Two sister regulations close a long-standing gap in how ATM/ANS ground equipment reaches the operational system. Commission Delegated Regulations (EU) 2023/1768 and 2023/1769 — both adopted in July 2023 — together replace the equipment provisions of the repealed Interoperability Regulation with a modern, risk-based framework overseen by EASA and the National Competent Authorities.
2023/1768 sets out what evidence ATM/ANS equipment must hold before it can be put into service — a certificate, a declaration or a statement of compliance, depending on criticality. 2023/1769 sets out who may produce that evidence — the design and production organisations (DPOs) approved and overseen by EASA. They are designed to be read together, and ATM/ANS providers, equipment suppliers and competent authorities all need to engage with both.
Regulation (EU) 2023/1768 — conformity assessment of ATM/ANS equipment
2023/1768 lays down detailed rules for the certification and declaration of ATM/ANS systems and constituents — collectively ‘ATM/ANS equipment’ — used to support airspace management, air traffic flow management, air traffic services, communications, navigation, surveillance, aeronautical information and meteorological services. The amendments to 2017/373 made by Regulation (EU) 2023/1771 sit alongside it, placing the installation, on-site testing and entry-into-service obligations on the ATM/ANS provider.
- 2023/1768
- Conformity assessment of ATM/ANS equipment
- Three tiers
- Certification / Declaration / SoC
- Transition
- Legacy equipment grandfathered; modifications and new equipment fall under the new regime, with the framework fully applicable by 2028.
Key articles and the three-tier model
The criticality of the equipment determines the attestation method, set out in Articles 4 to 6:
- Article 4 — Certification by EASA for the most critical equipment: that supporting controller–pilot (air-to-ground) communications, and air traffic control services that enable separation of aircraft or collision prevention.
- Article 5 — Declaration of design compliance by an approved DPO for equipment supporting ground-to-ground communications, navigation or surveillance.
- Article 6 — Statement of Compliance (SoC) — the least stringent method — for less critical equipment supporting MET, AIS, ASM and ATFM, issued by the ATM/ANS provider that integrates it, or, on request, by an approved DPO.
Compliance is demonstrated against the EASA Detailed Specifications — the DS-GE.CER/DEC for certified and declared equipment, and the DS-GE.SoC for equipment covered by a statement of compliance.
Regulation (EU) 2023/1769 — the Design and Production Organisation
Where 2023/1768 defines the conformity outcome, 2023/1769 defines the organisation that must stand behind it. It lays down the requirements for organisations involved in the design and production of ATM/ANS equipment subject to certification or declaration, and for their oversight by EASA. In short, no Part-DPO approval — no Article 4 certificate, no Article 5 declaration.
- 2023/1769
- Approval of the design and production organisation (Part-DPO)
- Scope
- Design, production or combined; EASA is the competent authority
- Core elements
- Design assurance, configuration management, supplier control, change handling, occurrence reporting and independent monitoring.
How a DPO approval is built
The DPO approval covers the organisation’s design assurance system, configuration management, supplier control, production conformity, change and deviation handling, occurrence reporting and an internal independent monitoring function. Larger organisations will typically hold a combined Design and Production Organisation approval; smaller suppliers may scope their approval to design only, with production controlled through subcontract arrangements. EASA is the competent authority for DPO approvals, with oversight tasks coordinated with the National Competent Authorities of the affected service providers.
1768 and 1769 are best read together: 1768 defines the conformity assessment outcome the market expects, and 1769 defines the organisation and processes that make that outcome credible and repeatable.
Part-IS for design and production organisations
Sitting alongside 1768 and 1769 is the information security regime introduced by Commission Delegated Regulation (EU) 2022/1645 (‘Part-IS’ for design and production organisations) and the parallel Implementing Regulation (EU) 2023/203 (Part-IS for service providers, including ATM/ANS). For a DPO, Part-IS is not a separate cyber rulebook to satisfy on the side — it is an information security management system (ISMS) that must be integrated into the same design-assurance, change-handling and occurrence-reporting processes that the 1769 approval already requires. Information security risks with a potential impact on aviation safety must be identified and assessed, mitigations evidenced, incidents detected and reported, and the resulting findings fed back into the safety assessment of the equipment itself. EASA oversight of DPOs covers Part-IS in the same audits that look at design assurance and configuration management, so the two need to be planned, documented and demonstrated together.
What compliance demands
Suppliers that design or produce certified or declared equipment will need an approved design and production organisation under 2023/1769 (a ‘Part-DPO’ approval) and the engineering evidence to satisfy the relevant Detailed Specifications. ATM/ANS providers must, before integrating any equipment into their functional system, hold the correct attestation — certificate, declaration or SoC — and verify correct installation and on-site testing under the amended 2017/373. Equipment already in service under the previous framework is broadly grandfathered during the transition period running into 2028, but legacy configurations that are modified will fall under the new regime. Knowing precisely which tier applies to each constituent — and managing the transition deadlines — is where most programmes need expert help.
How AVISU helps
AVISU combines operational ATM knowledge with deep safety-engineering and standardisation experience — exactly the blend this equipment framework demands.
- Criticality assessment to determine the correct attestation tier (certification, declaration or SoC) for each system and constituent.
- Support establishing a design and production organisation approval (Part-DPO) under Regulation (EU) 2023/1769.
- Mapping of equipment evidence against the EASA Detailed Specifications (DS-GE.CER/DEC and DS-GE.SoC).
- Transition planning to manage legacy equipment and the 2028 deadlines.
- Safety case and integration support under the amended 2017/373 entry-into-service requirements.
- Part-IS compliance for DPOs under Regulation (EU) 2022/1645 — ISMS design, risk assessment and integration with the 1769 design-assurance and change processes.
- Liaison with EASA and National Competent Authorities throughout the assessment.