Annexes to COM(2024)107 - 2022 annual report on the implementation of regulation (ec) n° 300/2008 on common rules in the field of civil aviation security - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2024)107 - 2022 annual report on the implementation of regulation (ec) n° 300/2008 on common rules in the field of civil aviation ... |
|---|---|
| document | COM(2024)107 |
| date | March 8, 2024 |
The assessment of these reports, in addition to its own regular inspections, provides a tool for the Commission to closely follow the implementation of national quality control measures. This, in turn, allows for swift detection and correction of deficiencies in each Member State.
The assessment includes an analysis of regular monitoring of airports, air carriers and other entities with aviation security responsibilities, as well as time spent by the auditors in the field, scope and frequencies of a suitable mixture of compliance monitoring activities, national compliance levels, follow-up activities and the use of enforcement powers.
The quality of annual reports and information provided by Member States remains constant and further harmonisation was achieved during 2022. The assessment of the reports showed that the overall quality of monitoring activities had not yet returned to the pre-COVID-19 level, most likely due to the pandemic which had an impact on all monitored areas and the capability of both authorities and operators. There is also room for improvement particularly in the performance of covert testing and follow-up inspections as well as in the use of enforcement measures.
A formal comprehensive evaluation was sent to the Member States highlighting, where needed, suggestions on how to improve or better tailor the national efforts.
6. Assessments of third country airports
Assessments are conducted in the context of One Stop Security (OSS) arrangements between the EU and third countries. The purpose is to confirm that implementation of certain security measures continues to be of an equivalent standard to the implementation of EU aviation security legislation. In 2022, three assessments were conducted, including the US, Singapore, and Serbia.
7. Article 15 cases and legal proceedings
If identified deficiencies in the implementation of security measures at an airport are serious enough as to have a significant impact on the overall level of civil aviation security in the Union, the Commission will activate Article 15 of Regulation (EU) No 72/2010. This means that all other appropriate authorities are alerted to the situation and compensatory measures would have to be considered in respect of flights from the airport in question. No such case was initiated in 2022.
The Commission also has the possibility to open infringement proceedings, particularly in cases of prolonged non-rectification or recurrence of deficiencies. In 2022, no such proceedings were launched.
4. LEGISLATIVE FRAMEWORK AND SUPPLEMENTARY TOOLS
1. Legislative framework
Civil aviation remains an attractive target for hostile actors and countering this threat requires the implementation of proportionate, risk based protective measures. The Commission and Member States are therefore constantly adjusting the mitigation measures to achieve the highest level of security while minimising adverse effects on operations.
Implementing Regulation (EU) 2015/1998 was amended in March 2022 by Implementing Regulation (EU) 2022/4216. The latter re-establishes the correct lists of third countries recognised as applying security standards equivalent to the common basic standards, allows granting of a short extension of the use of standard 2 EDS for screening cargo and mail and clarifies the provision on progressive phase-out of single-view x-ray equipment. A second amendment to Implementing Regulation (EU) 2015/1998 was adopted in July 2022 by Implementing Regulation (EU) 2022/11747. In addition to clarifications, it contains amendments regarding airport security, safe and secure carriage of firearms on board, training of personnel, air cargo and mail security, known suppliers of airport supplies, background checks, explosive detection dogs (EDD), and detection standards for walk-through metal detection equipment (WTMD).
2. Union database on supply chain security
The Union database8 on supply chain security constitutes the only legal tool for consultation when accepting consignments from another regulated agent or from a known consignor. The same database also includes a list of approved civil aviation security equipment with ‘EU Stamp’ marking.
At the end of 2022, the database contained about 20 000 records of regulated agents, known consignors, independent validators, ACC3 airlines, regulated suppliers, third country regulated agents and known consignors, security equipment and airports. Its target availability rate of 99.7% was continuously met in 2022.
3. Pre-Loading Advance Cargo Information (PLACI)
The first phase of the new customs import system (ICS2) based on pre-loading advance cargo information requirements applies in respect of postal/mail and express consignments since 15 March 2021.
Under PLACI requirements, details pertaining to each shipment flying to the EU from third country locations are to be electronically submitted to EU customs by the economic operators responsible for bringing consignments into the Union customs territory and analysed for civil aviation security purposes by the customs authorities of the first point of entry in the EU.
