REGULATION (EC) NO 300/2008 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 11 March 2008
on common rules in the field of civil aviation security and repealing Regulation (EC) No 2320/2002
(Text with EEA relevance)
REGULATION (EC) NO 300/2008 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 11 March 2008
on common rules in the field of civil aviation security and repealing Regulation (EC) No 2320/2002
(Text with EEA relevance)
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty establishing the European Community, and in particular Article 80(2) thereof,
Having regard to the proposal from the Commission,
Having regard to the opinion of the European Economic and Social Committee,
Having consulted the Committee of the Regions,
Acting in accordance with the procedure laid down in Article 251 of the Treaty, in the light of the joint text approved by the Conciliation Committee on 16 January 2008.
Whereas:
- In order to protect persons and goods within the European Union, acts of unlawful interference with civil aircraft that jeopardise the security of civil aviation should be prevented by establishing common rules for safeguarding civil aviation. This objective should be achieved by setting common rules and common basic standards on aviation security as well as mechanisms for monitoring compliance.
- It is desirable, in the interests of civil aviation security generally, to provide the basis for a common interpretation of Annex 17 to the Chicago Convention on International Civil Aviation of 7 December 1944.
- Regulation (EC) No 2320/2002 of the European Parliament and of the Council of 16 December 2002 establishing common rules in the field of civil aviation security was adopted as a result of the events of 11 September 2001 in the United States. A common approach is needed in the field of civil aviation security and consideration should be given to the most effective means of offering assistance following terrorist acts that have a major impact in the transport field.
- The content of Regulation (EC) No 2320/2002 should be revised in the light of the experience gained, and the Regulation itself should be repealed and replaced by this Regulation seeking the simplification, harmonisation and clarification of the existing rules and the improvement of the levels of security.
- Given the need for more flexibility in adopting security measures and procedures in order to meet evolving risk assessments and to allow new technologies to be introduced, this Regulation should lay down the basic principles of what has to be done in order to safeguard civil aviation against acts of unlawful interference without going into the technical and procedural details of how they are to be implemented.
- This Regulation should apply to airports serving civil aviation located in the territory of a Member State, to operators providing services at such airports and to entities providing goods and/or services to or through such airports.
- Without prejudice to the Convention on offences and certain other acts committed on board aircraft, Tokyo, 1963, the Convention for the suppression of unlawful seizure of aircraft, The Hague, 1970, and the Convention for the suppression of unlawful acts against the safety of civil aviation, Montreal, 1971, this Regulation should also cover security measures that apply on board an aircraft, or during a flight, of Community air carriers.
- Each Member State retains the competence to decide whether to deploy in-flight security officers on aircraft registered in that Member State and on flights of air carriers licensed by it as well as to ensure, in accordance with paragraph 4.7.7 of Annex 17 to the Chicago Convention on International Civil Aviation and under the terms of that Convention, that such officers are government personnel who are specially selected and trained, taking into account the required security and safety aspects on board an aircraft.
- The various types of civil aviation do not necessarily present the same level of threat. In setting common basic standards on aviation security, the size of the aircraft, the nature of the operation and/or the frequency of operations at airports should be taken into account with a view to permitting the grant of derogations.
- Member States should also be allowed, on the basis of a risk assessment, to apply more stringent measures than those laid down in this Regulation.
- Third countries may require the application of measures that differ from those laid down in this Regulation in respect of flights from an airport in a Member State to, or over, that third country. However, without prejudice to any bilateral agreements to which the Community is a party, it should be possible for the Commission to examine the measures required by the third country.
- Even though, within a single Member State, there may be two or more bodies involved in aviation security, each Member State should designate a single authority responsible for the coordination and monitoring of the implementation of security standards.
- In order to define responsibilities for the implementation of the common basic standards on aviation security and to describe what measures are required by operators and other entities for this purpose, each Member State should draw up a national civil aviation security programme. Furthermore, each airport operator, air carrier and entity implementing aviation security standards should draw up, apply and maintain a security programme in order to comply both with this Regulation and with whichever national civil aviation security programme is applicable.
- In order to monitor compliance with this Regulation and with the national civil aviation security programme, each Member State should draw up and ensure the implementation of a national programme to check the level and quality of civil aviation security.
- In order to monitor the application by Member States of this Regulation, and also to make recommendations to improve aviation security, the Commission should conduct inspections, including unannounced inspections.
- As a general rule, the Commission should publish measures that have a direct impact on passengers. Implementing acts setting out common measures and procedures for the implementation of the common basic standards on aviation security which contain sensitive security information, together with Commission inspection reports and the answers of the appropriate authorities should be regarded as EU classified information within the meaning of Commission Decision 2001/844/EC, ECSC, Euratom of 29 November 2001 amending its internal rules of procedure. Those items should not be published and should be made available only to those operators and entities with a legitimate interest.
- The measures necessary for the implementation of this Regulation should be adopted in accordance with Council Decision 1999/468/EC of 28 June 1999 laying down the procedures for the exercise of implementing powers conferred on the Commission.
- In particular, the Commission should be empowered to adopt general measures amending non-essential elements of the common basic standards by supplementing them, set criteria allowing Member States both to derogate from the common basic standards and to adopt alternative security measures, and adopt specifications for national quality control programmes. Since those measures are of general scope and are designed to amend non-essential elements of this Regulation by supplementing it with new non-essential elements, they must be adopted in accordance with the regulatory procedure with scrutiny provided for in Article 5a of Decision 1999/468/EC.
- When, on imperative grounds of urgency, the normal time-limits for the regulatory procedure with scrutiny cannot be complied with, the Commission should be able to apply the urgency procedure provided for in Article 5a(6) of Decision 1999/468/EC for the adoption of common rules for safeguarding civil aviation.
- The goal of ‘one-stop security’ for all flights within the European Union should be advanced.
- Furthermore, it should not be necessary to rescreen passengers or their baggage arriving on flights from third countries that have aviation security standards equivalent to those laid down by this Regulation. Therefore, without prejudice to the right of each Member State to apply more stringent measures, or to the respective competences of the Community and Member States, decisions of the Commission, and, where necessary, agreements between the Community and third countries, which recognise that the security standards applied in the third country are equivalent to the common standards, should be encouraged since these further one-stop security.
