EUROPEAN COMMISSION
Brussels, 15.12.2017
COM(2017) 768 final
REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL
2016 ANNUAL REPORT ON THE IMPLEMENTATION OF REGULATION (EC) N° 300/2008 ON COMMON RULES IN THE FIELD OF CIVIL AVIATION SECURITY
REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL
2016 ANNUAL REPORT ON THE IMPLEMENTATION OF REGULATION (EC) N° 300/2008 ON COMMON RULES IN THE FIELD OF CIVIL AVIATION SECURITY
This report covers the period 1 January – 31 December 2016
2016 saw a surge in the terrorist threat levels in general and for civil aviation, marked by the terrorist attacks in Brussels and Istanbul airports. Immediately after the Brussels attack, the Commission convened Member States in an extraordinary session of the Aviation Security Regulatory Committee, which reached the conclusion that while there was a need for protecting the public areas of the airports, where the attacks took place, measures designed for the protection of the Security Restricted Areas (SRAs) of airports were not suitable for application at the entry points of terminal buildings. These areas should be kept public and measures should be taken based upon local risk assessments, involving all relevant authorities and stakeholders. As is always the case for EU aviation security policy, a proper balance between the security needs and the other important factors, such as travel convenience, privacy and protection of personal data and facilitation of operational factors should be maintained. The exchange of experiences and best practices would be a key element in successfully reinforcing security. The Commission expressed its intention to facilitate this exchange and to determine further steps, as appropriate. To this extent, the Commission organized a workshop in November on securing transport public areas and launched a study on the protection of landside areas at EU airports.
The UN Security Council adopted Resolution 2309 (2016) on terrorist threats to civil aviation, calling for closer collaboration to ensure safety of global air services and to prevent terrorist attacks. This resolution calls upon all States to work within ICAO to ensure that its international security standards are reviewed and adapted to effectively address the threat posed by terrorists targeting civil aviation, to strengthen and promote the effective application of ICAO standards and recommended practices in Annex 17, and to assist ICAO to continue to enhance audit, capacity development and training programmes in order to support their implementation. The Commission is contributing already to these objectives through its longstanding close cooperation with ICAO and in particular through its capacity building initiative CASE which aims at enhancing aviation security in Africa and Middle Eastern countries.
As in previous years, the Commission continued to clarify, harmonize and simplify aviation security legislation in line with the better regulation objectives of the EU.
The Commission continued to monitor the implementation of aviation security measures by Member States both through EU inspections in close cooperation with Member States throughout the year and by assessing Member States' annual quality control reports. Compliance levels remained stable and did not require in 2016 temporary exclusions of any EU airport from the EU's One Stop Security System to rectify serious deficiencies.
PART ONE
The Inspections
1.General
Regulation (EC) No 300/2008 of the European Parliament and of the Council of 11 March 2008 on common rules in the field of aviation security aims at preventing unlawful interference with civil aircraft in order to protect persons and goods.
The implementation of the aviation security acquis is based upon a two layer system of compliance monitoring, i.e. Commission inspections complemented by the assessment of Member States' annual reports and national monitoring activities (security audits, inspections and tests) carried out by each Member State.
Article 15 of Regulation (EC) No 300/2008 requires the Commission to conduct inspections, including inspections of airports, operators and entities applying aviation security standards, in order to monitor the application of the Regulation by the Member States and, as appropriate, to make recommendations to improve aviation security. Switzerland is also covered by the Union programme, while Norway and Iceland are inspected against parallel provisions by the EFTA Surveillance Authority (ESA).
To carry out its inspection work in 2016, the Commission had a team of eight full time aviation security inspectors. The inspection work is supported by a pool of some 100 national auditors nominated by Member States, Iceland, Norway and Switzerland who qualify for participation in Commission inspections through training provided by the Commission; inspectors from the EFTA Surveillance Authority and the European Civil Aviation Concerence are as of 2016 equally participating as fully fledged inspectors in this process; The significant number of national auditors participating in Commission inspections ensures a peer review and allows spreading methodologies and best practices across Member States. A chart summarising all Commission and ESA compliance monitoring activities carried out in 2016 is attached in Annex 1.
Commission inspections are based on Regulation (EU) No 72/2010, as amended, which lays down the procedures for conducting Commission inspections in the field of aviation security. It includes inter alia provisions for the qualification and powers of Commission inspectors and the conduct of follow-up inspections.
