The Aviation Safety (Amendment) Regulations 2023

Amendment of Section B of Annex II to Commission Regulation (EU) No 1321/2014

23.  For Section B (procedure for the CAA) (including the section heading) substitute—

“SECTION BCAA REQUIREMENTS

145.B.005    Scope

This section establishes the conditions for conducting the certification, oversight and enforcement tasks as well as the administrative and management system requirements to be followed by the CAA.

145.B.115    Oversight documentation

The CAA must provide all the standards, rules, technical publications, and related documents to the relevant personnel in order to allow them to perform their tasks and to discharge their responsibilities.

145.B.120    Means of compliance

(a)The CAA must develop an acceptable means of compliance that may be used to establish compliance with Regulation (EU) 2018/1139.

(b)Alternative means of compliance may be used by an organisation to establish compliance with this Regulation when approved by the CAA.

145.B.135    Immediate reaction to a safety problem

(a)Without prejudice to Regulation (EU) No 376/2014, the CAA must implement a system to appropriately collect, analyse and disseminate safety information.

(b)Upon receiving the information referred to in point (a), the CAA must take adequate measures to address the safety problem.

(c)The CAA must immediately notify measures taken under point (b) to all organisations which need to comply with them under Regulation (EU) 2018/1139.

145.B.200    Management system

(a)The CAA must establish and maintain a management system, including as a minimum:

1.policies and procedures set out in writing and kept on record to describe its organisation and the means and methods for establishing compliance with Regulation (EU) 2018/1139. The procedures must be kept up to date, and serve as the basic working documents within the CAA for all its related tasks;

2.a sufficient number of personnel to perform its tasks and discharge its responsibilities. A system must be in place to plan the availability of personnel in order to ensure the proper completion of all tasks;

3.personnel that are qualified to perform their allocated tasks and that have the necessary knowledge and experience and receive initial and recurrent training to ensure continuing competency;

4.adequate facilities and office accommodation for personnel to perform their allocated tasks;

5.a function to monitor the compliance of the management system with the relevant requirements, and the adequacy of the procedures, including the establishment of an internal audit process and a safety risk management process. Compliance monitoring must include a system for feedback of audit findings to the senior management of the CAA to ensure the implementation of corrective actions as necessary;

6.a person or group of persons having a responsibility to the senior management of the CAA for the compliance monitoring function.

(b)The CAA must, for each field of activity, including the management system, appoint one or more persons with the overall responsibility for the management of the relevant tasks.

145.B.205    Allocation of tasks to qualified entities

(a)The CAA may allocate tasks, related to the initial certification or to the continuing oversight of organisations subject to Regulation (EU) 2018/1139 to qualified entities. When allocating tasks, the CAA must ensure that it has:

1.put a system in place to initially and continuously assess whether the qualified entity complies with Annex VI to Regulation (EU) 2018/1139;

2.established a written agreement with the qualified entity, approved by both parties at the appropriate management level, which stipulates:

(i)the tasks to be performed;

(ii)the declarations, reports and records to be provided;

(iii)the technical conditions to be met when performing such tasks;

(iv)the related liability coverage;

(v)the protection given to the information acquired when carrying out such tasks.

(b)The CAA must ensure that the internal audit process and safety risk management process established pursuant to point 145.B.200(a)(5) cover all the certification and continuing oversight tasks performed by the qualified entity on its behalf.

145.B.210    Changes in the management system

(a)The CAA must have a system in place to identify the changes that affect its capability to perform its tasks and discharge its responsibilities as defined in Regulation (EU) 2018/1139. That system must enable the CAA to take action necessary to ensure that its management system remains adequate and effective.

(b)The CAA must update its management system in a timely manner to reflect any changes to Regulation (EU) 2018/1139 to ensure its effective implementation.

145.B.220    Record keeping

(a)The CAA must establish a record-keeping system that allows the adequate storage, accessibility and reliable traceability of:

1.the management system’s documented policies and procedures;

2.the training, qualifications and authorisations of its personnel;

3.the allocation of tasks, covering the elements required by point 145.B.205, as well as the details of tasks allocated;

4.certification processes and continuing oversight of certified organisations, including:

(i)the application for an organisation certificate;

(ii)the CAA’s continuing oversight programme, including all the assessments, audits and inspection records;

(iii)the organisation certificate, including any changes to it;

(iv)a copy of the oversight programme, listing the dates when audits are due and when audits were carried out;

(v)copies of all formal correspondence;

(vi)recommendations for the issue or continuation of a certificate, details of findings and actions taken by the organisations to close those findings, including the date of closure, enforcement actions and observations;

(vii)any assessment, audit and inspection report issued by a competent authority of a third country;

(viii)copies of all the organisation MOEs or manuals, and of any amendments to them;

(ix)copies of any other documents approved by the CAA;

5.documents supporting the use of alternative means of compliance;

6.safety information provided in accordance with point 145.B.125 and follow-up measures;

7.the use of safeguard and flexibility provisions in accordance with Articles 70, 71(1) and 76(4) of Regulation (EU) 2018/1139.

