We assume that only those systems are subject to Certification/Declaration/SoC, where applicable specific Detailed Specifications have been issued. Is this assumption correct?
In fact, systems that require attestation are defined in Articles 4, 5 and 6 of the Delegated Regulation (EU) 2023/1768. All these systems have to fulfil at least the general requirements contained in the detailed specifications. Additionally, systems will have to comply to specific detailed specifications in case they are available.
We assume that Electronic Flight Strips are not subject to certification (EFS does not fall into 3b, as EFS does not provide separation of aircraft or prevention of collision, it is not 3a either, there it must be 3c). Please confirm.
EFS falls in the scope of the ATC equipment that supports ATCO’s in providing separation.
What parts of the system need to be certified/how can we define the equipment/constituent that needs to be certified. E.g. Flight strips System with several servers, operating system and virtualisation, switches, operating position equipment plus some software components. Can the DPO only certify the software, with definition of hardware requirements and the customer (or we) purchases any COTS HW, which fulfills these requirements?
It is a decision of the DPO to set the boundaries of the equipment that they wish to certify/declare.
COTS HW is not automatically excluded because it is COTS. However, if COTS HW is part of the supporting infrastructure, then it may fall out of the product boundaries.
Is the following requirement applicable for all ATM/ANS Equipment in "PART 2 — ATM/ANS equipment subject to certification / Subpart A — Air traffic services: "DS GE.CER.ATS.110 ATS recording ATM/ANS equipment specified in this Subpart is to provide recording and replay capability of technical and operational data, and system status."?
Yes, it is applicable for all in Part 2.
DoV refers to the systems structured according to support of the functions and services provided within the functional system defined by the respective ANSP, while SoC refers to components/equipment. DoV also covers the integration process within ANSP, while a SoC is at the level of today's DSU, DoC. Is this assumption correct?
Not exactly. E.g. point 3 of Annex VIII (Essential requirements) of EASA Basic Regulation also refers to “The systems and procedures shall include in particular those required to support the following functions and services (…)”. Thus, the principle is the same. As regards the integration, it remains as today the ATM/ANS provider’s responsibilities as only the ANSP has the global picture of the complete functional systems and how it will behave or continue to behave after the integration.
The DoV is also documenting the integration of components/devices into the provider's systems within its FS, the new regulatory framework does not cover this integration - the SoC issuing process ends before the device is integrated into the FS, the integration is done as a change to FS. Is this assumption correct?
Yes, the integration should be assessed as part of the change to the functional system.
In Part 3, Subpart C, what about PSR and SMR?
They will be introduced in due course, at further updates, as EASA moves forward. Hopefully, before the transition period expires.
Could you please elaborate a bit more on the Statements of Compliance (SoCs) in case there are no detailed specifications DSs? If there are no DSs, then no SoC is required, right? Otherwise, any single and simple system would need a SoC?
Equipment that falls under Article 6 of Regulation (EU) 2023/1768 is subject to compliance with the DSs in DS-GE.SoC. The attestation of compliance must be made through an SoC.
DSs contain general requirements that must be complied with (Subpart A ‘General’ in DS-GE.SoC), even when there are no lower-level specific requirements in the DSs. Therefore, an SoC is required when the equipment falls under Article 6, even when there are no specific DSs.
From your explanations, we infer that if we need to put into service a system but there are no DSs, then we only need to comply with the GENERAL part of the DSs: Is this interpretation right?
That is correct.
If a detailed specification (DS) does not exist for certain hardware (HW) or software (SW), e.g. the application that provides to air traffic controllers (ATCO) the radar availability chart on the auxiliary display, is it subject to this regulatory package? I would say neither CERT, DECL nor SoC are applicable in this case? Only change management should be applied?
It is not the lack of lower-level specific requirements in a DS that determines if certain equipment is subject to CERT/DECL/SoC, but rather Articles 4, 5, and 6 of Regulation (EU) 2023/1768.
Articles 4, 5 and 6 address what is included at each category. Therefore, equipment supporting air traffic control (ATC) service provision will be subject to compliance with the DSs.
It is important to note that DSs always contain general requirements that must be complied with, even when there are no lower-level specific requirements in the DS.
Where is compliance with the essential requirements documented in the first place?
Compliance with the essential requirements is demonstrated when the equipment demonstrates compliance with the detailed specifications (DSs) applicable to the equipment category. There is no requirement on where compliance with the essential requirements is explicitly recorded.
What parts/functions/constituents of a remote tower system will be subject to conformity assessment?
Regulation (EU) 2023/1768 defines the categories of equipment that are subject to the conformity assessment process. Please see Article 4 (for equipment subject to certification), Article 5 (for equipment subject to a declaration) and Article 6 (for equipment subject to a statement of compliance). The regulation applies equally to equipment used within a remote tower system or a conventional tower system.
