21.B.430 Initial certification procedure
Regulation (EU) 2022/201
(a) Upon receiving an application for the initial issue of a design organisation approval, the competent authority shall verify the applicant’s compliance with the applicable requirements,
(b) A meeting with the head of the design organisation shall be convened at least once during the investigation for initial certification to ensure that this person understands their role and accountability.
(c) The competent authority shall record all the findings issued, closure actions as well as recommendations for the issue of the design organisation approval.
(d) The competent authority shall confirm to the applicant in writing all the findings raised during the verification. For initial certification, all findings must be corrected to the satisfaction of the competent authority before the design organisation approval can be issued.
(e) When satisfied that the applicant complies with the applicable requirements, the competent authority shall issue the design organisation approval.
(f) The certificate reference number shall be included in the design organisation approval in a manner specified by the Agency.
(g) The certificate shall be issued for an unlimited period of time. The privileges and the scope of the activities that the design organisation is approved to perform, including any limitations as applicable, shall be specified in the terms of approval attached to the design organisation approval.
AMC1 21.B.430 Initial certification procedure
ED Decision 2023/014/R
VERIFICATION OF COMPLIANCE — INITIAL CERTIFICATION AUDITS
(a) In order to verify the organisation’s compliance with the applicable requirements, the investigation by the competent authority should include one or more audit(s) of the organisation, together with interviews of the personnel, typically carried out at the organisation’s facilities.
(b) The competent authority should only conduct such an audit if it is satisfied that the application and supporting documentation are in compliance with the applicable requirements.
(c) The audit(s) should address the following areas:
(1) the organisation’s core processes;
(2) the detailed management structure, notably its adequacy;
(3) the personnel: the adequacy of the number of staff, and of their qualifications and experience with regard to the intended terms of approval and the associated privileges;
(4) the processes used for safety risk management and compliance monitoring (independent monitoring function);
(5) the facilities and their adequacy regarding the organisation’s intended terms of approval including its scope of work; and
(6) the documentation based on which the approval should be granted.
AMC2 21.B.430 Initial certification procedure
ED Decision 2023/014/R
INVESTIGATION TEAM AND PROCEDURES
(a) The competent authority should appoint a design organisation investigation team for each applicant for a DOA. This team is responsible for conducting all the relevant tasks related to the initial certification. The team should consist of a team leader to manage and lead the team and, if needed, one or more team members. The team leader should report to the manager who is responsible for the activities of the competent authority as defined in point 21.B.25(b).
(b) The competent authority should perform sufficient investigation activities for an applicant for a DOA to justify the recommendations for the issuance of the approval.
(c) The competent authority should prepare procedures for the investigation of a design organisation as part of the documented procedures that cover at least the following elements:
(1) evaluation of the application received;
(2) appointment of the investigation team;
(3) preparation and planning of the investigation;
(4) evaluation of the documentation (design organisation handbook, procedures, etc.);
(5) auditing;
(6) follow-up of corrective actions;
(7) recommendation for the issuance of a design organisation approval; and
(8) oversight.
AMC3 21.B.430 Initial certification procedure
ED Decision 2023/014/R
ALTERNATIVE MEANS OF COMPLIANCE
The competent authority should have a procedure for formally recording the proposal, discussion and disposition of alternative means of compliance (deviations from existing AMC). This procedure is necessary to record satisfaction by the competent authority that the use of alternative means provides for compliance with the applicable requirements. The alternative means of compliance should only be allowed to be used by the organisation once agreement has been found with the competent authority. For those alternative means of compliance where previously no formal satisfaction was recorded, a pragmatic approach should be followed on both organisation and competent authority side as to the need to formally record acceptance of such an alternative means of compliance.
Note: EASA Management Board Decisions 03‑2004 (Section 2, Article 2, Paragraph 2) and 12‑2007 (Section 2, Article 3, Paragraph 2) already required a formal process on the handling of deviations from AMC.
AMC1 21.B.430(a) Initial certification procedure
ED Decision 2023/014/R
INVESTIGATION TEAM SELECTION
(a) Team leader selection
The team leader should satisfy all of the criteria for a team member and will be selected by considering the following additional criteria:
(1) the capability to lead and manage a team;
(2) the capability to prepare reports and be diplomatic;
(3) experience in investigations (not necessarily only Part 21 Section A, Subpart J); and
(4) a knowledge of design management systems.
