You are on page 1of 57

EUROPEAN ORGANISATION

FOR THE SAFETY OF AIR NAVIGATION

EUROCONTROL

INITIAL GUIDELINES FOR THE


CONFORMITY ASSESSMENT OF EATMN
SYSTEMS

Edition Number : 1.4


Edition Date : 20 March 2006
Status : Proposed Issue
Intended for : General Public
Category : Working Document

EUROCONTROL REGULATORY UNIT


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

DOCUMENT CHARACTERISTICS

TITLE

INITIAL GUIDELINES FOR THE CONFORMITY


ASSESSMENT OF EATMN SYSTEMS
Reference:
Document Identifier Edition Number: 1.4
Edition Date: 20 March 2006
Abstract

This document presents the initial guidelines for the conformity assessment of EATMN
systems.

Keywords
Conformity assessment
Technical file
EC Verification of EATMN
Systems
Conformity Assessment Plan
Contact Person(s) Tel Unit
Mr Jean-Paul DORE +32 2 729 36 23 DG/Regulatory Unit

DOCUMENT STATUS AND TYPE


Status Intended for Category
Working Draft † General Public ; Rule †
Restricted
Draft † † Specification †
EUROCONTROL
Proposed Issue ; Restricted RC † Guideline †
Released Issue † Restricted RU † ---------------------------------------------
Policy Document †
Study Report †
Summary of Responses †
Working Document ;

ELECTRONIC SOURCE
Path: P:\DG\RU\WORK PROGRAMME\CONFORMITY ASSESSMENT\CONFORMITY
ASSESSMENT TASK FORCE\CA
STUDIES\CA_study_SOF_O405_0106\initial_guidelines\intermediate_versions\Initial_Guidelin
es_V1.4.doc

Page ii Proposed Issue Version 1.4


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

DOCUMENT APPROVAL

The following table identifies all management authorities who have successively approved
the present issue of this document.

AUTHORITY NAME AND SIGNATURE DATE

Expert Regulatory Mr Jean-Paul DORE


Unit

Mr Jean-Luc GARNIER
Head of Regulatory
Unit

Version 1.4 Proposed Issue Page iii


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

DOCUMENT CHANGE RECORD

The following table records the complete history of the successive editions of the present
document.

EDITION PAGES
EDITION DATE REASON FOR CHANGE
NUMBER AFFECTED
1.0 01/02/06 Initial document (draft) All sections

1.1 24/02/06 Review by CATF members All sections

1.2 06/03/06 Addition chapter 7 ; refinement about the role and Chapters 7,
responsibility of stakeholders; introduction of 8, 9
Community specifications in the generic process
1.3 09/03/06 Comments and proposed dispositions drafted in Chapters 9,
Annex V of CATF#7-report_V1.1 10
1.4 20/03/06 Update of the introduction Chapter1

Version 1.4 Proposed Issue Page iv


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

CONTENTS
1 Introduction .........................................................................................................8

2 Document structure ............................................................................................9

3 Progressive application of conformity assessment of systems...................10

4 Reference documents.......................................................................................11

5 Abbreviations ....................................................................................................12

6 Objective ............................................................................................................13

7 Key points for the definition of the generic process for the conformity
assessment of eatmn systems ........................................................................14
7.1 Evolution of regulatory provisions applicable to EATMN systems..........................................14
7.2 Production of items for the EC declaration and the technical file ...........................................14
7.3 Means of compliance and presumption of conformity ............................................................14
7.4 Scope of the verification of an EATMN system.......................................................................15
7.5 Upgrade of an EATMN system ...............................................................................................15

8 Role and responsibility of stakeholders .........................................................17


8.1 Role and responsibility with respect to the lifecycle of EATMN systems................................17
8.2 Role and responsibility of the notified body ............................................................................18

9 Generic process for the conformity assessment of an EATMN system.......20


9.1 Determination of the on-site EATMN system..........................................................................23
9.2 Determination of the regulatory baseline ................................................................................25
9.3 Management of the CA plan ...................................................................................................26
9.4 Verification of the overall design .............................................................................................27
9.5 Verification of the development and integration of the system ...............................................28
9.6 Verification of the operational system .....................................................................................29
9.7 Verification of the specific system maintenance provisions....................................................30
9.8 Making the technical file..........................................................................................................31
9.9 Making the EC declaration of conformity ................................................................................32

10 Application of the EC verification to an EATMN system ...............................33


10.1 Top-down activity flow diagram...............................................................................................33
10.2 Determination of the EATMN system......................................................................................34
10.3 Determination of the regulatory baseline ................................................................................35
10.4 Verification of compliance with the regulatory baseline ..........................................................37

Version 1.4 Proposed Issue Page v


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

10.5 Verification of compliance with essential requirements ..........................................................38


10.6 Verification of compliance with implementing rules ................................................................46

11 Synthesis ...........................................................................................................47
11.1 Verification of compliance with essential requirements ..........................................................47
11.2 Verification of compliance with the implementing rules ..........................................................49

Annex A - Template for the conformity assessment plan ..........................50

Annex B - Technical file for the EC verification of EATMN systems .........52

Annex C - EC declaration of verification of the EATMN system................56

Table of figures

Figure 1: Scenarios and roles of ANSP ......................................................................................... 18


Figure 2: Level 0 of the CA process............................................................................................... 20
Figure 3: Level 1 of the CA process............................................................................................... 21
Figure 4: Activity A1 ....................................................................................................................... 23
Figure 5: Activity A2 ....................................................................................................................... 25
Figure 6: Activity A3 ....................................................................................................................... 26
Figure 7: Activity A4 ....................................................................................................................... 27
Figure 8: Activity A5 ....................................................................................................................... 28
Figure 9: Activity A6 ....................................................................................................................... 29
Figure 10: Activity A7 ..................................................................................................................... 30
Figure 11: Activity A8 ..................................................................................................................... 31
Figure 12: Activity A9 ..................................................................................................................... 32
Figure 13: Top-down activity flow diagram..................................................................................... 33
Figure 14 : Case of several systems within the same ATSU ......................................................... 35
Figure 15: EC verification against essential requirements............... Error! Bookmark not defined.
Figure 16: Reference materials...................................................................................................... 39

Table of tables

Table 1 : Activity A0: Highest level of description of the CA process ............................................ 20


Table 2 : Activity A1 of the CA process.......................................................................................... 23
Table 3 : Activity A2 of the CA process.......................................................................................... 25
Table 4 : Activity A3 of the CA process.......................................................................................... 26
Table 5 : Activity A4 of the CA process.......................................................................................... 27
Table 6 : Activity A5 of the CA process.......................................................................................... 28

Version 1.4 Proposed Issue Page vi


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

Table 7 : Activity A6 of the CA process.......................................................................................... 29


Table 8 : Activity A7 of the CA process.......................................................................................... 30
Table 9 : Activity A8 of the CA process.......................................................................................... 31
Table 10 : Activity A9 of the CA process........................................................................................ 32
Table 11 : Regulatory baseline ...................................................................................................... 37
Table 12 : Verification method for the essential requirements....................................................... 40
Table 13 : Assessment of compliance with ICAO SARPs ............................................................. 43
Table 14 : ER Safety: Assessment of compliance ......................................................................... 45
Table 15: Summary of the verification activities............................................................................. 49

Version 1.4 Proposed Issue Page vii


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

1 INTRODUCTION

This document presents the “initial guidelines for the conformity assessment of EATMN
systems”. It takes into account the outcome of discussions within the Conformity Assessment
Task Force (CATF), including written comments received.

Two key elements have influenced the drafting of these initial guidelines:

• The obligation to meet the requirements relating to the conformity assessment


specified in the interoperability regulation.

• The necessary pragmatic measures to implement conformity assessment activities


based where possible, on current practices.

These guidelines provide guidance material for the preparation of the conformity assessment
plan, which is the master document for the organization and management of the verification
activities.

The priority objective is now to validate these initial guidelines through practical experience,
including pilot trials which could be supported by the Regulatory Unit (RU). Such practical
validation is seen as a prerequisite before formal wide stakeholders consultation is
performed with a view to give the document the status of “EUROCONTROL Guidelines” as
described in the EUROCNTROL Regulatory and Advisory Framework (ERAF).

Version 1.4 Proposed Issue Page 8


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

2 DOCUMENT STRUCTURE

This document is structured as follows:

• Chapter 1 presents an introduction to the initial guidelines,


• Chapter 3 presents the progressive application of conformity assessment of systems,
• Chapter 4 presents the list of reference documents,
• Chapter 5 presents the list of abbreviations,
• Chapter 6 describes the objective of these initial guidelines,
• Chapter 7 underlines the key points for the definition of the generic process for the
conformity assessment of EATMN systems
• Chapter 8 describes the role and responsibility of stakeholders involved in the conformity
assessment of an EATMN system,
• Chapter 9 introduces the generic process for the conformity assessment of an EATMN
system,
• Chapter 10 provides guidance material for the EC verification of an EATMN system,
• Chapter 11 presents a synthesis of the EC verification activities,
• Annex A - Template for the conformity assessment plan,
• Annex B - Contents of the technical file,
• Annex C - Template for the EC declaration of verification of an EATMN system.