The outcome of the PLACI risk analysis may require the implementation of specific mitigating aviation security measures. These must be applied by economic operators engaged in the EU in-bound supply chain before the consignment is loaded on board of an EU-bound flight. The Commission organised in November 2022 a third joint workshop with aviation security authorities and national customs authorities to foster a smooth PLACI implementation and to prepare for launching the second phase of ICS2 in March 2023.
5. TRIALS, MEETINGS AND NEW INITIATIVES
1. Trials
A 'trial' in the sense of EU aviation security legislation is conducted when a Member State agrees with the Commission that it will use a particular means or method not recognised under the terms of the legislation to replace one of the recognised security controls, for a limited period on condition that such trial does not impact negatively on the overall levels of security. Two trials concerning implementation of automatic detection of prohibited items (APID) in combination with Explosives Detection Systems for Cabin Bags (EDSCB) were initiated during 2022, in the Netherlands and Germany.9
2. Meetings
The Commission organised in November 2022 a third meeting of the Aviation Cybersecurity Working Group, bringing together Member State authorities responsible for aviation security and implementation of the NIS Directive10. The meeting provided an opportunity to jointly discuss relevant issues in aviation cybersecurity and to identify specific areas where further work is necessary. The Commission considers that implementing and further improving the complex regulatory environment of aviation cybersecurity can greatly benefit from the sharing of experience and best practices within such a working group. There is also a keen interest to ensure that the specificities of the aviation sector are considered and to see how sectorial and horizontal efforts can complement each other, while avoiding duplication of effort and undue burden on administrations and industry.
With the aim to provide Member States with feedback from inspections, promote transparency and harmonise compliance monitoring methodologies, the Commission organised an annual meeting and training of the AVSEC national inspectors in September 2022.
3. New initiatives
Progress was made regarding the development of new aviation security technologies. Work was notably undertaken to elaborate security equipment detection standards to tackle new threats, especially chemical substances. To this end, excellent cooperation is in place with the United States (US) and other international partners.
6. THREAT EVENTS AND OUTLOOK
1. General
International jihadist terrorism remains a significant threat to the EU that requires careful monitoring11. Despite global efforts to limit terrorist financing sources, terrorist organisations still have access to large cash reserves12 to finance their activities and propaganda. They retain intent to attack aviation as a high-profile target as well as the capability to develop innovative explosive concealments. It is expected that the threats and challenges of aviation security will continue to evolve, as well increase in the diversity of modus operandi of attack. Other potential threats such as chemical, biological, radiological and nuclear (CBRN) are continually being assessed by the Commission and Member States. Insider threats and home-grown terrorism remain an area of particular attention. At the same time, other threats and means of attack have come into focus. Conflict zones will continue to provide terrorists with an environment offering the opportunity to acquire more sophisticated military grade equipment and to exploit less stringent aviation security measures.
The Commission, together with the relevant agencies, maintained a continuous dialogue on, and regular monitoring of, emerging security threats for aviation, including those of a hybrid nature, with Member States and other stakeholders, to build up the knowledge and capacity to react to those threats, effectively managing the risk. In October 2022 a comprehensive risk mapping exercise was launched (and completed in the first quarter 2023) to assess the level of threat and risk against civil aviation. This exercise took place in the context of the aviation security strategy working group set up to take stock of developments both in terms of evolution of the threat picture and of detection capabilities. The outcomes of the aviation security risk mapping will support the decision-making process on a new passenger checkpoint baseline. In 2022 the air cargo risk assessment work stream has also been relaunched as result of the lifting of covid restrictions.
2. Cybersecurity
In the context of aviation’s growing reliance on information technology and digital operational systems, cybersecurity is becoming ever more critical. Cyber-attacks targeting transport could potentially have disastrous consequences and lead to significant economic disruption. It is estimated that at least a couple of thousand cyber-incidents impacting various aviation stakeholders took place in 2022.13 In its efforts to make the transport sector and related infrastructure more resilient, the Commission confirmed that the EU will update and improve the existing security framework, including the means to tackle cyber threats, under the overarching umbrella of the existing rules governing this matter14. The cyber domain points to a number of specific challenges, including the array of actors and motivations (beyond terrorist groups). The Commission has adopted measures also in this domain15, in the face of more malicious intentions and increased capabilities of hostile third parties. The situation in aviation underlines the need to ensure maximum consistency between horizontal and sectoral rules. From the Commission’s perspective, it is imperative to avoid duplication and burden on operators and administrations.