The methodology used for conducting these inspections has been developed in close cooperation with the aviation security authorities of Member States and is based on the examination of the effective implementation of security measures. In order to interpret the requirements and procedures to conduct inspections in a harmonised manner, the security unit of DG MOVE draws up and maintains handbooks for airport and cargo inspections. These handbooks also contain detailed prompts and guidance on all aviation security measures required by EU legislation. In addition, they also contain details on all organisational and practical aspects of Commission inspections. The handbooks are EU classified information and are only made available to Commission inspectors and the appropriate authority of each Member State.
The Commission carries out inspections of Member States' aviation security administrations (the 'appropriate authorities') and inspections of a limited number of airports, operators and entities applying aviation security standards. The inspections of appropriate authorities aim at verifying whether Member States have the necessary tools – including a national quality control programme, the necessary powers and the appropriate resources – to be able to adequately implement the European Union's aviation security legislation. The inspections of airports aim at verifying if the appropriate authority adequately monitors the effective implementation of aviation security measures and is capable of swiftly detecting and rectifying potential deficiencies. In both cases any deficiency identified by the Commission inspectors has to be rectified within an established timeframe; inspection reports are shared amongst all Member States.
All inspections took place as initially scheduled with one slight modification of the date of an appropriate authority inspection.
With the aim of providing Member States with the feedback from the inspections, promote transparency and harmonise compliance monitoring methodologies, the Commission organised in November an inspection working group with the heads of the civil aviation security quality control departments of Member States.
1.1 Commission multiannual compliance monitoring
To provide the Commission with adequate reassurances on the compliance level of Member States, a multi-annual monitoring approach is used. Thus, evidence of the application of Regulation (EC) No 300/2008 and its implementing legislation by every Member State is obtained in a cycle of two years, either by means of an inspection of its appropriate authority or an inspection of at least one of its airports. In addition, evidence of the application of the common basic standards on aviation security is obtained in a cycle of five years by a random selection of EU airports falling under Regulation (EU) No 300/2008 including the largest airport in terms of passenger volumes in every Member State.
As per the requirements of the framework Regulation, Member States have the primary responsibility for monitoring the compliance of the implementation of the common basic standards at airports, air carriers and entities responsible for security. The inspections carried out by the Commission at randomly selected airports constitute a strong indicator of the overall compliance level in each Member State.
The frequencies and scope of the Commission inspections are established in the DG MOVE strategy for monitoring the implementation of EU aviation security standards. It takes into consideration the aviation size of each Member State, a representative sample of the airport operations type, the standard of implementation of the aviation security regulations, results of previous Commission inspections, assessments of national annual quality control reports, security incidents (acts of unlawful interference), threat levels and other factors and assessments which affect the frequency of monitoring.
Since 2010 the compliance rate established during Commission inspections is around 80% (2010:80%, 2011:80%, 2012: 83%, 2013: 80%; 2014: 81%, 2015: 80%, 2016: 79%); however, the relatively stable figure does not mean that Member States have not increased their efforts; to the contrary, Member States' efforts in the field of aviation security have significantly increased, because over the years the requirements have increased too, in particular in such areas as cargo security, liquid and gel screening or the use of explosive trace detection.
2.Inspections of national appropriate authorities
The Commission started the fifth cycle of inspections of appropriate authorities in 2016. In total, eight appropriate authority inspections were carried out during the year. For most Member States, these inspections showed significant improvements from previous inspections.
The deficiencies most commonly found in 2016 related to shortcomings in the implementation of the National Quality Control Programmes. Some Member States did not sufficiently monitor the adequacy and implementation of the security programmes of airports, air carriers and regulated entities, did not monitor with the expected regularity foreign air carriers and did not fully apply some of the compliance monitoring methodologies required by the Regulation. This was the result of limited resources and an increased number of entities concerned. The majority of Member States inspected did, nevertheless, aligne National Aviation Security Programmes with the EU legislation, implemented mostly the requirements relating to security training, met the minimum frequency for inspecting security measures at airports and ensured that identified deficiencies were rectified within established timeframes.
3.Initial inspections at airports
Twentysix initial inspections of airports were conducted during 2016. All chapters were covered in accordance with the applicable areas of security in each airport. The overall percentage of core measures found to be in compliance in 2016 was 79%, roughly the same as in previous years.
After the seventh year of implementation of Regulation (EC) No 300/2008, the inspection results reflect the efforts made by appropriate authorities and entities. The majority of security requirements stemming from this demanding legislation were correctly implemented; the level of the compliance index for the most important areas of aviation security remained stable at around 80%. However, the effectiveness of the implementation of some measures still leaves room for improvements.
