){kind=logo}
){kind=logo}
EASA Part-IS Framework
Part-IS is the essential EASA regulatory framework designed to bolster cyber resilience across the aviation ecosystem. As the industry shifts toward highly digitised, AI-driven networks, this regulation ensures that information security (IS) risks are managed to prevent any impact on aviation safety.
Core Objectives
- Safety-Centric Security: Identifying and mitigating cyber threats that could compromise flight and operational safety.
- Holistic Governance: Establishing a structured Civil Aviation Information Security Management System (ca-ISMS) that integrates seamlessly with existing Safety (SMS) and Quality Management Systems.
- Collaborative Resilience: Standardising risk detection, response, and reporting to foster a high-trust, information-sharing environment across airports, airlines, MROs, and ATMs.
Compliance Requirements
To comply, organisations must implement:
- Defined Governance: Documented roles and responsibilities embedded within the corporate structure.
- Integrated Management: A ca-ISMS that aligns with business resilience and safety management.
- Risk Mitigation: Robust mechanisms to detect, respond to, and neutralise cyber risks.
- Reporting & Learning: Formal systems for sharing threat intelligence with authorities and industry partners.
Deadlines
- October 2025: Obligatory for most EASA-approved organisations.
- February 2026: Obligatory for all other relevant organisations within the scope.
To find out more, please visit: www.protect.airbus.com/cybersecurity/part-is
Categories
- Governance, Risk & Compliance (GRC)
- OT, IoT & Industrial Security