(b) Team member selection
The competent authority should determine the size of the team and the specialisations to be covered, taking into account the scope of work and the characteristics of the applicant. Team members should be selected by considering the following criteria:
(1) training for Part 21;
(2) education and experience, to cover the appropriate aviation knowledge, investigation practices; and
(3) the ability to verify that an applicant’s organisation conforms to its own procedures, and that its key personnel are competent.
AMC1 21.B.430(e) Initial certification procedure
ED Decision 2023/014/R
ISSUE OF THE CERTIFICATE
(a) The competent authority should base its decision to issue a DOA on the recommendation in the DOA investigation report submitted by the DOA team leader. The report includes a proposal by the DOA team for the certificate and terms of approval that define the products, technical scope and privileges for which the approval is to be granted, with appropriate limitations.
(b) When the competent authority issues the approval, a final controlled copy of an acceptable handbook for the organisation should be supplied to the competent authority. Alternatively, when no physical handbook exists, the organisation should provide access to equivalent data.
(c) In some cases, it may be acceptable for some actions to not be fully closed because work is still in progress. The competent authority may decide according to the following principles:
(1) Actions may not represent a non-compliance with the rule. Such non-compliances should be findings and need to be resolved before the approval can be issued.
(2) Actions still to be taken by the organisation which do not prevent the design organisation from working properly in the period when the action is open, can remain open at the time of the approval when an action plan, including timescales, is found to be acceptable.
(3) Recommendations only need acknowledgement of receipt by the organisation at the time of the approval.
Regulation (EU) 2022/201
The competent authority shall verify whether certified organisations continue to comply with the applicable requirements
(a) The verification shall:
1. be supported by documentation specifically intended to provide personnel responsible for oversight with guidance to perform their functions;
2. provide the organisations concerned with the results of oversight activities;
3. be based on assessments, audits, inspections and, if needed, unannounced inspections;
4. provide the competent authority with the evidence needed in case further action is required, including the measures provided for in point 21.B.433.
(b) The competent authority shall establish the scope of the oversight set out in point (a) taking into account the results of past oversight activities and the safety priorities.
(c) The competent authority shall collect and process any information deemed necessary for performing oversight activities.
(d) For the certification and oversight of the organisation’s compliance with point 21.A.239A, in addition to complying with points (a) to (c), the competent authority shall comply with the following principles:
(1) the competent authority shall review the interfaces and associated risks identified in accordance with point IS.D.OR.205(b) of the Annex (Part‑IS.D.OR) to Delegated Regulation (EU) 2022/1645 by each organisation subject to its oversight;
(2) if discrepancies are found in the mutual interfaces and associated risks identified by different organisations, the competent authority shall review them with the affected organisations and, if necessary, raise appropriate findings to ensure the implementation of corrective actions;
(3) where the documentation reviewed under point (2) reveals the existence of significant risks associated with interfaces with organisations subject to the oversight of a different competent authority within the same Member State, this information shall be communicated to the corresponding competent authority.
[point (d) is applicable from 22 February 2026 – Regulation (EU) 2023/203]
AMC1 21.B.431 Oversight principles
ED Decision 2023/014/R
OVERSIGHT TEAM AND PROCEDURES
(d) The competent authority should appoint a design organisation oversight team for each holder of a DOA. This team is responsible for conducting all the relevant tasks related to the oversight. The team should consist of a team leader to manage and lead the team and, if needed, one or more team members. The team leader should report to the manager who is responsible for the activities of the competent authority as defined in point 21.B.25(b).
(e) The competent authority should perform sufficient oversight activities for a holder of a DOA to justify the recommendations for the maintenance, amendment, limitation, suspension or revocation of the approval.
(f) The competent authority should prepare procedures for the oversight of a design organisation as part of the documented procedures that cover at least the following elements:
(1) appointment of the investigation team;
(2) review of results of past oversight activities;
(3) preparation and planning of the investigation;
(4) evaluation of the documentation (design organisation handbook, procedures, etc.);
(5) auditing;
(6) follow-up of corrective actions;
(7) recommendation for the amendment, limitation, suspension or revocation of a design organisation approval; and
(8) continued surveillance.
AMC2 21.B.431 Oversight principles
ED Decision 2023/014/R
OVERSIGHT TEAM SELECTION
(c) Team leader selection
The team leader should satisfy all of the criteria for a team member and will be selected by considering the following additional criteria:
(5) the capability to lead and manage a team;
(6) the capability to prepare reports and be diplomatic;
(7) experience in oversight (not necessarily only Part 21 Section A, Subpart J); and
(8) a knowledge of design management systems.