Most of the deficiencies found continued to stem from human factor issues. These mainly occured in the practical implementation of certain areas where the legal requirements are new or have significantly changed by the implementing acts of the Regulation. In particular, some provisions relating to access control, screening of staff and screening of cabin baggage will require continued efforts by the appropriate authorities, industry stakeholders and the European Commission. Aircraft security searches was another area were further efforts are necessary. These issues should be addressed through increased national quality control activities in the areas concerned.
2016 showed again high compliance levels in relation to screening of hold baggage, in-flight and airport supplies, training and security equipment after already relatively good results in 2014 and 2015 due to further increased awareness and practical experience with the revised implementing legislation which improved clarity and consistency of the measures.
4.Follow-up inspections
In accordance with Article 13 of Commission Regulation (EU) No 72/2010, as amended, the Commission routinely carries out a limited number of follow-up inspections. Such an inspection will be scheduled where several serious deficiencies have been identified during the initial inspection, but also on a random basis to verify the accuracy of national compliance monitoring activities and reporting. Four such activities were carried out during 2016 and confirmed rectification of most of the identified deficiencies.
5.Assessments of Member States' ANNUAL QUALITY CONTROL Reports
Commission Regulation (EU) No 18/2010 of 8 January 2010 amending Regulation (EC) No 300/2008 of the European Parliament and of the Council as far as specifications for national quality control programmes in the field of civil aviation security are concerned requires under point18 of Annex II Member States to annually submit a report to the Commission on the measures taken to fulfil their obligations under this Regulation and on the aviation security situation at the airports located in their territory. The content of the report shall be in accordance with Appendix III using a template provided by the Commission.
The assessment of these reports, in addition to the Commission's regular inspections, constitutes a tool for the Commission to closely follow the implementation of robust national quality control measures allowing for swift detection and correction of deficiencies in each Member State.
The assessement includes the analysis of regular monitoring of airports, air carriers and other entities with aviation security responsibilities, levels of monitoring man-days spent in the field, scope and frequencies of a suitable mixture of compliance monitoring activities, national compliance levels, follow-up activities and use of enforcement powers.
The results of the assessment of the annual reports from 2016 showed significant improvements as compared to 2015 in the areas of scope, compliance levels, follow-up activities and enforcement measures used to ensure that identified deficiencies are rectified and do not recur at most of the Member States. However, the reports revealed that some Member States have still difficulties in implementing regular monitoring of air carriers and entities, frequencies of inspections at airports with significant traffic volumes of passengers and testing of some of the areas required to be covered by the Regulation.
In the future, the Commission will send a formal individual comprehensive evaluation to each Member State highlighting shortcomings or weaknesses and requesting adequate rectification measures to be submitted by the Member State. The implementation of these action plans will be closely followed by the Commission; if Member States confirm the existence of the highlighted shortcomings or weaknesses and do not propose adequate rectification measures, formal action will be taken. The assessment results will also be taken into account when planning inspections in a given Member State and these might lead to an increase in the inspection frequency.
6.Assessments of third country airports
In the course of the year, an assessment of one US airport was conducted in the framework of the Working Arrangement with the Transportation Security Administration of the USA established under the EU-US Air Transport Agreement. Such assessments take regularly place in the context of One Stop Security and this assessment confirmed that the implementation of US security measures continues to be of an equivalent standard to the implementation of the ones under EU aviation security legislation.
An assessement of the implementation of cargo security controls was also carried out at Jakarta airport on the basis of a bilateral agreement.
7.Open files, Article 15 cases and legal proceedings
Inspection files remain open until the Commission is satisfied that appropriate rectification action has been implemented. The duration of a file therefore depends upon the good cooperation of the concerned Member State. Twenty-eight inspection files (sixteen files concerning airport inspections and twelve concerning inspections of appropriate authorities) could be closed. In all, inspection files related to eight appropriate authorities and twenty-one airports remained open at the end of the year.
If identified deficiencies in the implementation of security measures at an airport are considered to be serious enough as to have a significant impact on the overall level of civil aviation security in the Union, the Commission will activate Article 15 of Commission Regulation (EU) No 72/2010. This means that all other appropriate authorities are alerted to the situation and compensatory measures would have to be considered in respect of flights from the airport in question. No Article 15 case had to be initiated in 2016.
