A4E supports the Commission’s pledge to reducing burdens for EU businesses by 25% and simplify reporting for EU businesses to focus on efficiency and competitiveness without undermining the policy objectives of EU legislation. There are numerous reporting requirements in EU air transport legislation that can be removed or rationalised without undermining their policy objectives. This paper sets out A4E’s analysis of current legislation representing a significant administrative burden and bureaucratic costs for the aviation ecosystem and highlights where a simplification of the rules should be considered:
1. ENVIRONMENTAL LEGISLATION
There is strong potential to streamline reporting obligations in sustainable aviation fuels (SAF) and environmental reporting. A4E advocates notably for a regulatory framework that helps to ramp up the SAF market and provides incentives for SAF use, also beyond mandated levels. A smooth interplay between the different relevant legislation is key; consistency between ReFuelEU Aviation (Regulation 2023/2405), the revised Renewable Energy Directive (RED, Directive 2023/2413) and the amended legislation on EU ETS for aviation (Directive 2023/958) is a must.
In addition, it will be important to ensure that those rules are coherent and aligned with general sustainability reporting and accounting standards. The ETS Directive rules for aviation need to cater for an evolving industry with higher SAF uptake which cannot be traced on each flight: the monitoring and reporting rules should provide for unambiguous and timely alignment on the eligibility of fuels i.e. the SAF definition and scope as set out under ReFuelEU Aviation, including any future adjustments and extensions due to changes in the overarching RED framework.
Such facilitation of reporting and traceability for aircraft operators, but also fuel suppliers and competent authorities, could use a single EU registry as in the RED Union Database (UDB) for biofuels and bioliquids. This would reduce the administrative burden and avoid double claiming and fraud by centralising all relevant information streams related to SAF, including their environmental attributes. This approach would allow for effective implementation of the requirements of both fuel suppliers and airlines under the three pieces of legislation without significant administrative burden. It is important that fuel suppliers provide all necessary information related to their SAF deliveries in due time and that commercially sensitive information is not published.
Under the revised rules for EU ETS, the Commission is also setting up an Monitoring Reporting and Verification (MRV) system for non-CO2 effects of aviation. Any monitoring and reporting of non-CO2 effects should be subject to technical feasibility, stakeholder & technical consultation, and should involve parties best positioned to efficiently provide data (e.g. airlines, EUROCONTROL or EASA and others,). While some of the discussed non-CO2 components might be available today (temperature, flight trajectory), some of the data does not originate from the airline, some requested information would require vast amounts of data (flight trajectory), while others currently cannot be collected due to a lack of technical solutions (humidity, NOx, soot particles, sulphur oxides, contrail formation).
2. PASSENGER DATA & BORDER CONTROL
Directive EU 2016/681 on the use of passenger name records (PNR): the directive rolled out harmonised rules for processing of PNR data, allowing law enforcement authorities to discover persons suspected of crime or terrorism. Under the directive, Member States are allowed, but not obliged, to collect PRN data concerning selected intra-EU flights. In effect, the overwhelming majority of Member States are now requiring intra-EU PNR data transfers. While some data elements are unique to the scope of PNR (e.g. seating information, payment details etc.) others overlap with API data elements. Regulation (EU) 2017/2226 establishing an Entry/Exit System (EES), Regulation (EU) 2018/1240 establishing a European Travel Information and Authorisation System (ETIAS) and Regulation (EC) 767/2008 concerning the Visa Information System (VIS) all require carriers to transfer API data elements or will require it once launched (for instance, the EES is expected to enter into force after Summer 2024).
Proposal for a Regulation (EU) 2022/0424(COD) and Proposal for a Regulation (EU) 2022/0425(COD), which are expected to be concluded in the course of 2024, will constitute the new foundation for API data transfer obligations for carriers operating in Europe. Under these two regulations carriers will face obligations to transmit API data at the time of check-in and once again before boarding – failure to do so will leave them exposed to significant financial penalties. Some of the negotiators on the API proposals are even pushing for the inclusion of intra-EU flights API data collection.
