法律人 LawPlayer logo

資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex

Regulation

Commission Delegated Regulation (EU) 2025/22 of 19 December 2024 amending Delegated Regulation (EU) 2022/1645 as regards requirements on information security for organisations providing ground handling services

CELEX
Delegated Regulation (EU) 2025/22
Date of document
Articles
4
Source
EUR-Lex
Article 1

Delegated Regulation (EU) 2022/1645 is amended as follows:

(1)

in Article 2(1), the following point (c) is added:

‘(c)

ground handling organisations subject to Commission Delegated Regulation (EU) 2025/20  ( *1 ) that:

(i)

in order to provide the respective services, have to collect, store, analyse or otherwise process data provided by third parties; or

(ii)

provide directly to aircraft operators data that will be used for operational purposes.

( *1 )   Commission Delegated Regulation (EU) 2025/20 of 19 December 2024 supplementing Regulation (EU) 2018/1139 of the European Parliament and of the Council by laying down requirements for the safe provision of ground handling services and for organisations providing them ( OJ L, 2025/20, 7.3.2025, ELI: http://data.europa.eu/eli/reg_del/2025/20/oj ).’;"

(2)

in Article 5(1), the following point (c) is added:

‘(c)

with regard to organisations referred to in Article 2 point (c), the competent authority designated in accordance with the Annex (Part-ARGH) to Commission Implementing Regulation (EU) 2025/23  ( *2 ) .

( *2 )   Commission Implementing Regulation (EU) 2025/23 of 19 December 2024 laying down rules for the application of Regulation (EU) 2018/1139 of the European Parliament and of the Council, as regards requirements for the oversight of ground handling services and organisations providing them ( OJ L, 2025/23, 7.3.2025, ELI: http://data.europa.eu/eli/reg_impl/2025/23/oj ).’."

Article 2

The Annex to Delegated Regulation (EU) 2022/1645 is amended in accordance with the Annex to this Regulation.

Article 3

1.   This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union .

2.   Article 1 shall apply from 27 March 2031.

3.   Article 2 shall apply from 16 October 2025.

Schedules & Appendices

ANNEX

ANNEX

The Annex to Delegated Regulation (EU) 2022/1645 is amended as follows:

(1)

point IS.D.OR.200(a)(5) is amended as follows:

‘(5)

defines and implements, in accordance with point IS.D.OR.220, the measures required to detect information security events, identifies those events which are considered incidents with a potential impact on aviation safety, and responds to, and recovers from, those information security incidents;’;

(2)

points (b) and (c) of IS.D.OR.250 are amended as follows:

‘(b)

The initial issue of the ISMM shall be approved and a copy shall be retained by the competent authority. An approval shall not be required for declaring organisations. The ISMM shall be amended as necessary to remain an up-to-date description of the ISMS of the organisation. A copy of any amendments to the ISMM shall be provided to the competent authority.

(c)

Amendments to the ISMM shall be managed in a procedure established by the organisation. Any amendments that are not included within the scope of this procedure and any amendments related to the changes referred to in point IS.D. OR.255(b), shall be approved by the competent authority. An approval shall not be required for declaring organisations.’;

(3)

Point IS.D.OR.255 is replaced by the following:

‘ IS.D.OR.255     Changes to the information security management system

(a)

Changes to the ISMS may be managed and notified to the competent authority in a procedure developed by the organisation. This procedure shall be approved by the competent authority, except for declaring organisations.

(b)

With regard to changes to the ISMS not covered by the procedure referred to in point (a), the organisation shall apply for and obtain an approval issued by the competent authority, except for declaring organisations, for which an approval is not required.

With regard to these changes:

(1)

the application shall be submitted before any such change takes place, in order to enable the competent authority to determine continued compliance with this Regulation and to amend, if necessary, the organisation certificate and related terms of approval attached to it;

(2)

the organisation shall make available to the competent authority any information it requests to evaluate the change;

(3)

the change shall be implemented only upon receipt of a formal approval by the competent authority, except for declaring organisations, which may implement the change immediately;

(4)

the organisation shall operate under the conditions prescribed by the competent authority during the implementation of such changes.’.

4 articles

Cite this act

Commission Delegated Regulation (EU) 2025/22 of 19 December 2024 amending Delegated Regulation (EU) 2022/1645 as regards requirements on information security for organisations providing ground handling services (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32025R0022

© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.

EU-EurLex-Reuse-2011-833

本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com