Regulation (EC) No. 300/2008, article 13 in conjunction with Regulation (EU) No. 2015/1998 and additional legislation and directives enforcing these EU – Regulations oblige each air carrier conducting flight operations within the territory of the EU – Member States to establish an air carrier security programme and to adapt them continously.
The air carrier security programme shall constitute the procedures and methods an air carrier executes to anticipate a threat to the security of air traffic like acts of sabotage, aircraft hi-jacking or terrorist attacks and others.
Furthermore, each air carrier operating or intending to operate aircrafts, helicopters and other flying machines with a maximum take-off weight (MTOW) of more than 5.7 tons is binded by section 9 in conjunction with section 16, paragraph 3 air security law to submit an air carrier security programme to the Luftfahrt-Bundesamt for approval. This requirement obliges german air carriers as well as foreign air carriers flying from and to German airports.
Upon request in compliance with section 9, paragraph 4 Aviation Security Law, air carriers operating aircrafts, helicopters etc. with a MTOW of less than 5.7 tons may be obligated to submit an air security programme to the Luftfahrt Bundesamt.
The air carrier security programme is a prior condition for the approval of flight operations and the permission to enter german air space.
The upcoming realisation of the Implementing Regulation (EU) 2019/1583 on cybersecurity poses new and complex requirements for both companies and the authorising authority. We are currently working on this in cooperation with the legal decision-makers BMI and BMVI and also the associations to make these requirements tangible, on the one hand to provide a sample programme and a fill-in aid for you, and on the other hand to define the specific requirements for a permit for us. Due to the complexity already mentioned, this will take some time. As soon as we have further information on the level of detail, implementation period and presentation in the security programme, we will provide this to you. In order to prepare for your part, we recommend starting now with a collection / inspection of your systems and data, as well as an inventory of the current protection of these.
Department S 5