Aviation Certification Glossary

A specialized agency of the United Nations established by the Chicago Convention (1944) to promote the safe and orderly development of international civil aviation worldwide. ICAO develops Standards and Recommended Practices (SARPs), Procedures for Air Navigation Services (PANS), and guidance material that serve as the foundation for national aviation regulations across its 193 member States.

The Convention on International Civil Aviation, signed in Chicago on 7 December 1944, is the foundational international treaty that established ICAO and set forth the principles governing international air navigation. It affirms that every State has complete and exclusive sovereignty over the airspace above its territory and provides the framework for uniform regulations, standards, and procedures for civil aviation.

Technical specifications adopted by the ICAO Council under Article 37 of the Chicago Convention. A Standard is a specification whose uniform application is recognized as necessary for the safety or regularity of international air navigation and to which States must conform; if a State cannot comply, it must file a difference with ICAO under Article 38. A Recommended Practice is a specification whose uniform application is recognized as desirable but not mandatory.

The 19 technical annexes to the Chicago Convention that contain all ICAO Standards and Recommended Practices (SARPs), organized by subject area. Each Annex covers a specific domain of civil aviation and is periodically amended through the ICAO amendment process. Key annexes for certification professionals include Annex 8 (Airworthiness of Aircraft), Annex 6 (Operation of Aircraft), and Annex 19 (Safety Management).

Annex 1 to the Chicago Convention establishes the international SARPs for the licensing of flight crew members, air traffic controllers, and aircraft maintenance technicians. It defines the minimum requirements for knowledge, experience, skill, and medical fitness that States must implement through their national licensing systems.

Annex 6 to the Chicago Convention establishes the international SARPs for the operation of aircraft in international air navigation. It is divided into three parts: Part I covers international commercial air transport (aeroplanes), Part II covers international general aviation (aeroplanes), and Part III covers international operations of helicopters. It addresses operational requirements including maintenance programs, MEL policy, and crew qualifications.

Annex 8 to the Chicago Convention establishes the broad international SARPs for the airworthiness of aircraft. It defines the obligations of the State of Design and State of Manufacture to certify that aircraft, engines, and propellers meet minimum airworthiness standards. Annex 8 provides the high-level framework that national airworthiness codes (such as 14 CFR Part 25, EASA CS-25, or TCCA AWM 525) implement in detailed technical requirements.

Annex 10 to the Chicago Convention establishes the international SARPs for aeronautical telecommunications, including radio navigation aids, communications systems, surveillance and collision avoidance systems, and aeronautical radio frequencies. It is divided into five volumes covering radio navigation aids, communications procedures, communication systems, surveillance radar and collision avoidance, and aeronautical radio frequency spectrum utilization.

Annex 13 to the Chicago Convention establishes the international SARPs for the investigation of aircraft accidents and incidents. It defines the roles and responsibilities of the State of Occurrence, State of Registry, State of the Operator, State of Design, and State of Manufacture in the investigation process. The sole objective of an investigation under Annex 13 is the prevention of future accidents, not the apportionment of blame or liability.

Annex 14 to the Chicago Convention establishes the international SARPs for the design, operation, and maintenance of aerodromes (airports and heliports). Volume I covers aerodrome design and operations including runway specifications, obstacle limitation surfaces, visual aids, and rescue and firefighting. Volume II covers heliports.

Annex 19 to the Chicago Convention, adopted in 2013, consolidates safety management provisions previously scattered across other annexes into a single framework. It establishes the SARPs for State Safety Programmes (SSP) and requires service providers (airlines, maintenance organizations, airports, air navigation service providers) to implement Safety Management Systems (SMS). It introduces a risk-based, data-driven approach to safety oversight.

Procedures approved by the ICAO Council that supplement the SARPs in the Annexes. PANS documents contain operational procedures considered not yet mature enough for adoption as SARPs, or procedures that are too detailed for inclusion in an Annex. They are published as ICAO Documents (e.g., PANS-OPS Doc 8168, PANS-ATM Doc 4444) and are not subject to the formal difference-notification process that applies to Standards.

The ICAO term for the State having jurisdiction over the organization responsible for the type design of an aircraft, engine, or propeller. The State of Design has continuing airworthiness responsibilities including the issuance and management of the Type Certificate, the publication of mandatory continuing airworthiness information, and the obligation to assist other States in ensuring the continuing airworthiness of aircraft on their registries.

The ICAO term for the State having jurisdiction over the organization responsible for the final assembly and production of an aircraft, engine, or propeller. The State of Manufacture is responsible for ensuring that each produced article conforms to the approved type design and is in a condition for safe operation before issuing an export certificate of airworthiness.

The ICAO term for the State on whose register an aircraft is entered. The State of Registry is responsible for the continuing airworthiness oversight of the aircraft, including ensuring compliance with mandatory airworthiness directives, approval of maintenance programs, and issuance of the Certificate of Airworthiness. An aircraft can only be registered in one State at a time.

The ICAO term for the State in which the operator's principal place of business is located, or if there is no such place of business, the operator's permanent residence. The State of the Operator is responsible for operational oversight, including issuance of the Air Operator Certificate (AOC) and surveillance of the operator's safety management system and operational compliance.

An integrated set of regulations and activities aimed at improving safety at the State level, as defined by ICAO Annex 19. An SSP is managed by the State's civil aviation authority and encompasses four components: State safety policy and objectives, State safety risk management, State safety assurance, and State safety promotion. Each ICAO member State is required to develop and implement an SSP.

A systematic approach to managing safety, including the necessary organizational structures, accountabilities, policies, and procedures, as required by ICAO Annex 19. An SMS is required for service providers including airlines, approved maintenance organizations, certified aerodromes, and air navigation service providers. It consists of four pillars: safety policy and objectives, safety risk management, safety assurance, and safety promotion.

The trade association of the world's airlines, representing approximately 300 airlines that account for over 80% of global air traffic. IATA is an industry body, not a regulatory authority; it develops industry standards, best practices, and audit programs that complement the regulatory frameworks of national authorities. IATA's standardization work covers operations, safety, security, cargo handling, dangerous goods, and passenger services.

An internationally recognized and accepted evaluation system designed to assess the operational management and control systems of an airline. IOSA uses internationally recognized quality audit principles and is structured around eight operational discipline areas including organization and management, flight operations, operational control, aircraft engineering and maintenance, and cabin operations. IOSA registration is a condition of IATA membership.

An audit program for ground handling service providers that creates a standardized assessment framework for ground operations safety and quality. ISAGO covers ground handling activities including aircraft ground handling, passenger handling, cargo and mail handling, and load control. It enables airlines to rely on a single, industry-standard audit rather than conducting individual audits of each ground handler.

The authoritative industry reference manual for shipping dangerous goods by air, published annually by IATA. The DGR translates the ICAO Technical Instructions for the Safe Transport of Dangerous Goods by Air (Doc 9284) into a practical field manual used by shippers, freight forwarders, ground handlers, and airlines. It includes classification criteria, packing instructions, marking and labeling requirements, and documentation procedures.

