Rene Panksep
DIAMOND SKY OÜ
[email protected]
J. Kunderi 26
10121, Tallinn, Harju maakond
Teie 28.08.2025
12.09.2025 nr 3.3-6/25/4068-4
Vastus Teie päringule
Austatud hr Panksep
EASA on seisukohal, et Komisjoni rakendusmääruse 2015/1998 punkti 1.7 nõuete täitmise korral organisatsiooni ühes domeenis ei saa seda automaatselt laiendada kogu organisatsioonile, sest skoop on erinev.
24. juulil avaldatud AMC & GM uuendustes on kirjas järgnevalt:
„Even though the provisions in Regulation (EU) 2023/203 are equivalent to the cybersecurity
requirements in point 1.7 of the Annex to Regulation (EU) 2015/1998, in order to ensure effective
management of safety consequences by leveraging the requirements of Regulation (EU) 2015/1998, organisations need to consider the differences in the scope of the rules in terms of which elements are covered under the two different regulatory frameworks.
Taking the example of an airport operator, elements such as body scanners, X-ray machines and anti-RPAS systems fall under the scope of the requirements of point 1.7 of the Annex to Regulation (EU) 2015/1998. Elements such as runway lighting control systems and safety training databases fall under the scope of aviation safety rules. On the other hand, the protection of information and the verification of trustworthiness and identity can be considered elements that overlap between the two frameworks.
Consequently, an organisation that has developed a system in accordance with point 1.7 of the Annex to Regulation (EU) 2015/1998 can use it to address safety issues by extending the scope of the system, where necessary, to ensure that all safety-related elements are included. Moreover, compliance with point IS.I.OR.230 has to be ensured“
Lugupidamisega
Rainer Must
lennunduse infoturbeinspektor
ohutus ja juhtimissüsteemi osakond