3. Drones
The unlawful use of unmanned aircraft systems (UAS), better known as drones, can disrupt airport operations and may endanger aircraft and their occupants.16 Increasing system resilience and counter-UAS capabilities also forms an integral part of the “Drone Strategy 2.0”17 that the Commission adopted in November 2022 to develop drones into a vector for the smart and sustainable mobility of the future. This initiative aims to enable drones to contribute, through digitalisation and automation, to a new offer of sustainable services and transport, while accounting for possible civil/military technological synergies. In this respect, the Commission will undertake an aviation security risk assessment on drones with the objective to identify potential additional vulnerabilities of airports that could require regulatory solutions.18
4. Conflict Zones
Under the Conflict Zone Alerting System common risk assessments continued to take place on a regular quarterly basis in 2022, under the lead of the integrated EU aviation security risk assessment group. The aim of this exercise is to share information on the assessment of risks to EU civil aviation arising from conflict zones in a timely manner to support risk mitigation. In case of urgency, exceptional meetings are arranged.19
The integrated EU aviation security risk assessment process also provides risk assessment capability and supports the decision-making process (risk mitigation) for air cargo security and aviation security standards.
7. INTERNATIONAL DIALOGUE
1. General
The Commission continued its contribution to aviation security worldwide. It did so by engaging with international bodies, such as the International Civil Aviation Organisation (ICAO), and key trading partners, and working closely with Member States to ensure co-ordinated EU positions. Dialogues were also held with certain third countries, such as the US, Canada, Australia, Singapore, and the United Kingdom (UK).
2. International bodies
The EU actively participated, as an observer, in the annual meeting of the ICAO Aviation Security Panel (AVSECP/33), which took place from 9 to 13 May 2022 as well as the first meeting of the ICAO Cybersecurity Panel (CYSECP/1), which took place from 16 to 20 May 2022.
The 41st ICAO Assembly was organised on 27 September – 7 October 2022. Europe had four main aviation security inputs to the Assembly. These concerned: (1) ensuring effective aviation security in the COVID19 recovery world; (2) the development of a framework for cyber security; (3) human factors in the aviation security domain; and (4) an information paper on the CASE aviation security capacity building project. The EU and its Member States also co-sponsored a working paper with Canada on Endorsing Global, Regional, and Industry Initiatives intended to mitigate conflict zone risks for civil aviation.
3. Third countries
In the context of relations with the United States, the EU-US Transportation Security Cooperation Group (TSCG) aims at fostering co-operation in several areas of mutual interest. It ensures the continued functioning of One Stop Security (OSS) arrangements and of the mutual recognition of respective EU and US air cargo and mail regimes. These initiatives save air transport operators’ time, cost, and operational complexity. The 31st meeting of the European Union (EU) - United States (US) Transportation Security Cooperation Group (TSCG) took place on 29-30 March 2022 and was hosted by the Transportation Security Administration (TSA).
In conformity with EU law, the Commission has established one-stop security (OSS) arrangements recognising security standards applied in some third countries, or airports of third countries, as equivalent to EU standards.20 No new OSS arrangements were concluded in 2022. In the case of Israel, the extension of the existing OSS arrangement to passengers and cabin baggage is still suspended pending the execution of all development projects at Tel Aviv Ben Gurion Airport, including investment into screening technology required for OSS. These development projects have been postponed due to the negative financial effects of the COVID-19 pandemic. As to Japan, assessment of its relevant aviation security legislation is on-going.
Regarding capacity building, the “Civil Aviation Security in Africa, Asia and the Middle East” project (CASE II), funded by the European Commission with a budget of EUR 8 million and implemented by ECAC, continued in 2022. Activities delivered by aviation security experts included workshops, webinars and bilateral in-country activities.21 The overall objective of CASE II is to counter the threat of terrorism to civil aviation by partnering with States in the three regions, to strengthen their aviation security regimes.22
8. CONCLUSIONS
In 2022, the COVID-19 pandemic finally receded and travel restrictions were removed. Normal on-site inspections could be carried out and international co-operation on aviation security also returned to the pre-pandemic levels.
The increasing air traffic growth brought challenges for the aviation ecosystem at some EU airports, especially at the beginning of the summer. After more than two years of suppressed air travel demand, it took time and careful planning by all stakeholders to ensure that passengers could have the best experience when travelling. The Commission contributed by exploring ways to alleviate capacity issues at EU airports without compromising security, for instance by facilitating the exchange of information and operational experience between airports and regulators to improve passenger throughput, as well as by enhancing coordination and possible mutual recognition of background checks.
