REGULATORY APPROACH FOR THE

Similar documents
ADQ Regulators Working Group

This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents

COMMISSION REGULATION (EU)

AIS Basics - NOTAM, AIP, Amendments, Supplements, Circulars, Charts, and NOTAM Putting the basics in place

Official Journal of the European Union L 186/27

DP-7 The need for QMS controlled processes in AIS/AIM. Presentation to QMS for AIS/MAP Service Implementation Workshop Dakar, Senegal, May 2011

Official Journal of the European Union L 146/7

TANZANIA CIVIL AVIATION AUTHORITY AIR NAVIGATION SERVICES INSPECTORATE. Title: CONSTRUCTION OF VISUAL AND INSTRUMENT FLIGHT PROCEDURES

EUROPEAN COMMISSION DIRECTORATE-GENERAL FOR MOBILITY AND TRANSPORT

COMMISSION OF THE EUROPEAN COMMUNITIES. Draft. COMMISSION REGULATION (EU) No /2010

COMMISSION IMPLEMENTING REGULATION (EU)

AERONAUTICAL INFORMATION DIGITAL DATBASES INTERGATION AND QUALITY MANAGED MIGRATION

Aeronautical Information Services Issue 1 30 May 2012

Quality Assurance. Introduction Need for quality assurance Answer to the need of quality assurance Details on quality assurance Conclusion A B C D E

Amendment 37,38 to Annex 15 Amendment 57 to Annex 4

Introduction to Amendment 40 to Annex 15

FLIGHT OPERATIONS PANEL (FLTOPSP)

SRC POSITION PAPER. Edition March 2011 Released Issue

TWELFTH AIR NAVIGATION CONFERENCE

SESAR Active ECAC INF07 REG ASP MIL APO USE INT IND NM

COMMISSION REGULATION (EU) No 255/2010 of 25 March 2010 laying down common rules on air traffic flow management

Terms of Reference for a rulemaking task

Terms of Reference for a rulemaking task. Requirements for Air Traffic Services (ATS)

Official Journal of the European Union L 283/25

Overview ICAO Standards and Recommended Practices for Aerodrome Mapping Data reported to AIM

Data Origination, Management and WGS 84. ICAO PBN Seminar Data Origination & Management and WGS 84

PBN, ADQ, ADQ2 IR EUROCONTROL Activities Status

AIS-AIM Study Group Working Status

OVERSEAS TERRITORIES AVIATION REQUIREMENTS (OTARs)

Regional implementation of Electronic Terrain and Obstacle data (e-tod) (Presented by Jeppesen)

IRELAND SAFETY REGULATION DIVISION

EUROCONTROL SPECIFICATIONS SYNOPSIS

REGULATION No. 10/2011 ON APPROVAL OF FLIGHT PROCEDURES INCLUDING SID-s AND STAR-s. Article 1 Scope of Application

From AIS to AIM. COMSOFT AIS to AIM Lima, Peru Context and Overview Isabel Zambrano Rodriguez

30 SEP - 02 OCT, 2014

NATIONAL AIRSPACE POLICY OF NEW ZEALAND

RMT.0464 ATS Requirements The NPA

Development of the Global AIM Strategy (AIM Projects)

Asia Pacific Regional Aviation Safety Team

ICAO GANP Requirements and Evolution

L 342/20 Official Journal of the European Union

EUROPEAN ORGANISATION FOR THE SAFETY OF AIR NAVIGATION EUROCONTROL. Draft. COMMISSION REGULATION (EC) No /.. DD/MM/YYYY

INTERNATIONAL CIVIL AVIATION ORGANIZATION AFI REGION AIM IMPLEMENTATION TASK FORCE. (Dakar, Senegal, 20 22nd July 2011)

From AIS to AIM. Paul Bosman, Head of Aviation Cooperation and Strategies, EUROCONTROL

Official Journal of the European Union L 7/3

Consideration will be given to other methods of compliance which may be presented to the Authority.

SRC POSITION PAPER. Edition December 2011 Released Issue

NNF Work-shop on Navigation, Safety and Technology. Dato: 2. February Gunn Marit Hernes Luftfartstilsynet

Safety and Airspace Regulation Group. 31 May Policy Statement STANDARD INSTRUMENT DEPARTURE TRUNCATION POLICY.

TWELFTH AIR NAVIGATION CONFERENCE

Part 171. Aeronautical Telecommunication Services - Operation and Certification. CAA Consolidation. 10 March 2017

WORKING TOGETHER TO ENHANCE AIRPORT OPERATIONAL SAFETY. Ermenando Silva APEX, in Safety Manager ACI, World

EUROCONTROL approach to the execution of the PBN IR Mandate

AFI Plan Aerodromes Certification Project Workshop for ESAF Region (Nairobi, Kenya, August 2016)

EASA ATM/ANS regulatory update

Quality Management System (QMS)

AIXM/WXXM CONFERENCE 2010

CIVIL AVIATION AUTHORITY, PAKISTAN OPERATIONAL CONTROL SYSTEMS CONTENTS

The Importance of AIM and the Operational Concept

Sample Regulations for Water Aerodromes

AERONAU INFORMATION MANAGEM. International TENTH MEETING THE QUALITY OF SUMMARY. such quality added). global ATM 1.3. regard, the.

WORKSHOP 1 ICAO RPAS Panel Working Group 1 Airworthiness

European Joint Industry CDA Action Plan

EUROCONTROL Guidance for Military Aeronautical Information Publications Consistency with ICAO Annex 15 EUROCONTROL

ADVISORY CIRCULAR AC-AD-005

Screening Chapter 14 Transport. Single European Sky (SES) 18 December Transport

4.1 This document outlines when a proposal for a SID Truncation may be submitted and details the submission requirements.

