Commission Implementing Regulation (EU) 2025/23 of 19 December 2024 laying down rules for the application of Regulation (EU) 2018/1139 of the European Parliament and of the Council, as regards requirements for the oversight of ground handling services and organisations providing them

Article 1

Subject matter

This Regulation lays down detailed rules on the allocation of responsibilities of national competent authorities responsible for the oversight of ground handling services and organisations providing such services, rules on exchange of information, qualification of personnel and administration and management systems of those competent authorities.

Article 2

Definitions

For the purpose of this Regulation, the following definitions shall apply:

(1) ‘cooperative oversight’ means a coordinated oversight process that involves more than one competent authority to oversee an organisation providing ground handling services at aerodromes that are under the jurisdiction of more than one competent authority or in more than one Member State; whereas the competent authorities determine their individual tasks, share relevant data and information for the oversight, promote cooperation to ensure a uniform oversight and efficient use of resources by, inter alia, avoiding duplications of tasks, audits and inspections;

(2) ‘audit’ means a systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which requirements are complied with; whereas audits may include inspections;

(3) ‘inspection’ means, in the context of compliance monitoring and oversight, an independent and documented conformity evaluation by observation and judgement accompanied, as appropriate, by measurements, testing or gauging, in order to verify compliance with applicable requirements; whereas an inspection may be part of an audit, but may also be conducted outside the normal audit plan, in particular, to verify the closure of a certain finding.

Article 3

Main obligations of the Member States

The national competent authorities shall have the following obligations, which are detailed further in the Annex to this Regulation:

(a) to receive declarations from organisations that perform ground handling services at the aerodromes that are under their jurisdiction;

(b) to conduct oversight of those ground handling organisations;

(c) to ensure the personnel assigned to perform ground handling oversight are appropriately trained, qualified and competent and their competence is maintained;

(d) to contribute to the implementation of an effective cooperative oversight;

(e) to take or initiate enforcement measures as appropriate.

Article 4

Oversight

Coordination shall be established between those authorities to ensure effective oversight of all ground handling activities and organisations performing them within their respective remits.

Personnel authorised by the competent authority to carry out oversight activities shall be empowered to perform the following tasks:

(a) examine the records, data, procedures and any other material relevant to the execution of the oversight task;

(b) take away copies of or extracts from such records, data, procedures and other material;

(c) ask for an oral explanation on-site when necessary;

(d) enter relevant premises, operating sites or other relevant areas and means of transport;

(e) perform audits, investigations, tests, exercises, assessments, inspections; and

(f) take or initiate enforcement measures as appropriate.

Where necessary, Member States shall empower the personnel to carry out additional tasks for the purpose of oversight activities.

Article 5

Agency support to facilitate cooperative oversight

The Agency shall facilitate the effective implementation of the cooperative oversight requirements by the Member States, to enable secure access and exchange of relevant information and documentation among competent authorities, necessary to exercise their tasks related to oversight and enforcement pursuant to this Regulation.

Article 6

Transitional provisions

By way of derogation from point ARGH.OVS.305(c), competent authorities shall perform at least one comprehensive oversight of all declaring organisations in their Member State by 27 March 2033 at the latest.

The competent authority shall take into account the prior operational experience of an organisation when developing its oversight plan.

Article 7

Entry into force and application

The following points shall apply from 27 March 2031:

(a) point ARGH.GEN.125(c);

(b) point ARGH.GEN.136;

(c) point ARGH.MGM.200(e);

(d) point ARGH.MGM.205(e);

(e) point ARGH.MGM.211;

(f) point ARGH.OVS.300(f).

This Regulation shall be binding in its entirety and directly applicable in all Member States.

ANNEX

SUBPART GEN

GENERAL REQUIREMENTS

ARGH.GEN.005   Scope

This Annex establishes requirements for the competent authorities and for their responsibilities referred to in Articles 3(1) and 4 of this Regulation to conduct oversight of the ground handling organisations and the ground handling services that they provide in accordance with Delegated Regulation (EU) 2025/20.

ARGH.GEN.100   Competent authority

(a) The competent authority responsible for the oversight of organisations providing ground handling services at an aerodrome within the scope of Regulation (EU) 2018/1139 shall be the authority designated by the Member State where the aerodrome is located.

(b) Without affecting point (a), the competent authority responsible for receiving the declaration from a single ground handling organisation business grouping or a self-handling aircraft operator that has its principal place of business in a Member State and provides ground handling services in more than one Member State shall be the authority designated by the Member State where the organisation has its principal place of business. That declaration shall be considered to have been submitted to all competent authorities concerned if both the following conditions are met: (1) it includes information on the ground handling services provided at all the aerodromes within the scope of Regulation (EU) 2018/1139 in all the Member States where the ground handling organisation provides services; (2) it reaches out to all the Member States concerned through the repository of information established in accordance with Article 74 of Regulation (EU) 2018/1139.