- This Regulation is without prejudice to the application of rules on aviation safety, including those relating to the transport of dangerous goods.
- Penalties should be provided for infringements of the provisions of this Regulation. Those penalties, which may be of a civil or administrative nature, should be effective, proportionate and dissuasive.
- The Ministerial Statement on Gibraltar Airport, agreed in Cordoba on 18 September 2006 during the first Ministerial meeting of the Forum of Dialogue on Gibraltar, will replace the Joint Declaration on Gibraltar Airport made in London on 2 December 1987, and full compliance with it will be deemed to constitute compliance with the 1987 Declaration.
- Since the objectives of this Regulation, namely to safeguard civil aviation against acts of unlawful interference and to provide a basis for a common interpretation of Annex 17 to the Chicago Convention on International Civil Aviation, cannot be sufficiently achieved by the Member States and can therefore, by reason of the scale and effects of this Regulation, be better achieved at Community level, the Community may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty. In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives,
HAVE ADOPTED THIS REGULATION:
Article 1
Objectives
1. This Regulation establishes common rules to protect civil aviation against acts of unlawful interference that jeopardise the security of civil aviation.
It also provides the basis for a common interpretation of Annex 17 to the Chicago Convention on International Civil Aviation.
2. The means of achieving the objectives set out in paragraph 1 shall be:
- the setting of common rules and common basic standards on aviation security;
- mechanisms for monitoring compliance.
Article 2
Scope
1. This Regulation shall apply to the following:
- all airports or parts of airports located in the territory of a Member State that are not exclusively used for military purposes;
- all operators, including air carriers, providing services at airports referred to in point (a);
- all entities applying aviation security standards that operate from premises located inside or outside airport premises and provide goods and/or services to or through airports referred to in point (a).
2. The application of this Regulation to the airport of Gibraltar is understood to be without prejudice to the respective legal positions of the Kingdom of Spain and the United Kingdom with regard to the dispute over sovereignty over the territory in which the airport is situated.
Article 3
Definitions
For the purposes of this Regulation:
1. ‘civil aviation’ means any air operation carried out by civil aircraft, excluding operations carried out by State aircraft referred to in Article 3 of the Chicago Convention on International Civil Aviation;
2. ‘aviation security’ means the combination of measures and human and material resources intended to safeguard civil aviation against acts of unlawful interference that jeopardise the security of civil aviation;
3. ‘operator’ means a person, organisation or enterprise engaged, or offering to engage, in an air transport operation;
4. ‘air carrier’ means an air transport undertaking holding a valid operating licence or equivalent;
5. ‘Community air carrier’ means an air carrier holding a valid operating licence granted by a Member State in accordance with Council Regulation (EEC) No 2407/92 of 23 July 1992 on licensing of air carriers;
6. ‘entity’ means a person, organisation or enterprise, other than an operator;
7. ‘prohibited articles’ means weapons, explosives or other dangerous devices, articles or substances that may be used to commit an act of unlawful interference that jeopardises the security of civil aviation;
8. ‘screening’ means the application of technical or other means which are intended to identify and/or detect prohibited articles;
9. ‘security control’ means the application of means by which the introduction of prohibited articles may be prevented;
10. ‘access control’ means the application of means by which the entry of unauthorised persons or unauthorised vehicles, or both, may be prevented;
11. ‘airside’ means the movement area of an airport, adjacent terrain and buildings or portions thereof, access to which is restricted;
12. ‘landside’ means those parts of an airport, adjacent terrain and buildings or portions thereof that are not airside;
13. ‘security restricted area’ means that area of airside where, in addition to access being restricted, other aviation security standards are applied;
14. ‘demarcated area’ means an area that is separated by means of access control either from security restricted areas, or, if the demarcated area itself is a security restricted area, from other security restricted areas of an airport;
15. ‘background check’ means a recorded check of a person’s identity, including any criminal history, as part of the assessment of an individual’s suitability for unescorted access to security restricted areas;
16. ‘transfer passengers, baggage, cargo or mail’ means passengers, baggage, cargo or mail departing on an aircraft other than that on which they arrived;
17. ‘transit passengers, baggage, cargo or mail’ means passengers, baggage, cargo or mail departing on the same aircraft as that on which they arrived;
18. ‘potentially disruptive passenger’ means a passenger who is either a deportee, a person deemed to be inadmissible for immigration reasons or a person in lawful custody;
19. ‘cabin baggage’ means baggage intended for carriage in the cabin of an aircraft;
20. ‘hold baggage’ means baggage intended for carriage in the hold of an aircraft;
21. ‘accompanied hold baggage’ means baggage, carried in the hold of an aircraft, which has been checked in for a flight by a passenger travelling on that same flight;
22. ‘air carrier mail’ means mail whose origin and destination are both an air carrier;
23. ‘air carrier materials’ means materials either whose origin and destination are both an air carrier or that are used by an air carrier;
24. ‘mail’ means dispatches of correspondence and other items, other than air carrier mail, tendered by and intended for delivery to postal services in accordance with the rules of the Universal Postal Union;
25. ‘cargo’ means any property intended for carriage on an aircraft, other than baggage, mail, air carrier mail, air carrier materials and in-flight supplies;
26. ‘regulated agent’ means an air carrier, agent, freight forwarder or any other entity who ensures security controls in respect of cargo or mail;
27. ‘known consignor’ means a consignor who originates cargo or mail for its own account and whose procedures meet common security rules and standards sufficient to allow carriage of cargo or mail on any aircraft;
28. ‘account consignor’ means a consignor who originates cargo or mail for its own account and whose procedures meet common security rules and standards sufficient to allow carriage of that cargo on all-cargo aircraft or mail on all-mail aircraft;
29. ‘aircraft security check’ means an inspection of those parts of the interior of the aircraft to which passengers may have had access, together with an inspection of the hold of the aircraft in order to detect prohibited articles and unlawful interferences with the aircraft;
30. ‘aircraft security search’ means an inspection of the interior and accessible exterior of the aircraft in order to detect prohibited articles and unlawful interferences that jeopardise the security of the aircraft;
31. ‘in-flight security officer’ means a person who is employed by a state to travel on an aircraft of an air carrier licensed by it with the purpose of protecting that aircraft and its occupants against acts of unlawful interference that jeopardise the security of the flight.
