Accept Refuse

EUR-Lex Access to European Union law

This document is an excerpt from the EUR-Lex website

Document 32017R0815

Commission Implementing Regulation (EU) 2017/815 of 12 May 2017 amending Implementing Regulation (EU) 2015/1998 as regards clarification, harmonisation and simplification of certain specific aviation security measures (Text with EEA relevance. )

C/2017/3020

OJ L 122, 13.5.2017, p. 1–68 (BG, ES, CS, DA, DE, ET, EL, EN, FR, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

In force

ELI: http://data.europa.eu/eli/reg_impl/2017/815/oj

13.5.2017   

EN

Official Journal of the European Union

L 122/1


COMMISSION IMPLEMENTING REGULATION (EU) 2017/815

of 12 May 2017

amending Implementing Regulation (EU) 2015/1998 as regards clarification, harmonisation and simplification of certain specific aviation security measures

(Text with EEA relevance)

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EC) No 300/2008 of the European Parliament and of the Council of 11 March 2008 on common rules in the field of civil aviation security and repealing Regulation (EC) No 2320/2002 (1), and in particular Article 4(3) thereof,

Whereas:

(1)

Experience with the implementation of Commission Implementing Regulation (EU) 2015/1998 (2) has shown the need for minor amendments to the implementing modalities of certain common basic standards. The changes proposed in the attached texts do not create any substantial new requirements but facilitate the practical implementation of the EU aviation security measures and are based on input received from Member States and aviation security stakeholders.

(2)

Certain specific aviation security measures should be clarified, harmonised or simplified in order to improve legal clarity, standardise the common interpretation of the legislation and further ensure the best implementation of the common basic standards on aviation security.

(3)

The amendments concern the implementation of a limited number of measures in relation to airport security, aircraft security, screening of liquids aerosols and gels, hold baggage, cargo and mail, in-flight supplies, staff recruitment and training, and security equipment.

(4)

Following the entry into force of this Regulation regulated agents should be prohibited from designating further account consignors as recommended by State letter 16/85 of the International Civil Aviation Organization (ICAO). Before losing their status by 30 June 2021 at the latest, account consignors designated before the entry into force of this Regulation should have the option of becoming regulated agents or known consignors.

(5)

Implementing Regulation (EU) 2015/1998 should therefore be amended accordingly.

(6)

The measures provided for in this Regulation are in accordance with the opinion of the Committee on Civil Aviation Security,

HAS ADOPTED THIS REGULATION:

Article 1

The Annex to Implementing Regulation (EU) 2015/1998 is amended in accordance with the Annex to this Regulation.

Article 2

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

It shall apply from 1 June 2017.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels, 12 May 2017.

For the Commission

The President

Jean-Claude JUNCKER


(1)  OJ L 97, 9.4.2008, p. 72.

(2)  Commission Implementing Regulation (EU) 2015/1998 of 5 November 2015 laying down detailed measures for the implementation of the common basic standards on aviation security (OJ L 299, 14.11.2015, p. 1).


ANNEX

The Annex to Implementing Regulation (EU) 2015/1998 is amended as follows:

(1)

point 1.0.3 is replaced by the following:

1.0.3   Without prejudice to the criteria for derogations as set out in Part K of the Annex to Commission Regulation (EC) No 272/2009 (*1), the appropriate authority may allow special security procedures or exemptions for the protection and security of airside areas at airports on days on which there is not more than one aircraft to be loaded, unloaded, boarded or disembarked at any one time either within the critical part of the security restricted area or at an airport that falls outside of the scope of point 1.1.3.

(*1)  Commission Regulation (EC) No 272/2009 of 2 April 2009 supplementing the common basic standards on civil aviation security laid down in the Annex to Regulation (EC) No 300/2008 of the European Parliament and of the Council (OJ L 91, 3.4.2009, p. 7).’;"

(2)

point 1.1.3.1 is replaced by the following:

1.1.3.1   Critical parts shall be established at airports where more than 60 persons hold airport identification cards giving access to security restricted areas.’;

(3)

in point 1.2.6.2, the second paragraph is deleted;

(4)

point 1.2.6.3 is replaced by the following:

1.2.6.3   An electronic vehicle pass shall, either:

(a)

be fixed to the vehicle in a manner which ensures that it is non-transferable; or

(b)

be linked to the registered vehicle user through a secure vehicle registration database.

Electronic vehicle passes need not display the areas for which the vehicle is authorised to have access nor the expiry date, provided that this information is electronically readable and checked before granting access to security restricted areas. Electronic vehicle passes shall also be electronically readable in security restricted areas.’;

(5)

point 1.3.1.8 is replaced by the following:

1.3.1.8   Animals used for operational needs and handled by a person carrying a valid airport identification card shall be subjected to a visual check before access to security restricted areas is granted.’;

(6)

the following point 1.3.1.9 is added:

1.3.1.9   The screening of persons other than passengers and items carried shall also be subject to the additional provisions laid down in Commission Implementing Decision C(2015) 8005.’;

(7)

point 1.6.4 is replaced by the following:

1.6.4   Reconciliation shall be performed before the person is allowed to carry the article(s) concerned into security restricted areas and upon being challenged by persons performing surveillance or patrols under point (c) of point 1.5.1.’;

(8)

point 3.0.6 is replaced by the following:

3.0.6   The list of prohibited articles for aircraft security searches of the interior of aircraft is the same as the one set out in Attachment 1-A. Assembled explosive and incendiary devices shall be considered as prohibited articles for aircraft security searches of the exterior of aircraft.’;

(9)

the following points 3.0.7 and 3.0.8 are added:

3.0.7   For the purpose of this Chapter, ‘aircraft service panels and hatches’ means aircraft external access points and compartments that have external handles or external clip-down panels and are routinely used for providing aircraft ground handling services.

3.0.8   References to third countries in this Chapter and in Commission Implementing Decision C(2015) 8005 include other countries and territories to which, in accordance with Article 355 of the Treaty on the Functioning of the European Union, Title VI of Part Three of that Treaty does not apply.’;

(10)

point 4.1.3.1 is replaced by the following:

4.1.3.1   LAGs carried by passengers may be exempted from screening with LEDS equipment upon entry to the SRA in the following cases:

(a)

if the LAGs are in individual containers with a capacity not greater than 100 millilitres or equivalent in one transparent resealable plastic bag of a capacity not exceeding 1 litre, whereby the contents of the plastic bag fit comfortably and the bag is completely closed;

(b)

if the LAG is sealed in a dedicated STEB upon purchase locally at the airport airside.’;

(11)

point 4.1.3.2 is replaced by the following:

4.1.3.2   The dedicated STEBs referred to under point (b) of point 4.1.3.1 shall:

(a)

be clearly identifiable as a STEB of that airport; and

(b)

display inside proof of purchase at that airport within the preceding period of three hours; and

(c)

be subject to the additional provisions laid down in Commission Implementing Decision C(2015) 8005.’;

(12)

point 4.1.3.3 is replaced by the following:

4.1.3.3   The appropriate authority may create categories of LAGs that, for objective reasons, shall be subjected to special screening procedures or may be exempted from screening. The Commission shall be informed of the categories created.’;

(13)

the following point 4.1.3.4 is added:

4.1.3.4   The screening of LAGs shall also be subject to the additional provisions laid down in Commission Implementing Decision C(2015) 8005.’;

(14)

point 5.4.3 is replaced by the following:

5.4.3   The air carrier shall ensure that passengers are informed of the prohibited articles listed in Attachment 5-B at any time before the check-in is completed.’;

(15)

in point 6.2.1.5, the second paragraph is deleted;

(16)

point 6.3.2.2 is replaced by the following:

6.3.2.2   The regulated agent or air carrier shall ask the person delivering any consignments to present an identity card, passport, driving licence or other document, which includes his or her photograph and which has been issued or is recognised by the national authority. The card or document shall be used to establish the identity of the person delivering the consignments.’;

(17)

point 6.3.2.4 is replaced by the following:

6.3.2.4   After the security controls referred to in points from 6.3.2.1 to 6.3.2.3 of this Annex and point 6.3 of the Annex to Commission Implementing Decision C(2015) 8005 have been applied, the regulated agent shall ensure the protection of cargo and mail in accordance with point 6.6.’;

(18)

point 6.3.2.6 (e) is replaced by the following:

‘(e)

the reason why the security status was issued, stating:

(i)

‘KC’, meaning received from known consignor; or

(ii)

‘AC’, meaning received from account consignor; or

(iii)

‘RA’, meaning selected by a regulated agent; or

(iv)

the means or method of screening used, as follows:

hand search (PHS);

X-ray equipment (XRY);

EDS equipment (EDS);

explosive detection dogs (EDD)

ETD equipment (ETD);

visual check (VCK);

metal detection equipment (CMD);

any other method (AOM) in accordance with point 6.2.1.6 where the method used shall be specified; or

(v)

the grounds for exempting the consignment from screening;’;

(19)

in point 6.4.1.2, points (a) and (b) are replaced by the following:

‘(a)

the applicant shall seek approval from the appropriate authority of the Member State in which its site is located.

The applicant shall submit a security programme to the appropriate authority concerned. The programme shall describe the methods and procedures which are to be followed by the consignor in order to comply with the requirements of Regulation (EC) No 300/2008 and its implementing acts. The programme shall also describe how compliance with these methods and procedures is to be monitored by the consignor itself.

The applicant shall be provided with the ‘Guidance for known consignors’ as contained in Attachment 6-B and the ‘Validation checklist for known consignors’ as contained in Attachment 6-C;

(b)

the appropriate authority, or EU aviation security validator acting on its behalf, shall examine the security programme and then make an on-site verification of the sites specified in order to assess whether the applicant complies with the requirements of Regulation (EC) No 300/2008 and its implementing acts.

In order to assess whether the applicant complies with these requirements, the appropriate authority, or EU aviation security validator acting on its behalf, shall make use of the ‘Validation checklist for known consignors’ as contained in Attachment 6-C. This checklist includes a declaration of commitments which shall be signed by the applicant's legal representative or by the person responsible for security at the site.

Once the validation checklist is completed, the information contained in the checklist shall be handled as classified information.

The signed declaration shall be retained by the appropriate authority concerned or retained by the EU aviation security validator and made available to the appropriate authority concerned;’;

(20)

in point 6.4.1.6, the second paragraph is deleted;

(21)

points from 6.5.1 to 6.5.4 are replaced by the following:

6.5.1   The regulated agent shall maintain a database comprising the following information of any account consigner it has designated before 1 June 2017:

the company details, including the bona fide business address; and

the nature of the business; and

contact details, including those of the person(s) responsible for security; and

VAT reference number or company registration number; and

signed ‘Declaration of commitments — account consignor’ as contained in Attachment 6-D.

Where the account consignor is a holder of an AEO certificate referred to in point (b) or (c) of point (1) of Article 14a of Commission Regulation (EEC) No 2454/93, the AEO certificate number shall be maintained in the database referred to in the first paragraph.

The database shall be available for inspection by the appropriate authority.

6.5.2   If there is no activity relating to movements of cargo or mail by air on the account of the account consignor within a period of 2 years, the status of account consignor shall expire.

6.5.3   If the appropriate authority or the regulated agent is no longer satisfied that the account consignor complies with the instructions as contained in Attachment 6-D, the regulated agent shall immediately withdraw the status of account consignor. The status of any account consignor designated by a regulated agent will end on 30 June 2021.

6.5.4   When, for whatever reason, the security controls specified in the ‘Aviation security instructions for account consignors’ have not been applied to a consignment, or where the consignment has not been originated by the account consignor for its own account, the account consignor shall clearly identify this to the regulated agent so that point 6.3.2.3 can be applied.’;

(22)

points 6.5.5 and 6.5.6 are deleted;

(23)

in point 6.6.2, the title is replaced by the following:

‘Protection for cargo and mail during handling, storage, and loading onto an aircraft’;

(24)

point 6.6.2.2 is replaced by the following:

6.6.2.2   Consignments of cargo and mail in a part other than a critical part of a security restricted area shall be protected from unauthorised interference until they are handed over to another regulated agent or air carrier. Consignments shall be located in the access-controlled parts of a regulated agent's premises or, whenever located outside of such parts, shall be considered as protected from unauthorised interference if:

(a)

they are physically protected so as to prevent the introduction of a prohibited article; or

(b)

they are not left unattended and access is limited to persons involved in the protection and loading of cargo and mail onto an aircraft.’;

(25)

points 6.8.2.3 and 6.8.2.4 are replaced by the following:

6.8.2.3   The appropriate authority may accept the EU aviation security validation report of a third country entity, or of another ACC3, for ACC3 designation in cases where that entity or ACC3 carries out the entire cargo operation, including loading into the hold of the aircraft, on behalf of the applicant ACC3 and the EU aviation security validation report covers all these activities.

6.8.2.4   The EU aviation security validation shall be recorded in a validation report consisting at least of the declaration of commitments as set out in Attachment 6-H1, the checklist set out in Attachment 6-C3 and a declaration by the EU aviation security validator as set out in Attachment 11-A. The EU aviation security validator shall submit the validation report to the appropriate authority and provide the validated air carrier with a copy.’;

(26)

point 6.8.2.5 is deleted;

(27)

point 6.8.3.1 is replaced by the following:

6.8.3.1   The ACC3 shall ensure that all cargo and mail carried for transfer, transit or unloading at a Union airport is screened, unless:

(a)

the required security controls have been applied to the consignment by an EU aviation security validated regulated agent (RA3) and the consignment has been protected from unauthorised interference from the time that those security controls were applied and until loading; or

(b)

the required security controls have been applied to the consignment by an EU aviation security validated known consignor (KC3) and the consignment has been protected from unauthorised interference from the time that those security controls were applied and until loading; or

(c)

the required security controls have been applied to the consignment by an account consignor (AC3) under the responsibility of the ACC3 or of an EU aviation security validated regulated agent (RA3), the consignment has been protected from unauthorised interference from the time that those security controls were applied and until loading, and it is not carried on a passenger aircraft; or

(d)

the consignment is exempted from screening in accordance with point (d) of point 6.1.1 and protected from unauthorised interference from the time that it became identifiable air cargo or identifiable air mail and until loading.

Point (c) shall apply until 30 June 2021.’;

(28)

points 6.8.3.4 and 6.8.3.5 are replaced by the following:

6.8.3.4   When tendering consignments to which it has applied the required security controls to another ACC3 or RA3, the ACC3, RA3, or KC3 shall indicate in the accompanying documentation the unique alphanumeric identifier received from the designating appropriate authority.

