21.B.30 Allocation of tasks to qualified entities [applicable until 21 February 2026] / 21.B.30 Allocation of tasks [applicable from 22 February 2026

Navigate / EASA

Ask question Discover more Add to collection

21.B.30 Allocation of tasks to qualified entities [applicable until 21 February 2026] / 21.B.30 Allocation of tasks [applicable from 22 February 2026 – Regulation (EU) 2023/203]

Regulation (EU) 2022/203

(a) The competent authority may allocate tasks related to the initial certification or to the continuing oversight of products and parts, as well as of natural or legal persons subject to Regulation (EU) 2018/1139 and its delegated and implementing acts to qualified entities. When allocating tasks, the competent authority shall ensure that it has:

1. put a system in place to initially and continuously assess whether the qualified entity complies with Annex VI to Regulation (EU) 2018/1139. That system and the results of the assessments shall be documented;

2. established a written agreement with the qualified entity, approved by both parties at the appropriate management level, which stipulates:

(i) the tasks to be performed;

(ii) the declarations, reports and records to be provided;

(iii) the technical conditions to be met when performing such tasks;

(iv) the related liability coverage;

(v) the protection given to the information acquired when carrying out such tasks.

(b) The competent authority shall ensure that the internal audit process and safety risk management process established pursuant to point 21.B.25(a)(5) cover all the certification and continuing oversight tasks performed by the qualified entity on its behalf.

(c) For the certification and oversight of the organisation’s compliance with points 21.A.139A and 21.A.239A, the competent authority may allocate tasks to qualified entities in accordance with point (a), or to any relevant authority responsible for information security or cybersecurity within the Member State. When allocating tasks, the competent authority shall ensure that:

(1) all aspects related to aviation safety are coordinated and taken into account by the qualified entity or relevant authority;

(2) the results of the certification and oversight activities performed by the qualified entity or relevant authority are integrated in the overall certification and oversight files of the organisation;

(3) its own information security management system established in accordance with point 21.B.25(e) covers all the certification and continuing oversight tasks performed on its behalf.

[point (c) is applicable from 22 February 2026 – Regulation (EU) 2023/203]

Details

Source-Title: 21.B.30 Allocation of tasks to qualified entities [applicable until 21 February 2026] / 21.B.30 Allocation of tasks [applicable from 22 February 2026 - Regulation (EU) 2023/203]

Erulesid: ERULES-1963177438-4022 Compare versions

Domain: Initial airworthiness

Applicabilitydate: 7 March, 2023

Entryintoforcedate: 7 March, 2022, 22 February, 2023

Regulatorysource: Regulation (EU) 2022/203 Navigate

Regulatorysubject: Part-21

Typeofcontent: IR (Implementing rule)

Origin: EASA

Category: EAR

Details

Related sections: