Commission Implementing Regulation (EU) 2019/779 of 16 May 2019 laying down detailed provisions on a system of certification of entities in charge of maintenance of vehicles pursuant to Directive (EU) 2016/798 of the European Parliament and of the Council and repealing Commission Regulation (EU) No 445/2011 (Text with EEA relevance.)

Article 1

Subject matter and scope

Article 2

Definitions

For the purposes of this Regulation, the following definitions shall apply:

(a) ‘accreditation’ means accreditation as defined in Article 2(10) of Regulation (EC) No 765/2008;

(b) ‘certification body’ means a body, responsible for the certification of entities in charge of maintenance or for certification of the entity or organisation that fulfil maintenance functions referred to in points (b), (c) or (d) of Article 14(3) of Directive (EU) 2016/798, or parts of those functions;

(c) ‘release to service’ means the justified and recorded assurance, accompanied by documentation where appropriate, given by the entity delivering the maintenance to the fleet-maintenance manager that maintenance has been delivered according to the maintenance orders;

(d) ‘return to operation’ means a notice given to the user, such as a railway undertaking or a keeper, by the entity in charge of maintenance, based on a release to service, assuring that all appropriate maintenance works have been completed and the vehicle, previously removed from operation, is in a condition to be used safely, possibly subject to restrictions of use;

The definition of ‘safety-critical component’ provided for in section 4.2.12.1 of Annex to Commission Regulation (EU) No 1302/2014 (¹) shall apply.

Article 3

System of Certification

An ECM certification establishing compliance with the requirements of Annex II shall be mandatory for any entity in charge of maintenance:

(a) responsible for the maintenance of freight wagons, or

(b) which is not a railway undertaking or an infrastructure manager maintaining vehicles exclusively for its own operations.

Article 4

Safety-critical components

Safety critical components including those identified under paragraph 4 above, shall be recorded in and managed through the relevant vehicle documentation as follows:

(a) manufacturers shall manage information on safety critical components and appropriate maintenance instructions related to them through reference in the technical file of subsystems referred to in Article 15(4) of Directive (EU) 2016/797; and

(b) entities in charge of maintenance shall manage safety critical components and appropriate maintenance instructions as well as relevant maintenance activities in the maintenance file or documentation referred to in Article 14 of Directive (EU) 2016/798.

Article 5

Obligations of parties involved in the maintenance process

Where there is a change of entity in charge of maintenance, the keeper, in accordance with Article 47(6) of Directive (EU) 2016/797, shall inform without delay the registration entity referred to in Article 4(1) of Commission Decision 2007/756/EC (³) and request the update of the vehicle register. In that situation:

(i) the former entity in charge of maintenance shall without delay deliver the maintenance documentation to the keeper;

(ii) the former entity in charge of maintenance shall be relieved of its obligations when it is removed from the vehicle register;

(iii) in the absence of a new entity in charge of maintenance the registration of the vehicle shall be suspended.

Article 6

Certification bodies

Member States shall provide the Agency with the following information concerning the certification bodies:

— name

— address

— contact details

— the nature of their empowerment in accordance with Article 14 of Directive (EU) 2016/798 (accreditation, recognition or if they have taken on the task as the national safety authority)

Article 7

Certification of entities in charge of maintenance

Article 8

Compliance of entities in charge of maintenance

Where the certification body finds that an entity in charge of maintenance no longer complies with the requirements on the basis of which it issued the ECM certification, it can take one of the following actions:

— agree an improvement plan with the entity in charge of maintenance,

— decide to limit the scope of the ECM certification,

— suspend or revoke the certification, depending on the extent of non-compliance.

Article 9

Outsourcing maintenance functions

Article 10

Certification for outsourced maintenance functions

In assessing applications for certification in respect of outsourced maintenance functions or parts thereof, certification bodies shall apply:

(a) the requirements and assessment criteria set out in Section I of Annex II, adapted to the organisation's type and extent of service;

(b) the requirements and assessment criteria describing the specific maintenance function or functions.

Article 11

Role of the national safety authorities

If a national safety authority has knowledge that an entity in charge of maintenance does not comply with the requirements of Annex III of Directive (EU) 2016/798 or with the certification requirements of this Regulation, it shall inform the national bodies or authorities responsible for the accreditation or recognition, the Agency, the certification body and other interested parties as appropriate.