6.8.3.5   When accepting any consignments, an ACC3 or RA3 shall establish whether the air carrier or the entity from which it receives the consignments is another ACC3, RA3, or KC3 by the following means of:

(a)

verifying whether or not the unique alphanumeric identifier of the entity delivering the consignments is indicated on the accompanying documentation; and

(b)

confirming that the air carrier or entity delivering the consignment is listed as active in the Union database on supply chain security for the specified airport or site, as appropriate.

If there is no indication on the accompanying documentation of the identifier, or if the air carrier or entity delivering the consignments is not listed as active in the Union database on supply chain security, it shall be deemed that no security controls have previously been applied, and the consignments shall be screened by the ACC3 or by another EU aviation security validated RA3 before being loaded onto the aircraft.’;

(29)

the following points 6.8.3.6 and 6.8.3.7 are added:

6.8.3.6   After the security controls referred to in points 6.8.3.1 to 6.8.3.5 have been applied, the ACC3 or the EU aviation security validated regulated agent (RA3) operating on its behalf shall ensure that the accompanying documentation, either in the form of an air waybill, equivalent postal documentation or in a separate declaration and either in an electronic format or in writing, indicate at least:

(a)

the unique alphanumeric identifier of the ACC3; and

(b)

the security status of the consignment as referred to in point (d) of point 6.3.2.6 and issued by an EU aviation security validated regulated agent (RA3); and

(c)

the unique identifier of the consignment, such as the number of the house or master air waybill, when applicable; and

(d)

the content of the consignment; and

(e)

the reasons for issuing the security status, including the means or method of screening used or the grounds for exempting the consignment from screening, using the standards adopted in the Consignment Security Declaration scheme.

6.8.3.7   In the absence of a third country regulated agent referred to in point (b) of point 6.8.3.6, the security status declaration may be issued by the ACC3 or by the air carrier arriving from a third country listed in Attachments 6-Fi or 6-Fii.’;

(30)

points 6.8.4 and 6.8.5 are replaced by the following:

‘6.8.4.   Designation of regulated agents and known consignors

6.8.4.1.   Third country entities being, or intending to be, part of the supply chain of an air carrier holding the status of ACC3, may be designated as either ‘third country regulated agent’ (RA3) or ‘third country known consignor’ (KC3).

6.8.4.2.   To obtain designation, the entity shall address the request to:

(a)

the appropriate authority of the Member State responsible for the ACC3 designation of an air carrier at the third country airport where the applicant handles EU bound cargo; or

(b)

where there is no ACC3 designated air carrier in that country, the appropriate authority of the Member State responsible for the approval of the EU aviation security validator performing, or having performed, the validation.

The appropriate authority receiving the request shall start the designation process, or agree with the appropriate authority of another Member State on its delegation, taking into account political or aviation cooperation, or both.

6.8.4.3.   Before designation, the eligibility to obtain RA3 or KC3 status in accordance with point 6.8.4.1 shall be confirmed.

6.8.4.4.   The designation of an entity as RA3 or KC3 in respect of its cargo and mail operations (‘relevant cargo operations’) shall be based on the following:

(a)

the nomination of a person with overall responsibility on the entity's behalf for the implementation of cargo or mail security provisions in respect of the relevant cargo operation; and

(b)

an EU aviation security validation report confirming the implementation of security measures.

6.8.4.5.   The appropriate authority shall allocate to the designated RA3 or KC3 a unique alphanumeric identifier in the standard format identifying the entity and the third country for which it has been designated to implement security provisions in respect of cargo or mail bound for the Union.

6.8.4.6.   The designation shall be valid from the date the appropriate authority has entered the entity's details into the Union database on supply chain security, for a maximum period of three years.

6.8.4.7.   An entity listed as RA3 or KC3 on the Union database on supply chain security shall be recognised in all Member States for operations conducted in respect of cargo or mail transported from the third country airport into the Union by an ACC3.

6.8.4.8.   Designations of RA3 and KC3 issued before 1 June 2017 shall expire five years after their designation or on 31 March 2020, whichever date comes earlier.

6.8.4.9.   Upon request by the appropriate authority of their approval, EU aviation security validators shall make available the details contained in Part 1 of the checklist set out in Attachment 6-C2 or Attachment 6-C4, as appropriate, for each entity they have designated, in order to establish a consolidated list of entities designated by EU aviation security validators.

6.8.5.   Validation of regulated agents and known consignors

6.8.5.1.   In order to be designated as EU aviation security validated regulated agent or known consignor, third country entities shall be validated according to one of the following two options:

(a)

the ACC3's security programme shall set out details of security controls implemented on its behalf by third country entities from which it accepts cargo or mail directly for carriage into the Union. The EU aviation security validation of the ACC3 shall validate the security controls applied by those entities; or

(b)

the third country entities shall submit the relevant cargo handling activities to an EU aviation security validation at intervals not exceeding three years. The EU aviation security validation shall consist of the following:

(i)

an examination of the entity's security programme ensuring its relevance and completeness in respect of the operations performed; and

(ii)

on-site verification of the implementation of aviation security measures in respect of the relevant cargo operations.

The validation report shall consist of, for third country regulated agents, the declaration of commitments as set out in Attachment 6-H2 and the checklist set out in Attachment 6-C2, and for third country known consignors, the declaration of commitments as set out in Attachment 6-H3 and the checklist set out in Attachment 6-C4. The validation report shall also include a declaration by the EU aviation security validator, as set out in Attachment 11-A.

6.8.5.2.   Once the EU aviation security validation according to point (b) of point 6.8.5.1 has been completed, the EU aviation security validator shall submit the validation report to the appropriate authority and provide the validated entity with a copy.

6.8.5.3.   A compliance monitoring activity conducted by the appropriate authority of a Member State or by the Commission may be considered as an EU aviation security validation, provided that it covers all areas specified in the checklist set out in Attachment 6-C2 or 6-C4, as appropriate.

6.8.5.4.   The ACC3 shall maintain a database giving at least the following information for each regulated agent or known consignor that has been subject to EU aviation security validation in accordance with point 6.8.5.1, from which it directly accepts cargo or mail for carriage into the Union:

(a)

the company details, including the bona fide business address; and

(b)

the nature of the business, excluding business sensitive information; and

(c)

contact details, including those of the person(s) responsible for security; and

(d)

the company registration number, if applicable; and

(e)

where available, the validation report; and

(f)

the unique alphanumeric identifier attributed in the Union database on supply chain security.

Where applicable, the database shall contain the above information for each account consignor under its responsibility in accordance with point (c) of point 6.8.3.1, from which the ACC3 directly accepts cargo or mail for carriage into the Union.

The database shall be available for inspection of the ACC3.

Other EU aviation security validated entities may maintain such a database.

6.8.5.5.   An air cargo or mail entity operating a network of different sites in third countries may obtain a single designation as EU aviation security validated regulated agent covering all sites of the network, provided that:

(a)

the relevant aviation security operations of the network, including transport services between sites, are covered by a single security programme or by standardised security programmes; and

(b)

the implementation of the security programme(s) is subject to a single internal security quality assurance programme that is equivalent to EU aviation security validation; and

(c)

before designation of the network as EU aviation security regulated agent, the following sites of the entity have been subject to an EU aviation security validation:

(i)

the site(s) from which cargo or mail is directly delivered to an ACC3, and

(ii)

at least two or 20 % of the sites of the network, whichever is the higher, from which cargo or mail is fed to site(s) referred to in point (i), and

(iii)

all sites located in third countries listed in Attachment 6-I to Commission Implementing Decision C(2015) 8005.

In order to maintain EU aviation security validated regulated agent designation for all sites of the network not validated until 30 June 2018 at the latest, during every year after the year of designation, at least a further two or 20 %, whichever is the higher, of the sites from which cargo or mail is fed to the site(s) mentioned in point (i) shall be subjected to an EU aviation security validation, until all sites are validated.

An EU aviation security validator shall establish the roadmap listing the order of the locations to be validated each year selected on a random basis. The roadmap shall be established independently from the entity operating the network and may not be changed by that entity. This roadmap shall constitute an integral part of the validation report on the basis of which the network is designated as a third country EU validated regulated agent.

Once it has been subjected to an EU aviation security validation, a site of the network shall be considered as a third country regulated agent in accordance with point 6.8.4.2.

6.8.5.6.   If the EU aviation security validation of a site of the network referred to in point (ii) of point (c) of point 6.8.5.5 concludes that the site has failed to comply with the objectives referred to in the checklist in Attachment 6-C2, cargo and mail from that site shall be screened at a site designated as third country regulated agent in accordance with point 6.8.4.2 until an EU aviation security validation confirms compliance with the objectives of the checklist.

6.8.5.7.   Points 6.8.5.5 and 6.8.5.6 shall expire on 30 June 2018.’;

(31)

the following point 6.8.6 is added:

‘6.8.6   Non-compliance and discontinuation of ACC3, RA3 and KC3 designation

6.8.6.1.   Non-Compliance

1.

If the Commission or an appropriate authority identifies a serious deficiency relating to the operations of an ACC3, an RA3 or a KC3, which is deemed to have a significant impact on the overall level of aviation security in the Union, it shall:

(a)

inform the air carrier or entity concerned promptly, request comments and appropriate measures rectifying the serious deficiency; and

(b)

promptly inform the other Member States and the Commission.

2.

Where the ACC3, the RA3 or the KC3 has not rectified the serious deficiency within a specific time-frame, or in case the ACC3, the RA3 or the KC3 does not react to the request set out in point (a) of point 6.8.6.1, the authority, or the Commission shall:

(a)

deactivate the status as ACC3, RA3 or KC3 of the operator or entity in the Union database on supply chain security; or

(b)

request the appropriate authority responsible for the designation to deactivate the status as ACC3, RA3 or KC3 of the operator or entity in the Union database on supply chain security.

In the situation referred to in the first paragraph, the authority, or the Commission, shall promptly inform the other Member States and the Commission.

3.

An air carrier or entity whose status, respectively as an ACC3, RA3 or KC3, has been deactivated in accordance with point 6.8.6.1.2 shall not be reinstated or included in the Union database on supply chain security until an EU aviation security re-designation in accordance with 6.8.1 or 6.8.4 has taken place.

4.

If an air carrier or an entity is no longer a holder of the ACC3, RA3 or KC3 status, the appropriate authorities shall undertake appropriate action to satisfy themselves that other ACC3s, RA3s and KC3s under their responsibility, operating in the supply chain of the air carrier or entity that has lost the status, still comply with the requirements of Regulation (EC) No 300/2008.

6.8.6.2.   Discontinuation

1.

The appropriate authority that designated the ACC3, the RA3 or the KC3, is responsible for removing the details thereof from the ‘Union database on supply chain security’:

(a)

at the request of or in agreement with the air carrier or the entity; or

(b)

where the ACC3, the RA3 or the KC3 does not pursue relevant cargo operations and does not react to a request for comments or otherwise obstructs the assessment of risk to aviation.

2.

If an air carrier or an entity is no longer a holder of the ACC3, RA3 or KC3 status, the appropriate authorities shall undertake appropriate action to satisfy themselves that other ACC3s, RA3s and KC3s under their responsibility, operating in the supply chain of the air carrier or entity that has been discontinued, still comply with the requirements of Regulation (EC) No 300/2008.’;

(32)

Attachments 6-C2, 6-C3 and 6-C4 are replaced by the following:

ATTACHMENT 6-C2

VALIDATION CHECKLIST FOR THIRD COUNTRY EU AVIATION SECURITY VALIDATED REGULATED AGENTS

Third country entities have the option to become part of an ACC3's (Air cargo or mail carrier operating into the Union from a third country airport) secure supply chain by seeking designation as a third country EU aviation security validated regulated agent (RA3). An RA3 is a cargo handling entity located in a third country that is validated and approved as such on the basis of an EU aviation security validation.

An RA3 shall ensure that security controls including screening where applicable have been applied to consignments bound for the Union and the consignments have been protected from unauthorised interference from the time that those security controls were applied and until the consignments are loaded onto an aircraft or are otherwise handed over to an ACC3 or other RA3.

The prerequisites for carrying air cargo or air mail into the Union (1) or Iceland, Norway and Switzerland are provided for in Implementing Regulation (EU) 2015/1998.

The checklist is the instrument to be used by the EU aviation security validator for assessing the level of security applied to EU or EEA bound air cargo or air mail (2) by or under the responsibility of the entity seeking designation as a RA3. The checklist is to be used only in the cases specified in point (b) of point 6.8.5.1 of the Annex to Implementing Regulation (EU) 2015/1998. In cases specified in point (a) of point 6.8.5.1 of that Annex, the EU aviation security validator shall use the ACC3 checklist.

A validation report shall be delivered to the designating appropriate authority and to the validated entity within a maximum of one month after the on-site verification. Integral parts of the validation report shall be at least:

the completed checklist signed by the EU aviation security validator and where applicable commented by the validated entity; and

the declaration of commitments (Attachment 6-H2 to Implementing Regulation (EU) 2015/1998) signed by the validated entity; and

an independence declaration (Attachment 11-A to Implementing Regulation (EU) 2015/1998) in respect of the entity validated signed by the EU aviation security validator.

Page numbering, the date of the EU aviation security validation and initialling on each page by the validator and the validated entity shall be the proof of the validation report's integrity.

The RA3 shall be able to use the report in its business relations with any ACC3 and where applicable, with any RA3.

By default the validation report shall be in English.

Part 5 — Screening and Part 6 — High risk cargo or mail (HRCM) shall be assessed against the requirements of Chapters 6.7 and 6.8 of the Annex to Implementing Regulation (EU) 2015/1998. For those parts that cannot be assessed against the requirements of Implementing Regulation (EU) 2015/1998, baseline standards are the Standards and Recommended Practices (SARPs) of Annex 17 to the Convention on International Civil Aviation and the guidance material contained in the ICAO Aviation Security Manual (Doc 8973-Restricted).

Completion notes:

All applicable and relevant parts of the checklist must be completed, in accordance with the business model and operations of the entity being validated. Where no information is available, this must be explained.

After each part, the EU aviation security validator shall conclude if and to what extent the objectives of this part are met.

PART 1

Identification of the entity validated and the validator

1.1.   

Date(s) of validation

Use exact date format, such as from 01.10.2012 to 02.10.2012

dd/mm/yyyy

 

1.2.   

Date of previous validation where applicable

dd/mm/yyyy

 

Previous RA3 registration number, where available

 

AEO certificate or C-TPAT status or other certifications, where available

 

1.3.   

Aviation security validator information

Name

 

Company/Organisation/Authority

 

Unique alphanumeric identifier (UAI)

 

Email address

 

Telephone number — including international codes

 

1.4.   