Article 4
Common basic standards
1. The common basic standards for safeguarding civil aviation against acts of unlawful interference that jeopardise the security of civil aviation shall be as laid down in the Annex.
Additional common basic standards not foreseen at the entry into force of this Regulation should be added to the Annex in accordance with the procedure referred to in Article 251 of the Treaty.
2. General measures, designed to amend non-essential elements of the common basic standards referred to in paragraph 1 by supplementing them, shall be adopted in accordance with the regulatory procedure with scrutiny referred to in Article 19(3).
These general measures shall concern:
- methods of screening allowed;
- categories of articles that may be prohibited;
- as regards access control, grounds for granting access to airside and security restricted areas;
- methods allowed for the examination of vehicles, aircraft security checks and aircraft security searches;
- criteria for recognising the equivalence of security standards of third countries;
- conditions under which cargo and mail shall be screened or subjected to other security controls, as well as the process for the approval or designation of regulated agents, known consignors and account consignors;
- conditions under which air carrier mail and air carrier materials shall be screened or subjected to other security controls;
- conditions under which in-flight supplies and airport supplies shall be screened or subjected to other security controls, as well as the process for the approval or designation of regulated suppliers and known suppliers;
- criteria for defining critical parts of security restricted areas;
- criteria for staff recruitment and methods of training;
- conditions under which special security procedures or exemptions from security controls may be applied; and
- any general measures designed to amend non-essential elements of the common basic standards referred to in paragraph 1 by supplementing them not foreseen at the date of entry into force of this Regulation.
On imperative grounds of urgency, the Commission may use the urgency procedure referred to in Article 19(4).
3. Detailed measures for the implementation of the common basic standards referred to in paragraph 1 and the general measures referred to in paragraph 2 shall be laid down in accordance with the regulatory procedure referred to in Article 19(2).
These shall include:
- requirements and procedures for screening;
- a list of prohibited articles;
- requirements and procedures for access control;
- requirements and procedures for the examination of vehicles, aircraft security checks and aircraft security searches;
- decisions to recognise the equivalence of security standards applied in a third country;
- as regards cargo and mail, procedures for the approval or designation of, and the obligations to be fulfilled by, regulated agents, known consignors and account consignors;
- requirements and procedures for security controls of air carrier mail and air carrier materials;
- as regards in-flight supplies and airport supplies, procedures for the approval or designation of, and the obligations to be fulfilled by, regulated suppliers and known suppliers;
- definition of critical parts of security restricted areas;
- staff recruitment and training requirements;
- special security procedures or exemptions from security controls;
- technical specifications and procedures for approval and use of security equipment; and
- requirements and procedures concerning potentially disruptive passengers.
4. The Commission shall, by amending this Regulation through a decision in accordance with the regulatory procedure with scrutiny referred to in Article 19(3), set criteria to allow Member States to derogate from the common basic standards referred to in paragraph 1 and to adopt alternative security measures that provide an adequate level of protection on the basis of a local risk assessment. Such alternative measures shall be justified by reasons relating to the size of the aircraft, or by reasons relating to the nature, scale or frequency of operations or of other relevant activities.
On imperative grounds of urgency, the Commission may use the urgency procedure referred to in Article 19(4).
The Member States shall inform the Commission of such measures.
5. Member States shall ensure the application in their territory of the common basic standards referred to in paragraph 1. Where a Member State has reason to believe that the level of aviation security has been compromised through a security breach, it shall ensure that appropriate and prompt action is taken to rectify that breach and ensure the continuing security of civil aviation.
Article 5
Subject to the relevant rules of Community law, each Member State may determine in which circumstances, and the extent to which, the costs of security measures taken under this Regulation to protect civil aviation against acts of unlawful interference should be borne by the State, the airport entities, air carriers, other responsible agencies, or users. If appropriate, and in conformity with Community law, Member States may contribute with users to the costs of more stringent security measures taken under this Regulation. As far as may be practicable, any charges or transfers of security costs shall be directly related to the costs of providing the security services concerned and shall be designed to recover no more than the relevant costs involved.
Article 6
More stringent measures applied by Member States
1. Member States may apply more stringent measures than the common basic standards referred to in Article 4. In doing so, they shall act on the basis of a risk assessment and in compliance with Community law. Τhose measures shall be relevant, objective, non-discriminatory and proportional to the risk that is being addressed.
2. Member States shall inform the Commission of such measures as soon as possible after their application. Upon reception of such information, the Commission shall transmit this information to the other Member States.
3. Member States are not required to inform the Commission where the measures concerned are limited to a given flight on a specific date.
Article 7
Security measures required by third countries
1. Without prejudice to any bilateral agreements to which the Community is a party, a Member State shall notify the Commission of measures required by a third country if they differ from the common basic standards referred to in Article 4 in respect of flights from an airport in a Member State to, or over, that third country.
2. At the request of the Member State concerned or on its own initiative, the Commission shall examine the application of any measures notified under paragraph 1 and may, in accordance with the regulatory procedure referred to in Article 19(2), draw up an appropriate response to the third country concerned.
3. Paragraphs 1 and 2 shall not apply if:
- the Member State concerned applies the measures concerned in accordance with Article 6; or
- the requirement of the third country is limited to a given flight on a specific date.
Cooperation with the International Civil Aviation Organisation
Without prejudice to Article 300 of the Treaty, the Commission may conclude a Memorandum of Understanding concerning audits with the International Civil Aviation Organisation (ICAO) in order to avoid duplicate monitoring of Member States’ compliance with Annex 17 to the Chicago Convention on International Civil Aviation.
Appropriate authority
Where, within a single Member State, two or more bodies are involved in civil aviation security, that Member State shall designate a single authority (hereinafter referred to as the appropriate authority) to be responsible for the coordination and monitoring of the implementation of the common basic standards referred to in Article 4.
Article 10
National civil aviation security programme
1. Every Member State shall draw up, apply and maintain a national civil aviation security programme.
That programme shall define responsibilities for the implementation of the common basic standards referred to in Article 4 and shall describe the measures required by operators and entities for this purpose.