Version 1.4 Proposed Issue Page 9


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

3 PROGRESSIVE APPLICATION OF CONFORMITY ASSESSMENT OF


SYSTEMS

The essential requirements shall apply to EATMN systems and constituents ordered after
20th April 2004 (20th day following the publication of the interoperability Regulation in the
Official Journal of the European Union) and put into service from 20th October 2005
onwards.

The implementing rules refining essential requirements of the interoperability Regulation are
developed and put into force progressively. It entails that the regulatory baseline applicable
to EATMN systems will evolve progressively.

In the future, these initial guidelines will be enriched to address a wider regulatory baseline
including implementing rules and further refinement in the definition of EATMN systems.

Version 1.4 Proposed Issue Page 10


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

4 REFERENCE DOCUMENTS

The following reference documents are used in this report:

[Reference 1]: Regulation (EC) No 552/2004 of the European Parliament and of the
Council of 10 March 2004 on the interoperability of the European Air
Traffic Management network (the interoperability Regulation)

[Reference 2]: ATM Operational Concept, Volume 2, Concept of Operations

[Reference 3]: Council Decision 93/465/EEC of 22 July 1993 concerning the


modules for the various phases of the conformity assessment
procedures

[Reference 4]: Guide to the Implementation of Directives based on the New


Approach and the Global Approach/ European Commission.

[Reference 5]: - Common requirements on safety (safety management system,


safety requirement for risk management and mitigation with
regard to changes, safety requirements for engineering and
technical personnel undertaking operational safety related
tasks).

- ESARR6, Software in ATM systems.

Version 1.4 Proposed Issue Page 11


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

5 ABBREVIATIONS

ANSP Air Navigation Service Provider


ATC Air Traffic Control
ATM Air Traffic Management
ATS Air Traffic Services
CA Conformity Assessment
CATF Conformity Assessment Task Force
CONOPs Concept of Operations
CS Community Specification
ATM/CNS Air Traffic Management/Communication, Navigation, Surveillance
EASA European Aviation Safety Authority
EATMN European Air Traffic Management Network
EATMP European Air Traffic Management Plan
EC European Community
EEC European Economic Community
ER Essential Requirement
ESARR EUROCONTROL Safety Regulatory Requirement
EUROCAE EURopean Organisation for Civil Aviation Equipment
ICAO International Civil Aviation Organisation
IR Implementing Rule
ISO International Standard Organisation
NB Notified Body
NSA National Supervisory Authority
RC Regulatory Committee
RU Regulatory Unit
SARP Standard And Recommended Practices
SES Single European Sky
SRC Safety Regulation Committee
SRU Safety Regulation Unit

Version 1.4 Proposed Issue Page 12


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

6 OBJECTIVE

The objective of these initial guidelines is to provide guidance materials for the harmonisation
of the conformity assessment of EATMN systems.
To achieve this objective, the following points are addressed:
1. The key points for the definition of a generic process for the conformity assessment of
EATMN systems.
2. The role and responsibility of stakeholders involved in the conformity assessment of
EATMN systems.
3. The definition of a generic process for the conformity assessment of EATMN
systems. This process describes the different tasks, intermediate and final products
to carry out the conformity assessment of EATMN systems and to issue the EC
declaration of verification of system with its associated technical file.
4. The preparation of the EC verification 1 of an EATMN system with the description of
the system and the regulatory baseline applicable to this system.
5. The application of the EC verification to the EATMN system with practical guidance to
implement the EC verification.

Upon successful completion of the EC verification and before the putting into service of the
EATMN system, the ANSP shall issue:
• The EC declaration of verification of the EATMN system and the associated technical
file.

As of today, the regulatory provisions applicable to EATMN systems correspond to the


essential requirements and the implementing rules on Co-Ordination TRansfer (COTR) and
Initial Flight PLan (IFPL). Further regulatory provisions specified in implementing rules will
apply progressively to EATMN systems. These guidelines will be further refined with the
emergence of implementing rules.

1
Art 6 of Ref[1], Systems shall be subject to an EC verification by the ANSP (…)

Version 1.4 Proposed Issue Page 13


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

7 KEY POINTS FOR THE DEFINITION OF THE GENERIC PROCESS FOR THE
CONFORMITY ASSESSMENT OF EATMN SYSTEMS

7.1 Evolution of regulatory provisions applicable to EATMN systems


These initial guidelines are proposed as a first step focused on the EC verification of
compliance of EATMN systems. The proposed process is open to accommodate two sources
of regulatory provisions, the essential requirements and future regulatory provisions of
interoperability implementing rules. Implementing rules are developed progressively and
consequently, regulatory provisions applicable to EATMN systems will also evolve
progressively.

7.2 Production of items for the EC declaration and the technical file
The process is designed to meet the basic requirements of the interoperability regulation
relating to the verification of compliance of EATMN constituents and systems. In particular, it
is organised to produce all items required for the EC declaration of verification and the
technical file. The following is an excerpt of Annex IV of the interoperability Regulation:

“The technical file accompanying the EC declaration of verification must contain all
the necessary documents relating to the characteristics of the system, including the
conditions and limits of use, as well as the documents certifying conformity of
constituents where appropriate.

The following documents shall be included as a minimum:



- where a notified body has been involved in the verification of the system(s), a
certificate countersigned by itself, stating that the system complies with this
regulation and mentioning any reservations recorded during performance of
activities and not withdrawn,
- where there has not been involvement of a notified body, a record of the tests
and installation configurations made with a view to ensuring compliance with
essential requirements and any particular requirements contained in the
relevant implementing rules for interoperability.

A copy of the technical file must be kept by the provider throughout the service life of
the system. It must be sent to any other Member States which so request.”

The process takes due account of the possible intervention of notified bodies to the extent it
impacts the contents of the EC declaration or the technical file.

7.3 Means of compliance and presumption of conformity


A means of compliance specifies a technical or procedural solution that ensures compliance
with essential requirements and regulatory provisions of implementing rules. Community
specifications and EUROCONTROL specifications can give a presumption of conformity with
identified essential requirements and regulatory provisions of implementing rules, when the
reference numbers of these specifications are published in the Official Journal of the
European Union by the Commission. In the absence or in complement to Community
specifications other documents such as EUROCONTROL specification, ICAO or EUROCAE
documents can be proposed as means of compliance. When an EATMN system implements

Version 1.4 Proposed Issue Page 14


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

community specifications, there is no need to justify that these specifications are means of
compliance with identified essential requirements and regulatory provisions of implementing
rules. When an EATMN system implements other international standards or proprietary
technical specifications, the ANSP must justify that these specifications can be considered as
means of compliance with a set of essential requirements and regulatory provisions of
implementing rules.

7.4 Scope of the verification of an EATMN system


The verification of an EATMN system applies to an EATMN system installed into its
operational environment before its putting into service. The ANSP responsible for the EC
declaration of verification of system is responsible for the verification of the EATMN system.
This responsibility is clearly different from the specification of needs of a system, the design,
development and factory integration of a system even if some ANSPs may be involved in all
of these activities.

The verification of an EATMN system is broken down into 4 main verification tasks (see
Annex IV (2) of the interoperability Regulation:

• Verification of the overall design, T1


• Verification of the development and integration of the system, T2
• Verification of the system in its operational environment, T3
• Verification of the maintenance procedures, T4.

Verification tasks T1 and T2 apply to documents produced during the design and
development phases of the system under the responsibility of other entity (ies).

Verification task, T3 aims at ensuring that the EATMN system is interoperable in its
operational environment and complies with the applicable requirements (interoperability
Regulation and relevant implementing rules).

Verification task, T4 aims at ensuring that the maintenance procedures comply with
applicable regulatory provisions, if any.

For the sake of supervision of compliance, the NSA may require the inclusion of specific
verification results of T1 to T4 into the technical file.

7.5 Upgrade of an EATMN system


The EC declaration of an EATMN system is valid as long as:

• The regulatory baseline does not evolve,


• There is no upgrade impacting the operational characteristics of the system.

The regulatory baseline applicable to a given system may evolve when a new implementing
rule enters into force. In that case, the EC verification must take due account of these new
regulatory provisions.
The implementation of an upgrade of an EATMN system must give rise to an update of the
EC verification if and only if this upgrade has an impact upon its operational characteristics or
performances (modification of controllers’ HMIs, modification of capacity to support air traffic,

Version 1.4 Proposed Issue Page 15


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

modification of messages exchanged with external systems,…). The impact of an upgrade


with respect to the EC verification must be assessed and agreed with the NSA.

Version 1.4 Proposed Issue Page 16


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

8 ROLE AND RESPONSIBILITY OF STAKEHOLDERS

8.1 Role and responsibility with respect to the lifecycle of EATMN systems

The role and responsibility of stakeholders involved in the conformity assessment of EATMN
systems are defined as follows:

• System Customer: Responsible for the capture of needs, the drafting of user’s
requirements and elements of the system definition, and also the final acceptance of
the system from the system developer.
• System Designer: Responsible for the design of the system in accordance with the
user’s requirement and the elements of system definition provided by the system
customer.
• System Developer: Responsible for the development and integration of system
elements in accordance with the design of the system provided by the system
designer.
• System Verifier: Responsible for the EC verification of the EATMN system installed in
its operational environment by the system developer.

Three different scenarios in the development and putting into service of EATMN systems are
identified:

• First scenario: ANSP is the manufacturer of the overall system


• Second scenario: ANSP procures a subset of constituents of the system
• Third scenario: ANSP procures the overall system

Note: The scenario depends usually on the kind of system. The first scenario can apply to an
ANSP for a given system, and another scenario can apply for another system.