The civil aviation authority of the United States, operating under the Department of Transportation. The FAA is responsible for the regulation and oversight of civil aviation within the United States, including aircraft certification, airman certification, air traffic management, and airport safety. The FAA's regulatory authority derives from Title 49 of the United States Code, and its aviation safety regulations are codified in Title 14 of the Code of Federal Regulations (14 CFR).

The section of the United States Code of Federal Regulations that contains all federal aviation regulations. Title 14 is titled 'Aeronautics and Space' and is divided into chapters, with Chapter I containing the FAA regulations. These regulations are organized into subchapters and parts covering airworthiness standards, certification procedures, operating rules, maintenance requirements, and other aspects of civil aviation.

The FAA regulation that prescribes procedural requirements for the issuance of type certificates, production approvals, airworthiness certificates, and related approvals for aircraft, aircraft engines, propellers, and articles. Part 21 defines who may apply for certification, what must be shown, and how approvals are issued, amended, and maintained. It is the procedural backbone of the FAA certification system.

The FAA airworthiness standard for normal category airplanes, which encompasses what were previously classified as normal, utility, acrobatic, and commuter category airplanes. Part 23 was comprehensively restructured under Amendment 23-64 (effective August 2017) to adopt a performance-based regulatory approach with four certification levels based on passenger seating and speed. The restructured Part 23 relies on consensus standards (primarily from ASTM International) as means of compliance.

The FAA airworthiness standard containing the detailed type design requirements for transport category airplanes — typically jet-powered commercial aircraft with more than 19 passenger seats or a maximum certificated takeoff weight above 19,000 pounds. Part 25 prescribes structural, performance, flight characteristics, design and construction, powerplant, equipment, and electrical systems requirements. It is one of the most comprehensive airworthiness codes in the world.

The FAA airworthiness standard for normal category rotorcraft, covering helicopters with a maximum weight of 7,000 pounds or fewer and nine or fewer passenger seats. Part 27 prescribes the minimum design, construction, performance, and safety standards for type certification of these rotorcraft.

The FAA airworthiness standard for transport category rotorcraft, covering helicopters that exceed the Part 27 weight or passenger limits. Part 29 prescribes more stringent design and performance requirements appropriate for larger, multi-engine rotorcraft used in commercial operations, including enhanced crashworthiness, performance in engine-inoperative conditions, and more rigorous systems safety requirements.

The FAA airworthiness standard for aircraft engines, covering both reciprocating and turbine engines. Part 33 prescribes requirements for design, construction, testing, and performance including endurance testing, bird ingestion, blade containment, fire protection, and the engine's response to adverse conditions. Engine Type Certificates are issued under Part 33 independently from the airframe's TC.

The FAA airworthiness standard for propellers, establishing minimum requirements for the design, testing, and certification of aircraft propellers. Part 35 addresses structural loads, fatigue evaluation, bird impact, lightning strikes, and functional testing. Like engines, propellers receive their own Type Certificates separate from the airframe.

The FAA regulation prescribing noise standards for the issuance and amendment of type certificates and changes to type design for aircraft. Part 36 defines noise measurement procedures, noise limits for different categories and stages of aircraft, and the requirements for obtaining noise level approvals. Compliance with Part 36 is required as part of the type certification process.

The FAA regulation governing Airworthiness Directives (ADs), which are legally enforceable rules that apply to aircraft, aircraft engines, propellers, and appliances when an unsafe condition exists and that condition is likely to exist or develop in other products of the same type design. ADs prescribe mandatory inspections, modifications, operating limitations, or other corrective actions. Non-compliance with an applicable AD renders an aircraft unairworthy.

The FAA regulation prescribing rules governing the maintenance, preventive maintenance, rebuilding, and alteration of aircraft, engines, propellers, appliances, and component parts. Part 43 defines who may perform maintenance (authorized persons), what constitutes major vs. minor repairs and alterations, the approved data requirements for performing work, and the maintenance record entry requirements including return-to-service documentation.

The FAA regulation establishing the general operating and flight rules for all civil aircraft operations in the United States. Part 91 prescribes rules governing the operation of aircraft, including pilot-in-command responsibilities, equipment requirements, flight rules (VFR/IFR), maintenance requirements for non-commercial operations, and minimum equipment list provisions. Part 91 applies to all operations unless more specific operating rules (Parts 121, 135) apply.

The FAA regulation governing the certification and operations of scheduled air carriers and commercial operators conducting domestic, flag, or supplemental operations. Part 121 prescribes stringent requirements for air carrier certification, crew qualifications, training programs, aircraft performance, maintenance programs (Continuous Airworthiness Maintenance Programs — CAMP), dispatch procedures, and operational control. It is the primary operating rule for major U.S. airlines.

The FAA regulation governing the certification and operations of commuter and on-demand air carriers, including charter operations, air taxi services, and commuter airlines using aircraft with 30 or fewer passenger seats. Part 135 prescribes requirements that are generally less stringent than Part 121 but more stringent than Part 91, covering pilot qualifications, maintenance requirements, aircraft performance, and operational procedures.

The FAA regulation prescribing the requirements for the issuance of repair station certificates, including the personnel, facilities, equipment, and quality system requirements necessary for certificated repair stations to perform maintenance, preventive maintenance, and alterations on aircraft, airframes, engines, propellers, appliances, and components. A Part 145 certificate is required for maintenance organizations performing work for air carriers and commercial operators.

Non-regulatory guidance documents issued by the FAA that describe acceptable means of compliance with 14 CFR requirements. Advisory Circulars are not legally binding, but they carry significant practical weight because they represent methods the FAA has pre-accepted. An applicant may propose an alternative means of compliance to an AC, but must then demonstrate that the alternative provides an equivalent level of safety and obtain FAA agreement.

Internal FAA directives that prescribe policies, assign responsibilities, and establish procedures for FAA employees and designees. Orders (such as FAA Order 8110.4 — Type Certification, and FAA Order 8900.1 — Flight Standards Information Management System) provide the procedural framework within which FAA inspectors and engineers conduct their certification and oversight activities. Policy statements and memoranda supplement orders with specific interpretive guidance.

An FAA field office within the Aircraft Certification Service (AIR) responsible for the type certification, supplemental type certification, and design approval activities for aircraft, engines, propellers, and articles. ACOs are organized geographically into branches with specialization by product type. They serve as the primary FAA engineering interface for design approval applicants.

An FAA field office responsible for the oversight of production approval holders, including Production Certificate holders and TSO Authorization holders. MIDOs conduct conformity inspections, audit production quality systems, issue production approvals, and oversee the airworthiness release process for newly manufactured articles. They are the production-side counterpart to the ACO.

An FAA field office within the Flight Standards Service responsible for the operational certification and oversight of air carriers, air agencies, and airmen. FSDOs issue air carrier certificates, repair station certificates, and pilot certificates; conduct ramp inspections; perform surveillance of certificated operators; and process field approvals for alterations. FSDOs interface with operators on operational and maintenance matters.

