Air transport: Civil aviation security

Aviation security (not to be confused with aviation safety[1]) exists to prevent malicious acts against aircraft and their passengers and crew. Following the terrible attacks of 2001, the EU has adopted a set of security rules for safeguarding civil aviation. These rules are regularly updated to address evolving risks. Member States retain the right to apply more stringent measures.

Legal basis

Article 100(2) of the Treaty on the Functioning of the European Union.


The aim of aviation security is to prevent acts of unlawful interference, above all by keeping threatening items such as arms and explosives away from aircraft. It had been high on the agenda for decades when it became a major cause for concern following the terrorist attacks of September 2001. Since then, the regulatory framework in this field has expanded considerably worldwide, whether nationally, or via international cooperation/agreements, or through the International Civil Aviation Organisation[2] (ICAO) and Annex 17 to the Chicago Convention and the related Universal Security Audit Programme[3] (USAP). As far as the European Union is concerned, it has developed an appropriate policy, which is regularly updated to address evolving risks and threats as well as technological changes.


In the wake of the terrorist attacks of September 2001, Regulation (EC) No 2320/2002[4] was adopted to safeguard civil aviation and provide the basis for a common interpretation by the Member States of Annex 17 to the Chicago Convention. In March 2008, this regulation was replaced by Regulation (EC) No 300/2008[5].

This regulation was adopted by Parliament and the Council to set the common rules and basic standards on aviation security, as well as mechanisms for monitoring compliance. It is supplemented by a set of regulations (general measures supplementing the common basic standards, or detailed measures needed for the implementation of those standards[6]) adopted by the Commission via the comitology procedure. It is worth noting that the implementing rules, which ‘contain sensitive security information’, are not published. The EU regulatory framework is based on binding common standards and the following basic principles:

  • Each Member State is responsible for the security of flights departing from its territory (‘host state responsibility’, as laid down by the ICAO).
  • All passengers and staff and all baggage must be screened before boarding. Cargo, mail, and in-flight supplies must also be screened before being loaded, unless they have been subjected to appropriate security controls.
  • Member States retain the right to apply more stringent security measures should they consider it necessary.

The EU regulatory framework covers all parts of the air transport chain that can affect the security of the aircraft and/or infrastructure. It includes the airport, aircraft, passengers, baggage, cargo, airport and in-flight supplies, security staff and equipment. EU rules apply to all airports in the Union that are open to civil aviation, to all operators providing services at these airports, including air carriers, and to all other operators ‘applying aviation security standards’ providing goods or services to or through such airports[7]. The security standards applied may nevertheless be proportionate to the aircraft/operation/traffic involved.

In this context, each Member State designates a single authority to be responsible for coordinating and monitoring the implementation of aviation security law, and also draws up and implements a ‘national civil aviation security programme’ (which lays down the roles and obligations of all operators concerned). Member States also establish and implement a ‘national quality control programme’ (to determine the level of compliance of operators and provide measures to correct deficiencies), impose penalties for infringement, and cooperate with the Commission when it conducts inspections to monitor compliance with EU rules on aviation security. The operators concerned must draw up and implement a ‘security programme’ in order to comply with EU law and the ‘national civil aviation security programme’ of the Member State in which they are located. The Commission carries out unannounced inspections of airports and operators, in cooperation with the national authorities responsible for aviation security (these authorities are also inspected), in order to monitor the implementation of EU law.

From July 2014, air carriers that intend to fly cargo into the EU from a non-EU airport shall comply with the ‘ACC3 programme’ to ensure that this cargo is physically screened according to EU standards. In this respect, on-site checks at third-country airports are carried out by the competent authorities of the Member States concerned, where relevant.

To facilitate air transport, the Commission may recognise the equivalence of third countries’ aviation security standards, as is currently the case with the US, Canada and a few non-EU European countries. In addition, since June 2012 the EU and the US recognise each other’s air cargo security regime, whether the cargo is carried on all-cargo or on passenger flights. Consequently, air carriers transporting freight between the EU and the US do not need to apply any additional EU or US requirement.

The current legislative framework leaves it up to Member States to decide how aviation security costs are to be covered. In 2009, the Commission proposed a directive to ensure that key principles such as cost-relatedness and non-discrimination between carriers or passengers are applied[8]. However, this proposal did not adopt a position on the core issue of public financing versus the ‘user pays’ principle, and left it to subsidiarity to determine who pays for security. In the absence of approval by the legislator, this proposal was withdrawn by the Commission in 2015.

Role of the European Parliament

The European Parliament has always taken the view that civil aviation security is one of the EU’s main concerns, and has endorsed the setting-up of a strict and effective system to prevent and avoid any terrorist attack. In so doing, Parliament has also emphasised the importance of the fundamental rights of citizens and the need to counterbalance measures to improve aviation security with strong and adequate safeguards aimed at protecting the privacy, personal dignity and health of citizens.

With a resolution of 23 October 2008, for example, Parliament forced the Commission to withdraw and modify a proposal on body scanners. Meanwhile, its report of 1 June 2011 urged excluding any form of technology using ionising radiation from use in security screening, and recommended that only stick figures should be used and that the related data should not be stored or saved. The legislation on body scanners adopted in November 2011[9] meets these criteria.

In general, Parliament is of the opinion that the comitology procedure is inappropriate in the aviation security sector, at least for measures having an impact on citizens’ rights. Its report of June 2011 therefore called for Parliament to be fully involved through codecision (this is still not the case, however).

Concerning the financing of security measures, Parliament takes the view that security charges should only cover security costs and that Member States applying more stringent measures should bear the ensuing additional costs.

Related decisions of the European Parliament:

  • Resolution of 23 October 2008 on the impact of aviation security measures and security scanners on human rights, privacy, personal dignity and data protection[10];
  • Position adopted at first reading on 5 May 2010 on the proposal for a directive of the European Parliament and of the Council on aviation security charges[11];
  • Resolution of 6 July 2011 on aviation security, with a special focus on security scanners[12].


[1]Aviation safety relates to the design, manufacture, maintenance and operation of aircraft (3.4.9).
[2]The International Civil Aviation Organisation (ICAO) is the specialised agency of the United Nations established by the Convention on International Civil Aviation (also known as the Chicago Convention), signed on 7 December 1944 and to which 191 States are currently contracting parties. The ICAO notably lays down ‘standards and recommended practices’ to be enforced by the Contracting States, but there is no binding mechanism to guarantee their proper application.
[3]Annex 17 to the Chicago Convention lays down standards and recommended practices for the protection of the security of international air transport. The Universal Security Audit Programme (USAP) was launched in 2002 to monitor ICAO Contracting States’ compliance with these standards.
[4]OJ L 355, 30.12.2002, p. 1.
[5]OJ L 97, 9.4.2008, p. 72.
[6]The detailed measures for the implementation of the common basic standards are consolidated into Regulation (EU) 2015/1998.
[7]EU aviation security rules also apply to Norway, Iceland, Liechtenstein and Switzerland.
[9]Commission Regulations (EU) Nos 1141/2011 (OJ L 293, 11.11.2011) and 1147/2011 (OJ L 294, 12.11.2011).
[10]OJ C 15 E, 21.1.2010, p. 71.
[11]OJ C 81 E, 15.3.2011, p. 164.
[12]OJ C 33 E, 5.2.2013, p. 125.

Benjamin Klaus Wilhelm Blaser