New regulations come into effect from 16th October 2025 which place mandatory Information Security Management System (ISMS) requirements on aviation organisations. Assent’s expertise and track record across ISO 27001, AS9100 and the aerospace industry puts us in a perfect position to help!
About the EASA Part-IS Regulations
The European Union Aviation Safety Agency (EASA) has published Part-IS regulations which enforce information security requirements tailored to aviation safety. The regulations are split across two key legislative instruments:
- Delegated Regulation (EU) 2022/1645, applicable on 16th October 2025, to:
- Airport operators
- Aircraft design and production organisations
- Apron management service providers
- Implementing Regulation (EU) 2023/203 applicable on 22nd February 2026 to:
- Air Operators (AOC Holders)
- Maintenance Organisations (MROs & CAMOs)
- Air Navigation Service Providers (ANSPs)
- National Aviation Authorities
- Training organisations and simulation centres
The objective of the Part-IS regulations is to protect aviation safety by managing information security risks through a structured ISMS, such as ISO 27001.
EASA PART-IS Requirements
EASA PART-IS sets out a number of requirements, primarily mandating the implementation of an information security management system tailored to aviation safety, in order to:
- Identify and assess information security risks
- Establish governance and accountability structures
- Implement incident detection and reporting mechanisms
- Integrate ISMS with existing Safety Management Systems (SMS)
- Continually improve security controls.
How ISO 27001 Can Help Comply with EASA PART-IS
Although there are other information security frameworks, ISO 27001 is the well established international standard for an information security management system, so it makes sense to adopt this framework in most cases.
Implementing the standard, and achieving ISO 27001 certification, in itself will not guarantee EASA Part-IS compliance, however Assent’s expert consultants can help you use the framework to address specific aviation security threats and integrate with safety-critical operations that, if operated effectively, do demonstrate compliance.
ISO 27001 has the additional benefit of being an Annex SL structured management system, meaning it can easily be integrated with other standards such as ISO 9001, ISO 14001, ISO 45001, as well as the specific Aerospace Quality Standard AS9100.
EASA does provide guidance on mapping ISO 27001 controls to Part-IS tasks, including gap analysis tools and Acceptable Means of Compliance (AMC) which forms the basis of an engagement with our expert consultants.
The Role of AS9100
Aerospace manufacturers and suppliers, AS9100 the industry extension of ISO 9001, plays an important role by focusing on quality and safety in design and production processes.
This can help support EASA and FAA requirements but using the standard’s structured approach to:
- Embedding regulatory requirements (such as EASA Part-21 and Part-IS) into their Quality Management System (QMS)
- Aligning safety and security controls across production and operational processes
- Demonstrate compliance through documented procedures and impartial audits
Conclusion on EASA-IS
EASA Part-IS represents a significant focus on aviation cyber security. Organisations who already operate to ISO 27001 and AS9100 are well-positioned to demonstrate their compliance with the new regulations.
But for those without a structured compliance framework, now is the time to establish a formal system.