(d) Team member selection
The competent authority should determine the size of the team and the specialisations to be covered, taking into account the scope of work and the characteristics of the applicant. Team members should be selected by considering the following criteria:
(4) training for Part 21;
(5) education and experience, to cover the appropriate aviation knowledge, investigation practices; and
(6) the ability to verify that an applicant’s organisation conforms to its own procedures, and that its key personnel are competent.
AMC3 21.B.431 Oversight principles
ED Decision 2023/014/R
MANAGEMENT SYSTEM ASSESSMENT
(a) As a result of the oversight, the competent authority should be satisfied as to the effectiveness of the organisation’s management system and processes.
(b) When significant changes take place in the organisation, the competent authority should determine whether there is a need to review the existing assessment to ensure that it is still valid.
AMC4 21.B.431 Oversight principles
ED Decision 2023/014/R
ALTERNATIVE MEANS OF COMPLIANCE
The competent authority should have a procedure for formally recording the proposal, discussion and disposition of alternative means of compliance (deviations from existing AMC). This procedure is necessary to record satisfaction by the competent authority that the use of alternative means provides for compliance with the applicable requirements. The alternative means of compliance should only be allowed to be used by the organisation once agreement has been found with the competent authority. For those alternative means of compliance where previously no formal satisfaction was recorded, a pragmatic approach should be followed on both organisation and competent authority side as to the need to formally record acceptance of such an alternative means of compliance.
Note: EASA Management Board Decisions 03‑2004 (Section 2, Article 2, Paragraph 2) and 12‑2007 (Section 2, Article 3, Paragraph 2) already required a formal process on the handling of deviations from AMC.
Regulation (EU) 2022/201
(a) The competent authority shall establish and maintain an oversight programme covering the oversight activities required to comply with point 21.B.431(a).
(b) The oversight programme shall take into account the specific nature of the organisation, the complexity of its activities, the results of past certification or oversight activities, or both, and it shall be based on the assessment of the associated risks. It shall include, within each oversight planning cycle:
1. assessments, audits and inspections, including, where appropriate:
(i) management system assessments and process audits;
(ii) product audits of a relevant sample of the design and certification of the products, parts and appliances that are within the scope of work of the organisation;
(iii) sampling of the work performed;
(iv) unannounced inspections;
2. meetings convened between the head of the design organisation and the competent authority to ensure that both parties remain informed of all significant issues.
(c) The oversight planning cycle shall not exceed 24 months.
(d) Notwithstanding point (c), the oversight planning cycle may be extended to 36 months if the competent authority has established that during the previous 24 months:
1. the organisation has demonstrated that it can effectively identify aviation safety hazards and manage the associated risks;
2. the organisation has continuously demonstrated compliance with point 21.A.247 and has full control over all changes to the design management system;
3. no level 1 findings have been issued;
4. all corrective actions have been implemented within the time period that was accepted or extended by the competent authority as provided for in point 21.B.433(d).
Notwithstanding point (c), the oversight planning cycle may be further extended to a maximum of 48 months if, in addition to the conditions laid down in points (d)(1) to (d)(4), the organisation has established, and the competent authority has approved, an effective continuous system for reporting to the competent authority on the safety performance and regulatory compliance of the organisation itself.
(e) The oversight planning cycle may be reduced if there is evidence that the safety performance of the organisation has decreased.
(f) The oversight programme shall include records of the dates when assessments, audits, inspections and meetings are due, and when assessments, audits, inspections and meetings have been effectively carried out.
(g) At the completion of each oversight planning cycle, the competent authority shall issue a recommendation report on the continuation of the approval, reflecting the results of the oversight.
AMC1 21.B.432 Oversight programme
ED Decision 2023/014/R
ANNUAL REVIEW
(a) The oversight planning cycle and the related oversight programme for each organisation should be reviewed annually to ensure that they remain adequate regarding any changes in the nature of the organisation, the complexity of its activities or the safety performance of the organisation.
(b) When reviewing the oversight planning cycle and the related oversight programme, the competent authority should also consider any relevant information collected in accordance with point 21.B.431(c).
