EUR-Lex Access to European Union law
This document is an excerpt from the EUR-Lex website
Document 32023R1769
Commission Implementing Regulation (EU) 2023/1769 of 12 September 2023 laying down technical requirements and administrative procedures for the approval of organisations involved in the design or production of air traffic management/air navigation services systems and constituents and amending Implementing Regulation (EU) 2023/203
Commission Implementing Regulation (EU) 2023/1769 of 12 September 2023 laying down technical requirements and administrative procedures for the approval of organisations involved in the design or production of air traffic management/air navigation services systems and constituents and amending Implementing Regulation (EU) 2023/203
Commission Implementing Regulation (EU) 2023/1769 of 12 September 2023 laying down technical requirements and administrative procedures for the approval of organisations involved in the design or production of air traffic management/air navigation services systems and constituents and amending Implementing Regulation (EU) 2023/203
C/2023/5202
OJ L 228, 15.9.2023, p. 19–38
(BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
In force
15.9.2023 |
EN |
Official Journal of the European Union |
L 228/19 |
COMMISSION IMPLEMENTING REGULATION (EU) 2023/1769
of 12 September 2023
laying down technical requirements and administrative procedures for the approval of organisations involved in the design or production of air traffic management/air navigation services systems and constituents and amending Implementing Regulation (EU) 2023/203
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) 2018/1139 of the European Parliament and of the Council of 4 July 2018 on common rules in the field of civil aviation and establishing a European Union Aviation Safety Agency, and amending Regulations (EC) No 2111/2005, (EC) No 1008/2008, (EU) No 996/2010, (EU) No 376/2014 and Directives 2014/30/EU and 2014/53/EU of the European Parliament and of the Council, and repealing Regulations (EC) No 552/2004 and (EC) No 216/2008 of the European Parliament and of the Council and Council Regulation (EEC) No 3922/91 (1), and in particular Article 43(1) and Article 62(15), point (c) thereof,
Whereas:
(1) |
Taking into account the objectives and principles set out in Articles 1 and 4 to Regulation (EU) 2018/1139, and in particular the nature and risk of the activity concerned, organisations involved in the design or production of air traffic management/air navigation service (ATM/ANS) systems and ATM/ANS constituents, should be required to hold a certificate. |
(2) |
In order to ensure the uniform implementation of and compliance with the essential requirements referred to in Article 40 of Regulation (EU) 2018/1139, for the provision of ATM/ANS this Regulation should lay down rules and procedures for issuing, maintaining, amending, limiting, suspending or revoking the certificates for organisations involved in the design or production of ATM/ANS systems and ATM/ANS constituents, as well as the privileges and responsibilities of the holders of certificates. |
(3) |
The conformity assessment of ATM/ANS equipment laid down in Commission Delegated Regulation (EU) 2023/1768 (2) depends on the nature and the risk of the ATM/ANS service, or on the functionality of a particular ATM/ANS equipment and is based on the existing methodologies and best practices. That Regulation establishes three different types of conformity assessment, in particular: a certification by the Agency of certain ATM/ANS equipment; a declaration by an approved organisation involved in the design or production of ATM/ANS equipment; and a statement of compliance by the ATM/ANS provider or by an approved organisation involved in the design or production of ATM/ANS equipment. |
(4) |
The typical life cycle of ATM/ANS equipment consists of various phases: design, production, installation, operation, maintenance, and decommission. The ATM/ANS provider is usually responsible for some of those phases, while for other phases the organisations involved in the design or production of ATM/ANS equipment are responsible. Therefore, common requirements should be established for the approval and oversight of organisations involved in the design or production of certain ATM/ANS equipment used in the provision of ATM/ANS, in particular those referred to in point 3.1 of Annex VIII to Regulation (EU) 2018/1139. |
(5) |
