Regulation (EU) No 1178/2011 AIRCREW : Pilot Licenses
Revision from August 2023
- EASA - AIRCREW :
- FRANCE :
Annexe VI : [PART ARA] - Authority Requirements for Aircrew
SUBPART GEN – GENERAL REQUIREMENTS
SECTION I – GENERAL
ARA.GEN.115 Oversight documentation - Regulation (EU) No 1178/2011
The competent authority shall provide all legislative acts, standards, rules, technical
publications and related documents to relevant personnel in order to allow them to perform their
tasks and to discharge their responsibilities.
ARA.GEN.120 Means of compliance - Regulation (EU) No 290/2012
- The Agency shall develop Acceptable Means of Compliance (AMC) that may be used to establish
compliance with Regulation (EC) No 216/2008 and its Implementing Rules. When the AMC are
complied with, the related requirements of the Implementing Rules are met.
- Alternative means of compliance may be used to establish compliance with the Implementing
Rules.
- The competent authority shall establish a system to consistently evaluate that all
alternative means of compliance used by itself or by organisations and persons under its
oversight allow the establishment of compliance with Regulation (EC) No 216/2008 and its
Implementing Rules.
- The competent authority shall evaluate all alternative means of compliance proposed by an
organisation in accordance with ORA.GEN.120 by analysing the documentation provided and, if
considered necessary, conducting an inspection of the organisation.
When the competent authority finds that the alternative means of compliance are in
accordance with the Implementing Rules, it shall without undue delay:
- notify the applicant that the alternative means of compliance may be implemented
and, if applicable, amend the approval or certificate of the applicant accordingly;
and
- notify the Agency of their content, including copies of all relevant
documentation;
- inform other MS about alternative means of compliance that were accepted.
- When the competent authority itself uses alternative means of compliance to achieve
compliance with Regulation (EC) No 216/2008 and its Implementing Rules it shall:
- make them available to all organisations and persons under its oversight; and
- without undue delay notify the Agency.
The competent authority shall provide the Agency with a full description of the alternative means
of compliance, including any revisions to procedures that may be relevant, as well as an
assessment demonstrating that the Implementing Rules are met.
AMC1 ARA.GEN.120(d)(3) Means of compliance - ED Decision
2012/006/R
GENERAL
The information to be provided to other Member States following approval of an alternative
means of compliance should contain a reference to the Acceptable Means of Compliance (AMC)
to which such means of compliance provides an alternative, as well as a reference to the
corresponding Implementing Rule, indicating as applicable the subparagraph(s) covered by the
alternative means of compliance.
GM1 ARA.GEN.120 Means of compliance - ED Decision 2012/006/R
GENERAL
Alternative means of compliance used by a competent authority or by organisations under its
oversight may be used by other competent authorities or organisations only if processed
again in accordance with ARA.GEN.120(d) and (e).
ARA.GEN.125 Information to the Agency - Regulation (EU) No 2023/203
- The competent authority shall notify the Agency in case of any significant problems with the
implementation of Regulation (EU) 2018/1139 and the delegated and implementing acts adopted
on the basis thereof within 30 days from the time the authority became aware of the
problems.
- Without prejudice to Regulation (EU) No 376/2014 of the European Parliament and of the
Council (*1) and the delegated and implementing acts adopted on the basis
thereof, the competent authority shall provide the Agency with safety-significant
information stemming from the occurrence reports stored in the national database, as soon as
possible.
- The competent authority of the Member State shall provide the Agency as
soon as possible
with safety-significant information stemming from the information security reports it has
received pursuant to point IS.I.OR.230 of Annex II (Part-IS.I.OR) to Implementing Regulation
(EU) 2023/203.
[applicable from 22 February 2026 — Implementing Regulation (EU)
2023/203]
(*1) Regulation (EU) No 376/2014 of the European Parliament and of the Council
of 3 April 2014 on the reporting, analysis and follow-up of occurrences in civil aviation,
amending Regulation (EU) No 996/2010 of the European Parliament and of the Council and
repealing Directive 2003/42/EC of the European Parliament and of the Council and Commission
Regulations (EC) No 1321/2007 and (EC) No 1330/2007 (OJ L 122, 24.4.2014, p. 18).
ARA.GEN.135 Immediate reaction to a safety problem - Regulation (EU) No 1178/2011
- Without prejudice to Regulation (EU) No 376/2014 and the delegated and implementing acts
adopted on the basis thereof, the competent authority shall implement a system to
appropriately collect, analyse and disseminate safety information.