The different areas of responsibility for each of these roles in the three different scenarios are
illustrated in the figure below:

Version 1.4 Proposed Issue Page 17


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

Capture
of needs On-site
Definition of system Integration
the system Factory
Lifecycle of the system System system Putting into
design Integration service the
EATMN system
Development

1st scenario: ANSP :


•defines its needs
•defines the system according to its System customer System System System System designer/customer
needs, designer developer designer
•is the manufacturer of the system

2nd scenario: ANSP :


•defines its needs
•defines the system according to its
needs, System customer System System System System designer/customer
•is the manufacturer of the system designer developer designer
•procures a subset of constituents External manufacturer(s)

3rd scenario: ANSP :


•defines its needs
•procures the system (is not the System customer System System System System customer
manufacturer of the system) designer developer designer

External manufacturer
System verifier
For all scenarios: ANSP : Decision:

•Is responsible for the verification of


•Either to modify an existing system
•Or to create a new system

System documentation
EC declaration
the EATMN system Conformity Assessment of EC declaration of verification of system

an EATMN system
EATMN reference
architecture AO
Technical file
of verification

Figure 1: Scenarios and roles of ANSP

8.2 Role and responsibility of the notified body


The role and responsibility of the notified body for the verification of systems are described
as follows.

1. The ANSP responsible for the verification of an EATMN system can (or shall if
requested in the implementing rule) subcontract some verification tasks to a
notified body. The notified body is not empowered to assess the compliance of the
EATMN system with relevant Regulations. The notified body provides verification
results in the context of the verification tasks subcontracted by the ANSP. The
notified body can judge whether the verification results are in accordance with the
expected results (as specified in the verification specifications). The verification
tasks subcontracted to the notified body are defined by specific procedures in the
applicable implementing rules.

2. The notified body draws up a “certificate of conformity” (not to be confused with


the “EC declaration of conformity of constituents”) covering the verification tasks
which have been subcontracted by the ANSP. This “certificate of conformity” is
delivered by the notified body to the ANSP. This “certificate of conformity” is not
included into the technical file.

3. The notified body countersigns the certificate drawn up by the ANSP stating that
the system complies with the interoperability Regulation and mentioning
reservations, if any. This certificate, included in the technical file, is used when
verification tasks are subcontracted to a notified body. This certificate is different
from the “certificate of conformity”. The “countersignature” by the notified body
testifies that the verification tasks have been successfully achieved with

Version 1.4 Proposed Issue Page 18


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

reservations, if any. If the certificate countersigned by the notified body is included


in the technical file there is no need to add any other evidence materials such as
verification results, records of tests, etc.

Version 1.4 Proposed Issue Page 19


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

9 GENERIC PROCESS FOR THE CONFORMITY ASSESSMENT OF AN EATMN


SYSTEM

The process is defined in terms of diagrams inspired from the SADT (Structured Analysis
and Design Technique) method.
The following figure represents the highest level of description of the generic process:

Decision:
•Either to upgrade an existing system
•Or to develop a new system

System documentation EC declaration of verification of system


Conformity Assessment of an
EATMN reference EATMN system Technical file
AO
architecture

Figure 2: Level 0 of the CA process

Note: The heading lines of the EATMN reference architecture are given in the Annex I of the
interoperability Regulation.

Activity A0 Conformity assessment of an EATMN system Traceability to the


regulatory
requirements
Activity The activity aims at assessing the conformity of an EATMN system against 552/2004 Chapter
the SES interoperability regulation and its IRs. III
Control The activity is triggered by an ANSP’s decision to develop and install a new
system or to upgrade an existing system.
Inputs EATMN reference architecture:
ƒ identifies and defines the EATMN reference systems and
constituents
System documentation (not directly related to the interoperability regulation
and its IRs):
ƒ describing the system as a whole, and identifying the
requirements that the system shall implement
ƒ describing the architecture of the system
ƒ technical specifications and Community specifications (CS) used
for procurement of the system.
Outputs ƒ EC declaration of verification of the EATMN system 552/2004 Chapter
ƒ technical file. III

Mechanisms Not identified at this level.

Table 1 : Activity A0: Highest level of description of the CA process

The following figure describes a first refinement of the process.

Version 1.4 Proposed Issue Page 20


Page 21
INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

Decision:
•Either to upgrade an existing system
•Or to develop a new system
EATMN
System documentation System description
Determination of the on-site
EATMN reference EATMN system
architecture A1
Guidelines for
the determination
of the on-site
EATMN system

Figure 3: Level 1 of the CA process


CA requirements
(implementing rules)
Essential requirements
Determination of the
Implementing rules regulatory baseline
A2
Guidelines for
the determination of
the regulatory baseline

Proposed Issue
CA plan
Management of the CA
plan CA plan: Verification protocol
Requirements A3
for the inter-operability/performance/safety
of the system
Guidelines for Verification
the management of the Verification of the results
CA plan
Preparation of the EC verification overall design
A4
Verification
Verification of the results
CA plan:
-Element submitted to verification
development and
-Verification specification integration of the
-Verification environment system A5
Verification
results
Verification of the
operational system
A6
Verification
Verification of the results
specific system
maintenance
provisions
A7
Other inputs
Technical file
Making the technical file
A8
Making the EC
EC declaration of verification of system
declaration
A9
Execution of the EC verification

Version 1.4
INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

The process breaks down into two main streams activities:

The first set, hereinafter designated as “Preparation of the EC verification”, gathers the
following two activities:

• The determination of the EATMN system (in its operational environment) subject to
an EC verification. The EATMN system is the counterpart of an EATMN reference
system (identified and defined in the EATMN reference architecture) in a given
operational environment.
• The determination of the regulatory baseline. It consists of selecting the relevant parts
of interoperability regulatory provisions which apply to the EATMN system.

The second set, hereinafter designated as “Execution of the EC verification”, gathers the
following activities:

• The drafting of the conformity assessment plan, which is the master document
supporting the EC verification of the EATMN system.
• The 4 verification tasks identified in Annex IV (2) of the Regulation (EC) 552/2004.
• The making of the technical file to be delivered to the national supervisory authority.
• The making of the EC declaration of verification to be delivered to the national
supervisory authority.

Version 1.4 Proposed Issue Page 22


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

9.1 Determination of the on-site EATMN system

The following figure describes the activity:

Decision:
•Either to upgrade an existing system
•Or to develop a new system

System documentation Determination of the on-site EATMN EATMN system


EATMN reference system description
architecture A1

Guidelines for
the determination
of the on-site
EATMN system

Figure 4: Activity A1

Traceability to the
Activity A1 Determination of the on-site EATMN system regulatory
requirements
The activity aims at describing the EATMN system subject to EC 552/2004 Chapter
Activity
verification in its operational environment. III
The activity is triggered by the ANSP’s decision to develop and install a
Control
new system or to upgrade an existing system.
EATMN reference architecture:
ƒ identifies and defines the EATMN reference systems and
constituents (see note 1 below),
System Documentation (not directly related to Regulations):
Inputs
ƒ describing the system as a whole, and identifying the
requirements that the system shall implement,
ƒ describing the architecture of the system,
ƒ operational service and environment definition (OSED).
EATMN system description for the purpose of the CA addressing:
ƒ cross-traceability to the EATMN reference architecture,
ƒ functions/services,
ƒ constituents,
Outputs 552/2004 Annex IV
ƒ HMIs (operators dialogues),
ƒ external interfaces,
ƒ technical specifications and Community specifications (CS) used
for procurement of the system.
Mechanisms Guidelines for the determination of the on-site EATMN system.

Table 2 : Activity A1 of the CA process

Version 1.4 Proposed Issue Page 23


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

Note:
• When a constituent is identified in an implementing rule, manufacturers of this
constituent shall issue an EC declaration of conformity.
• Any manufacturer can develop a constituent of its own and issue an EC declaration of
conformity with relevant interoperability provisions. The constituent is identified by the
manufacturer.
• The ANSP can require an EC declaration of conformity with relevant interoperability
provisions for a constituent developed by a manufacturer. The constituent is identified
by the ANSP.

Version 1.4 Proposed Issue Page 24


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

9.2 Determination of the regulatory baseline

The following figure describes the activity:

EATMN
system description

CA requirements
Essential requirements (Implementing Rules)
Determination of the regulatory
Implementing rules baseline Requirements
A2
for the inter-operability/performance/safety
of the EATMN system

Guidelines for
the determination of
the regulatory baseline

Figure 5: Activity A2

Traceability to the
Activity A2 Determination of the regulatory baseline regulatory
requirements
The activity aims at determining all regulatory requirements applicable to
Activity
the EATMN system.
Control The activity is dependent upon the EATMN system description
Essential requirements (ER1 to ER7) as specified in the interoperability
regulation. 552/2004 Annex I
Inputs
Implementing rules addressing interoperability targets supported by the IRs
EATMN system.
Filtered requirements for the interoperability/performance/safety
addressing interoperability targets supported by the EATMN system:
ƒ among the essential requirements 552/2004 Annex I
Outputs
ƒ among the regulatory provisions specified in the relevant IRs, IRs
Filtered CA requirements:
ƒ identified in the relevant IRs.
Mechanisms Guidelines for the determination of the regulatory baseline.