AMC1 21.B.432(a) and (b) Oversight programme
ED Decision 2023/014/R
OVERSIGHT PLANNING
(a) When defining the oversight programme, the competent authority should assess the risks related to the activity and set-up of each organisation, and adapt the oversight to the level of risk identified and to the effectiveness of the organisation’s management system, in particular its ability to effectively manage safety risks.
(b) The competent authority should establish a schedule of assessments, audits and inspections that is appropriate to each organisation. The planning of assessments, audits and inspections should take into account the results of the hazard identification and the risk assessment conducted and maintained by the organisation as part of the organisation’s management system.
AMC1 21.B.432(b) Oversight programme
ED Decision 2023/014/R
SPECIFIC NATURE OF THE ORGANISATION AND COMPLEXITY OF ITS ACTIVITIES — RESULTS OF PAST OVERSIGHT ACTIVITIES
When determining the oversight programme, including a relevant sample of design activities under the scope of the organisation as product audits, the competent authority should consider in particular the following elements, as applicable:
(a) the effectiveness of the organisation’s management system in identifying and addressing non‑compliances and safety hazards;
(b) the implementation by the organisation of any industry standards that are directly relevant to the organisation’s activity subject to Part 21;
(c) the procedure for the management and the scope of non-significant changes;
(d) the number of locations and the activities performed at each location;
(e) the number and scope of subcontractors that perform design activities; and
(f) the overall volume of activity and, as applicable, per specific product.
AMC2 21.B.432(b) Oversight programme
ED Decision 2023/014/R
SUBCONTRACTED ACTIVITIES
If a design organisation subcontracts design activities, the competent authority should determine whether the subcontracted organisations need to be audited and include this in the oversight programme, taking into account the specific nature and complexity of the subcontracted activities, the results of previous oversight activities of the design organisation, and assessment of the associated risks.
For such an audit, the competent authority inspectors should ensure that they are accompanied throughout the audit by a representative of the design organisation.
NOTE: If a design organisation subcontracts design activities, the competent authority should verify that the design organisation has sufficient control over the subcontracted activities and manages the related risks.
AMC1 21.B.432(b)(1) Oversight programme
ED Decision 2023/014/R
ASSESSMENTS, AUDITS AND INSPECTIONS
(a) The oversight programme should indicate which aspects of the approval will be covered by each assessment, audit or inspection.
(b) Audits may be complemented by a review of the independent monitoring function results related to the topic of the audit.
(c) At the conclusion of the assessment, audit, or inspection, the DOA team should complete a report that identifies the areas and processes that were covered and includes all the findings and observations that were raised.
AMC2 21.B.432(c) Oversight programme
ED Decision 2023/014/R
OVERSIGHT PLANNING CYCLE — AUDIT
(a) The beginning of the first oversight planning cycle is determined by the date of issue of the first approval.
(b) The oversight planning should include at least one on-site audit within each oversight planning cycle. For organisations that carry out their regular activities at more than one site, the determination of the sites to be audited should consider the results of past oversight activities and the volume of activity at each site, as well as the main risk areas identified.
AMC1 21.B.432(d) and (e) Oversight programme
ED Decision 2023/014/R
EXTENSION OF THE OVERSIGHT PLANNING CYCLE BEYOND 24 MONTHS
(a) When at the time before applicability of Commission Delegated Regulation (EU) 2022/201 the oversight planning cycle was determined to be 36 months, the oversight planning cycle can continue to be 36 months unless the criteria of point (b) would apply.
(b) If the results of the oversight activities indicate an overall decrease in the safety performance or regulatory compliance of the organisation, the competent authority should consider reverting back to a 24‑month oversight planning cycle or adapt the oversight planning accordingly.
(c) In order to be able to apply an oversight planning cycle beyond 36 months, the competent authority should agree on the format and contents of regular reporting to be made by the organisation on its safety performance and regulatory compliance.
21.B.433 Findings and corrective actions; observations
Regulation (EU) 2022/201
(a) The competent authority shall have a system in place to analyse findings for their safety significance.
(b) A level 1 finding shall be issued by the competent authority when a non-compliance is detected with the applicable requirements of Regulation (EU) 2018/1139 and its delegated and implementing acts, with the organisation’s procedures and manuals, or with the design organisation’s certificate including the terms of approval, which may lead to uncontrolled non-compliances and to a potential unsafe condition.