- The Agency shall implement a system to appropriately analyse any relevant safety information
received and without undue delay provide to Member States and the Commission any
information, including recommendations or corrective actions to be taken, necessary for them
to react in a timely manner to a safety problem involving products, parts, non-installed
equipment, persons or organisations subject to Regulation (EU) 2018/1139 and the delegated
and implementing acts adopted on the basis thereof.
- Upon receiving the information referred to in (a) and (b), the competent authority shall
take adequate measures to address the safety problem.
- Measures taken under point (c) shall immediately be notified to all persons or organisations
that need to comply with them under Regulation (EU) 2018/1139 and the delegated and
implementing acts adopted on the basis thereof. The competent authority shall also notify
those measures to the Agency and, when combined action is required, the other Member States
concerned.
ARA.GEN.135A Immediate reaction to an information security incident or vulnerability with an
impact on aviation safety - Regulation (EU) No 2023/203
- The competent authority shall implement a system to appropriately collect,
analyse, and
disseminate information related to information security incidents and vulnerabilities with a
potential impact on aviation safety that are reported by organisations. This shall be done
in coordination with any other relevant authorities responsible for information security or
cybersecurity within the Member State to increase the coordination and compatibility of
reporting schemes.
- The Agency shall implement a system to appropriately analyse any relevant
safety-significant
information received in accordance with point ARA.GEN.125(c), and without undue delay
provide the Member States and the Commission with any information, including recommendations
or corrective actions to be taken, necessary for them to react in a timely manner to an
information security incident or vulnerability with a potential impact on aviation safety
involving products, parts, non-installed equipment, persons or organisations subject to
Regulation (EU) 2018/1139 and its delegated and implementing acts.
- Upon receiving the information referred to in points (a) and (b), the
competent authority
shall take adequate measures to address the potential impact on aviation safety of the
information security incident or vulnerability.
- Measures taken in accordance with point (c) shall immediately be notified
to all persons or
organisations that shall comply with them under Regulation (EU) 2018/1139 and its delegated
and implementing acts. The competent authority of the Member State shall also notify those
measures to the Agency and, when combined action is required, the competent authorities of
the other Member States concerned.
[applicable from 22 February 2026 — Implementing Regulation (EU)
2023/203]
AMC1 ARA.GEN.135A Immediate reaction to an information security incident or
vulnerability with an impact on aviation safety - ED Decision 2023/010/R
- To appropriately collect and analyse information related to
information security incidents and vulnerabilities with a potential impact on aviation
safety, the competent authority should implement means that ensure the necessary
confidentiality.
- When disseminating information related to information security
incidents and vulnerabilities with a potential impact on aviation safety, the competent
authority should properly select the appropriate recipient(s) to prevent the content of
a report from being exploited to the detriment of aviation safety, by revealing, for
instance, uncorrected vulnerabilities.
[applicable from 22 February 2026 — Implementing Regulation (EU)
2023/010/R]
GM1 ARA.GEN.135A Immediate reaction to an information security incident or
vulnerability with an impact on aviation safety - ED Decision 2023/010/R
When deemed necessary, a two-step mechanism could be used: a report
alerting about the information security event or incident and the availability of additional
data that would require controlled and confidential distribution. This report should only
alert recipients of the urgency and the necessity for organisations and competent
authorities to establish further communication through secure means.
Therefore, the report should consist of two parts: one limited to mostly
public information and one containing the sensitive data that should be restricted to the
recipients who need to know. Wherever possible, reports should be based on an agreed
taxonomy.
[applicable from 22 February 2026 — Implementing Regulation (EU)
2023/010/R]
SECTION II – MANAGEMENT
ARA.GEN.200 Management system - Regulation (EU) 2023/203
- The competent authority shall establish and maintain a management system, including as a
minimum:
- documented policies and procedures to describe its organisation, means and methods
to achieve compliance with Regulation (EU) 2018/1139 and the delegated and
implementing acts adopted on the basis thereof. The procedures shall be kept up to
date and serve as the basic working documents within that competent authority for
all related tasks;
- a sufficient number of personnel to perform its tasks and discharge its
responsibilities. Such personnel shall be qualified to perform their allocated tasks
and have the necessary knowledge, experience, initial and recurrent training to
ensure continuing competence. A system shall be in place to plan the availability of
personnel, in order to ensure the proper completion of all tasks;
- adequate facilities and office accommodation to perform the allocated tasks;
- a function to monitor compliance of the management system with the relevant
requirements and adequacy of the procedures including the establishment of an
internal audit process and a safety risk management process. Compliance monitoring
shall include a feedback system of audit findings to the senior management of the
competent authority to ensure implementation of corrective actions as necessary; and
- a person or group of persons, ultimately responsible to the senior management of the
competent authority for the compliance monitoring function.
- The competent authority shall, for each field of activity including management system,
appoint one or more persons with the overall responsibility for the management of the
relevant task(s).