Work Programme of ICAO Panels and Study Groups

Proposed Changes to Inverness Airport s Airspace The Introduction of Controlled Airspace and Optimisation of Instrument Flight Procedures

AMXM Airport Mapping picking-up SWIM

RMT.0464 ATS Requirements

Explanatory Note to Decision 2016/009/R

Terms of Reference for rulemaking task RMT Regular update of ATM/ANS rules (IR/AMC/GM)

Curriculum for AIM Training Module 2: ARO Officer

DRAFT COMMISSION REGULATION (EU) / of XXX. laying down rules and procedures for the operation of unmanned aircraft

SUMMARY REPORT ON THE SAFETY OVERSIGHT AUDIT FOLLOW-UP OF THE DIRECTORATE GENERAL OF CIVIL AVIATION OF KUWAIT

NOTICE OF PROPOSED RULE MAKING

TWELFTH AIR NAVIGATION CONFERENCE

2 nd Stakeholders Consultation Workshop SES Interoperability Mandate on Air-Ground Voice Channel Spacing

Avitech GmbH AIXM Capabilities & Experiences

PBN and airspace concept

Aerodrome s Inspector Workshop Sint Maarten 11 to 15 June 2012

INTERNATIONAL FIRE TRAINING CENTRE

THIRTEENTH AIR NAVIGATION CONFERENCE

Learning Objectives. By the end of this presentation you should understand:

OVERSEAS TERRITORIES AVIATION REQUIREMENTS (OTARs)

PBN/TF/7 DRAFT Appendix D to the Report D-1

CIVIL AVIATION REGULATIONS SURINAME PART 17 - AERONAUTICAL TELECOMMUNICATIONS VERSION 5.0

1/2 July Draft Commission Implementing Regulation amending Regulation (EU) No 1207/2011 (Surveillance Performance and Interoperability SPI)

GENERAL ADVISORY CIRCULAR

(Non-legislative acts) REGULATIONS

GUIDANCE MANUAL FOR AERONAUTICAL INFORMATION SERVICES (AIS) in the ASIA/PACIFIC REGION

Electronic Terrain and Obstacle Data

GUIDANCE MANUAL FOR AERONAUTICAL INFORMATION SERVICES (AIS) in the ASIA/PACIFIC REGION

Implementation challenges for Flight Procedures

AERONAUTICAL SERVICES ADVISORY MEMORANDUM (ASAM) Focal Point : Gen

The contribution of the ATM SATCOM Safety Board (ASSB) Filippo Tomasello Rulemaking Official (EASA) Chair of the ASSB 10 Oct. 2011

TWENTY-SECOND MEETING OF THE ASIA/PACIFIC AIR NAVIGATION PLANNING AND IMPLEMENTATION REGIONAL GROUP (APANPIRG/22)

ETSI EN V1.2.1 ( )

WORLDWIDE SYMPOSIUM ON ENABLING THE NET-CENTRIC INFORMATION ENVIRONMENT:

Transcription:

EUROPEAN ORGANISATION FOR THE SAFETY OF AIR NAVIGATION EUROCONTROL SINGLE EUROPEAN SKY (SES) REGULATIONS REGULATORY APPROACH FOR THE AERONAUTICAL DATA INTEGRITY 24 May 2006 Released Edition 2.0

DOCUMENT CONTROL DOCUMENT CHANGE RECORD The following table records the complete history of the successive editions of the present document. Edition Number Edition Date Reason for Change Pages Affected 0.1-0.5 Internal draft versions All 0.6 12-12-05 Distribution to Drafting Group for Comment All 0.7 20-12-05 Updates following Drafting Group and expert feedback 0.7.2 27-12-05 Minor corrections All 0.8 16-01-06 Updates following Review Group All 1.0-1.1 27-01-06 Released version All Draft 1.2 10-05-06 Draft for update following consultation and workshop 2.0 24-05-06 Released Final Version All All All Status: Released Edition No: 2.0 Date: 24 May 2006 Document No: - ii -

EXECUTIVE SUMMARY The purpose of the European Commission mandate to EUROCONTROL on Aeronautical Data Integrity (ADI) is to develop a draft interoperability implementing rule that supplements and strengthens the requirements of ICAO Annex 15 (Aeronautical Information Services) in order to achieve aeronautical information of sufficient quality. Studies have demonstrated that aeronautical information does not currently have the integrity values (and therefore quality) required to meet specific applications such as Precision-RNAV (PRNAV) in Terminal Airspace; moreover, surveys have shown a lack of harmonisation of data processes and interoperability across States and stakeholders. There is clear evidence to question both the accuracy and integrity of published information. The mandate encompasses data origination and those activities that fall under the scope of ICAO Annex 15. The scope of the regulatory approach, therefore starts with data origination activities (e.g. surveying, procedure design), through Aeronautical Information Services (AIS) to publication to the next intended users of the data. This provided a wide scope of issues for consideration within the interoperability analysis of the regulatory approach and emphasises the complexity of the problem faced in addressing aeronautical data quality. Several key issues arose from the interoperability analysis for ADI: firstly, current ICAO data integrity level assignments are considered insufficient to meet the intended use of certain data items and particularly to support future concepts such as P-RNAV in the terminal area; secondly, regulation of data origination is seen as essential as some origination errors are very unlikely to be detected at later stages of the data process; thirdly, the levels of integrity that can be achieved by manual interaction remain uncertain although it is accepted that manual interaction and paper-based processes are a key reason for a reduction in integrity; finally, to achieve interoperability and reduce manual interaction, the use of automation and standardised data sets and formats would be important. Three regulatory approach alternatives were selected to address data origination through to publication to the next intended user. The alternatives vary the regulatory coverage and level of prescription and all recognise the need for existing ICAO data integrity levels to be elaborated so that items can be assigned to meet intended purpose, notably to support applications such as RNAV. All alternatives require a standardised data set, almost certainly to be based on an enhanced AIXM data set. A general provision is included within the regulatory approach that complements the Common Requirements Regulation for service providers to implement a Quality Management System (QMS). Specific additional provisions are included which are common to all alternatives and which complement and strengthen existing ICAO provisions. They are applicable to the scope of data items specified within each alternative. - iii -

