Confidential Safety Reporting – confidential reporting of alleged malpractices and irregularities to the European Union Aviation Safety Agency in the field of aviation safety Confidential safety reporting is an independent system set up by the Agency under Regulation (EU) 2018/1139 (‘Basic Regulation’) to facilitate the collection and exchange of aviation safety related information that is complementary to the standard filing and reporting lines of Regulation (EU) No 376/2014 and of the implementing rules to the Basic Regulation. It enables individuals to voluntary report alleged malpractices and irregularities in the field of aviation safety, without having to fear that their action may have adverse consequences for their person. Confidential Safety Reports (CSR) enhance the enforcement of the EU aviation safety legal framework by providing for a high level of protection of persons reporting breaches of Aviation Safety rules and regulations. The Confidential Safety Reporting is the Agency’s internal process which provides for the highest protection of persons reporting breaches of Aviation Safety that affect European aviation products, services, or European passengers. It is a valuable source aimed to support an effective detection and follow-up of irregularities, and malpractices of the EU aviation safety legal framework that otherwise might remain hidden and could cause serious harm to aviation safety. Therefore, information obtained through CSRs is an important tool for the detection of potential safety hazards and is also used to make effective improvements in aviation safety taking into account the principles of the safety risk management process. For all these reasons, the Agency values and encourages reporters to report on malpractices or irregularities in the aviation safety legal framework. The CSR system provides a high level of protection of the identity of the reporters against any form of retaliation, such as suspension, demotion, or intimidation, when speaking up on aviation safety related irregularities that are of relevance for, or within the competence of, the Agency. A dedicated CSR team at the Agency is specially trained to deal with such reports. The CSR system shall not affect the application of the specific rules and provisions of the Regulation (EU) No 376/2014 [1], in particular when related to the roles and responsibilities of the Member States’s National Aviation Authorities, which should remain the first and direct recipient for the matters that are under their specific remits. These shall be applicable to the extent that the reporting of breaches is mandatorily regulated. Who can report? CSRs can be submitted by any individual, reporting in their personal capacity, who acquired information on alleged malpractices and irregularities in the field of aviation safety, including, at least, the following: Pilots; Cabin Crew Members; Air Traffic Controllers; Maintenance organisation personnel; Production organisation personnel; Design organization personnel; Training organisation personnel and students; Third country operator personnel; Persons working for airports; Persons belonging to the administration or management of an EU member state competent authority; Any persons working under the supervision and direction of contractors, subcontractors, and suppliers; Other persons having the status of employees and contracted personnel including civil servants; Persons who report on breaches acquired in a work-based relationship that has since ended. Note: The CSR system is designed to be used by individuals who report and disclose information on breaches acquired in or outside a work- based relationship. Representatives from trade unions or industry associations should communicate with the Agency through other channels, available here. What can be reported? The EASA CSR reporting system allows to report any suspected, presumed, or alleged actual or potential violations of the European Union’s legal framework for civil aviation safety that are likely to occur, or which have occurred. This includes acts or omissions that: are unlawful and relate to areas falling within the scope of competencies of the Agency; or defeat the object or the purpose of EU aviation rules acts falling within the scope of Regulation (EU) 2018/1139; Please note that the following topics, among others, are not CSRs as they do not fall under the scope of Regulation (EU) 2018/1139. EASA has no legal mandate or power to take any action in relation to: Passenger rights complaints; Economic disputes or unfair competition grievances; Contractual or labour disputes; Issues that have been reported on in the media; Criminal offences; Matters concerning aircraft involved in military, customs, police, search and rescue, firefighting, border control, coastguard or similar activities or services unless the responsible Member State has decided to apply the common EU aviation legislation to such activities (for further information and list of opt-ins, please consult the EASA website). The National Aviation Authorities (NAAs) of the Member States are responsible for receiving, following-up and providing feedback on aviation safety reports reported to them in confidence and for which they are the competent authority. They ensure an independent and autonomous handling of the information. Before you submit your CSR please ensure that the information in the report is: Relevant and related to civil aviation safety; Sufficiently specific, substantiated, and ideally supported by documentary evidence. Please note that unspecified or vague allegations cannot be followed up; Complete and comprehensive; do not submit multiple reports as this will hinder the administrative process and the follow-up. Instead, please aim to capture all information in a single comprehensive report. Submitted in one of the EU official languages How to report and what happens thereafter? Reports on suspected malpractices and irregularities should be submitted by completing the online Confidential Safety Reporting form. Please do not send the same or similar correspondence to any other EASA email addresses and please note that the size of documents attached should not exceed 10 MB. After submitting a report you may be asked for additional information or clarification. Therefore, please ensure that this email address remains active throughout the entire process. Information that falls within EASA’s remit, as set by Regulation (EU) 2018/1139, is registered and de-identified (so that you remain anonymous), unless you have agreed to disclose your personal data. EASA’s Confidential Safety Reporting team will ensure the completeness, integrity and confidentiality of the information processed and will prevent access thereto by non-authorised staff members. Your e-mail address and personal details will not be disclosed to anyone outside the EASA Confidential Safety Reporting team, including National Aviation Authorities (NAAs), organisations and companies. Personal data of