2. The appropriate authority shall make available in writing on a ‘need to know’ basis the appropriate parts of its national civil aviation security programme to operators and entities which it deems to have a legitimate interest.
Article 11
National quality control programme
1. Every Member State shall draw up, apply and maintain a national quality control programme.
That programme shall enable the Member State to check the quality of civil aviation security in order to monitor compliance both with this Regulation and with its national civil aviation security programme.
2. The specifications for the national quality control programme shall be adopted by amending this Regulation through the addition of an annex in accordance with the regulatory procedure with scrutiny referred to in Article 19(3).
On imperative grounds of urgency, the Commission may use the urgency procedure referred to in Article 19(4).
The programme shall allow for the swift detection and correction of deficiencies. It shall also provide that all airports, operators and entities responsible for the implementation of aviation security standards that are located in the territory of the Member State concerned shall be regularly monitored directly by, or under the supervision of, the appropriate authority.
Article 12
Airport security programme
1. Every airport operator shall draw up, apply and maintain an airport security programme.
That programme shall describe the methods and procedures which are to be followed by the airport operator in order to comply both with this Regulation and with the national civil aviation security programme of the Member State in which the airport is located.
The programme shall include internal quality control provisions describing how compliance with these methods and procedures is to be monitored by the airport operator.
2. The airport security programme shall be submitted to the appropriate authority, which may take further action if appropriate.
Article 13
Air carrier security programme
1. Every air carrier shall draw up, apply and maintain an air carrier security programme.
That programme shall describe the methods and procedures which are to be followed by the air carrier in order to comply both with this Regulation and with the national civil aviation security programme of the Member State from which it provides services.
The programme shall include internal quality control provisions describing how compliance with these methods and procedures is to be monitored by the air carrier.
2. Upon request, the air carrier security programme shall be submitted to the appropriate authority, which may take further action if appropriate.
3. Where a Community air carrier security programme has been validated by the appropriate authority of the Member State granting the operating licence, the air carrier shall be recognised by all other Member States as having fulfilled the requirements of paragraph 1. This is without prejudice to a Member State’s right to request from any air carrier details of its implementation of:
- the security measures applied by that Member State under Article 6; and/or
- local procedures that are applicable at the airports served.
Article 14
Entity security programme
1. Every entity required under the national civil aviation security programme referred to in Article 10 to apply aviation security standards shall draw up, apply and maintain a security programme.
That programme shall describe the methods and procedures which are to be followed by the entity in order to comply with the national civil aviation security programme of the Member State in respect of its operations in that Member State.
The programme shall include internal quality control provisions describing how compliance with these methods and procedures is to be monitored by the entity itself.
2. Upon request, the security programme of the entity applying aviation security standards shall be submitted to the appropriate authority, which may take further action if appropriate.
Article 15
Commission inspections
1. The Commission, acting in cooperation with the appropriate authority of the Member State concerned, shall conduct inspections, including inspections of airports, operators and entities applying aviation security standards, in order to monitor the application by Member States of this Regulation and, as appropriate, to make recommendations to improve aviation security. For this purpose, the appropriate authority shall inform the Commission in writing of all airports in its territory serving civil aviation other than those covered by Article 4(4).
The procedures for conducting Commission inspections shall be adopted in accordance with the regulatory procedure referred to in Article 19(2).
2. Commission inspections of airports, operators and entities applying aviation security standards shall be unannounced. The Commission shall in good time before an inspection inform the Member State concerned thereof.
3. Each Commission inspection report shall be communicated to the appropriate authority of the Member State concerned, which shall, in its answer, set out the measures taken to remedy any identified deficiencies.
The report, together with the answer of the appropriate authority, shall subsequently be communicated to the appropriate authority of the other Member States.
Article 16
Annual report
Every year the Commission shall present a report to the European Parliament, the Council and the Member States informing them of the application of this Regulation and of its impact on improving aviation security.
Stakeholders’ Advisory Group
Without prejudice to the role of the Committee referred to in Article 19, the Commission shall establish a Stakeholders’ Advisory Group on Aviation Security, composed of European representative organisations engaged in, or directly affected by, aviation security. The role of this group shall be solely to advise the Commission. The Committee referred to in Article 19 shall keep the Stakeholders’ Advisory Group informed during the entire regulatory process.
Article 18
Dissemination of information
As a general rule, the Commission shall publish measures that have a direct impact on passengers. However, the following documents shall be regarded as EU classified information within the meaning of Decision 2001/844/EC, ECSC, Euratom:
- measures and procedures as referred to in Articles 4(3), 4(4), 6(1) and 7(1), if containing sensitive security information;
- the Commission inspection reports and the answers of the appropriate authorities referred to in Article 15(3).
Article 19
Committee procedure
1. The Commission shall be assisted by a Committee.
2. Where reference is made to this paragraph, Articles 5 and 7 of Decision 1999/468/EC shall apply, having regard to the provisions of Article 8 thereof.
The period laid down in Article 5(6) of Decision 1999/468/EC shall be set at one month.
3. Where reference is made to this paragraph, Article 5a(1) to (4) and Article 7 of Decision 1999/468/EC shall apply, having regard to the provisions of Article 8 thereof.
4. Where reference is made to this paragraph, Article 5a(1), (2), (4), and (6) and Article 7 of Decision 1999/468/EC shall apply, having regard to the provisions of Article 8 thereof.
Agreements between the Community and third countries
When appropriate, and in conformity with Community law, agreements recognising that the security standards applied in a third country are equivalent to Community standards could be envisaged in aviation agreements between the Community and a third country in accordance with Article 300 of the Treaty, in order to advance the goal of ‘one-stop security’ for all flights between the European Union and third countries.
Article 21
Penalties
Member States shall lay down the rules on penalties applicable to infringements of the provisions of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties provided for must be effective, proportionate and dissuasive.
Article 22
Commission report on financing
The Commission will report, no later than 31 December 2008, on the principles of the financing of the costs of civil aviation security measures. That report will consider what steps need to be taken in order to ensure that security charges are used exclusively to meet security costs, and to improve the transparency of such charges. The report will also address the principles necessary to safeguard undistorted competition between airports and between air carriers, and the different methods to ensure consumer protection as regards the distribution of the costs of security measures between taxpayers and users. The Commission report will be accompanied, if appropriate, by a legislative proposal.