- The competent authority shall establish procedures for participation in a mutual exchange of
all necessary information and assistance with other competent authorities concerned, whether
from within the Member State or in other Member States, including the following information:
- on all findings raised, corrective follow-up actions taken pursuant to such findings
and enforcement measures taken as a result of oversight of persons and organisations
exercising activities in the territory of a Member State but certified by or having
made declarations to the competent authority of another Member State or the Agency;
- stemming from mandatory and voluntary occurrence reporting as required by point
ORA.GEN.160 of Annex VII.
- A copy of the procedures related to the management system and their amendments shall be made
available to the Agency for the purpose of standardisation.
- In addition to the requirements contained in point (a), the management
system established
and maintained by the competent authority shall comply with Annex I (Part-IS.AR) to
Implementing Regulation (EU) 2023/203 in order to ensure the proper management of
information security risks which may have an impact on aviation safety.
[applicable from 22 February 2026 — Implementing Regulation (EU)
2023/203]
AMC1 ARA.GEN.200(a) Management system - ED Decision 2018/009/R
GENERAL
- All of the following should be considered when deciding upon the required organisational
structure:
- the number of certificates, attestations, authorisations and approvals to be
issued;
- the number of declared training organisations;
- the number of certified persons and organisations exercising an activity within
that Member State, including persons or organisations certified by, or having
made a declaration to, other competent authorities;
- the possible use of qualified entities and of resources of other competent
authorities to fulfil the continuing oversight obligations;
- the level of civil aviation activity in terms of:
- number and complexity of aircraft operated;
- size and complexity of the Member State’s aviation industry;
- the potential growth of activities in the field of civil aviation.
- The set-up of the organisational structure should ensure that the various tasks and
obligations of the competent authority do not rely solely on individuals. A continuous
and undisturbed fulfilment of these tasks and obligations of the competent authority
should also be guaranteed in case of illness, accident or leave of individual employees.
GM1 ARA.GEN.200(a) Management system - ED Decision 2012/006/R
GENERAL
- The competent authority designated by each Member State should be organised in such a
way that:
- there is specific and effective management authority in the conduct of all
relevant activities;
- the functions and processes described in the applicable requirements of
Regulation (EC) No 216/200820 and its Implementing Rules and AMCs,
Certification Specifications (CSs) and Guidance Material (GM) may be properly
implemented;
- the competent authority’s organisation and operating procedures for the
implementation of the applicable requirements of Regulation (EC) No 216/2008 and
its Implementing Rules are properly documented and applied;
- all competent authority personnel involved in the related activities are
provided with training where necessary;
- specific and effective provision is made for the communication and interface as
necessary with the Agency and the competent authorities of other Member States;
and
- all functions related to implementing the applicable requirements are adequately
described.
- A general policy in respect of activities related to the applicable requirements of
Regulation (EC) No 216/2008 and its Implementing Rules should be developed, promoted and
implemented by the manager at the highest appropriate level; for example the manager at
the top of the functional area of the competent authority that is responsible for such
activities.
- Appropriate steps should be taken to ensure that the policy is known and understood by
all personnel involved, and all necessary steps should be taken to implement and
maintain the policy.
- The general policy, whilst also satisfying additional national regulatory
responsibilities, should in particular take into account:
- the provisions of Regulation (EC) No 216/2008;
- the provisions of the applicable Implementing Rules and their AMCs, CSs and
GM;
- the needs of industry; and
- the needs of the Agency and of the competent authority.
- The policy should define specific objectives for key elements of the organisation and
processes for implementing related activities, including the corresponding control
procedures and the measurement of the achieved standard.
Note (20) : Regulation (EC) No 216/2008 of the European
Parliament and of the Council of 20 February 2008 on common rules in the field of
civil aviation and establishing a European Aviation Safety Agency, and repealing
Council Directive 91/670/EEC, Regulation (EC) No 1592/2002 and Directive 2004/36/EC.
OJ L 79, 19.3.2008, p. 1.
AMC1 ARA.GEN.200(a)(1) Management system - ED Decision 2012/006/R
DOCUMENTED POLICIES AND PROCEDURES
- The various elements of the organisation involved with the activities related to
Regulation (EC) No 216/2008 and its Implementing Rules should be documented in order to
establish a reference source for the establishment and maintenance of this organisation.
- The documented procedures should be established in a way that facilitates their use.
They should be clearly identified, kept up-to-date and made readily available to all
personnel involved in the related activities.
- The documented procedures should cover, as a minimum, all of the following aspects:
- policy and objectives;
- organisational structure;
- responsibilities and associated authority;
- procedures and processes;
- internal and external interfaces;
- internal control procedures;
- training of personnel;
- cross-references to associated documents;
- assistance from other competent authorities or the Agency (where required).