An individual appointed by the FAA Administrator to act as a representative of the Administrator in examining, testing, and approving aircraft designs and compliance data. DERs are private-sector engineers who hold FAA designations in specific technical disciplines (e.g., structures, systems, flight test, propulsion) and are authorized to make findings of compliance and approve data on behalf of the FAA. Each DER's authorization is defined by their delegation letter.

An individual appointed by the FAA Administrator to perform examination, inspection, and testing services necessary for the issuance of airworthiness certificates, export airworthiness approvals, and other related functions. DARs may be designated for manufacturing (DAR-F for manufacturing conformity) or for maintenance/alteration (DAR-T for field approval and airworthiness certificate issuance). They supplement FAA inspector capacity.

An authorization granted by the FAA to an organization that allows it to perform specified certification functions on behalf of the FAA through its ODA unit members. The ODA is a more comprehensive form of delegation than individual DER/DAR appointments, enabling the organization to make findings of compliance, issue approvals, and perform conformity inspections within the scope of its authorization. ODA holders manage their own unit members under FAA oversight.

The aviation safety agency of the European Union, headquartered in Cologne, Germany. EASA is responsible for the airworthiness certification of aeronautical products (type certification), the approval of design and production organisations, the development of pan-European aviation safety regulations (Implementing Rules, Certification Specifications, AMC, and GM), and the oversight of EU-wide aviation safety. EASA was established in 2002 and has progressively assumed regulatory responsibilities from national aviation authorities of EU Member States.

Regulation (EU) 2018/1139 of the European Parliament and of the Council, which is the foundational EU legislation establishing the common rules for civil aviation safety in Europe and creating EASA. It defines the essential requirements for airworthiness, environmental compatibility, pilot licensing, air operations, aerodromes, ATM/ANS, and the organizational framework for EASA and national aviation authorities. All EASA Implementing Rules and Certification Specifications derive their legal authority from this regulation.

The EASA Implementing Rule (Commission Regulation (EU) No 748/2012, Annex I) that establishes the certification procedures for aircraft, engines, propellers, parts, and appliances, as well as the requirements for design and production organisations. EASA Part 21 is functionally analogous to FAA 14 CFR Part 21 but differs in structure and process, particularly in its reliance on Design Organisation Approval (DOA) and Production Organisation Approval (POA) as the primary approval mechanisms.

The EASA Implementing Rule (Commission Regulation (EU) No 1321/2014, Annex I) establishing the requirements for the continuing airworthiness of aircraft, including the approval of continuing airworthiness management organisations (CAMO). Part-M covers airworthiness reviews, maintenance programme approval, defect reporting, and the overall framework for keeping aircraft airworthy throughout their operational life.

The EASA Implementing Rule (Commission Regulation (EU) No 1321/2014, Annex Vb) providing simplified continuing airworthiness requirements for light aircraft classified as ELA1 (European Light Aircraft with a maximum takeoff mass of 1,200 kg or less) and ELA2 (up to 2,000 kg). Part-ML offers a proportionate regulatory framework with reduced administrative burden compared to Part-M, while maintaining an adequate level of safety.

The EASA Implementing Rule (Commission Regulation (EU) No 1321/2014, Annex II) establishing the requirements for the approval of organisations engaged in the maintenance of aircraft and aircraft components. Part-145 covers personnel requirements, facilities, tooling, maintenance data, quality systems, and the privileges to issue Certificates of Release to Service (CRS). A Part-145 approval is the European equivalent of an FAA Part 145 repair station certificate.

The EASA Implementing Rule (Commission Regulation (EU) No 1321/2014, Annex Vc) establishing the requirements for organisations managing the continuing airworthiness of aircraft. A CAMO is responsible for ensuring that aircraft remain airworthy, managing maintenance programmes, arranging for maintenance to be carried out by approved organisations, and performing airworthiness reviews. Part-CAMO replaced the CAMO requirements previously contained in Part-M Subpart G.

The collective term for the EASA Implementing Rules governing air operations, contained in Commission Regulation (EU) No 965/2012. This includes Part-ORO (Organisation Requirements for air Operations), Part-ARO (Authority Requirements for air Operations), Part-CAT (Commercial Air Transport), Part-NCC (Non-Commercial operations with Complex motor-powered aircraft), Part-NCO (Non-Commercial operations with Other-than-complex aircraft), and Part-SPO (Specialised Operations).

The EASA Certification Specifications for normal-category aeroplanes, harmonized with FAA 14 CFR Part 23. CS-23 Amendment 5 adopted the restructured performance-based approach matching the FAA's Part 23 Amendment 64, using high-level safety objectives with detailed compliance methods provided through referenced consensus standards. CS-23 covers aeroplanes with a maximum seating configuration of 19 passengers and a maximum certificated takeoff mass of 8,618 kg (19,000 lb).

The EASA Certification Specifications for large aeroplanes (transport category), the European equivalent of FAA 14 CFR Part 25. CS-25 prescribes detailed airworthiness requirements for the design, construction, and performance of large aeroplanes used in commercial air transport. It is extensively harmonized with Part 25, though differences exist in specific requirements, particularly in areas such as ditching, lightning protection, and cabin safety.

The EASA Certification Specifications for small rotorcraft, the European equivalent of FAA 14 CFR Part 27. CS-27 prescribes airworthiness standards for rotorcraft with a maximum weight of 3,175 kg (7,000 lb) or less and nine or fewer passenger seats.

The EASA Certification Specifications for large rotorcraft, the European equivalent of FAA 14 CFR Part 29. CS-29 prescribes airworthiness standards for rotorcraft exceeding the CS-27 weight or passenger limitations, including multi-engine transport rotorcraft used in commercial air transport and offshore operations.

The EASA Certification Specifications for aircraft engines, the European equivalent of FAA 14 CFR Part 33. CS-E prescribes airworthiness standards for the type certification of turbine and reciprocating engines, covering design and construction, endurance testing, ingestion tests, and operational characteristics.

The EASA Certification Specifications for propellers, the European equivalent of FAA 14 CFR Part 35. CS-P prescribes airworthiness standards for the type certification of propellers, covering structural design, fatigue evaluation, functional tests, and environmental considerations.

The EASA Certification Specifications containing the European Technical Standard Orders (ETSOs), which define minimum performance standards for specified articles (components, equipment, parts). An ETSO authorization issued under Part 21 Subpart O certifies that an article meets the applicable ETSO standard. CS-ETSO indexes are largely harmonized with FAA TSOs, with the ETSO number typically corresponding to the equivalent TSO number (e.g., ETSO-C151 corresponds to TSO-C151).

Non-binding standards adopted by EASA to facilitate compliance with the Implementing Rules and Certification Specifications. Acceptable Means of Compliance (AMC) describe methods that EASA has pre-accepted for demonstrating compliance; an applicant following an AMC is presumed to meet the underlying requirement. Guidance Material (GM) provides explanatory and interpretive information to help stakeholders understand the intent of regulations. Neither AMC nor GM are legally binding.