Alternative 1 is designed to provide strong regulation to all parts of the data chain within the above scope. All integrity levels are encompassed by this alternative which seeks to support widespread automation and interoperability by mandating a common digital format and the electronic storage and transmission of data throughout the process. Subject to further study and definition, provisions may be introduced to ensure that integrity levels are assigned based on intended use and in accordance with assignment criteria provided at a European level (this would apply to Alternative 2 as well and in a less mandatory way to Alternative 3). Alternative 1 is prescriptive in its regulation of data origination activities by mandating elements of the EUROCONTROL Data Origination Document. Alternative 2 requires the progressive implementation of automation and achievement of interoperability by requiring the same common digital format as in Alternative 1 but only to support the transmission of data. It is therefore less constraining than Alternative 1. To provide greater flexibility to stakeholders, Routine data is not included within the regulatory coverage of the draft rule, other than as required within the overarching QMS. Data origination is addressed by the provision of high level performance requirements within the rule but in a way that places the detailed requirements at the level of specifications. This allows greater choice for compliance by regulated parties. Again, States would be required to assign data integrity levels based on intended use and in accordance with assignment criteria provided at a European level. Alternative 3 is designed as a minimum prescription approach but which would provide an improvement in data quality over the status quo. This is achieved by the general and specific provisions common to each alternative. Interoperability would be supported by the regulation of a standardised data set but no common digital format requirement would be required, leaving room for individual implementations. In general, the regulation of technical performance of data origination would be left to States, supported notably by the provision of the EUROCONTROL Origination Document. States would also be free to accept or elaborate ICAO integrity levels to meet the data s intended purpose but this would not be mandated. Cost impact information is not yet available in detail to support the choice of one alternative over another, mainly because the requirements for resources to achieve the required integrity through manual interaction remain unclear. Alternative 1 would probably be the most demanding in terms of costs and would ensure the highest level of interoperability. Its adoption would reflect the ambition of the ATM community to improve ADI at the quickest possible pace. The cost implications of Alternative 2 would probably be lower, in so far as it allows more flexibility to regulated parties, whilst still providing clear requirements for interoperability and reduced manual interaction. Cost implication of Alternative 3 is difficult to assess, even on a relative basis, considering that it provides greatest flexibility to stakeholders; the lower level of prescription should normally imply reduced costs. However, this Alternative may lead to a lack of interoperability through a variety of un-coordinated implementations and it does not obviously reduce manual interaction. The formal consultation on the draft Regulatory Approach took place between 27 January and 27 March 2006. The consultation received 40 responses, the majority of which confirmed Alternative 2 as the preferred regulatory approach. A number also supported Alternative 1 as an ultimate goal, using Alternative 2 as a step en-route. There was no support for Alternative 3. Thirteen stakeholders proposed other alternatives for a regulatory approach but the main issue arising from these proposals was the need for more analysis before selection of a single approach. - iv -

Alternative 2 is, therefore, recommended as the preferred alternative as it is supported by a majority of Stakeholders and because it supports the achievement of significant progress in terms of in data integrity and interoperability as a whole, whilst opening as appropriate the way towards a longer-term target such as described in Alternative 1. Detailed safety, cost and technical impact assessments will be carried out using Alternative 2 as the basis for the draft regulatory provisions during the next phase of the mandate process. - v -

REFERENCES 1. Regulation (EC) No 552/2004, OJ l 96 of 31.3.2004 (the interoperability Regulation) 2. Mandate to EUROCONTROL to assist the European Commission in the development of an interoperability implementing rule on Aeronautical Data Integrity 3. Commission Regulation (EC) No 2096/2005 of 20 December 2005 (common requirements for the provision of air navigation services) 4. ICAO Annex 4 (Aeronautical Charts) 5. ICAO Annex 10 (Aeronautical Telecommunications) 6. ICAO Annex 11 (Air Traffic Services) 7. ICAO Annex 14 (Aerodromes) 8. ICAO Annex 15 (Aeronautical Information Services) 9. ICAO Doc 8126 (AIS Manual) 10. ICAO Doc 9674 (WGS 84 Manual) 11. Decision 93/465/EEC (Conformity Assessment Procedures) 12. RTCA/EUROCAE ED 76 (Standards for Processing Aeronautical Data) 13. RTCA/EUROCAE ED 77 (Standards for Aeronautical Information) 14. RTCA/EUROCAE ED 78A (Guidelines for approval of the provision and use of ATS supported by data communications) 15. ED109 (Guidelines for CNS/ATM systems software integrity assurance) 16. ESARR 6 (Software in ATM Systems) 17. Draft EUROCONTROL Integrity of Aeronautical Information Aeronautical Data Origination [the Data Origination Document] - vi -

GLOSSARY Abbreviations ABBREVIATION ADI AIP IAIP AIS AIXM ANSP APV ATC ATM CATF CBA CRC CHAIN DQAL DQTS EAD EAIP EATMN EC ECAC ECIP ECAC EU EUROCAE MEANING AERONAUTICAL DATA INTEGRITY AERONAUTICAL INFORMATION PUBLICATION INTEGRATED AERONAUTICAL INFORMATION PACKAGE AERONAUTICAL INFORMATION SERVICES AERONAUTICAL INFORMATION EXCHANGE MODEL AIR NAVIGATION SERVICE PROVIDER APPROACH AND LANDING OPERATIONS WITH VERTICAL GUIDANCE AIR TRAFFIC CONTROL AIR TRAFFIC MANAGEMENT CONFORMITY ASSESSMENT TASK FORCE COST BENEFIT ANALYSIS CYCLIC REDUNDANCY CHECK CONTROLLED & HARMONISED AERONAUTICAL INFORMATION NETWORK PROJECT DATA QUALITY DATA QUALITY TOOL SET EUROPEAN AIS DATABASE ELECTRONIC AIP EUROPEAN AIR TRAFFIC MANAGEMENT NETWORK EUROPEAN COMMUNITY EUROPEAN CIVIL AVIATION CONFERENCE EUROPEAN CONVERGENCE AND IMPLEMENTATION PLAN EUROPEAN CIVIL AVIATION CONFERENCE EUROPEAN UNION EUROPEAN ORGANISATION FOR CIVIL AVIATION EQUIPMENT MANUFACTURERS - vii -

ABBREVIATION FMS GBAS GNSS GPS ICAO ISO LIDAR MASPS NAVAID NM NOTAM NSA OSED PRNAV QMS RNAV RTCA SARPS SES SMGCS TMA VFR MEANING FLIGHT MANAGEMENT SYSTEM GROUND BASED AUGMENTATION SYSTEM GLOBAL NAVIGATION SATELLITE SYSTEM GLOBAL POSITIONING SYSTEM INTERNATIONAL CIVIL AVIATION ORGANISATION INTERNATIONAL ORGANISATION FOR STANDARDISATION LIGHT DETECTION AND RANGING MINIMUM AVIATION SYSTEM PERFORMANCE NAVIGATIONAL AID NAUTICAL MILE NOTICE TO AIRMEN NATIONAL SUPERVISORY AUTHORITY OPERATIONAL SERVICE ENVIRONMENT DEFINITION PRECISION AREA NAVIGATION QUALITY MANAGEMENT SYSTEM AREA NAVIGATION RADIO TECHNICAL COMMISSION FOR AERONAUTICS STANDARDS AND RECOMMENDED PRACTICES SINGLE EUROPEAN SKY SURFACE MOVEMENT GUIDANCE AND CONTROL SYSTEMS TERMINAL CONTROL AREA VISUAL FLIGHT RULES WGS 84 WORLD GEODETIC SYSTEM OF 1984 - viii -

