Explanatory Memorandum to COM(2019)577 - EU position in respect of the revision of Annex 17 (Security) (Amendment 17) to the Convention on International Civil Aviation - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2019)577 - EU position in respect of the revision of Annex 17 (Security) (Amendment 17) to the Convention on International Civil ... |
|---|---|
| source | COM(2019)577  |
| date | 31-10-2019 |
1. Subject matter of the proposal
This proposal concerns the decision establishing the position to be taken on behalf of the European Union in the International Civil Aviation Organization in connection with the envisaged adoption of Amendment 17 to Annex 17 (‘Security’) of the Convention on International Civil Aviation proposing amendments to the standards and recommended practices.
2. Context of the proposal
2.1.The Convention on International Civil Aviation (the ‘Chicago Convention’)
The Chicago Convention aims to regulate international air transport. It entered into force on 4 April 1947 and established the International Civil Aviation Organization.
All EU Member States are Parties to the Chicago Convention.
2.2.The International Civil Aviation Organization (“ICAO”)
ICAO is a specialised agency of the United Nations. The objectives of ICAO are to develop the principles and techniques of international air navigation and to foster the planning and development of international air transport.
The ICAO Council is a permanent body of ICAO with a membership of 36 contracting States elected by the ICAO Assembly for a period of three years. For the period of 2016-2019, there are seven EU Member States represented in the ICAO Council.
Mandatory functions of the ICAO Council, listed in Article 54 of the Chicago Convention, include the adoption of international Standards and Recommended Practices (“SARPs”), designated as Annexes to the Chicago Convention.
The ICAO Council also convenes the Assembly, which is ICAO’s sovereign body. The ICAO Assembly meets at least once every three years and establishes ICAO’s political direction for the upcoming triennium. The 40th Session of the ICAO Assembly took place from 24 September-4 October 2019 in Montreal, Canada.
2.3.The envisaged act of ICAO
In accordance with Article 54 point (1) of the Chicago Convention, the ICAO Council shall adopt SARPs. SARPs amending Annex 17 on Security consist of several Articles to be changed, improved or elevated from recommended practices to standards.
On 4 July 2019, the ICAO issued a State letter AS8/2.1-19/48 to inform its Contracting States that Proposed Amendment 17 to Annex 17 will be presented to the Council for adoption during its 218th Session (18 to 29 November 2019), and is envisaged to become applicable in July 2020. It includes, among other things, new and/or revised provisions on: vulnerability assessments; information sharing between States and stakeholders; training programmes and certification systems; access control; staff screening; and other editorial amendments. By the above State letter, the ICAO launched its consultation phase that will lapse on 4 October 2019.
The changes to Annex 17 have been prepared by the ICAO Aviation Security Panel, of which experts of eight EU Member States are active members (Belgium, France, Germany, Greece, Italy, Netherlands, Spain, and the United Kingdom), then submitted for endorsement to the 217th session of the ICAO Council. These changes, following the ongoing consultation, will be most likely endorsed by the ICAO Council at its 218th session.
Once adopted the envisaged changes will be binding on all ICAO States, including all EU Member States, in accordance with and within the limits set out in the Chicago Convention. Article 38 of the Chicago Convention requires contracting States to notify ICAO if they intend to deviate from a standard, under the notification of differences mechanism.
2.4.The EU legal framework and proposed Changes to Annex 17
1) Amendment of the definition of Background check.
Original text:
Background check. A check of a person’s identity and previous experience, including where legally permissible, any criminal history as part of the assessment of an individual’s suitability to implement a security control and/or for unescorted access to a security restricted area.
New text:
Background check. A check of a person’s identity and previous experience, including criminal history and any other security related information relevant for assessing the person’s suitability, in accordance with national legislation.
This proposal addresses the need to include all security-related relevant information in background checks. The EU background check regime has been strengthened through Point 11.1.3 of the Annex to Commission Implementing Regulation (EU) 2019/103 of 23 January 2019 amending Implementing Regulation (EU) 2015/1998 as regards clarification, harmonisation and simplification as well as strengthening of certain specific aviation security measures 1 .
2) High-risk cargo or mail.