- It is likely that the information is held in more than one document or series of
documents, and suitable cross-referencing should be provided. For example,
organisational structure and job descriptions are not usually in the same documentation
as the detailed working procedures. In such cases it is recommended that the documented
procedures include an index of cross-references to all such other related information,
and the related documentation should be readily available when required.
AMC1 ARA.GEN.200(a)(2) Management system - ED Decision 2012/006/R
QUALIFICATION AND TRAINING - GENERAL
- The competent authority should ensure appropriate and adequate training of its personnel
to meet the standard that is considered necessary to perform the work. To ensure
personnel remain qualified, arrangements should be made for initial and recurrent
training as required.
- The basic capability of the competent authority’s personnel is a matter of recruitment
and normal management functions in selection of personnel for particular duties.
Moreover, the competent authority should provide training in the basic skills as
required for those duties. However, to avoid differences in understanding and
interpretation, all personnel should be provided with further training specifically
related to Regulation (EC) No 216/2008, its Implementing Rules and related AMCs, CSs and
GM, as well as related to the assessment of alternative means of compliance.
- The competent authority may provide training through its own training organisation with
qualified trainers or through another qualified training sourc
- When training is not provided through an internal training organisation, adequately
experienced and qualified persons may act as trainers, provided their training skills
have been assessed. If required, an individual training plan should be established
covering specific training skills. Records should be kept of such training and of the
assessment, as appropriate.
AMC2 ARA.GEN.200(a)(2) Management system - ED Decision 2012/006/R
QUALIFICATION AND TRAINING - INSPECTORS
- Qualification
- All inspectors should receive, as appropriate to their role, training in the
following areas:
- auditing techniques, as relevant to the particular duties and
responsibilities of the inspector;
- safety management systems (SMSs);
- compliance monitoring system (CMSs);
- the requirements of Regulation (EU) No 1178/2011 related to their
duties, in particular of Annex VII (Part-ORA) and Annex VI (Part ARA)
thereto; and
- ICAO Annexes and guidance material relevant to their duties.
- Additional qualification criteria:
- inspectors conducting sampling of training flights in aircraft or FSTD
sessions should hold or have held a pilot licence and relevant ratings
and certificates appropriate to the level of the training conducted;
- inspectors conducting sampling of training flights in aircraft as a
member of the flight crew should hold a pilot licence and relevant
ratings and certificates appropriate to the level of the training
conducted;
- inspectors conducting sampling of theoretical-knowledge instruction
should have a practical background in aviation in the areas relevant to
the training provided as well as practical experience in instructional
techniques;
- inspectors approving training programmes should have relevant experience
in the same area; and
- inspectors not involved in activities referred to in (i)-(iv) above
should have a relevant background in aviation related to their duties.
- Initial training programme
The initial training programme for inspectors should include, as appropriate to their
role, current knowledge of, as well as experience and skills in, at least the
following:
- air law – organisation and structure;
- Regulation (EC) No 216/2008, as well as its implementing regulations and related
AMC/GM;
- the Chicago Convention, as well as relevant ICAO Annexes and guidance;
- relevant national aviation and administrative legislation;
- the applicable requirements and procedures (including the correct formulation of
findings);
- management systems, including assessment of SMSs and CMSs, as well as auditing,
risk assessment, and reporting techniques;
- competency-based training, including approval of training organisations;
- criteria for the qualification of FSTDs;
- evidence-based training;
- HF training (including ‘just culture’ in aviation and conflict management);
- performance-based oversight;
- rights and obligations of the competent authority’s inspecting personnel;
- ‘on-the-job training’;
- the relevant Annexes to Regulation (EU) No 965/2012; and
- suitable technical training appropriate to the role and tasks of the inspector,
in particular for those areas requiring approvals.
- Recurrent training programme
The recurrent training programme should reflect, at least, changes in aviation
legislation and industry. It should also cover the specific needs of the inspectors
and of the competent authority, and include at least the following:
- an inspection on behalf of the competent authority, supervised by another
inspector;
- licence proficiency check(LPC)/OPC on an appropriate aircraft type/class (if
applicable);
- instructor refresher seminar (if applicable);
- audit techniques course for regulators (refresher course); and
- SMS refresher course.
GM1 ARA.GEN.200(a)(2) Management system - ED Decision 2018/009/R
SUFFICIENT PERSONNEL
- This GM on the determination of the required personnel is limited to the performance of
certification and oversight tasks, excluding personnel required to perform tasks subject
to any national regulatory requirements.