The level 1 findings shall also include:
1. any failure to grant the competent authority access to the organisation’s facilities referred to in point 21.A.9 during normal operating hours and after two written requests;
2. obtaining the design organisation approval or maintaining its validity by falsification of the submitted documentary evidence;
3. any evidence of malpractice or fraudulent use of the design organisation approval;
4. failure to appoint a head of the design organisation pursuant to point 21.A.245(a).
(c) A level 2 finding shall be issued by the competent authority when any non-compliance is detected with the applicable requirements of Regulation (EU) 2018/1139 and its delegated and implementing acts, with the organisation’s procedures and manuals, or with the certificate including the terms of approval, which is not classified as a level 1 finding.
(d) When a finding is detected during oversight or by any other means, the competent authority shall, without prejudice to any additional action required by Regulation (EU) 2018/1139 and its delegated and implementing acts, communicate in writing the finding to the organisation and request corrective action to address the non- compliance(s) identified. Where a level 1 finding directly relates to a product, the competent authority shall inform the competent authority of the Member State in which the aircraft is registered.
1. If there are any level 1 findings, the competent authority shall:
(i) grant the organisation a corrective action implementation period that is appropriate to the nature of the finding and that in any case shall not be more than 21 working days. That period shall commence from the date of the written communication of the finding to the organisation requesting corrective action to address the non-compliance(s) identified;
(ii) assess the corrective action plan and implementation plan proposed by the organisation, and if it concludes that they are sufficient to address the non-compliance(s), accept them;
(iii) if the organisation fails to submit an acceptable corrective action plan, or fails to perform the corrective action within the time period accepted by the competent authority, take immediate and appropriate action to prohibit or limit the activities of the organisation involved and, if appropriate, take action to revoke the design organisation approval or to limit or suspend it in whole or in part, depending upon the extent of the level 1 finding, until successful corrective action has been taken by the organisation.
2. If there are any level 2 findings, the competent authority shall:
(i) grant the organisation a corrective action implementation period that is appropriate to the nature of the finding, and that in any case shall initially not be more than 3 months. That period shall commence from the date of the written communication of the finding requesting corrective action. At the end of this period, and subject to the nature of the finding, the competent authority may extend the 3‑month period provided that a corrective action plan has been agreed by the competent authority;
(ii) assess the corrective action and the implementation plan proposed by the organisation, and if it concludes that they are sufficient to address the non-compliance(s), accept them;
(iii) if the organisation fails to submit an acceptable corrective action plan, or fails to perform the corrective action within the time period accepted or extended by the competent authority, the finding shall be raised to level 1 and action shall be taken as laid down in point (d)(1).
(e) The competent authority may issue observations for any of the following cases not requiring level 1 or level 2 findings:
1. for any item whose performance has been assessed to be ineffective;
2. when it has been identified that an item has the potential to cause a non-compliance under points (b) or (c);
3. when suggestions or improvements are of interest for the overall safety performance of the organisation.
The observations issued under this point shall be communicated in writing to the organisation and recorded by the competent authority.
GM1 21.B.433(b) Findings and corrective actions; observations
ED Decision 2023/014/R
EVIDENCE
A finding can only be raised on the basis of evidence.
Evidence is a fact that is, or can be, documented based on observations, measurements, or tests that can be verified. Evidence generally comes from the following:
(a) documents or manuals;
(b) examination of equipment/products; and
(c) information from interview questions and from observations of an organisation’s activities, as applicable.
AMC1 21.B.433(d) Findings and corrective actions ; observations
ED Decision 2023/014/R
NOTIFICATION OF FINDINGS
(a) Findings should be notified to the design organisation through:
(1) the debrief at the end of an audit (only when no further internal review is necessary); or
(2) the audit report; or
(3) a separate communication.
(b) The finding notification should be supplemented by a record in which all relevant data to the finding are specified, such as notification date, identification of evidence, the corrective action implementation period, and the relevant Part 21 requirement(s).
(c) Level 1 findings should only be notified to the design organisation after an internal review by the competent authority, to make sure that the prerequisites for such a finding are fulfilled. Confirmation should be obtained in a timely manner that the head of the design organisation has taken note of the level 1 finding and its details.
(d) A finding requires effective oversight by the competent authority to monitor the timely completion of the corrective action.
GM1 21.B.433(e) Findings and corrective actions; observations
ED Decision 2023/014/R
DIFFERENTIATION BETWEEN A ‘LEVEL 2 FINDING’ AND AN ‘OBSERVATION’
‘Findings’ are issued for non-compliance with the Regulation, with the organisation’s procedures and manuals, or with the certificate including the terms of approval, whereas ‘observations’ may be issued to an organisation that remains compliant with the Regulation while additional input to the organisation could be considered for continuous improvement (see points (1), (2) and (3) of point 21.B.433(e)).
