A European approach to security

Posted: 16 June 2005 | Robert Missen, Deputy Head of Unit Aviation and Maritime Security, European Commission (EC) | No comments yet

Several steps were taken by the EC in order to safeguard airports post 9/11, including an approach to security inspections different from existing ICAO checks.

Several steps were taken by the EC in order to safeguard airports post 9/11, including an approach to security inspections different from existing ICAO checks.

The origin of European Commission competences in the field of civil aviation security can be traced directly back to the events of 11 September 2001. Prior to that date the Commission had not been granted powers by the Member States to make legislation in this field. Rather, the Member States felt that a combination of requirements at the world level through ICAO, national rules and the guidance of European Civil Aviation Conference (ECAC) were sufficient.

9/11 changed all that. Within days an emergency meeting of the EU Transport Council – comprising of the Transport Ministers of the (then 15) Member States – took place. One of the conclusions reached at that meeting was that harmonised European legislation on aviation security was necessary and desirable.

On the basis of this decision and given that they were starting with a blank sheet of paper with an urgent deadline for action, the Commission, supported by the Member States, chose to use as a basis for its legislation the work of ECAC. Thus the Commission used ECAC’s so-called Doc. 30 to lay down recommendations in the field of aviation security, adapting it into a legislative proposal for a framework Regulation of the European Parliament and the Council, establishing common rules in the field of civil aviation security. This proposal was finally adopted on 16 December 2002 by the co-decision procedure1 and came into force on 19 January 2003.

Legislative issues

As the first piece of Community legislation in the field of civil aviation security, Regulation (EC) 2320/2002 simultaneously sought to address several different issues. It thus contained eight key elements.

First, there is a detailed annex with 12 chapters laying down the aviation security requirements to be covered by Community rules. These chapters covered the following areas:

airport security, aircraft security, passengers and cabin baggage, hold baggage, cargo, courier and express parcels, mail, air carrier mail and materials, air carrier catering, stores and supplies, air carrier cleaning, stores and supplies, general aviation, staff recruitment and training, and guidelines for (security) equipment.

Each of these chapters contains technical standards based on ECAC’s Document 30 that must be adhered to throughout the European Union.

The second key element of the Framework Regulation is that it obliges each Member State to have a National Civil Aviation Security Programme in order to ensure the application of the common standards laid down in the annex to the Regulation. Such national programmes were to be adopted within three months of entry into force of the Regulation (i.e. by 19 April 2003).

Thirdly, within six months following the entry into force of the Regulation (i.e. by 19 July 2003) each Member State had to require its appropriate authority to oversee the development and implementation of a national civil aviation security quality control programme, so as to ensure the effectiveness of its national civil aviation security programme. This requirement implies that the appropriate national authorities must inspect airports regularly.

The fourth key element is that the Regulation mandates the Commission to monitor the Member States’ application of the Regulation and, in particular, to conduct inspections of national administrations and of a suitable sample of airports to ensure that Community rules on aviation security are being complied with. Such inspections could begin six months following the entry into force of the Regulation (i.e. from 19 July 2003). Whilst this was not the first case of the Commission directly policing its legislation – for example EU veterinary rules and fish quotas are controlled though Commission inspection teams – it is nonetheless a significant new power mandated to the Commission.
The Regulation also requires that Commission inspections at airports are not publicised in advance and that the results should be disseminated – in a restricted manner, reflecting the potential sensitivity of the findings – to all Member States. This is significantly different to the inspection regimes created by ECAC and ICAO, where on the one hand inspections are clearly announced in advance and on the other hand results are not disseminated.

A fifth point is that the legislation applies in full to all but the smallest of the 400 civil aviation airports within the European Community. The legislation grants derogations only to airports deemed too small, either as regards number of flights per day, or as regards the maximum size of aircraft used there.
It should be noted that such small airports do not have a blanket exemption from applying aviation security procedures. Rather, each Member State may adopt levels of security that are different from those laid down in Community legislation, but only on the basis of local risk assessments and subject to the wishes of the national authority.

The sixth point – and a major justification for Community legislation – is that the legislation is mandatory. This is in contrast with the previous work undertaken by ECAC that took the form of recommendations and was not legally binding.

The seventh point is that whilst the legislation lays down common basic standards the Regulation 2002 allows Member States (or individual airports) to set higher standards. This approach – not of total harmonisation, but rather of harmonised base levels of security – partly reflects that, on the date of initial implementation, there was a wide range in the standards of security at Community airports but that the Commission did not wish to oblige any Member State to reduce existing security standards where they were better than the prescribed the norm. Furthermore, given the variable level of risk from terrorist attack, specific airports or airlines must always have the possibility to increase security whenever objective risk assessments suggest such action is necessary, either on a temporary or permanent basis.

