Continuing airworthiness - General

In accordance with point 2(b) in Article 77 of the Basic Regulation (i.e. Regulation (EU) 2018/1139 on common rules in the field of civil aviation and establishing a European Union Aviation Safety Agency), EASA is responsible for the organisations whose principal place of business is outside the territories for which the EASA Member States are responsible under the Chicago Convention.
For more information, see the website Continuing-airworthiness-organisations, where the lists of organisations managed by the Agency are available.

This webpage also includes the lists of the Part-145 maintenance organisations managed on the basis of the Bilateral Aviation Safety Agreements (BASAs) with Brazil, Canada and USA.

In all other cases, and in the absence of the implementation of Articles 64 or 65 of the Basic Regulation, the organisation is managed by the national competent authority of the EASA Member State in whose territory the principal place of business of the organisation is located.
Therefore, information request (including on the application process) about those organisations should be directed to the EASA Member State national competent authorities.
You may contact them using information available on https://www.easa.europa.eu/the-agency/member-states, or consult their public websites, when they accepted, on a voluntary basis, to publish the lists of the organisations they manage.

The continuing airworthiness organisations concerned are the following:

• Part-145 (Annex II) maintenance organisations
• Part-147 (Annex IV) maintenance training organisations
• Continuing airworthiness management organisations: Part-M Subpart G until 24 September 2021 and Part-CAMO (Annex Vc) from 24 March 2020
• Part-M Subpart F maintenance organisations until 24 September 2021
• From 24 March 2020, Part-CAO (Annex Vd) combined airworthiness organisations.

The European Implementing Rules for continuing airworthiness (EU) 1321/2014 do apply to third-country registered aircraft if:

• The regulatory safety oversight of such aircraft has been delegated to one of the Member States (*), in which case Part-M (Annex I) or Part-ML (Annex Vb) applies [see Article 3(1) of Regulation (EU) No 1321/2014] or
• The aircraft is dry leased-in by an EU licenced air carrier, in which case Part-T (Annex Va) is applicable [see Article 3(6) of Regulation (EU) No 1321/2014].

When third-country registered aircraft are not captured by above-mentioned cases, it is advised to go back to the foundation of the EASA system, namely the Basic Regulation (BR), i.e. Regulation (EU) 2018/1139.

Reference should be made to Annex V (Essential requirements for air operations) in accordance with Article 29 for the aircraft described in Article 2(1)(b)(ii) (aircraft registered in a third country and operated by an aircraft operator established, residing or with a principal place of business in the territory to which the Treaties apply). Point 6 in Annex V of the BR describes air operations requirements related to continuing airworthiness, such as the requirement for release to service, pre-flight inspection, maintenance programme, records, … Being part of an Annex relevant to air operations, these requirements have to be overseen by the competent authority of the state of the operator.

Furthermore, as required by point 8 of Annex V of the BR, for commercial air transport and other operations subject to a certification or declaration requirement performed with aeroplanes, helicopters or tilt rotor aircraft, the continuing airworthiness management and maintenance tasks shall be controlled by an organisation, whose obligations (such as establishment of a management system) are referred to in points 8.8 and 8.9 of Annex V.

(*) – The transfer of a state’s oversight responsibility is addressed in Article 83bis bis of Chicago Convention. 

Objective of this document:
This document provides technical guidance on the use of remote information and communication technology (ICT) to support:

• the competent authorities when performing the oversight of regulated organisations and
• the industry when conducting internal audits / monitoring compliance of the organisation with the relevant requirement and when performing evaluation of suppliers and subcontractors.

It is the responsibility of the competent authority to assess whether the use of remote ICT constitutes a suitable alternative to the physical presence of the auditor on-site in accordance with the applicable requirements. 

In the context of this document, “remote audit” is understood as an audit performed with the use of any real-time video and audio communication tools in replacement of the physical presence of the auditor on-site. Specificities of each type of approval / letter of agreement need to be considered in addition to the below general overview when applying the “remote audit” concept.

1. Conduct of remote audit by a Competent Authority

Competent authorities who decide to use remote audit should describe the remote audit process in their documented procedures and should consider at least the following elements:

• Methodology for the use of ICT is sufficiently flexible and non-prescriptive in nature to optimise the conventional audit process. 
• Adequate controls are defined and in place to avoid abuses that could compromise the integrity of the audit process.
• Measures to ensure that security and confidentiality are maintained throughout the audit activities (data protection and intellectual property of the organisations also need to be safeguarded).

Examples of use of ICT during audits may include but are not limited to:

• meetings, by means of teleconference facilities, including audio, video and data sharing;
• assessment of documents and records by means of remote access, in real-time;
• recording, in real-time during the process, of evidence to document the results of the audit (non-/conformities) by means of exchange of emails or documents, instant pictures, video or/and audio recordings;
• visual (livestream video) and audio access to facilities, stores, equipment, tools, processes, operations, etc. 

An agreement between the competent authority and the organisation should be established when planning a remote audit which should include: 

• determining the platform for hosting the audit (e.g. Go-To-Meeting, WebEx, Microsoft Lync, Microsoft TEAMS, etc.);
• granting security and/or profile access to the auditor;
• testing platform compatibility between the competent authority and organisation prior to the audit;
• considering the use of web-cams, cameras, drones, etc. when physical evaluation of an event (product, part, process, etc.) is desired or necessary;
• establishing an audit plan which will identify how ICT will be used and the extent of its use for the audit purposes to optimise its effectiveness and efficiency while maintaining the integrity of the audit process;
• if necessary, time zone acknowledgement and management to coordinate reasonable and mutually agreeable convening times;
• a written statement of the organisation that they ensure full cooperation and provision of the actual and valid data as requested, including ensuring any supplier or subcontractor cooperation, if needed; and
• data protection aspects.