(b)The CAA must maintain a list of all the organisation certificates it has issued.

(c)All the records referred to in points (a) and (b) must be kept for a minimum period of 5 years, subject to data protection law.

145.B.300    Oversight principles

(a)The CAA must verify:

1.compliance with the requirements that are applicable to organisations, prior to issuing an organisation certificate;

2.continued compliance with the applicable requirements of the organisations it has certified;

3.the implementation of appropriate safety measures mandated by the CAA in accordance with point 145.B.135(c).

(b)This verification must:

1.be supported by documentation specifically intended to provide personnel responsible for oversight with guidance to perform their functions;

2.provide the organisations concerned with the results of oversight activities;

3.be based on assessments, audits and inspections and, if needed, unannounced inspections;

4.provide the CAA with the evidence needed in case further action is required, including the measures provided for in point 145.B.350.

(c)The CAA must establish the scope of the oversight set out in points (a) and (b) taking into account the results of past oversight activities and the safety priorities.

(d)The CAA must collect and process any information deemed necessary for performing oversight activities.

145.B.305    Oversight programme

(a)The CAA must establish and maintain an oversight programme covering the oversight activities required by point 145.B.300.

(b)The oversight programme must take into account the specific nature of the organisation, the complexity of its activities, and the results of past certification and oversight activities, and it must be based on the assessment of the associated risks. It must include, within each oversight planning cycle:

1.assessments, audits and inspections, including, as appropriate:

(i)management system assessments and process audits;

(ii)product audits of a relevant sample of the maintenance carried out by the organisation;

(iii)sampling of the airworthiness reviews performed;

(iv)unannounced inspections;

2.meetings convened between the accountable manager and the CAA to ensure that both parties remain informed of all significant issues.

(c)The oversight planning cycle must not exceed 24 months.

(d)Notwithstanding point (c), the oversight planning cycle may be extended to 36 months if the CAA has established that during the previous 24 months:

1.the organisation has demonstrated that it can effectively identify aviation safety hazards and manage the associated risks;

2.the organisation has continuously demonstrated compliance with point 145.A.85 and it has full control over all changes;

3.no level 1 findings have been issued;

4.all corrective actions have been implemented within the time period that was accepted or extended by the CAA as provided for in point 145.B.350.

(e)Notwithstanding points (c) and (d), the oversight planning cycle may be further extended to a maximum of 48 months if, in addition to the conditions provided in points (d)(1) to (4), the organisation has established, and the CAA has approved, an effective continuous system for reporting to the CAA on the safety performance and regulatory compliance of the organisation itself.

(f)The oversight planning cycle may be shortened if there is evidence that the safety performance of the organisation has decreased.

(g)The oversight programme must include records of the dates when assessments, audits, inspections and meetings are due, and when assessments, audits, inspections and meetings have been effectively carried out.

(h)At the completion of each oversight planning cycle, the CAA must issue a recommendation report on the continuation of the approval, reflecting the results of the oversight.

145.B.310    Initial certification procedure

(a)Upon receiving an application from an organisation for the initial issue of a certificate, the CAA must verify the organisation’s compliance with the applicable requirements.

(b)The CAA must convene a meeting with the accountable manager of the applicant at least once during the investigation for initial certification to ensure that that person understands their role and accountability.

(c)The CAA must record all the findings issued, closure actions as well as the recommendations for the issue of the certificate.

(d)The CAA must confirm to the organisation in writing all the findings raised during the verification. For initial certification, all findings must be corrected to the satisfaction of the CAA before the certificate can be issued.

(e)When satisfied that the organisation complies with the applicable requirements, the CAA may:

1.issue the certificate in Appendix III (CAA Form 3-145) in accordance with the class and rating system provided for in Appendix II;

2.formally approve the MOE.

(f)The certificate reference number must be included on the CAA Form 3-145 certificate.