The final element of Regulation 2320/2002 is that it permitted the development of additional, more detailed secondary legislation. Such legislation is adopted by comitology – a legislative process in Brussels that involves the national ministries but obviates the slow process of approval by both the European Parliament and all the national transport ministers. (It should be noted that any legislation that is adopted in this way may not in any way extend the scope of EU rules).

Following on from the last point one specific requirement of Regulation 2320/2002 that necessitated the adoption of additional implementing legislation concerned the screening of airport staff.
Consequently, on 21 June 2004 Commission Regulation (EC) No 1138/2004 establishing a common definition of critical parts of security-restricted areas at airports2 was adopted.
This regulation requires that within five years and in three phases, all airport staff that come into contact with screened passengers and screened baggage shall themselves have been subject to screening. The first phase, for staff in airport terminal buildings, became effective immediately upon adoption of the Regulation.
This legislative requirement was controversial to some. However, the Commission was of the view that it makes no sense to invest considerable sums of money in screening passengers and their bags if, after screening, they can then be placed in contact with unscreened persons.

National responsibilities

From the contents of Regulation (EC) 2320/2002 it can be seen that, as well as the general legal obligation for all Member States to apply in full as from 19 January 2003 the technical standards specified in the annex of the Regulation, there were also specific obligations that had to be met.

For the Member States this required that they all had national aviation security programmes in place. They were also required to each adopt a national civil aviation security quality control programme. To assist in this the Commission brought in an implementing Regulation – Regulation 1217/2004 – laying down common specifications for national civil aviation security quality control programmes.

For its part, in order to meet one of its control obligations under Regulation 2320/2002 the Commission had to set up an inspection team for the control not only of European airports but also of the national administrations, since the Commission is also charged with scrutinising the national aviation security programmes and national civil aviation security quality control programmes so as to ensure that Community legislation is applied and interpreted correctly throughout the European Community.

In addition, the Commission had to develop the necessary procedures for undertaking inspections, as well as training for its inspectors. In this respect ECAC was again able to assist, through its European Aviation Security Training Institute (EASTI) that, coincidently, is based in Brussels.

The Commission is also mandated to establish an on-going programme of developing additional harmonised technical requirements that are more detailed, to update existing standards in the field of civil aviation security. These would be brought in through implementing legislation.

Commission inspections

More detailed rules on the procedures for conducting Commission inspections were laid down in Commission Regulation (EU) No 1486/20033 , which was adopted in August 2003.

Amongst the procedures laid down in Regulation 1486/2003, of particular importance for the Commission was that Member States accepted that national inspectors would be made available to the Commission to participate in its inspections, subject to having undertaken Community training.

There are evident benefits in the possibility of inspection teams comprising both Commission inspectors and national inspectors seconded to the Commission by Member States on an inspection-by-inspection basis. This approach, known as the ‘peer review’ system, helps to assure Member States that the Community legislative requirements for aviation security are being applied in full throughout the Community through the sharing of knowledge and expertise, leading to mutual confidence in the security standards of other countries. And, in cases were security standards are found to be below the necessary standard, peer pressure will be a strong incentive (together with the ultimate sanction of a prosecution in the European Court of Justice) to taking prompt rectifying action. The ‘peer review’ system also ensures a more efficient use of resources and avoids the need for the Commission to have a large team of its own inspectors.

The Commission commenced inspections of the Community’s airports and national authorities in April 2004. In the following 12 months it has inspected around 20 airports and more than half of the Community’s 25 national administrations. The programme of inspections is on-going – with more than 500 EU airports there is plenty of work should the Commission wish to inspect all airports only once.

The inspections of airports have, inevitably, revealed some deficiencies. However, the Commission will not place details of this sensitive information in the public domain. But it can be said that the Member States are taking the inspection reports very seriously and are addressing and rectifying problems promptly.

In addition, by not only developing legislation on aviation security but also checking on its actual implementation this enables the Commission to learn from real-world practices. Consequently, legislative requirements can be amended, loopholes closed, misinterpretations rectified – in short, a closed loop between the law and the ‘real world’ has been created.

To conclude, some two-and-a-half years after the adoption of Regulation 2320/2002 and just over one year after commencing inspections, the European Commission is of the view that European legislation on aviation security is contributing to making airports in the European Community amongst the best in the world as regards aviation security standards. The task of maintaining and raising standards is continuous and one to which the Commission is committed.


(EC) No 2320/2002 of the European Parliament and the Council establishing common rules in the field of civil aviation security. OJ L355, 30.12.2002, p.1.
2. OJ L221 of 22.6.2004, p.6
3. OJ L213 of 23.8.2003, p.3

Robert Missen

For the past ten years Mr Missen has worked in the EC’s Directorate General for Transport, initially developing European legislation in the road transport sector. He moved to the unit for Aviation Security when it was created, to provide expertise in the production of legislation. He has thus been directly involved in the development and adoption of E.U. Regulation 2320/2002 as well as subsequent seven pieces of legislation that have been adopted already, as well as on-going legislative work.

Related topics

Related organisations

Send this to a friend