Aviation Security In Europe

Unpacking the Layers of European Aviation Security: Regulations, Roles, and Identity Management
Roy Jeunen

When shipping goods or persons by air, one needs to take into account different requirements related to aviation security. Depending on which function a company is performing at, or through the airport, there are different needs. In this short article we try to clarify the structure of the relevant European Aviation Security regulations, the different actors and the need link with the Identity & Access Management for each of these players (IAM).

1 Background

As a result of the terrorist attacks of 11 September 2001, the European Union established common rules in the field of civil aviation security. This common approach was needed to provide effective means to the industry after this major event. After several years in service, the regulations needed to be revised in light of the experience gained and feedback received. This revision is the current active legislation, and is the one that will be further depicted in this paper.

2 Overview

The basis for the current, European, aviation security legislation can be brought back to two main regulations.

  • Regulation(EC) No 300/2008 – on common rules I the field of civil aviation security and repealing Regulation (EC) No 2320/2002
  • Regulation (EU) 2015/1998 – laying  down detailed measures for the implementation of the common basic standards on aviation security

Both are equally important. The former provides broader background and framework of aviation security within the European Union. The latter builds on Article 4 of the Regulation 300/2008 and provides more details & practical handlebars for the different actors to work with. Now let’s deep dive in both of them.

2.1 Regulation (EC) No 300/2008

In summary, this regulation brings the necessary background towards the origin of the document, the link towards other relevant documents/conventions (E.g. Chicago Convention on International Civil Aviation…) and gives guidance to the different national authorities towards the elements in aviation security. For companies the most important articles are:

  • Article 2 defining the scope to which the common rules apply. Basically all commercial/public airports and all companies providing services at these airports, and all entities providing goods and/or services to or through these airports.
  • Article 3 depicting different definitions within the framework. Specifically for this paper the following are considered of interest:
  • ‘access control’ means the application of means by which the entry of unauthorised persons or unauthorised vehicles, or both, may be prevented;
  • security restricted area’ means that area of airside where, in addition to access being restricted, other aviation security standards are applied;
  • ‘regulated agent’ means an air carrier, agent, freight forwarder or any other entity who ensures security controls in respect of cargo or mail;
  • ‘known consignor’ means a consignor who originates cargo or mail for its own account and whose procedures meet common security rules and standards sufficient to allow carriage of cargo or mail on any aircraft;
  • ‘account consignor’ means a consignor who originates cargo or mail for its own account and whose procedures meet common security rules and standards sufficient to allow carriage of that cargo on all-cargo aircraft or mail on all-mail aircraft;
  • Article 4, which refers to the common basic standards described in Annex I of the Regulation. 

2.2 Regulation (EC) No 2015/1998

This regulation goes into depth on the different elements of aviation security. The table in the next page shows the different sections depicted in the regulation.

Important to note, this regulation provides practical guidelines for all actors using the airport, from

  • The airport itself 
  • To aircraft (carriers)
  • To handling agent
  • To freight/mail forwarders 
  • To suppliers of goods  for airport/flights

3) Identity and Access Management

For almost each of the sections in the regulation 2015/1998, and hence for most of the actors working on/through an airport, there are Identity & Access management controls described. These can be summarized to the following principles 

  1. Separate access between airside, security restricted area and landside
  1. Prevent unwanted access to goods that are supplied to airports, or need to go on an airplane (e.g. cargo, mail, baggage…), in all steps of the process
  1. Perform pre-employment/background checks on personnel 
  1. Ensure that personnel have the proper visual identifiers
  1. Ensure that personnel is trained and retrained

4) How can NineID help?

NineID presents a comprehensive IAM (Identity and Access Management) platform, designed to meet the security demands of complex sites. When paired with the optional XS1 hardware units, it provides a holistic IAM solution. This platform is inherently adaptable, enabling users to effortlessly configure and modify security settings for each area, aligning with varying levels of security requirements.

NineID assists in:

  • Gathering and securely storing all essential personal documents, IDs, licenses, and certificates for visitors, employees, or contractors prior to their visits, ensuring compliance with GDPR.
  • Distributing training materials and conducting security checks, both for initial onboarding and ongoing training purposes.
  • Distinguishing among various roles, responsibilities, and authorities.
  • Simplifying the process of modifying roles and security clearances.
  • Sending automated alerts during emergencies.
  • Maintaining accurate records of everyone present on the site.

Roy Jeunen

Co-founder & Co-ceo

About the author:

Roy Jeunen is co-ceo & co-founder of NineID. His expertise lies in biometric access control, modern access flows, physical safety for highly regulated businesses, and fostering innovation. Roy has been a prominent speaker at various security events including ASIS International (#gsx2023 and #gsx2022), and IFMA World Workplace Europe, where he shared his deep insights and knowledge of the security industry. Known for his in-depth analysis and thought leadership, Roy continues to contribute valuable content to our blog, helping readers familiarize themselves with the intricacies of today's complex security landscape.