Regardless of whether or not Article 15 is applied, another available measure, particularly in cases of prolonged non-rectification or reoccurrence of deficiencies, is for the Commission to open infringement proceedings. In 2016, one infringement proceeding, initiated in 2014 following the inspection of a national administration, and referred to the European Court of Justice, could be closed. The concerned Member State had failed to ensure regular compliance monitoring in respect of certain security measures at a number of airports in its territory. Following submission by the Member State of satisfactory evidence that it no longer infringed EU law, the Commission could withdraw the case pending at the European Court of Justice.
PART TWO
The Legislation and supplementary tools
1.Legislation
Civil aviation remains to be an attractive target for terrorist groups and countering this threat requires ensuring the implementation of proportionate, risk based protection measures. The Commission and Member States are therefore constantly adjusting the mitigation measures in order to achieve the highest level of security while minimising adverse effects on operations.
In November 2016 the Commission adopted Regulation (EU) 2016/2096 of 30 November 2016 amending Regulation (EU) No 1254/2009 as regards certain criteria to allow Member States to derogate from the common basic standards on civil aviation security and to adopt alternative security measures. With this Regulation the Commission clarified the requirements for risk assessments and further specified the types of operations of certain categories of air traffic listed in this Regulation to improve legal clarity.
In order to address at least partially chronic understaffing regarding aviation security inspectors and to foster mutual exchange, the Commission adopted Commission Implementing Regulation (EU) 2016/472 of 31 March 2016 amending Regulation (EU) No 72/2010 as regards the definition of the term ‘Commission inspector’ (Text with EEA relevance). This Regulation now includes into the group of "Commission inspectors" inspectors from the EFTA States, the EFTA Surveillance Authority and the European Civil Aviation conference (ECAC).
2.Union database on supply chain security (UDSCS)
The database of regulated agents and known consignors has been the only legal primary tool to be used by regulated agents for consultation when accepting consignments from another regulated agent or from a known consignor since 1 June 2010. Since 1 February 2012, it has been extended to include the list of air carriers authorised to carry cargo and mail into the EU from third country airports (ACC3). In 2013, this database was legally extended to also contain the list of EU aviation security validators approved by the Member States. It was also renamed "Union database on supply chain security" to better reflect the extended scope of its use. At the end of 2016, the database contained approximately 14,000 records of regulated agents, known consignors, independent validators and ACC3 entities. Its target availability rate of 99.5% was continuously met in 2016 as well.
PART THREE
Trials, Studies and New Initiatives
1.Trials
A 'trial' in the sense of the EU aviation security legislation is conducted when a Member State agrees with the Commission that it will use a particular means or method not recognised under the terms of the legislation to replace one of the recognised security controls, for a limited period of time on condition that such trial does not impact negatively on the overall levels of security. The term does not, in the legal sense, apply when a Member State or entity is conducting an evaluation of a new security control deployed in addition to one or more of those already covered by the legislation.
In the course of 2016, trials and evaluations were conducted in the Netherlands and in France. These concerned the use of new generation screening equipment for cabin baggage that do not require the removal of laptops before screening and the use of shoe analysing equipment detecting both metal and explosive materials in combination with walk-through metal detection equipment and security scanners. Both trials delivered positive results during 2016 and the evaluation periods are foreseen to come to an end in 2017.
2.Studies and Reports
In October 2016, the Commission received a study regarding the optimisation of the screening of liquids at airports to enable the future lifting of restrictions. The 2006 transatlantic terrorist plot to use liquid explosives to blow up aircraft has resulted in a decade of enhanced security measures in airports around the world, as well as inconvenience for passengers trying to travel with everyday liquids, aerosols and gels (LAGs). The study analyzed passengers' LAGs carriage levels, and the impact of technology and future development upon screening capabilities of airports and thus the perspective of
lifting gradually or totally the restrictions in future.
3.New Initiatives
Further progress was made regarding the roadmap for the development of technologies in aviation security. The roadmap sets various activities covering all aspects of security technology and methods and serves as reference for all European stakeholders involved in aviation security research.
In relation to cargo, the Commission continued to work closely with Member States in order to negotiate the implementation of a regime for pre-loading advance cargo information (PLACI) analysis. In this context, cooperation with customs community continued in the context of the on-going international exercise undertaken within the joint ICAO/WCO Working Group on Advance Cargo Information where the Commission plays an active role participating with DG MOVE and DG TAXUD. Together with States and stakeholders, this exercise aims at reaching common agreed principles and possible standards and recommended practices to be adopted and implemented should a State or a Region decide to apply such concept in one or all business models in the field of air cargo and mail.