(c) Once submitted, the declaration is valid and recognised in all Member States without further requirements or evaluation, in accordance with Article 67(1) of Regulation (EU) 2018/1139.

(d) The competent authority responsible for the oversight of organisations referred to in point (b) shall be the authority designated by the Member State where the aerodrome is located. The sharing of tasks among the competent authorities concerned for the oversight of those organisations shall be done in accordance with point ARGH.OVS.330.

ARGH.GEN.115   Oversight documentation

The competent authority shall provide the relevant legal acts, standards, rules, technical publications and related documents, as well as guidance material to its personnel in order to allow them to perform their tasks and to discharge their responsibilities.

ARGH.GEN.120   Means of compliance

The Agency shall develop acceptable means of compliance (AMC) that may be used to establish compliance with Regulation (EU) 2018/1139 and its delegated and implementing acts.

ARGH.GEN.125   Information to be provided to the Agency

(a) Where the competent authority has become aware of any significant problems with the implementation, by a ground handling organisation, of Regulation (EU) 2018/1139 and its delegated and implementing acts, it shall notify the Agency thereof without undue delay, and in any case within 30 days from the time it has become aware of those problems.

(b) Without affecting Regulation (EU) No 376/2014 of the European Parliament and of the Council (²) and its delegated and implementing acts, the competent authority shall provide the Agency, as soon as possible, with safety-significant information stemming from occurrence reports stored in the national database pursuant to Article 6(6) of Regulation (EU) No 376/2014.

(c) The competent authority shall provide the Agency, as soon as possible, with safety-significant information stemming from the information security reports it has received pursuant to point IS.D.OR.230 of the Annex to Delegated Regulation (EU) 2022/1645.

ARGH.GEN.135   Immediate reaction to a safety problem

(a) Without affecting Regulation (EU) No 376/2014 and its delegated and implementing acts, the competent authority shall implement a system to collect, analyse and disseminate safety information.

(b) The Agency shall implement a system to analyse any safety-relevant information received and, without undue delay, provide the competent authority of the Member States and the Commission with any information, including recommendations or corrective actions to be taken, necessary for them to react in a timely manner to a safety problem involving organisations responsible for the provision of ground handling services subject to Regulation (EU) 2018/1139 and its delegated and implementing acts.

(c) Upon receiving the information referred to in points (a) and (b), the competent authority shall take adequate measures to address the safety problem.

(d) The competent authority shall immediately transmit the measures taken in accordance with point (c) to the ground handling organisation, which shall comply with them under Regulation (EU) 2018/1139 and its delegated and implementing acts. The competent authority shall also notify those measures to the Agency and, when combined action is required, to the other competent authorities concerned.

(e) If relevant, the measures notified to a ground handling organisation shall also be notified to the aerodrome operator where the ground handling organisation provides the ground handling services subject to those measures.

ARGH.GEN.136   Immediate reaction to an information security incident or vulnerability with an impact on aviation safety

(a) The competent authority shall implement a system for the collection, analysis, and dissemination of information related to information security incidents and vulnerabilities with a potential impact on aviation safety that are reported by ground handling organisations. This shall be done in coordination with any other relevant authorities responsible for information security or cybersecurity within the Member State concerned to increase the coordination and compatibility of reporting schemes.

(b) The Agency shall implement a system for the analysis of any relevant safety-significant information received pursuant to point ARGH.GEN.125(c), and without undue delay provide the Member States and the Commission with any information, including recommendations or corrective actions to be taken, necessary for them to react in a timely manner to an information security incident or vulnerability with a potential impact on aviation safety involving products, equipment, persons or organisations subject to Regulation (EU) 2018/1139 and its delegated and implementing acts.

(c) Upon receiving the information referred to in points (a) and (b), the competent authority shall take adequate measures to address the potential impact of the information security incident or vulnerability on aviation safety.

(d) Measures taken in accordance with point (c) shall immediately be notified to all persons or organisations that shall comply with them under Regulation (EU) 2018/1139 and its delegated and implementing acts. The competent authority shall also notify those measures to the Agency and, when combined action is required, the competent authorities of the other Member States concerned.

SUBPART MGM

MANAGEMENT

ARGH.MGM.200   Management system

(a) The competent authority shall establish, implement and maintain a management system that includes all the following elements: (1) documented policies and procedures to describe its organisation, means and methods to achieve compliance of the competent authority with Regulation (EU) 2018/1139 and its delegated and implementing acts, which shall be kept up to date and serve as the basic working documents within that competent authority for all related tasks; (2) sufficient personnel, including inspectors, to perform its tasks and discharge its responsibilities; (3) adequate facilities and office accommodation to perform the allocated tasks; (4) a function to monitor the compliance of the management system with the relevant requirements and adequacy of the procedures including the establishment of an internal audit process and a safety risk management process; (5) a person or group of persons, ultimately responsible to the senior management of the competent authority for the compliance monitoring function.