DEFINITIONS PHRASE DEFINITION The degree of conformance between the estimated or measured value and the true value. Accuracy Aeronautical Data Aeronautical Information Aeronautical Information Service Cyclic Redundancy Check Data Quality Derived Data Document Integrity NOTE: For measured positional data, the accuracy is normally expressed in terms of a distance from a stated position within which there is a defined confidence level of the true position falling. A representation of aeronautical facts, concepts or instructions in a formalised manner suitable for communication, interpretation or processing. Information resulting from the assembly, analysis and formatting of aeronautical data. A service established within the defined area of coverage responsible for the provision of Aeronautical Information/data necessary for the safety, regularity and efficiency of air navigation. A mathematical algorithm applied to the digital expression of data that provides a level of assurance against loss or alteration of data. A degree or level of confidence that the data provided meets the requirements of the data user in terms of accuracy, resolution, timeliness and integrity. Refers to the data which is derived from other data (entity or derived) and hence, typically, not related to physical equipment e.g. an approach procedure derived from runway, NAVAID and way-point data in association with other factors such as aircraft performance. Any element of the Integrated Aeronautical Information Package (IAIP) produced by the AIS, including all their constituent parts, e.g. Cover page, Charts. Such documents, e.g. AIP, NOTAM etc, may be presented in both paper printed and electronic form. A degree or level of assurance that an aeronautical data and its value has not been lost nor altered since the data origination or authorized amendment - ix -

PHRASE DEFINITION This classifies data by the potential effect of erroneous data on the expected operation that is supported by that data. The classification of data is consistent with those defined in ICAO Annex 15 and ICAO Doc 9674. Critical data (integrity level 1x10-8 ) Integrity Classification of Data The data if erroneous, would prevent continued safe flight and landing or would reduce the ability to cope with adverse operating conditions to the extent that there is a large reduction in safety margins or functional capabilities. There is a high probability when trying to use corrupted critical data that an aircraft would be placed in a life threatening situation. Essential data (integrity level 1x10-5 ) The data, if erroneous, would reduce the ability to cope with adverse operating conditions to the extent that there is a significant reduction in safety margins. There is a low probability when trying to use corrupted essential data that an aircraft would be placed in a life threatening situation. Routine data (integrity level 1x10-3 ) The data, if erroneous, would not significantly reduce airplane safety. There is a very low probability when trying to use corrupted routine data that an aircraft would be placed in a life threatening situation. Metadata Data about data (ISO 19115) Obstacle Quality Assurance Quality Control Quality Management Quality Management System Resolution All fixed and mobile, permanent or temporary, objects that are located on an area intended for the surface movement of aircraft or that extend above defined obstacle assessment surfaces. All the planned and systematic activities implemented within the quality system, and demonstrated as needed, to provide adequate confidence that an entity will fulfil requirements for quality. The operational techniques and activities that are used to fulfil requirements for quality. All activities of the overall management function that determine the quality policy, objectives and responsibilities, and implementing them by means such as quality planning, quality control, quality assurance and quality improvement within the quality system. The organisational structure, procedures, processes and resources needed to implement quality management. A number of units or digits to which a measured or calculated value is expressed and used. - x -

PHRASE Terrain Threshold Traceability DEFINITION The surface of the Earth containing naturally occurring features such as mountains, hills, ridges, valleys, bodies of water, permanent ice and snow, and excluding obstacles. NOTE. In practical terms, depending on the method of data collection used, terrain represents the continuous surface that exists at the bare Earth, the top of the canopy or something inbetween, also known as first reflective surface. The beginning of that portion of the runway usable for landing. Ability to trace the history, application or location of an entity by means of recorded identifications (ISO 8402*). Confirmation by examination and provision of Validation objective evidence that the particular requirements for a specific intended use are fulfilled (ISO 8402*). Confirmation by examination and provision of Verification objective evidence that specified requirements have been fulfilled (ISO 8402*). - xi -

TABLE OF CONTENTS DOCUMENT CONTROL...II EXECUTIVE SUMMARY...III REFERENCES...VI GLOSSARY...VII Abbreviations... vii DEFINITIONS...IX TABLE OF CONTENTS...1 1. INTRODUCTION...3 1.1 Aeronautical Data Integrity Mandate...3 1.2 Document Purpose and Scope...3 1.2.1 Purpose...3 1.2.2 Objective...3 1.3 Development of the Regulatory Approach...3 1.4 Consultation to Date...3 2. BACKGROUND...5 2.1 Introduction...5 2.2 ADI Environment...5 2.2.1 Capturing the Environment...5 2.2.2 The Substance of the Environment...5 2.2.3 General Requirements of the Environment...7 2.3 Problems Giving Rise to Regulatory Action...7 2.3.1 Evidence of Existing Problems...7 2.3.2 The Need for Regulation...8 3. INTEROPERABILITY ANALYSIS...9 3.1 Introduction...9 3.2 Integrity Levels...9 3.3 Demonstrating compliance with a numerical safety target...9 3.4 Protection of Data...10 3.5 Manual Interaction and Data Integrity...11 3.6 Standardised Data Set...11 3.7 Originating Data...12 3.8 Processing of Data...13 3.9 Publishing Data...13 3.10 Software Validation...14 3.11 Training and Awareness...14 3.12 Linked Activities...14 3.12.1 CHAIN...14 3.12.2 EAD...15 - - 1 - -