An approval issued by EASA under Part 21 Subpart J to an organisation that has demonstrated its capability to design or make changes to type design for aircraft products. A DOA holder is granted privileges to approve minor changes and minor repairs without prior EASA involvement, and to submit major changes and major repairs for EASA approval with reduced EASA direct involvement. The DOA is central to the EASA certification system as it enables approved design organisations to self-manage significant portions of the compliance demonstration process.

An approval issued by EASA under Part 21 Subpart G to an organisation that has demonstrated its capability to manufacture products, parts, and appliances in conformity with the approved type design data. A POA holder is granted the privilege to issue EASA Form 1 authorised release certificates for new parts and to make statements of conformity for complete aircraft. The POA is the European equivalent of the FAA Production Certificate.

A formal document used by EASA during a certification project to define, discuss, and resolve specific certification issues. CRIs serve multiple purposes: they may propose special conditions, establish interpretive material, document means of compliance agreements, or address specific technical issues that arise during the certification process. CRIs are the EASA counterpart to FAA Issue Papers and are a primary mechanism for communication between EASA and the applicant on certification matters.

The civil aviation authority of Canada, operating as a directorate within Transport Canada. TCCA is responsible for the regulation and oversight of civil aviation in Canada, including aircraft certification, flight operations, personnel licensing, aerodrome safety, and air navigation services. TCCA's regulatory framework is based on the Aeronautics Act and the Canadian Aviation Regulations (CARs).

The body of aviation regulations made under the Canadian Aeronautics Act, administered by Transport Canada Civil Aviation. The CARs are organized into parts covering personnel licensing, flight operations, airworthiness, commercial air services, and aerodromes. They are accompanied by the Canadian Aviation Regulations Standards (CARs Standards), which contain detailed technical standards and are incorporated by reference into the regulations.

The section of the Canadian Aviation Regulations that establishes the procedural requirements for the issuance, amendment, and supplemental type certification of aeronautical products in Canada. CAR 521 defines the application process, certification basis determination, compliance demonstration requirements, and the approval procedures for type certificates, amended type certificates, and supplemental type certificates under TCCA jurisdiction.

The Transport Canada Airworthiness Manual containing the detailed technical airworthiness standards for the type certification of aeronautical products in Canada. The AWM Chapters (500-series) correspond to the FAA airworthiness parts: Chapter 523 (normal category aeroplanes, equivalent to Part 23), Chapter 525 (transport category aeroplanes, equivalent to Part 25), Chapter 527 (normal category rotorcraft, equivalent to Part 27), Chapter 529 (transport category rotorcraft, equivalent to Part 29), Chapter 533 (engines, equivalent to Part 33), and Chapter 535 (propellers, equivalent to Part 35).

Internal policy and procedural documents issued by Transport Canada Civil Aviation to provide direction and guidance to TCCA staff, including aviation safety inspectors and engineers. Staff Instructions prescribe the processes, criteria, and procedures for TCCA staff to follow when processing applications, conducting evaluations, and making regulatory decisions. They are the TCCA equivalent of FAA Orders.

Non-binding guidance documents issued by Transport Canada Civil Aviation to describe acceptable means of compliance with the Canadian Aviation Regulations. TCCA Advisory Circulars serve the same function as FAA Advisory Circulars and EASA AMC: they provide pre-accepted methods of demonstrating compliance, while allowing applicants to propose alternative means.

A delegation mechanism used by TCCA to authorize qualified organizations or individuals to perform design approval functions on behalf of the Minister of Transport. A Design Approval Organization (also abbreviated DAO) is approved to make findings of compliance for specific technical disciplines or product types, sign off on design data, and issue approvals within its scope of delegation. The DAO concept is the TCCA equivalent of the FAA DER/ODA system and the EASA DOA.

An organization approved by TCCA under CAR 561 to manufacture aeronautical products in conformity with the approved type design. A PAO must demonstrate an acceptable quality system capable of ensuring that each product, part, and appliance conforms to its approved design data and is in a condition for safe operation. The PAO is the Canadian equivalent of the FAA Production Certificate holder and the EASA POA holder.

A private, not-for-profit organization that develops consensus-based recommendations and guidance documents for use in aviation communications, navigation, surveillance, and air traffic management systems. RTCA was originally founded as the Radio Technical Commission for Aeronautics in 1935 and operates as a Federal Advisory Committee to the FAA. Its document outputs (DO- documents) are widely referenced in FAA advisory circulars, TSOs, and certification projects as accepted means of compliance.

A European non-profit organisation that develops technical standards and guidance documents for aviation electronics and systems, primarily through its Working Groups (WGs). EUROCAE produces ED- documents that are recognized by EASA and other European authorities as acceptable means of compliance. EUROCAE works jointly with RTCA on many documents to ensure transatlantic harmonization of avionics standards.

A global professional association and standards development organization that develops consensus technical standards, recommended practices, and information reports for the aerospace and automotive industries. In aviation, SAE International produces Aerospace Recommended Practices (ARPs) and Aerospace Standards (AS) that are widely used in certification projects, including ARP4754B (development assurance for aircraft systems), ARP4761A (safety assessment processes), and AS9100 (quality management systems for aviation).

An SAE Aerospace Recommended Practice that provides guidelines for the development of aircraft and aircraft systems, taking into account the overall aircraft operating environment and functions. ARP4754B describes a development assurance process that includes safety assessment, requirements validation, implementation verification, and configuration management. It is widely referenced by FAA and EASA as an accepted means for showing compliance with system-level development assurance requirements.

An SAE Aerospace Recommended Practice that describes guidelines and methods for performing safety assessments on civil aircraft systems and equipment. ARP4761A provides methodologies for Functional Hazard Assessment (FHA), Preliminary System Safety Assessment (PSSA), System Safety Assessment (SSA), Common Cause Analysis (CCA), and other safety analysis techniques. It is used throughout the aircraft development lifecycle to identify hazards, assess risks, and validate that safety requirements are met.

An international standards development organization that develops and publishes voluntary consensus technical standards for a wide range of materials, products, systems, and services. In aviation, ASTM's Committee F44 on General Aviation Aircraft and Committee F39 on Aircraft Systems play a central role in developing the consensus standards that support the restructured Part 23 and CS-23 performance-based regulations. ASTM aviation standards provide the detailed technical criteria that the high-level regulatory requirements reference.

The primary guidance document for the development of airborne software, jointly published by RTCA (as DO-178C) and EUROCAE (as ED-12C). DO-178C establishes objectives for software planning, development, verification, configuration management, and quality assurance processes, organized by software assurance level (Design Assurance Level A through E, based on the safety effect of failure). Compliance with DO-178C is the universally accepted means of showing that airborne software has been developed with appropriate rigor.

The primary guidance document for the design assurance of airborne electronic hardware (such as FPGAs, ASICs, and complex circuit board assemblies), jointly published by RTCA (as DO-254) and EUROCAE (as ED-80). DO-254 establishes objectives for hardware planning, design, validation, verification, configuration management, and process assurance, organized by Design Assurance Level. It provides the hardware counterpart to DO-178C's software assurance framework.