The European Union Aviation Safety Agency (‘the Agency’) is responsible for all competent authority tasks related to certificates and declarations for ATM/ANS systems and ATM/ANS constituents (‘ATM/ANS equipment’), including oversight and enforcement. To ensure consistency and risk-based assessment and, amongst others, to avoid duplication and administrative burdens, as well as to promote effectiveness in certification and oversight processes, those oversight and enforcement functions should be exercised by the Agency. For the purpose of certification or review of declarations of ATM/ANS equipment, it is necessary that the Agency also oversees the processes established by design and production organisations, including, where necessary, the certification of those organisations. Therefore, the Agency should be responsible for the approval of the organisations involved in the design or production of ATM/ANS equipment and at the same time for the attestation of ATM/ANS equipment. |
(6) |
The competency of the Agency to certify design or production organisations should allow also for a non-discriminatory and harmonised approach towards all design or production organisations applying for a certificate under this Regulation. ATM/ANS equipment put on the market in the Union can be used in all Member States and for all kind of services, no matter whether it is used by ATM/ANS providers active in one or more Member States. It is not possible to categorise the organisations involved in the design and production based on their future catalogue of equipment to be used on a local or Union level. The same principle is to be observed when the Agency is allocating certification and oversight tasks. |
(7) |
In accordance with Article 29(2), point (a), of Regulation (EU) 2021/696 (3) of the European Parliament and of the Council, the European Union Agency for the Space Programme (EUSPA) has been entrusted with the task of managing the exploitation of the European Geostationary Navigation Overlay Service (EGNOS), as provided for in Article 44 of that Regulation. The exploitation of EGNOS covers, amongst other actions, the support to certification and standardisation activities. EUSPA does not perform alone all the tasks relating to the exploitation of EGNOS and instead relies on the expertise of other entities, in particular the European Space Agency (ESA), on activities related to system evolution, design and development of parts of the ground segment. Hence EUSPA should be considered as equivalent to a design or production organisation in the context of this Regulation. |
(8) |
According to the roles and responsibilities defined in Regulation (EU) 2021/696 for EUSPA and ESA, there is not one unique entity responsible for the design of the EGNOS system and its equipment and therefore there is not a single Design and Production Organisation that could be approved by EASA. |
(9) |
Consequently, the specificities of the set-up for the design of the EGNOS system require specific means for the demonstration of compliance with the essential requirements laid down in Regulation (EU) 2018/1139, taking into account that EGNOS is a multimodal service, which should also comply with relevant regulatory requirements for other sectors. |
(10) |
Both agencies should cooperate to assure compliance of the EGNOS system with the relevant ICAO standards so that respective arrangements ensure a level of safety and interoperability equivalent to that resulting from the full application of the requirements for design and production in this Regulation. The cooperation will also include the consultation of EUSPA in the development of detailed specifications. |
(11) |
This Regulation has taken due account of the content of the ATM Master Plan and technological capabilities contained in it. |
(12) |
The Agency has prepared draft implementing rules and submitted them to the Commission with Opinion No 01/2023 in accordance with Article 75(2), points (b) and (c), and Article 76(1) of Regulation (EU) 2018/1139. |
(13) |
In order to make optimal use of existing resources and expertise, the Agency may seek administrative support when executing its certification, oversight and enforcement tasks under this Regulation from national competent authorities. This administrative support should not constitute any delegation of powers or responsibilities of tasks. |
(14) |
In order to include design or production organisations of ATM/ANS equipment in the scope of the management of information security risks with a potential impact on aviation safety Implementing Regulation (EU) 2023/203 should be amended. |
(15) |
The measures provided for in this Regulation are in accordance with the opinion of the Committee referred to in Article 127(1) of Regulation (EU) 2018/1139. |
HAS ADOPTED THIS REGULATION:
Article 1
Subject matter
This Regulation lays down technical requirements and administrative procedures for the approval of organisations involved in the designor production of ATM/ANS systems and ATM/ANS constituents subject to certification in accordance with Article 4 of Delegated Regulation (EU) 2023/1768 or declaration of design compliance in accordance with Article 5 of that Regulation.