(g)The certificate must be issued for an unlimited duration. The privileges and the scope of the activities that the organisation is approved to conduct, including any limitations as applicable, must be specified in the terms of approval attached to the certificate.

(h)To enable the organisation to implement changes without prior CAA approval in accordance with point 145.A.85(c), the CAA must approve the relevant MOE procedure that sets out the scope of such changes and describes how such changes will be managed and notified to the CAA.

145.B.330    Changes – organisations

(a)Upon receiving an application for a change that requires prior approval, the CAA must verify the organisation’s compliance with the applicable requirements before issuing the approval.

(b)The CAA must establish the conditions under which the organisation may operate during the change unless the CAA determines that the organisation’s certificate needs to be suspended.

(c)When it is satisfied that the organisation complies with the applicable requirements, the CAA must approve the change.

(d)Without prejudice to any additional enforcement measures, if the organisation implements changes requiring prior approval without having received the approval of the CAA pursuant to point (c), the CAA must consider the need to suspend, limit or revoke the organisation’s certificate.

(e)For changes not requiring prior approval, the CAA must include the review of such changes in its continuing oversight in accordance with the principles set out in point 145.B.300. If any non-compliance is found, the CAA may notify the organisation, request further changes, and act in accordance with point 145.B.350.

145.B.350    Findings and corrective actions; observations

(a)The CAA must have a system in place to analyse findings for their safety significance.

(b)The CAA must issue a level 1 finding when any significant non-compliance is detected with the applicable requirements of Regulation (EU) 2018/1139, with the organisation’s procedures or manuals, or with the organisation’s certificate including the terms of approval, which lowers safety or seriously endangers flight safety.

(c)Level 1 findings include:

1.any failure to grant the CAA access to the organisation’s facilities referred to in point 145.A.140 during normal operating hours and after two written requests;

2.obtaining the organisation certificate or maintaining its validity by falsification of the submitted documentary evidence;

3.any evidence of malpractice or fraudulent use of the organisation certificate;

4.the lack of an accountable manager.

(d)The CAA must issue a level 2 finding when any non-compliance is detected with the applicable requirements of Regulation (EU) 2018/1139, with the organisation’s procedures or manuals, or with the organisation’s certificate including the terms of approval, which is not classified as a level 1 finding.

(e)Where a finding is detected during oversight or by any other means, the CAA must, without prejudice to any additional action required by Regulation (EU) 2018/1139, communicate the finding in writing to the organisation and request corrective action to address the non-compliance identified.

1.Where there are any level 1 findings, the CAA must take immediate and appropriate action to prohibit or limit the activities of the organisation involved and, if appropriate, it must take action to revoke the certificate or to limit or suspend it in whole or in part, depending on the extent of the level 1 finding, until successful corrective action has been taken by the organisation.

2.Where there are any level 2 findings, the CAA must:

(i)grant the organisation a corrective action implementation period appropriate to the nature of the finding which must not be more than 3 months. The period must commence from the date of the written communication referred to in point (e). The CAA may extend the corrective action implementation period referred to in point (e) provided the relevant organisation has agreed a corrective action plan with the CAA;

(ii)assess the corrective action plan and implementation plan proposed by the organisation and accept them if they are sufficient to address the non-compliance.

3.If the organisation fails to submit an acceptable corrective action plan, or fails to perform the corrective action within the time period accepted or extended by the CAA, the CAA must raise the finding to level 1 and action must be taken as laid down in point (e)(1).

4.The CAA must record all the findings that it has raised or that have been communicated to it and, where applicable, the enforcement measures it has applied, as well as all corrective actions and the dates of the action closures for all the findings.

(f)The CAA may issue observations for any of the following cases not requiring level 1 or level 2 findings:

1.for any item whose performance has been assessed to be ineffective;

2.when it has been identified that an item has the potential to cause a non-compliance under point (b) or (d);

3.when suggestions or improvements are of interest for the overall safety performance of the organisation.

(g)The CAA must communicate the observations issued under this point in writing to the organisation and must keep a record of those observations.

145.B.355    Suspension, limitation and revocation

The CAA must:

(a)suspend a certificate where it considers that there are reasonable grounds to believe that such action is necessary to prevent a credible threat to aircraft safety;

(b)suspend, revoke or limit a certificate where such action is required pursuant to point 145.B.350;

(c)suspend or limit in whole or in part a certificate where unforeseeable circumstances outside the control of the CAA prevent its inspectors from discharging their oversight responsibilities over the oversight planning cycle.”.