As to the future, the Commission reflected on how the aviation security framework could be further improved. To this end, it considered ways to increase its efficiency, sustainability, and flexibility, without compromising the high levels of security achieved thus far. This work will continue on the basis of the improvements identified in the Commission Staff Working Document23 published in 2023, with a view to implementing with Member States and stakeholders the measures that will allow a more resilient, innovative, and fit for the future aviation security framework.
1 Regulation (EC) No 300/2008 of the European Parliament and of the Council of 11 March 2008 on common rules in the field of civil aviation security and repealing Regulation (EC) No 2320/2002 (OJ L 97, 9.4.2008, p. 72).
2 A number of members of the Stakeholder Advisory Group on Aviation Security (SAGAS), constituted under Article 17 of Regulation (EC) N°300/2008, volunteered to participate in the consultation process.
3 European Economic Area: 27 EU Member States, Norway, Iceland and Switzerland. The EFTA Surveillance Authority (ESA) is responsible for conducting aviation security inspections in Norway and Iceland. Regarding Switzerland, the Commission conducts aviation security inspections in this country on the basis of a bilateral agreement.
4Commission Regulation (EU) No 72/2010 of 26 January 2010 laying down procedures for conducting Commission inspections in the field of aviation security (OJ L 23, 27.1.2010, p. 1).
5 See Annex 1 for a chart summarising all Commission and ESA compliance monitoring activities in 2022.
6 Commission Implementing Regulation (EU) 2022/421 of 14 March 2022 amending Implementing Regulation (EU) 2015/1998 laying down detailed measures for the implementation of common basic standards on aviation security (OJ L 87, 15.3.2022, p. 1).
7 Commission Implementing Regulation (EU) 2022/1174 of 7 July 2022 amending Implementing Regulation (EU) 2015/1998 as regards certain detailed measures for the implementation of the common basic standards on aviation security (OJ L 183, 8.7.2022, p. 35).
8https://ksda.ec.europa.eu/
9 Final report for the trial in Netherlands was received in June 2023. The trial in Germany is still on-going.
10 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (OJ L 194, 19.7.2016, p. 1).
11 See for example: https://data.consilium.europa.eu/doc/document/ST-12315-2021-INIT/en/pdf
12 https://home.treasury.gov/news/press-releases/jy0532
13 The main incident types are fraudulent websites, malware, distributed denial of service (DDoS) and phishing.
14 Paragraph 102 of the Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Sustainable and Smart Mobility Strategy – putting European transport on track for the future, COM(2020) 789 final, 9 December 2020.
15 For instance, cyber requirements under Commission Implementing Regulation (EU) 2019/1583 of 25 September 2019 entered into force on 31 December 2021 and their implementation is subject to the inspection programme of the Commission.
16 According to EASA Annual Safety Review 2022, the drone occurrence rate decreased in 2021 (latest figures available).
17 Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, A Drone Strategy 2.0 for a Smart and Sustainable Unmanned Aircraft Eco-System in Europe, COM(2022) 652 final, 29 November 2022.
18 Flagship action 18.
19 The group had 4 regular quarterly meetings that were preceded by preparatory meetings with airlines and their associations. In addition, an urgent meeting was organised in February 2022 due to the Russian invasion of Ukraine. During the year, two new Conflict Zone Information Bulletins (CZIBs) were issued, nine amended and one revoked. In addition, two information notes were amended and one revoked.
20 The EU has OSS arrangements with, among others, the US, Canada, Singapore, Montenegro, Serbia, the UK and Israel (only for hold baggage).
21 In 2022, 35 activities were delivered, consisting of five multilateral activities (two workshops and three multilateral trainings) and 30 bilateral activities for the benefit of 61 Partner States and a total of 733 participants thanks to the mobilisation of 43 total speakers invited to contribute to the multilateral activities, 22 being sourced from Partner States. In addition to these larger events, six security experts from the Partner States have been mobilised to participate as co-instructors in training activities. The total number of activities delivered since the Project’s inception until December 2022 is 62.
22 Partner States are selected based on objective criteria, such as the commitment/capability of a given State to fully benefit from the capacity-building activities delivered by the Project, or the absence of possible duplication with other capacity-building initiatives, either bilateral or multilateral.
23 Commission Staff Working Document: Working towards an enhanced and more resilient aviation security policy: a stocktaking, SWD(2023) 37 final, 2 February 2023.
EN EN