Article 2
Definitions
For the purpose of this Regulation the following definitions apply:
(1) |
‘ATM/ANS equipment’ means ATM/ANS constituents as defined by Article 3(6) of Regulation (EU) 2018/1139 and ATM/ANS systems as defined by Article 3(7) of that Regulation, excluding airborne constituents, which are subject to Commission Regulation (EU) No 748/2012 (4); |
(2) |
‘ATM/ANS equipment directive’ means a document issued by the Agency which mandates actions to be performed by ATM/ANS providers on ATM/ANS equipment to address an unsafe and/or insecure condition that has been identified and restore the performance and interoperability of that ATM/ANS equipment when evidence shows that the safety, security, performance or interoperability of that particular equipment may otherwise be compromised. |
Article 3
Competent authority requirements
1. For the purposes of this Regulation, the competent authority responsible for the issue of approvals to organisations involved in the design or production of ATM/ANS equipment and for the oversight and enforcement in respect of those organisations, shall be the Agency.
2. The Agency shall fulfil the detailed requirements laid down in Annex I (Part-DPO.AR) when conducting certification, investigations, inspections, audits and other monitoring activities necessary to ensure the effective oversight of organisations involved in the design or production of ATM/ANS equipment subject to this Regulation. The Agency may seek administrative support from national competent authorities for the performance of its tasks related to certification, oversight and enforcement when executing its functions under this Regulation.
Article 4
Organisations involved in the design, or production of ATM/ANS equipment
1. An organisation involved in the design or production of ATM/ANS equipment subject to certification in accordance with Article 4 of Delegated Regulation (EU) 2023/1768 or declaration of design compliance in accordance with Article 5 of that Regulation shall demonstrate its capability as a design or production organisation for ATM/ANS equipment in accordance with Annex II (Part-DPO.OR).
2. Organisations involved in the design or production of the ATM/ANS equipment of the European Geostationary Navigation Overlay Service (EGNOS) shall be deemed to comply with the requirements of Annex II to this Regulation by demonstrating their compliance with Regulation (EU) 2021/696 and with the management, design and quality standards applicable to EGNOS under that Regulation. Such organisations shall not be required to be approved by the Agency.
The European Union Agency for the Space Programme shall ensure in its role of a design or production organisation that the other organisations involved in the design or production of the equipment of EGNOS follow design and production processes resulting in the level of safety and interoperability equivalent to Annex II (Part-DPO.OR).
Article 5
Amendments to Implementing Regulation (EU) 2023/203 (5)
Implementing Regulation (EU) 2023/203 is amended as follows:
(1) |
in Article 2(1), the following point (j) is added:
(*1) Commission Implementing Regulation (EU) 2023/1769 of 12 September 2023 laying down technical requirements and administrative procedures for the approval of organisations involved in the design or production of air traffic management/air navigation services systems and constituents and amending Implementing Regulation (EU) 2023/203 (OJ L 228, XX.9.2023, p. 19).’ " |
(2) |
in Article 6(1), the following point (h) is added:
|
Article 6
Entry into force
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 12 September 2023.
For the Commission
The President
Ursula VON DER LEYEN
(1) OJ L 212, 22.08.2018, p. 1.
(2) Commission Delegated Regulation (EU) 2023/1768 of 14 July 2023 laying down detailed rules for the certification and declaration of air traffic management/air navigation services systems and air traffic management/air navigation services constituents (see page 1 of this Official Journal).
(3) Regulation (EU) 2021/696 of the European Parliament and of the Council of 28 April 2021 establishing the Union Space Programme and the European Union Agency for the Space Programme and repealing Regulations (EU) No 912/2010, (EU) No 1285/2013 and (EU) No 377/2014 and Decision No 541/2014/EU (OJ L 170, 12.5.2021, p. 69).
(4) Commission Regulation (EU) No 748/2012 of 3 August 2012 laying down implementing rules for the airworthiness and environmental certification of aircraft and related products, parts and appliances, as well as for the certification of design and production organisations (OJ L 224, 21.8.2012, p. 1).