Original text:
High-risk cargo or mail. Cargo or mail presented by an unknown entity or showing signs of tampering shall be considered high risk if, in addition, it meets one of the following criteria:
Contents
- a) specific intelligence indicates that the cargo or mail poses a threat to civil aviation; or
- High-risk cargo or mail. Cargo or mail shall be considered high risk if
- 3) General Principles
- 2.1 Objectives
- 2.1 Objectives
- 4) International Cooperation (2.4.1, 2.4.1 bis)
- 2.4 International Cooperation
- 2.4 International Cooperation
- 6) A Standard 3.1.8 on development and implementation of training programmes
- 7) Elevation of Recommendation 3.1.11 to a Standard
- 8) 3.4 Quality control and qualifications
- b) recurrent background checks are applied to such persons at intervals defined by the appropriate authority; and
- 9) Elevation of Recommendation 3.4.9 to a Standard
- 10) Elevation of Recommendation 4.1.2 to a Standard
- 11) 4.2.3 Measures relating to access control
- 13) New standard 4.2.6bis capability of detecting explosives
- 3.1.1.Principles
- 3.1.2.Application to the present case
- 3.2.1.Principles
- 3.2.2.Application to the present case
b) the cargo or mail shows anomalies that give rise to suspicion; or
c) the nature of the cargo or mail is such that baseline security measures alone are unlikely to detect prohibited items that could endanger the aircraft.
New text:
a) specific intelligence indicates that the cargo or mail poses a threat to civil aviation; or
b) the cargo or mail shows anomalies or signs of tampering which give rise to suspicion.
Regardless of whether the cargo or mail comes from a known or unknown entity, a State’s specific intelligence about a consignment may render it as high risk.
This proposal seeks to provide a clearer definition of high-risk cargo or mail and it is consistent with the European Union definition thereof.
Original text:
2.1.4 Recommendation. – Each Contracting State should ensure appropriate protection of sensitive aviation security information.
New text:
2.1.4 Each Contracting State shall ensure appropriate protection of sensitive aviation security information.
This proposal aims to ensure that appropriate mechanisms are put in place for the protection of sensitive aviation security information from unauthorized access or disclosure, including with respect to the threat from insiders obtaining security information to which they are not entitled to have access.
Protection (and dissemination of sensitive aviation security information) is Member States’ responsibility. Non-public and classified legislative provisions contained in EU legislation are in any case covered by Article 18 of Regulation (EC) No 300/2008 of the European Parliament and of the Council of 11 March 2008 on common rules in the field of civil aviation security and repealing Regulation (EC) No 2320/2002 2 and Commission Decision (EU, Euratom) No 2015/444 of 15 March 2015.
Original text:
2.4.1 Each Contracting State shall ensure that requests from other Contracting States for additional security measures in respect of a specific flight(s) by operators of such other States are met, as far as may be practicable. The requesting State shall give consideration to alternative measures of the other State that are equivalent to those requested.
New text:
2.4.1 Each Contracting State requesting additional security measures for a specific flight(s) shall ensure appropriate consultation and give consideration to alternative measures of the other State that are equivalent to those requested.
2.4.1bis Each Contracting State shall ensure that requests from other Contracting States for additional security measures in respect of a specific flight(s) by operators of such other States are met, as far as may be practicable.
The proposals seek to emphasize the importance of appropriate consultation when a State requests additional security measures from another State. The existing Standard has been separated into two Standards in order to highlight the distinct requirements for States requesting additional measures and host States receiving such requests.
Article 7 of Regulation (EC) No 300/2008 establishes provisions with regard to the notification to the Commission of measures required by a third country should these measures differ from the common basic standards. With regard to the mechanism of consultation and the application of alternative measures, this may be covered and regulated within the bilateral EU (or Member State) - Third Country Air Transport Agreements.
5) A Standard 3.1.4 on information sharing between States and stakeholders.
Original text:
3.1.4 Each Contracting State shall establish and implement procedures to share, as appropriate, with its airport operators, aircraft operators, air traffic service providers or other entities concerned, in a practical and timely manner, relevant information to assist them to conduct effective security risk assessments relating to their operations.
New text:
3.1.4 Each Contracting State shall establish and implement procedures to share, as appropriate, with relevant airport operators, aircraft operators, air traffic service providers or other entities concerned, in a practical and timely manner, relevant information to assist them to conduct effective security risk assessments relating to their operations.
This proposal aims to clarify the Standard so that States have more flexibility to determine the relevant operators to address the information needed to assist the operators in conducting effective risk assessment relating to their operations.
This standard has been introduced into the EU-wide legislation by Commission Implementing Regulation (EU) 2019/1583 amending Implementing Regulation (EU) 2015/1998 of 5 November 2015 laying down detailed measures for the implementation of the common basic standards on aviation security, as regards cybersecurity measures 3 .
Original text:
3.1.8 Each Contracting State shall ensure the development and implementation of training programmes and an instructor certification system in accordance with the national civil aviation security programme.
New text:
3.1.8 Each Contracting State shall ensure the development and implementation of training programmes and a certification system that ensures that instructors are qualified in the applicable subject matters in accordance with the national civil aviation security programme.
