The research objectives and expected outcome
New technologies and products of an unprecedented level of complexity, along with novel concepts of operation (ConOps), emerge at an accelerated pace, changing the relationship between humans and automation. Single-pilot operations with large commercial air transport (CAT) aeroplanes, unmanned aircraft systems (UAS), electrical vertical take-off and landing (eVTOL) aircraft, on-demand passenger CAT in and overpopulated/congested areas, etc. are developing fields in aviation, challenging the established conventions and know-how.
EASA has already received applications for innovative products and types of operations, ranging from applications for the redesign of conventional aircraft to accommodate single-pilot operations to applications for eVTOL aircraft and UAS. Currently applicable requirements, certification specifications (CSs), and related acceptable means of compliance (AMC) and/or guidance material (GM) across all aviation domains may no longer be appropriate, and the traditional system safety approach may no longer be adequate to demonstrate an acceptable level of safety.
EASA is therefore launching this research project to develop technical specifications for the creation of a risk assessment tool (RAT). The RAT will allow EASA to early identify hazards associated with a specific type of product for a given ConOps.
The technical specifications shall ensure that:
- the RAT will enable EASA to conduct a holistic, systemic, safety-risk-based assessment to evaluate the aircraft and the intended ConOps;
- the RAT will support the assessment of cases identified in the scope above, where the traditional approach to aircraft certification (approving the design, issuing an airworthiness approval and a type certificate) may not be applicable and/or where the assumptions used in the traditional approach may need to be confirmed or adapted to be acceptable;
- where EASA has already adopted a non-traditional approach (as for UASs), the RAT will identify which gaps still exist and cover new areas and ConOps (e.g., UASs for transport of people); and
- the RAT will support the development of safety provisions (e.g., requirements, CSs, AMC, GM) for IAW, CAW, Air OPS, and ADR;
- the RAT will also support the implementation of Article 71 ‘Flexibility provisions’ of Regulation (EU) 2018/1139 (‘EASA Basic Regulation’) or will allow to build in provisions for certain derogations.
The requested output
The technical specifications must consider that the RAT:
- will have a logical process for defining and analysing the proposed ‘system’ (product and/or ConOps), thereby providing an adequate level of confidence that the operation can be conducted with an acceptable level of risk;
- will provide the following output:
- a system description;
- identification of the hazards;
- classification of the hazards;
- the level of risk associated with the hazards;
- the possible mitigation measures (e.g., safety and security requirements, operational limitations, etc.) to make the risk acceptable; and
- the required control mechanisms to ensure the implementation and effectiveness of the mitigation measures over time;
- will not be technology-specific and will be usable on all kinds of airframe/propulsion system combinations (aeroplane/VTOL large or small, kerosene/electrical/hybrid/hydrogen propulsion systems, etc.);
- will be independent of in-service data but may account for it, if available; and
- will take into consideration all types of threats associated with a specified hazard, the relevant design, as well as the proposed operational mitigation measures for a specific operation.
All deliverables have been submitted and accepted.
Based on the established EASA needs and on agreed evaluation criteria, the contractor reviewed nine existing methodologies and tools. The result of this review can be summarised as follows:
- It has been found that the ABMS (Agent-Based Modelling and Simulation) method fits for several needs for the RAT; this method has been successfully applied in numerous domains, it is flexible, sub models can be re-used, it is appropriate for sensitivity and uncertainty assessments and for what-if analysis, and it does not rely on occurrence data. The limitation of this method is that it is resources intensive.
- It is proposed that the RAT may also be enriched with elements from the following methods:
- SORA (Specific Operations Risk Assessment) as regards template for ConOps descriptions;
- STPA (Systems Theoretic Process Analysis) as regards structured hazard identification;
- FAST (Future Aviation Safety Team Method) as regards identification of future hazards;
- ARMS (Aviation Risk Management Solutions) as regards risk scenario modelling;
- CFA (Cognitive Function Analysis) as regards concepts for human cantered design.
For a prototype of the RAT, it is proposed that the following 6 steps should be applied:
- Step 1 – Understanding and describing the novelty;
- Step 2 – Initial identification of the hazards;
- Step 3 – Developing risk scenarios;
- Step 4 – Assessing the risk;
- Step 5 – Sensitivity analysis and Uncertainty assessment;
- Step 6 – Developing mitigating measures.
EASA is preparing the follow up project, which contains the development of the RAT. For the follow up project, a new public tender procedure is tentatively planned for Q4/23. EASA will provide further information ahead of the publication of this new tender on this website.
Research Project details
This project will be funded from the European Union's Horizon Europe research and innovation programme.
Project manager: Alfred Roelen, alfred.roelen [at] nlr.nl
Technical lead: Tom van Birgelen, tom.van.birgelen [at] nlr.nl
Project manager: Willy Sigl, willy.sigl [at] easa.europa.eu
Technical lead: Eric Duvivier, eric.duvivier [at] easa.europa.eu