Article 12

Cooperation with the certification bodies

The Agency shall support the harmonised system of certification through the provision of:

(a) assistance to national accreditation bodies and to the relevant national authorities recognising the certification bodies;

(b) cooperation on appropriate accreditation and certification schemes. Those schemes shall set out evaluation criteria and procedures to assess compliance of certification bodies with the requirements set out in Annex I (via the European accreditation infrastructure established pursuant to Article 14 of Regulation (EC) No 765/2008).

Article 13

Provision of information

Article 14

Reporting

The Agency shall address to the Commission a first report on the implementation of this Regulation five years following its entry into force. The Agency shall address subsequent reports on the implementation of this Regulation every three years following the first report.

Article 15

Transitional provisions

Article 16

Repeal

Regulation (EU) No 445/2011 is repealed with effect from 16 June 2020.

Certificates issued under Regulation (EU) No 445/2011 by a certification body shall be deemed equivalent to certificates issued under this Regulation for their original period of validity.

Article 17

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

It shall apply from 16 June 2020. However, Article 4 shall apply from 16 June 2021 and Article 15(6) shall apply from 1 March 2020.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

ANNEX I

Criteria for accreditation or recognition of certification bodies involved in the assessment and award of ECM certificates

1. ORGANISATION

The certification body shall document its organisational structure, showing the duties, responsibilities and authorities of management and other certification staff and any committees. Where the certification body is a defined part of a legal entity, the structure shall include the line of authority and the relationship to other parts within the same legal entity.

2. INDEPENDENCE

The certification body shall be organisationally and functionally independent in its decision-making from railway undertakings, infrastructure managers, keepers, manufacturers and entities in charge of maintenance and shall not provide similar services.

The independence of the staff responsible for the certification checks shall be guaranteed. No official shall be remunerated on the basis of either the number of checks performed or the results of those checks.

3. COMPETENCE

The certification body and the staff deployed shall have the required professional competence, in particular regarding the organisation of the maintenance of vehicles and the appropriate maintenance system. The specific requirements addressing the personnel involved in the management and performance of assessment and in the certification shall be described in the accreditation scheme.

4. IMPARTIALITY

The certification body's decisions shall be based on objective evidence of conformity or non-conformity obtained by the certification body, and shall not be influenced by other interests or by other parties.

5. RESPONSIBILITY

The certification body is not responsible for ensuring ongoing conformity with the requirements for certification.

The certification body has the responsibility to assess sufficient objective evidence upon which to base a certification decision.

6. OPENNESS

A certification body shall provide public access to, or disclosure of, appropriate and timely information about its audit process and certification process. It shall also provide information about the certification status (including the granting, extension, maintenance, renewal, suspension, reduction in scope, or withdrawal of certification) of any organisation, in order to develop confidence in the integrity and credibility of certification. Openness is a principle of access to, or disclosure of, appropriate information.

7. CONFIDENTIALITY

To gain the privileged access to information needed to assess conformity with the requirements for certification adequately, a certification body shall keep confidential any commercial information about a client.

8. RESPONSIVENESS TO COMPLAINTS

The certification body shall establish a procedure to handle complaints about decisions and other certification-related activities.

9. LIABILITY AND FINANCING

The certification body shall be able to demonstrate that it has evaluated the risks arising from its certification activities and that it has adequate arrangements (including insurance or reserves) to cover liabilities arising from its operations in each field of its activities and the geographic areas in which it operates.

ANNEX II

Requirements and assessment criteria for organisations applying for an ECM certificate or for a certificate in respect of maintenance functions outsourced by an entity in charge of maintenance

I. Requirements and assessment criteria for the management function

The organisation shall have procedures for:

(a) establishing a maintenance policy appropriate to the organisation's type and extent of service and approved by the organisation's chief executive or his or her representative;

(b) ensuring that safety targets are established, in line with the legal framework and consistent with an organisation's type, extent and relevant risks;

(c) assessing its overall safety performance in relation to its corporate safety targets;

(d) developing plans and procedures for reaching its safety targets;

(e) ensuring that the resources needed to perform all processes are available to comply with the requirements of this Annex;

(f) identifying and managing the impact of other management activities on the maintenance system;

(g) ensuring that senior management is aware of the results of performance monitoring and audits and takes overall responsibility for the implementation of changes to the maintenance system;

(h) ensuring that staff and staff representatives are adequately represented and consulted in defining, developing, monitoring and reviewing the safety aspects of all related processes that may involve staff.

2.1. The organisation shall have procedures and arrangements in place to recognise the need and commitment to collaborate with keepers, railway undertakings, infrastructure managers, designers and manufacturers of vehicles and components or other interested parties.