EU Aviation Security Validators play a key role in the establishment and upkeep of a robust secure supply chain in the field of in-bound air cargo and mail. In the context of its policy of close cooperation with stakeholders the Commission hosted on 17 and 18 October 2016 a workshop for EU Aviation Security Validators updating the participants on the evolution of air cargo security policy and fostering the exchange of best practices in view of standardizing methodologies and improving the efficiency and effectiveness of the validation process.
With the 2016 attacks the protection of transport public areas such as public areas of airports came into the focus of transport security; on 7 and 8 November 2016 the Commission therefore held a workshop to address this issue, taking into account the Member States' conclusions after the Brussels airport attack underlining that such public areas should be kept public and that measures should be taken based upon local risk assessments, balancing security needs, operations and passenger convenience. As the security of these areas often falls under the competence of various authorities and stakeholders, the objective was to foster exchange of information between delegates from Ministries of Transport and Interior, police forces and other stakeholders such as airport, operator and passenger associations. It became clear that there is no uniform solution to this issue to be applied to all airports in the same way; participants stressed the importance of local risk assessments and to address in each case the vulnerabilities identified by a specific mix of technological, procedural and methodological solutions. Towards the end of the year the Commission launched a study with the objective to collect best practices amongst European airports and as far as possible to evaluate them under cost-benefit aspects.
PART FOUR
Dialogue with International Bodies and Third Countries
1.
General
The Commission engages with international bodies and key trading partners and participation in associated international meetings, such as the annual meeting of the ICAO Aviation Security Panel, ensures that co-ordination of EU positions can be undertaken. Bilateral dialogue is held with certain third countries, such as the United States, Canada, Australia, etc. which enable the Commission to build up a good understanding and high level of trust with countries taking a like-minded approach to aviation security.
2.
International bodies
The Commission participated in the annual meeting of the ICAO Aviation Security Panel which took place in Montreal on 14 to 18 March 2016 and presented two information papers on the Developments in Aviation Security in the European Union and on the European Project for Civil Aviation Security in Africa and the Arabian Peninsula (CASE Project). The first paper presented the developments in enhancing civil aviation security in the European Union and recent initiatives to establish One Stop Security arrangements. Currently One Stop Security arrangements exist with the USA, Canada and Montenegro. The second paper provided a description of the CASE Project, which was officially launched on 1 November 2015. This four year Project (2015-2019) consists of capacity building activities to be organised for the benefit of partner countries in Africa and the Arabian Peninsula. The Project is funded by the European Union (EU) and implemented by the European Civil Aviation Conference (ECAC).
The Commission participated in the tri-annual meeting of the ICAO Assembly which took place in Montreal on 27 September to 7 October 2016 and presented three working papers. One paper was on the Priorities for Aviation Security, which presented proposals, based on the lessons learnt from the implementation of Assembly Resolution A38-15 and the ICAO work programme for 2014-16. Another paper was on Cyber Resilience in Civil Aviation, which was co-sponsored by the United States. The paper argued that civil aviation system consists of a patchwork of interconnected components, systems and networks. The potential for cyber incidents that could jeopardise communications and information exchanges between various aviation stakeholders, impact safety and security and damage aviation business continuity has increased over the years. While the importance of defining an appropriate cyber security approach in civil aviation has been recognised by ICAO, additional efforts are still required to increase global awareness and to further develop globally coherent cyber resilience approaches for the aviation system. The last paper was on Addressing Challenges in the field of capacity building. The paper argued that capacity-building activities whether organized by ICAO, individual States, regional organisations or industry play a crucial role in supporting Member States’ efforts to reach effective and sustainable compliance with ICAO Standards and Recommended Practices. Effective management of capacity building activities is therefore key in ensuring tangible results.
3.
Third countries
As in the past years, the Commission actively engaged on aviation security issues with the United States in a number of fora, in particular the EU-US Transportation Security Cooperation Group (TSCG). The TSCG aims at fostering co-operation in a number of areas of mutual interest and ensure the continued functioning of One Stop Security arrangements and of the mutual recognition of the respective air cargo and mail regimes of the EU and the U.S. Both initiatives save air transport operators time, cost, and operational complexity.
The Commission Implementing Regulation (EU) 2015/2426 of 18 December 2015 entered into force on 29 February 2016, thus effectively extending One Stop Security to Canada and Montenegro since this date. This Implementing Regulation recognises both countries as applying security standards equivalent to the common basic standards on civil aviation security.