contracted party. For the purpose of verifying the suitability of contracted organisations, the applicant may refer to appropriate consensus-based industry standards and possible related industry-awarded certifications.

(d)The ultimate responsibility for the services provided by contracted organisations always remains with the contracting organisation.

ED Decision 2022/022/R

MANAGEMENT SYSTEM — OPERATIONS MANUAL

(a)The operations manual is a key document for the applicant as well as for the competent authority. It describes how the infrastructure, facilities, and operational procedures will perform safely.

(b)The principal objective of an operations manual is to show how management will fulfil its safety responsibilities. It sets out the policy and expected standards of performance, and the procedures by which they will be achieved.

(c)The competent authority expects the operations manual to be an accurate reflection of the dayto-day functioning of the management system. It shows how the organisation intends to measure its performance against safety targets and objectives. The operations manual should give a clear statement of how safety is developed, managed, and maintained. All safety policies, operational procedures and instructions should be described.

(d)For many small organisations, the operations manual may be both simple and brief if it covers procedures that are essential for the satisfactory performance of day-to-day operations.

(e)The operations manual is one of the means by which all relevant operating staff can be informed about their duties and responsibilities with regard to safety. It describes the infrastructure, services and facilities, all operating procedures, and any restrictions on service availability.

(f)The operations manual describes how the safety of operations is to be managed. There should never be any doubt in terms of safety accountability for each domain or activity described. It defines who is accountable, who is responsible, who has the authority, who has the expertise, and who performs the tasks described.

(g)The operations manual may vary in detail according to the complexity of the operation, and the type of services provided. It may be presented in any form, including electronic form. In all cases, its accessibility, usability, and reliability should be assured.

ED Decision 2022/022/R

SECURITY MANAGEMENT SYSTEM

Regarding the security management requirements, reference is made to point ATM/ANS.OR.A.D.010 of Subpart D of Annex III to Regulation (EU) 2017/373. Nevertheless, it has to be noted that Opinion No 03/2021 ‘Management of information security risks’²⁷ proposes amendments to both Subpart B and D of Annex III to Regulation (EU) 2017/373.

Therefore, once the related regulation is published, the provisions as regards the management of information security risks (Part-IS) will be applicable to the applicant.

ED Decision 2022/022/R

INFORMATION SECURITY THREAT

A threat to information security may be any circumstance or event with the (accidental, casual or purposeful, intentional or unintentional, mistaken) potential to adversely impact the operation and the functional systems and/or constituents, which results from unauthorised access, use, disclosure, denial, disruption, modification, or destruction of information and/or information system interfaces. This includes usual cyber-related threats (e.g. malware), including those that could come from external systems, but does not include physical threats.

ED Decision 2022/022/R

RETENTION OF OPERATIONAL DATA AND INFORMATION

(a)The applicant should retain operational data and information, as applicable, which consists, as a minimum, of the following:

(1)exchange with the UAS operators on UAS flight authorisation request acceptance/rejection;

(2)requested and granted/rejected UAS flight authorisations;

(3)traffic information, as well as conformance monitoring information, provided to UAS operators;

(4)coordination exchange with ATC units and among USSPs;

(5)flown trajectory by the UAS operators; and

(6)status and level of service of the infrastructure used for the provision of the service.

(b)The retention of operational data and information should ensure that all records are accessible whenever needed, and in particular when so required by the competent authority, subject to privacy requirements. The records should be organised in a way that ensures operational data and information traceability and retrieval throughout the retention period.

ED Decision 2022/022/R

BUSINESS PLAN

(a)The applicant should present a robust business plan that shows that the service provision costs can be covered with the prices that can be achieved on the market.

(b)The business plan should cover:

(1)market analysis;

(2)information on the implementation of new infrastructure or other developments, and a statement on how they will contribute to improving the performance of their services, including level and quality of services;

(3)the expected short-term financial position and any changes to or impacts on the business plan; and

(4)planning showing how the business will be financially sustainable.

ED Decision 2022/022/R

BUSINESS PLAN — SERVICE CONTINUITY

The business plan is required to show that an applicant is financially able to ensure the provision of services but not necessarily that it will provide such services. Indeed, it is recognised that due to certain operational circumstances (e.g. winter conditions) under which UAS operators would not make use of the U-space services for a certain period of time, the capability of providing services in a continuous manner for a period of 12 months from the start of operations might not be possible. Therefore, the applicant is expected to ensure that its services are available for 12 months in a continuous manner even if it would not necessarily provide the services during the 12-month period.

ED Decision 2022/022/R

LIABILITY COVER — INSURANCE

The method employed to provide the insurance cover should be appropriate to the potential loss and damage in question, taking into account the level of commercial insurance cover available.