- The elements to be considered when determining required personnel and planning their
availability may be divided into quantitative and qualitative elements:
- Quantitative elements:
- the estimated number of initial certificates to be issued and
declarations to be received;
- the number of:
- organisations certified by the competent authority; and
- organisations having declared their activity to the competent
authority;
- the number of persons to whom the competent authority has issued a
licence, certificate, rating, authorisation or attestation;
- the estimated number of persons and organisations exercising their
activity within the territory of the Member State and established or
residing in another Member State.
- Qualitative elements:
- the size, nature and complexity of activities of certified and declared
organisations as well as FSTD qualification certificate holders (cf.
AMC1 ORA.GEN.200(b)), taking into account:
- privileges of the organisation;
- type and scope of approval or declared activities, multiple
certification or declaration;
- possible certification or declaration to industry standards;
- types of aircraft / flight simulation training devices (FSTDs)
operated;
- number of personnel; and
- organisational structure, existence of subsidiaries;
- the safety priorities identified;
- the results of past oversight activities, including audits, inspections
and reviews, in terms of risks and regulatory compliance, taking into
account:
- number and level of findings;
- timeframe for implementation of corrective actions; and
- maturity of management systems implemented by organisations and
their ability to effectively manage safety risks, taking into
account also information provided by other competent authorities
related to activities in the territory of the Member States
concerned; and
- the size and complexity of the Member State’s aviation industry and the
potential growth of activities in the field of civil aviation, which may
be an indication of the number of new applications and declarations as
well as changes to existing certificates and declarations to be
expected.
- Based on existing data from previous oversight planning cycles and taking into account
the situation within the Member State’s aviation industry, the competent authority may
estimate:
- the standard working time required for processing:
- applications for new certificates (for persons, organisations and FSTD
qualification);
- new declarations;
- for each planning period, the number of:
- new certificates to be issued;
- declarations to be received; and
- changes to existing certificates and declarations to be processed;
- the number of changes to existing certificates to be processed for each planning
period.
- In line with the competent authority’s oversight policy, the following planning data
should be determined specifically for each type of organisation certified by the
competent authority ining the AMC & GM to the implementing rules of Commission
Regulation (EU) (approved training organisations (ATOs) and aero-medical centres
(AeMCs)) and for FSTD qualification certificate holders as well as for declared training
organisations:
- standard number of audits to be performed per oversight planning cycle;
- standard duration of each audit;
- standard working time for audit preparation, on-site audit, reporting and
follow-up, per inspector;
- standard number of ramp and unannounced inspections to be performed;
- standard duration of inspections, including preparation, reporting and
follow-up, per inspector;
- minimum number and required qualification of inspectors for each
audit/inspection.
- Standard working time could be expressed either in working hours per inspector or in
working days per inspector. All planning calculations should then be based on the same
unit (hours or working days).
- It is recommended to use a spreadsheet application to process data defined under (c) and
(d), to assist in determining the total number of working hours / days per oversight
planning cycle required for certification, oversight and enforcement activities. This
application could also serve as a basis for implementing a system for planning the
availability of personnel.
- For each type of organisation certified by the competent authority, FSTD qualification
certificate holders and declared training organisations, the number of working
hours/days per planning period for each qualified inspector that may be allocated for
certification, oversight and enforcement activities should be determined, taking into
account:
- purely administrative tasks not directly related to oversight and
certification;
- training;
- participation in other projects;
- planned absence; and
- the need to include a reserve for unplanned tasks or unforeseeable events.
- The determination of working time available for certification, oversight and enforcement
activities should also consider:
- the possible use of qualified entities; and
- possible cooperation with other competent authorities for approvals and
declarations involving more than one Member State.
- Based on the elements listed above, the competent authority should be able to:
- monitor dates when audits and inspections are due and when they have been
carried out;
- implement a system to plan the availability of personnel; and
- identify possible gaps between the number and qualification of personnel and the
required volume of certification and oversight.
Care should be taken to keep planning data up-to-date in line with changes in the underlying
planning assumptions, with particular focus on risk-based oversight principles.
GM2 ARA.GEN.200(a)(2) Management system - ED Decision 2017/022/R
- The content of the initial training programme for inspectors referred to in AMC2
ARA.GEN.200(a)(2) may be selected from the following documents, as relevant to the
particular duties and responsibilities of the inspector:
- ICAO Annex 1 ‘Personnel Licensing’;
- ICAO Annex 19 ‘Safety Management’;
- ICAO Doc 9841 ‘Manual on the Approval of Flight Crew Training Organisations’;
- ICAO Doc 9868 ‘Procedures for Air Navigation Services – Training’;
- ICAO Doc 9859 ‘Safety Management Manual’;
- ICAO Doc 9379 ‘Manual of Procedures for Establishment and Management of a States
Personnel Licensing System’;
- ICAO Doc 9625 ‘Manual of Criteria for the Qualification of Flight Simulation
Training Devices’;
- ICAO Doc 9995 ‘Manual of Evidence-based Training’;
- ICAO Doc 10011 ‘Manual on Aeroplane Upset Prevention and Recovery Training’;
- Airplane Upset Prevention and Recovery Training Aid’ (AUPRTA), Revision 3.