Table 3 : Activity A2 of the CA process

Version 1.4 Proposed Issue Page 25


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

9.3 Management of the CA plan

The following figure describes the activity:

CA requirements
(implementing rules)

EATMN
system description
Management of the CA plan
Requirements CA plan
for the A3
inter-operability/performance/safety
of the system
Guidelines for
the management of the
CA plan

Figure 6: Activity A3

Traceability to the
Activity A3 Management of the CA plan regulatory
requirements
The activity aims at elaborating the CA plan, describing the verification
Activity
tasks of the EATMN system.
The activity is constrained by the CA requirements specified into the IRs: Specific
Control
relevant IRs. annexes
EATMN system description 552/2004 Annex 1
Inputs Requirements for the interoperability/performance/safety of the EATMN IRs: Specific
system. annexes
The CA plan describes:
ƒ the EATMN system,
ƒ the regulatory baseline,
ƒ the verification tasks as required by Annex IV of the
interoperability regulation:
Outputs
ƒ Verification protocols,
ƒ Verification specifications,
ƒ Elements submitted to verifications,
ƒ Verification environment,
ƒ the verification coverage of the verification tasks.
Mechanisms Guidelines for the management of the CA plan.

Table 4 : Activity A3 of the CA process

Version 1.4 Proposed Issue Page 26


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

9.4 Verification of the overall design

The following figure describes the activity:

CA Plan: Verification protocol

CA plan:
-Element submitted to verification
-Verification specification
-Verification environment Verification of the overall Verification
Technical specification design results
A4
Community specifications

Figure 7: Activity A4

Traceability to the
Activity A4 Verification of the overall design regulatory
requirements
The activity aims at verifying that the system:
552/2004
Activity ƒ is designed as an assembly of constituents,
Annex IV.2
ƒ is designed to meet the provisions of the regulatory baseline.
The activity is conducted in accordance with the verification protocol
Control
defined in the CA plan.
The CA plan,
Inputs Technical specifications and Community specifications required for the
procurement of the system.
The verification results contain in particular:
ƒ evidence that the overall design defines an assembly of
constituents,
Outputs ƒ evidence that the system meets the provisions of the regulatory
baseline,
ƒ evidence that the system meets the technical specifications and
Community specifications (CS) used for procurement of the
system.
Mechanisms None.

Table 5 : Activity A4 of the CA process

Version 1.4 Proposed Issue Page 27


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

9.5 Verification of the development and integration of the system

The following figure describes the activity:

CA Plan: Verification protocol

CA plan:
-Element submitted to verification
-Verification specification
-Verification environment Verification of the development Verification
Technical specification and integration of the system results
A5
Community specifications

Figure 8: Activity A5

Traceability to the
Activity A5 Verification of the development and integration of the system regulatory
requirements
The activity aims at verifying that the system:
ƒ is developed and integrated in accordance with the overall design, 552/2004
Activity
ƒ and complies with the provisions of the regulatory baseline in a Annex IV.2
factory verification environment.
The activity is conducted in accordance with the verification protocol
Control
defined in the CA plan.
The CA plan.
Inputs Technical specifications and Community specifications required for the
procurement of the system.
The verification results contain in particular:
ƒ evidences that the system is developed and integrated in
accordance with the overall design,
Outputs ƒ evidence that the system is developed and integrated in 552/2004
accordance with the technical specifications and Community Annex IV.3
specifications (CS) used for procurement of the system,
ƒ the verification of the integration of the system in a factory
environment.
Mechanisms None.

Table 6 : Activity A5 of the CA process

Version 1.4 Proposed Issue Page 28


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

9.6 Verification of the operational system

The following figure describes the activity:

CA Plan: Verification protocol

CA plan:
-Element submitted to verification Verification of the operational Verification
-Verification specification
system results
-Verification environment A6

Figure 9: Activity A6

Traceability to the
Activity A6 Verification of the operational system regulatory
requirements
The activity aims at verifying that the EATMN system in its operational 552/2004
Activity
environment complies with the provisions of the regulatory baseline. Annex IV.2
The activity is conducted in accordance with the verification protocol
Control
defined in the CA plan.
Inputs The CA plan.
The verification results contain in particular:
ƒ the verification coverage,
ƒ the result of verifications, 552/2004
Outputs
ƒ a record of the verifications, Annex IV.3
ƒ installation configurations,
ƒ reservations, if any.
Mechanisms None.

Table 7 : Activity A6 of the CA process

Version 1.4 Proposed Issue Page 29


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

9.7 Verification of the specific system maintenance provisions

The following figure describes the activity:

CA Plan: Verification protocol

CA plan:
-Element submitted to verification Verification of the specific
-Verification specification Verification
system maintenance
-Verification environment results
provisions A7

Figure 10: Activity A7

Traceability to the
Activity A7 Verification of the specific system maintenance provisions regulatory
requirements
The activity aims at verifying that the maintenance procedures of the 552/2004
Activity EATMN system comply with system maintenance regulatory provisions of
the regulatory baseline, if any. Annex IV.2
The activity is conducted in accordance with the verification protocol
Control
defined in the CA plan.
Inputs The CA plan.
The verification results contain in particular:
ƒ the verification coverage,
ƒ the result of verifications, 552/2004
Outputs
ƒ a record of the verifications, Annex IV.3
ƒ installation configurations,
ƒ reservations, if any.
Mechanisms None.

Table 8 : Activity A7 of the CA process

Version 1.4 Proposed Issue Page 30


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

9.8 Making the technical file


The following figure describes the activity:

Verification results
CA Plan
Technical specifications Making the technical file Technical file
Community specifications
A8
Certificates of conformity
EC declaration of
conformity of constituents

Figure 11: Activity A8

Traceability to the
Activity A8 Making the technical file regulatory
requirements
The activity aims at collecting and consolidating the material required by 552/2004
Activity
the technical file. Chapter III Article 6
552/2004
Control The activity is dependent upon the Regulation 552/2004.
Annex IV.3
The CA plan,
The verification results,
The technical specifications used for procurement,
Inputs
The community specifications used for procurement,
The certificate(s) of conformity of the notified bodies,
The EC declaration of conformity of constituents.
The technical file which contains the following elements:
ƒ the relevant part of technical specifications used for procurement,
ƒ where appropriate, the Community specifications (CS),
ƒ the list of constituents of the EATMN system, 552/2004
Outputs ƒ the copies of EC declarations of conformity for those procured Chapter III Article 6
constituents submitted to IRs,
ƒ the certificate(s) of conformity of the notified bodies,
ƒ the record of the tests and installation configurations (if no
involvement of notified bodies).
Mechanisms None.

Table 9 : Activity A8 of the CA process

Version 1.4 Proposed Issue Page 31


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

9.9 Making the EC declaration of conformity

The following figure describes the activity:

EC declaration of
Technical file Making the EC declaration verification of system
A9

Figure 12: Activity A9

Traceability to the
Activity A9 Making the EC declaration of verification of system regulatory
requirements
552/2004
Activity The activity consists in making the EC declaration of verification of system.
Chapter III Article 6
552/2004
Control The activity is dependent upon the regulation 552/2004.
Annex IV.2
The technical file, which provides for this purpose:
ƒ the brief description of the system (through the CA plan),
ƒ the regulation references (through the CA plan),
Inputs ƒ the description of the procedure followed in order to declare
conformity of the system (through the CA plan),
ƒ the references of the documents contained in the technical file,
ƒ the relevant temporary or definitive provisions to be complied with
by the systems.
552/2004
Outputs The EC declaration of verification of system.
Chapter III Article 6
Mechanisms None.

Table 10 : Activity A9 of the CA process

Version 1.4 Proposed Issue Page 32


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

10 APPLICATION OF THE EC VERIFICATION TO AN EATMN SYSTEM

10.1 Top-down activity flow diagram

The figure below presents a top-down flow diagram driven by questions and answers for the
organisation of conformity assessment activities.
Activity of the
Issue Answer Comment CA process

Yes
New Is this new system Note : The CA process may start from the
submitted to an EC Initiate the CA process
system beginning of the V-cycle
declaration ?

Note : This description is necessary for the


Preparation of the

What is this new Description of the new CA Plan as well as for the content of the A1
EC verification

system ? system Technical file and the EC declaration

Note : The relevant ERs must be identified as


Select the relevant ERs part of the requirements gathered for
designing the system. As such, they must be
What is the identified in the early stages of the V-cycle.
regulatory baseline A2
that the system shall
comply with ?

Select the relevant IRs Note : To be further completed

How to
Note : The CA Plan may be initiated during
manage/describe/org- Realize a CA Plan
the early stages of the V-cycle
anize the CA tasks ?