The proposed amendment is intended to focus on the security outcome to be achieved and not on a single method. It recognizes that focus should be on the ‘results’ of training delivered by qualified subject matter experts who possess the knowledge and ability to instruct, and especially the necessary knowledge of the subject matter being taught. The certification, or other alternative applied methods, as such should focus on both elements required.
The principles sought by this amendment (i.e. the instructors being qualified in the applicable subject matters) are part of the EU wide legislation and established throughout Chapter 11 of the Annex I of Regulation (EC) 300/2008 and its implementing rules.
Original text:|
3.1.11 Recommendation. - Each Contracting State should ensure that personnel of all entities involved with or responsible for the implementation of various aspects of the national civil aviation security programme and those authorized to have unescorted access to airside areas receive periodic security awareness training.
New text:
3.1.11 Each Contracting State shall ensure that personnel of all entities involved with or responsible for the implementation of various aspects of the national civil aviation security programme and those authorized to have unescorted access to airside areas receive initial and recurrent security awareness training.
Recommendation 3.1.11 has been elevated to a Standard, therefore, it shall be legally binding. Each Contracting State shall ensure that personnel of all entities involved with or responsible for the implementation of various aspects of the national civil aviation security programme and those authorized to have unescorted access to airside areas receive periodic initial and recurrent security awareness training. This proposal recognizes the importance of security awareness training, while highlighting the need for both initial and recurrent security awareness training.
Obligations on initial and recurrent training are contained in the EU wide aviation security legislation namely in Points 11.4.1 and 11.4.3 of the Annex to Commission Implementing Regulation (EU) No 2015/1998.
Original text:
3.4.1 Each Contracting State shall ensure that the persons implementing security controls are subject to background checks and selection procedures.
New text:
3.4.1 Each Contracting State shall ensure that:
a) background checks are completed in respect of persons implementing security controls, persons with unescorted access to security restricted areas, and persons with access to sensitive aviation security information prior to their taking up these duties or accessing such areas or information;
b) recurrent background checks are applied to such persons at intervals defined by the appropriate authority; and
c) persons found unsuitable by any background check are immediately denied the ability to implement security controls, unescorted access to security restricted areas, and access to sensitive aviation security information.
This proposal seeks to clarify who should be subjected to background checks, when background checks should be applied, and what should occur if an individual has been found unsuitable by any background check. In particular, the Standard now prescribes the need for recurrent background checks and the actions required when a person is found to be unsuitable for the relevant functions as a result of the background check. Note that reference to “selection procedures” has been incorporated into 3.4.2.
All principles are already contained in the EU wide aviation security legislation, namely in Points 1.2.3.3, 1.2.3.5, 11.1, 11.5.1, and 11.6.3.5(a) of the Annex to Commission Implementing Regulation (EU) No 2015/1998 as amended by Regulation 2019/103 of 23 January 2019.
This proposal is complementary to the amendment of Standard 3.4.1. The original Standard 3.4.1 included both references to background checks and selection procedures. As the proposal for 3.4.1 now includes further elements regarding the scope and regularity of background checks, this proposal adds the element on selection procedures.
Criteria for the selection of personnel implementing security controls and related functions is contained in the EU wide aviation security legislation, namely in Points 11.1.6, 11.1.7, and 11.1.8 of the Annex to Commission Implementing Regulation (EU) No 2015/1998.
Original text:
3.4.9 Recommendation. – Each Contracting State should ensure that each entity responsible for the implementation of relevant elements of the national civil aviation security programme periodically verifies that the implementation of security measures outsourced to external service providers is in compliance with the entity’s security programme.
New text:
3.4.9 Each Contracting State shall ensure that each entity responsible for the implementation of relevant elements of the national civil aviation security programme periodically verifies that the implementation of security measures outsourced to external service providers is in compliance with the entity’s security programme.
This Recommendation has been elevated into a legally binding Standard. This proposal seeks to ensure that external service providers are in compliance with the State’s aviation security regulations, in order to address the insider threat which may stem from external service providers.
In accordance with the EU wide policy on aviation security as established in Regulation (EC) No 300/2008:
–Every Member State shall draw up, apply and maintain a NCASP defining responsibilities for the implementation of the common basic standards and describing the measures required by operators and entities.
–Operators, airlines and entities covered in the NCASP are required to draw up, apply and maintain a security programme in accordance to the provisions described therein.
–The programme shall describe methods and procedures followed by the operator, airline or entity to comply with the legislation and the security programme itself, including internal quality controls.