The standard defining environmental test conditions and procedures for airborne equipment, jointly published by RTCA (as DO-160, currently revision G) and EUROCAE (as ED-14, currently revision G). DO-160 specifies test categories and procedures for temperature, altitude, humidity, vibration, shock, power input, lightning, EMI/EMC, and other environmental conditions that airborne equipment must withstand. It is universally referenced in FAA TSOs, EASA ETSOs, and type certification programs as the environmental qualification standard for avionics and airborne equipment.

A legally binding rule issued by a governmental authority under legislative power that prescribes mandatory requirements. In aviation, regulations are codified law that certificate holders and applicants must comply with. Violation of a regulation can result in enforcement action, including certificate suspension or revocation, civil penalties, or criminal prosecution. Regulations define the 'what' — the mandatory requirements — while standards and guidance material describe the 'how.'

A document that establishes uniform technical criteria, methods, processes, or practices developed through a consensus process or adopted by an authority. In aviation, standards may be mandatory (when incorporated by reference into regulations or adopted by an authority) or voluntary (when developed by consensus bodies like RTCA, SAE, or ASTM). The legal force of a standard depends on whether and how it is referenced in binding regulations.

A technical standard developed through a voluntary, open process involving affected stakeholders (industry, regulators, academia) who reach substantial agreement on its content. In aviation, consensus standards from bodies such as ASTM International, SAE International, RTCA, and EUROCAE are used as detailed technical means of compliance. Under the restructured Part 23/CS-23 framework, consensus standards have become the primary repository of detailed technical requirements, replacing prescriptive regulatory text.

Non-binding documents issued by aviation authorities or standards bodies that provide explanatory, interpretive, or advisory information to assist in understanding and complying with regulations. Guidance material does not create legal obligations; rather, it describes methods, processes, or interpretations that the issuing authority considers acceptable or helpful. Examples include FAA Advisory Circulars, EASA Acceptable Means of Compliance (AMC), EASA Guidance Material (GM), and TCCA Advisory Circulars.

The formal process by which an aviation authority develops, proposes, consults on, and adopts new or amended regulations. In the United States, FAA rulemaking follows the Administrative Procedure Act (APA) notice-and-comment process. EASA rulemaking follows a structured process involving Notices of Proposed Amendment (NPA), public comment, and adoption of Implementing Rules or Certification Specifications. Rulemaking is the mechanism through which regulatory requirements evolve in response to safety data, technological developments, and harmonization needs.

A formal public notice published by the FAA in the Federal Register that proposes a new regulation or an amendment to an existing regulation. An NPRM describes the proposed rule, its legal basis, the problem it addresses, and its expected impact. The NPRM opens a public comment period (typically 60-90 days) during which any person may submit comments, data, or arguments. The FAA must consider all comments before issuing a final rule. EASA's equivalent is the Notice of Proposed Amendment (NPA).

The regulatory document published by the FAA in the Federal Register that adopts a new regulation or amendment to an existing regulation after consideration of public comments received on the NPRM. A final rule includes the FAA's response to significant comments, any changes from the proposed rule, the effective date, and (where applicable) a compliance date. Once the effective date passes, the final rule has the force of law.

A formal change to an existing regulation, published through the rulemaking process. In the FAA context, amendments to airworthiness regulations are identified by the part number and amendment number (e.g., Amendment 25-140 is the 140th amendment to Part 25). The amendment number is significant for type certification because the certification basis for a new TC is defined by the specific amendment level of the applicable regulations in effect on the date of application.

The date on which a regulation or regulatory amendment becomes legally enforceable. In the US, the effective date is specified in the final rule published in the Federal Register and is typically at least 30 days after publication, unless the rule involves a good-cause exception. The effective date determines when the new or amended requirements must be met by affected persons, unless a separate compliance date is specified.

The date by which affected persons must be in full compliance with a new or amended regulation, which may be later than the effective date. A compliance date is used when a regulation requires actions (such as modifications, program changes, or training) that cannot reasonably be completed by the effective date. The period between the effective date and compliance date provides affected parties time to implement required changes.

In the context of type certification, compliance refers to the demonstration that a type design meets the applicable airworthiness requirements (regulations). Compliance is shown through analysis, tests, inspections, and other approved methods, and is documented in compliance reports and substantiation data. A finding of compliance means the authority (or its delegate) has determined that the design satisfies the specific regulatory requirement. The entire purpose of the type certification process is to achieve compliance findings for every applicable regulation in the certification basis.

In the context of production and manufacturing, conformance (or conformity) means that a produced article matches the approved type design in every respect — dimensions, materials, processes, workmanship, and configuration. Conformity inspections verify that test articles and production articles are manufactured in accordance with the approved design data. A conformity statement or certificate attests that an article has been inspected and found to conform to the type design.

A method, process, or technical approach that the certifying authority has determined to be adequate for demonstrating compliance with a specific airworthiness requirement. Each regulation in the certification basis requires one or more means of compliance (MOC). Acceptable means may be codified in guidance material (FAA ACs, EASA AMC) or may be proposed by the applicant and agreed by the authority during the certification project. The selection and agreement of means of compliance is a foundational step in the certification process.

The process by which a civil aviation authority evaluates and formally approves that a product, part, appliance, organisation, or person meets applicable regulatory requirements. In the context of type certification, it is the comprehensive evaluation of a type design against the applicable airworthiness standards by the authority having jurisdiction over the applicant (the State of Design authority). Certification results in the issuance of a formal approval document such as a Type Certificate, STC, or organisation approval.

The process by which a civil aviation authority evaluates a product that has already been certified by a foreign authority and determines whether it meets the importing authority's own regulatory requirements. Validation does not repeat the full certification process; instead, it leverages the certification work performed by the exporting authority while the validating authority evaluates areas of concern, differences in requirements, and issues specific to its jurisdiction. The scope and process of validation are typically governed by bilateral agreements (BASAs).

A term used in aviation regulation to describe the act of an authority agreeing to or acknowledging an applicant's proposed approach, data, or compliance showing without performing its own independent evaluation to the same depth as full certification or validation. Acceptance may refer to the authority accepting a proposed means of compliance, accepting compliance data submitted by the applicant, or accepting the findings of a delegated authority or designee. Acceptance implies a level of trust or reliance on the submitting party's work.

The process of aligning the technical content and regulatory requirements of different national airworthiness codes to achieve common or equivalent standards across jurisdictions. Harmonization reduces the burden on applicants seeking certification in multiple countries by minimizing the differences that must be addressed during validation. Major harmonization efforts include the FAA-EASA cooperation on Part 25/CS-25 and the restructuring of Part 23/CS-23.

A government-to-government agreement between two States that establishes a framework for the mutual recognition and acceptance of aviation safety approvals. A BASA typically covers airworthiness certification (type certificates, STCs, production approvals), maintenance approvals, and may extend to environmental certification and flight crew licensing. The detailed technical and procedural provisions are contained in Technical Implementation Procedures (TIPs) that sit beneath the umbrella BASA.

The detailed technical and procedural documents that implement a Bilateral Aviation Safety Agreement (BASA) in specific areas such as airworthiness design approvals, production approvals, or maintenance. TIPs define the technical scope, approval procedures, information exchange requirements, and the extent to which each authority may rely on the other's findings. They are the 'working-level' documents that govern how certification validation actually operates between two authorities.