Repeal
Regulation (EC) No 2320/2002 is hereby repealed.
Article 24
Entry into force
1. This Regulation shall enter into force on the 20th day following its publication in the Official Journal of the European Union.
2. It shall apply as from the date specified in the implementing rules adopted in accordance with the procedures referred to in Article 4(2) and (3), but not later than 24 months after the entry into force of this Regulation.
3. By way of exception to paragraph 2, Articles 4(2), 4(3), 4(4), 8, 11(2), 15(1) second subparagraph, 17, 19 and 22 shall apply from the date of entry into force of this Regulation.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
ANNEX 1
COMMON BASIC STANDARDS FOR SAFEGUARDING CIVIL AVIATION AGAINST ACTS OF UNLAWFUL INTERFERENCE (ARTICLE 4)
1. AIRPORT SECURITY
1.1. Airport planning requirements
1. When designing and constructing new airport facilities or altering existing airport facilities, requirements for the implementation of the common basic standards set out in this Annex and its implementing acts shall be fully taken into account.
2. At airports the following areas shall be established:
- landside;
- airside;
- security restricted areas; and
- critical parts of security restricted areas.
1.2. Access control
1. Access to airside shall be restricted in order to prevent unauthorised persons and vehicles from entering these areas.
2. Access to security restricted areas shall be controlled in order to ensure that no unauthorised persons and vehicles enter these areas.
3. Persons and vehicles may be granted access to airside and security restricted areas only if they fulfil the required security conditions.
4. Persons, including flight crew members, shall have successfully completed a background check before either a crew identification card or an airport identification card authorising unescorted access to security restricted areas is issued to them.
1.3. Screening of persons other than passengers and items carried
1. Persons other than passengers, together with items carried, shall be screened on a continuous random basis upon entering security restricted areas in order to prevent prohibited articles from being introduced into these areas.
2. All persons other than passengers, together with items carried, shall be screened upon entering critical parts of security restricted areas in order to prevent prohibited articles from being introduced into these parts.
1.4. Examination of vehicles
Vehicles entering a security restricted area shall be examined in order to prevent prohibited articles from being introduced into these areas.
1.5. Surveillance, patrols and other physical controls
There shall be surveillance, patrols and other physical controls at airports and, where appropriate, in adjacent areas with public access, in order to identify suspicious behaviour of persons, to identify vulnerabilities which could be exploited to carry out an act of unlawful interference and to deter persons from committing such acts.
2. DEMARCATED AREAS OF AIRPORTS
Aircraft parked in demarcated areas of airports to which alternative measures referred to in Article 4(4) apply, shall be separated from aircraft to which the common basic standards apply in full, in order to ensure that security standards applied to aircraft, passengers, baggage, cargo and mail of the latter are not compromised.
3. AIRCRAFT SECURITY
1. Before departure, an aircraft shall be subjected to an aircraft security check or aircraft security search in order to ensure that no prohibited articles are present on board. An aircraft in transit may be subjected to other appropriate measures.
2. Every aircraft shall be protected from unauthorised interference.
4. PASSENGERS AND CABIN BAGGAGE
4.1. Screening of passengers and cabin baggage
1. All originating, transfer and transit passengers and their cabin baggage shall be screened in order to prevent prohibited articles from being introduced into security restricted areas and on board an aircraft.
2. Transfer passengers and their cabin baggage may be exempted from screening, if:
- they arrive from a Member State, unless the Commission or that Member State has provided information that those passengers and their cabin baggage cannot be considered as having been screened to the common basic standards; or
- they arrive from a third country where the security standards applied are recognised as equivalent to the common basic standards in accordance with the regulatory procedure referred to in Article 19(2).
3. Transit passengers and their cabin baggage may be exempted from screening, if:
- they remain on board the aircraft; or
- they do not mix with screened departing passengers other than those who board the same aircraft; or
- they arrive from a Member State, unless the Commission or that Member State has provided information that those passengers and their cabin baggage cannot be considered as having been screened to the common basic standards; or
- they arrive from a third country where the security standards applied are recognised as equivalent to the common basic standards in accordance with the regulatory procedure referred to in Article 19(2).
4.2. Protection of passengers and cabin baggage
1. Passengers and their cabin baggage shall be protected from unauthorised interference from the point at which they are screened until departure of the aircraft on which they are carried.
2. Screened departing passengers shall not mix with arriving passengers, unless:
- the passengers arrive from a Member State, provided that the Commission or that Member State has not provided information that those arriving passengers and their cabin baggage cannot be considered as having been screened to the common basic standards; or
- the passengers arrive from a third country where the security standards applied are recognised as equivalent to the common basic standards in accordance with the regulatory procedure referred to in Article 19(2).
4.3. Potentially disruptive passengers
Before departure potentially disruptive passengers shall be subjected to appropriate security measures.
5. HOLD BAGGAGE
5.1. Screening of hold baggage
1. All hold baggage shall be screened prior to being loaded onto an aircraft in order to prevent prohibited articles from being introduced into security restricted areas and on board aircraft.
2. Transfer hold baggage may be exempted from screening, if:
- it arrives from a Member State, unless the Commission or that Member State has provided information that this hold baggage cannot be considered as having been screened to the common basic standards; or
- it arrives from a third country where the security standards applied are recognised as equivalent to the common basic standards in accordance with the regulatory procedure referred to in Article 19(2).
3. Transit hold baggage may be exempted from screening if it remains on board the aircraft.
5.2. Protection of hold baggage
Hold baggage to be carried on an aircraft shall be protected from unauthorised interference from the point at which it is screened or accepted into the care of the air carrier, whichever is earlier, until the departure of the aircraft on which it is to be carried.
5.3. Baggage reconciliation
1. Each item of hold baggage shall be identified as accompanied or unaccompanied.
2. Unaccompanied hold baggage shall not be transported, unless that baggage has been either separated due to factors beyond the passenger’s control or subjected to appropriate security controls.
6. CARGO AND MAIL
6.1. Security controls for cargo and mail
1. All cargo and mail shall be subjected to security controls prior to being loaded on an aircraft. An air carrier shall not accept cargo or mail for carriage on an aircraft unless it has applied such controls itself or their application has been confirmed and accounted for by a regulated agent, a known consignor or an account consignor.