(b) Regarding the personnel referred to in point (a)(2), the competent authority shall ensure the following: (1) the personnel shall have relevant aviation knowledge and experience and shall be adequately trained and qualified to perform the allocated tasks; (2) the inspectors shall receive initial training, on-the-job training, and recurrent training to ensure their continued competence, depending on their previous qualification and experience upon taking up their functions; (3) there shall be a system to plan the availability of personnel, in order to ensure the proper completion of all tasks.

(c) The compliance monitoring function referred to in point (a)(4) shall include a feedback system of audit findings to the senior management of the competent authority to ensure implementation of corrective actions as necessary.

(d) The competent authority shall appoint for each field of activity, including the management system, one or more persons with the overall responsibility for the management of the tasks referred to in point (a).

(e) In addition to the requirements in point (a), the management system established and maintained by the competent authority shall comply with Annex I (Part-IS.AR) to Commission Implementing Regulation (EU) 2023/203 (³) in order to ensure the proper management of information security risks which may have an impact on aviation safety.

ARGH.MGM.205   Allocation of tasks to qualified entities

(a) The competent authority may allocate to qualified entities tasks related to the registration of declarations or continuing oversight of ground handling organisations subject to Regulation (EU) 2018/1139 and its delegated and implementing acts.

(b) When allocating tasks to a qualified entity, the competent authority shall ensure that: (1) that authority has a system in place to initially and continually assess whether the qualified entity complies with Annex VI to Regulation (EU) 2018/1139; (2) the system referred to in point (1) and the results of the assessments are documented; (3) the authority has established a documented agreement with the qualified entity, approved by both parties at the appropriate management level, which clearly defines: (i) the tasks to be performed; (ii) the declarations, reports and records to be provided; (iii) the technical conditions to be met in performing such tasks; (iv) the related liability coverage; (v) the protection given to information acquired in carrying out such tasks.

(c) The competent authority shall establish procedures to ensure that all the information related to the submission of a declaration by a ground handling organisation is promptly communicated between the competent authority and the qualified entity.

(d) The competent authority shall ensure that the internal audit process and safety risk management process referred to in point ARGH.MGM.200(a)(4) of this Annex cover all tasks related to the acceptance of declarations or continuing oversight tasks performed on its behalf.

(e) For the oversight of the ground handling organisation’s compliance with point ORGH.MGM.201 of Annex I to Delegated Regulation (EU) 2025/20, the competent authority may allocate tasks to qualified entities in accordance with point (a) or to any relevant authority responsible for information security or cybersecurity within the Member State. When allocating tasks, the competent authority shall ensure that: (1) all aspects related to aviation safety are coordinated and taken into account by the qualified entity or the relevant authority; (2) the results of the oversight activities performed by the qualified entity or the relevant authority are integrated in the overall oversight files of the ground handling organisation; (3) its own information security management system, established in accordance with point ARGH.MGM.200(e), covers all the continuing oversight tasks performed on its behalf.

ARGH.MGM.210   Changes to the management system

(a) The competent authority shall have a system in place to identify changes that affect its capability to perform its tasks and discharge its responsibilities as laid down in Regulation (EU) 2018/1139 and its delegated and implementing acts. That system shall enable it to take action, as appropriate, to ensure that its management system remains adequate and effective.

(b) The competent authority shall update its management system to reflect any changes to Regulation (EU) 2018/1139 and its delegated and implementing acts in a timely manner.

(c) The competent authority shall notify the Agency of changes affecting its capability to perform its tasks and discharge its responsibilities as laid down in Regulation (EU) 2018/1139 and its delegated and implementing acts.

ARGH.MGM.211   Changes to the information security management system of a ground handling organisation

(a) For changes managed and notified to the competent authority in accordance with the procedure set out in point IS.D.OR.255(a) of the Annex to Delegated Regulation (EU) 2022/1645, the competent authority shall include the review of such changes in its continuing oversight in accordance with the principles laid down in point ARGH.OVS.300 of this Annex. If any non-compliance is found, the competent authority shall notify the organisation thereof, request further changes and act in accordance with point ARGH.OVS.325 of this Annex.

(b) For other changes referred to in point IS.D.OR.255(b) of the Annex to Delegated Regulation (EU) 2022/1645, the competent authority shall check the ground handling organisation’s compliance with the applicable requirements as part of the oversight tasks.

ARGH.MGM.215   Record-keeping