3.12.3 eaip...15 3.12.4 SESIS...15 3.12.5 ECIP...15 4. ALTERNATIVES FOR THE REGULATORY APPROACH...16 4.1 Introduction...16 4.2 Assumptions...16 4.3 General Provisions...16 4.4 Provisions Common to all Alternatives...16 4.5 Proposed Alternatives...17 4.5.1 Alternative 1...17 4.5.2 Alternative 2...18 4.5.3 Alternative 3...19 5. CONFORMITY ASSESSMENT ANALYSIS...21 5.1 General...21 5.2 Conformity Assessment Requirements...21 6. ANALYSIS OF IMPLEMENTATION CONDITIONS...22 6.1 Dates of implementation...22 6.2 Transitional arrangements...22 6.3 Criteria exemption...22 7. IMPACT ASSESSMENT...23 7.1 Introduction...23 7.2 Stakeholders Affected...23 7.3 Safety Impact...23 7.3.1 Introduction...23 7.3.2 Safety Analysis...23 7.3.3 Potential Improvements to the Data Chain that could give ATM Safety Benefit24 7.3.4 Summary...24 7.4 Economic and Efficiency Impact...25 7.4.1 Alternative 1...26 7.4.2 Alternative 2...26 7.4.3 Alternative 3...27 7.5 Civil / Military Organisation...27 7.6 Summary and Recommendations...28 8. OBJECTIVES AND SCOPE OF THE DRAFT IMPLEMENTING RULE...29 8.1 Policy Objectives...29 8.2 Scope...29 8.3 Refinement of the Essential Requirements...29 9. ARTICULATION OF DRAFT IMPLEMENTING RULE WITH COMMUNITY SPECIFICATION...31 10. OVERALL STRUCTURE OF THE DRAFT IMPLEMENTING RULE...32 11. CONCLUSIONS...33 - - 2 - -

1. INTRODUCTION 1.1 Aeronautical Data Integrity Mandate The purpose of the European Commission mandate to EUROCONTROL on Aeronautical Data Integrity (ADI) is to develop a draft interoperability implementing rule that supplements and strengthens the requirements of ICAO Annex 15 (Aeronautical Information Services) in order to achieve aeronautical information of sufficient quality. 1.2 Document Purpose and Scope 1.2.1 Purpose The regulatory approach document is one of the deliverables required by the European Commission mandate. It outlines the regulatory coverage, which describes the subjects for prescription in the rule, together with the headlines of the nature of these prescriptions to ensure the desired quality and interoperability. It also proposes several alternatives for the regulatory approach, which are subject to a preliminary impact assessment. 1.2.2 Objective The objectives of the regulatory approach are: To clarify the objective and the scope of the rule. To provide an interoperability analysis from the regulatory standpoint. To analyse different possible alternatives for the development of the implementing rule. To provide an analysis of the conformity assessment aspects. To propose an articulation between the rule and its means of compliance. To define the overall structure of the rule. 1.3 Development of the Regulatory Approach The regulatory approach document has been developed by the Implementing Rule Drafting Group (IRDG) set up by EUROCONTROL, as described in the Initial Plan for the Interoperability Implementing Rule on Aeronautical Data Integrity. 1.4 Consultation to Date Informal consultation was achieved through the SES Mandate Review Group and the Mandate Focus Groups, including the IRDG and the Safety Focus Group (SFG). Other ad hoc meetings were also organised with subject matter experts (internal and external), notably to address specific technical issues. Stakeholder involvement was secured by regular presentations made to relevant domain Teams and Steering Groups. - - 3 - -

The formal consultation on the draft Regulatory Approach document took place between 27 January and 27 March 2006, using the mechanisms of the EUROCONTROL Notice of Proposed Rule-Making (ENPRM) process. Some 210 copies of the consultation package were sent out to the addressees of the ENPRM consultation list and the documentation was also made available through existing internal working arrangements and to members of the public via the ENPRM web site. In addition to commenting on the contents of the document itself, Stakeholders were asked to indicate their preferred alternative as described in the draft document. The formal consultation received 40 responses which were reviewed by members of the IRDG, assisted by other external experts. The overall response was unanimously in support of positive action to address the identified problems with aeronautical data quality. The majority (ca. 60%) supported Alternative 2 which was the preferred option proposed in the draft Regulatory Approach document. A number also supported Alternative 1 as an ultimate goal, using Alternative 2 as a step en-route. There was no support for Alternative 3. Thirteen stakeholders proposed other alternatives for a regulatory approach but the main issue arising from these proposals was the need for more analysis before a single approach could be chosen. The Stakeholder s consultation workshop, held on 3 May 2006 at EUROCONTROL HQ to discuss the outcome of the formal consultation, further confirmed the consultation comments. There was also very strong insistence that the full scope of data origination activities be included in the scope of the rule, including the need for software validation in the area of procedure design. - - 4 - -

2. BACKGROUND 2.1 Introduction The purpose of this section is to set the scene concerning the ADI environment and provide the background to the analysis and decision-making on the regulatory approach. It concludes with a summary of the problems giving rise to a need for regulatory action. 2.2 ADI Environment 2.2.1 Capturing the Environment The first need is to identify, at a high level, the framework, events, processes and stakeholders within the aeronautical information environment, from an end to end perspective. An initial Operational Service Environment Definition (OSED) has, therefore, been developed (Annex A) to meet this need. The OSED format, as defined within RTCA/EUROCAE ED-78A has been selected for this purpose and is intended to identify the services and operational environment characteristics of any air traffic service supported by data communication in an integrated CNS/ATM system. However, the OSED contained within this document has been modified from the template within ED-78A because of its differing subject matter and the extent of the detail needed to achieve its objective. 2.2.2 The Substance of the Environment There are various methods that can be used to originate, process, collate, store and distribute aeronautical information within existing and evolving environments. To complicate matters, each State, to a greater or lesser degree, may provide content of its own choosing in addition to that prescribed by Annex 15 and adopt different practices and procedures and involve different actors (civil, military etc.) within the environment. Figure 1, page 3, though not inclusive, illustrates the complexity of the current environment and its constituents. In order to ensure the safe operation of the end-user or the end-user system, it is essential that the requisite quality of the system as a whole is ensured. In this context, quality should be taken to mean the required accuracy, resolution, integrity and timeliness of each constituent part of the system and the system as a whole. The aeronautical information process can be regarded as a Data Chain, with discrete elements interacting with each other. The main stages, or elements, may be considered as: a) Data Requirement b) Data Origination and Association c) Data Validation/Verification d) Data Storage e) Data Extraction and Compilation f) Data/Information Promulgation g) Alternative Delivery of Data h) Data Use - - 5 - -