Name of entity

Name

 

Company number (for example, commercial register identification number, if applicable)

 

Number/Unit/Building

 

Street

 

Town

 

Postcode

 

State (where relevant)

 

Country

 

P.O. Box address, if applicable

 

1.5.   

Main address of organisation (if different from site to be validated)

Number/Unit/Building

 

Street

 

Town

 

Postcode

 

State (where relevant)

 

Country

 

P.O. Box address, if applicable

 

1.6.   

Nature of business — More than one business type may be applicable

(a)

air cargo only

(b)

air and other modes of transport

(c)

freight forwarder with cargo premises

(d)

freight forwarder without cargo premises

(e)

handling agent

(f)

others

 

1.7.   

Does the applicant …?

(a)

receive cargo from another 3rd country regulated agent

 

(b)

receive cargo from 3rd country known consignors

 

(c)

receive cargo from 3rd country account consignors

 

(d)

receive exempted cargo

 

(e)

screen cargo

 

(f)

store cargo

 

(g)

other, please specify

 

1.8.   

Approximate number of employees on site

Number

 

1.9.   

Name and title of person responsible for third country air cargo or air mail security

Name

 

Job title

 

Email address

 

Telephone number — including international codes

 

PART 2

Organisation and responsibilities of the third country EU aviation security validated regulated agent

Objective: No air cargo or air mail shall be carried to the EU or EEA without being subject to security controls. Cargo and mail delivered by an RA3 to an ACC3 or another RA3 may only be accepted as secure cargo or mail if such security controls are applied by the RA3. Details of such controls are provided in the following Parts of this checklist.

The RA3 shall have procedures in place to ensure that appropriate security controls are applied to all EU or EEA bound air cargo and air mail and that secure cargo or mail is protected until being transferred to an ACC3 or another RA3. Security controls shall consist of one of the following:

(a)

physical screening which shall be of a standard sufficient to reasonably ensure that no prohibited articles are concealed in the consignment;

(b)

other security controls, part of a supply chain security process, that reasonably ensure that no prohibited articles are concealed in the consignment and which have been applied by another RA3, KC3 or AC3 designated by the RA3.

Reference: point 6.8.3 of the Annex to Implementing Regulation (EU) 2015/1998.

2.1.   

Has the entity established a security programme?

YES or NO

 

If NO go directly to point 2.5.

 

2.2.   

Entity security programme

Date — use exact format dd/mm/yyyy

 

Version

 

Is the security programme submitted and/or approved by the appropriate authority of the state of the entity? If YES please describe the process.

 

2.3.   

Does the security programme sufficiently cover the elements mentioned in parts 3 to 9 of the checklist?

YES or NO

 

If NO, describe why detailing the reasons

 

2.4.   

Is the security programme conclusive, robust and complete?

YES or NO

 

If NO, specify the reasons

 

2.5.   

Has the entity established a process to ensure that air cargo or air mail is submitted to appropriate security controls before being transferred to an ACC3 or another RA3?

YES or NO

 

If YES, describe the process

 

2.6.   

Has the entity a management system (such as instruments, instructions) in place to ensure that the required security controls are implemented?

YES or NO

 

If YES, describe the management system and explain if it is approved, checked or provided by the appropriate authority or another entity.

 

If NO, explain how the entity ensures that security controls are applied in the required manner.

 

2.7.   

Conclusions and general comments on the reliance, conclusiveness and robustness of the process.

Comments from the entity

 

Comments from the EU aviation security validator

 

PART 3

Staff recruitment and training

Objective: To ensure the required security controls are applied, the RA3 shall assign responsible and competent staff to work in the field of securing air cargo or air mail. Staff with access to secured air cargo must possess all the competencies required to perform their duties and shall be appropriately trained.

To fulfil that objective, the RA3 shall have procedures in place to ensure that all staff (such as permanent, temporary, agency staff, drivers) with direct and unescorted access to air cargo or air mail to which security controls are being or have been applied:

(a)

have been subject to initial and recurrent pre-employment checks or background checks, which are at least in accordance with the requirements of the local authorities of the RA3 premises validated; and

(b)

have completed initial and recurrent security training to be aware of their security responsibilities in accordance with the requirements of the local authorities of the RA3 premises validated.

Note:

A background check means a check of a person's identity and previous experience, including where legally permissible, any criminal history as part of the assessment of an individual's suitability to implement a security control and/or for unescorted access to a security restricted area (ICAO Annex 17 definition).

A pre-employment check shall establish the person's identity on the basis of documentary evidence, cover employment, education and any gaps during at least the preceding five years, and require the person to sign a declaration detailing any criminal history in all states of residence during at least the preceding 5 years (Union definition).

Reference: point 6.8.3.1 of the Annex to Implementing Regulation (EU) 2015/1998.

3.1.   

Is there a procedure ensuring that all staff with direct and unescorted access to secured air cargo/air mail is subject to a pre-employment check that assesses background and competence?

YES or NO

 

If YES, indicate the number of preceding years taken into account for the pre-employment check and state which entity carries it out.

 

3.2.   

Does this procedure include?

background check

pre-employment check

check of criminal records

interviews

other (provide details)

Explain the elements, indicate which entity carries this element out and where applicable, indicate the preceding timeframe that is taken into account.

 

3.3.   

Is there a procedure ensuring that the person responsible for the application and supervision of the implementation of security controls at the site is subject to a pre-employment check that assesses background and competence?

YES or NO

 

If YES, indicate the number of preceding years taken into account for the pre-employment check and state which entity carries it out.

 

3.4.   

Does this procedure include?

background check

pre-employment check

check of criminal records

interviews

other (provide details)

Explain the elements, indicate which entity carries this element out and where applicable, indicate the preceding timeframe that is taken into account.

3.5.   

Do staff with direct and unescorted access to secured air cargo or air mail receive security training before being given access to secured air cargo or air mail?

YES or NO

 

If YES, describe the elements and duration of the training

 

3.6.   

Do staff that accept, screen or protect air cargo or air mail receive specific job-related training?

YES or NO

 

If YES, describe the elements and durations of training courses.

 

3.7.   

Do staff referred to in points 3.5 and 3.6 receive recurrent training?

YES or NO

 

If YES, specify the elements and the frequency of the recurrent training

 

3.8.   

Conclusion: do the measures concerning staff recruitment and training ensure that all staff with access to secured air cargo or air mail have been properly recruited and trained to a standard sufficient to be aware of their security responsibilities?

YES or NO

 

If NO, specify reasons

 

Comments from the entity

 

Comments from the EU aviation security validator

 

PART 4

Acceptance procedures

Objective: The RA3 may receive cargo or mail from another RA3, a KC3, an AC3 or from an unknown consignor. The RA3 shall have appropriate acceptance procedures for cargo and mail in place in order to establish whether a consignment comes from a secure supply chain or not and subsequently which security measures need to be applied to it.

When accepting any consignments, the RA3 shall establish the status of the entity from which it receives the consignments verifying whether or not the unique alphanumeric identifier (UAI) of the entity delivering the consignments is indicated on the accompanying documentation, and confirming that the air carrier or entity delivering the consignment is listed as active in the Union database on supply chain security for the specified airport or site, as appropriate.

If there is no indication of the UAI on the documentation or if the status of the air carrier or entity on the Union database on supply chain security is not active, the RA3 shall treat the consignments as arriving from an unknown source.

Additionally, a RA3 shall maintain a database giving at least the following information for each regulated agent or known consignor that has been subject to EU aviation security validation in accordance with point 6.8.5.1, from which it directly accepts cargo or mail to be delivered to an ACC3 for carriage into the Union:

(a)

the company details, including the bona fide business address;

(b)

the nature of the business, excluding business sensitive information;

(c)

contact details, including those of the person(s) responsible for security;

(d)

the company registration number, if applicable;

(e)

where available, the validation report;

(f)

the unique alphanumeric identifier attributed in the Union database on supply chain security.

Reference: points 6.8.3.1, 6.8.3.5, and 6.8.5.4 of the Annex to Implementing Regulation (EU) 2015/1998.

Note: An RA3 may only accept cargo from an AC3 as secure cargo, if this RA3 has designated this consignor itself as AC3, in accordance with point (c) of point 6.8.3.1 of the Annex to Implementing Regulation (EU) 2015/1998, and accounts for the cargo delivered by this consignor.

4.1.   

When accepting a consignment, does the entity establish whether it comes from another RA3, a KC3, an AC3 or an unknown consignor?

YES or NO

 

If YES, how?

 

4.2.   

Does the entity verify the indication of the UAI on the documentation accompanying consignments received from another ACC3, RA3 or KC3 and confirms the active status of the ACC3, RA3 or KC3 on the Union database on supply chain security?

YES or NO

 

4.3.   

Does the entity have a procedure to ensure that in case the documentation does not contain the UAI or the entity from which the cargo is received has no active status on the Union database on supply chain security, the consignment is treated as shipment coming from an unknown source?

YES or NO

 

4.4.   

Does the entity designate consignors as AC3?

YES or NO

 

If YES, describe the procedure and the safeguards required by the entity from the consignor.

 

4.5.   

When accepting a consignment, does the entity establish whether its destination is an EU or EEA airport?

YES or NO — explain

 

4.6.   

If YES — does the entity submit all air cargo or air mail to the same security controls when the destination is an EU or EEA airport?

YES or NO

 

If YES, describe the procedure

 

4.7.   

When accepting a consignment, does the entity establish whether it is to be regarded as high risk cargo and mail (HRCM) (see definition in Part 6), including for consignments that are delivered by other modes of transport than by air?

YES or NO

 

If YES, how?

Describe the procedure

 

4.8.   

When accepting a secured consignment, does the validated entity establish whether it has been protected from unauthorised interference or tampering?

YES or NO

 

If YES, describe by which means (for example, using seals, locks, inspection)

 

4.9.   

Is the person making the delivery required to present an official identification document containing a photo?

YES or NO

 

4.10.   

Is there a process in place to identify consignments that require screening?

YES or NO

 

If YES, how?

 

4.11.   

Conclusion: Are the acceptance procedures sufficient to establish that air cargo or air mail to an EU or EEA airport destination comes from a secure supply chain or needs to be subject to screening?

YES or NO

 

If NO, specify reasons

 

Comments from the entity

 

Comments from EU aviation security validator

 

PART 5

Screening

Objective: Where the RA3 accepts cargo and mail which does not come from a secure supply chain, the RA3 needs to subject these consignments to appropriate screening before it may be delivered to an ACC3 as secure cargo. The RA3 shall have procedures in place to ensure that EU or EEA bound air cargo and air mail for transfer, transit or unloading at a Union airport is screened by the means or methods referred to in Union legislation to a standard sufficient to reasonably ensure that it contains no prohibited articles.

Where screening of air cargo or air mail is performed by or on behalf of the appropriate authority in the third country, the RA3 shall declare this fact and specify the way adequate screening is ensured.

Reference: point 6.8.3 of the Annex to Implementing Regulation (EU) 2015/1998.

5.1.   

Is screening applied on behalf of the entity by another entity?

YES or NO

 

If YES,

Specify the nature of these entities and provide details:

private screening company;

government regulated company;

government screening facility or body;

other

Specify the nature of the agreement or contract between the validated entity and the entity that applies the screening on its behalf.

 

5.2.   

Is the entity able to request the appropriate security controls in case the screening is carried out by one of the above entities?

YES or NO

 

If NO, provide details

 

5.3.   

By which instruments and instructions (such as oversight, monitoring, and quality control) does the entity ensure that security controls are applied in the required manner by such service providers?

 

5.4.   

What methods of screening are used for air cargo and mail?

Specify, including details of equipment used for screening air cargo and air mail (such as manufacturer, type, software version, standard, serial number) for all the methods deployed.

 

5.5.   

Is the equipment or method (such as explosive detection dogs) used included in the most recent EU, European Civil Aviation Conference (ECAC) or the Transportation Security Administration (TSA) of the US compliance list?

YES or NO

 

If YES, provide details

 

If NO, give details specifying the approval of the equipment and date thereof, as well as any indications that it complies with EU equipment standards.

 

5.6.   

Is the equipment used in accordance with the manufacturers' concept of operations (CONOPS) and is the equipment regularly tested and maintained?

YES or NO

 

If YES, describe the process

 

5.7.   

In case EDDs are deployed, are they subjected to initial and recurrent training, approval and quality control process to a standard equivalent to the EU or TSA requirements?

YES or NO

 

If YES, describe the entire process and the related documentation supporting the assessment

 

5.8.   

In case EDDs are used, is the screening process following a deployment methodology equivalent to EU or TSA standards?

YES or NO

 

If YES, describe the entire process and the related documentation supporting the assessment

 

5.9.   

Is the nature of the consignment taken into consideration during screening?

YES or NO

 

If YES, describe how it is ensured that the screening method selected is employed to a standard sufficient to reasonably ensure that no prohibited articles are concealed in the consignment.

 

5.10.   

Is there a process for the resolution of the alarm generated by the screening equipment? For some equipment, such as x-ray equipment, the alarm is triggered by the operator himself.

YES or NO

 

If YES, describe the process of resolving alarms to reasonably ensure the absence of prohibited articles.

 

If NO, describe what happens to the consignment

 

5.11.   

Are any consignments exempt from security screening?

YES or NO

 

5.12.   

Are there any exemptions that do not comply with the Union list?

YES or NO

 

If YES, detail

 

5.13.   

Is access to the screening area controlled to ensure that only authorised and trained staff are granted access?

YES or NO

 

If YES, describe

 

5.14.   

Is an established quality control and/or testing regime in place?

YES or NO

 

If YES, describe

 

5.15.   

Conclusion: Is air cargo or air mail screened by one of the means or methods listed in point 6.2.1 of the Annex to Implementing Regulation (EU) 2015/1998 to a standard sufficient to reasonably ensure that it contains no prohibited articles?

YES or NO

 

If NO, specify reason

 

Comments from the entity

 

Comments from the EU aviation security validator

 

PART 6

High Risk Cargo or Mail

Objective: Consignments which originate from or transfer in locations identified as high risk by the Union or which appear to have been significantly tampered with are to be considered as high risk cargo and mail (HRCM). Such consignments have to be screened in line with specific instructions. The RA3 shall have procedures in place to ensure that EU or EEA bound HRCM is identified and subject to appropriate controls as defined in the Union legislation.

The ACC3 to which the RA3 delivers air cargo or mail for transportation shall be authorised to inform the RA3 about the latest state of relevant information on high risk origins.

