DASR 21.A.20 enables an applicant for a certification authorisation11 to leverage prior certification from a recognised Civilian Aviation Authority (CAA) / Military Aviation Authority (MAA) to gain relief from developing compliance demonstration evidence. This Annex provides guidance on the requirements associated with leveraging prior certification, and what to do if the prior certification can only be partially leveraged.
Leveraging prior certification provides relief from the requirement to develop compliance demonstration evidence. It does not provide relief from any other requirements for certification prescribed in the DASRs.
As such, applicants seeking to leverage prior certification must still do the following:
Develop a certification programme that provides the information required in the relevant DASR.
Note: for certain major changes, this certification programme may be provided in conjunction with the Form 31a, as outlined in Section 7.2.3.
Provide a proposed TCB. For a major change this will include identifying the specific airworthiness requirements (termed re-investigations under DASR 21.A.93)22 impacted by the change.
Provide a declaration of compliance.
While use of prior certification may provide relief from the need to develop new compliance demonstration evidence, it does not provide relief from the need to present compliance demonstration evidence to DASA. As such, DASA may request to review evidence that supported the prior certification where it is deemed necessary. Where it is not possible for the applicant to provide this evidence to DASA, for example due to limitations on access to Original Equipment Manufacturer (OEM) data, this will be negotiated between the Applicant and DASA on a case-by-case basis.
In order to leverage prior certification, the following is required:
Evidence of certification from a recognised CAA/MAA33 (e.g. an authorisation issued by the CAA/MAA).
Confirmation that the certification is within the scope, conditions and caveats of the relevant CAA/MAA recognition certificate. This will commonly require the following:
Scope: Whether the evidence of certification matches the recognised authorisations on the recognition certificate.
Caveats: That evidence exists that the CAA/MAA applied a level of oversight to the design commensurate with the consequences of system failure.
This is particularly relevant in situations where the CAA/MAA is certifying a design solely for Defence use. In this case there needs to be confirmation that the level of oversight is the same as would normally be used for their own certification activities. Investigation into this aspect should commence as soon as the intent to leverage an CAA/MAA approval that is unique to Defence is known, to avoid any potential delays to progressing the DASA certification.
If the certification from the other CAA/MAA is a standard certification which has been provided for use in their regulatory system as well as Defence’s, stating that in the application is a sufficient response to this caveat.
Confirmation that the CAA/MAA is sufficiently experienced in certification of the particular design activity. For example, certification from a civil CAA that relates to safe separation of weapons on a military aircraft is unlikely to be within the experience of the CAA.
Identification and management of any deltas between the certification requirements employed by the CAA / MAA and the Defence TCB.
Step 1 – Identification of TCB Deltas. This requires knowledge of the requirements employed by the other CAA/MAA, and comparison against the Defence TCB. Deltas may include:
Use of a different airworthiness code.
Use of later amendments of requirements than the current Defence TCB.
Not covering requirements that exist in the Defence TCB. This is particularly common for requirements added to the TCB during initial certification as a result of ‘Essential’ requirements in the Defence Aviation Safety Design Requirements Manual (DASDRM), such as Crash Protection, Oxygen, and Defence Long Range Operations (DLRO) requirements.
Step 2 – Management of TCB Deltas. Deltas in the certification requirements employed by the prior certifying CAA/MAA and the Defence TCB can be addressed in the following ways:
Modification of the design to meet additional Defence TCB requirements.
Development of additional compliance demonstration evidence to demonstrate compliance to the Defence TCB.
Tailoring the TCB to match the requirements used by the other CAA/MAA. Depending on the types of deltas in requirements this may require assessment/management of risks associated with use of the different requirements. See Annex A to Section 7 for more information on TCB tailoring.
Identification and management of any deltas between the Configuration, Role and Environment (CRE) of the prior certification and the intended Defence CRE. Also refer to Annex C to Section 7 for more detailed guidance on the conduct of a CREA Assessment (CREA) in support of leveraging prior certification.
Step 1 – Identification of CRE Deltas. This step requires the following:
An understanding of the CRE underpinning the other CAA/MAA certification.
An understanding of the intended Defence CRE once the authorisation is approved.
