We use necessary cookies to make our website work. We'd also like to use optional analytics cookies to help us improve it.
For more information, please read our cookie policy.

UK – EU Transition, and UK Civil Aviation Regulations

To access current UK civil aviation regulations, including AMC and GM, CAA regulatory documents, please use this link to UK Regulation. Please note, if you use information and guidance under the Headings below, the references to EU regulations or EU websites in our guidance will not be an accurate information or description of your obligations under UK law. These pages are undergoing reviews and updates.

Rationale

Due to the progressively interconnected nature of industry systems, the aviation industry has to remain aware of cyber threats, both direct and indirect, and as a result of attacks and through reckless or negligent behaviour. The risk profile is dynamic: attackers (people, artificial intelligence systems or self-replicating viruses) are always looking to exploit vulnerabilities and can quickly develop new ways of breaching cyber security. This means that aviation entities need to have dynamic protection systems, requiring that CAA’s cyber strategy keeps pace with the main trends in cyber vulnerability/intent and is reviewed regularly.

The vision for the CAA Cyber programme is:

  • To have a proportionate and effective approach to cyber security oversight that enables aviation to manage their cyber security risks without compromising aviation safety, security or resilience.
  • To stay up to date, current and positively influence cyber within aviation to support the UK’s National Cyber Security Strategy.

Outcomes

  • A proportionate and effective regulatory framework for the mitigation of risks to UK aviation from cyber incidents to create a cyber resilient UK aviation system.
  • A UK aviation system that benefits from the advantages of networked communications and services without impediment by the impact of the cyber threat.
  • Mechanisms in place to promote the sharing of aviation cyber security knowledge, skills and capability.
  • A common understanding between all aviation stakeholders of cyber threats, vulnerabilities and risks, supported by a set of accepted standards, advice and guidance.

Actions

Ensure a cyber regulatory/policy framework which:

  • Defines CAA’s responsibilities for cyber security under existing EU/UK/international regulations;
  • Provides a process for continuous reviews of new cyber standards, assurance and cyber management activities for in-scope aviation entities;
  • Understands how these standards, assurance and cyber management activities align to legal obligations specified in strategic priority one and where gaps exist;
  • Identifies key structural cyber vulnerabilities in the UK aviation system, particularly around interfaces between different entities;
  • Develops industry relationships to inform our work; and
  • Provides integration with our Regulatory Regime: the Safety Management System (SMS); Performance Based Oversight (PBO) and the Regulatory Safety Management System (RSMS) and define what training is required, and a decision process for focusing on compliance and oversight activities.

For further information on cyber security and cyber incident management, contact:

Related Information

Provide page feedback

Please enter your comments below, or use our usual service contacts if a specific matter requires an answer.

Fields marked with an asterisk (*) are required.

Latest from UK Civil Aviation Authority

  1. 2022 quarter one flight data
  2. Continued focus on change for GA Team
  3. Virtual aviation work experience partnership with Springpod

View all latest news