Note : In the CA plan, the verification of


conformity is planed to be performed:
For the ERs:
Execution of the EC verification

•For CONOPS, through a paper-based


1) Presumption of rationale demonstrating that the future
compliance (CS) system is compliant with its relevant parts
2) Assessment of •For SARPS and EUROCAE, through a paper- A3
compliance to: based rationale demonstrating that the future
•CONOPS system is designed (or procured) in
•SARPS accordance with
•EUROCAE •For the ANSP documents, through a paper-
•ANSP documents based rationale demonstrating that the future
How to describe system is compliant with the relevant
the verification proprietary technical specifications
of compliance ?
For the IRs:
Following :
-the verification Note : The initial guidelines will be completed
protocols prescribed in
the IRs

For ERs, by claiming Note : For the assessment of compliance,


How to verify the presumption of compliance this verification is performed through the
analysis of documents produced during the
system ? (CS) or by performing the
V-cycle, and formalized in the paper-based
assessment of compliance rationale
A4, A5,
For IRs, by providing A6, A7
evidences that the system
Note : The initial guidelines will be completed
takes them into account, and
carrying out tests

How to finalize the Realize the Technical file and Note : These files uses products of the
CA ? the EC declaration previous activities A8, A9

Figure 13: Top-down activity flow diagram

Version 1.4 Proposed Issue Page 33


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

10.2 Determination of the EATMN system

The determination of on-site systems is left to the initiative of ANSPs. The description of the
on-site system must comply with the definition of EATMN systems adopted for implementing
rules. As of today, the material defining EATMN systems is the systems breakdown given in
Annex I of the interoperability regulation.
In a pragmatic approach, one may consider that a system is potentially in the scope of the
CA if at least:
• it provides identified high-level services for the purpose of air navigation services
• it can be clearly identified as belonging to one of the 8 groups of systems given in
Annex 1 of the Interoperability Regulation :
o Group N°1: Systems (and procedures) for airspace management.
o Group N°2: Systems (and procedures) for air traffic flow management.
o Group N°3: Systems (and procedures) for air traffic services (in particular
flight data processing systems, surveillance data processing systems and
human-machine interface systems).
o Group N°4: Systems (and procedures) for ground-to-ground, air-to-ground
and air-to-air communications.
o Group N°5: Systems (and procedures) for navigation.
o Group N°6: Systems (and procedures) for surveillance.
o Group N°7: Systems (and procedures) for aeronautical information services.
o Group N°8: Systems (and procedures) for the use of meteorological
information.
The essential requirements shall apply to EATMN systems and constituents ordered after
20th April 2004 (20th day following the publication of the interoperability regulation in the
Official Journal of the European Union) and put into service from 20th October 2005
onwards.
Most often, an ANSP is responsible for several ATSUs, Air Control Centres. An ATSU
provides air traffic services in a well-bounded subpart of the EATMN. These services may be
supported by the 8 groups of systems or a subset of these 8 groups.
For example, an ATSU can use three groups of EATMN systems. The ANSP may plan to put
into service individual systems belonging to each of these groups from 20th October 2005:
• Systems for air traffic services (flight data processing systems, surveillance data
processing system, …).
• Systems for communications (systems for air-ground voice communications, systems
for ground-ground voice communications, systems for air-ground data
communications, …).
• Systems for navigation (ground navigation equipment (VOR, DME, ILS…).
The ANSP should draft a high level description for each group of EATMN systems. This high
level description should be along the following lines:
a. Operational functions supported by the group of systems.
b. Interfaces supported with systems external to this group (inter and intra centres).
c. Breakdown of the group of systems into individual systems.

The ANSP should indicate which individual system (in the group) is concerned by the putting
into service and is subject to the EC verification.

Version 1.4 Proposed Issue Page 34


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

ANSP

An ATSU provides air traffic services in a well-bounded


subpart of the SES airspace

These services are supported by a subset of the 8 groups of


systems

-Group i
-Group j
-Group k

These services are provided by


individual systems
(local implementation of each of the relevant group of
system)

-Individual system A belonging to group i


-Individual system B belonging to group j
-Individual system C belonging to group k

Each individual system is subject to an EC verification

-CA process for the individual system A


-CA process for the individual system B
-CA process for the individual system C

Figure 14 : Case of several systems within the same ATSU

10.3 Determination of the regulatory baseline

Seven generic essential requirements are specified in Annex II Part A of the interoperability
regulation. They are network-wide requirements that are generally applicable to each one of
the systems identified in Annex I. Specific essential requirements refining or complementing
generic essential requirements are defined for some groups of systems in Annex II Part B.

ESSENTIAL REQUIREMENTS
GROUPS OF SYSTEMS :
GENERAL SPECIFIC
Annex II, Part A, Annex II, Part B,
1. Seamless operation 1.1. Seamless operation
1. AIRSPACE 2. Support for new concepts of operation
MANAGEMENT 3. Safety
4. Civil-military coordination
5. Environmental constraints
Annex II, Part A, Annex II, Part B,
1. Seamless operation 2.1. Seamless operation
2. AIR TRAFFIC FLOW 2. Support for new concepts of operation
MANAGEMENT 3. Safety
4. Civil-military coordination
5. Environmental constraints

Version 1.4 Proposed Issue Page 35


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

ESSENTIAL REQUIREMENTS
GROUPS OF SYSTEMS :
GENERAL SPECIFIC
Annex II, Part A, Annex II, Part B,
3. AIR TRAFFIC 1. Seamless operation 3.1.1. Seamless operation
SERVICES 2. Support for new concepts of operation 3.1.2. Support for new
3. Safety concepts of operation
Flight data processing 4. Civil-military coordination
systems
5. Environmental constraints
Annex II, Part A, Annex II, Part B,
1. Seamless operation 3.2.1. Seamless operation
2. Support for new concepts of operation 3.2.2. Support for new
3. Safety concepts of operation
Surveillance data
processing systems 4. Civil-military coordination
5. Environmental constraints
Annex II, Part A, Annex II, Part B,
1. Seamless operation 3.3.1. Seamless operation
2. Support for new concepts of operation 3.3.2. Support for new
3. Safety concepts of operation
Human-machine interface
systems 4. Civil-military coordination
5. Environmental constraints
Annex II, Part A, Annex II, Part B,
1. Seamless operation 4.1. Seamless operation
2. Support for new concepts of operation 4.2. Support for new
4. COMMUNICATIONS concepts of operation
3. Safety
4. Civil-military coordination
5. Environmental constraints
Annex II, Part A, Annex II, Part B,
1. Seamless operation 5.1. Seamless operation
2. Support for new concepts of operation
5. NAVIGATION
3. Safety
4. Civil-military coordination
5. Environmental constraints
Annex II, Part A, Annex II, Part B,
1. Seamless operation 6.1. Seamless operation
2. Support for new concepts of operation
6. SURVEILLANCE
3. Safety
4. Civil-military coordination
5. Environmental constraints
Annex II, Part A, Annex II, Part B,
1. Seamless operation 7.1. Seamless operation
7. AERONAUTICAL 2. Support for new concepts of operation 7.2. Support for new
INFORMATION concepts of operation
SERVICES 3. Safety
4. Civil-military coordination
5. Environmental constraints

Version 1.4 Proposed Issue Page 36


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

ESSENTIAL REQUIREMENTS
GROUPS OF SYSTEMS :
GENERAL SPECIFIC
Annex II, Part A, Annex II, Part B,
1. Seamless operation 8.1. Seamless operation
8. METEOROLOGICAL 2. Support for new concepts of operation 8.2. Support for new
INFORMATION 3. Safety concepts of operation

4. Civil-military coordination
5. Environmental constraints

Table 11 : Regulatory baseline

Each ANSP has to define by itself the relevance of the essential requirements for each of the
considered individual systems.

It should be noted that:


• all these specific essential requirements refine two generic essential requirements,
seamless operation and support of new concept of operations.
• approximately two thirds of specific essential requirements specified in Annex II of the
interoperability regulation, apply to group N° 3 “systems for air traffic services”.

The main issue facing these essential requirements is their lack of precision, not sufficient to
provide enough details for performing detailed technical verifications as prescribed in the
regulation.

In fact, for the moment, these essential requirements are more general principles that the
coming systems have to fulfil, rather than true technical requirements, as usually specified by
ANSPs or manufacturers.

Furthermore, two of these essential requirements (ER6 and ER7) clearly deal with technical
solutions for the logical and physical system architecture without having a comprehensive
and approved logical and physical reference architecture.

However, three implementing rules have been developed, and two of them formally
endorsed, in December 2005. It is likely that these two first implementing rules are the first of
a set of technical specifications focusing on the interoperability concerns. In the coming
years, according to the needs, the evolution of the EATMN, new implementing rules will be
developed.

10.4 Verification of compliance with the regulatory baseline

The generic process for the conformity assessment of systems is based on the principle of a
regulatory baseline containing essential requirements and implementing rules that are put
into force progressively.

The verification of compliance is split into two parts:

Version 1.4 Proposed Issue Page 37


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

• The verification of compliance with essential requirements, VER.


• The verification of compliance with implementing rules, VIR.

Both activities are complementary and are in keeping with the generic process. Both
activities produce evidences to be kept within the technical file. These initial guidelines do not
address activities relating to VIR.

The verification of compliance with essential requirements gives a general qualitative


indication about the impact of essential requirements upon EATMN systems. The verification
of compliance with essential requirements does not prejudge of the verification of compliance
with implementing rules.

10.5 Verification of compliance with essential requirements

10.5.1 Proposed approach


The proposed approach for the verification of compliance with essential requirements is to
combine two levels of verification:
• Presumption of compliance granted when Community specifications declared as
means of compliance with essential requirements are implemented by the system
• Assessment of compliance against essential requirements translated into an
assessment of compliance against reference materials 2 contributing to the
achievement of essential requirements.

An assessment of compliance is intended to show to what extent an EATMN system is


influenced by an essential requirement. The terms “influenced by an essential requirement”
are used on purpose to leave open the nature of the dependency between essential
requirements and the EATMN systems.