- A minimum of activities should be performed according to the initial training programme:
- observations; and
- inspections as a team member.
GM3 ARA.GEN.200(a)(2) Management system - ED Decision 2017/022/R
The meaning of ‘relevant ratings and certificates appropriate to the level of the training
conducted’, as used in AMC2 ARA.GEN.200(a)(2), is explained below:
- the range of activities in an ATO may vary from instructions for the simple
single-engined aircraft to type training for CS-25-certified multi-pilot aircraft;
- in the context of the general approval of the ATO, experience in similar types or
classes of aircraft is acceptable;
- the inspector has the instructional experience in the same or similar types or the same
class of aircraft intended to be flown within the ATO (e.g. a type rating to assess the
type training programmes); and
- the experience in CS-25-certified multi-pilot aircraft will not, for example, equip the
inspector to assess the training programme in an ATO operating only single-engine piston
(SEP) (land) aircraft; similarly, experience as a PPL instructor will not necessarily
equip the inspector to assess a type training course for a CS-25 aircraft; in both
cases, additional appropriate training in the applicable environment is necessary.
AMC1 ARA.GEN.200(d) Management system - ED Decision 2018/009/R
PROCEDURES AVAILABLE TO THE AGENCY
- Copies of the procedures related to the competent authority’s management system and
their amendments to be made available to the Agency for the purpose of standardisation
should provide at least the following information:
- Regarding continuing oversight functions undertaken by the competent authority,
the competent authority’s organisational structure with description of the main
processes. This information should demonstrate the allocation of
responsibilities within the competent authority, and that the competent
authority is capable of carrying out the full range of tasks regarding the size
and complexity of the Member State’s aviation industry. It should also consider
overall proficiency and authorisation scope of competent authority personnel.
- For personnel involved in oversight activities, the minimum professional
qualification requirements and experience and principles guiding appointment
(e.g. assessment).
- How the following are carried out: assessing applications and evaluating
compliance of applications and declarations, issue of certificates, performance
of continuing oversight, follow-up of findings, enforcement measures and
resolution of safety concerns.
- Principles of managing exemptions and derogations.
- Processes in place to disseminate applicable safety information for timely
reaction to a safety problem.
- Criteria for planning continuing oversight (oversight programme), including
adequate management of interfaces when conducting continuing oversight (air
operations, flight crew licensing, continuing airworthiness management for
example).
- Outline of the initial training of newly recruited oversight personnel (taking
future activities into account), and the basic framework for continuation
training of oversight personnel.
- As part of the continuous monitoring of a competent authority, the Agency may request
details of the working methods used, in addition to the copy of the procedures of the
competent authority’s management system (and amendments). These additional details are
the procedures and related guidance material describing working methods for competent
authority personnel conducting oversight.
- Information related to the competent authority’s management system may be submitted in
electronic format.
ARA.GEN.205 Allocation of tasks to qualified entities - Regulation (EU) No
2023/203
[applicable until 21 February 2026 — Regulation (EU) No 290/2012]
ARA.GEN.205 Allocation of tasks to qualified entities - Regulation (EU) No
2023/203
[applicable from 22 February 2026 — Regulation (EU) No 2023/203]
- Tasks related to the initial certification or continuing oversight of persons or
organisations subject to Regulation (EC) No 216/2008 and its Implementing Rules shall be
allocated by Member States only to qualified entities. When allocating tasks, the competent
authority shall ensure that it has:
- a system in place to initially and continuously assess that the qualified entity
complies with Annex V to Regulation (EC) No 216/2008.
This system and the results of the assessments shall be documented;
- established a documented agreement with the qualified entity, approved by both
parties at the appropriate management level, which clearly defines:
- the tasks to be performed;
- the declarations, reports and records to be provided;
- the technical conditions to be met in performing such tasks;
- the related liability coverage; and
- the protection given to information acquired in carrying out such tasks.
- The competent authority shall ensure that the internal audit process and a safety risk
management process required by ARA.GEN.200(a)(4) cover all certification or continuing
oversight tasks performed on its behalf.