reporting persons is stored in a functional email box and on special Confidential Safety Reporting IT platforms and is only accessible and visible to the Agency's confidential safety reporting team. Information about your identity will be kept confidential and protected in accordance with the applicable legal framework (Regulation (EC) No 1049/2001 on public access to documents and Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union Institutions, bodies, offices and agencies and on the free movement of such data). After de-identification, the information is forwarded to the relevant technical unit for review. In case EASA concludes that the reported matter falls under the oversight of an EU Member State’s or a third-country’s aviation competent authority, EASA will inform you accordingly and the information you provided will be transmitted to the competent authority for further follow-up. Will I be informed about the outcome of any investigation? If the reported matter falls within one of the areas where EASA is the competent authority EASA will conduct the necessary investigation. Upon its conclusion, you will be informed about the outcome to the extent that this is possible without compromising the integrity of EASA’s actions. The duration of the investigation depends on the complexity of the case. Pending EASA’s investigation you will only be contacted in case additional information is required from you. Within the EASA Confidential Safety Reporting system, the reporter’s personal data will be processed in accordance with (i) Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and (ii) the applicable EASA data protection policy. We thank you for your support and active interest in aviation safety! [1] Regulation (EU) No 376/2014 of the European Parliament and of the Council of 3 April 2014 on the reporting, analysis and follow-up of occurrences in civil aviation amending Regulation (EU) No 996/2010 of the European Parliament and of the Council and repealing Directive 2003/42/EC of the European Parliament and of the Council and Commission Regulations (EC) No 1321/2007 and (EC) No 1330/2007 (OJ L 122, 24.4.2014, p. 18); Confidential Safety Reporting form Confidential Safety reporting enables individuals to voluntary report alleged malpractices and irregularities in the field of aviation safety, without having to fear that their action may have adverse consequences for their person. The Agency’s CSR process aims to create an environment of trust and protection for individuals and encourages actively the reporting of alleged malpractices and irregularities in the field of aviation safety. The procedure ensures that persons who report malpractices and irregularities are protected from retaliation or reprisals that could result from their information. The collection of personal data gives EASA the possibility to contact the reporter in case additional information or clarification is needed and, if appropriate, to communicate the results of the follow-up. Title - None -Dr.Mr.Mrs.Ms.Other First name Last name Email NOTE: This section will only be visible to a limited group of EASA staff. Personal data will not be shared with operators, organisations, companies or National Aviation Authorities (NAAs) unless the reporter has given his consent to the sharing of personal data. Reporter Private individual Aviation professional Other Type of aviation professional reporter Flight Crew Members, Pilots Cabin Crew Members Air Traffic Controllers Operator personnel Aircraft engineers, maintenance organisation personnel Production organisation personnel Design organisation personnel Training organisation personnel or student Third country operator personnel Airport personnel Employees and contracted personnel including civil servants Administration or management staff member of an EU member state competent authority Any persons working under the supervision and direction of contractors, subcontractors, and suppliers Please specify Did you already contact the Competent Authority? Yes No Please explain why you did not contact the national Competent Authority (CA). What was the Competent Authority’s response to your concerns?(Please mention the name of the competent authority and explain why you consider it necessary to also bring your concern to EASA’s attention) Subject of the malpractices and irregularities Description of the malpractices and irregularitiesIf possible, please refer to any legal provisions that you consider may have been breached Please provide additional details that you consider relevant, e.g., aircraft type, phase of flight etc. What do you think caused the problem? Do you have any suggestion to prevent a recurrence? Attachment. Please upload any evidence or supporting files. ? For attachments exceeding the size limits, please use EASA FileBox. Do you agree that EASA communicates your personal data to the competent authority in case EASA concludes that the reported matter falls under the oversight of an EU Member State’s or a third-country’s aviation competent authority? Yes, I hereby give EASA free and voluntary consent to the transfer of my personal data included in the report: name, last name, email address, and as the case may be, also other information that I have provided within the report. The transfer shall be performed for the purpose of the processing of my report by the national aviation competent authority in the European Union (EU). In case the processing of personal data would involve their transfer to a national aviation competent authority outside the EU, this transfer will be based on standard EU-approved contract clauses, ensuring an adequate level of protection required by applicable law. No, I am aware that: (i) my report will be anonymised and no personal data will be communicated to the responsible aviation competent authority and (ii) the anonymised report may still be shared with the responsible aviation competent authority if necessary. Your e-mail address and personal details will not be disclosed to anyone outside the EASA Confidential Safety Reporting team, including National Aviation Authorities (NAAs), organisations and companies unless you have voluntarily consented to the transfer of your personal data. Personal data of reporting persons is stored on special IT platforms and is only accessible and visible to the Agency's confidential safety reporting team. Information about your identity will be kept confidential and protected in accordance with the applicable legal framework (Regulation (EC) No 1049/2001 on public access to documents and Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union Institutions, bodies, offices and agencies and on the free movement of such data. All processing of personal data carried out, including the transmission of personal data will be carried out in accordance with Regulation (EU) 2018/1725. Personal data which is manifestly not relevant for the handling of the report will not be collected or, if accidentally collected, will be deleted.