(5) Commission Implementing Regulation (EU) 2023/203 of 27 October 2022 laying down rules for the application of Regulation (EU) 2018/1139 of the European Parliament and of the Council, as regards requirements for the management of information security risks with a potential impact on aviation safety for organisations covered by Commission Regulations (EU) No 1321/2014, (EU) No 965/2012, (EU) No 1178/2011, (EU) 2015/340, Commission Implementing Regulations (EU) 2017/373 and (EU) No 2021/664, and for competent authorities covered by Commission Regulations (EU) No 748/2012, (EU) No 1321/2014, (EU) No 965/2012, (EU) No 1178/2011, (EU) 2015/340 and (EU) No 139/2014, Commission Implementing Regulations (EU) 2017/373 and (EU) No 2021/664 and amending Commission Regulations (EU) No 1178/2011, (EU) No 748/2012, (EU) No 965/2012, (EU) No 139/2014, (EU) No 1321/2014, (EU) 2015/340, and Commission Implementing Regulations (EU) 2017/373 and (EU) No 2021/664 (OJ L 31, 2.2.2023, p. 1).
ANNEX I
REQUIREMENTS FOR THE AGENCY
(Part-DPO.AR)
SUBPART A GENERAL REQUIREMENTS (DPO.AR.A)
DPO.AR.A.001 Scope
This Annex establishes the requirements for the administration and management systems of the Agency for the certification, oversight and enforcement tasks of design or production organisations when the Agency exercises its tasks and responsibilities.
DPO.AR.A.010 Immediate reaction to a safety, security and interoperability problem
(a) |
Without prejudice to Regulation (EU) No 376/2014 of the European Parliament and of the Council (1), and the delegated and implementing acts adopted on the basis thereof, the Agency shall implement a system to appropriately collect, analyse, and disseminate safety, security and interoperability information. |
(b) |
Upon receiving the information referred to in point (a), the Agency shall take appropriate measures to address any identified safety, security, or interoperability problem, including the issuing of ATM/ANS equipment directives in accordance with point ATM/ANS.EQMT.AR.A.030 of Annex I to Delegated Regulation (EU) 2023/1768. |
(c) |
The measures taken under point (b) shall immediately be notified to the organisation concerned, who is obliged to comply with them, in accordance with point DPO.OR.A.035. The competent authorities of the ATM/ANS providers concerned shall also be notified. |
DPO.AR.A.015 Immediate reaction to an information security incident or vulnerability with an impact on aviation safety
(a) |
The Agency shall implement a system to appropriately collect, analyse, and disseminate information related to information security incidents and vulnerabilities with a potential impact on aviation safety that are reported by organisations. This shall be done in coordination with any other relevant authorities responsible for information security or cybersecurity within the Member State to increase the coordination and compatibility of reporting schemes. |
(b) |
Upon receiving the information referred to in point (a), the Agency shall take adequate measures to address the potential impact on aviation safety of the information security incident or vulnerability. |
(c) |
Measures taken in accordance with point (b) shall immediately be notified to all persons or organisations that shall comply with them under Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on its basis. The Agency shall also notify those measures to the competent authorities of the Member States concerned. |
SUBPART B MANAGEMENT (DPO.AR.B)
DPO.AR.B.001 Management system
(a) |
The Agency shall establish and maintain a management system, including, as a minimum, the following elements:
|
(b) |
The Agency shall, for each field of activity included in the management system, appoint one or more persons with the overall responsibility for the management of the relevant task(s). |
(c) |
The Agency shall establish procedures for its participation in a mutual exchange of all the necessary information with any other competent authority(ies) referred to in Article 4 of Commission Implementing Regulation (EU) 2017/373 (2) and provide them with assistance or request assistance from them, including any information that stems from mandatory and voluntary occurrence reporting as required by point DPO.OR.A.045. |
(d) |
The management system established and maintained by the Agency shall comply with Annex I (Part-IS.AR) of Implementing Regulation (EU) 2023/203 in order to ensure the proper management of information security risks which may have an impact on aviation safety. |
DPO.AR.B.010 Changes in the management system
(a) |
The Agency shall have a system in place to identify those changes that affect its capability to perform its tasks and discharge its responsibilities as set out in Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on the basis thereof. That system shall enable the Agency to take action, as appropriate, to ensure that the management system remains adequate and effective. |
(b) |
The Agency shall update its management system to reflect any changes to Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on the basis thereof, in a timely manner, so as to ensure the effective implementation of its management system. |
DPO.AR.B.015 Record-keeping
(a) |
The Agency shall establish and maintain a record-keeping system that provides for adequate storage, accessibility, and reliable traceability of:
|
(b) |
The Agency shall maintain a list of all the certificates it has issued and of any declarations it has registered. |
(c) |
All the records referred to in points (a) and (b) shall be stored in a manner that ensures protection against damage, alteration and theft and kept for a minimum period of five years after the approvals and certificates cease to be valid or the declarations are withdrawn, subject to the applicable data protection law. |
SUBPART C CERTIFICATION, OVERSIGHT, AND ENFORCEMENT (DPO.AR.C)
DPO.AR.C.001 Issue of approvals to organisations involved in the design or production of ATM/ANS equipment
(a) |
Upon receiving an application for the issue of an approval to an organisation involved in the design or production of ATM/ANS equipment, the Agency shall verify the organisation’s compliance with the requirements laid down in Annexes II and III of Delegated Regulation (EU) 2023/1768 and in Annex II to this Regulation. |
(b) |
The Agency may request any audits, inspections or assessments it finds necessary before issuing the approval with all the relevant information set out in Appendix 1 to this Annex. |
(c) |
The approval shall be issued for an unlimited duration. The privileges as regards the activities the organisation is approved to conduct shall be specified in the conditions attached to the approval.
