Civil aviation rules and the European Union Aviation Safety Agency

KEY POINTS

The regulation covers all key areas of aviation, including:

• airworthiness
• aircrews
• aerodromes
• air operations and
• air navigation services.

The regulation:

• includes rules for unmanned aircraft (civil drones);
• aims to facilitate simpler rules for sport and recreational aviation;
• sets out the division of tasks between the EU and national authorities;
• repeals three previous regulations (Regulations (EC) Nos 552/2004 and 216/2008 and (EEC) No 3922/91);
• amends two directives (Directives 2014/30/EU on reducing interference between electrical and electronic devices and 2014/53/EU on the commercialisation of radio equipment) and four regulations (Regulations (EC) Nos 2111/2005 on the establishment of a list of banned air carriers and on the identity of the operating carrier and 1008/2008 on the operation of air services and (EU) Nos 996/2010 on civil aviation accidents and incidents and 376/2014 on occurrences in civil aviation);
• complements Regulations (EU) Nos 1321/2014 on airworthiness and 748/2012 on environmental certification.

Main changes and additions

• The regulation updates EU safety legislation in the aviation sector. Essential requirements are established for aircraft with respect to their airworthiness and environmental compatibility. Manufacturers will be required to issue certificates of airworthiness in accordance with the technical requirements.
• It introduces risk- and performance-based rules that set objectives but leave some flexibility as to the means for achieving them. It also promotes taking non-binding measures (such as safety-promotion measures) whenever this is possible.
• It revises the scope of some rules by excluding small, single-person hot-air balloons, adjusting the weight limits for sailplanes and adding light electric aircraft. It introduces reforms to:
  • deal with the growth of air traffic;
  • increase security;
  • reduce costs, delays and the impact of air traffic on the environment.
• Cabin crew involved in commercial air transport are subject to certification and should be issued with an attestation. The European Commission has established detailed rules and procedures for cabin crew qualification.
• The regulation also sets out essential requirements for safe ground handling services, which are now included within the scope of the regulation, and closes a number of other safety gaps.
• There is also a chapter on aviation safety management, establishing the European plan for aviation safety, which covers the whole aviation safety system.

Civil drones

• The regulation introduces essential requirements for drones. The rules are meant to be proportionate to the risk of the particular operation or type of operation, and state that the drone must be safely controllable and manoeuvrable. It should be designed to fit its function and intended type of operation and take into account privacy and the protection of personal data by design and by default. Identification of the drone and of the nature and purpose of the operation should also be possible.
• The drone operator should be responsible for its operation and should have the appropriate knowledge and skills to operate the drone safely. Organisations involved in drone design, production, maintenance, operations, related services and training must establish a safety occurrence reporting system.
• The regulation specifies the registration threshold that applies to drone operators: operators must be registered if they operate drones that can transfer more than 80 joules of kinetic energy upon impact with a person. This threshold can be amended in the future without lengthy procedures, to take account of developments in this area.
• Depending on the nature and risk of the activity, the operational characteristics of the aircraft and the characteristics of its area of operation, a certificate may be required for its design, production, maintenance and operation and for its personnel, including remote pilots.
• In accordance with the regulation, the Commission, with the help of EASA, drew up Implementing Regulation (EU) 2019/947, which lays down detailed rules for drones and for drone operation (see summary).
• A delegated act, Delegated Regulation (EU) 2024/1107, sets out the rules on the continuing airworthiness of certified unmanned aircraft systems and their components, and on approving organisations and personnel involved in these tasks.
• An implementing act, Implementing Regulation (EU) 2024/1109, which applies from 1 May 2025, includes rules regarding competent authority requirements and administrative procedures for certifying, overseeing and enforcing the continuing airworthiness of certified drones.

Pilot licences issued by non-EU countries

• Delegated Regulation (EU) 2020/723 establishes the procedures and, in particular, the possible training credit that can be claimed by a pilot who has obtained a pilot’s licence in a non-EU country and wants to convert it into an EU licence.
• It ensures that these pilots still receive training on the subjects that are specific to EU airspace, or otherwise not required in non-EU countries, while ensuring they do not need to excessively retrain for aspects already covered previously.
• Regulation (EU) 2020/723 was previously part of an implementing act, Regulation (EU) 1178/2011 (see summary), but needed to be separated into a delegated act due to the requirements of Regulation (EU) 2018/1139.

Environmental protection

As regards noise and emissions, aircraft other than unmanned aircraft and their engines, propellers, parts and non-installed equipment must comply with the environmental protection requirements contained in Annex 16 to the Convention on International Civil Aviation from 1 January 2021.

European Union Aviation Safety Agency

• The regulation extends EASA’s scope to include safety-related aspects of security, such as cybersecurity, and environmental protection.
• It establishes a mechanism for the pooling and sharing of aviation inspectors and other technical assistance to support EU Member States in certification, oversight and enforcement tasks.
• The electronic information repository established by EASA to ensure effective cooperation between EASA and the relevant national authorities includes information on the reallocation by one Member State to another, or to EASA, of responsibilities related to certification, oversight and enforcement, along with measures concerning flights above conflict zones.
• EASA and the national competent authorities may allocate their tasks related to certification and oversight under this regulation to qualified entities that have been accredited. Implementing Regulation (EU) 2024/1403, which came into effect on 13 June 2024, lays down the conditions and procedures for the accreditation of these entities.

Information security risks with a potential impact on aviation safety

• Delegated Regulation (EU) 2022/1645, which applies from 16 October 2025, sets out the requirements to be met in order to identify and manage information security risks with a potential impact on aviation safety for organisations.
• These requirements cover a wide range of aviation domains and their interfaces, as aviation is a highly interconnected system of systems, and apply to all the organisations that are already required to have a management system under EU aviation safety legislation.
• Organisations covered include production and design organisations, air operators, maintenance organisations, airworthiness management organisations, training organisations, operators of flight simulation training devices, air traffic management / air navigation service providers, aerodrome operators and apron management service¹ providers.
• Implementing Regulation (EU) 2023/203 sets out the blueprint for the EU’s cyber-resilient aviation system, laying down the rules for identifying and managing security risks that could affect information and communication technology systems and data used for civil aviation purposes in aviation organisations covered by Commission Regulations (EU) Nos 1321/2014, 965/2012 and 1178/2011 and (EU) 2015/340 and Commission Implementing Regulations (EU) 2017/373 and 2021/664, and in competent authorities (including EASA) covered by Commission Regulations (EU) Nos 748/2012, 1321/2014, 965/2012, 1178/2011 and 139/2014 and (EU) 2015/340 and Commission Implementing Regulations (EU) 2017/373 and 2021/664, and amending Commission Regulations (EU) Nos 1178/2011, 748/2012, 965/2012, 139/2014 and 1321/2014 and (EU) 2015/340 and Commission Implementing Regulations (EU) 2017/373 and 2021/664. Implementing Regulation (EU) 2023/203, which applies from 22 February 2026, lays down requirements for detecting information security events, identifying those that are considered information security incidents and responding to, and recovering from, those information security incidents at a level commensurate with their impact on aviation safety.
• To manage safety risks deriving from information security threats, Implementing Regulation (EU) 2024/1109 (see above) amends Regulation (EU) 2023/203 to include within its scope the competent authorities responsible for the continuing airworthiness of certified drones and their components so that the requirements in relation to these risks are applied.