Does the conformity assessment framework for ATM/ANS ground equipment, including Commission Implementing Regulation (EU) 2023/1771, apply to flight procedure design (FPD) providers?
ATM/ANS equipment used in support of FPD services is out of the scope of Regulation (EU) 2023/1768. Articles 4, 5, and 6 of that Regulation determine what ATM/ANS equipment is subject to conformity assessment. Equipment supporting FPD, data services (DAT) and other network functions (other than air traffic flow management (ATFM)) is not listed, and thus FPD is not within the scope of Regulation (EU) 2023/1768.
However, FPD organisations are within the scope of Regulation (EU) 2017/373. This includes the latest amendment to Regulation (EU) 2017/373, i.e. Regulation (EU) 2032/1771. This amendment applies to FPD in its entirety. Indeed, GM1 ATM/ANS.OR.A.045(g)(4) to Regulation (EU) 2017/373 is intended to explain this aspect. In short, point ATM/ANS.OR.A.045(g) applies to FPD, in particular its point 4, because this equipment does not fall within points 1, 2, or 3.
In summary, for equipment used in the provision of FPD services, the Conformity Assessment Regulation (i.e. Regulation (EU) 2023/1768) does not apply . However, Regulation (EU) 2017/373, as amended by Regulation (EU) 2023/1771, does apply.
Does a military surveillance station fall under the equipment of Regulation (EU) 2023/1768 if an air navigation service provider (ANSP) chooses to make use of the surveillance data for Air Traffic Management / Air Navigation Services (ATM/ANS) provision?
No. However, military services or equipment used for civilian purposes by an ANSP are not fully excluded from the scope of the Regulation.
Article 2 of the Basic Regulation (Regulation (EU) 2018/1139) excludes from its scope ATM/ANS systems and constituents provided or made available by the military. However, in accordance with Article 2(5)(b) of the Basic Regulation, Member States shall ensure that those military ATM/ANS or equipment offer a level of safety and interoperability with civil systems that is as effective as that resulting from the application of the essential requirements that are laid out in the Basic Regulation.
In other words, the military service or equipment provider is not bound by the implementing rules (i.e. Regulations (EU) 2023/1768 and 2023/1769) and is not required to apply the requirements defined in Regulation (EU) 2023/1768. However, Members States are required to demonstrate that military ATM/ANS or equipment provides a level of safety and interoperability that is as effective as civil systems that are developed on the basis of Regulation (EU) 2023/1768. This is in addition to assessments performed by the ATM/ANS provider and any Service Level Agreement (SLA).
For example, this could be achieved by applying (and demonstrating compliance to) the requirements of Regulation (EU) 2023/1768. It could also be achieved by demonstrating that the standards and requirements used to develop the military ATM/ANS or equipment (e.g. military standards) are equivalent to the standards and requirements defined in Regulation (EU) 2023/1768. This demonstration that the equipment provides a level of safety and interoperability as effective as civil systems is to be made available, upon request, to any civil ANSP intending to make use of the military equipment in the provision of their services.
Finally, there is an obligation to EASA, when monitoring Member States’ compliance with the Basic Regulation through the standardisation processes, to verify that the process/criteria used by Member States (to determine that military services or equipment are “as effective as” the systems and equipment produced under Regulation (EU) 2023/1768) are coherent and aligned, and achieve that objective.
Please see below for the relevant regulatory references.
Recital 9 of the Basic Regulation states:
“(9) Aerodromes that are controlled and operated by the military, as well as air traffic management and air navigation services (‘ATM/ANS’) that are provided or made available by the military, should be excluded from the scope of this Regulation. However, Member States should ensure, in accordance with their national law, that such aerodromes, when opened to the public, and such ATM/ANS when serving air traffic to which Regulation (EC) No 549/2004 of the European Parliament and of the Council (1) applies, offer a level of safety and interoperability with civil systems that is as effective as that resulting from the application of the essential requirements for aerodromes and ATM/ANS set out in this Regulation.”
Article 2(3) 3 states:
“3. This Regulation shall not apply to … (c) ATM/ANS, including systems and constituents, personnel and organisations, that are provided or made available by the military;”
Article 2(5) states:
“5. Without prejudice to national security and defence requirements, and Article 7(5) of Regulation (EC) No 550/2004 of the European Parliament and of the Council (1), Member States shall ensure that:
(a) the facilities referred to in point (b) of the first subparagraph of paragraph 3 of this Article that are open to public use; and
(b) the ATM/ANS referred to in point (c) of the first subparagraph of paragraph 3 of this Article that are provided to air traffic to which Regulation (EC) No 549/2004 applies,
offer a level of safety and interoperability with civil systems that is as effective as that resulting from the application of the essential requirements set out in Annexes VII and VIII to this Regulation.”