The condition of an aircraft, engine, propeller, or part whereby it conforms to its approved type design and is in a condition for safe operation. Airworthiness is a composite concept that encompasses both initial airworthiness (the design meets the applicable airworthiness standards at the time of certification) and continuing airworthiness (the aircraft remains in conformity with the approved design and in a safe operating condition throughout its service life). An aircraft is legally 'airworthy' only when both conditions are met.

An approval issued by the aviation authority that authorizes a specific operator or certificate holder to conduct certain types of operations or use specific equipment capabilities. Operational approvals address the 'who may operate' and 'under what conditions' questions, as opposed to airworthiness approvals which address the 'is the product safe by design' question. Examples include ETOPS authorization, RVSM approval, Cat II/III approach authorization, and LVO (Low Visibility Operations) approval.

The complete technical definition of a product, including all drawings, specifications, and data that define the configuration and design features of the product, its components, and the information necessary to define the airworthiness, noise, fuel venting, and exhaust emission characteristics of the product. The type design is the 'master definition' against which all produced articles must conform. It includes the drawings and specifications necessary to define the structural strength, performance, operating limitations, and all other design attributes of the product.

The set of processes, activities, and arrangements that ensure an aircraft continues to meet its approved type design requirements and remains in a condition for safe operation throughout its operational life. Continued airworthiness encompasses the TC holder's obligation to provide maintenance and operational instructions (Instructions for Continued Airworthiness — ICA), the operator's responsibility to maintain the aircraft per the approved maintenance program, the authority's mandatory corrective actions (Airworthiness Directives), and the systematic monitoring of the in-service fleet.

A formal approval issued by the certifying authority that confirms a product's type design complies with the applicable airworthiness requirements. A TC is issued for aircraft, aircraft engines, and propellers upon successful completion of the type certification process, which involves demonstrating compliance with every applicable regulation in the certification basis through analysis, test, and inspection. The TC defines the approved type design, operating limitations, applicable regulations, and conditions and limitations.

A modification to an existing Type Certificate that reflects a major change in the type design. An Amended TC is sought when the TC holder (or a person with proper licensing agreements) proposes changes that are significant enough to be classified as a major change but do not warrant a new, separate TC. The certification basis for an ATC typically includes the original TC certification basis plus any additional requirements triggered by the nature and extent of the change, as determined by the authority.

A design approval issued to an applicant who is not the TC holder, authorizing a major modification to an existing type-certificated product. An STC grants the holder the right to modify the product as described in the STC design data and to produce the modification components (or have them produced). The STC holder becomes responsible for the continued airworthiness of the modification, including providing ICAs, addressing unsafe conditions related to the modification, and ensuring compatibility with the underlying TC.

A Supplemental Type Certificate that includes an Approved Model List, which specifies multiple aircraft models on which the modification may be installed. An AML STC enables a single design approval to cover installation of a modification (typically avionics equipment or interior modifications) across many different aircraft types, rather than requiring separate STCs for each aircraft model. The STC holder demonstrates compatibility with each aircraft model listed on the AML.

The classification of a change to a type design as either major or minor, which determines the approval process and regulatory path. A major change is one that has an appreciable effect on the weight and balance, structural strength, performance, powerplant operation, flight characteristics, or other qualities affecting the airworthiness of the product, or that is not done according to accepted practices or cannot be done by elementary operations. A minor change is one that does not meet the criteria for major. Major changes require more extensive compliance demonstration and authority involvement.

A minimum performance standard for specified articles (materials, parts, processes, appliances, or components) issued by the FAA under 14 CFR Part 21, Subpart O. A TSO defines the minimum performance criteria that an article must meet, typically by referencing industry standards (such as RTCA DO- documents or SAE standards). A TSO Authorization (TSOA) is issued to a manufacturer who demonstrates that their article meets the applicable TSO standard, authorizing them to produce and mark the article as TSO-approved.

A combined design and production approval issued by the FAA under 14 CFR Part 21, Subpart K, that authorizes a manufacturer to produce and sell replacement or modification parts for installation on type-certificated products. A PMA holder must demonstrate that the part meets the applicable airworthiness requirements (design approval) and that the manufacturing quality system can consistently produce conforming parts (production approval). PMA parts are approved for installation as alternatives to original equipment manufacturer (OEM) parts.

The formal authorization to perform a specific repair on a type-certificated product. Repairs are classified as major or minor, with major repairs requiring approved data from an authorized source before the work can be performed. Sources of approved repair data include the TC/STC holder's repair documentation, DER-approved repair designs, FAA-approved repair data, and repair data in the manufacturer's structural repair manual (SRM). The repair must restore the product to at least its original or properly altered condition.

A document issued by the TC or STC holder that describes a recommended modification, inspection, or other action to be performed on an in-service product. Service Bulletins may address safety improvements, performance enhancements, or product improvements. SBs are typically not mandatory unless they are referenced by an Airworthiness Directive (AD) or required by an operator's approved maintenance program. When an AD mandates an SB, the SB becomes the approved data source for performing the required action.

An FAA approval issued under 14 CFR Part 21, Subpart F, that authorizes a manufacturer to produce duplicate products (aircraft, engines, propellers) under an approved type design without the FAA performing individual article conformity inspections. A PC holder must maintain a quality system that ensures each product conforms to the approved type design and is in a condition for safe operation. The PC is the FAA's primary production approval for complete products.

The standard FAA form used to certify that a new or repaired/overhauled article (part, component, appliance) has been manufactured, inspected, tested, or maintained in accordance with approved data and is approved for return to service. An 8130-3 is issued by entities authorized by the FAA, including Production Certificate holders, PMA holders, TSO Authorization holders, repair stations, and FAA designees. It serves as both an airworthiness approval tag and an export airworthiness approval when used for international trade.

The standard EASA form used to certify that a new, repaired, or overhauled article has been manufactured or maintained in accordance with approved data and is released for service. EASA Form 1 is issued by organisations approved under EASA Part 21 (POA holders for new production) or EASA Part 145 (maintenance organisations for maintained articles). It serves as the primary airworthiness release document in the European system and is recognized internationally under bilateral agreements.

The standard Transport Canada form used to certify that an article has been manufactured, repaired, or overhauled in accordance with approved Canadian data and is released for service. TCCA Form One is issued by approved organisations under the Canadian regulatory framework and serves the same function as the FAA Form 8130-3 and EASA Form 1 in their respective jurisdictions.

An approval granted by an authorized FAA inspector (typically an FSDO inspector or DAR) for a minor alteration or repair to a type-certificated product. Field approvals are used for one-time modifications or repairs on specific aircraft serial numbers when no existing STC, TC holder data, or other pre-approved data covers the specific change. The applicant submits data (drawings, engineering substantiation) to the inspector who evaluates and, if acceptable, approves the data by signing FAA Form 337 (Major Repair and Alteration).