|
(d) |
The approval shall not be issued where a level 1 finding referred to in DPO.AR.C.015 remains open. In exceptional circumstances, finding(s) other than level 1 shall be assessed and mitigated as necessary by the organisation and a corrective action plan for closing the finding(s) shall be approved by the Agency prior to the issue of the approval. |
(e) |
Each change to the approval and to its conditions shall be approved by the Agency. |
DPO.AR.C.005 Oversight programme
(a) |
The Agency shall establish and update annually an oversight programme taking into account the specific nature of the organisations it oversees, the complexity of their activities, and the results of past certification or oversight activities, and shall base it on the assessment of the associated risks. The oversight programme shall include audits, which shall:
|
(b) |
The Agency may decide to modify the objectives and the scope of the preplanned audits, including documentary reviews and additional audits, wherever that need arises. |
(c) |
The Agency shall decide which arrangements, elements, physical locations, and activities are to be audited within a specified time frame. |
(d) |
Audit observations and findings issued in accordance with point DPO.AR.C.015 shall be documented. |
(e) |
The findings shall be supported by evidence and identified in terms of applicable requirements and their implementation arrangements against which the audit has been conducted. |
(f) |
An audit report, including the details of findings and observations, shall be prepared and communicated to the organisation concerned. |
DPO.AR.C.010 Changes to the information security management system
(a) |
For changes managed and notified to the Agency in accordance with the procedure set out in point IS.I.OR.255(a) of Annex II (Part-IS.I.OR) to Implementing Regulation (EU) 2023/203, the Agency shall include the review of such changes in its continuing oversight programme in accordance with the principles laid down in point DPO.AR.C.005 of this Annex. If any non-compliance is found, the Agency shall notify the organisation thereof, request further changes and act in accordance with point DPO.AR.C.015 of this Annex. |
(b) |
With regard to other changes requiring an application for approval in accordance with point IS.I.OR.255(b) of Annex II (Part-IS.I.OR) to Implementing Regulation (EU) 2023/203:
|
DPO.AR.C.015 Findings, corrective actions, and enforcement measures
(a) |
When the Agency, during investigation, oversight or by any other means, identifies any non-compliance with the applicable requirements of this Regulation of a procedure or manual required by this Regulation, or of a certificate or declaration issued in accordance with this Regulation, it shall, without prejudice to any additional action required by Regulation (EU) 2018/1139, raise a finding. |
(b) |
The Agency shall have a system in place to:
|
(c) |
A level 1 finding shall be raised by the Agency when it identifies any significant non-compliance with the ATM/ANS certification basis as per point ATM/ANS.EQMT.AR.B.001 of Annex I to Delegated Regulation (EU) 2023/1768 that may lead to uncontrolled non-compliance and to a potential unwanted condition. Level 1 findings shall include but are not limited to:
|
(d) |
A level 2 finding shall be raised by the Agency where non-compliance with any of the following is identified:
which is not classified as a level 1 finding. |
(e) |
Where a finding is raised, the Agency shall, without prejudice to any additional action required by Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on its basis, communicate the finding in writing to the organisation concerned and require it to take corrective action to address the non-compliance(s) identified.