The following elements of the equipment and setup should be considered:

• the suitability of video resolution, fidelity, and field of view for the verification being conducted;
• the need for multiple cameras, imaging systems, or microphones and whether the person performing the verification can switch between them, or direct them to be switched and has the possibility to stop the process, ask a question, move equipment, etc.;
• the controllability of viewing direction, zoom, and lighting;
• the appropriateness of audio fidelity for the evaluation being conducted; and
• real-time and uninterrupted communication between the person(s) participating to the remote audit from both locations.

When using ICT, the competent authority and other involved persons (e.g. drone pilots, technical experts) should have the competency and ability to understand and utilize the ICT tools employed to achieve the desired results of audit(s)/assessment(s). The competent authority should also be aware of the risks and opportunities of the ICT used and the impacts that they may have on the validity and objectivity of the information gathered. 

Audit reports and related records should indicate the extent to which ICT has been used in carrying out remote audit and the effectiveness of ICT in achieving the audit objectives, including any item that was not able to be completely reviewed.

2. Internal Audits performed by approved organisation and evaluation of its suppliers and subcontractors

The considerations described in paragraph 1 may also be applied by approved organisations when conducting internal audits / monitoring compliance of the organisation with the relevant requirements and when performing evaluation of suppliers and subcontractors. The application of “remote audit” concept should be described in a documented procedure accepted / approved by the Competent Authority.

* DOA: Design Organisation Approval; LoA/POA: Letters of Approval/Production Organisation Approval; AMO: Maintenance Organisation Approval; CAMO: Continuing Airworthiness Management Organisations Approval; CAO: Combined Airworthiness Organisation Approval; and AMTO: Maintenance Training Organisation Approval

The provisions for a Pilot-Owner or Flight Crew to accomplish AD actions are to be found in Commission Regulation (EU) No 1321/2014 on the continuing airworthiness of aircraft and aeronautical products, parts and appliances, and on the approval of organisations and personnel involved in these tasks, Annex I (Part-M), Annex II (Part-145), Annex Vb (Part-ML) & Annex Vd (Part-CAO).

For AD tasks carried out by Flight Crew:

• IF INDICATED IN THE AD (*- see Note), THE FOLLOWING APPLIES:
  145.A.30(j)3 or M.A.606(h)1 Personnel requirements, or CAO.A.040(c)(1) Certifying staff.

For a repetitive pre-flight task, where the AD specifically states that the flight crew may carry out such task, the organisation (Part-145, Part-M Subpart F or Part-CAO maintenance organisation) may issue a limited certifying staff authorisation to the pilot-in command/aircraft commander on the basis of the flight crew licence held, provided that the organisation ensures that sufficient practical training has been carried out to ensure that such person can accomplish the AD task to the required standard. A repetitive pre-flight task in an AD does not mean that the task needs to be certified prior to each flight. At AD issuance EASA will determine that the task is simple enough and does not require complex tools nor complex instructions, which allows the Maintenance Organisation to authorise the person.

• IF NOT INDICATED IN THE AD, THE FOLLOWING APPLIES:
  145.A.30(j)4 or M.A.606(h)2 Personnel requirements, or CAO.A040(c)(2) Certifying staff.

In the case of aircraft operating away from a supported location the organisation may issue a limited certification authorisation to the pilot-in command/aircraft commander on the basis of the flight crew licence held, provided that the organisation ensures that sufficient practical training has been carried out to ensure that such person can accomplish the specified AD task to the required standard. The organisation’s manual shall include specific procedures for such authorisations, and in addition the task must be simple maintenance.

For AD actions performed by Pilot-Owner for aircraft subject to Part-M:

M.A.803 Pilot-owner authorisation

• This is only applicable for other than complex motor-powered aircraft of 2 730 kg MTOM and below, which are not used commercially;
• The accomplishment of an AD task by the Pilot-Owner is permitted only in the case where it is specifically allowed in the AD (* - see Note); and
• Furthermore, it is only permitted to the Pilot-Owner under the conditions of M.A.803 (a) and (b) (limited Pilot-owner maintenance (Appendix VIII to Part-M)).

For AD actions performed by Pilot-Owner for aircraft subject to Part-ML:

ML.A.803 Pilot-owner authorisation

• This is only applicable to aircraft not operated commercially, to balloons not operated under Subpart-ADD of Regulation (EU) 2018/395 or to sailplanes not operated under Subpart DEC of Regulation (EU) 2018/1976;
• The accomplishment of an AD task by the Pilot-Owner is permitted only in the case where it is specifically allowed in the AD (* - see Note); and
• Furthermore, it is only permitted to the Pilot-Owner under the conditions of ML.A.803 (a) and (b) (limited Pilot-owner maintenance (Appendix II to Part-ML)).

* Note: For ADs issued by EASA, when the flight crew / pilot-owner is entitled to carry out the AD task(s) subject to the applicable requirements, the AD will contain a text similar to the following:

The action(s) required by paragraph (x) of this AD may be accomplished, as appropriate: either by suitably authorised flight crew under the provisions of Commission Regulation (EU) No 1321/2014 145.A.30(j)3, M.A.606(h)1, or CAO.A.040(c)(1), as applicable; or by the pilot-owner under the provisions of M.A.803 or ML.A.803, as applicable, of the same regulation.

In respect of aircraft not subject to (EU) No 1321/2014, the State of Registry should consider if the national regulations allow the action(s) to be accomplished by the flight crew or pilot owner.