The RA3 shall apply the same measures, irrespective of whether it receives high risk cargo and mail from an air carrier or through other modes of transportation.

Reference: point 6.7 of the Annex to Implementing Regulation (EU) 2015/1998.

Note: HRCM cleared for carriage into the EU/EEA shall be issued the security status ‘SHR’, meaning secure for passenger, all-cargo and all-mail aircraft in accordance with high risk requirements.

6.1.   

Do staff responsible for performing security controls know which air cargo and mail is to be treated as high risk cargo and mail (HRCM)?

YES or NO

 

If YES, describe

 

6.2.   

Does the entity have procedures in place for the identification of HRCM?

YES or NO

 

If YES, describe

 

6.3.   

Is HRCM subject to HRCM screening procedures according to Union legislation?

YES or NO

 

If NO, indicate procedures applied

 

6.4.   

After screening, does the entity issue a security status declaration for SHR in the documentation accompanying the consignment?

YES or NO

 

If YES, describe how security status is issued and in which document

 

6.5.   

Conclusion: Is the process put in place by the entity relevant and sufficient to ensure that all HRCM has been properly treated before loading?

YES or NO

 

If NO, specify reason

 

Comments from the entity

 

Comments from EU aviation security validator

 

PART 7

Protection of secured air cargo and mail

Objective: The RA3 shall have procedures in place to ensure EU or EEA bound air cargo and/or air mail is protected from unauthorised interference and/or any tampering from the point where security screening or other security controls are applied or from the point of acceptance after screening or security controls have been applied, until loading or transferring to an ACC3 or another RA3. If previously secured air cargo and mail is not protected afterwards, it may not be loaded or transferred to an ACC3 or another RA3 as secure cargo or mail.

Protection can be provided by different means such as physical (for example barriers, locked rooms), human (for example patrols, trained staff) and technological (for example CCTV, intrusion alarm).

EU or EEA bound secured air cargo or mail should be separated from air cargo or mail which is not secured.

Reference: point 6.8.3.1 of the Annex to Implementing Regulation (EU) 2015/1998.

7.1.   

Is protection of secured air cargo and air mail applied on behalf of the validated entity by another entity?

YES or NO

 

If YES,

Specify the nature of these entities and provide details:

private screening company;

government regulated company;

government screening facility or body;

other

 

7.2.   

Are security controls and protection in place to prevent tampering during the screening process?

YES or NO

 

If YES, describe

Specify what kind(s) of protection(s) are put in place:

physical (for example fence, barrier, building of solid construction),

human (for example patrols etc.),

technological (for example CCTV, alarm system).

Explain how they are organised.

 

7.3.   

Is the secure air cargo/air mail only accessible to authorised persons?

YES or NO

 

If YES, describe

Specify how all access points (including doors and windows) to identifiable and secured air cargo or air mail are controlled.

 

7.4.   

Are there procedures in place to ensure EU or EEA bound air cargo or air mail to which security controls have been applied are protected from unauthorised interference from the time it has been secured until its loading or is transferred to an ACC3 or another RA3?

YES or NO

 

If YES, describe how it is protected (for example by physical, human, technological means)

Specify also if the building is of solid construction and what kinds of materials are used, if available.

 

If NO, specify reasons

 

7.5.   

Conclusion: Is the protection of consignments sufficiently robust to prevent unlawful interference?

YES or NO

 

If NO, specify reason

 

Comments from the entity

 

Comments from EU aviation security validator

 

PART 8

Documentation

Objective: The RA3 shall ensure that the documentation accompanying a consignment to which the RA3 has applied security controls (such as screening, protection), contains at least:

(a)

the unique alphanumeric identifier received from the designating appropriate authority; and

(b)

the unique identifier of the consignment, such as the number of the (house or master) air waybill, when applicable; and

(c)

the content of the consignment; and

(d)

the security status, indicated as follows:

‘SPX’, which means secure for passenger, all-cargo and all-mail aircraft, or

‘SCO’, which means secure for all-cargo and all-mail aircraft only, or

‘SHR’, which means secure for passenger, all-cargo and all-mail aircraft in accordance with high risk requirements.

If the security status is issued by the RA3, the entity shall additionally indicate the reasons for issuing it, such as the means or method of screening used or the grounds for exempting the consignment from screening, using the standards adopted in the Consignment Security Declaration scheme.

The documentation accompanying the consignment may either be in the form of an air waybill, equivalent postal documentation or in a separate declaration, and either in an electronic format or in writing.

Reference: point (d) of point 6.3.2.6, points 6.8.3.4, 6.8.3.5 and 6.8.3.6 of the Annex to Implementing Regulation (EU) 2015/1998

8.1.   

Does the entity ensure that appropriate accompanying documentation is established, and include the information required in point (d) of point 6.3.2.6, points 6.8.3.4, 6.8.3.5 and 6.8.3.6 of the Annex to Implementing Regulation (EU) 2015/1998?

YES or NO

 

If NO, explain

 

8.2.   

In particular, does the entity specify the status of the cargo and how this was achieved?

YES or NO

 

If NO, explain

 

8.3.   

Conclusion: Is the documentation process sufficient to ensure that cargo or mail is provided with proper accompanying documentation which specifies the correct security status and all required information?

YES or NO

 

If NO, specify reason

 

Comments from the entity

 

Comments from EU aviation security validator

 

PART 9

Transportation

Objective: Air cargo and air mail must be protected from unauthorised interference or tampering from the time it has been secured until its loading or until it is transferred to an ACC3 or another RA3. This includes protection during transportation to the aircraft, to the ACC3 or to another RA3. If previously secured air cargo and mail is not protected during transportation, it may not be loaded or transferred to an ACC3 or another RA3 as secure cargo.

During transportation to an aircraft, an ACC3 or another RA3, the RA3 is responsible for the protection of the secure consignments. This includes cases where the transportation is undertaken by another entity, such as a freight forwarder, on its behalf. This does not include cases whereby the consignments are transported under the responsibility of an ACC3 or another RA3.

Reference: point 6.8.3 of the Annex to Implementing Regulation (EU) 2015/1998.

9.1.   

How is the air cargo or air mail conveyed to the ACC3 or to another RA3?

(a)

Validated entity's own transport?

YES or NO

 

(b)

Other RA3'sor ACC3's transport?

YES or NO

 

(c)

Contractor used by the validated entity?

YES or NO

 

9.2.   

Is the air cargo or air mail tamper evidently packed?

YES or NO

 

If YES, how

 

9.3.   

Is the vehicle sealed or locked before transportation?

YES or NO

 

If YES, how

 

9.4.   

Where numbered seals are used, is access to the seals controlled and are the numbers recorded?

YES or NO

 

If YES, specify how

 

9.5.   

If applicable, does the respective haulier sign the haulier declaration?

YES or NO

 

9.6.   

Has the person transporting the cargo been subject to specific security controls and awareness training before being authorised to transport secured air cargo or air mail, or both?

YES or NO

 

If YES, please describe what kind of security controls (such as pre-employment check, background check) and what kind of training (such as security awareness training).

 

9.7.   

Conclusion: Are the measures sufficient to protect air cargo or air mail from unauthorised interference during transportation?

YES or NO

 

If NO, specify reasons

 

Comments from the entity

 

Comments from EU aviation security validator

 

PART 10

Compliance

Objective: After assessing Parts 1 to 9 of this checklist, the EU aviation security validator has to conclude if its on-site verification confirms the implementation of the security controls in compliance with the objectives listed in this checklist for the EU or EEA bound air cargo or air mail.

Two different scenarios are possible. The EU aviation security validator concludes that the entity:

1.

has succeeded in complying with the objectives referred to in this checklist. A validation report shall be delivered to the designating appropriate authority and to the validated entity within a maximum of one month after the on-site verification;

2.

has failed in complying with the objectives referred to in this checklist. In that case, the entity is not authorised to deliver secured air cargo or mail for EU or EEA destination to an ACC3 or to another RA3. It shall receive a copy of the completed checklist stating the deficiencies.

10.1.   

General conclusion: Indicate the case closest to the situation validated

1 or 2

 

Comments from EU aviation security validator

 

Comments from the entity

 

Name of the validator:

Date:

Signature:

ANNEX

List of persons and entities visited and interviewed

Providing the name of the entity, the name and the position of the contact person and the date of the visit or interview.

Name of entity

Name of contact person

Position of contact person

Date of visit or interview

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ATTACHMENT 6-C3

VALIDATION CHECKLIST FOR ACC3

ACC3 (Air cargo or mail carrier operating into the Union from a third country airport) designation is the prerequisite for carrying air cargo or air mail into the European Union (3) (EU) or Iceland, Norway and Switzerland and is required by Implementing Regulation (EU) 2015/1998.

ACC3 designation is in principle required for all flights carrying cargo or mail for transfer, transit or unloading at EU or EEA airports (4). The appropriate authorities of the Member States of the European Union, Iceland, Norway and Switzerland are each responsible for the designation of specific air carriers as ACC3. The designation is based on the security programme of an air carrier and on an on-site verification of the implementation in compliance with the objectives referred to in this validation checklist.

The checklist is the instrument to be used by the EU aviation security validator for assessing the level of security applied to EU or EEA bound air cargo or air mail by or under the responsibility of the ACC3 or an air carrier applying for ACC3 designation.

A validation report shall be delivered to the designating appropriate authority and to the validated entity within a maximum of one month after the on-site verification. Integral parts of the validation report shall be at least:

the completed checklist signed by the EU aviation security validator and where applicable commented by the validated entity; and

the declaration of commitments (Attachment 6-H1 to Implementing Regulation (EU) 2015/1998) signed by the validated entity; and

an independence declaration (Attachment 11-A to Implementing Regulation (EU) 2015/1998) in respect of the entity validated signed by the EU aviation security validator.

Page numbering, the date of the EU aviation security validation and initialling on each page by the validator and the validated entity shall be the proof of the validation report's integrity. By default the validation report shall be drafted in English.

Part 3 — Security programme of the air carrier, Part 6 — Database, Part 7 — Screening and Part 8 — High risk cargo or mail (HRCM) shall be assessed against the requirements of Chapters 6.7 and 6.8 of the Annex to Implementing Regulation (EU) 2015/1998. For the other parts, baseline standards are the Standards and Recommended Practices (SARPs) of Annex 17 to the Convention on International Civil Aviation and the guidance material contained in the ICAO Aviation Security Manual (Doc 8973-Restricted).

Completion notes:

All applicable and relevant parts of the checklist must be completed, in accordance with the business model and operations of the entity being validated. Where no information is available, this must be explained.

After each part, the EU aviation security validator shall conclude if and to what extent the objectives of this part are met.

PART 1

Identification of the entity validated and the validator

1.1.   

Date(s) of validation

Use exact date format, such as 01.10.2012 to 02.10.2012

dd/mm/yyyy

 

1.2.   

Date of previous validation and unique alphanumeric identifier (UAI) of the ACC3 where available

dd/mm/yyyy

 

UAI

 

1.3.   

Aviation security validator information

Name

 

Company/Organisation/Authority

 

UAI

 

Email address

 

Telephone number — including international codes

 

1.4.   

Name of air carrier to be validated

Name

 

AOC (Air Operators Certificate) issued in (name of State):

 

International Air Transport Association (IATA) code or International Civil Aviation Organisation (ICAO) code if IATA code does not exist for. Specify which code applies.

 

State responsible for designating air carrier as ACC3

 

1.5.   

Details of third country airport location to be validated or cargo or mail facilities linked to it

Name

 

IATA or ICAO code for the airport

 

Country

 

1.6.   

Nature of air carrier's business — More than one business type may be applicable

(a)

passenger and cargo/mail carrier;

(b)

cargo and mail only carrier;

(c)

cargo only carrier;

(d)

mail only carrier;

(e)

integrator;

(f)

charter.

 

1.7.   

Name and title of person responsible for third country air cargo or air mail security

Name

 

Job title

 

Email address

 

Telephone number — including international codes

 

1.8.   

Address of the air carrier's main office at the airport being visited

Number/Unit/Building/Airport

 

Street

 

Town

 

Postcode

 

State (where relevant)

 

Country

 

1.9.   

Address of the air carrier's main office, for example the corporate headquarters

Number/Unit/Building/Airport

 

Street

 

Town

 

Postcode

 

State (where relevant)

 

Country

 

PART 2

Organisation and responsibilities of the ACC3 at the airport

Objective: No air cargo or mail shall be carried to the EU or EEA without being subject to security controls. Details of such controls are provided by the following Parts of this checklist. The ACC3 shall not accept cargo or mail for carriage on an EU-bound aircraft unless the application of screening or other security controls is confirmed and accounted for by an EU aviation security validated regulated agent, an EU aviation security validated known consignor or an account consignor designated by itself or by an EU aviation security validated regulated agent, or such consignments are subject to screening in accordance with the Union legislation.

The ACC3 shall have a process to ensure that appropriate security controls are applied to all EU or EEA bound air cargo and air mail unless it is exempted from screening in accordance with the Union legislation and that cargo or mail is protected thereafter until loading onto aircraft. Security controls shall consist of:

physical screening which shall be of a standard sufficient to reasonably ensure that no prohibited articles are concealed in the consignment, or

other security controls which are part of a supply chain security process that reasonably ensure that no prohibited articles are concealed in the consignment applied by EU aviation security validated regulated agents or known consignors or by an account consignor designated by itself or by an EU aviation security validated regulated agent.

Reference: point 6.8.3 of the Annex to Implementing Regulation (EU) 2015/1998

2.1.   

Has the air carrier established a process to ensure that air cargo or air mail is submitted to appropriate security controls prior to being loaded onto an EU or EEA bound aircraft?

YES or NO

 

If YES, describe the process

 

2.2.   

Are the security controls applied by the air carrier or on its behalf by an entity covered under the air carrier's security programme?

If YES, provide details

 

If NO, which entities not covered by the air carrier's security programme apply security controls to air cargo or mail carried by this air carrier into the EU or EEA?

 

Specify the nature of these entities and provide details:

private handling company;

government regulated company;

government screening facility or body;

other

 

2.3.   

By which instruments and instructions (such as oversight, monitoring, and quality control) does the air carrier ensure that security controls are applied in the required manner by the above service providers?

 

2.4.   

Is the air carrier able to request the appropriate security controls in case the screening is carried out by entities which are not covered by the air carrier's security programme, such as government facilities?

YES or NO

 

If NO, provide details

 

2.5.   

By which instruments and instructions (such as oversight, monitoring, and quality control) does the air carrier ensure that security controls are applied in the required manner by such service providers?

 

2.6.   

