EASA publishes FAQs on Information Security

The European Union Aviation Safety Agency (EASA) has published its first set of Frequently Asked Questions (FAQs) on the Information Security regulatory material (Part-IS): Implementing Regulation (EU) 2023/203, Delegated Regulation (EU) 2022/1645 and the related Acceptable Means of Compliance and Guidance Material (AMC & GM).

As Regulation (EU) 2022/1645 becomes applicable on 16 October 2025 and Regulation (EU) 2023/203 on 22 February 2026, the early publication of the FAQs aims to provide timely support and guidance to both organisations and authorities in preparing for the implementation of Part-IS.

The FAQs include a set of 22 questions and answers (Q&A) that clarify various key concepts related to the implementation of Part-IS. The Q&A are divided into the following 9 categories:

  • Applicability,
  • Derogation,
  • Relationship between Part-IS and certified products,
  • Reporting,
  • Delegation of tasks,
  • Competencies,
  • Risk assessment,
  • Integration into existing management systems, and
  • Supplementary material.

This FAQ set will be expanded if new topics that require clarification will emerge during the pilot projects with industry and the discussions with authorities.

For more details, please visit our FAQs on Part-IS.