Constituents Data Requirement Data Origination & Association Data Storage Data Extraction & Compilation Data Validation/verification Data Promulgation Other Data Provision Data Use New Facility Survey Central Civil Repository Civil Agency Flight Check AIP Commercial AI Providers Civil Aviation Authorities New Technology or Equipment Calculation Central Military Repository Military Agency Simulation AIP Amendment Flight Planning Services Military Authorities New Procedure, Route or Area Dynamic Status Other Repositories Calculation AIP Supplement FMS Manufacturers Aircraft Operators New Obstacle Photogrammetry AIC ATS System Providers ANSPs New Hazard Satellite Imagery NOTAM EAD ATSUs Periodic Military AIP CFMU ENV, CRAM etc. Aerodrome Operators New Concept or Criteria Charts Other Sources Legal Legal Static Data Elements Others Figure 1 Data Chain Constituents - - 6 - -

2.2.3 General Requirements of the Environment It is the quality of the information made available to end-users (pilots, controllers and their support systems etc.) that determines the effectiveness of the data-chain in terms of safety, interoperability and as an enabler for the introduction of new concepts and technologies. The ATM system is reliant upon the quality of the information for safe operation and notably upon that information which end-users use in operational decision-making. The first prerequisite is to ensure that quality data is correctly stipulated and originated, with originators being obliged to comply with appropriate standards and that their activities are regulated by State Authorities (approved/certified). This is particularly important because the quality of data cannot easily be improved post origination. Secondly, there are currently many opportunities for aeronautical information to become corrupted during the data process. This is mainly due to errors introduced at each transaction point through manual intervention or automated conversion between different data standards/protocols. Finally, reinforcing the first two points, specific requirements regarding the quality of Aeronautical Data/Information must be applicable on an end-to-end basis within the aeronautical information environment to achieve any meaningful improvement. 2.3 Problems Giving Rise to Regulatory Action 2.3.1 Evidence of Existing Problems A number of EUROCONTROL studies have demonstrated that aeronautical information does not currently have the integrity values required to meet specific applications such as RNAV, where the quality (notably accuracy and integrity) of aeronautical information is considered to be one of the cornerstones of the implementation of RNAV in Terminal Airspace and Final Approach. Moreover, surveys of States to obtain a detailed understanding of the processes involved from data origination to publication showed that a variety of data processes and procedures are currently used. This lack of harmonisation has created a wide gulf between the States in terms of simple regulation of the process. Other studies based on extensive data comparisons between various sources of aeronautical information provide clear evidence to question both the accuracy and integrity of published Aeronautical Information. In the worst cases, the data integrity requirements are not only failing to be met but it can be demonstrated that some data does not achieve the 1x10-3 error rate needed for Routine data. One key weakness identified amongst others is in the provision of flight critical data mainly through manual processes (processing and transfer). The above research provides strong evidence to suggest that regulatory requirements are not being complied with in full by States. This is particularly true of, but not limited to, ICAO Annex 15. Furthermore, it was assessed that a major reason for the loss of data integrity was the way in which aeronautical information was originated, transmitted, processed and delivered from the point of origination to application in an end-user system. The processing of aeronautical information remains a mainly paper-based, manual activity and there was a significant opportunity for the introduction of errors and the degradation of data quality through manual interaction. - - 7 - -

2.3.2 The Need for Regulation Given this proven inability to ensure the total quality of aeronautical data, the situation must be resolved. The option of doing nothing has already been shown to have failed to achieve a satisfactory resolution. If no action is taken to ensure compliance with the data quality requirements, it is anticipated that an improvement in the quality of data will not be achieved and proven to be achieved (observed) and that the safety cases for new navigation techniques which rely more heavily on accurate data with integrity cannot be supported. - - 8 - -

3. INTEROPERABILITY ANALYSIS 3.1 Introduction This section discusses the key technical issues that have been identified during the interoperability analysis and, notably, those that have the most significant effect on the regulatory coverage, together with the implementing rule and its future implementation. 3.2 Integrity Levels ICAO Annex 15 sets out the data accuracy and integrity values for the various degrees of criticality of such data in terms of its application; the latter being described as Critical Data (1x10-8 ), Essential Data (1x10-5 ) and Routine Data (1x10-3 ). These same data integrity requirements may also be found within ICAO Annexes 4, 11 and 14. Currently the Annex 15 definition of integrity requirements places a specific feature in a specific value element (i.e. Navigational Aid (NAVAID) Essential 1x10-5 ) whereas the safety case analysis for a specific application may, in fact, identify the same feature as Critical to the safe operation of the associated application such as RNAV in the terminal area. In consequence, a review of such criteria is required and it is suggested that this might best be carried out by the States who, by operating to a set of common criteria, would take proper account of the intended use of each data item and assign the appropriate level of integrity. The identification of any rule provisions in this area is subject to further regulatory impact assessment and technical analysis, and appropriate studies have, therefore, been planned for the next phase of development. The assignment of data integrity levels should be derived from assessment of the mitigations available between data error and the possible consequences. The common criteria would be developed at a generic level as part of the draft implementing rule development by EUROCONTROL. It could then be adapted by individual States to meet their specific arrangements. 3.3 Demonstrating compliance with a numerical safety target The second issue facing States is demonstrating that integrity levels are achieved, which has proven problematic in the same way that a numerical target is difficult to demonstrate for similar technologies such as software. Ideally the demonstration that the integrity levels are met would include numerical analysis that provides statistically significant and relevant evidence that the targets are met. Such evidence is very difficult to obtain or prove, particularly where, for example, systematic failure rates in the order of 10-4 per hour or below are required. This problem is recognised and common to many domains, including the ATC domain, which also needs to demonstrate, for example, that software, people (human factors) and procedures meet stringent numerical targets. However, the accepted practice within these domains is to demonstrate compliance in part 1 through assigning levels of assurance to the functions implementing the integrity requirements for which numerical failure data is unavailable or would be statistically insufficient, e.g. software, procedures, etc. The assurance levels define the processes and practices for achieving the integrity implied by the numerical target; the lower the numerical target the more rigorous the Assurance Level requirements become. Thus a similar Assurance Level approach could also be adopted for 1 It is also necessary for example to define the safety properties required and document the evidence for satisfaction in a Safety Case. - - 9 - -

