We assume that only those systems are subject to Certification/Declaration/SoC, where applicable specific Detailed Specifications have been issued. Is this assumption correct?
In fact, systems that require attestation are defined in Articles 4, 5 and 6 of the Delegated Regulation (EU) 2023/1768. All these systems have to fulfil at least the general requirements contained in the detailed specifications. Additionally, systems will have to comply to specific detailed specifications in case they are available.
We assume that Electronic Flight Strips are not subject to certification (EFS does not fall into 3b, as EFS does not provide separation of aircraft or prevention of collision, it is not 3a either, there it must be 3c). Please confirm.
EFS falls in the scope of the ATC equipment that supports ATCO’s in providing separation.
What parts of the system need to be certified/how can we define the equipment/constituent that needs to be certified. E.g. Flight strips System with several servers, operating system and virtualisation, switches, operating position equipment plus some software components. Can the DPO only certify the software, with definition of hardware requirements and the customer (or we) purchases any COTS HW, which fulfills these requirements?
It is a decision of the DPO to set the boundaries of the equipment that they wish to certify/declare.
COTS HW is not automatically excluded because it is COTS. However, if COTS HW is part of the supporting infrastructure, then it may fall out of the product boundaries.
Is the following requirement applicable for all ATM/ANS Equipment in "PART 2 — ATM/ANS equipment subject to certification / Subpart A — Air traffic services: "DS GE.CER.ATS.110 ATS recording ATM/ANS equipment specified in this Subpart is to provide recording and replay capability of technical and operational data, and system status."?
Yes, it is applicable for all in Part 2.
DoV refers to the systems structured according to support of the functions and services provided within the functional system defined by the respective ANSP, while SoC refers to components/equipment. DoV also covers the integration process within ANSP, while a SoC is at the level of today's DSU, DoC. Is this assumption correct?
Not exactly. E.g. point 3 of Annex VIII (Essential requirements) of EASA Basic Regulation also refers to “The systems and procedures shall include in particular those required to support the following functions and services (…)”. Thus, the principle is the same. As regards the integration, it remains as today the ATM/ANS provider’s responsibilities as only the ANSP has the global picture of the complete functional systems and how it will behave or continue to behave after the integration.
The DoV is also documenting the integration of components/devices into the provider's systems within its FS, the new regulatory framework does not cover this integration - the SoC issuing process ends before the device is integrated into the FS, the integration is done as a change to FS. Is this assumption correct?
Yes, the integration should be assessed as part of the change to the functional system.
In Part 3, Subpart C, what about PSR and SMR?
They will be introduced in due course, at further updates, as EASA moves forward. Hopefully, before the transition period expires.
Could you please elaborate a bit more on the Statements of Compliance (SoCs) in case there are no detailed specifications DSs? If there are no DSs, then no SoC is required, right? Otherwise, any single and simple system would need a SoC?
Equipment that falls under Article 6 of Regulation (EU) 2023/1768 is subject to compliance with the DSs in DS-GE.SoC. The attestation of compliance must be made through an SoC.
DSs contain general requirements that must be complied with (Subpart A ‘General’ in DS-GE.SoC), even when there are no lower-level specific requirements in the DSs. Therefore, an SoC is required when the equipment falls under Article 6, even when there are no specific DSs.
From your explanations, we infer that if we need to put into service a system but there are no DSs, then we only need to comply with the GENERAL part of the DSs: Is this interpretation right?
That is correct.
If a detailed specification (DS) does not exist for certain hardware (HW) or software (SW), e.g. the application that provides to air traffic controllers (ATCO) the radar availability chart on the auxiliary display, is it subject to this regulatory package? I would say neither CERT, DECL nor SoC are applicable in this case? Only change management should be applied?
It is not the lack of lower-level specific requirements in a DS that determines if certain equipment is subject to CERT/DECL/SoC, but rather Articles 4, 5, and 6 of Regulation (EU) 2023/1768.
Articles 4, 5 and 6 address what is included at each category. Therefore, equipment supporting air traffic control (ATC) service provision will be subject to compliance with the DSs.
It is important to note that DSs always contain general requirements that must be complied with, even when there are no lower-level specific requirements in the DS.