2.2. The organisation shall have risk management procedures to manage changes in the maintenance file, including maintenance plans, equipment, procedures, organisation, staffing or interfaces, and to apply the common safety methods related to the risk evaluation and assessment methods as adopted pursuant to point (a) of Article 6(1) of Directive (EU) 2016/798.

2.3. When assessing risk, an organisation shall have procedures to take into account the need to determine, provide and sustain an appropriate working environment which conforms to Union and national legislation, in particular Council Directive 89/391/EEC (⁵).

3.1. The organisation shall have a procedure to regularly collect, monitor and analyse relevant safety data, including:

3.2. The organisation shall have procedures to ensure that accidents, incidents, near-misses and other dangerous occurrences are reported, logged, investigated and analysed.

3.3. For a periodic review of all processes, the organisation shall have an internal auditing system which is independent, impartial and acts in a transparent way. This system shall have procedures in place to:

3.4. The procedures mentioned in points 3.1, 3.2 and 3.3 of this Section shall comply with the common safety methods related to the risk evaluation and assessment methods as adopted pursuant to point (a) of Article 6(1) of Directive (EU) 2016/798 and to the methods for assessing the safety level and the safety performance of railway operators at national and Union level as adopted pursuant to point (d) of Article 6(1) of that Directive.

The organisation shall have procedures to ensure that:

(a) identified shortcomings are rectified;

(b) new safety developments are implemented;

(c) internal audit findings are used to bring about improvement in the system;

(d) preventive or corrective actions are implemented, when needed, to ensure compliance of the railway system with standards and other requirements throughout the lifecycle of equipment and operations;

(e) relevant information relating to the investigation and causes of accidents, incidents, near-misses and other dangerous occurrences is used to learn and, where necessary, to adopt measures in order to improve the level of safety;

(f) relevant recommendations from the national safety authority, from the national investigation body and from industry or internal investigations are evaluated and implemented if appropriate;

(g) relevant reports or information from railway undertakings/infrastructure managers, keepers or other relevant sources are considered and taken into account.

5.1. The organisation shall have procedures to allocate responsibilities for all relevant processes throughout the organisation.

5.2. The organisation shall have procedures to clearly define safety-related areas of responsibility and the distribution of responsibilities to specific functions associated with them as well as their interfaces. Those include the procedures indicated in point 2.1 above between the organisation and the keepers and, where appropriate, railway undertakings and infrastructure managers.

5.3. The organisation shall have procedures to ensure that staff with delegated responsibilities within the organisation have the authority, competence and appropriate resources to perform their functions. Responsibility and competence shall be coherent and compatible with the given role, and delegations shall be in writing.

5.4. The organisation shall have procedures to ensure the coordination of activities related to relevant processes across the organisation.

5.5. The organisation shall have procedures to hold those with a role in the management of safety accountable for their performance.

6.1. The organisation shall set up a competence management system providing for:

6.2. Within the organisation's competence management system, there shall be procedures to manage the competence of staff, including at least:

7.1. The organisation shall have procedures to define reporting channels to ensure that, within the entity itself and in its dealings with other actors, including infrastructure managers, railways undertakings, keepers and designers or manufacturers of vehicles or components, or both, when appropriate, information on all relevant processes is duly exchanged and submitted to the person having the right role both within its own organisation and in other organisations, in a prompt and clear way.

7.2. To ensure an adequate exchange of information, the organisation shall have procedures for:

7.3. The organisation shall have procedures to ensure that key operational information is:

7.4. The requirements set out in points 7.1, 7.2 and 7.3 apply in particular to the following operational information:

8.1. The organisation shall have adequate procedures in place to ensure that all relevant processes are duly documented.

8.2. The organisation shall have adequate procedures in place to:

9.1. The organisation shall have procedures in place to ensure that safety-related products and services are identified.

9.2. When making use of contractors or suppliers, or both, for safety-related products and services, the organisation shall have procedures in place to verify at the time of selection that:

9.3. The organisation shall have a procedure to define the requirements that such contractors and suppliers have to meet.

9.4. The organisation shall have procedures to monitor the awareness of suppliers and/or contractors of risks they entail to the organisation's operations.

9.5. When the maintenance or management system of a contractor or supplier is certified, the monitoring process described in point 3 may be limited to the results of the contracted operational processes referred to in point 3.1(b).

9.6. At least the basic principles for the following processes shall be clearly defined, known and allocated in the contract between the contracting parties:

II.   Requirements and assessment criteria for the maintenance development function