Comparison of the two CREs to identify any deltas. For platforms that regularly rely on prior certification from a specific CAA/MAA, a platform level CREA may be developed (often during initial certification) which documents all known deltas at that time. This can be used as a starting point for future certification activities, where the known deltas in the ‘platform’ CRE are considered for their impact on the current certification activity. However, the application must still address whether any additional CRE deltas are introduced as a result of the current certification activity.
Note: The CREA is not comparing pre-modification Defence CRE against post-modification Defence CRE. A comparison of pre and post-modification CRE is useful in order to identify impacted areas of the type design, identify required re-investigations and develop a proposed Type Certification Basis (TCB) but does not assist in leveraging prior certification.
Step 2 – Management of CRE Deltas. In order to manage any CRE deltas, the requirements of the Type Certification Basis that are impacted by the CRE delta must be identified. Once the impacted requirements are identified, the following options are available:
Re-design to make the product suitable for the Defence CRE. This will require additional compliance demonstration evidence to demonstrate that the changed design is compliant with the TCB.
Develop additional compliance demonstration evidence to show that the design is compliant for the Defence CRE.
Change the Defence CRE to match the CRE from the original CAA/MAA. This may involve modifying the proposed roles or operating environment to remain within the certified role and environments, or choosing not to make Defence unique modifications to the configuration.
Tailor the requirements of the TCB to account for CRE deltas. This may result in Exception MCRIs, where it is not possible to demonstrate that the design is fully compliant to the TCB for the Defence CRE. See Annex A to Section 7 for more information on TCB tailoring.
Note: It is possible to have a CRE delta that does not impact on the ability to leverage the prior certification. This may be because the CRE delta does not impact on a certification requirement, or because it does not impact on the applicability of the compliance demonstration evidence. If the applicant is claiming that the CRE delta does not impact on the ability to leverage prior certification, the justification for this claim must be clearly provided in the certification programme or final application.
Identification and management of any safety risks associated with the CAA / MAA certification.
Step 1 – Identifying Safety Risks
Safety risk decisions or risk retention is generally associated with MAA approvals. Civil CAA approvals are not issued on the basis of risk retention, as civil regulators require either that requirements are met directly or that an equivalent level of safety to the requirements has been demonstrated.
Access to the original authorisation issued by the CAA/MAA may provide insight into risk decisions associated with the approval, but access to System Safety documentation, the Compliance Checklist, or other risk artefacts will likely be required. When engaging in a program that will rely on prior certification from a Military Aviation Authority, it is important to ensure that there is sufficient insight into the supporting documentation to be able to identify any risk underpinning the certification.
Note: Equivalent Level of Safety (ELOS) justifications associated with another CAA/MAA certification may only be true for the certification context in which they were considered. As such, any CRE deltas between the original certified CRE and the Defence CRE may invalidate the ELOS finding and therefore result in an additional safety risk in the Defence context. Careful consideration of the CREA to identify deltas will assist in identifying any additional safety risks introduced due to CRE differences.
Step 2 – Management of Safety Risks
Once risks have been identified, they must be managed through a 7-step risk management process to ensure that they have been eliminated or otherwise minimised So Far As is Reasonably Practicable (SFARP) for the Defence CRE44. Claims that the risks were managed and accepted by another MAA is not sufficient, as most MAA do not use the ‘SFARP’ methodology required by Defence, and the risk management will not be contextualised for the Defence CRE.
Any safety risks which are the result of non-compliance with the TCB will require an Exception MCRI to be raised, after the risk management has been completed. See Annex A to Section 7 for more information.
Note: Any risk management must be finalised and MCRIs approved prior to completing a declaration of compliance and seeking an authorisation from DASA.
Applicants may encounter a range of issues when intending to leverage prior certification that mean that the above requirements cannot be met. This does not necessarily mean that the prior certification cannot be leveraged, but further justification will be required to support the use of that prior certification. Where issues are encountered, the issue and proposed solutions should be outlined in the Certification Programme, and presented to DASA at the earliest opportunity to enable agreement on the proposed approach and reduce risks to the program.
Common issues encountered:
Lack of insight into TCB/re-investigations used by other CAA/MAA. This is common for aircraft leveraging civil certification, particularly service bulletins, where the design detail is not available.