2. Transfer cargo and transfer mail may be subjected to alternative security controls to be detailed in an implementing act.
3. Transit cargo and transit mail may be exempted from security controls if it remains on board the aircraft.
6.2. Protection of cargo and mail
1. Cargo and mail to be carried on an aircraft shall be protected from unauthorised interference from the point at which security controls are applied until the departure of the aircraft on which it is to be carried.
2. Cargo and mail that are not adequately protected from unauthorised interference after security controls have been applied shall be screened.
7. AIR CARRIER MAIL AND AIR CARRIER MATERIALS
Air carrier mail and air carrier materials shall be subjected to security controls and thereafter protected until loaded onto the aircraft in order to prevent prohibited articles from being introduced on board an aircraft.
8. IN-FLIGHT SUPPLIES
In-flight supplies, including catering, intended for carriage or use on board an aircraft shall be subjected to security controls and thereafter protected until loaded onto the aircraft in order to prevent prohibited articles from being introduced on board an aircraft.
9. AIRPORT SUPPLIES
Supplies intended to be sold or used in security restricted areas of airports, including supplies for duty-free shops and restaurants, shall be subjected to security controls in order to prevent prohibited articles from being introduced into these areas.
10. IN-FLIGHT SECURITY MEASURES
1. Without prejudice to the applicable aviation safety rules:
- unauthorised persons shall be prevented from entering the flight crew compartment during a flight;
- potentially disruptive passengers shall be subjected to appropriate security measures during a flight.
2. Appropriate security measures such as training of flight crew and cabin staff shall be taken to prevent acts of unlawful interference during a flight.
3. Weapons, with the exception of those carried in the hold, shall not be carried on board an aircraft, unless the required security conditions in accordance with national laws have been fulfilled and authorisation has been given by the states involved.
4. Paragraph 3 shall also apply to in-flight security officers if they carry weapons.
11. STAFF RECRUITMENT AND TRAINING
1. Persons implementing, or responsible for implementing, screening, access control or other security controls shall be recruited, trained and, where appropriate, certified so as to ensure that they are suitable for employment and competent to undertake the duties to which they are assigned.
2. Persons other than passengers requiring access to security restricted areas shall receive security training, before either an airport identification card or crew identification card is issued.
3. Training as mentioned in paragraphs 1 and 2 shall be conducted on initial and recurrent basis.
4. Instructors engaged in the training of the persons mentioned in paragraphs 1 and 2 shall have the necessary qualifications.
12. SECURITY EQUIPMENT
Equipment used for screening, access control and other security controls shall comply with the defined specifications and be capable of performing the security controls concerned.
ANNEX II
Common specifications for the national quality control programme to be implemented by each Member State in the field of civil aviation security
1. DEFINITIONS
1.1. For the purposes of this Annex, the following definitions shall apply:
- ‘ annual traffic volume ’ means the total number of passengers arriving, departing and in transit (counted once);
- ‘ appropriate authority ’ means the national authority designated by a Member State pursuant to Article 9 to be responsible for the coordination and monitoring of the implementation of its national civil aviation security programme;
- ‘ auditor ’ means any person conducting national compliance monitoring activities on behalf of the appropriate authority;
- ‘ certification ’ means a formal evaluation and confirmation by or on behalf of the appropriate authority that a person possesses the necessary competencies to perform the functions of an auditor to an acceptable level as defined by the appropriate authority;
- ‘ compliance monitoring activities ’ means any procedure or process used for assessing the implementation of this Regulation and the national aviation security programme;
- ‘ deficiency ’ means a failure to comply with an aviation security requirement;
- ‘ inspection ’ means an examination of the implementation of security measures and procedures in order to determine whether they are being carried out effectively and to the required standard and to identify any deficiencies;
- ‘ interview ’ means an oral check by an auditor to establish whether specific security measures or procedures are implemented;
- ‘ observation ’ means a visual check by an auditor that a security measure or procedure is implemented;
- ‘ representative sample ’ means a selection made from amongst possible options for monitoring which is sufficient in number and range to provide a basis for general conclusions on implementing standards;
- ‘ security audit ’ means an in-depth examination of security measures and procedures in order to determine if they are being fully implemented on a continual basis;
- ‘ test ’ means a trial of aviation security measures, where the appropriate authority simulates intent to commit an act of unlawful interference for the purpose of examining the effectiveness of the implementation of existing security measures;
- ‘ verification ’ means an action taken by an auditor to establish whether a specific security measure is actually in place;
- ‘ vulnerability ’ means any weakness in the implemented measures and procedures which could be exploited to carry out an act of unlawful interference.
2. POWERS OF THE APPROPRIATE AUTHORITY
2.1. Member States shall provide the appropriate authority with the necessary powers for monitoring and enforcing all requirements of this Regulation and its implementing acts, including the power to impose penalties in accordance with Article 21.
2.2. The appropriate authority shall perform compliance monitoring activities and have the powers necessary to require any identified deficiency to be rectified within set timeframes.
2.3. A graduated and proportionate approach shall be established regarding deficiency correction activities and enforcement measures. This approach shall consist of progressive steps to be followed until correction is achieved, including:
- advice and recommendations;
- formal warning;
- enforcement notice;
- administrative sanctions and legal proceedings.
The appropriate authority may omit one or more of these steps, especially where the deficiency is serious or recurring.
3. OBJECTIVES AND CONTENT OF THE NATIONAL QUALITY CONTROL PROGRAMME
3.1. The objectives of the national quality control programme are to verify that aviation security measures are effectively and properly implemented and to determine the level of compliance with the provisions of this Regulation and the national civil aviation security programme, by means of compliance monitoring activities.
3.2. The national quality control programme shall include the following elements:
- organisational structure, responsibilities and resources;
- job descriptions of, and qualifications required for auditors;
- compliance monitoring activities, including scope of security audits, inspections, tests and, following an actual or potential breach of security, investigations, frequencies for security audits and inspections and also classification of compliance;
- surveys, where there is cause to reassess security needs;
- deficiency correction activities providing details concerning deficiency reporting, follow-up and correction in order to ensure compliance with aviation security requirements;
- enforcement measures and, where appropriate, penalties, as specified in points 2.1 and 2.3 of this Annex;
- reporting of compliance monitoring activities carried out including, where appropriate, information exchange between national bodies on compliance levels;
- monitoring process of the airport, operator and entity internal quality control measures;
- a process to record and analyse the results of the national quality control programme to identify trends and steer future policy development.