|
(f) |
For those cases where level 1 and level 2 findings are not required, the Agency may issue observations. |
(g) |
The Agency shall:
|
(h) |
Upon taking enforcement measures in accordance with point (g), the Agency shall notify them to the addressee, state the reasons for them, and inform the addressee of its right to appeal. |
(1) Regulation (EU) No 376/2014 of the European Parliament and of the Council of 3 April 2014 on the reporting, analysis and follow-up of occurrences in civil aviation, amending Regulation (EU) No 996/2010 of the European Parliament and of the Council and repealing Directive 2003/42/EC of the European Parliament and of the Council and Commission Regulations (EC) No 1321/2007 and (EC) No 1330/2007 (OJ L 122, 24.4.2014, p. 18).
(2) Commission Implementing Regulation (EU) 2017/373 of 1 March 2017 laying down common requirements for providers of air traffic management/air navigation services and other air traffic management network functions and their oversight, repealing Regulation (EC) No 482/2008, Implementing Regulations (EU) No 1034/2011, (EU) No 1035/2011 and (EU) 2016/1377 and amending Regulation (EU) No 677/2011 (OJ L 62, 8.3.2017, p. 1).
Appendix 1
SPECIFICATIONS OF THE APPROVAL OF AN ORGANISATION INVOLVED IN THE DESIGN OR PRODUCTION OF ATM/ANS EQUIPMENT
The approval shall specify:
(a) |
the Agency as the competent authority that issues the approval; |
(b) |
the applicant’s name and postal address; |
(c) |
the applicant’s scope of work; |
(d) |
the location where the activities are to be performed; |
(e) |
the associated privileges for which the applicant has been approved; |
(f) |
a statement of the applicant’s conformity and compliance with the applicable requirements; |
(g) |
the date of issue and the validity of the approval; |
(h) |
the additional conditions or limitations attached to it. |
ANNEX II
REQUIREMENTS FOR ORGANISATIONS INVOLVED IN THE DESIGN OR PRODUCTION OF ATM/ANS EQUIPMENT
(Part-DPO.OR)
SUBPART A GENERAL REQUIREMENTS (DPO.OR.A)
DPO.OR.A.001 Scope
This Annex establishes the common requirements as regards the rights and obligations of an applicant for, and a holder of, an organisation approval for the design or production of ATM/ANS equipment.
DPO.OR.A.005 Eligibility
Any natural or legal person who has demonstrated, or is set to demonstrate, their capability to design or produce ATM/ANS equipment in accordance with point DPO.OR.A.010, may apply for a design or production organisation approval under the conditions laid down in this Annex.
DPO.OR.A.010 Application for a design or production organisation approval and demonstration of capability
(a) |
An application for a design or production organisation approval shall be made in a form and manner established by the Agency. |
(b) |
In order to obtain an approval, an organisation involved in the design or production of ATM/ANS equipment shall comply with the requirements set out in this Regulation where those requirements are applicable to the design or production of ATM/ANS systems and ATM/ANS constituents that the organisation performs or intends to perform. |
DPO.OR.A.015 Organisation exposition
(a) |
An organisation involved in the design or production of ATM/ANS equipment shall establish and maintain an organisation exposition, which provides the following information:
|
(b) |
The organisation exposition shall be amended as necessary to remain an up-to-date description of the organisation, and a copy of it, including its amendments, shall be supplied to the Agency. |
(c) |
An application for a change approval referred to in point DPO.OR.B.005 of this Annex shall be based on the submission of the proposed changes to the organisation exposition. |
DPO.OR.A.025 Duration, continued validity and privileges of an organisation approval
(a) |
An organisation’s approval shall remain valid for an unlimited period of time provided that:
|
(b) |
Upon revocation or surrender of the approval, if issued in a paper format, it shall be returned to the Agency without delay. |
(c) |
The holder of an organisation approval shall be entitled, within the scope of its terms of approval and under the relevant procedures of the design management system:
|
DPO.OR.A.030 Facilitation and cooperation
(a) |
An organisation involved in the design or production of ATM/ANS equipment shall facilitate the inspections and audits performed by the Agency or by a qualified entity that acts on its behalf, and it shall cooperate as necessary for the efficient and effective exercise of the powers of the Agency. |
(b) |
An organisation involved in the design or production of ATM/ANS equipment shall cooperate with and support the ATM/ANS providers using its ATM/ANS equipment in their compliance demonstration process to the competent authorities concerned. |
DPO.OR.A.035 Findings and corrective actions
Following the receipt of the notification of findings from the Agency, the organisation involved in the design or production of ATM/ANS equipment shall:
(a) |
identify the root cause of the non-compliance; |
(b) |
define a corrective action plan; |
(c) |
demonstrate the implementation of the corrective action to the satisfaction of the Agency within the time period proposed and approved by the Agency, as defined in point (e)(2) of point DPO.AR.C.015. |
DPO.OR.A.040 Immediate reaction to a safety, security and interoperability problem
An organisation involved in the design or production of ATM/ANS equipment shall implement any safety and security measures, including ATM/ANS equipment directives, taken by the Agency in accordance with points DPO.AR.A.010 and DPO.AR.A.015.