2
Recital 10 of the interoperability regulation, IRs should rely on standards developed by international
organisations such as EUROCONTROL or ICAO

Version 1.4 Proposed Issue Page 38


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

10.5.2 Selection of reference materials

The first step for the EC verification against these essential requirements is to select the
relevant reference materials and then, to apply ad-hoc verification methods.

Verification methods

Essential Reference
requirements materials

Figure 15: EC verification against essential requirements

Five lines of reference materials are proposed:


• Community specifications (CS) in relation to conformity assessment and essential
requirements.
• EUROCONTROL documents, [Concept of operations, ESARR6, EUROCONTROL
specifications].
• ICAO documents [standards and recommended practices, SARPs, technical
manuals].
• EUROCAE documents [ED series of technical standards].
• ANSP documents [proprietary technical specifications].

Community specifications (CS)

Eurocontrol documents:
Verification methods
CONOPS, ESARRs, Eurocontrol specifications

Essential Reference
requirements materials ICAO documents: SARPS, …

Eurocae documents

ANSP documents

Figure 16: Reference materials

Note:
• The community specifications are the primary reference materials.
• Any use of other reference materials (different from CS) does not convey a
presumption of conformity with the essential requirements.
• Any use of other reference materials (different from CS) should be justified.
The following sections provide guidance materials for the assessment of compliance.

Version 1.4 Proposed Issue Page 39


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

10.5.3 Verification methods for essential requirements

The following table summarises the verification methods, proposed to demonstrate


compliance with essential requirements:

General essential requirements Verification method: Assessment of compliance


Seamless operation Rationale demonstrating compliance with the relevant:
• part of the concept of operations [2]
• SARPs, ICAO technical manuals
• EUROCAE standards
• proprietary technical specifications.
Support for new concepts of Rationale identifying which main changes, as identified in the concept of
operations operations [2,] are planned for implementation and for deployment into
the EATMN.
Safety Rationale demonstrating the application of safety requirements of
common requirements to the system [5].
Rationale demonstrating the application of ESARR6 [5].
Civil-military coordination Rationale demonstrating compliance with the relevant part of the ATM
process model defined in the concept of operations [2].
Environmental constraints To be developed.

Table 12 : Verification method for the essential requirements

The following sections provide further information about the verification methods for each of
the essential requirements.

10.5.4 Essential requirement: Seamless operation

Seamless operation of the EATMN at all times and for all phases of flight is expressed in
terms of information-sharing, operational status information, common understanding of
information and comparable operational performances. More specifically for the flight data
processing system, the essential requirement explicitly makes reference to an “agreed and
validated operational concept”. The same concept of operations ruling all phases of flight
must apply everywhere in the EATMN.

Version 1.4 Proposed Issue Page 40


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

For each system, it is proposed that the verification of compliance with this essential
requirement “Seamless operations” relies upon:
• an assessment of compliance with the relevant part of the ATM operational process
as defined in the concept of operations;
• an assessment of compliance with the relevant ICAO SARPs;
• an assessment of compliance with the relevant EUROCAE standards;
• an assessment of compliance with the relevant proprietary technical specifications.

These four lines of reference materials are considered as potential reference materials
contributing to the achievement of seamless operation.

Use of the reference material “Concept of operations”:


The description of the operational concept supported by the system should be given. The
assessment should also contain the traceability to the EUROCONTROL Concept of
Operations wherever applicable. For example, the description of the implementation of the
layered planning scheme under the responsibility of the ATSU and the ATM process model.

Use of the reference material ICAO SARPs and/or technical manuals:


When an EATMN system implements functions covered by ICAO SARPs and/or technical
manuals, it is recommended to take advantage of works aiming at demonstrating compliance
with these ICAO documents. An assessment of compliance with applicable ICAO SARPs
and/or technical manuals should contain:
• a cross-reference to a document identifying applicable ICAO provisions.
• a cross-reference to verification specifications (test plans).
• a cross-reference to verification results (test reports with conclusions).

Version 1.4 Proposed Issue Page 41


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

The following table illustrates which SARPs might be used for EATMN systems:

Group of systems SARP Id.


Systems (and procedures) for airspace management N/A
Systems (and procedures) for air traffic flow management N/A
Systems (and procedures) for air traffic services (in particular flight data N/A
processing systems, surveillance data processing systems and human-
machine interface systems)
Systems (and procedures) for ground-to-ground, air-to-ground and air-to- Annex 10
air communications:
ƒ aeronautical fixed service (AFS)
o ATS direct speech circuits and networks o Volume II - Section 4.2
o Meteorological operational circuits, networks and o Volume II – Section 4.3
broadcast systems
o Aeronautical fixed telecommunications network (AFTN) o Volume II - Section 4.4
o Common ICAO data interchange network (CIDIN) o Volume II - Section 4.5
o Air traffic services (ATS) message handling services o Volume II - Section 4.6
o Inter-centre communications (ICC) o Volume II - Section 4.7
ƒ aeronautical mobile service: Data-link communications Volume II – Section 8
ƒ aeronautical radio navigation service; N/A
ƒ aeronautical broadcasting service N/A
ƒ Digital Data Communication Systems:
o Aeronautical Telecommunication Network o Volume III – Part I - Section 3
o Aeronautical Mobile-Satellite Service o Volume III – Part I – Section 4
o SSR Mode S Air-ground Data Link o Volume III – Part I - Section 5
o VHF Air-ground Digital Link (VDL) o Volume III – Part I - Section 6
o AFTN Network o Volume III – Part I - Section 8
o Point-to-Multipoint communications o Volume III – Part I - Section 10
o HF data-link o Volume III – Part I - Section 11
ƒ Voice communication systems:
o Aeronautical Mobile Service o Volume III – Part II - Section 2
o SELCAL System o Volume III – Part II - Section 3
o Aeronautical Speech Circuits o Volume III – Part II - Section 4
o Emergency Locator Transmitter (ELT) for Search and o Volume III – Part II - Section 5
Rescue
Systems (and procedures) for navigation Annex 10
ƒ ILS ƒ Volume I - Section 3.1
ƒ Precision approach radar system ƒ Volume I - Section 3.2
ƒ VOR ƒ Volume I - Section 3.3
ƒ NDB ƒ Volume I - Section 3.4
ƒ DME ƒ Volume I - Section 3.5
ƒ En-route VHF markers beacons ƒ Volume I - Section 3.6
ƒ Global navigation satellite system (GNSS) ƒ Volume I - Section 3.7
ƒ Airborne ADF receiving systems ƒ Volume I - Section 3.9
ƒ Microwave landing system (MLS) ƒ Volume I - Section 3.11
Systems (and procedures) for surveillance Annex 10
ƒ Secondary surveillance radar (SSR) characteristics ƒ Volume IV - Section 3.1

Version 1.4 Proposed Issue Page 42


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

Group of systems SARP Id.


Systems (and procedures) for aeronautical information services Annex 15
Systems (and procedures) for the use of meteorological information N/A

Table 13 : Assessment of compliance with ICAO SARPs

Use of the reference material EUROCAE standards:


When an EATMN system implements functions covered by EUROCAE standards, it is
recommended to take advantage of works aiming at demonstrating compliance with these
standards. An assessment of compliance with applicable EUROCAE standards should
contain:
• a cross-reference to a document identifying applicable EUROCAE technical
requirements.
• a cross-reference to verification specifications (test plans).
• a cross-reference to verification results (test reports with conclusions).
• a cross-reference to conformance statements when requested by EUROCAE
Standards.
Use of the reference ANSP proprietary technical specifications:
When an EATMN system implements functions covered by proprietary technical
specifications, it is recommended to take advantage of works aiming at demonstrating
compliance with these technical specifications. An assessment of compliance with applicable
technical specifications should contain:
• a cross-reference to a document identifying applicable requirements of technical
specifications.
• a cross-reference to verification specifications (test plans).
• a cross-reference to verification results (test reports with conclusions).

10.5.5 Essential requirement: Support for new concepts of operation

The EATMN shall support on a coordinated basis new agreed and validated concepts of
operation that improve the quality and effectiveness of air navigation services. New concepts
such as collaborative decision-making, increasing automation and alternative methods of
delegation of separation responsibility shall be examined taking due account of technological
developments.
The EUROCONTROL “concept of operations” describes the concept of operations for
different time windows. This ConOps is defined for the timescale up to 2011 and takes due
consideration of the main changes in the forthcoming years.

For each system, it is proposed that the verification of compliance with this essential
requirement “Support for new concepts of operation” relies upon an assessment of
compliance with the foreseen main changes identified in the concept of operations.
Use of the reference material “concept of operations”:
The support for new concepts of operations cannot be achieved without an appropriate
definition of concepts of operation allowing for new enabling technology and new operations.
The concept of operations [2] has identified the main changes foreseen until 2011. A
rationale describing which of these main changes are planned for implementation and
deployment into the EATMN will give evidence of compliance with this essential requirement.

Version 1.4 Proposed Issue Page 43


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

10.5.6 Essential requirement: Safety

For each system it is proposed that the verification of compliance with this essential
requirement “safety” relies upon an assessment of compliance showing the application of
safety requirements specified in common requirements to this system.
Use of the reference material “safety requirements specified in common requirements”:
The following table shows how the assessment of compliance with the essential requirement
safety can be developed.

