Requirement

The new EU regulations on aviation security constitute a decisive pillar for the protection of information systems in civil aviation. 

They were introduced to manage cybersecurity risks that could impact flight safety, ensuring the integrity of air operations.

Information Security (Regulations (EU)
2023/203 and 2022/1645)
regarding potential impact
on aviation safety

In the aviation sector, two similar regulations concerning information security are provided to avoid impacts on aviation safety. Specifically, we have:

  • Regulation 2023/203 ‘laying down rules for the application of Regulation (EU) 2018/1139 of the European Parliament and of the Council as regards requirements relating to the management of information security risks with a potential impact on aviation safety…’, specifically Annex II ‘INFORMATION SECURITY — REQUIREMENTS FOR ORGANISATIONS [PART IS.I.OR]’.

  • Delegated Regulation (EU) 2022/1645 – Annex – requires the implementation of an Information Security Management System (IS.D.OR.xxx) for both production and maintenance in accordance with the EASA Part 21 G regulation.

Requirement

Information Security (Regulations (EU) 2023/203 and 2022/1645) regarding potential impac on aviation safety

In the aviation sector, two similar regulations concerning information security are provided to avoid impacts on aviation safety. Specifically, we have:

  • Regulation 2023/203 ‘laying down rules for the application of Regulation (EU) 2018/1139 of the European Parliament and of the Council as regards requirements relating to the management of information security risks with a potential impact on aviation safety…’, specifically Annex II ‘INFORMATION SECURITY — REQUIREMENTS FOR ORGANISATIONS [PART IS.I.OR]’.

  • Delegated Regulation (EU) 2022/1645 – Annex – requires the implementation of an Information Security Management System (IS.D.OR.xxx) for both production and maintenance in accordance with the EASA Part 21 G regulation.

The new EU regulations on aviation security constitute a decisive pillar for the protection of information systems in civil aviation. 

They were introduced to manage cybersecurity risks that could impact flight safety, ensuring the integrity of air operations.

Our Approach

Aviation InfoSec

Both regulations define requirements that, in addition to being aligned with sector standards, mirror international best practices in information security; specifically, they adopt the continuous improvement model proposed by the international standard ISO/IEC 27001:2022.

Furthermore, the two Regulations may have elements of overlap with national regulations for entities subject to Directive (EU) 2022/2555 on the security of network and information systems – NIS2.

What We Offer

Our experience enables the client to implement an Information Security Management System (ISMS) by defining a specific manual (ISMM), aligning it with the requirements of the relevant international standard, ISO/IEC 27001:2022, while taking into account EASA’s ‘Guidelines ISO/IEC 27001 vs Part IS’ dated July 15, 2024.

Familiarize yourself with the key standards

Certification and Compliance Pathways

CER

CER

Compliance

Critical Entities Resilience Directive to strengthen the resilience of critical entities in the European Union
Read more

Aviation InfoSec

ULTIMO AGGIORNAMENTO SITO/ LAST UPDATE - Gennaio/January 2026

Copyright © 2024 GERICO, All Rights Reserved.