We use necessary cookies to make our website work. We'd also like to use optional analytics cookies to help us improve it.
For more information, please read our cookie policy.

UK – EU Transition, and UK Civil Aviation Regulations

To access current UK civil aviation regulations, including AMC and GM, CAA regulatory documents, please use this link to UK Regulation. Please note, if you use information and guidance under the Headings, the references to EU regulations or EU websites in our guidance will not be an accurate information or description of your obligations under UK law. These pages are undergoing reviews and updates.

A Security Management System (SeMS) provides an entity with a framework of operating principles and guidance which enable it to enhance security performance by proactively managing risks, threats, and areas where there are gaps and vulnerabilities which may have a negative impact on that performance.

SeMS is:

  • based on a risk-driven framework designed to embed security within your operations and culture
  • suitable for any entity within the aviation sector, regardless of size or operation
  • an enabler for the UK CAA as it develops a flexible, risk-based oversight regime
  • an enabler for entities required to meet quality control provisions of articles 12, 13 and 14 of Baseline Security Measures as retained in UK Regulation and UK Law.

The UK CAA remains aligned with IATA, ICAO, ECAC and other regulatory bodies in the move towards modernising aviation security and considers SeMS key in achieving this.

Our SeMS mission statement

The CAA is committed to sustaining and improving public confidence in air travel through constant industry self-assurance and responsible management of risk, combined with a focused and adaptive regulatory approach.

A Security Management System (SeMS) enables an organisation to identify and manage its own security risks in a proactive manner, with an effective security culture as the bedrock. SeMS provides top down assurance that the security measures taken to manage those risks are effective, on the basis that:

  • security risks are managed at the right level.
  • there is appropriate accountability for security standards.
  • security performance is managed effectively with clear oversight in place.
  • a positive security culture is embedded across the organisation.

We will work alongside organisations as they exploit the insights and efficiencies delivered by a mature and effective SeMS - and we will utilise the resulting assurance data to develop an adaptive and risk-based oversight regime in the move towards Risk Based Oversight (RBO).

Close Our SeMS mission statement

Implementing SeMS

We believe the implementation of SeMS is straightforward:

  • we encourage organisations to incorporate or develop existing governance arrangements, systems and processes wherever possible
  • we do not prescribe additional or specific IT systems or platforms
  • we are committed to providing support to Industry partners to ensure they may exploit the opportunities and efficiencies a mature SeMS offers.

For further information on implementing an SeMS, see CAP 1273 Implementing Security Management Systems: An Outline.

The phases of SeMS development

Gap Analysis

The entity completes a Gap Analysis to identify which areas of their operation are already in line with the SeMS Framework, and which will require further development to meet Framework requirements.

Phase 1

The CAA will conduct a Phase 1 assessment to verify if the SeMS is present and suitable. This assessment comprises of:

  • an initial review of the SeMS itself.
  • a meeting between a CAA Manager and the entity's Accountable Manager.

Phase 2

Once sufficient time has elapsed for the entity's SeMS to mature, the CAA conducts a Phase 2 assessment to establish if the SeMS is operating and effective.

This assessment comprises of:

  • an on-site assessment conducted via interview and evidencing of documented processes.
  • an interview conducted by CAA Senior Managers with the entity's Accountable Manager.

Phase 2B

At Phase 2B, the entity provides continued assurance of its SeMS.

This comprises of:

  • quarterly submissions of SeMS Performance Data to the CAA.
  • an Assurance Assessment to verify that the SeMS continues to be operating and effective.
  • operational assessments conducted across the entity's site or sites.
Close The phases of SeMS development

Growing numbers of organisations across all modes are actively developing their SeMS.

We are leading the way in making SeMS a reality for the wider aviation industry, and continue to support the ever-increasing numbers of entities making use of the advantages of implementing a robust and effective SeMS.

Risk Based Oversight

Risk Based Oversight (RBO) utilises additional security assurance data, including SeMS performance data, to adjust the frequency and/or target of CAA observations.

RBO will:

  • offer an entity the prospect of adjustments to, regulatory observation and routine compliance visits
  • develop our oversight regime by providing us with capacity options for future compliance oversight. This will be supported by our approach to risk management and means of supporting industry partners in an ever evolving aviation landscape.

We are currently developing our RBO approach with Industry with a view to identifying the most appropriate data sets on which the adjustments to our oversight regime will be based. SeMS is a necessary precursor for the CAA to achieve this.


Training is available on a variety of Aviation Security topics, including SeMS, and is particularly relevant for Security Managers and Accountable Managers.

Our training provides a great opportunity to meet with the Regulator and Industry colleagues, share best practice, and find out more about implementing a successful SeMS.

SeMS guidance material

Contact us

For more information contact the SeMS team at sems@avsec.caa.co.uk.

Latest from UK Civil Aviation Authority

  1. Shaping up to be a busy 2022 for UK CAA’s General Aviation Unit
  2. CAA launches consultation on environmental effects of first UK space launch from Cornwall
  3. Farnborough 2022: Sir Stephen Hillier - Where next for aviation and aerospace

View all latest news