Version 1.4 Proposed Issue Page 44


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

2004/552 Safety requirements Demonstration of


ANNEX II part A chapter 3: (qualitative or quantitative) : compliance to safety
essential requirement
Essential requirements - safety achieved by :
Systems and operations of the Establish “agreed levels of Application of safety
EATMN shall achieve agreed high safety“: requirements specified in
levels of safety. Severity and risk classification common requirements to this
scheme system
Agreed safety management and Establish: Application of safety
reporting methodologies shall be a safety management system requirements specified in
established to achieve this common requirements to this
a reporting system system
In respect of appropriate ground- Establish: Application of safety
based systems, or parts thereof, agreed safety requirements on requirements specified in
these high levels of safety shall be safety nets common requirements to this
enhanced by safety nets which system
shall be subject to agreed common risk classification scheme
Application of ESARR6 for
performance characteristics. software
A harmonised set of safety Establish: Application of safety
requirements for the design, the life cycle of the system with requirements specified in
implementation, maintenance and regard to safety activities common requirements to this
operation of systems and their system
constituents, both for normal and agreed safety requirements
degraded modes of operation, shall related to modes.
be defined with a view to achieving Application of ESARR6 for
the agreed safety levels, for all software
phases of flight and for the entire
EATMN.
Systems shall be designed, built, Establish:
maintained and operated, using the procedures applying to the life Application of safety
appropriate and validated cycle phase of the system as requirements specified in
procedures, in such a way that the well the safety requirements common requirements to this
tasks assigned to the control staff system
are compatible with human Establish:
capabilities, and are consistent with safety requirement and process
required safety levels in both the to people, equipment , Application of ESARR6 for
normal and degraded modes of procedures, taking account of software
operation, different modes
Systems shall be designed, built, Establish :
maintained and operated using the procedures applying to the life Application of safety
appropriate and validated cycle phase of the system as requirements specified in
procedures, in such a way as to be well the safety requirements common requirements to this
free from harmful interference in system
their normal operational Establish:
environment safety requirement and process
to people, equipment ,
procedures, taking account of Application of ESARR6 for
harmful interference with their software
normal operational environment
Table 14 : ER Safety: Assessment of compliance

Version 1.4 Proposed Issue Page 45


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

10.5.7 Essential requirement: Civil-military coordination

EATMN systems shall support the progressive implementation of civil/military coordination, to


the extent necessary for effective airspace and air traffic flow management, and the safe and
efficient use of airspace by all users, through the application of the flexible use of airspace.
The same concept of operation including civil-military coordination must apply everywhere in
the EATMN.

For each system, it is proposed that the verification of compliance with this essential
requirement “civil-military coordination” relies upon an assessment of compliance with the
relevant part of the ATM operational process as defined in the concept of operations [2].
Use of the reference material “concept of operations”:
See 10.5.5.

10.5.8 Essential requirement: Environmental constraints

To be further investigated.

10.6 Verification of compliance with implementing rules

To be further completed.

Version 1.4 Proposed Issue Page 46


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

11 SYNTHESIS

11.1 Verification of compliance with essential requirements

The table below provides a synthesis of the verification activities summarising, for each sort
of requirement, the verification methods, the evidences giving credence to the compliance
and the responsibilities and phasing.

Verification method Evidence giving credence to Responsibili


Verification of
Activity of the applied by the ANSP the compliance
ER compliance with ty and V-
CA process verifier and to detail into
ER is: (to detail into the CA plan) cycle phase
the CA plan
Verification ER1 An assessment -Rationale demonstrating -Paper-based rationale Customer
of the of compliance compliance with the demonstrating compliance (definition
overall (paper-based) relevant part of the with the relevant parts of the phase)
design (A4) against concept of operations concept of operations Designer
ICAO/EUROCON -When applicable -Cross-reference to a
TROL/Eurocae/ (design
(systems implementing document identifying phase)
ANSP materials functions covered by applicable ICAO provisions
ICAO/SARPs)
-When applicable -Cross-reference to a
(systems implementing document identifying
functions covered by applicable EUROCAE
EUROCAE standards) provisions
-When applicable -Cross-reference to a
(systems implementing document identifying
functions covered by applicable requirements of
proprietary technical technical specifications
specifications)
ER2 An assessment -Rationale demonstrating -Paper-based rationale Customer
of compliance compliance with the demonstrating compliance (definition
(paper-based) relevant part of the with the relevant parts of the phase)
against concept of operations concept of operations Designer
EUROCONTROL
Conops (design
phase)
ER3 An assessment -Rationale demonstrating -Paper-based rationale Customer
of compliance the application of safety demonstrating compliance (definition
(paper-based) requirements specified in with the safety requirements phase)
against safety common requirements specified in common Designer
requirements and of ESARR6 requirements and with (design
specified in ESARR6 phase)
common
requirements and
against ESARR6
ER4 An assessment -Rationale demonstrating -Paper-based rationale Customer
of compliance compliance with the demonstrating compliance (definition
(paper-based) relevant part of the with the relevant parts of the phase)
against concept of operations concept of operations (ATM Designer
EUROCONTROL (ATM operational process) operational process)
Conops (design
phase)
ER5 To be completed To be completed To be completed

Version 1.4 Proposed Issue Page 47


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

Verification method Evidence giving credence to Responsibili


Verification of
Activity of the applied by the ANSP the compliance
ER compliance with ty and V-
CA process verifier and to detail into
ER is: (to detail into the CA plan) cycle phase
the CA plan
Verification ER1 An assessment -When applicable -Cross-reference to Designer
of the of compliance (systems implementing verification specifications (factory
developmen (paper-based) functions covered by (test plans) system
t and against ICAO/SARPs): Testing -Cross-reference to integration)
integration ICAO/EUROCON strategy verification results {External
of the TROL/Eurocae/ -When applicable Manufactur
system (A5) ANSP materials -Cross-reference to
(systems implementing verification results (test er}
functions covered by reports)
EUROCAE standards):
Testing strategy -Cross-reference to
conformance statements
-When applicable when requested
(systems implementing (EUROCAE)
functions covered by
proprietary technical
specifications): Testing
strategy
ER2 N/A N/A N/A
ER3 An assessment -Rationale demonstrating -Paper-based rationale Designer
of compliance the application of safety demonstrating compliance (factory
(paper-based) requirements specified in with the safety requirements system
against safety common requirements specified in common integration)
requirements and of ESARR6, focusing requirements and with {External
specified in on testing strategy. ESARR6 Manufactur
common er}
requirements and
against ESARR6
ER4 N/A N/A N/A
ER5 To be completed To be completed To be completed
Verification ER1 An assessment -When applicable -Cross-reference to Customer
of the of compliance (systems implementing verification specifications (on-site
operational (paper-based) functions covered by (test plans) system
system (A6) against ICAO/SARPs): Testing -Cross-reference to integration
ICAO/EUROCON strategy verification results phase)
TROL/Eurocae/ -When applicable
ANSP materials -Cross-reference to
(systems implementing verification results (test
functions covered by reports)
EUROCAE standards):
Testing strategy -Cross-reference to
conformance statements
-When applicable when requested
(systems implementing (EUROCAE)
functions covered by
proprietary technical
specifications): Testing
strategy
ER2 N/A N/A N/A
ER3 An assessment -Rationale demonstrating -Paper-based rationale Customer
of compliance the application of safety demonstrating compliance (on-site
(paper-based) requirements specified in with the safety requirements system
against safety common requirements specified in common integration
requirements and of ESARR6, focusing requirements and with phase)
specified in on testing strategy. ESARR6
common
requirements and
against ESARR6

Version 1.4 Proposed Issue Page 48


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

Verification method Evidence giving credence to Responsibili


Verification of
Activity of the applied by the ANSP the compliance
ER compliance with ty and V-
CA process verifier and to detail into
ER is: (to detail into the CA plan) cycle phase
the CA plan
ER4 N/A N/A N/A
ER5 To be completed To be completed To be completed
Verification ER1 An assessment -When applicable -Cross-reference to Customer
of the of compliance (systems implementing verification specifications (on-site
specific (paper-based) functions covered by (test plans) system
system against ICAO/SARPs): Testing -Cross-reference to integration
maintenance ICAO/EUROCON strategy of specific verification results phase)
provisions TROL/Eurocae/ maintenance provisions
(A7) ANSP materials -Cross-reference to
-When applicable verification results (test
(systems implementing reports)
functions covered by
EUROCAE standards): -Cross-reference to
Testing strategy of conformance statements
specific maintenance when requested
provisions (EUROCAE)
-When applicable
(systems implementing
functions covered by
proprietary technical
specifications): Testing
strategy of specific
maintenance provisions
ER2 N/A N/A N/A
ER3 An assessment -Rationale demonstrating -Paper-based rationale Customer
of compliance the application of safety demonstrating compliance (on-site
(paper-based) requirements specified in with the safety requirements system
against safety common requirements specified in common integration
requirements and of ESARR6, focusing requirements and with phase)
specified in on testing strategy of ESARR6
common specific maintenance
requirements and provisions
against ESARR6
ER4 N/A N/A N/A
ER5 To be completed To be completed To be completed

Table 15: Summary of the verification activities

11.2 Verification of compliance with the implementing rules


To be further complemented.