Has a regulated agent or known consignor programme for air cargo and mail been put in place in accordance with ICAO standards in the State of the airport at which the validation visit takes place?

If YES, describe the elements of the programme and how it has been put in place

 

2.7.   

Conclusions and general comments on the reliance, conclusiveness and robustness of the process.

Comments from the air carrier

 

Comments from the EU aviation security validator

 

PART 3

Security programme of the air carrier

Objective: The ACC3 shall ensure that its security programme includes all the aviation security measures relevant and sufficient for air cargo and mail to be transported into the Union.

The security programme and associated documentation of the air carrier shall be the basis of security controls applied in compliance with the objective of this checklist. The air carrier may wish to consider passing its documentation to the EU aviation security validator in advance of the site visit to help acquaint him with the details of the locations to be visited.

Reference: point 6.8.2.1 of the Annex and Attachment 6-G to Implementing Regulation (EU) 2015/1998

Note: The following points listed in Attachment 6-G to Implementing Regulation (EU) 2015/1998 shall be appropriately covered:

(a)

description of measures for air cargo and mail;

(b)

procedures for acceptance;

(c)

regulated agent scheme and criteria;

(d)

known consignor scheme and criteria;

(e)

account consignor scheme and criteria;

(f)

standard of screening;

(g)

location of screening;

(h)

details of screening equipment;

(i)

details of operator or service provider;

(j)

list of exemptions from security screening;

(k)

treatment of high risk cargo and mail.

3.1.   

Air carrier security programme

Date — use exact date format dd/mm/yyyy

 

Version

 

Has the programme been submitted to an EU or EEA appropriate authority at an earlier stage? If YES was it for ACC3 designation? Other purposes?

 

3.2.   

Does the security programme cover sufficiently the elements of the list above?

YES or NO

 

If NO, describe why detailing the reasons

 

3.3.   

Are the aviation security measures described by the security programme relevant and sufficient to secure EU or EEA bound air cargo or air mail according to the required standards?

YES or NO

 

If NO, describe why detailing the reasons

 

3.4.   

Conclusion: Is the security programme conclusive, robust and complete?

YES or NO

 

If NO, specify reasons

 

Comments from the air carrier

 

Comments from the EU aviation security validator

 

PART 4

Staff recruitment and training

Objective: The ACC3 shall assign responsible and competent staff to work in the field of securing air cargo or air mail. Staff with access to secured air cargo possess all the competencies required to perform their duties and are appropriately trained.

In order to fulfil that objective, the ACC3 shall have a procedure to ensure that all staff (such as permanent, temporary, agency staff, drivers) with direct and unescorted access to air cargo or air mail to which security controls are being or have been applied:

have been subject to initial and recurrent pre-employment checks or background checks, which are at least in accordance with the requirements of the local authorities of the airport validated, and

have completed initial and recurrent security training to be aware of their security responsibilities in accordance with the requirements of the local authorities of the airport validated.

Reference: point 6.8.3.1 of the Annex to Implementing Regulation (EU) 2015/1998

Note:

A background check means a check of a person's identity and previous experience, including where legally permissible, any criminal history as part of the assessment of an individual's suitability to implement a security control or for unescorted access to a security restricted area (ICAO Annex 17 definition).

A pre-employment check shall establish the person's identity on the basis of documentary evidence, cover employment, education and any gaps during at least the preceding five years, and require the person to sign a declaration detailing any criminal history in all states of residence during at least the preceding five years (Union definition).

4.1.   

Is there a procedure ensuring that all staff with direct and unescorted access to secured air cargo or air mail are subject to pre-employment checks that assesses background and competence?

YES or NO

 

If YES, indicate the number of preceding years taken into account for the pre-employment check and state which entity carries it out.

 

4.2.   

Does this procedure include?

background check

pre-employment check

check of criminal records

interviews

other (provide details)

Explain the elements, indicate which entity carries this element out and where applicable, indicate the preceding timeframe that is taken into account.

 

4.3.   

Is there a procedure ensuring that the person responsible for the application and supervision of the implementation of security controls at the site is subject to a pre-employment check that assesses background and competence?

YES or NO

 

If YES, indicate the number of preceding years taken into account for the pre-employment check and state which entity carries it out.

 

4.4.   

Does this procedure include?

background check

pre-employment check

check of criminal records

interviews

other (provide details)

Explain the elements, indicate which entity carries this element out and where applicable, indicate the preceding timeframe that is taken into account.

 

4.5.   

Do staff with direct and unescorted access to secured air cargo or air mail receive security training before being given access to secured air cargo or air mail?

YES or NO

 

If YES, describe the elements and duration of the training

 

4.6.   

Do staff that accept, screen or protect air cargo or air mail receive specific job related training?

YES or NO

 

If YES, describe the elements and durations of training courses.

 

4.7.   

Do staff referred to in points 4.5 and 4.6 receive recurrent training?

YES or NO

 

If YES, specify the elements and the frequency of the recurrent training

 

4.8.   

Conclusion: do the measures concerning staff recruitment and training ensure that all staff with access to secured air cargo or air mail have been properly assigned and trained to a standard sufficient to be aware of their security responsibilities?

YES or NO

 

If NO, specify reasons

 

Comments from the air carrier

 

Comments from the EU aviation security validator

 

PART 5

Acceptance procedures

Objective: The ACC3 shall have a procedure in place in order to assess and verify upon acceptance the security status of a consignment in respect of previous controls.

The procedure shall include the following elements:

(a)

confirmation that the entity delivering the consignment is listed as active in the Union database on supply chain security for the specified airport or site;

(b)

verification that the Union database unique alphanumeric identifier of the entity delivering the consignment is indicated on the accompanying documentation;

(c)

in case of consignments received from an account consignor, verification that the entity is in listed in the air carrier's database.

If there is no indication on the accompanying documentation of the identifier, or if the air carrier or entity delivering the consignments is not listed as active in the Union database on supply chain security, or in the case of account consignors the entity is not in the air carrier's database, it shall be deemed that no security controls have previously been applied, and the consignments shall be screened by the ACC3 or by another EU aviation security validated RA3 before being loaded onto the aircraft;

(d)

verification of whether the consignment is delivered by a person nominated by the EU aviation security validated regulated agent or known consignor as listed in its database or an account consignor of such a regulated agent or designated by the air carrier itself;

(e)

the person nominated shall correspond to the person tasked to deliver the air cargo or air mail to the air carrier. The person delivering the consignment to the air carrier shall present an identity card, passport, driving license or other document, which includes his or her photograph and which has been issued or is recognised by the national authority;

(f)

where applicable, verification of whether the consignment is presented with all the required security information (air waybill and security status information on paper or by electronic means, description of the consignment and unique identifier thereof, reasons for issuing the security status, means or methods of screening or grounds for exemption from screening) that corresponds to the air cargo and mail consignments being delivered;

(g)

verification of whether the consignment is free from any signs of tampering; and

(h)

verification of whether the consignment has to be treated as high risk cargo and mail (HRCM).

Reference: point 6.8.3.5, 6.8.3.6, 6.8.3.7, and 6.8.5.4 of the Annex to Implementing Regulation (EU) 2015/1998

5.1.   

When directly accepting a consignment, does the air carrier establish whether it comes from a regulated agent, a known consignor or an account consignor recognised according to Union air cargo legislation and listed in the Union database on supply chain security and in the database kept by the air carrier?

YES or NO

 

If YES, describe the procedure

 

5.2.   

Does the air carrier verify the indication of the UAI on the documentation accompanying consignments received from another ACC3, RA3 or KC3 and confirms the active status of the ACC3, RA3 or KC3 on the database on supply chain security?

YES or NO

 

5.3.   

Does the entity have a procedure to ensure that in case the documentation does not contain the UAI or the entity from which the cargo is received has no active status on the Union database on supply chain security, the consignment is treated as shipment coming from an unknown source?

YES or NO

 

5.4.   

Does the air carrier designate consignors as AC3?

YES or NO

 

If YES, describe the procedure and the safeguards required by the air carrier from the consignor.

 

5.5.   

When directly accepting a consignment, does the air carrier establish whether its destination is an EU or EEA airport?

YES or NO — explain

 

5.6.   

If YES — does the air carrier submit all cargo or mail to the same security controls when the destination is an EU or EEA airport?

YES or NO

 

If YES, describe the procedure

 

5.7.   

When directly accepting a consignment, does the air carrier establish whether it is to be regarded as high risk cargo and mail (HRCM), including for consignments that are delivered by other modes of transport other than air?

YES or NO

 

If YES, how?

Describe the procedure

 

5.8.   

When accepting a secured consignment, does the air carrier establish whether it has been protected from unauthorised interference and/or tampering?

YES or NO

 

If YES, describe (such as seals, locks).

 

5.9.   

If the air carrier accepts transit air cargo or air mail at this location (cargo or mail that departs on the same aircraft it arrived on), does the air carrier establish on the basis of the given data whether or not further security controls need to be applied?

YES or NO

 

If YES, how is it established?

 

If NO, what controls are applied to ensure security of EU or EEA bound cargo and mail?

 

5.10.   

If the air carrier accepts transfer air cargo or air mail at this location (cargo or mail that departs on a different aircraft to the one it arrived on), does the air carrier establish on the basis of the given data whether or not further security controls need to be applied?

YES or NO

 

If YES, how is it established?

 

If NO, what controls are applied to ensure security of EU or EEA bound cargo and mail?

 

5.11.   

Is the person delivering secured known air cargo to the air carrier required to present an official identification document containing a photograph?

YES or NO

 

5.12.   

Conclusion: Are the acceptance procedures sufficient to establish whether air cargo or air mail comes from a secure supply chain or that it needs to be subjected to screening?

YES or NO

 

If NO, specify reasons

 

Comments from the air carrier

 

Comments from the EU aviation security validator

 

PART 6

Database

Objective: Where the ACC3 is not obliged to apply 100 % screening to EU/EEA bound air cargo or air mail, the ACC3 shall ensure the cargo or mail comes from an EU aviation security validated entity designated by the appropriate authority of an EU Member State as third country regulated agent (RA3) or third country known consignor (KC3), or from an account consignor (AC3) designated by itself or by a third country regulated agent.

For monitoring the security relevant audit trail the ACC3 shall verify the active status of the RA3 and KC3 on the Union database of supply chain security, and maintain a database giving the following information for each entity or person from which it directly accepts cargo or mail:

the status of the involved entity (regulated agent or known consignor),

the company details, including the bona fide business address,

the nature of the business, excluding business sensitive information,

contact details, including those of the person(s) responsible for security,

the unique alphanumeric identifier attributed in the Union database on supply chain security, or in case the entity is an AC3 the company registration number.

When receiving air cargo or mail from a RA3 or KC3 the ACC3 shall check in the Union database whether the entity is listed as active, and for AC3 in the air carrier's database. If the RA3 or KC3 status is not active or the AC3 is not included in the database, the air cargo or air mail delivered by such entity shall be screened before loading.

Reference: point (a) of point 6.8.3.5 and point 6.8.5.4 of the Annex to Implementing Regulation (EU) 2015/1998

6.1.   

When directly accepting a consignment, does the air carrier establish whether it comes from a regulated agent, a known consignor or an account consignor recognised according to Union air cargo legislation and listed in the Union database on supply chain security and in the database kept by the air carrier?

YES or NO

 

If YES, describe the procedure

 

6.2.   

Does the air carrier maintain a database including, as appropriate, the details referred to above, of:

entities designated as third country regulated agent (RA3),

entities designated as third country known consignor (KC3),

entities designated as account consignors by an RA3 or by the air carrier (AC3)?

YES or NO

 

If YES, describe the database

 

If NO, explain why

 

6.3.   

Does staff accepting air cargo and air mail have easy access to the Union database on supply chain security and to the air carrier's database?

YES or NO

 

If YES, describe the process

 

6.4.   

Is the database updated in a regular manner as to provide reliable data to the staff accepting air cargo and air mail?

YES or NO

 

If NO, explain

 

6.5.   

Conclusion: Does the air carrier maintain a database that ensures full transparency on its relation to entities from which it directly receives (screened or security controlled) cargo or mail for transport into the Union or EEA?

YES or NO

 

If NO, specify reasons

 

Comments from the air carrier

 

Comments from the EU aviation security validator

 

PART 7

Screening

Objective: Where the ACC3 accepts cargo and mail from an entity which is not an EU aviation security validated entity or the cargo received has not been protected from unauthorised interference from the time security controls were applied, the ACC3 shall ensure the air cargo or air mail is screened before being loaded onto an aircraft. The ACC3 shall have a process to ensure that EU or EEA bound air cargo and air mail for transfer, transit or unloading at an Union airport are screened by the means or methods referred to in Union legislation to a standard sufficient reasonably to ensure that it contains no prohibited articles.

Where the ACC3 does not screen air cargo or air mail itself, it shall ensure that the appropriate screening is carried out according to Union requirements. Screening procedures shall include where appropriate the treatment of transfer and transit cargo and mail

Where screening of air cargo or mail is performed by or on behalf of the appropriate authority in the third country, the ACC3 receiving such air cargo or air mail from the entity shall declare this fact in its security programme, and specify the way adequate screening is ensured.

Reference: points 6.8.3.1, 6.8.3.2, 6.8.3.3 of the Annex to Implementing Regulation (EU) 2015/1998

7.1.   

Is screening applied by the air carrier or on its behalf by an entity covered under the air carrier's security programme?

If YES, provide details.

If applicable, provide details of the entity or entities covered under the air carrier's security programme:

name

site specific address

presence of AEO status, if applicable

 

If NO, which entities not covered by the air carrier's security programme apply screening to air cargo or mail carried by this air carrier into the EU or EEA?

Specify the nature of these entities and provide details

private handling company

government regulated company

government screening facility or body

other

 

7.2.   

Is the entity able to request the appropriate security controls in case the screening is carried out by one of the above entities?

YES or NO

 

If NO, provide details

 

7.3.   

By which instruments and instructions (for example oversight, monitoring, and quality control) does the entity ensure that security controls are applied in the required manner by such service providers?

 

7.4.   

What methods of screening are used for air cargo and air mail?

Specify, including details of equipment used for screening air cargo and air mail (such as manufacturer, type, software version, standard, serial number) for all the methods deployed

 

7.5.   

Is the equipment or method (for example explosive detection dogs) used included in the most recent EU, European Civil Aviation Conference (ECAC) or the Transportation Security Administration (TSA) of the US compliance list?

YES or NO

 

If YES, provide details

 

If NO, give details specifying the approval of the equipment and date thereof, as well as any indications that it complies with EU equipment standards

 

7.6.   

Is the equipment used in accordance with the manufacturers' concept of operations (CONOPS) and is the equipment regularly tested and maintained?

YES or NO

 

If YES, describe the process

 

7.7.   

In case EDDs are deployed, are they subjected to initial and recurrent training, approval and quality control process to a standard equivalent to the EU or TSA requirements?

YES or NO

 

If YES, describe the entire process and the related documentation supporting the assessment

 

7.8.   

In case EDDs are used, is the screening process following a deployment methodology equivalent to EU or TSA standards?

YES or NO

 

If YES, describe the entire process and the related documentation supporting the assessment

 

7.9.   

Is the nature of the consignment taken into consideration during screening?

YES or NO

 

If YES, describe how it is ensured that the screening method selected is employed to a standard sufficient to reasonably ensure that no prohibited articles are concealed in the consignment

 

7.10.   

Is there a process for the resolution of the alarm generated by the screening equipment?

YES or NO

 

If YES, describe the process of resolving alarms to reasonably ensure the absence of prohibited articles.

 

If NO, describe what happens to the consignment.

 

7.11.   

Are any consignments exempt from security screening?

YES or NO

 

7.12.   

Are there any exemptions that do not comply with the Union list?

YES or NO

 

If YES, detail

 

7.13.   

Is access to the screening area controlled to ensure that only authorised and trained staff is granted access?

YES or NO

 

If YES, describe

 

7.14.   

Is an established quality control or testing regime in place?

YES or NO

 

If YES, describe

 

7.15.   

Conclusion: Is air cargo or air mail screened by one of the means or methods listed in point 6.2.1 of the Annex to Implementing Regulation (EU) 2015/1998 to a standard sufficient to reasonably ensure that it contains no prohibited articles?

YES or NO

 

If NO, specify reason

 

Comments from the air carrier

 

Comments from the EU aviation security validator

 

PART 8

High risk cargo or mail

Objective: Consignments which originate from or transfer in locations identified as high risk by the EU or which appear to have been significantly tampered with are to be considered as high risk cargo and mail (HRCM). Such consignments have to be screened in line with specific instructions. High risk origins and screening instructions are provided by the appropriate EU/EEA authority having designated the ACC3. The ACC3 shall have a procedure to ensure that EU or EEA bound HRCM is identified and subject to appropriate controls as defined in the Union legislation.

The ACC3 shall remain in contact with the appropriate authority responsible for the EU/EEA airports to which it carries cargo in order to have available the latest state of information on high risk origins.

The ACC3 shall apply the same measures, irrespective of whether it receives high risk cargo and mail from another air carrier or through other modes of transportation.

Reference: points 6.7 and 6.8.3.6 of the Annex to Implementing Regulation (EU) 2015/1998

Note: HRCM cleared for carriage into the EU or EEA shall be issued the security status ‘SHR’, which means secure for passenger, all-cargo and all-mail aircraft in accordance with high risk requirements.

8.1.   

Does the air carrier staff responsible for performing security controls know which air cargo and mail is to be treated as high risk cargo and mail (HRCM)?

YES or NO

 

If YES, describe

 

8.2.   

Does the air carrier have procedures in place for the identification of HRCM?

YES or NO

 

If YES, describe

 

8.3.   

Is HRCM subject to HRCM screening procedures according to the EU legislation?

YES or NO

 

If NO, indicate procedures applied

 

8.4.   

After screening, does the air carrier issue a security status declaration for SHR in the documentation accompanying the consignment?

YES or NO

 

If YES, describe how security status is issued and in which document

 

8.5.   

Conclusion: Is the process put in place by the air carrier relevant and sufficient to ensure that all HRCM has been properly treated before loading?

YES or NO

 

If NO, specify reason

 

Comments from the air carrier

 

Comments from EU aviation security validator

 

PART 9

Protection

Objective: The ACC3 shall have processes in place to ensure EU or EEA bound air cargo or air mail is protected from unauthorised interference from the point where security screening or other security controls are applied or from the point of acceptance after screening or security controls have been applied, until loading.

Protection can be provided by different means such as physical (for example barriers, locked rooms), human (for example patrols, trained staff) and technological (for example CCTV, intrusion alarm).

EU or EEA bound secured air cargo or mail should be separated from air cargo or mail which is not secured.

Reference: point 6.8.3 of the Annex to Implementing Regulation (EU) 2015/1998

9.1.   

Is protection of secured air cargo and air mail applied by the air carrier or on its behalf by an entity covered under the air carrier's security programme?

If YES, provide details

 

If NO, which entities not covered by the air carrier's security programme apply protection measures to secured air cargo or mail carried by this air carrier into the EU or EEA?

Specify the nature of these entities and provide details:

private handling company

government regulated company

government screening facility or body

other

 

9.2.   

Are security controls and protection in place to prevent tampering during the screening process?

YES or NO

 

If YES, describe

 

9.3.   

Are there processes in place to ensure EU or EEA bound air cargo or air mail to which security controls have been applied are protected from unauthorised interference from the time it has been secured until its loading?

YES or NO

 

If YES, describe how it is protected

 

If NO, specify reasons

 

9.4.   

Conclusions: Is the protection of consignments sufficiently robust to prevent unlawful interference?

YES or NO

 

If NO specify reason

 

Comments from the air carrier

 

Comments from EU aviation security validator

 

PART 10

Accompanying documentation

Objective: The ACC3 shall ensure that the documentation accompanying a consignment to which the ACC3 has applied security controls (for example screening, protection), contains at least:

(a)

the unique alphanumeric identifier received from the designating appropriate authority; and

(b)

the unique identifier of the consignment, such as the number of the (house or master) air waybill, when applicable; and

(c)

the content of the consignment; and

(d)

the security status, indicated as follows:

‘SPX’, which means secure for passenger, all-cargo and all-mail aircraft, or

‘SCO’, which means secure for all-cargo and all-mail aircraft only, or

‘SHR’, which means secure for passenger, all-cargo and all-mail aircraft in accordance with high risk requirements.

In the absence of a third country regulated agent, the security status declaration may be issued by the ACC3 or by the air carrier arriving from a third country exempted from the ACC3 regime.

If the security status is issued by the ACC3, the air carrier shall additionally indicate the reasons for issuing it, such as the means or method of screening used or the grounds for exempting the consignment from screening, using the standards adopted in the consignment security declaration scheme.

In the event that the security status and the accompanying documentation have been established by an upstream RA3 or by another ACC3, the ACC3 shall verify, during the acceptance process, that the above information is contained in the accompanying documentation.

The documentation accompanying the consignment may either be in the form of an air waybill, equivalent postal documentation or in a separate declaration, and either in an electronic format or in writing.

Reference: point (d) of point 6.3.2.6, points 6.8.3.4, 6.8.3.5, 6.8.3.6 and 6.8.3.7 of the Annex to Implementing Regulation (EU) 2015/1998

10.1.   

Does the air carrier ensure that appropriate accompanying documentation is established, and include the information required in point (d) of point 6.3.2.6), points 6.8.3.4, 6.8.3.5 and 6.8.3.6 of the Annex to Implementing Regulation (EU) 2015/1998?

YES or NO

 

If YES, describe the content of the documentation

 

If NO, explain why and how the cargo or mail is treated as ‘secure’ by the air carrier if it is loaded onto an aircraft

 

10.2.   

Does the documentation include the air carrier's ACC3 unique alphanumeric identifier?

YES or NO

 

If NO, explain why

 

10.3.   

Does the documentation specify the security status of the cargo and how this status was achieved?

YES or NO

 

Describe how this is specified

 

10.4.   

Conclusion: Is the documentation process sufficient to ensure that cargo or mail is provided with proper accompanying documentation which specifies the correct security status and all required information?

YES or NO

 

If NO specify reason

 

Comments from the air carrier

 

Comments from EU aviation security validator

 

PART 11

Compliance

Objective: After assessing the ten previous Parts of this checklist, the EU aviation security validator has to conclude if its on-site verification corresponds with the content of the part of the air carrier security programme describing the measures for the EU or EEA bound air cargo or air mail and if the security controls sufficiently implements the objectives listed in this checklist.

Conclusions may comprise one of the following four possible main cases:

(1)

the air carrier security programme is in compliance with Attachment 6-G to Implementing Regulation (EU) 2015/1998 and the on-site verification confirms compliance with the objective of the checklist; or

(2)

the air carrier security programme is in compliance with Attachment 6-G to Implementing Regulation (EU) 2015/1998 but the on-site verification does not confirm compliance with the objective of the checklist; or

(3)

the air carrier security programme is not in compliance with Attachment 6-G to Implementing Regulation (EU) 2015/1998 but the on-site verification confirms compliance with the objective of the checklist; or

(4)

the air carrier security programme is not in compliance with Attachment 6-G to Implementing Regulation (EU) 2015/1998 and the on-site verification does not confirm compliance with the objective of the checklist.

11.1.   

General conclusion: Indicate the case closest to the situation validated

1, 2, 3 or 4

 

Comments from EU aviation security validator

 

Comments from the air carrier

 

Name of the validator:

Date:

Signature:

ANNEX

List of persons and entities visited and interviewed

Providing the name of the entity, the name and the position of the contact person and the date of the visit or interview.

Name of entity

Name of contact person

Position of contact person

Date of visit or interview

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ATTACHMENT 6-C4

VALIDATION CHECKLIST FOR THIRD COUNTRY EU AVIATION SECURITY VALIDATED KNOWN CONSIGNOR

Third country entities have the option to become part of an ACC3's (Air cargo or mail carrier operating into the Union from a third country airport) secure supply chain by seeking designation as a third country EU aviation security validated known consignor (KC3). A KC3 is a cargo handling entity located in a third country that is validated and approved as such on the basis of an EU aviation security validation.

A (KC3) shall ensure that security controls have been applied to consignments bound for the Union (5) and the consignments have been protected from unauthorised interference from the time that those security controls were applied and until transferring to an ACC3 or a third country EU aviation security validated regulated agent (RA3).

The prerequisites for carrying air cargo or air mail into the Union (EU) or Iceland, Norway and Switzerland are required by Implementing Regulation (EU) 2015/1998.

The checklist is the instrument to be used by the EU aviation security validator for assessing the level of security applied to EU or EEA bound air cargo or air mail (6) by or under the responsibility of the entity seeking designation as a KC3. The checklist is to be used only in the cases specified in point (b) of point 6.8.5.1 of the Annex to Implementing Regulation (EU) 2015/1998. In cases specified in point (a) of point 6.8.5.1 of that Annex, the EU aviation security validator shall use the ACC3 checklist.

A validation report shall be delivered to the designating appropriate authority and to the validated entity within a maximum of one month after the on-site verification. Integral parts of the validation report shall be at least the following:

the completed checklist signed by the EU aviation security validator and where applicable commented by the validated entity; and

the declaration of commitments (Attachment 6-H3 to Implementing Regulation (EU) 2015/1998) signed by the validated entity; and

an independence declaration (Attachment 11-A to Implementing Regulation (EU) 2015/1998) in respect of the entity validated signed by the EU aviation security validator.

Page numbering, the date of the EU aviation security validation and initialling on each page by the validator and the validated entity shall be the proof of the validation report's integrity.

The KC3 shall be able to use the report in its business relations with any ACC3 and any RA3.

By default the validation report shall be in English.

For those parts that cannot be assessed against the requirements of Implementing Regulation (EU) 2015/1998, baseline standards are the Standards and Recommended Practices (SARPs) of Annex 17 to the Convention on International Civil Aviation and the guidance material contained in the ICAO Aviation Security Manual (Doc 8973-Restricted).

Completion notes:

(1)

All applicable and relevant parts of the checklist must be completed, in accordance with the business model and operations of the entity being validated. Where no information is available, this must be explained.

(2)

After each part, the EU aviation security validator shall conclude if and to what extent the objectives of this part are met.

PART 1

Organisation and responsibilities

1.1.   

Date(s) of validation

Use exact date format, such as from 01.10.2012 to 02.10.2012

dd/mm/yyyy

 

1.2.   

Date of previous validation where applicable.

dd/mm/yyyy

 

Previous KC3 registration number, where available

 

AEO certificate or C-TPAT status or other certifications, where available

 

1.3.   

Aviation security validator information

Name

 

Company/Organisation/Authority

 

Unique alphanumeric identifier (UAI)

 

Email address

 

Telephone number — including international codes

 

1.4.   

Name of entity

Name

 

Company number (for example commercial register identification number, if applicable)

 

Number/Unit/Building

 

Street

 

Town

 

Postcode

 

State (where relevant)

 

Country

 

P.O. Box address, if applicable

 

1.5.   

Main address of organisation (if different from site to be validated)

Number/Unit/Building

 

Street

 

Town

 

Postcode

 

State (where relevant)

 

Country

 

P.O. Box address, if applicable

 

1.6.   

Nature of business — Types of cargo processed

What is the nature of business(es) — type of cargo processed in the applicant's premises?

 

1.7.   

Is the applicant responsible for…?

(a)

production

(b)

packing

(c)

storage

(d)

despatch

(e)

other, please specify

 

1.8.   

Approximate number of employees on site

Number

 

1.9.   

Name and title of person responsible for third country air cargo or air mail security

Name

 

Job title

 

Email address

 

Telephone number — including international codes

 

PART 2

Organisation and responsibilities of the third country EU aviation security validated known consignor

Objective: No air cargo or air mail shall be carried to the EU or EEA without being subject to security controls. Cargo and mail delivered by a KC3 to an ACC3 or RA3 may only be accepted as secure cargo or mail if such security controls are applied by the KC3. Details of such controls are provided by the following Parts of this checklist.

The KC3 shall have procedures in place to ensure that appropriate security controls are applied to all EU or EEA bound air cargo and air mail and that secure cargo or mail is protected until being transferred to an ACC3 or a RA3. Security controls reasonably ensure that no prohibited articles are concealed in the consignment.

Reference: point 6.8.3 of the Annex to Implementing Regulation (EU) 2015/1998.

2.1.   

Has the entity established a security programme?

YES or NO

 

If NO, go directly to point 2.5

 

2.2.   

Entity security programme information

Date — use exact format dd/mm/yyyy

 

Version

 

Is the security programme submitted to or approved by the appropriate authority of the state in which the entity is located? If YES, please describe the process.

 

2.3.   

Does the security programme sufficiently cover the elements mentioned in parts 4 to 11 of the checklist?

YES or NO

 

If NO, describe why, detailing the reasons

 

2.4.   

Is the security programme conclusive, robust and complete?

YES or NO

 

If NO, specify the reasons

 

2.5.   