A physical inspection performed to verify that a test article, production article, or installation conforms to the approved type design data (drawings, specifications, and process documents). During type certification, conformity inspections are conducted on test specimens before compliance testing to ensure the test article accurately represents the intended design. In production, conformity inspections verify that manufactured articles match the approved design. Conformity inspections may be performed by the FAA, a DAR, or an ODA unit member.

Technical data (engineering drawings, repair procedures, modification instructions, test results) that has been reviewed and formally approved by the certifying authority or an authorized delegate (DER, ODA, DOA). Approved data carries the full weight of regulatory authorization and may be used as the basis for manufacturing, modifying, or repairing type-certificated products. Examples of approved data include TC/STC design data, DER-approved repair data, PMA design data, and manufacturer's repair manuals approved under the TC.

Technical data that, while not formally approved by the authority or a delegate, is recognized as an adequate basis for performing maintenance, preventive maintenance, and minor alterations. Acceptable data sources include AC 43.13-1B (Acceptable Methods, Techniques, and Practices), manufacturer's maintenance manuals, and industry-standard repair practices. Acceptable data may be used for work that does not require approved data (i.e., minor repairs and minor alterations).

The person or organization that applies to the certifying authority for a design approval (Type Certificate, STC, TSOA, or other approval). The applicant bears the responsibility for demonstrating compliance with all applicable airworthiness requirements and for providing the authority with the data, test results, and analyses necessary to support findings of compliance. The applicant must have the technical capability and resources to complete the certification program.

The government agency or body responsible for evaluating and approving (or rejecting) an applicant's compliance showing and issuing the certification approval. The certifying authority is typically the civil aviation authority of the State of Design. The authority establishes the certification basis, agrees on means of compliance, evaluates compliance data, conducts audits and inspections, makes findings of compliance, and ultimately issues or denies the requested approval.

The group of authority personnel (and designees, where applicable) assigned to manage and execute a specific certification project. The certification team typically includes a project manager (or project officer), technical specialists in relevant disciplines (structures, systems, flight test, propulsion, electrical, software, human factors), and manufacturing inspectors. The team evaluates the applicant's compliance showing, conducts audits and conformity inspections, and makes the findings that support certificate issuance.

The complete set of airworthiness requirements (regulations at specific amendment levels), special conditions, exemptions, and equivalent safety findings that an applicant must comply with to obtain a design approval. The certification basis is established by the certifying authority early in the certification project and is documented formally. For a new TC, the certification basis is determined by the applicable regulations in effect on the date of the TC application, plus any later amendments elected by the applicant or required by the authority.

Additional airworthiness requirements prescribed by the certifying authority when the existing regulations do not contain adequate or appropriate safety standards for a particular design feature, technology, or operational use that is novel or unusual. Special conditions have the same legal force as the regulations themselves and become part of the certification basis for the specific project. They are used when the existing code was not written to address the specific design characteristic or technology being proposed.

A formal authorization granted by the certifying authority that allows an applicant to deviate from a specific regulatory requirement. An exemption relieves the applicant from the obligation to comply with a specific regulation, subject to conditions and limitations that ensure an adequate level of safety is maintained. Exemptions are typically time-limited and must be justified by demonstrating that compliance is impractical or that the exemption does not compromise safety.

A formal determination by the certifying authority that an alternative means of compliance, while not literally meeting the text of a specific airworthiness requirement, provides a level of safety equivalent to that intended by the requirement. An ELOS finding allows the applicant to use compensating factors, design features, or operational limitations that achieve the same safety objective through different means. ELOS findings become part of the certification basis for the specific project.

A formal FAA document used during a certification project to identify, discuss, and resolve specific certification issues between the FAA and the applicant. Issue Papers document the FAA's position on matters such as special conditions, equivalent safety findings, means of compliance, and interpretive questions related to the certification basis. Each Issue Paper includes the issue description, FAA position, applicant response, and the agreed resolution. Issue Papers are the primary mechanism for formal regulatory dialogue in FAA certification projects.

The process of identifying and agreeing with the certifying authority on the specific methods (analysis, test, inspection, demonstration, simulation, or a combination) that will be used to show compliance with each applicable airworthiness requirement in the certification basis. Means of compliance selection is a collaborative process between the applicant and the authority, typically conducted early in the certification project and documented in the certification plan and compliance checklists.

A comprehensive document that lists every applicable regulation in the certification basis and tracks the status of compliance demonstration for each requirement. The compliance checklist (or compliance matrix) identifies for each regulation: the applicability determination, the selected means of compliance, the associated compliance document(s), the status of the compliance finding, and the responsible engineer or organization. It serves as the master tracking tool for the entire compliance demonstration effort.

A program-level document prepared by the applicant and agreed with the certifying authority that describes the overall strategy, schedule, and approach for completing the certification project. The certification plan typically includes a description of the product and proposed changes, the certification basis, the means of compliance for each requirement area, the organizational structure and responsibilities, the schedule and milestones, the data submittal plan, and any known certification risks or issues. It serves as the project roadmap.

Detailed plans prepared for specific technical disciplines or compliance activities within a certification project. Artifact plans describe the approach, methodology, test setups, analysis methods, and expected deliverables for a particular area of compliance demonstration. Examples include flight test plans, structural test plans, systems safety analysis plans, software development plans, lightning protection plans, and bird strike test plans. Each artifact plan is traceable to specific requirements in the compliance checklist.

A certification plan concept used by the FAA that defines the project-specific agreements between the applicant and the FAA certification team regarding the certification approach, level of FAA involvement, compliance methods, data submittals, and project milestones. The PSCP documents the tailored certification process for a specific project, including which compliance activities require direct FAA participation and which may be delegated to designees. It establishes the expectations of both parties for the certification project.

The formal determination by the certifying authority (or an authorized delegate such as a DER, ODA unit member, or DOA compliance verification engineer) that the applicant's type design meets a specific airworthiness requirement. A compliance finding is the outcome of the authority's evaluation of the applicant's compliance data (reports, test results, analyses). Each regulation in the certification basis requires a positive compliance finding before the certificate can be issued. The aggregate of all compliance findings constitutes the authority's basis for issuing the design approval.

The documents prepared by the applicant (or the applicant's suppliers) that present the evidence of compliance with specific airworthiness requirements. Compliance reports summarize the analysis, test, or inspection activities performed, the methodology used, the results obtained, and the conclusion regarding compliance. Test reports document the setup, procedures, results, and conclusions of specific tests. Analysis reports document analytical methods, assumptions, inputs, calculations, and conclusions. These reports constitute the substantiation data that the authority evaluates when making compliance findings.

The two primary categories of physical testing used to demonstrate compliance with airworthiness requirements. Flight tests are conducted with the aircraft in flight and are used to demonstrate performance, flying qualities, stall characteristics, systems functionality in the flight environment, and other characteristics that can only be adequately evaluated in actual flight conditions. Ground tests encompass all testing performed on the ground, including structural static and fatigue testing, systems integration testing, environmental testing, engine tests, and component-level testing. The certification basis determines which requirements may be shown by analysis alone and which require physical testing.