Insight into the TCB/re-investigations is required for the following reasons:
To confirm that the certification matches the Defence TCB. ie to confirm that no risk is introduced as a result of using older requirements or due to requirements in the Defence TCB not being addressed.
To establish the current TCB of the design, as a starting point for future design activities, to ensure that the level of safety does not diminish with future designs.
Alternate way of addressing this requirement:
Confirming the known certification basis underpinning the other CAA/MAA certificate. ie it may not be possible to confirm the specific requirements used for the current design, but the baseline certification basis, which would serve as a starting point for the certification activity, will be available on the original Type Certificate.
Identifying any deltas between the baseline CAA/MAA certification basis and the Defence TCB. If the two are largely common (ie airworthiness code and amendment level is common), with any deltas clearly in an area not impacted by the change, this may support proceeding with limited insight into the requirements used by the CAA/MAA for the change. If the baseline TCBs are not common (ie differing airworthiness codes or amendment levels are used) then further insight into the CAA/MAA basis for the change must be obtained.
Confirming the process used by the CAA/MAA in managing the certification basis for changes. In most cases the CAA/MAA will not change the airworthiness code, or add new Special Condition requirements without amendment the original certificate, and in such cases the potential changes to the certification basis would usually be limited to the use of later amendments of requirements, or equivalent level of safety arguments.
Confirming that there is no intent for future design changes to be implemented without reliance on the CAA/MAA in question. If all future changes are intended to leverage prior certification from the CAA/MAA in question, then confidence can be gained that any changes to the TCB related to this certification (eg decisions to comply with later amendments of requirements) will be carried over to any future design changes. However, if it is likely that Defence will undertake Defence unique modifications, or will rely on modification with prior certification from a different CAA/MAA, then detailed insight into the requirements for the change will likely be required in order to establish the basis for future changes.
Note: This alternate approach will generally only be suitable for simple civil certified changes such as major changes released under a Service Bulletin, where the Defence type has minimal CRE deltas from the civil type. Due to the potential for Military certifications to include risk retention, as discussed above, lack of insight into the requirements and level of compliance against those requirements is unlikely to be able to be justified.
Prior certification is against different airworthiness code/requirements than the Defence TCB. This may happen when Defence relies on certification from a single CAA/MAA and they have decided that due to issues in the original certification basis, or safety benefits available in a new airworthiness code, to alter their certification basis. This may also happen when Defence relies on prior certification from different Authorities for different activities, and those Authorities use different airworthiness codes. This may be addressed in the following ways:
Use of a Military Supplemental Type Certificate (MSTC) to cover the specific design activity that uses a different certification basis. This approach is suitable where there is single stand-alone activity which will use the new certification basis, and other future activities are expected to continue to use the original certification basis. Use of an MSTC enables a TCB to be defined separately to the MTC TCB, though the certification programme will need to address the congruence between the two TCBs to ensure there are no safety risks introduced due to the use of the alternate TCB.
Modifying the Defence TCB to match the prior certification. This could involve modifying only some elements of the TCB, or could involve a change to the whole TCB. See Annex A to Section 7 for more information.
Mapping the evidence from the other CAA/MAA across to the Defence TCB without modifying the TCB. This will require a good understanding of differences between the airworthiness codes or requirements and insight into the specific elements of the code impacted by the change. Where there are shortfalls in the ability to map the evidence to the Defence TCB this will require management via additional evidence, limitations or TCB tailoring.
Direct evidence of CAA/MAA approval is not available. This may occur where Defence receives the output from the OEM (for example a Service Bulletin or updated Aircraft Flight Manual (AFM)) but does not have access to the underpinning CAA/MAA approval.
Direct evidence of approval is required for the following reasons:
To confirm that the recognised CAA/MAA has provided an approval.
To confirm that the type of approval from the CAA/MAA matches the products on the DASA recognition certificate.
To confirm that there were no caveats, conditions or limitations associated with the approval.
Alternate way of addressing this requirement:
Providing evidence that shows a product has been released under privilege based on an approval from the CAA/MAA. This will often be stated on the product (for example a service bulletin issued under the EASA system will often reference the underpinning EASA approval).