Has the entity established a process to ensure that EU or EEA bound air cargo or air mail is submitted to appropriate security controls before being transferred to an ACC3 or an RA3?

YES or NO

 

If YES, describe the process

 

2.6.   

Has the entity a management system (for example instruments, instructions) in place to ensure that the required security controls are implemented?

YES or NO

 

If YES, describe the management system and explain if it is approved, checked or provided by the appropriate authority or other entity.

 

If NO, explain how the entity ensures that security controls are applied in the required manner.

 

2.7.   

Conclusions and general comments on the reliance, conclusiveness and robustness of the process.

Comments from the entity

 

Comments from the EU aviation security validator

 

PART 3

Identifiable air cargo or air mail

Objective: To establish the point or place where cargo or mail becomes identifiable as air cargo or air mail.

3.1.   

By inspection of the production, packing, storage, selection, despatch and any other relevant areas, ascertain where and how a consignment of EU or EEA bound air cargo or air mail becomes identifiable as such.

Describe

 

Comments from the entity

 

Comments from the EU aviation security validator

 

Please note that detailed information should be given on the protection of identifiable air cargo or air mail from unauthorised interference or tampering in Parts 6 to 9.

PART 4

Staff recruitment and training

Objective: In order to ensure that the required security controls are applied, the KC3 shall assign responsible and competent staff to work in the field of securing air cargo or air mail. Staff with access to identifiable air cargo shall possess all the competencies required to perform their duties and be appropriately trained.

In order to fulfil that objective, the KC3 shall have procedures in place to ensure that all staff (such as permanent, temporary, agency staff, drivers) with direct and unescorted access to air cargo or air mail to which security controls are being or have been applied:

(a)

have been subject to initial and recurrent pre-employment checks or background checks, which are at least in accordance with the requirements of the local authorities of the KC3 premises validated; and

(b)

have completed initial and recurrent security training to be aware of their security responsibilities in accordance with the requirements of the local authorities of the KC3 premises validated.

Note:

A background check means a check of a person's identity and previous experience, including where legally permissible, any criminal history as part of the assessment of an individual's suitability to implement a security control or for unescorted access to a security restricted area (ICAO Annex 17 definition).

A pre-employment check shall establish the person's identity on the basis of documentary evidence, cover employment, education and any gaps during at least the preceding five years, and require the person to sign a declaration detailing any criminal history in all states of residence during at least the preceding 5 years (Union definition).

Reference: point 6.8.3.1 of the Annex to Implementing Regulation (EU) 2015/1998.

4.1.   

Is there a procedure ensuring that all staff with access to identifiable air cargo or air mail is subject to a pre-employment check that assesses background check and competence?

YES or NO

 

If YES, indicate the number of preceding years taken into account for the pre-employment check and state which entity carries it out.

 

4.2.   

Does this procedure include?

background check

pre-employment check

check of criminal records

interviews

other (provide details)

Explain the elements, indicate which entity carries this element out and where applicable, indicate the preceding timeframe that is taken into account.

 

4.3.   

Is there a procedure ensuring that the person responsible for the application and supervision of the implementation of security controls at the site is subject to a pre-employment check that assesses background and competence?

YES or NO

 

If YES, indicate the number of preceding years taken into account for the pre-employment check and state which entity carries it out.

 

4.4.   

Does this procedure include?

background check

pre-employment check

check of criminal records

interviews

other (provide details)

Explain the elements, indicate which entity carries this element out and where applicable, indicate the preceding timeframe that is taken into account.

 

4.5.   

Do staff with access to identifiable air cargo/air mail receive training before being given access to identifiable air cargo or air mail?

YES or NO

 

If YES, describe the elements and duration of the training

 

4.6.   

Do staff referred to in point 4.5 receive recurrent training?

YES or NO

 

If YES, specify the elements and the frequency of the recurrent training

 

4.7.   

Conclusion: do measures concerning staff recruitment and training ensure that all staff with access to identifiable EU or EEA bound air cargo or air mail have been properly recruited and trained to a standard sufficient to be aware of their security responsibilities?

YES or NO

 

If NO, specify reasons

 

Comments from the entity

 

Comments from the EU aviation security validator

 

PART 5

Physical security

Objective: The KC3 shall have procedures in place to ensure identifiable air cargo or air mail bound for the EU or EEA is protected from unauthorised interference or any tampering. If such cargo or mail is not protected, it cannot be forwarded to an ACC3 or RA3 as secure cargo or mail.

The entity has to demonstrate how its site or its premises are protected and that relevant access control procedures are in place. It is essential that access to the area where identifiable air cargo or air mail is processed or stored, is controlled. All doors, windows and other points of access to secure EU or EEA bound air cargo or air mail need to be secured or subject to access control.

Physical security can be, but is not limited to:

physical obstacles such as fencing or barriers,

technology using alarms and/or CCTV systems,

human security such as staff dedicated to carry out surveillance activities.

Reference: point 6.8.3.1 of the Annex to Implementing Regulation (EU) 2015/1998.

5.1.   

Are all access points to identifiable air cargo/air mail subject to access control and is access limited to authorised persons?

YES or NO

 

If YES, how is access controlled? Explain and describe. Multiple answers may be possible.

by security staff

by other staff

manual checking if persons are allowed to enter the area

electronic access control systems

other, specify

 

If YES, how is it ensured that a person is authorised to enter the area? Explain and describe. Multiple answers may be possible.

use of a company identification card

use of another type of identification card such as passport or driver's licence

list of authorised persons used by (security) staff

electronic authorisation, e.g. by use of a chip;

distribution of keys or access codes only to authorised personnel

other, specify

 

5.2.   

Are all access points to identifiable air cargo or air mail secured? This includes access points which are not permanent in use and points which are normally not used as access points, such as windows.

YES or NO

 

If YES, how are these points secured? Explain and describe. Multiple answers may be possible.

presence of security staff

electronic access control systems which allow access to one person at a time

barriers, for example shutters or locks

CCTV system

intruder detection system

 

5.3.   

Are there additional measures to enhance the security of the premises in general?

YES or NO

 

If YES, explain and describe what they are

fencing or barriers

CCTV system

intruder detection system

surveillance and patrols

other, specify

 

5.4.   

Is the building of solid construction?

YES or NO

 

5.5.   

Conclusion: Are the measures taken by the entity sufficient to prevent unauthorised access to those parts of the site and premises where identifiable EU or EEA bound air cargo or air mail is processed or stored?

YES or NO

 

If NO, specify reasons

 

Comments from the entity

 

Comments from the EU aviation security validator

 

PART 6

Production

Objective: The KC3 shall have procedures in place to ensure identifiable air cargo or air mail bound for the EU or EEA is protected from unauthorised interference or any tampering during the production process. If such cargo or mail is not protected, it cannot be forwarded to an ACC3 or RA3 as secure cargo or mail.

The entity has to demonstrate that access to the production area is controlled and the production process is supervised. If the product becomes identifiable as EU or EEA bound air cargo or air mail in the course of production, the entity has to show that measures are taken to protect air or cargo or air mail from unauthorised interference or tampering from this stage.

Answer these questions where the product can be identified as EU or EEA bound air cargo/air mail in the course of the production process.

6.1.   

Is access to the production area controlled and limited to authorised persons?

YES or NO

 

If YES, explain how the access is controlled and limited to authorised persons

 

6.2.   

Is the production process supervised?

YES or NO

 

If YES, explain how it is supervised

 

6.3.   

Are controls in place to prevent tampering at the stage of production?

YES or NO

 

If YES, describe

 

6.4.   

Conclusion: Are measures taken by the entity sufficient to protect identifiable EU or EEA bound air cargo or air mail from unauthorised interference or tampering during production?

YES or NO

 

If NO, specify reasons

 

Comments from the entity

 

Comments from the EU aviation security validator

 

PART 7

Packing

Objective: The KC3 shall have procedures in place to ensure identifiable air cargo or air mail bound for the EU or EEA is protected from unauthorised interference or any tampering during the packing process. If such cargo or mail is not protected, it cannot be forwarded to an ACC3 or RA3 as secure cargo or mail.

The entity has to demonstrate that access to the packing area is controlled and the packing process is supervised. If the product becomes identifiable as EU or EEA bound air cargo or air mail in the course of packing, the entity has to show that measures are taken to protect air cargo/air mail from unauthorised interference or tampering from this stage. All finished goods need to be checked prior to packing.

Answer these questions where the product can be identified as EU or EEA bound air cargo/air mail in the course of the packing process.

7.1.   

Is access to the packing area controlled and limited to authorised persons?

YES or NO

 

If YES, explain how the access is controlled and limited to authorised persons

 

7.2.   

Is the packing process supervised?

YES or NO

 

If YES, explain how it is supervised

 

7.3.   

Are controls in place to prevent tampering at the stage of packing?

YES or NO

 

If YES, describe

 

7.4.

Describe the finished outer packaging:

(a)   

Is the finished outer packing robust?

YES or NO

 

Describe

 

(b)   

Is the finished outer packaging tamper evident?

YES or NO

 

If YES, describe which process is used to make the packaging tamper evident, for example by use of numbered seals, special stamps or security tape.

 

If NO, describe what protection measures that ensure the integrity of the consignments are taken.

 

7.5.   

Conclusion: Are measures taken by the entity sufficient to protect identifiable EU or EEA bound air cargo or air mail from unauthorised interference or tampering during packing?

YES or NO

 

If NO, specify reasons

 

Comments from the entity

 

Comments from the EU aviation security validator

 

PART 8

Storage

Objective: The KC3 shall have procedures in place to ensure identifiable air cargo or air mail bound for the EU or EEA is protected from unauthorised interference or any tampering during storage. If such cargo or mail is not protected, it cannot be forwarded to an ACC3 or RA3 as secure cargo or mail.

The entity has to demonstrate that access to the storage area is controlled. If the product becomes identifiable as EU or EEA bound air cargo or air mail while being stored, the entity has to show that measures are taken to protect air cargo or air mail from unauthorised interference or tampering as from this stage.

Answer these questions where the product can be identified as EU or EEA bound air cargo/air mail in the course of the storage process.

8.1.   

Is access to the storage area controlled and limited to authorised persons?

YES or NO

 

If YES, explain how the access is controlled and limited to authorised persons

 

8.2.   

Is the finished and packed air cargo or air mail stored securely and checked for tampering?

YES or NO

 

If YES, describe

 

If NO, explain how the entity ensures that the finished and packed EU or EEA bound air cargo and air mail is protected against unauthorised interference and any tampering.

 

8.3.   

Conclusion: Are measures taken by the entity sufficient to protect identifiable EU or EEA bound air cargo or air mail from unauthorised interference or tampering during storage?

YES or NO

 

If NO, specify reasons

 

Comments from the entity

 

Comments from the EU aviation security validator

 

PART 9

Despatch

Objective: The KC3 shall have procedures in place to ensure identifiable air cargo or air mail bound for the EU or EEA is protected from unauthorised interference or any tampering during the despatch process. If such cargo or mail is not protected, it must not be forwarded to an ACC3 or RA3 as secure cargo or mail.

The entity has to demonstrate that access to the despatch area is controlled. If the product becomes identifiable as EU or EEA bound air cargo or air mail in the course of despatch, the entity has to show that measures are taken to protect air cargo or air mail from unauthorised interference or tampering from this stage.

Answer these questions where the product can be identified as EU/EEA bound air cargo or air mail in the course of the despatch process.

9.1.   

Is access to the despatch area controlled and limited to authorised persons?

YES or NO

 

If YES, explain how the access is controlled and limited to authorised persons

 

9.2.   

Who has access to the despatch area? Multiple answers may be possible.

employees of the entity

drivers

visitors

contractors

others, specify

 

9.3.   

Is the despatch process supervised?

YES or NO

 

If YES, explain how it is supervised

 

9.4.   

Are controls in place to prevent tampering in the despatch area?

YES or NO

 

If YES, describe

 

9.5.   

Conclusion: Are measures taken by the entity sufficient to protect identifiable EU or EEA bound air cargo or air mail from unauthorised interference or tampering during the despatch process?

YES or NO

 

If NO, specify reasons

 

Comments from the entity

 

Comments from the EU aviation security validator

 

PART 10

Consignments from other sources

Objective: The KC3 shall have procedures in place to ensure that cargo or mail which it has not originated itself, shall not be forwarded to an ACC3 or an RA3 as secure cargo or mail.

A KC3 may pass consignments which it has not itself originated to a RA3 or an ACC3, provided that following conditions are met:

(a)

they are separated from consignments which it has originated; and

(b)

the origin is clearly indicated on the consignment or an accompanying documentation.

All such consignments must be screened by an RA3 or ACC3 before they are loaded onto an aircraft.

10.1.   

Does the entity accept consignments of cargo or mail intended for carriage by air from any other entity?

YES or NO

 

If YES, how are these consignments kept separate from the company's own cargo or mail and how are they identified to the regulated agent or haulier?

 

Comments from the entity

 

Comments from the EU aviation security validator.

 

PART 11

Documentation

Objective: The KC3 shall ensure that the documentation accompanying a consignment to which the KC3 has applied security controls (for example protection), contains at least:

(a)

the unique alphanumeric identifier received from the designating appropriate authority; and

(b)

the content of the consignment.

The documentation accompanying the consignment may either be in an electronic format or in writing.

Reference: point 6.8.3.4 of the Annex to Implementing Regulation (EU) 2015/1998

11.1.   

Does the entity ensure that appropriate accompanying documentation is established, containing the UAI received from the designating appropriate authority and a description of the consignment?

YES or NO

 

If NO, explain

 

11.2.   

Conclusion: Is the documentation process sufficient to ensure that cargo or mail is provided with proper accompanying documentation?

YES or NO

 

If NO, specify reason

 

Comments from the entity

 

Comments from EU aviation security validator

 

PART 12

Transportation

Objective: The KC3 shall have procedures in place in order to ensure identifiable air cargo or air mail bound for the EU or EEA is protected from unauthorised interference or any tampering during transportation. If such cargo or mail is not protected, it must not be accepted by an ACC3 or RA3 as secure cargo or mail.

During transportation, the KC3 is responsible for the protection of the secure consignments. This includes cases where the transportation is undertaken by another entity, such as a freight forwarder, on its behalf. This does not include cases whereby the consignments are transported under the responsibility of an ACC3 or RA3.

Answer these questions where the product can be identified as EU or EEA bound air cargo or air mail when transported.

12.1.   

How is the air cargo or air mail conveyed to the ACC3 or RA3?

(a)   

Validated entity's own transport?

YES or NO

 

(b)   

ACC3's or RA3's transport?