–Security measures and operations undertaken by external service providers are expected to be covered within the security programme of the above operator, airline or entity that retains responsibility for those measures and operations, unless the external service provider is itself a regulated or approved entity for the activities it provides, thus required to draw an own security programme.
The Standard is included in the EU wide legislation namely in Articles 10.1, 12.1, 13.1 and 14.1 of Regulation (EC) No 300/2008 and in Points 1.0.1, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0, 8.0.1, 9.0.1, 11.0.1 and 12.0.1 of the Annex to Commission Implementing Regulation (EU) No 2015/1998. Additional provisions are set out in Points 6.3.1.1, 6.3.1.2 (a), 6.4.1.2, 6.6.1.1 (c), 6.8.5.1 (a), 6-E, 8.1.3.2 (a), 8.1.4.1, 8.1.4.2, 8.1.4.3, 8.1.4.5, 8.1.4.6, 8.1.5.2, 9.1.3.1, 9.1.3.2, 9.1.3.3, 9.1.3.5, 9.1.3.6 and 9.1.4.2 of the Annex to Commission Implementing Regulation (EU) No 2015/1998
Original text:
4.1.2 Recommendation. Each Contracting State should promote the use of random and unpredictable security measures. Unpredictability could contribute to the deterrent effect of security measures.
New text:
4.1.2 Each Contracting State shall ensure the use of randomness and unpredictability in the implementation of security measures, as appropriate.
Recommendation 4.1.2 on the use of randomness and unpredictability has been elevated into a legally binding Standard. The security objective pursued by the new Standard 4.1.2, to enhance the mitigation against insiders, is in line with the European Union policy in the areas of:
–screening of persons other than passengers and their items carried;
–screening of vehicles;
–surveillance and patrols both in landside and in airside/SRA and related measures
–screening of supplies
This principle is reflected within the EU wide legislation, namely in Points 1.3.1, 1.4.1, 1.4.2, 8.1.6 and 9.1.5 of the Annex to Commission Implementing Decision C(2015) 8005.
Original text:
4.2.3 Each Contracting State shall ensure that identification systems are established in respect of persons and vehicles in order to prevent unauthorized access to airside areas and security restricted areas. Identity shall be verified at designated checkpoints before access is allowed to airside areas and security restricted areas.
New text:
4.2.3 Each Contracting State shall ensure that identification systems are established and implemented in respect of persons and vehicles in order to prevent unauthorized access to airside areas and security restricted areas. Access shall be granted only to those with an operational need or other legitimate reason to be there. Identity and authorization shall be verified at designated checkpoints before access is allowed to airside areas and security restricted areas.
The Standard 4.2.3 under “Measures relating to access control” is intended to strengthen measures relating to access control to security restricted areas, by introducing a limitation to allow access only to those with an operational or otherwise legitimate need to be there, and extend the scope of verification at access points to authorization along with identity.
In accordance with EU wide legislation, access of persons and vehicles to security restricted areas may only be granted if they have a legitimate reasons. Airport Identification cards shall be checked before a person is granted access to ensure it is valid and corresponds to the holder. Vehicle pass shall be checked before a vehicle is granted access to ensure it is valid and corresponds to the vehicle. In the EU-wide legislation, it has been reflected in points 1.2.2.1, 1.2.2.4, 1.2.2.5, 1.2.2.6, 1.2.6.1 of the Annex to Commission Implementing Regulation (EU) No 2015/1998.
12) Standard 4.2.6 (“100% screening of persons other than passengers”)
Original text:
4.2.6 Each Contracting State shall establish measures to ensure that persons other than passengers, together with items carried, are screened prior to entry into airport security restricted areas serving international civil aviation operations, are subject to screening and security controls.
New text:
4.2.6 Each Contracting State shall establish measures to ensure that persons other than passengers, together with items carried, are screened prior to entry into airport security restricted areas.
This proposal seeks to eliminate any ambiguity and make clear that all persons other than passengers must be screened prior to entry into a security restricted area, in order to address the threat from insiders.
The EU wide legislation is in full compliance with the new formulation of Standard 4.2.6, namely in Points 1.3 of both the Annexes to Commission Implementing Regulation (EU) No 2015/1998 and to Commission Implementing Decision C(2015) 8005.
New text added after 4.2.6 as follows:
4.2.6bis Each Contracting State shall ensure the use of appropriate screening methods that are capable of detecting the presence of explosives and explosive devices carried by persons other than passengers on their persons or in their items carried. Where these methods are not applied continuously, they shall be used in an unpredictable manner.
This proposal recognizes that the mitigation of threats from insiders requires a balanced and coordinated approach between background check procedures and physical security measures and addresses the need for appropriate screening methods capable of detecting explosives also on persons other than passengers.
