Extraterritorial measures – airlines left to pick up the pieces

Posted: 10 September 2017 | | No comments yet

The extraordinary events surrounding the public threat from personal electronic devices (PEDs) continue to raise a number of interesting questions. Matthew Vaughan, Director of Aviation Security at IATA, explores further.


Discussions regarding the nature of the threat information, the effectiveness of existing checkpoint screening technologies, the variation of requirements between states and the sovereignty of states when implementing the standards of ICAO Annex 17, have dominated news headlines and discussion among aviation security specialist groups. But one of the most important issues raised by the ban has been overlooked – the questions and challenges raised by the implementation of unilateral measures of an extraterritorial nature. The replacement of a ban by the U.S. DHS/TSA with alternative and/or additional measures imposed on airlines is central to this argument. 

Governments are responsible for safeguarding and protecting the civil aviation industry. Thus, when there is an urgent need for additional security measures to be implemented due to a time-sensitive security threat and/or vulnerability, the industry is always quick to comply.

The industry fully accepts that short-term, unilateral, extraterritorial measures are required to protect against a specific threat. However, short-term solutions should not be used as long-term counter security measures. Terrorists are not going to stop searching for ways to circumvent security systems – the threat is here to stay.

The current unilateral, extraterritorial measures are not a long-term solution – even if in some cases they are voluntary for airlines to implement. They are damaging the industry and negatively affecting passengers.

The measures are also putting a major security onus – which is the primary responsibility of governments – onto the airlines. The previous ban of PEDs from the cabin of the aircraft required affected airlines to enforce restrictions by implementing additional measures resulting in the carriage of PEDs in the hold. Airlines were left to manage residual security and safety risks.

More recently, the roll-out of the new measures continues to place disproportionate emphasis on airline security measures where aspects of the new security directive are arguably a government responsibility. Identified vulnerabilities and thus risks to the industry ought to be successfully reduced and managed at central and/or primary checkpoint screening, carried out by authorities and/or organisations contracted by authorities with appropriate oversight.

Unilateral, extraterritorial security measures instituted by states are largely considered beyond the Standards and Recommended Practices (SARPs) contained in ICAO Annex 17 and may affect existing bilateral aviation agreements between countries. They also create regulatory risk for those airlines that decided and/or not decide to implement such measures. Sovereignty is such that some states preclude airlines from implementing secondary or carrier’s own requirements. Jurisdictional regulations at point of departure may place the airline in a difficult regulatory compliance position at the point of arrival in another country. States need to recognise these measures within the SARPs framework by which bilateral agreements have been established.

States requiring extraterritorial measures need to do more bilaterally when managing new threats. They need to find ways to influence reciprocal changes at central and/or primary checkpoints where Annex 17 SARPs are implemented.

Bilateral/multilateral solutions to counter the risk of terrorist threats to aviation is essential. Annex 17 mandates harmonised implementation of security measures. As a minimum, harmonisation needs to be in place between two countries that share scheduled air transport services.

Supporting this aim, IATA continues to work with its member airlines to develop a strategy of response based on alternative measures within the ambit of Annex 17. On 10 May 2017, IATA facilitated a Security Summit in Washington, D.C., which included airlines, airports, associations and regulators. The objective of the summit was to identify measures that could be taken as an alternative to any expansion of the ban. These alternative measures would enhance security whilst reducing the impact on our passengers and airlines.

ICAO’s role in this effort is critical. The ICAO guidance material on the Security Management System (SeMS) approach ensures a shared outcome among aviation security stakeholders. It is best characterised by the phrase ‘layered approach’, which is widely used to describe the various levels of security measures and who implements them. If the layered approach was adopted in its prescribed form in response to the PED ban, airlines would not be left to manage the residual risk at the boarding gate.

The industry does not have an issue in coming together to implement time-sensitive threat-based measures. However, short-term measures are not suitable for long term adoption. The focus now needs to be on the development of long-term measures at the primary checkpoint.

The solution is next generation screening technology. The industry is working together through the Smart Security Management Group (SSMG) – a joint programme between IATA and Airports Council International – providing the leadership required among invested stakeholders to take this forward. However, governments need to give far greater support to accelerating the development, certification and investment in widespread installation of more advanced screening machines at airport screening checkpoints. Full stakeholder collaboration in the evolution of sustainable, effective and balanced aviation security measures will ensure the layered approach continues to be successful in protecting an already extremely safe industry.


Matthew Vaughan is Director of Aviation Security for the International Air Transport Association (IATA). He has a Master’s Degree in Science, majoring in Risk Management and Security and holds a Bachelor Degree in Policing and Justice plus a Postgraduate Diploma in Criminal Intelligence, as well a number of aviation security management qualifications. Matthew has over 17 years security management experience drawing from law enforcement, Federal Government and private sector security roles. He has spent a large portion of his career thus far in the Middle East, both vocationally and academically developing interests in the utility of integrated risk models and continuity of civil aviation. Most recently, Matthew worked for Etihad Airways for over eight years, of which he spent the last five years as the Head of Aviation Security.