DPO.OR.A.045 Failures, malfunctions, and defects
(a) |
The holder of an approval issued in accordance with this Regulation shall:
|
(b) |
For organisations that have their principal place of business in a Member State, the system established in accordance with point (a)(1) shall include provisions for occurrence reporting and follow-up that meet the requirements of Regulations (EU) No 376/2014 and (EU) No 2018/1139 and the delegated and implementing acts adopted on their basis. |
(c) |
The approval holder shall report to the Agency any failure, malfunction, defect or other occurrence of which it is aware, and which has resulted or may result in an unsafe, insecure, or under-performing condition. |
(d) |
For approval holders that do not have their principal place of business in a Member State, reports shall be made in a form and manner established by the Agency, as soon as practicable and in any case submitted not later than 72 hours after the person or organisation has become aware of the particular occurrence, unless exceptional circumstances prevent this. |
(e) |
The approval holder shall investigate an occurrence that has been reported under point (c), including the deficiencies that have led to that occurrence, and report to the Agency the results of its investigation and any action it intends to take or proposes to take to correct these deficiencies. |
DPO.OR.A.050 Approval transferability
An organisation approval is not transferable, except as a result of a change in the ownership of the organisation.
SUBPART B MANAGEMENT (DPO.OR.B)
DPO.OR.B.001 Management system
(a) |
An organisation involved in the design or production of ATM/ANS equipment shall implement and maintain a management system that includes the following:
|
(b) |
An organisation involved in the design or production of ATM/ANS equipment shall document all key management system processes, including a process for making personnel aware of their responsibilities, and the procedure for amending those processes. |
(c) |
An organisation involved in the design or production of ATM/ANS equipment shall establish a function within its management system to monitor its compliance with the applicable requirements and the adequacy of the established procedures. Compliance monitoring shall include a feedback system of findings to the accountable manager to ensure the effective implementation of corrective actions, as necessary. |
(d) |
The management system shall be proportionate to the size of the organisation involved in the design or production of ATM/ANS equipment and the complexity of its activities, taking into account the hazards and associated risks inherent in those activities. |
(e) |
In addition to the management system referred to in point (a), the organisation involved in the design or production of ATM/ANS equipment shall establish, implement and maintain an information security management system in accordance with Implementing Regulation (EU) 2023/203 in order to ensure the proper management of information security risks which may have an impact on aviation safety. |
DPO.OR.B.005 Change management
(a) |
Following the issue of an organisation’s approval, any change to the management system that is significant shall be approved by the Agency before being implemented unless such a change is notified and managed in accordance with a procedure approved by the Agency. The organisation shall submit to the Agency an application for approval demonstrating continuous compliance with the applicable requirements. |
(b) |
Each change to ATM/ANS equipment shall be notified to and approved by the Agency before being implemented unless such a change is managed in accordance with a change management procedure approved by the Agency. This change management procedure shall define the classification of the changes to the ATM/ANS equipment and describe how such changes will be notified and managed. |
DPO.OR.B.010 Facility requirements
An organisation involved in the design or production of ATM/ANS equipment shall ensure that its facilities and equipment, including testing facilities and equipment, are adequate and suitable to perform and manage all its tasks and activities in accordance with the applicable requirements.