4. COMPLIANCE MONITORING
4.1. All airports, operators and other entities with aviation security responsibilities shall be regularly monitored to ensure the swift detection and correction of failures.
4.2. Monitoring shall be undertaken in accordance with the national quality control programme, taking into consideration the threat level, type and nature of the operations, standard of implementation, results of internal quality control of airports, operators and entities and other factors and assessments which will affect the frequency of monitoring.
4.3. Monitoring shall include the implementation and effectiveness of the internal quality control measures of airports, operators and other entities.
4.4. Monitoring at each individual airport shall be made up of a suitable mixture of compliance monitoring activities and provide a comprehensive overview of the implementation of security measures in the field.
4.5. The management, setting of priorities and organisation of the quality control programme shall be undertaken independently from the operational implementation of the measures taken under the national civil aviation security programme.
4.6. Compliance monitoring activities shall include security audits, inspections and tests.
5. METHODOLOGY
5.1. The methodology for conducting monitoring activities shall conform to a standardised approach, which includes tasking, planning, preparation, on-site activity, the classification of findings, the completion of the report and the correction process.
5.2. Compliance monitoring activities shall be based on the systematic gathering of information by means of observations, interviews, examination of documents and verifications.
5.3. Compliance monitoring shall include both announced and unannounced activities.
6. SECURITY AUDITS
6.1. A security audit shall cover:
- all security measures at an airport; or
- all security measures implemented by an individual airport, terminal of an airport, operator or entity; or
- a particular part of the National Civil Aviation Security Programme.
6.2. The methodology for conducting a security audit shall take into consideration the following elements:
- announcement of the security audit and communication of a pre-audit questionnaire, if appropriate;
- preparation phase including examination of the completed pre-audit questionnaire and other relevant documentation;
- entry briefing with airport/operator/entity representatives prior to beginning the monitoring activity on-site;
- on-site activity;
- debriefing and reporting;
- where deficiencies are identified, the correction process and the associated monitoring of that process.
6.3. In order to confirm that security measures are implemented, the conduct of a security audit shall be based on a systematic gathering of information by one or more of the following techniques:
- examination of documents;
- observations;
- interviews;
- verifications.
6.4. Airports with an annual traffic volume of more than 10 million passengers shall be subject to a security audit covering all aviation security standards at least every 4 years. The examination shall include a representative sample of information.
7. INSPECTIONS
7.1. The scope of an inspection shall cover at least one set of directly linked security measures of Annex I to this Regulation and the corresponding implementing acts monitored as a single activity or within a reasonable time frame, not normally exceeding three months. The examination shall include a representative sample of information.
7.2. A set of directly linked security measures is a set of two or more requirements as referred to in Annex I to this Regulation and the corresponding implementing acts which impact on each other so closely that achievement of the objective cannot be adequately assessed unless they are considered together. These sets shall include those listed in Appendix I to this Annex.
7.3. Inspections shall be unannounced. Where the appropriate authority considers that this is not practicable, inspections may be announced. The methodology for conducting an inspection shall take into consideration the following elements:
- preparation phase;
- on-site activity;
- a debrief, depending on the frequency and the results of the monitoring activities;
- reporting/recording;
- correction process and its monitoring.
7.4. In order to confirm that security measures are effective, the conduct of the inspection shall be based on the systematic gathering of information by one or more of the following techniques:
- examination of documents;
- observations;
- interviews;
- verifications.
7.5. At airports with an annual traffic volume of more than 2 million passengers the minimum frequency for inspecting all sets of directly linked security measures set out in chapters 1 to 6 of Annex I to this Regulation shall be at least every 12 months, unless an audit has been carried out at the airport during that time. The frequency for inspecting all security measures covered by chapters 7 to 12 of Annex I shall be determined by the appropriate authority based on a risk assessment.
7.6. Where a Member State has no airport with an annual traffic volume exceeding 2 million passengers, the requirements of point 7.5 shall apply to the airport on its territory with the greatest annual traffic volume.
8. TESTS
8.1. Tests shall be carried out to examine the effectiveness of the implementation of at least the following security measures:
- access control to security restricted areas;
- aircraft protection;
- screening of passengers and cabin baggage;
- screening of staff and items carried;
- protection of hold baggage;
- screening of cargo or mail;
- protection of cargo and mail.
8.2. A test protocol including the methodology shall be developed taking into consideration the legal, safety and operational requirements. The methodology shall address the following elements:
- preparation phase;
- on-site activity;
- a debrief, depending on the frequency and the results of the monitoring activities;
- reporting/recording;
- correction process and the associated monitoring.
9. SURVEYS
9.1. Surveys shall be carried out whenever the appropriate authority recognises a need to re-evaluate operations in order to identify and address any vulnerabilities. Where a vulnerability is identified, the appropriate authority shall require the implementation of protective measures commensurate with the threat.
10. REPORTING
10.1. Compliance monitoring activities shall be reported or recorded in a standardised format which allows for an on-going analysis of trends.
10.2. The following elements shall be included:
- type of activity;
- airport, operator or entity monitored;
- date and time of the activity;
- name of the auditors conducting the activity;
- scope of the activity;
- findings with the corresponding provisions of the National Civil Aviation Security Programme;
- classification of compliance;
- recommendations for remedial actions, where appropriate;
- time frame for correction, where appropriate.
10.3. Where deficiencies are identified, the appropriate authority shall report the relevant findings to the airport, operators or entities subjected to monitoring.
11. COMMON CLASSIFICATION OF COMPLIANCE
11.1. Compliance monitoring activities shall assess the implementation of the national civil aviation security programme using the harmonised classification system of compliance set out in Appendix II.
12. CORRECTION OF DEFICIENCIES
12.1. The correction of identified deficiencies shall be implemented promptly. Where the correction cannot take place promptly, compensatory measures shall be implemented.
