Fact Sheets on the European Union
European Parliament
Please fill this field

Air transport: Civil aviation security

Aviation security (not to be confused with aviation safety[1]) exists to prevent malicious acts against aircraft and their passengers and crew. Following the terrible attacks of 2001, the EU has adopted a set of security rules for safeguarding civil aviation. These rules are regularly updated to address evolving risks. Member States retain the right to apply more stringent measures.

Legal basis

Article 100(2) of the Treaty on the Functioning of the European Union.

Objectives

The aim of aviation security is to prevent acts of unlawful interference, above all by keeping threatening items such as arms and explosives away from aircraft. It became a major cause for concern following the terrorist attacks of September 2001. Since then, the regulatory framework in this field has expanded considerably worldwide, whether nationally, or via international cooperation/agreements, or through the International Civil Aviation Organization[2] (ICAO) and Annex 17 to the Chicago Convention and the related Universal Security Audit Programme[3].

Achievements

In the wake of the terrorist attacks of September 2001, Regulation (EC) No 2320/2002[4] was adopted to safeguard civil aviation and provide the basis for a common interpretation by the Member States of Annex 17 to the Chicago Convention. In March 2008, this regulation was replaced by Regulation (EC) No 300/2008[5].

This Regulation sets the common rules and basic standards on aviation security, as well as mechanisms for monitoring compliance. It is supplemented by a set of regulations (general measures supplementing the common basic standards, or detailed measures needed for the implementation of those standards[6]) adopted by the Commission via the comitology procedure. It is worth noting that the implementing rules, which ‘contain sensitive security information’, have not been published. The EU regulatory framework is based on binding common standards and several basic principles.

  • Each Member State is responsible for the security of flights departing from its territory (‘host state responsibility’, as laid down by the ICAO);
  • All passengers and staff and all baggage must be screened before boarding. Cargo, mail and in-flight supplies must also be screened before being loaded, unless they have been subjected to appropriate security controls;
  • Member States retain the right to apply more stringent security measures should they consider it necessary.

The EU regulatory framework covers all parts of the air transport chain that can affect the security of the aircraft and/or infrastructure. It includes the airport, aircraft, passengers, baggage, cargo, airport and in-flight supplies, security staff and equipment. EU rules apply to all airports in the Union that are open to civil aviation, to all operators providing services at these airports, including air carriers, and to all other operators ‘applying aviation security standards’ providing goods or services to or through such airports[7]. The security standards applied may nevertheless be proportionate to the aircraft/operation/traffic involved.

In this context, each Member State designates a single authority to be responsible for coordinating and monitoring the implementation of aviation security law, and also draws up and implements a national civil aviation security programme (which lays down the roles and obligations of all operators concerned). Member States also establish and implement a national quality control programme (to determine the level of compliance of operators and provide measures to correct deficiencies), impose penalties for infringement, and cooperate with the Commission when it conducts inspections to monitor compliance with EU rules on aviation security. The Commission carries out unannounced inspections of airports and operators, in cooperation with the national authorities responsible for aviation security (these authorities are also inspected), in order to monitor the implementation of EU law.

From July 2014 onwards, air carriers that intend to fly cargo into the EU from a non-EU airport must comply with the ACC3 programme to ensure that this cargo is physically screened according to EU standards. In this respect, on-site checks at non-EU airports are carried out by the competent authorities of the Member States concerned, where relevant.

To facilitate air transport, the Commission may recognise the equivalence of non-EU countries’ aviation security standards, as is currently the case with the US, Canada and a few non-EU European countries.

The recognition of equivalence of security measures of third countries can open the door to the establishment of one-stop security arrangements between the EU and non-EU countries such as in the case of the United States, Canada and Montenegro. On 6 February 2018, the EU and Singapore signed a one-stop security arrangement that allows passengers coming from Singapore Changi Airport, with cabin and hold luggage, to transfer onto a connecting flight in EU and European Economic Area airports without having to undergo security checks for a second time.

On 27 April 2016, Directive (EU) 2016/681 on the use of passenger name record data was agreed on. Under this directive, airlines must hand over national authorities’ passenger data (PNR data) to the EU and vice versa for all flights from non-EU countries to the EU. PNR data is used to prevent, detect, investigate and prosecute terrorist offences and serious crimes.

On 14 March 2022, the Commission adopted a revision (Implementing Regulation (EU) 2022/421) of Regulation (EU) 2015/1998 via the comitology procedure. It includes the re-designation of airlines, operators and businesses offering security controls for cargo and mail from non-EU countries during the COVID-19 pandemic, implements pre-loading advance cargo information for operations in non-EU countries, places explosives detection equipment in EU airports and defines, simplifies and bolsters specific aviation security measures.

Overall, the current legislative framework leaves it up to Member States to decide how aviation security costs are to be covered. In 2009, the Commission proposed a directive to ensure that key principles such as cost-relatedness and non-discrimination between carriers or passengers are applied[8]. However, this proposal did not adopt a position on the core issue of public financing versus the ‘user pays’ principle, and left it to subsidiarity to determine who pays for security. In the absence of approval by the legislator, this proposal was withdrawn by the Commission in 2015.

Role of the European Parliament

Parliament has always taken the view that civil aviation security is one of the EU’s main concerns, and has endorsed the setting-up of a strict and effective system to prevent and avoid any terrorist attack. In so doing, Parliament has also emphasised the importance of the fundamental rights of citizens and the need to counterbalance measures to improve aviation security with strong and adequate safeguards aimed at protecting the privacy, personal dignity and health of citizens.

In general, Parliament is of the opinion that the comitology procedure is inappropriate in the aviation security sector, at least for measures having an impact on citizens’ rights. Its resolution of July 2011 therefore called for Parliament to be fully involved through co-decision.

Concerning the financing of security measures, Parliament takes the view that security charges should only cover security costs and that Member States applying more stringent measures should bear the ensuing additional costs.

Related Parliament decisions:

  • Resolution of 23 October 2008 on the impact of aviation security measures and security scanners on human rights, privacy, personal dignity and data protection;
  • Position adopted at first reading on 5 May 2010 on the proposal for a directive of the European Parliament and of the Council on aviation security charges;
  • Resolution of 6 July 2011 on aviation security, with a special focus on security scanners;
  • Position adopted at first reading on 14 April 2016 on passenger name record data, which states that the processing of data must not be based on a person’s race or ethnic origin, political affiliations, religion, health, sexual orientation, philosophical beliefs or trade union membership. The negotiations on this file lasted over five years because Parliament was persistent about the protection of sensitive data (data that reveals religion, political affiliation, health or racial background, etc.).

 

[1]Aviation safety relates to the design, manufacture, maintenance and operation of aircraft (3.4.9).
[2]The International Civil Aviation Organization (ICAO) is the specialised agency of the United Nations established by the Convention on International Civil Aviation (the Chicago Convention), signed on 7 December 1944 and to which 191 states are currently contracting parties. The ICAO notably lays down ‘standards and recommended practices’ to be enforced by the contracting states, but there is no binding mechanism to guarantee their proper application.
[3]Annex 17 to the Chicago Convention lays down standards and recommended practices for the protection of the security of international air transport. The Universal Security Audit Programme was launched in 2002 to monitor ICAO contracting states’ compliance with these standards.
[4]OJ L 355, 30.12.2002, p. 1.
[5]OJ L 97, 9.4.2008, p. 72.
[6]The detailed measures for the implementation of the common basic standards are consolidated under Regulation (EU) 2015/1998.
[7]EU aviation security rules also apply to Norway, Iceland, Liechtenstein and Switzerland.
[8]COM(2009)0217.

Ariane Debyser