ED Decision 2022/022/R

CONTINGENCY PLAN

The contingency plan should include the definition and specification of the measures, the coordination with other actors, and the alternative services needed in case of degradation or interruption of the Uspace services or the CIS.

ED Decision 2022/022/R

EMERGENCY MANAGEMENT PLAN — USSPs

(a)USSPs should develop and maintain an emergency response plan (ERP) that ensures:

(1)an orderly and safe transition from normal to emergency operations;

(2)the safe continuation of operations, return to normal operations as soon as practicable, and the modification or cancellation of some or all the operations; and

(3)coordination with the ERPs of other organisations, where appropriate.

(b)The ERP should determine the actions to be taken by USSPs and reflect the nature and complexity of the activities performed by them.

(c)USSPs should ensure that communication systems:

(1)are established to provide rapid response of the emergency equipment to accidents and incidents; and

(2)are tested regularly to verify their operability.

(d)A complete and current list of telephone numbers should be available to all authorities and to personnel responsible for the ERP, to ensure the rapid notification of all those concerned in case of emergency.

Implementing Regulation (EU) 2021/664

1.A U-space service provider or a single common information service provider certificate shall remain valid as long as the holder of the certificate complies with the relevant requirements set out in this Regulation.

2.A U-space service provider or a single common information service provider certificate shall cease to be valid if the holder of the certificate has:

(a)not started operations within 6 months after the certificate was issued;

(b)ceased operations for more than 12 consecutive months.

3.The competent authority or the Agency, as applicable, shall assess the operational and financial performance of a U-space service provider or a single common information service provider under its responsibility.

4.The competent authority or the Agency, as applicable, may, on the basis of the outcome of the assessment referred to in paragraph 3, impose particular conditions to the certificate holder, amend, suspend, limit or revoke the certificate.

ED Decision 2022/022/R

GENERAL

(a)The certificate has an indefinite duration but only remains valid as long as the competent authority has verified that the USSP and the single CIS provider continue to conform with the relevant requirements. For USSPs, the certificate is issued for a bundle of U-space services plus, where applicable, the supporting U-space services provided to support the four mandatory ones. The competent authority should check the validity of the certificate on a regular basis. To maintain their certificates valid once they have been issued, the USSPs and the single CIS providers must respect the conditions and limitations set out by the competent authority. Such conditions should be objectively justified, non-discriminatory, proportionate, and transparent.

(b)It is considered that when the certificate holder ceases its activities, the competent authority cannot assume that it continues to comply with the relevant requirements to ensure the reliable and safe provision of services.

(c)One task that may be performed by the competent authority is to conduct an operational and financial assessment of the certificate holder to evaluate whether additional conditions should be imposed or, in the worse-case scenario, take a decision affecting the certificate, with the possibility of ultimately revoking it.

ED Decision 2022/022/R

CRITERIA FOR THE ASSESSMENT OF THE FINANCIAL PERFORMANCE OF AN APPLICANT

When assessing the operational and financial performance of an applicant, the competent authority or the Agency, as applicable, should ensure that the applicant:

(a)is able to meet its financial obligations, such as fixed and variable operational costs or capital investment costs, and uses an appropriate cost-accounting system; and

(b)demonstrate its ability through balance sheets and accounts, as applicable under their legal statute, and is regularly subject to an independent financial audit.

CHAPTER VI — GENERAL AND FINAL PROVISIONS

Implementing Regulation (EU) 2021/664

1.Competent authorities shall have the technical and operational capacity and expertise to fulfil their obligations under Article 18. To this end, they shall:

(a)have appropriately documented procedures, and adequate resources;

(b)employ personnel with sufficient knowledge, professional integrity, as well as experience and training to perform their allocated tasks;

(c)take any action required to contribute to the safe, efficient and secure operations of UAS in the U-space airspace under their responsibility.

2.Competent authorities shall be capable of taking or initiating any appropriate enforcement measures necessary to ensure that the U-space service providers and single common information service providers under their oversight comply with the requirements of this Regulation.

ED Decision 2022/022/R

RESPONSIBILITIES

The main objective of Article 17 of Regulation (EU) 2021/664 is to ensure that the competent authorities have the technical and operational capacity and expertise to assess the resources needed to effectively perform their certification, oversight and enforcement tasks, and to act accordingly should this not be the case.