the Aeronautical Information Services (AIS) domain as a means of demonstrating compliance with the numerical integrity requirements 2. The assurance level definitions for aeronautical data will require domain specific data preparation standards (akin to EUROCAE s ED-109 for software) supported by minimum tool specifications (akin to Minimum Aviation System Performance (MASPs)) to recommend how the specific regulatory objectives should be achieved, based on the level of integrity required. 3.4 Protection of Data The Annex 15 prescribed methodology for the protection of data in transmission and storage is the Cyclic Redundancy Check (CRC) and, in order to provide the required protection of the data integrity level of critical and essential aeronautical data, a 32-bit or 24-bit CRC algorithm should, as a minimum, be applied respectively though no standard CRC has been specified for use. EUROCAE ED-77 also sets out industry requirements for maintaining data integrity when preparing databases for use, for example, in flight management systems (FMS). In practise, it may be sensible to encourage the use of 32-bit CRC protection across the board for all data integrity levels to provide flexibility and notably to take account of those cases where the same data items may attract different integrity levels depending on the intended use. Here, the volumes of data to be protected must also be considered. At a specific volume of data, the CRC no longer remains valid but this could be addressed by the use of multiple CRCs for larger data files. It is apparent that a number of different CRC algorithms are in use, reducing interoperability. It is therefore considered essential that a common CRC algorithm is used. In order for true protection of the data throughout the processing chain to be obtained, digital encryption and signature methodologies need to be employed, in addition to access controls for facilities that can manipulate the data. Furthermore, to ensure interoperability, these need to be standardised across the European Air Traffic Management Network (EATMN) to simplify the acceptance and validation of information received. The two main reasons to support the notion of encryption of aeronautical information during transmission prior to publication are: a. To protect Metadata (i.e. information concerning the history of the data and actions within the process) which may be sensitive and not releasable to the public. b. To prevent malicious interference with the data. The choice of digital encryption and signature methodologies to be used would have to be addressed during the development of the implementing rule. CRC and digital signatures can only be used if all actors use them. For example, the European AIS Database (EAD) deploys them only when providers use them. The use of CRC checking where paper transactions are used should be encouraged to prepare for a transition to electronic media though it is acknowledged that there is currently no known use of CRC checking where paper communication paths are still required. 2 Such an approach would be based on demonstrating the safety properties required of each data type rather than system functions as used in e.g. software assurance. - - 10 - -

3.5 Manual Interaction and Data Integrity The origination, processing, publication and distribution of aeronautical data is predominantly performed using manual processes, supported by computer-based tools. If it was assumed that manual processes could, at best, achieve an error rate of 1 x10-3 (sufficient for Routine Data) when carried out by a single person, operating in accordance with clearly defined procedures then if three people independently entered a value, and all enter the same value, the minimum requirement of 1 x10-8 could, theoretically, be achieved. This could allow manual processes to achieve all levels of integrity as required by ICAO. Multiple-checking to achieve integrity levels could, however, mean a significantly higher manpower resource demand than that required or employed today. Moreover, if 3 or 4 people were expected to operate consistently in accordance with strict multiple-checking procedures to achieve the necessary levels of integrity, the practicalities of operating in this way over a sustained period in an environment with high data processing loads would have to be considered. However, human factors studies do not confirm the above assumptions. An assessment of 28 different domains in which human entry was required showed that none achieved even the lower level of 1 x10-3. Indeed, many fell short of even 1 x10-2, i.e. 1 error in 100 actions. Furthermore, the theory/process of multiple entry, and the understanding of the integrity requirements are probably only understood at AIS level. It is essential that all actors in the chain that provide data, notably pre-ais, must operate with this knowledge and apply valid processes. That manual processes are used to such an extent, prohibits the current data integrity requirements from being achieved and it is clear that the opportunity for a loss of integrity through human error must be reduced. Automation and automated processes are likely to provide a primary means for ensuring this error rate reduction. It is likely, however, that some manual interaction will have to remain, and it may be that some low complexity, low volume data operations could provide the necessary integrity level performance with minimum automation. The continued use of manual processes will require the provision of adequate resources, processes and verification procedures before integrity levels could be assured. In addition, further study by individual States would be necessary to determine the levels of integrity that could be expected and to support the development of processes to achieve the necessary level of performance in each specific case. 3.6 Standardised Data Set The Essential Requirements of the interoperability Regulation state that, as a minimum, a commonly agreed standardised data set is used and that data is progressively provided in electronic form. To support automation and electronic publishing, and interoperability, it is clear that the use of a standardised data set alone may not be sufficient and that it may eventually be necessary to capture this in a common format and electronic form. A common digital information interchange format would have to be agreed and, for the greatest benefit to be seen, a pan-european format would be important to support interoperability. Indeed, benefit would be gained through the adoption of a worldwide format. The Aeronautical Information Exchange Model (AIXM), in terms of its intended use, is probably most appropriate for adoption as a suitable means of compliance, both in terms of its data set and the format. However, it currently lacks both the textual elements required and the ability for data items to be built in a store-and-forward manner. The inclusion of text within the AIXM would not have a major impact on the standard itself, but the impact of its use throughout the data chain must be assessed before this can be confirmed. There would also be an impact on those who make use of the standard. This could currently be difficult to assess as there is no register of AIXM users. - - 11 - -