The EU wide legislation requires additional continuous random and unpredictable screening in respect of a proportion of persons other than passengers and their items carried both having and not having caused alarm. The security objective of this additional screening is to detect explosives and explosive devices. Such screening shall be performed using means and methods that for their nature identify explosives (Explosive Detection Dogs, Explosive Trace Detection, Shoe Explosive Detection and Security Scanners) or in alternative by hand search. The current methodology required in the EU for the conduction of hand search on persons and items carried is considered as reasonably capable to detect explosive devices concealed on the body and in the items carried. In addition, hand search enhances the likelihood to detect other non-metallic (and non-explosive) prohibited items. This has been transposed by Point 1.3 of the Annex to Commission Implementing Decision C(2015) 8005.
14) Standard 4.6.5 – a reference to a known consignor as an entity in the secure supply chain
Original text:
4.6.5 Each Contracting State shall ensure that operators do not accept cargo or mail for carriage on an aircraft engaged in commercial air transport operations unless the application of screening or other security controls is confirmed and accounted for by a regulated agent, or an entity that is approved by an appropriate authority. Cargo and mail which cannot be confirmed and accounted for by a regulated agent, or an entity that is approved by an appropriate authority shall be subjected to screening.
New text:
4.6.5 Each Contracting State shall ensure that operators do not accept cargo or mail for carriage on an aircraft engaged in commercial air transport operations unless the application of screening or other security controls is confirmed and accounted for by a regulated agent, a known consignor, or an entity that is approved by an appropriate authority. Cargo and mail which cannot be confirmed and accounted for by a regulated agent, a known consignor, or an entity that is approved by an appropriate authority shall be subjected to screening.
This proposal seeks to align this Standard with Standard 4.6.2 and ensure that both Standards make a clear reference to known consignors as an entity in the secure supply chain.
The EU wide legislation is in full compliance with the new formulation of Standard 4.6.5, namely with reference to Point 6.1.1 of the Annex to Regulation (EC) No 300/2008 and point 6.1.1 of the Annex to Commission Implementing Regulation (EU) No 2015/1998.
3. Position to be taken on the Union’s behalf
The subject matter of the envisaged act concerns an area for which the Union has exclusive external competence by virtue of the last limb of Article 3(2) TFEU, as the envisaged act is liable to ‘affect common rules or alter their scope’, namely the EU legal framework on aviation security referred to below. It is, therefore, necessary to establish a Union position.
In this respect, it is essential to recognise that Amendment 17 to Annex 17 as presented to ICAO Contracting States and submitted for its endorsement by the ICAO Council at its 218th session is (already) fully reflected in the EU wide aviation security legislation. It is however desirable, that these strengthened Standards will be applied globally.
The Union position is to be defined in accordance with the applicable EU legal framework on aviation security, namely Regulation (EC) No 300/2008 of the European Parliament and of the Council of 11 March 2008 on common rules in the field of civil aviation security and repealing Regulation (EC) No 2320/2002, as well as Commission Implementing Regulation (EU) 2015/1998 of 5 November 2015 laying down detailed measures for the implementation of the common basic standards on aviation security.
3.1.Procedural legal basis
Article 218(9) of the Treaty on the Functioning of the European Union (TFEU) provides for decisions establishing ‘the positions to be adopted on the Union’s behalf in a body set up by an agreement, when that body is called upon to adopt acts having legal effects, with the exception of acts supplementing or amending the institutional framework of the agreement.’
Article 218(9) TFEU applies regardless of whether the Union is a member of the body or a party to the agreement. 4
The concept of ‘acts having legal effects’ includes acts that have legal effects by virtue of the rules of international law governing the body in question. It also includes instruments that do not have a binding effect under international law, but that are ‘capable of decisively influencing the content of the legislation adopted by the EU legislature’. 5
ICAO is a body set up by an agreement, namely the Chicago Convention.
Any upcoming amendment to Annex 17 of the Chicago Convention will constitute an act having legal effects.
Therefore, the procedural legal basis for the proposed decision is Article 218(9) TFEU.
3.2.Substantive legal basis
The substantive legal basis for a decision under Article 218(9) TFEU depends primarily on the objective and content of the envisaged act in respect of which a position is taken on the Union's behalf.
The envisaged act pursues objectives and has components in the area of aviation security policy adopted by an international organisation that influences the EU policies on aviation security.
Therefore, the substantive legal basis for the proposed decision should be Article 100(2) TFEU.
3.3.Conclusion
The legal basis of the proposed decision should be Article 100(2) TFEU, in conjunction with Article 218(9) TFEU.