It is apparent that meeting the above-listed reporting obligations will result in significant duplication, carrying additional costs and operational burden for carriers. As we have repeatedly expressed to DG HOME, the European Parliament, and Council officials, steps must urgently be taken to set up a harmonised approach for passenger data transmission. The use of a single router – which would be set-up by eu LISA (also in charge of the EES roll-out) – has been touted by EU officials as the solution for addressing this overlap, with amendments supporting this approach being discussed within the framework of negotiations around the API file. A4E welcomes this approach. Our ask is that the single router delivers on these objectives by ensuring that:
1. all of the above listed data sharing obligations must be taken into account by the single router to avoid overlap, including PNR.
2. lessons from the difficulties encountered during the roll-out of the EES must be learned. The industry remains eager to provide inputs on what best practices can be followed.
3. CYBERSECURITY
Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (NIS 2 Directive) introduces common requirements to address cybersecurity risks for a wide set of critical entities in the EU, including airlines. The Directive strengthens the cybersecurity risk management requirements that companies are obliged to comply with in terms of incident response and crisis management, vulnerability handling and disclosure, policies and procedures to assess the effectiveness of cybersecurity risk management measures, or cybersecurity hygiene and training. The Directive streamlines incident reporting obligations with more precise provisions on reporting, content and timeline. Given the wide applicability across all industries and the peculiarity of the legal instrument used, the requirements contained in the Directive are quite generic, although more concrete of those of the previous version of the Directive.
At the same time, Commission Implementing Regulation (EU) 2023/203 and Commission Delegated Regulation (EU) 2022/1645 as regards requirements for the management of information security risks with a potential impact on aviation safety for organisations and competent authorities (Part-IS legislation) set a sector-specific cybersecurity framework. Part IS requires approved organisations to establish an information security management system (ISMS) and to report significant cybersecurity vulnerabilities and incidents to their competent authorities. As part of the ISMS, the organisations need to perform a risk assessment to identify threats to their organisations and to implement appropriate measures commensurate to the identified risk.
Part IS has not been considered as a sector-specific Union legal act equivalent to NIS 2.0 according to the Commission Guidelines on the application of Art 4.1 of NIS 2.0 Directive. Hence, airlines, airports, etc. will need to comply with both legal frameworks (Part-IS+NIS 2.0) on top of Regulation 1583/2019. In practical terms, airlines will have to comply with both cybersecurity requirements to maintain the certificate(s) they already hold.
DG CNECT and DG MOVE recently committed to do a cross map exercise of the different aviation cybersecurity requirements across legislations (EASA Part-IS, NIS2 Directive and EU2019/1583) to avoid reporting overlaps and confusion from inspectors. A4E appreciates the Commission’s commitment and urges DG CNECT and DG MOVE to soon finalise this exercise and consult the industry when assessing the different measures.
4. PASSENGER RIGHTS AND CONSUMER LEGISLATION
The current legal framework has created a huge burden on airlines. Contrary to what can be argued, the focus should be on ensuring the consumers get to their destination without creating too much of a financial and organizational responsibility on airlines, instead of penalizing airlines to the highest degree.
In 2020, the EC published a study on the current level of protection of air passenger rights in the EU, highlighting the shortcomings of the current framework. A higher rate of disruptions, especially ATC-related delays, and a lack of clarity on key issues such as extraordinary circumstances (force majeure), has a significant impact on airlines. The study estimated that EU261 compliance costs amounted to €5,3 billion in 2018. A more recent analysis estimated the cost of delays and cancellations for EU airlines would increase from €8,1 billion in 2019 to €9,2 billion by 2030.
