ICAO’s evolving framework on aviation security – what airports must do now

The International Civil Aviation Organization, ICAO, based in Montreal, Canada, is a specialised agency of the United Nations, established in December 1944 in Chicago, which celebrated its 80th anniversary last year.

2024 was also the 75th anniversary of the creation of the Annex 9 – Facilitation to the Chicago Convention, gathering standards and recommended practices, SARPS, on air transport facilitation, border management and security, and the 50th anniversary of the creation of Annex 17 – Aviation Security, preventing and supressing acts of unlawful interference against civil aviation.

This was celebrated through several events during the Year of Facilitation 2024, as well as the Security Week, in December 2024 in Oman, where states reiterated their commitment to improve the security, cyber-security, critical infrastructure protection and more globally the resilience of air transport, commitment materialised in the Muscat Declaration.

This year, ICAO will hold its 42nd Assembly, from 22 September to 3 October 2025, in its Headquarters in Montreal. This will be the opportunity for all 193 member states to set the direction for the next triennium and elect a new Council of 36 permanent representatives.

Discussions in Facilitation will be framed by the outcomes of the Facilitation Conference held in Doha, Qatar from 14 to 17 April 2025 and the discussions in security by the outcomes of the Security Week held in Muscat, Oman from 9 to 12 December 2024.

What are the challenges?

Even if a lot of progress has been made over the past decades, many challenges must be addressed to keep air transport safe, secure and as seamless as possible. The continuous passenger traffic growth and the persisting threats to civil aviation call for sustained efforts from ICAO, its member states and the whole industry, including airports and airlines operators.

Experts from states and the industry, assembled in panels, are supporting ICAO in the development of SARPS, addressed to states after a consultation process, which are then adapted by states in their national legislative and regulatory framework.

In the area of Facilitation, Annex 9 SARPS related to border management and security are supported by the Traveller Identification Programme Strategy, the ICAO TRIP Strategy, which provides benefits for both the passengers and the authorities by defining secure travel documents issuance and control and allowing automatised processing which expedites border crossing in the airports and increases the level of security at the same time.

Passenger data exchange, biometrics and soon, the Digital Travel Credential (DTC), will help dematerialise the travel documents, reduce control time and ease the flow of passengers, to help cope with the traffic growth.

In the area of security, experts from states help ICAO identify the threats to civil aviation and mitigate the risks through Annex 17 SARPS, guidance material, training and capacity building activities.

The global threat picture shows a sharp increase over recent years in geopolitical tensions around the globe and in the number of conflicts having a direct impact on the safety of flights, with more and more areas submitted to GNSS Radio-Frequency Interferences, such as GPS jamming and spoofing, the massive use of military or weaponised unmanned aerial systems (UAS) and the use of missiles against civilian airports and their facilities.

Cyber-attacks targeted against aviation assets, airports and airlines operators, have also increased, mostly associated with geopolitical conflicts or for criminal purpose (ransomwares) having the effect of disrupting the operations but without a direct impact on the safety of the passengers.

At a local level, security events monitoring through open-source intelligence and reporting by states across recent years show a concerning trend of disruptions caused by unruly passengers, false bomb threats, insider threats and airport intrusions and protests.

Many of the challenges cited above have an impact on airports and their activities, and although ICAO standards don’t apply directly to airport operators, airports are the place where most of the security measures defined in Annex 17 are effectively implemented. Those standards are designed to be risk based, so effective security starts by a local risk assessment, which necessitates some knowledge of the threat picture, and explains why security measures may differ from one country to the other.

Security regulatory framework evolution

There has not been a major evolution in Annex 17 standards recently, and the next amendment to come will clarify some existing provisions on one stop security (OSS), which is a powerful concept allowing to ease the flow for connecting passengers and avoid redundant security measures by bilaterally recognising, verifying and monitoring the level of security measures applied at the point of departure.

ICAO recently updated the Global Aviation Security Plan, GASeP, which helps states prioritise their activities to improve the implementation of Annex 17 standards, with the support of the multiple guidance material available to them.

The new GASeP reaffirms the aspirational goal to achieve and sustain a strong global aviation security system that is underpinned by full and effective implementation of ICAO aviation security standards in all member states. A new feature is monitoring progress through a combination of voluntary self-reporting, and Universal Security Audit Programme – Continuous Monitoring Approach (USAP-CMA) results, using milestones to assess global progress. States and industry are encouraged to leverage these when setting national goals and developing any roadmap to reach the shared aspirational goal.

Improvements in technology will bring benefits to passengers. We see more and more cabin baggage screening equipment able to control passenger luggage without having to remove laptops and hopefully soon also able to screen liquids, aerosols and gels (LAGS). These evolutions don’t need any change in ICAO Standards, but rather technological improvements.

So, what must airports do now?

As stated above, ICAO SARPS are addressed to states, not to airport operators, and need to be adapted within national laws and regulations to derive in obligations to operators that then have to comply. But above and beyond regulatory compliance, in a very competitive sector, airports may, and often do, have a more service-oriented and customer-oriented way of addressing aviation security and facilitation, to make it a competitive asset.

Security and facilitation in airports are part of the general processing of passenger flow and need to be properly designed and articulated in order not to create bottlenecks or choking points, so security by design is a must, as is developing a strong security culture.

In this respect, many activities have been initiated since the ICAO Year of Security Culture, in 2021, to spread the security culture to all aviation professionals, beyond security personnel, as well as people working in an airport environment and ultimately all passengers. Airports were and still are at the forefront of this cultural change.

ICAO remains the place where states, the industry and all stakeholders work together to build the consensus through which standards and recommended practices are developed and adopted. Airports are represented by Airports Council International World (ACI World), their expertise is highly appreciated and their voice is heard!