Krav gällande informationssäkerhet (Del-IS)
På den här sidan återfinns information om vilka godkända utbildningsorganisationer (ATO) och FSTD-operatörer som omfattas av kraven i Del-IS.
Transportstyrelsen har tagit fram tabell nedan för att ni som ATO och FSTD-operatör lättare ska kunna se om ni omfattas av kraven enligt Del-IS. Observera att tabellen kan komma att uppdateras senare om Transportstyrelsen får information från EASA som föranleder en annan tolkning.
I de fall er organisation omfattas av kraven önskar Transportstyrelsen få in era uppdaterade manualer alternativt nya ISMM senast 30 november 2025.
Längre ned på sidan finns även information om undantag från Del-IS.
Kommissionens förordning 2023/203 (Del-IS) träder ikraft 22 feb 2026, vilket ni finner i sin helhet här:
| What training does the organisation deliver? | Comment | Need to comply with Part-IS? |
| ATO providing training in VCA | Does not fall under the definition of ELA2*. | Yes |
| ATO providing training in Gyroplane | Does not fall under the definition of ELA2*. | Yes |
| ATO providing training in SEP and MEP with a MTOW of 2000kg or less | Fall under the definition of ELA2* | No |
| ATO providing training in helicopter of 600kg or less | Fall under the definition of ELA2* | No |
| ATO providing aircraft training (e.g. class rating training, type rating training, instructor courses, CPL course, PPL course, additional ratings) with an aeroplane with a MTOW of over 2000 kg or a helicopter with a MTOW of over 600kg. | Does not fall under the definition of ELA2* | Yes |
| FSTD-O providing training on FFS/FTD (helicopter) of over 600kg | Does not fall under the definition of ELA2. | Yes |
| FSTD-O providing training on FFS/FTD (aeroplane) of 2000kg or less | Fall under the definition of ELA2 | No |
| FSTD-O providing training on helicopter FFS/FTD of 600kg or less | Fall under the definition of ELA2 | No |
| FSTD-O providing training only in FNPT | As the FNPT is not a full size replica of an aircraft type and its purpose is to represents the flight deck/cockpit environment including the assemblage of equipment and computer programmes necessary to represent an aircraft or class of aeroplane in flight operations to the extent that the systems appear to function as in an aircraft (ref CS FSTD(A).200(d) and CS FSTD(H).200(d)) the flight safety risks in case of malware are considered low. | No |
| FSTD-O providing training on FFS/FTD (aeroplane) of over 2000kg | Does not fall under the definition of ELA2* | Yes |
| ATO providing training only in FSTD (ATO is not the FSTDO) | Does not operate an actual aircraft. Although the FSTD operator is the primary party responsible under Part-IS, the role of the ATO, especially in the interface between these two organisations, needs to be clearly defined. Information security risks arising from this interface should be managed through contractual agreements between the FSTD operator and the ATO. As the rule does not currently address this issue explicitly, EASA sought a legal opinion to clarify the matter and will provide further guidance. |
No |
| ATO providing aircraft training in ELA2* aircraft only but FFS/FTD training in other than ELA2* aircraft (ATO is not the FSTDO) | Although the FSTD operator is the primary party responsible under Part-IS, the role of the ATO, especially in the interface between these two organisations, needs to be clearly defined. Information security risks arising from this interface should be managed through contractual agreements between the FSTD operator and the ATO. As the rule does not currently address this issue explicitly, EASA sought a legal opinion to clarify the matter and will provide further guidance. | No |
| ATO providing aircraft training in ELA2* aircraft only but FNPT training in other than ELA2* aircraft (ATO is not the FSTDO) | As the FNPT is not a full size replica of an aircraft type and its purpose is to represents the flight deck/cockpit environment including the assemblage of equipment and computer programmes necessary to represent an aircraft or class of aeroplane in flight operations to the extent that the systems appear to function as in an aircraft (ref CS FSTD(A).200 (d) and CS FSTD(H).200 (d)) the flight safety risks in case of malware are considered low. | No |
*ELA2 aircraft means the following manned European Light Aircraft:
(i) an aeroplane with a maximum take-off mass (MTOM) of 2 000 kg or less that is not classified as complex motor-powered aircraft;
(ii) a sailplane or powered sailplane of 2 000 kg MTOM or less;
(iii) a balloon;
(iv) a hot air airship;
(v) a gas airship complying with all of the following characteristics:
- 3 % maximum static heaviness,
- non-vectored thrust (except reverse thrust),
- conventional and simple design of structure, control system and ballonet system,
- non-power assisted controls;
(vi) a rotorcraft with an MTOM not exceeding 600 kg which is of a simple design, designed to carry not more than two occupants, not powered by turbine and/or rocket engines; restricted to VFR day operations
Undantag från Del-IS (endast om organisationen omfattas av Del-IS men bedömer att de ej har några informationssäkerhetsrisker som påverkar flygsäkerheten).
Inom kort kommer en ansökningsblankett för undantag från Del-IS finnas på Transportstyrelsens webbplats. Vid framtagande av en undantagsansökan bör rätt kompetenser delta i arbetet med att analysera organisationens kontaktytor och potentiella informationssäkerhetsrisker som kan påverka flygsäkerheten. Detta inkluderar både personal med god kännedom om verksamheten och dess system, samt personer med teknisk och IT-relaterad kompetens. Om analysen visar att det inte föreligger några flygsäkerhetsrisker som härrör från informationssäkerhetsrisker, kan ansökan om undantag lämnas in till Transportstyrelsen för prövning.
Ansökan om undantag bör inkomma till Transportstyrelsen snarast, dock senast 1 december 2025. Detta för att ge tid för hantering av ansökan och ge er tid att arbeta med implementering efter ett eventuellt avslag. Om undantagsansökan avslås behöver organisationen implementera Del-IS och en manual för godkännande måste ha inkommit senast 21 februari 2026, då kommer Transportstyrelsen att handlägga ärendet i ordinarie ordning utan särskilda åtgärder från myndighetens sida.
Vid avslagen undantagsansökan och fallet att en manual för godkännande inte har inkommit senast den 21 februari 2026, kommer Transportstyrelsen tvingas rikta en anmärkning mot operatören för bristande efterlevnad av gällande regelkrav.