Implementing Regulation (EU) 2023/203

The designated competent authorities shall:

(a)establish, maintain and make available a registration system for certified U-space service providers and single common information service providers;

(b)determine what traffic data, whether live or recorded, U-space service providers, single common information service providers and air traffic service providers are to make available to authorised natural and legal persons, including the required frequency and the quality level of data, without prejudice to personal data protection regulations;

(c)determine the level of access to the information for different users of the common information, and ensure it is made available in accordance with Annex II;

(d)ensure that data exchanges between air traffic service providers and U-space service providers are made in accordance with Annex V;

(e)define the manner for natural and legal persons to apply for a U-space service provider or single common information service provider certificate in accordance with Chapter V;

(f)establish a mechanism to coordinate with other authorities and entities, including at local level, the designation of U-space airspace, the establishment of airspace restrictions for UAS within that U-space airspace and the determination of the U-space services to be provided in the Uspace airspace;

(g)establish a certification and continuous risk-based oversight programme, including the monitoring of the operational and financial performance, commensurate with the risk associated with the services being provided by the U-space service providers and single common information service providers under their oversight responsibility;

(h)require the providers of common information and U-space service providers to make available all necessary information to ensure that the provision of U-space services contribute to safe operations of aircraft;

(i)carry out audits, assessments, investigations and inspections of the U-space service providers and single common information service providers as established in the oversight programme;

(j)take into account the required levels of safety performance when defining the requirements for each U-space airspace that have been subject to an airspace risk assessment as referred to in Article 3(1);

(k)regularly monitor and assess the levels of safety performance and use the results of the monitoring of safety performance in particular within their risk-based oversight.

[applicable until 21 February 2026 — Implementing Regulation (EU) 2021/664]

The designated competent authorities shall:

(a)establish, maintain and make available a registration system for certified U-space service providers and single common information service providers;

(b)determine what traffic data, whether live or recorded, U-space service providers, single common information service providers and air traffic service providers are to make available to authorised natural and legal persons, including the required frequency and the quality level of data, without prejudice to personal data protection regulations;

(c)determine the level of access to the information for different users of the common information, and ensure it is made available in accordance with Annex II;

(d)ensure that data exchanges between air traffic service providers and U-space service providers are made in accordance with Annex V;

(e)define the manner for natural and legal persons to apply for a U-space service provider or single common information service provider certificate in accordance with Chapter V;

(f)establish a mechanism to coordinate with other authorities and entities, including at local level, the designation of U-space airspace, the establishment of airspace restrictions for UAS within that U-space airspace and the determination of the U-space services to be provided in the Uspace airspace;

(g)establish a certification and continuous risk-based oversight programme, including the monitoring of the operational and financial performance, commensurate with the risk associated with the services being provided by the U-space service providers and single common information service providers under their oversight responsibility;

(h)require the providers of common information and U-space service providers to make available all necessary information to ensure that the provision of U-space services contribute to safe operations of aircraft;

(i)carry out audits, assessments, investigations and inspections of the U-space service providers and single common information service providers as established in the oversight programme;

(j)take into account the required levels of safety performance when defining the requirements for each U-space airspace that have been subject to an airspace risk assessment as referred to in Article 3(1);

(k)regularly monitor and assess the levels of safety performance and use the results of the monitoring of safety performance in particular within their risk-based oversight.

(l)establish, implement and maintain an information security management system in accordance with Annex I (Part-IS.AR) to Implementing Regulation (EU) 2023/203.

[applicable from 22 February 2026 — Implementing Regulation (EU) 2023/203]

ED Decision 2022/022/R

CERTIFICATION, OVERSIGHT AND OPERATIONAL RESPONSIBILITIES

(a)Article 18 of Regulation (EU) 2021/664 lays down the requirements for competent authorities that perform certification, oversight and enforcement tasks. It also lists several obligations that are directly related to the functioning of the U-space system.

(b)With a view to ensuring that the requirements are always complied with while ensuring that they can effectively perform their tasks, competent authorities are conferred certain investigatory powers. Those powers should be exercised in accordance with the applicable national rules and procedures, while having due regard to several specific elements that are meant to ensure a fair balance between rights and interests of all the stakeholders concerned.

(c)Competent authorities also need to ensure supporting tasks for the effective implementation of the U-space, such as the establishment of a registration system to record the service providers involved in the U-space, to determine the type of data to be made available to those that need it, and the way this data can be exchanged to guarantee interoperability of the systems.

ED Decision 2022/022/R

COORDINATION MECHANISM — ROLES AND RESPONSIBILITIES

Competent authorities should ensure the allocation of clear roles and responsibilities for the implementation of the coordination mechanism so that the interests of all U-space actors are well represented and managed in a non-discriminatory manner.

When establishing the coordination mechanism, competent authorities should ensure that it addresses the coordination requirements for demonstrating multi-party public, institutional and private stakeholder participation, and consultation, as applicable, before reaching a resolution.

In addition, competent authorities should nominate an entity as the ‘U-space coordinator’ responsible for the coordination mechanism. The U-space coordinator should take the initiative to coordinate with other public and administrative authorities and entities (including private ones), at national, regional, and local level in accordance with the national governance model of a given Member State (e.g. federal States, prefectures, cantons, regions, municipalities).