CHAPTER VIIU.K. INFORMATION TECHNOLOGY REQUIREMENTS

Article 75U.K.Use of automated systems

1.Where a Member State chooses to use automated systems for electronic data exchange based on the EU ETS reporting language in accordance with point (a) of Article 74(2), those systems shall ensure in a cost efficient way, through the implementation of technological measures in accordance with the current state of technology:

(a)integrity of data, preventing modification of electronic messages during transmission;

(b)confidentiality of data, through the use of security techniques, including encryption techniques, such that the data is only accessible to the party for which it was intended and that no data can be intercepted by unauthorised parties;

(c)authenticity of data, such that the identity of both the sender and receiver of data is known and verified;

(d)non-repudiation of data, such that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction, by applying methods such as signing techniques, or independent auditing of system safeguards.

2.Any automated systems used by Member States based on the EU ETS reporting language for communication between the competent authority, operator and aircraft operator, as well as verifier and accreditation body within the meaning of Regulation (EU) No 600/2012, shall meet the following non-functional requirements, through implementation of technological measures in accordance with the current state of technology:

(a)access control, such that the system is only accessible to authorised parties and no data can be read, written or updated by unauthorised parties, through implementation of technological measures in order to achieve the following:

(b)availability, such that data accessibility is ensured, even after significant time and the introduction of possible new software;

(c)audit trail, such that it is ensured that changes to data can always be found and analysed in retrospect.