It should be recognised that the domains of AIS and Meteorology (MET) are unique in that the requirements for the exchange of such information extend across national and regional boundaries. In consequence, global interoperability is required. The AIXM is likely to be adopted as an international standard by ICAO and is already in use by the EAD and should be adopted by Australia, Japan, the USA and others within 2-5 years. Any amendments must be considered in the light of this use and any adverse impact on its acceptance outside Europe and by ICAO must be avoided. The specification of the AIXM as a pan-european operational standard for use throughout the data chain could bring major benefits to the EATMN as a whole and expedite its adoption within the AIS community (it is highly likely that the AIXM will be adopted by all European AIS anyway). 3.7 Originating Data There are two domains that originate geospatial data: survey and computer-aided or based procedure design tools (for terminal and en-route airspace). Industry surveying standards are assumed to be adequate, in terms of surveying methodology, to support data origination requirements. However, it is likely that not all Data Originators may be familiar with the ATM / Airports domain requirements and, consequently, may need to be provided with specific performance requirements and/or guidelines for aeronautical data origination. The World Geodetic System of 1984 (WGS 84) Manual (Doc 9674) goes some way to providing these additional specifications and supplemented the requirements of ICAO Annex 15, specifically elaborating ICAO definitions and specifications to support the specific task of data origination. However, it is recognised that the WGS 84 content no longer reflects emerging survey techniques such as satellite-based survey and the use of Light Detection and Ranging (LIDAR), and that an amendment to the document is necessary. In order to establish interoperability of the processes and specifications of Aeronautical Data Origination, adherence to specifications such as those included in the EUROCONTROL Integrity of Aeronautical Information Aeronautical Data Origination (currently in draft form) [the Data Origination Document] could provide the basis for improved performance in this key area, either as part of the implementing rule or as specification or guidance material. The survey arena is further complicated by the requirements for terrain and obstacle data mandated by Amendment 33 to Annex 15 (2005). The means by which States shall satisfy these requirements is currently unknown. The regulation of the area of procedure design data currently presents significant challenges, notably concerning PRNAV in the Terminal Area (TMA). The practicability of including procedure design within the regulatory coverage, beyond the provisions included in the Data Origination document, requires further analysis. For example, due to lack of compatibility between RNAV procedures and the ability of current RNAV systems to implement them, there will be a need to define provisions that minimise the need for interpretation by data houses and take due account of the limitation of RNAV systems. There is also a need to define an effective feedback mechanism, which would enable data house output to be checked against the intentions of the procedure designer, to reduce significant error rates. The regulation of data houses and the functionality of RNAV systems are outside of the scope of this mandate; moreover, most of these issues are well outside the remit of any data management standard. These issues, therefore, need to be progressed carefully and proper provisions identified and developed to ensure that the proposed actions are appropriate and are going to achieve the required data quality. More in-depth technical study into this area is therefore planned for the next phase of the draft implementing rule development in support of the identification of specific regulatory provisions to be applied, and their impact. - - 12 - -

3.8 Processing of Data Traditionally the assembly, processing and publication stages were typically merged within the AIS of a State, the most recent AIP acting as the repository of information and being the master reference for, for example, all co-ordination activities. Recently, the use of more software-based applications for the publication phase has enabled data to be stored in databases, ranging from simple Microsoft Access tables to complex relational databases. Such technology is, however, far from universally employed. The processing of AIS data is in a state of transition in many States at the current time. The introduction of the EAD and the electronic AIP (eaip) has provided the impetus for many organisations to develop in-house systems which support improvements in the integrity of data, at least at this stage of the process. It is not known, however, how many of these tools have been validated but it is not thought to be a general practice. One area of the process phase where it is safe to assume that no State is currently compliant is with the requirement of ICAO Annex 15 (3.1.4). This states that the data obtained shall, if possible, be verified before distribution and if not verified shall, when distributed, be clearly identified as such. The use of words in this requirement is clear: if possible. No mention is made of cost-effectiveness or practicability. It may be possible to verify the data but, in reality, little action may actually be taken as AIS providers simply do not have the resources (funding, skills and processes) provided by their State authorities to do so. 3.9 Publishing Data Aeronautical information has, until recently, been published only in paper form. However the last few years have seen the introduction of electronic publications, either electronic representation of a paper document, such as PDF, or true electronic publications, where the information is computer literate, such as the EUROCONTROL eaip specification. Although the use of paper remains the primary means of dissemination, in accordance with the ICAO AIS Manual (Doc 8126), this is unlikely to remain extant. Whilst the move to electronic publication brings benefits to both the service providers and users, it introduces another area of risk regarding integrity. These risks can be addressed by the same methods utilised for data transmission, such as CRC, and digital signatures to protect the data during dissemination to the users. ICAO is currently considering the use of electronic media as the primary means of providing aeronautical information and it is assumed that electronic publishing will become the European standard for data dissemination to the users, facilitating accurate, timely and consistent Aeronautical Information. The establishment of electronic publication further supports the requirement for application of a standard format. Assuming, of course, that the information to be published is correct, the main benefits that would ensue are: The recipients would receive common products in terms of data structure from each State. The format and presentation of the products could be standardised. Changes in the content may be easily incorporated. The same product may be used to prepare electronic and paper products aiding consistency of those products. The problems of which version is correct would be eradicated as the latest version would replace its predecessor. - - 13 - -

3.10 Software Validation There would be a significant impact arising from a necessity to validate appropriate software applications as being compliant with the needs for maintaining data integrity. These may notably include those applications that have direct impact on the data itself. Examples may include: Static Data Databases NOTAM Processing Systems Procedure Design tools Obstacle Databases AIP Preparation Systems Terrain databases Survey Equipment (traditional and terrain (such as LIDAR)). The task of validating software will require the involvement of many actors including: Safety bodies. Regulators. Software manufacturers. Air Navigation Service Provider (ANSP) personnel. It may be argued that the knowledge to perform such tasks does not currently exist within these functions. The number of tools that may need to be validated is significant and there is a new requirement which is the need to control the environment within which they are used. For example, when a tool is validated it is typically done against a particular version of an operating system. If the operating system is changed then the validation may need to be reassessed. Unlike ATC equipment, the majority of computers used for supporting functions operate on a Microsoft Windows platform and there are many operating system updates issued, often on a weekly basis. An assessment will be needed of the risk/cost and impact of not updating the operating system against the risk/cost and impact of re-validating the supporting software. 3.11 Training and Awareness A training and awareness campaign is required to ensure that all actors in the data chain and those that support them are aware of their responsibilities and adequately trained to fulfil their roles and meet their obligations. This training will not simply cover the day-to-day tasks at hand, but also a wider range of requirements, including functions such as, the assessment of the processes and ensuring compliance in the design of software. 3.12 Linked Activities 3.12.1 CHAIN The Controlled & Harmonised Aeronautical Information Network (CHAIN) Project is currently developing a series of guidelines, particularly related to data integrity, such as: Data Integrity Principles and Data Management Data Exchange and Publication Best Practices Standardised Input Forms based on AIXM (for Originators) - - 14 - -

2024 © travelsdocbox.com Privacy Policy | Terms of Service | Feedback