YES or NO

 

(c)   

Contractor used by the validated entity?

YES or NO

 

12.2.   

Is the air cargo or air mail tamper evidently packed?

YES or NO

 

If YES, how

 

12.3.   

Is the vehicle sealed or locked before transportation?

YES or NO

 

If YES, how

 

12.4.   

Where numbered seals are used, is access to the seals controlled and are the numbers recorded?

YES or NO

 

If YES, specify how

 

12.5.   

If applicable, does the respective haulier sign the haulier declaration?

YES or NO

 

12.6.   

Has the person transporting the cargo been subject to specific security controls and awareness training before being authorised to transport secured air cargo or air mail, or both?

YES or NO

 

If YES, please describe what kind of security controls (for example, pre-employment check, background check) and what kind of training (for example, security awareness training, etc.)

 

12.7.   

Conclusion: Are the measures sufficient to protect air cargo or air mail from unauthorised interference during transportation?

YES or NO

 

If NO, specify reasons

 

Comments from the entity

 

Comments from the EU aviation security validator

 

PART 13

Compliance

Objective: After assessing the twelve previous parts of this checklist, the EU aviation security validator has to conclude whether its on-site verification confirms the implementation of the security controls in compliance with the objectives listed in this checklist for EU or EEA bound air cargo or air mail.

Two different scenarios are possible. The EU aviation security validator concludes that the entity:

(1)

has succeeded in complying with the objectives referred to in this checklist. A validation report shall be delivered to the designating appropriate authority and to the validated entity within a maximum of one month after the on-site verification;

(2)

has failed in complying with the objectives referred to in this checklist. In that case, the entity is not authorised to deliver air cargo or mail for EU or EEA destination to an ACC3 or RA3 without it being screened by an authorised party. It shall receive a copy of the completed checklist stating the deficiencies.

The EU aviation security validator has to keep in mind that the assessment is based on an overall objective-based compliance methodology.

12.1.   

General conclusion: Indicate the scenario closest to the situation validated

1 or 2

 

Comments from EU aviation security validator

 

Comments from the entity

 

Name of the validator:

Date:

Signature:

ANNEX

List of persons and entities visited and interviewed

Providing the name of the entity, the name and the position of the contact person and the date of the visit or interview.

Name of entity

Name of contact person

Position of contact person

Date of visit or interview

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

’;

(33)

Attachments 6-H1, 6-H2 and 6-H3 are replaced by the following:

‘ATTACHMENT 6-H1

DECLARATION OF COMMITMENTS — EU AVIATION SECURITY VALIDATED ACC3

On behalf of [name of air carrier] I take note of the following:

This report establishes the level of security applied to EU or EEA bound air cargo operations in respect of the security standards listed in the checklist or referred to therein.

[name of air carrier] can only be designated ‘air cargo or mail carrier operating into the Union from a third country airport’ (ACC3) once an EU aviation security validation report has been submitted to and accepted by the appropriate authority of a Member State of the European Union or Iceland, Norway or Switzerland for that purpose, and the details of the ACC3 have been entered in the Union database on supply chain security.

If a non-compliance in the security measures the report refers to is identified by the appropriate authority of an EU Member State or by the European Commission, this could lead to the withdrawal of [name of air carrier] designation as ACC3 already obtained for this airport which will prevent [name of air carrier] transport air cargo or mail into the EU or EEA area from this airport.

The report is valid for five years and shall therefore expire on … at the latest.

On behalf of [air carrier] I declare that:

(1)

[name of air carrier] will accept appropriate follow-up action for the purpose of monitoring the standards confirmed by the report.

(2)

I will provide the designating appropriate authority with the relevant details promptly but at least within 15 days if:

(a)

any changes to [name of air carrier] security programme occur;

(b)

the overall responsibility for security is assigned to anyone other than the person named in point 1.7 of Attachment 6-C3 to Implementing Regulation (EU) 2015/1998;

(c)

there are any other changes to premises or procedures likely to significantly impact on security;

(d)

the air carrier ceases trading, no longer deals with air cargo or mail bound to the Union, or can no longer meet the requirements of the relevant Union legislation that have been validated in this report.

(3)

[name of air carrier] will maintain the security level confirmed in this report as compliant with the objective set out in the checklist and, where appropriate, implement and apply any additional security measures required to be designated ACC3 where security standards were identified as insufficient, until the subsequent validation of [name of air carrier] activities.

(4)

[name of air carrier] will inform the designating appropriate authority in case it is not able to request, obtain or ensure the application of appropriate security controls in respect of cargo or mail it accepts for carriage into the EU or EEA area, or it cannot exercise effective oversight on its supply chain.

On behalf of [name of air carrier] I accept full responsibility for this declaration.

Name:

Position in company:

Date:

Signature:

ATTACHMENT 6-H2

DECLARATION OF COMMITMENTS — THIRD COUNTRY EU AVIATION SECURITY VALIDATED REGULATED AGENT (RA3)

On behalf of [name of entity] I take note of the following:

This report establishes the level of security applied to EU or EEA bound air cargo operations in respect of the security standards listed in the checklist or referred to therein.

[Name of entity] can only be designated ‘third country EU aviation security validated regulated agent’ (RA3) once an EU aviation security validation report has been submitted to and accepted by the appropriate authority of a Member State of the European Union or Iceland, Norway or Switzerland for that purpose, and the details of the RA3 have been entered in the Union database on supply chain security.

If a non-compliance in the security measures the report refers to is identified by the appropriate authority of a Union Member State or by the European Commission, this could lead to the withdrawal of [name of entity] designation as a RA3 already obtained for this premises which will prevent [name of entity] from delivering secured air cargo or mail for EU or EEA destination to an ACC3 or another RA3.

The report is valid for three years and shall therefore expire on … at the latest.

On behalf of [name of entity] I declare that:

(1)

[name of entity] will accept appropriate follow-up action for the purpose of monitoring the standards confirmed by the report.

(2)

I will provide the designating appropriate authority with the relevant details promptly but at least within 15 days if:

(a)

any changes to [name of entity] security programme occur;

(b)

the overall responsibility for security is assigned to anyone other than the person named in point 1.9 of Attachment 6-C2 to Implementing Regulation (EU) 2015/1998;

(c)

there are any other changes to premises or procedures likely to significantly impact on security;

(d)

the company ceases trading, no longer deals with air cargo or mail bound to the European Union, or can no longer meet the requirements of the relevant Union legislation that have been validated in this report.

(3)

[name of entity] will maintain the security level confirmed in this report as compliant with the objective set out in the checklist and, where appropriate, implement and apply any additional security measures required to be designated RA3 where security standards were identified as insufficient, until the subsequent validation of [name of entity] activities.

(4)

[name of entity] will inform the ACC3s and RA3s to which it delivers secured air cargo and/or air mail if [name of entity] ceases trading, no longer deals with air cargo/air mail or can no longer meet the requirements validated in this report.

On behalf of [name of entity] I accept full responsibility for this declaration.

Name:

Position in company:

Date:

Signature:

ATTACHMENT 6-H3

DECLARATION OF COMMITMENTS — THIRD COUNTRY EU AVIATION SECURITY VALIDATED KNOWN CONSIGNOR (KC3)

On behalf of [name of entity] I take note of the following:

This report establishes the level of security applied to EU or EEA bound air cargo operations in respect of the security standards listed in the checklist or referred to therein.

[Name of entity] can only be designated ‘third country EU aviation security validated known consignor’ (KC3) once an EU aviation security validation report has been submitted to and accepted by the appropriate authority of a Member State of the European Union or Iceland, Norway or Switzerland for that purpose, and the details of the KC3 have been entered in the Union database on supply chain security.

If a non-compliance in the security measures the report refers to is identified by the appropriate authority of a Union Member State or by the European Commission, this could lead to the withdrawal of [name of entity] designation as a KC3 already obtained for this premises which will prevent [name of entity] from delivering secured air cargo or mail for EU or EEA destination to an ACC3 or an RA3.

The report is valid for three years and shall therefore expire on … at the latest.

On behalf of [name of entity] I declare that:

(1)

[name of entity] will accept appropriate follow-up action for the purpose of monitoring the standards confirmed by the report;

(2)

I will provide the designating appropriate authority with the relevant details promptly but at least within 15 days if:

(a)

any changes to [name of entity] security programme occur;

(b)

the overall responsibility for security is assigned to anyone other than the person named in point 1.9 of Attachment 6-C4 to Implementing Regulation (EU) 2015/1998;

(c)

there are any other changes to premises or procedures likely to significantly impact on security;

(d)

the company ceases trading, no longer deals with air cargo/mail bound to the European Union, or can no longer meet the requirements of the relevant Union legislation that have been validated in this report.

(3)

[name of entity] will maintain the security level confirmed in this report as compliant with the objective set out in the checklist and, where appropriate, implement and apply any additional security measures required to be designated KC3 where security standards were identified as insufficient, until the subsequent validation of [name of entity] activities.

(4)

[name of entity] will inform the ACC3s and RA3s to which it delivers secured air cargo and/or air mail if [name of entity] ceases trading, no longer deals with air cargo/air mail or can no longer meet the requirements validated in this report.

On behalf of [name of entity] I accept full responsibility for this declaration.

Name:

Position in company:

Date:

Signature:’;

(34)

point 8.1.3.2 is amended as follows:

(a)

point (c) is replaced by the following:

‘(c)

if the appropriate authority is satisfied with the information provided in accordance with points (a) and (b), it shall ensure that the necessary details of the regulated supplier are entered into the Union database on supply chain security not later than the next working day. When making the database entry the appropriate authority shall give each approved site a unique alphanumeric identifier in the standard format. If the appropriate authority is not satisfied, the reasons shall promptly be notified to the entity seeking approval as a regulated supplier;’;

(b)

the following point (d) is added:

‘(d)

a regulated supplier shall not be considered as approved until its details are listed in the Union database on supply chain security.’;

(35)

point 11.2.2(e) is replaced by the following:

‘(e)

knowledge of identification card systems in use;’

(36)

in point 11.2.3.8, the following paragraph is added:

‘In addition, where the person holds an airport identification card, training shall also result in all of the following competences:

(h)

understanding of the configuration of the screening checkpoint and the screening process;

(i)

awareness of access control and relevant screening procedures;

(j)

knowledge of airport identification cards used at the airport;

(k)

knowledge of reporting procedures;

(l)

ability to respond appropriately to security related incidents.’;

(37)

in point 11.2.3.9, the following paragraph is added:

‘In addition, where the person holds an airport identification card, training shall also result in all of the following competences:

(k)

understanding of the configuration of the screening checkpoint and the screening process;

(l)

awareness of access control and relevant screening procedures;

(m)

knowledge of identification cards in use;

(n)

ability to respond appropriately to security related incidents.’;

(38)

in point 11.2.3.10, the following paragraph is added:

‘In addition, where the person holds an airport identification card, training shall also result in all of the following competences:

(k)

understanding of the configuration of the screening checkpoint and the screening process;

(l)

awareness of access control and relevant screening procedures;

(m)

knowledge of identification cards in use;

(n)

ability to respond appropriately to security related incidents.’;

(39)

in point 11.5.1, the following paragraph is added:

‘Instructors shall be subject to recertification at least every 5 years.’;

(40)

point 11.6.4.3 is replaced by the following:

11.6.4.3   When a Member State is no longer satisfied that an EU aviation security validator meets the requirements referred to in points 11.6.3.1 or 11.6.3.5, it shall withdraw the approval and remove the validator from the Union database on supply chain security, or inform the appropriate authority that approved it, sharing the basis for its concern.’;

(41)

Attachment 11-A is replaced by the following:

‘ATTACHMENT 11-A

INDEPENDENCE DECLARATION — EU AVIATION SECURITY VALIDATOR

(a)

I confirm that I have established the level of compliance of the validated entity in an impartial and objective way.

(b)

I confirm that I am not, and have not in the preceding two years, been employed by the validated entity.

(c)

I confirm that I have no economic or other direct or indirect interest in the outcome of the validation activity, the validated entity or its affiliates.

(d)

I confirm that I have, and have had in the preceding 12 months no business relations such as training and consultancy beyond the validation process with the validated entity in areas related to aviation security.

(e)

I confirm that the EU aviation security validation report is based on a thorough fact finding evaluation of relevant security documentation, consisting of:

the validated entities' security programme or equivalent, and

an on- site verification of the implementation thereof.

(f)

I confirm that the EU aviation security validation report is based on an assessment of all security relevant areas on which the validator is required to give an opinion based on the relevant EU checklist.

(g)

I confirm that I have applied a methodology that allows for separate EU aviation security validation reports in respect of each entity validated and ensures objectivity and impartiality of the fact finding and evaluation, where several entities are being validated in a joint action.

(h)

I confirm that I accepted no financial or other benefits, other than a reasonable fee for the validation and a compensation of travel and accommodation costs.

I accept full responsibility for the EU aviation security validation report.

Name of the validated entity:

Name of the EU aviation security validator:

Date:

Signature:’;

(42)

points 12.7.1.2 and 12.7.1.3 are replaced by the following:

12.7.1.2   The equipment shall be used in a manner that ensures that the container is positioned and orientated so as to ensure that the detection capabilities are utilised in full.

12.7.1.3   The equipment shall give an alarm in each of the following circumstances:

(a)

when it detects threat material;

(b)

when it detects the presence of an item that prevents threat material from being detected;

(c)

when it cannot assess whether the LAG is benign or not;

(d)

when the contents of the screened bag are too dense to be analysed.’;

(43)

point 12.7.1.4 is deleted;

(44)

point 12.7.2.2 is replaced by the following:

12.7.2.2   All LEDS equipment shall meet standard 2.’;

(45)

point 12.7.2.3 is deleted;

(46)

point 12.9.2.5 is replaced by the following:

12.9.2.5   An EDD used for the detection of explosive materials shall be fitted with appropriate means to allow for the unique identification of the EDD.’.


(1)  The Union Member States: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the United Kingdom.

(2)  EU or EEA bound air cargo or air mail or aircraft in this validation checklist is equivalent to the Union and Iceland, Norway and Switzerland bound air cargo or air mail or aircraft.

(3)  The Union Member States: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the United Kingdom.

(4)  EU or EEA bound air cargo or air mail or aircraft in this validation checklist is equivalent to EU and Iceland, Norway and Switzerland bound air cargo or air mail or aircraft.

(5)  The Union Member States: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the United Kingdom

(6)  EU or EEA bound air cargo or air mail or aircraft in this validation checklist is equivalent to the Union and Iceland, Norway and Switzerland bound air cargo or air mail or aircraft.


Top