- With regard to the certification and oversight of the organisation’s
compliance with point ORA.GEN.200A, the competent authority may allocate tasks to qualified
entities in accordance with point (a), or to any relevant authority responsible for
information security or cybersecurity within the Member State. When allocating tasks, the
competent authority shall ensure that:
- all aspects related to aviation safety are coordinated and taken into account by the
qualified entity or relevant authority;
- the results of the certification and oversight activities performed by the qualified
entity or relevant authority are integrated in the overall certification and
oversight files of the organisation;
- its own information security management system established in accordance with point
ARA.GEN.200(e) covers all the certification and continuing oversight tasks performed
on its behalf.
[applicable from 22 February 2026 — Regulation (EU) No 2023/203]
GM1 ARA.GEN.205 Allocation of tasks to qualified entities - ED Decision
2023/010/R
[applicable until 21 February 2026 — ED Decision 2012/006/R]
GM1 ARA.GEN.205 Allocation of tasks to qualified entities - ED Decision
2023/010/R
[applicable from 22 February 2026 — ED Decision 2023/010/R]
CERTIFICATION TASKS
The tasks that may be performed by a qualified entity on behalf of the competent authority
include those related to the initial certification and continuing oversight of persons and
organisations as defined in this Regulation, with the exclusion of the issuance of
certificates, licences, ratings or approvals.
ARA.GEN.210 Changes in the management system - Regulation (EU) No 1178/2011
- The competent authority shall have a system in place to identify changes that affect its
capability to perform its tasks and discharge its responsibilities as defined in Regulation
(EU) 2018/1139 and the delegated and implementing acts adopted on the basis thereof. That
system shall enable it to take action as appropriate to ensure that its management system
remains adequate and effective.
- The competent authority shall update its management system to reflect any change to
Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on the basis
thereof in a timely manner, so as to ensure effective implementation.
- The competent authority shall notify the Agency of changes affecting its capability to
perform its tasks and discharge its responsibilities as defined in Regulation (EU) 2018/1139
and the delegated and implementing acts adopted on the basis thereof.
ARA.GEN.220 Record-keeping - Regulation (EU) No 2020/359
- The competent authority shall establish a system of record-keeping providing for adequate
storage, accessibility and reliable traceability of:
- the management system’s documented policies and procedures;
- training, qualification and authorisation of its personnel;
- the allocation of tasks, covering the elements required by ARA.GEN.205 as well as
the details of tasks allocated;
- certification and declaration processes as well as oversight of certified and
declared organisations;
- processes for issuing personnel licences, ratings, certificates and attestations and
for the continuing oversight of the holders of those licences, ratings, certificates
and attestations;
- processes for issuing FSTD qualification certificates and for the continuing
oversight of the FSTD and of the organisation operating it;
- oversight of persons and organisations exercising activities within the territory of
the Member State, but overseen or certified by the competent authority of another
Member State or the Agency, as agreed between these authorities;
- the evaluation and notification to the Agency of alternative means of compliance
proposed by organisations and the assessment of alternative means of compliance used
by the competent authority itself;
- findings, corrective actions and date of action closure;
- enforcement measures taken;
- safety information and follow-up measures;
- the use of flexibility provisions in accordance with Article 71 of Regulation (EU)
2018/1139; and
- the evaluation and authorisation process of aircraft laid down in points ORA.ATO.135
(a) and DTO.GEN.240 (a).
- The competent authority shall establish and keep up to date a list of all organisation
certificates, FSTD qualification certificates and personnel licences, certificates and
attestations it issued, DTO declarations it received, and the DTO training programmes it
verified or approved for compliance with Annex I (Part-FCL), Annex III (Part-BFCL) to
Commission Regulation (EU) 2018/395, or Annex III (Part-SFCL) to Commission Implementing
Regulation (EU) 2018/1976.
- All records shall be kept for the minimum period specified in this Regulation. In the
absence of such indication, records shall be kept for a minimum period of 5 years subject to
applicable data protection law.
AMC1 ARA.GEN.220(a) Record-keeping - ED Decision 2012/006/R
GENERAL
- The record-keeping system should ensure that all records are accessible whenever needed
within a reasonable time. These records should be organised in a way that ensures
traceability and retrievability throughout the required retention period.
- Records should be kept in paper form or in electronic format or a combination of both
media. Records stored on microfilm or optical disc form are also acceptable. The records
should remain legible and accessible throughout the required retention period. The
retention period starts when the record has been created.
- Paper systems should use robust material, which can withstand normal handling and
filing. Computer systems should have at least one backup system, which should be updated
within 24 hours of any new entry. Computer systems should include safeguards against
unauthorised alteration of data.
- All computer hardware used to ensure data backup should be stored in a different
location from that containing the working data and in an environment that ensures they
remain in good condition. When hardware- or software-changes take place, special care
should be taken that all necessary data continue to be accessible at least through the
full period specified in the relevant Subpart or by default in ARA.GEN.220(c).