Version 1.4 Proposed Issue Page 49


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

ANNEX A - TEMPLATE FOR THE CONFORMITY ASSESSMENT PLAN

A conformity assessment plan should be created for each system or group of systems
identified in the Annex I of the interoperability Regulation.

1 ELEMENTS FOR THE PREPARATION OF THE EC VERIFICATION

1.1 Description of the group of systems

This part is a high level description of the group of systems identified in Annex I of the
interoperability Regulation. This high level description should be along the following lines:
i. Operational functions supported by the group of systems
ii. Interfaces supported with systems external to this group (intra and inter
centres)
iii. Breakdown of the group of systems into individual systems.
1.2 Description of the EATMN system

This description is a high level description of the EATMN system, introduced in the
breakdown of the group of systems. This high level description should be along the following
lines:
• Operational functions supported by the system
• Overall system architecture
o Interfaces supported with systems internal to this group
o Interfaces supported with systems external to this group
o Constituents
o HMIs
• Main capacity indicators.
There is one chapter for each EATMN system belonging to the group of systems.
1.3 Regulatory baseline of the EATMN system

This chapter should identify all essential requirements and provisions of implementing rules
applicable to the EATMN system. The area of application, transitional arrangements,
exemptions, dates of implementation of each implementing rule should be carefully
considered to define the applicable regulatory baseline.
2 EXECUTION OF THE EC VERIFICATION OF THE EATMN SYSTEM

This chapter is split into two parts:


i. EC verification of the EATMN system for compliance with essential
requirements
ii. EC verification of the EATMN system for compliance with implementing
rules.

Version 1.4 Proposed Issue Page 50


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

2.1 EC verification of the EATMN system for compliance with essential


requirements

This chapter presents the assessment of compliance with the essential requirements
identified in the regulatory baseline.
2.1.1 Assessment of compliance with essential requirements
Use explanations given in chapter 10.5 to fill in the following subsections.
2.1.2 Identification of reference materials supporting essential requirements
Use explanations given in chapter 10.5.2 to fill in the following subsections.
2.1.3 Assessment of compliance with ER1 : Seamless operation
Use explanations given in chapter 10.5.4 to fill in the following subsections.
2.1.4 Assessment of compliance with ER2 : Support for new concepts of operation
Use explanations given in chapter 10.5.5 to fill in the following subsections.
2.1.5 Assessment of compliance with ER3 : Safety
Use explanations given in chapter 10.5.6 to fill in the following subsections.
2.1.6 Assessment of compliance with ER4 : Civil-military coordination
Use explanations given in chapter 10.5.7 to fill in the following subsections.
2.2 EC verification of the EATMN system for compliance with implementing
rules

(To be further completed).

Version 1.4 Proposed Issue Page 51


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

ANNEX B - TECHNICAL FILE FOR THE EC VERIFICATION OF EATMN


SYSTEMS

(EC) N° 552/2004, the interoperability Regulation, Annex IV (3) states:

“The technical file accompanying the EC declaration of verification must contain all
the necessary documents relating to the characteristics of the system, including
conditions and limits of use, as well as the documents certifying conformity of
constituents where appropriate.”

1 PART I: CHARACTERISTICS OF THE SYSTEM

Part I contains all items relating to the characteristics of the EATMN system.

Headings Explanations on chapter and sub-chapter


contents…
I – EATMN System description
Unambiguous identification of the EATMN system.
High level description of the EATMN system.
II – Regulatory baseline
List of essential requirements and parts of
implementing rules applicable to the EATMN system.
III – Technical specifications and
Community specifications
List of technical specifications and Community
specifications (version, date of issue,..).
Identification of relevant parts of technical
specifications and Community specifications with
traceability to the regulatory baseline.
IV - Constituents
IV-1 List of constituents Reference of the high level system design document.
EATMN constituents identified in the high level
system design (Note 1).
IV-2 EC Declaration(s) of EC Declaration of conformity or suitability for use for
conformity or suitability for all identified EATMN constituents.
use
V – Conditions and limits of use
Operational context.
Performances of the EATMN system in its operational
context.
Contingency measures.

Version 1.4 Proposed Issue Page 52


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

Note 1: If EATMN constituents are not described and identified in implementing rules,
ANSPs are free to propose their own list of EATMN constituents. The number of EATMN
constituents should not exceed 6 to 8 entities to keep it manageable.

2 PART II: CONFORMITY ASSESSMENT

Part II contains all items relating to the conformity assessment of the EATMN system.
Two cases are defined:

• Case A: Notified bodies are not involved in the verification of the EATMN system.
• Case B: Notified bodies are involved in the verification of the EATMN system

2.1 Case A: Notified bodies are not involved in the verification of the EATMN
system

2.1.1 Assessment of compliance with essential requirements

Assessment of compliance based on rationales describing to what extent the EATMN system
complies with identified reference materials:
• The Concept of Operations;
• The safety requirements specified in common requirements, ESARR6;
• SARPs, ICAO Technical Manuals;
• EUROCAE standards;
• Proprietary technical specifications.

Essential Items to be included…


requirements
ER1 Seamless Rationale assessing compliance with the relevant
operation parts of:
- the Concept of Operations;
- SARPs, ICAO Technical Manuals;
- EUROCAE standards;
- Proprietary technical specifications.
ER2 Support for new Rationale identifying which main changes, as
concepts of operations identified in the Concept of Operation, will impact
the EATMN system.
ER3 Safety Rationale assessing compliance with the safety
requirements specified in common requirements
and with ESARR6.
ER4 Civil-military Rationale assessing compliance with the relevant
coordination part of the ATM process model defined in the
Concept of Operations.

Version 1.4 Proposed Issue Page 53


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

The ANSP can choose to complement the rationales identified above by further evidences, if
needed. These complementary evidences must address the verification tasks defined in
Annex IV (3) Verification procedures for systems.

Verification tasks Items to be included…


I – Verification of the overall
design
Evidences that the system is designed in
accordance with the regulatory baseline and
applicable reference materials.
II – Verification of the
development and integration
Evidences that the system is developed and
integrated in accordance with the regulatory
baseline and applicable reference materials.
III – Verification of the on-site
operational system
Evidences that the system is integrated in its
operational environment in accordance with the
regulatory baseline and applicable reference
materials.
IV - Verification of the system
maintenance procedures
Evidences that the system is maintained in
accordance with the regulatory baseline and
applicable reference materials.

2.1.2 Verification of compliance with implementing rules

To be further described.

2.2 Case B: Notified bodies are involved in the verification of the EATMN
system
A notified body can be involved in the verification tasks defined in Annex IV (3) Verification
procedures for systems. When such notified bodies are involved, the technical file does not
contain the records of tests. The certificate stating that, for the tasks it carried out, the system
complies with the interoperability Regulation, is included (Annex IV (3)).

Version 1.4 Proposed Issue Page 54


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

Verification tasks Items to be included…


I – Verification of the overall
design
Certificate countersigned by the NB with
reservations if any, for the verification of the overall
design (Note 2).
II – Verification of the
development and integration
Certificate countersigned by the NB with
reservations if any, for the verification of the
development and integration (Note 2).
III – Verification of the on-site
operational system
Certificate countersigned by the NB with
reservations if any, for the verification of the on-site
operational system (Note 2).
IV - Verification of the system
maintenance procedures
Certificate countersigned by the NB with
reservations if any, for the verification of the
system maintenance procedures (Note 2).

Note 2: The certificate countersigned by the NB is different from the certificate of


conformity.
Further clarifications should be given for a clear understanding of the notions of
“certificate of conformity” and “certificate countersigned by the NB”.

Version 1.4 Proposed Issue Page 55


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

ANNEX C - EC DECLARATION OF VERIFICATION OF THE EATMN SYSTEM

(see (EC) N° 552/2004, the interoperability Regulation, Annex IV (1)

Declaration of verification of the EATMN system

I - Air Navigation Service


Provider
Trade name and full address:

II – Identification and
description of the EATMN
system
Introduce the same text as in the technical file:

III - Regulation references


Introduce the same text as is in the technical file (regulatory baseline):

IV - References of documents
contained in the technical file
These documents are:
• Certificate of conformity (see Part I / Case B for the technical file)
• Rationales and evidences (see Part II / Case B for the technical file)

Version 1.4 Proposed Issue Page 56


INITIAL GUIDELINES FOR THE CONFORMITY ASSESSMENT OF EATMN SYSTEMS

V - References to the
Community specifications
Extract the list of Community specifications from Part I of the technical file (excluding the
technical specifications):

VI - Description of the
procedure
Based on the generic process, define for each activity A1 to A7, the responsibility and
the identity of stakeholders.

1. This declaration of verification of EATMN system is issued under the responsibility of:
Trade name and address of the ANS.

2. The object of the declaration is the EATMN system as identified and described in III.

3. The verification of this EATMN system has been carried out in accordance with
procedures defined in VI.

4. This EATMN system is in compliance with essential requirements and regulatory


provisions of implementing rules identified in III.

5. This EATMN system implements the Community specifications identified in V.

6. The Notified body (name, number) performed tasks (tasks included in activities A1 to
A7) as described in VI. (Repeat this statement for each notified body).

7. The declaration is valid until (end date):

Signed for and on behalf of:


………………………………………………………………………………………………….

(Place and date of issue)

………………………………………………………………………………………………….
(Name, function) (Signature)

Version 1.4 Proposed Issue Page 57