The burden that it creates on airlines and the need for more legal certainty call for progress in the revision of Regulation 261/2004 on air passenger rights. A4E supports the Commission’s 2013 proposal as a good basis for reform. It would give passengers and airlines clearer rules, for example by introducing a list of extraordinary circumstances.
5. SAFETY
Member states and their respective supervisory authorities put diverging requirements on the form and content of safety reporting. This leads to a fragmented and non-standardised implementation of safety reporting by requesting:
- data in specific formats or physical appearance
- double reporting as databases cannot be accessed by other organisations (national and international)
- licenses and records physical instead of digital
- double reporting of same incident/event as different regulations establish separate reporting requirements
Besides creating confusion, multiple or non-harmonised reporting has a significant impact on resources not only in airlines but also within national authorities. Detailed examples on reporting/auditing topics:
- Reliability Reporting to NAAs: several NAAs insist on pdf based offline reports – state of art NAAs allow for digital data dump and/or access to operator data platforms
- Duplicate occurrence reporting of Part 145, CAMO, AOC on e.g. technical topics
- National inspector licenses für engine / components, e.g. German class 4 inspector for engines. massive administrative hurdle in admin to perform tasks which should be within B1/B2 scope and are ins other EU member countries (know at EASA).
- Organisations with multiple approvals (like DLH): SMS is now introduced in Part-21, Part-CAMO, Part-145 resulting in interfacing with four different inspectors (DOA, POA, AMO and CAMO) on safety topics.
In addition digitalisation is not taken onboard:
- Some NSAs do not consider digital documents for maintenance records and certificates as sufficient (different standards/national requirements published) impeding transfer of aircraft amongst member states
- Qualification requirements of maintenance records scanning devices published by LBA (Germany) – useless, costly, overdone
- Digital certificate for Airworthiness Review onboard aircraft instead of hand-written and signed document (requires highly qualified staff of NSA to “chase” planes around EU airports just for signatures/extensions)
Within the framework of digitalisation it should be ensured that:
- The digital form of records, licenses or certificate should be the preferred solution.
- Standards should be harmonised on an EU/global level regarding the digital format and content when reporting.
- Individual (national) requirements should be minimised.
- Reported data should be stored in such a way that it is easily exchangeable/accessible, and EC should support such activities e.g. establishing EU-wide databases.
- A review should be carried out to ensure that multi-reporting based on independent regulations is eliminated.
6. UNION CUSTOMS CODE
The European Commission claims that the proposals to reform the Union Customs Code, by creating a single EU interface and facilitating data re-use, will bring around EUR 2bn cost savings for traders. However, the details of the reform of the Union Customs Code will be defined in implementing legislation and this will be incredibly important to determine any potential cost savings for traders. There are provisions in the proposed reform which will not simplify things such as the proposed removal of the customs duty de minimis (which will increase red tape at the border) or the proposed reduction of the maximum period for temporary storage from 90 to 3 days.
The efficient use of data would be a clear advantage compared to today’s IT landscape with many different systems and national characteristics. However, this approach can only be successful if national requirements are also aligned with a potential EU-wide set-up.
The creation of an independent EU Customs Authority, which would support the uniform application of EU customs regulations, is a particularly valuable element of the proposal. However, it is important that its role and the role of National Customs Authorities are clearly defined to avoid overlapping and duplications. This should ensure an efficient and effective structure of competences, responsibilities and rights of intervention.
7. SUSTAINABLE FINANCE
In the context of Sustainable Finance, the EU Taxonomy is creating significant administrative burdens, requiring an immense annual effort to align business activities with the screening criteria to demonstrate that assets are in fact green. Well intended in its purpose, it currently lacks the notion of simplicity and practicability due to the substantial contribution criteria and DNSH. The question is whether the requirements are useful and meaningful for users, i.e., investors. In this context, we would encourage the EC to consider reducing the mandatory KPIs e.g. the OpEx KPIs information, possibly making it optional for airlines. Other types of improvements could be the requirement to report only those activities to be financed through sustainable finance.