DPO.OR.B.015 Contracted activities
(a) |
Contracted activities include all those activities that are within the scope of the organisation’s activities, in accordance with the terms of the certificate, which are performed by other organisations either themselves certified to carry out such activities or, if not certified, working under such an organisation’s supervision. An organisation involved in the design or production of ATM/ANS equipment shall ensure that when it contracts any part of its activities to, or when it purchases any part of its activities from, external organisations, the contracted or purchased activity, as applicable, conforms with the applicable requirements. |
(b) |
When an organisation involved in the design or production of ATM/ANS equipment contracts any part of its activities to an organisation that is not itself certified in accordance with this Regulation to carry out such activities, it shall ensure that the contracted organisation works under its supervision. An organisation involved in the design or production of ATM/ANS equipment shall ensure that the Agency is given access to the contracted organisation to determine its continued compliance with the applicable requirements of this Regulation. |
DPO.OR.B.020 Personnel requirements
(a) |
An organisation involved in the design or production of ATM/ANS equipment shall appoint an accountable manager who has the authority to ensure that all activities may be financed and carried out in accordance with the applicable requirements of this Regulation. The accountable manager shall be responsible for establishing and maintaining an effective management system. |
(b) |
The authority, duties, and responsibilities of the nominated post-holders, in particular management personnel in charge of safety, quality, security, finance and human-resources, shall also be defined. |
DPO.OR.B.025 Record-keeping
(a) |
An organisation involved in the design or production of ATM/ANS equipment shall establish a record-keeping system that allows for the adequate storage of records and the reliable traceability of all its activities, covering in particular all the elements indicated in point DPO.OR.B.001. |
(b) |
The format and the retention period of the records referred to in point (a) shall be specified in the organisation’s management system procedures. |
(c) |
Records shall be stored in a manner that ensures their protection against damage, alteration, and theft. |
(d) |
An organisation involved in the design or production of ATM/ANS equipment shall maintain a register of the ATM/ANS equipment deployed. |
SUBPART C TECHNICAL REQUIREMENTS (DPO.OR.C)
DPO.OR.C.001 Organisations involved in the design or production of ATM/ANS equipment
(a) |
An applicant for, and a holder of, a design or production organisation approval for ATM/ANS equipment shall be entitled, as applicable, to any of the following:
|
(b) |
As regards design activities, an organisation involved in the design or production of ATM/ANS equipment shall:
|
(c) |
As regards production activities, an organisation involved in the design or production of ATM/ANS equipment shall:
|
(d) |
In addition to point (c), an organisation involved in the production of ATM/ANS equipment shall be entitled, within the scope of its terms of approval, to determine that each completed ATM/ANS equipment conforms with the applicable design data and is in a condition for safe operation before issuing an EASA release form stating that the ATM/ANS equipment has been produced in accordance with the applicable requirements of this Regulation and with the applicable design data. |
(e) |
The EASA release form referred to in point (d) for each ATM/ANS equipment manufactured shall contain at least the following information:
|
DPO.OR.C.005 Coordination
An organisation involved in the design or production of ATM/ANS equipment shall ensure:
(a) |
the satisfactory coordination, with the appropriate arrangements, between design and production activities, as appropriate; |
(b) |
the satisfactory coordination with and proper support to the relevant ATM/ANS providers and aviation undertaking(s) as regards the continued suitability of the ATM/ANS equipment, as applicable. |
DPO.OR.C.010 ATM/ANS equipment directives
When the Agency issues an ATM/ANS equipment directive, pursuant to point ATM/ANS.EQMT.CERT.065 of Annex II to Delegated Regulation (EU) 2023/1768, the organisation involved in the design or production of ATM/ANS equipment shall:
(a) |
propose an appropriate corrective action and submit it together with details to the Agency for approval; |
(b) |
following the approval by the Agency of the proposal referred to in point (a), make available to all known users or owners of ATM/ANS equipment appropriate descriptive data and accomplishment instructions and, on request, to any person required to comply with the ATM/ANS equipment directive. |