Welcome to your training on EASA Part-IS. Before we dive into the rules, we need to understand a fundamental transition that has happened in our industry—a shift that has forced the European Union to create this new law.
For the last one hundred years, aviation safety has been a systematic approach to mitigate risks against Hazards. A hazard is something that happens to us naturally, or accidentally. It is the metal fatigue in a wing spar; it is the sudden thunderstorm on approach; it is the tired pilot who forgets a checklist item. We have spent decades building a safety culture designed to predict, prevent, and mitigate these accidental failures and we have mastered the art of redundant systems and physical inspections.
But today, we face a new reality. Modern aviation is no longer just about hardware, it is about Data. An aircraft today is essentially a flying data center. It receives flight plans over 5G or Wi-Fi, it downloads engine performance data to the ground in real-time, and it relies on GPS satellites for navigation. Our maintenance records are no longer paper logbooks stored in a dusty cupboard, they are digital entries in a cloud-based server accessed from anywhere in the world. This connectivity brings efficiency, but it also brings a new type of danger: the Information Security Threat.
Unlike a thunderstorm or a rusty bolt, a security threat is not naturally occurring or accidental. It is intentional. It is driven by an intelligent adversary—a hacker, a criminal organization, or even, in the future, an AI agent, who is actively looking for weaknesses in our systems. A metal bolt does not try to hide its fatigue cracks from you. A thunderstorm does not change its path just to trick your radar. But a cyber attacker does. They adapt. They hide. They actively try to bypass the safeguards we put in place.
This is why the European Union introduced Regulation (EU) 2023/203, which we call Part-IS. This is not a guideline. It is not a ‘best practice’ suggestion from an IT vendor. It is a hard law, binding on every aviation organization in Europe.
Under IS.OR.100, within this regulation, safety is no longer just about airworthiness, it is about cyber-resilience. The regulation requires us to protect the aviation system from information security risks with the same rigor we apply to physical safety risks, because in a digital aircraft, a corrupted file can be just as dangerous as a cracked component. If a hacker can alter the weight and balance data in our load sheet, or if malware prevents the landing gear computer from deploying, the result is a catastrophic safety failure. This course is your guide to this new reality. By the end of this training, you will not just understand the rules, but the vital role you play in keeping our data – and hence, our passengers – safe.