AMC1 ARA.GEN.220(a)(1);(2);(3) Record-keeping - ED Decision
2012/006/R
COMPETENT AUTHORITY MANAGEMENT SYSTEM
Records related to the competent authority’s management system should include, as a minimum
and as applicable:
- the documented policies and procedures;
- the personnel files of competent authority personnel, with supporting documents related
to training and qualifications;
- the results of the competent authority’s internal audit and safety risk management
processes, including audit findings and corrective actions; and
- the contract(s) established with qualified entities performing certification or
oversight tasks on behalf of the competent authority.
AMC1 ARA.GEN.220(a)(4) Record-keeping - ED Decision 2018/009/R
ORGANISATIONS
Records related to an organisation certified by, or having declared its activity to, the
competent authority should include, as appropriate to the type of organisation:
- the application for an organisation approval or the declaration received;
- the documentation based on which the approval has been granted and any amendments to
that documentation or, in the case of declared training organisations, the documentation
required to be submitted with the declaration and any amendments thereto;
- the organisation approval certificate or any approval, including any changes;
- a copy of the continuing oversight programme listing the dates when audits or
inspections are due and when such audits or inspections were carried out;
- continuing oversight records including all audit and inspection records;
- copies of all relevant correspondence;
- details of any exemption and enforcement actions;
- any report from other competent authorities relating to the oversight of the
organisation; and
- a copy of any other document approved by the competent authority.
GM1 ARA.GEN.220(a)(4) Record-keeping - ED Decision 2018/009/R
CERTIFIED ORGANISATIONS - DOCUMENTATION
Documentation to be kept as records in support of the approval include the management system
documentation, including any technical manuals, such as the operations manual, and training
manual, that have been submitted with the initial application, and any amendments to these
documents.
GM2 ARA.GEN.220(a)(4) Record-keeping - ED Decision 2018/009/R
DECLARED TRAINING ORGANISATIONS - DOCUMENTATION
Documents to be kept as records in support of the declaration process include the declaration
form and all required attachments to it (training programmes) as well as any amendments to
these documents.
AMC1 ARA.GEN.220(a)(5) Record-keeping - ED Decision 2018/011/R
PERSONS
Records related to personnel licences, certificates, ratings, authorisations or attestations
issued by the competent authority should include, as a minimum:
- the application for a licence, certificate, rating, authorisation or attestation or
change to a licence, certificate, rating, authorisation or attestation;
- documentation in support of the application for a licence, certificate, rating,
authorisation or attestation or change to a licence, certificate, rating, authorisation
or attestation, covering as applicable:
- the course Area 100 KSA assessment;
- theoretical examination(s);
- skill test(s);
- proficiency check(s); and
- certificates attesting required experience;
- a copy of the licence or certificate including any changes;
- all relevant correspondence or copies thereof;
- details of any exemption;
- details of any enforcement action(s); and
- any report from other competent authorities relating to personnel licences,
certificates, ratings, authorisations or attestations issued by the competent authority.
AMC1 ARA.GEN.220(a)(7) Record-keeping - ED Decision 2018/009/R
ACTIVITIES PERFORMED IN THE TERRITORY OF A MEMBER STATE BY PERSONS OR ORGANISATIONS
ESTABLISHED OR RESIDING IN ANOTHER MEMBER STATE
- Records related to the oversight of activities performed in the territory of a Member
State by persons or organisations established or residing in another Member State should
include, as a minimum:
- oversight records including all audit and inspection records and related
correspondence;
- copies of all relevant correspondence to exchange information with other
competent authorities relating to the oversight of such persons/organisations;
- details of any enforcement measures and penalties; and
- any report from other competent authorities relating to the oversight of these
persons/organisations, including any notification of evidence showing
non-compliance with the applicable requirements.
- Records should be kept by the competent authority having performed the audit or
inspection and should be made available to other competent authorities at least in the
following cases:
- serious incidents or accidents;
- findings through the oversight programme where organisations certified by, or
having declared its activities to, another competent authority are involved to
determine the root cause;
- an organisation being certified by, having approvals issued by, or having
declared its activities to, competent authorities in several Member States.
- When records are requested by another competent authority, the reason for the request
should be clearly stated.
- The records can be made available by sending a copy or by allowing access to them for
consultation.
GM1 ARA.GEN.220 Record-keeping - ED Decision 2012/006/R
GENERAL
Records are required to document results achieved or to provide evidence of activities
performed. Records become factual when recorded. Therefore, they are not subject to version
control. Even when a new record is produced covering the same issue, the previous record
remains valid.
SECTION III – OVERSIGHT, CERTIFICATION AND ENFORCEMENT