The competent authority may decide to issue a level 2 finding when the observations process is not managed correctly or overlooked (see point 21.A.258(c)).
21.B.435 Changes in the design management system
Regulation (EU) 2022/201
(a) Upon receiving an application for a significant change to the design management system, the competent authority shall verify the organisation’s compliance with the applicable requirements of Regulation (EU) 2018/1139 and its delegated and implementing acts, before issuing the approval.
(b) The competent authority shall establish the conditions under which the organisation may operate during the change unless the competent authority determines that the design organisation approval needs to be suspended.
(c) When it is satisfied that the organisation complies with the applicable requirements of Regulation (EU) 2018/1139 and its delegated and implementing acts, the competent authority shall approve the change.
(d) Without prejudice to any additional enforcement measures, if the organisation implements a significant change to the design management system without having received the approval of the competent authority pursuant to point (c), the competent authority shall consider the need to suspend, limit or revoke the organisation’s certificate.
(e) For non-significant changes to the design management system, the competent authority shall include the review of such changes in its continuing oversight in accordance with the principles set forth in point 21.B.431. If any non-compliance is found, the competent authority shall notify the organisation, request further changes and act in accordance with point 21.B.433.
AMC1 21.B.435 Changes in the design management system
ED Decision 2023/014/R
APPLICATION FOR SIGNIFICANT CHANGES OR CHANGE OF TERMS OF APPROVAL OF THE DOA
(a) The competent authority should review any changes in the personnel specified in points 21.A.245 (a) and (b).
(b) When an organisation submits the application for a significant change for any of the personnel positions specified in points 21.A.245 (a) and (b), the competent authority should require the organisation to produce a résumé of the proposed person. The competent authority may interview the nominee or request additional evidence of their suitability before deciding upon the nominee being acceptable.
(c) For changes requiring prior approval, in order to verify the organisation’s compliance with the applicable requirements, the competent authority should determine the necessary activities to verify continued compliance of the organisation, limited to the extent of the changes, and determine whether the organisation needs to provide a safety risk assessment.
(d) If required for verification, the activities may include interviews and inspections carried out at the organisation’s facilities.
AMC2 21.B.435 Changes in the design management system
ED Decision 2023/014/R
ALTERNATIVE MEANS OF COMPLIANCE
The competent authority should have a procedure for formally recording the proposal, discussion and disposition of alternative means of compliance (deviations from existing AMC). This procedure is necessary to record satisfaction by the competent authority that the use of alternative means provides for compliance with the applicable requirements. The alternative means of compliance should only be allowed to be used by the organisation once agreement has been found with the competent authority. For those alternative means of compliance where previously no formal satisfaction was recorded, a pragmatic approach should be followed on both organisation and competent authority side as to the need to formally record acceptance of such an alternative means of compliance.
Note: EASA Management Board Decisions 03‑2004 (Section 2, Article 2, Paragraph 2) and 12‑2007 (Section 2, Article 3, Paragraph 2) already required a formal process on the handling of deviations from AMC.
21.B.435A Changes to the information security management system
Regulation (EU) 2023/203
(a) For changes managed and notified to the competent authority in accordance with the procedure set out in point IS.D.OR.255(a) of the Annex (Part‑IS.D.OR) to Delegated Regulation (EU) 2022/1645, the competent authority shall include the review of such changes in its continuing oversight in accordance with the principles laid down in point 21.B.431. If any non-compliance is found, the competent authority shall notify the organisation thereof, request further changes and act in accordance with point 21.B.433.
(b) For other changes requiring an application for approval in accordance with point IS.D.OR.255(b) of the Annex (Part‑IS.D.OR) to Delegated Regulation (EU) 2022/1645:
(1) upon receiving the application for the change, the competent authority shall check the organisation’s compliance with the applicable requirements before issuing the approval;
(2) the competent authority shall establish the conditions under which the organisation may operate during the implementation of the change;
(3) if it is satisfied that the organisation complies with the applicable requirements, the competent authority shall approve the change.
[applicable from 22 February 2026 – Regulation (EU) 2023/203]
SUBPART K — PARTS AND APPLIANCES
Administrative procedures established by the Agency shall apply