Confirming that this is a standard type of product under the CAA/MAA system, and therefore would have been approved using a standard authorisation covered under our recognition certificate. The type of approval may actually be referenced on the product (eg Service Bulletin or AFM update) that has been released, therefore addressing this requirement.
Addressing the potential for conditions, caveats or limitations associated with the product. This may require engaging with the organisation that has released the product (eg OEM) to confirm whether any conditions, caveats or limitations were associated with the approval. Normally conditions or limitations associated with an approval would be released to Operators, and therefore be available even if the underpinning design approval is not available.
Note: This alternate approach will generally only be suitable for simple civil certified changes. Due to the potential for Military certifications to include risk retention, as discussed above, lack of direct evidence of MAA approval to enable assessment of potential risk treatment decisions is unlikely to be able to be justified.
Evidence of CAA/MAA approval does not match the recognition certificate. This may occur where the CAA/MAA uses a different system for approval of certain artefacts that is not covered under the recognition certificate. For example, the Federal Aviation Authority (FAA) approval of changes to a Master Minimum Equipment List (MMEL) is managed through the Flight Operations Evaluation Board process and may not receive a major change approval as listed on the recognition certificate.
Alternate way of addressing this requirement:
Provide information on the type of approval that was provided, the area of the CAA/MAA that provided it (especially if it is a separate element of the CAA/MAA than normally completes certification activities), and why this approval was not provided under one of the standard/recognised authorisations.
Provide justification (based on the above factors) for why this available authorisation should be considered equivalent to other recognised authorisations. For example, it is the standard process used for this technology area, it has undergone the same level of oversight from an appropriate area of the Authority, it has been approved as a ‘major’ change which is equivalent to the classification under DASRs.
Prior certification is from a CAA/MAA that DASA does not recognise or is not covered by the DASA recognition. This could be due to three reasons – the certification is from a historical CAA/MAA that no longer exists, the certification is from a current CAA/MAA that DASA has not assessed, or the certification is from a recognised CAA/MAA but not covered by the current recognition. In any of these cases, early engagement with DASA to discuss the potential for leveraging a certification from an unrecognised CAA/MAA is essential. For current CAA/MAAs, DASA may be able to undertake the recognition activities to support the use of prior certification, but this will require sufficient notice.
Historical CAA/MAA.
Recognition of current CAA/MAAs does not cover any previous variations of the Authority. As such, additional work will be required to establish confidence that the historical CAA/MAA processes provided an equivalent safety outcome to the DASRs, before the certification can be leveraged. In order to do this, the applicant must gain as much insight as possible into the authorisation that they are intending to leverage and the system under which it was issued, and engage with DASA early to determine possible approaches to recognition.
Use of a certification from a historical CAA/MAA is also likely to be provided against older airworthiness requirements than would be currently required under the DASRs. As such, assessment and treatment of any risks relating to the deltas between the older requirements and the contemporary requirements will likely be required in order to leverage the prior certification.
Current CAA/MAA (unrecognised or not covered by the current recognition)
DASA should be engaged as early as possible if there is an intent to leverage certification from a current CAA/MAA that is not recognised. In order to be able to leverage that certification, DASA would need to undertake a recognition activity which will require significant notice and planning. If DASA is unable to conduct a recognition activity of the CAA/MAA, prior certification will not be able to be leveraged and a standard certification approach must be followed, including presentation of all compliance demonstration evidence to DASA.
Insufficient insight into the level of oversight provided by the other CAA/MAA
As mentioned above, if the design is being certified for use within the other CAA/MAA’s system then that is normally sufficient to confirm an appropriate level of oversight has been provided. If the design is being certified solely for Defence use, then insight into the CAA/MAA oversight is required, and applicants should establish a plan for gaining this insight as early as possible.
If the applicant has exhausted all options available to them for gaining this insight, then DASA may be able to engage on an Authority-to-Authority level to address this requirement. Note that this is not a standard practice, and will only be done in exceptional circumstances. The Authority-to-Authority engagement may not be able to occur on applicant timelines and, as such, if an applicant is reliant on this approach then it may result in delays to certification.