12.2. The appropriate authority shall require airports, operators or entities subjected to compliance monitoring activities to submit for agreement an action plan addressing any deficiencies outlined in the reports together with a timeframe for implementation of the remedial actions and to provide confirmation when the correction process has been completed.
13. FOLLOW-UP ACTIVITIES RELATED TO THE VERIFICATION OF THE CORRECTION
13.1. Following confirmation by the airport, operator or entity subjected to monitoring that any required remedial actions have been taken, the appropriate authority shall verify the implementation of the remedial actions.
13.2. Follow-up activities shall use the most relevant monitoring method.
14. AVAILABILITY OF AUDITORS
14.1. Each Member State shall ensure that a sufficient number of auditors are available to the appropriate authority directly or under its supervision for performing all compliance monitoring activities.
15. QUALIFICATION CRITERIA FOR AUDITORS
15.1. Each Member State shall ensure that auditors performing functions on behalf of the appropriate authority:
- are free from any contractual or pecuniary obligation to the airport, operator or entity to be monitored; and
- have the appropriate competencies, which include sufficient theoretical and practical experience in the relevant field.
Auditors shall be subject to certification or equivalent approval by the appropriate authority.
15.2. The auditors shall have the following competencies:
- an understanding of current applicable security measures and how they are applied to the operations being examined including:
- an understanding of security principles,
- an understanding of supervisory tasks,
- an understanding of factors affecting human performance,
(b) a working knowledge of security technologies and techniques;
15.3. Auditors shall undergo recurrent training at a frequency sufficient to ensure that existing competencies are maintained and new competencies are acquired to take account of developments in the field of security.
16. POWERS OF AUDITORS
16.1. Auditors carrying out monitoring activities shall be provided with sufficient authority to obtain the information necessary to carry out their tasks.
16.2. Auditors shall carry a proof of identity authorising compliance monitoring activities on behalf of the appropriate authority and allowing access to all areas required.
16.3. Auditors shall be entitled to:
- obtain immediate access to all relevant areas including aircraft and buildings for monitoring purposes; and
- require the correct implementation or repetition of the security measures.
16.4. As a consequence of the powers conferred on auditors, the appropriate authority shall act in accordance with point 2.3 in the following cases:
- intentional obstruction or impediment of an auditor;
- failure or refusal to supply information requested by an auditor;
- when false or misleading information is supplied to an auditor with intent to deceive; and
- impersonation of an auditor with intent to deceive.
17. BEST PRACTICES
17.1. Member States shall inform the Commission of best practices with regard to quality control programmes, audit methodologies and auditors. The Commission shall share this information with the Member States.
18. REPORTING TO THE COMMISSION
18.1. Member States shall annually submit a report to the Commission on the measures taken to fulfil their obligations under this Regulation and on the aviation security situation at the airports located in their territory. The reference period for the report shall be 1 January – 31 December. The report shall be due three months after completion of the reference period.
18.2. The content of the report shall be in accordance with Appendix III using a template provided by the Commission.
18.3. The Commission shall share the main conclusions drawn from these reports with Member States.
Appendix I
Elements to be included in the set of directly linked security measures
The sets of directly linked security measures as referred to in point 7.1 of Annex II shall include the following elements of Annex I to this Regulation and the corresponding provisions in its implementing acts:
For point 1 - Airport security:
- point 1.1; or
- point 1.2 (except provisions relating to identification cards and vehicle passes); or
- point 1.2 (provisions relating to identification cards); or
- point 1.2 (provisions relating to vehicle passes); or
- point 1.3 and the relevant elements of point 12; or
- point 1.4; or
- point 1.5.
For point 2 - Demarcated areas of airports:
the whole point
For point 3 - Aircraft security:
- point 3.1; or
- point 3.2.
For point 4 - Passengers and cabin baggage:
- point 4.1 and the relevant elements of point 12: or
- point 4.2; or
- point 4.3.
For point 5 - Hold baggage:
- point 5.1 and the relevant elements of point 12; or
- point 5.2; or
- point 5.3.
For point 6 - Cargo and mail:
- all provisions relating to screening and security controls applied by a regulated agent, except as detailed in points (ii) to (v) below; or
- all provisions relating to security controls applied by known consignors; or
- all provisions relating to account consignors; or
- all provisions relating to the transportation of cargo and mail; or
- all provisions relating to the protection of cargo and mail at airports.
For point 7 - Air carrier mail and air carrier materials:
the whole point
For point 8 - In-flight supplies:
the whole point
For point 9 - Airport supplies:
the whole point
For point 10 - In-flight security measures:
the whole point
For point 11- Staff recruitment and training:
- all provisions relating to staff recruitment at airport, air carrier or entity; or
- all provisions relating to staff training at an airport, air carrier or entity.
Appendix II
Harmonised classification system of compliance
The following classification of compliance shall apply to assess the implementation of the national civil aviation security programme.
Security audit | Inspection | Test | |
Fully compliant | |||
Compliant, but improvement desirable | |||
Not compliant | |||
Not compliant, with serious deficiencies | |||
Not applicable | |||
Not confirmed |
Appendix III
CONTENT OF REPORT TO THE COMMISSION
1. Organisational structure, responsibilities and resources
- Structure of the quality control organisation, responsibilities and resources, including planned future amendments (see point 3.2(a)).
- Number of auditors – present and planned (see point 14).
- Training completed by auditors (see point 15.2).
2. Operational monitoring activities
All monitoring activities carried out, specifying:
- type (security audit, initial inspection, follow up inspection, test, other);
- airports, operators and entities monitored;
- scope;
- frequency; and
- total man-days spent in the field.
3. Deficiency correction activities
- Status of the implementation of the deficiency correction activities.
- Main activities undertaken or planned (e.g. new posts created, equipment purchased, construction work) and progress achieved towards correction.
- Enforcement measures used (see point 3.2(f)).
4. General data and trends
- Total national annual passenger and freight traffic and number of aircraft movements.
- List of airports by category.
- Number of air carriers operating from the territory by category (national, EU, third country).
- Number of regulated agents.
- Number of catering companies.
- Number of cleaning companies.
- Approximate number of other entities with aviation security responsibilities (known consignors, ground handling companies).
5. Aviation security situation at airports
General context of the aviation security situation in the Member State.