A structured, stage-based framework used by the FAA to define the authority's oversight and involvement at key milestones during a certification project. The SOI framework divides the certification process into defined stages, and at each stage the FAA performs evaluations, audits, or reviews to assess the applicant's progress, the adequacy of processes, and the quality of compliance data. The SOI approach enables the FAA to calibrate its level of involvement based on the applicant's demonstrated capability and the risk profile of the project.

The compliance approaches, analysis methodologies, test procedures, and other methods proposed by the applicant for demonstrating compliance with the certification basis. The applicant has the right to propose the means of compliance, but the authority must agree that the proposed methods are adequate to demonstrate compliance. If the applicant proposes methods that differ from established guidance (such as FAA ACs or EASA AMC), the applicant must provide justification for why the alternative method provides an adequate demonstration of compliance.

The formal submission of compliance documentation, engineering data, test reports, analyses, and other technical information from the applicant to the certifying authority for review, evaluation, and acceptance. Data submittals follow the plan agreed in the certification plan and compliance checklist. Data management encompasses the systems and processes used by both the applicant and the authority to track, control, version, and archive all certification data throughout the project lifecycle. Proper data management ensures traceability and configuration control of the approved type design data.

A condition in which a type design, as-produced article, or operational process does not meet an applicable regulatory requirement, certification basis element, or approved data. In type certification, noncompliance may be discovered during compliance evaluation when analysis or test results fail to demonstrate that a design feature meets a regulatory requirement. Noncompliance must be resolved before the certificate can be issued — either by modifying the design, obtaining a special condition, securing an exemption, or demonstrating equivalent safety.

A departure from a specified requirement, standard, procedure, or specification. In the certification context, a deviation may refer to a departure from the approved type design data (a production deviation), a departure from an agreed means of compliance or test procedure (a certification process deviation), or a departure from a prescribed regulatory requirement (a regulatory deviation). Each type of deviation has different implications and resolution pathways depending on the context and the authority's requirements.

A formal authorization to accept a specific deviation from a requirement without requiring the normal corrective action. In the production context, a waiver allows a manufactured article that does not conform to the approved type design in a specific respect to be accepted for use, provided the deviation has been engineering-evaluated and determined to have no adverse effect on airworthiness. In the regulatory context, a waiver is similar to an exemption and provides relief from a specific operational requirement, typically with compensating conditions or limitations.

The systematic evaluation performed by the applicant to determine the scope and extent of a proposed design change's impact on the type design, the certification basis, and the existing compliance showing. A change impact assessment identifies which areas of the type design are directly changed, which areas are affected by the change (even if not directly modified), which regulatory requirements apply to the changed and affected areas, and whether the existing compliance data remains valid or must be updated. The CIA is the starting point for defining the scope of an STC or TC amendment project.

The practice of leveraging existing compliance data, test results, analyses, and approval findings from a prior certification project to support a new or amended certification project, thereby reducing the scope of new compliance work required. Certification credit may be granted when a new design is sufficiently similar to an already-certified design that the existing compliance evidence remains valid and applicable. The applicant must demonstrate the basis for claiming credit, including the similarity of the designs, the applicability of the prior compliance data, and any differences that require additional substantiation.

An individual appointed by the FAA Administrator under 14 CFR 183.29 to act as a representative of the Administrator in examining, testing, and inspecting aircraft, aircraft engines, propellers, appliances, and accessories, and to issue approvals on behalf of the FAA for engineering data, including type design data, approved data packages, and related technical reports. DERs supplement the FAA's certification workforce by providing engineering findings of compliance.

DERs are appointed in specific engineering disciplines corresponding to the technical areas in which they demonstrate expertise. The principal types are: Structures DER (static and fatigue analysis, damage tolerance), Systems and Equipment DER (electrical, hydraulic, flight controls, avionics installations), Powerplant DER (engine installations, fuel systems, fire protection), Flight Analyst DER (performance, handling qualities analysis), Flight Test Pilot DER (flight test evaluations), Acoustics DER (noise certification), and Radio DER (communications and navigation equipment approval). Each type has a defined scope documented in the appointment letter.

An individual designated by the FAA under 14 CFR 183.33 to perform examination, inspection, and testing services necessary to the issuance of airworthiness certificates. DARs may be authorized for manufacturing (DAR-F) or maintenance (DAR-T) functions. A manufacturing DAR inspects new or modified aircraft and issues original or amended airworthiness certificates, export airworthiness approvals, and related documentation. A maintenance DAR performs inspections and may return aircraft to service after major repairs or alterations.

An FAA authorization granted under 14 CFR Part 183, Subpart D, that allows an organization to perform specified certification functions on behalf of the FAA. Unlike individual designees (DERs and DARs), an ODA is an organizational authorization: the company itself receives the authority, and it manages internal unit members who perform the delegated functions. The ODA is managed through an ODA Unit that includes an ODA Administrator, ODA Unit Members (engineers, pilots, inspectors), and supporting procedures documented in the ODA Procedures Manual.

An individual within an ODA who is authorized by the ODA holder to perform specific delegated certification functions. Unit members are employees or contractors of the ODA organization who have been vetted, qualified, and appointed by the ODA Administrator. Their authority to make findings, issue approvals, or perform inspections is derived from the organization's ODA authorization, not from individual FAA appointment. The ODA Procedures Manual defines the qualifications, training, and oversight requirements for unit members.

An EASA approval granted under Part 21, Subpart J, to an organisation that has demonstrated its capability to design or modify aeronautical products in compliance with applicable airworthiness requirements. The DOA holder is granted privileges to approve certain design data without direct EASA involvement, including approval of minor changes (under Part 21.A.95) and minor repairs (under Part 21.A.431B). For major changes and major type certificate activities, the DOA prepares compliance data and its CVEs verify compliance, but EASA retains final type certificate approval authority.

An EASA approval granted under Part 21, Subpart G, to an organisation that has demonstrated its capability to manufacture aeronautical products, parts, and appliances in conformity with applicable design data. The POA holder operates a production quality system, performs conformity inspections, and is authorized to issue EASA Form 1 authorized release certificates for parts and appliances produced under the approval. The POA must maintain coordination with the Design Approval Holder (DAH) to ensure manufacturing conforms to the current approved design.

A TCCA-authorized organization under the Canadian Aviation Regulations (CAR Part V, Division 2) that holds delegation to perform design approval functions on behalf of the Minister of Transport. The DAO operates under a Design Approval Organization Procedures Manual and employs authorized persons who make findings of compliance with applicable airworthiness standards. The DAO framework enables Canadian design organizations to approve modifications, supplemental type certificates, and other design changes within their scope of authorization.

A TCCA-authorized organization under the Canadian Aviation Regulations that holds approval to manufacture aeronautical products in conformity with approved design data. The PAO operates a quality system and is authorized to issue conformity certifications for products produced under its approval. The PAO framework is comparable to the EASA POA and the FAA Production Certificate holder.

An engineer within an EASA Design Organisation Approval (DOA) who is authorized by the DOA holder to verify that design data demonstrates compliance with applicable airworthiness requirements. CVEs are appointed by the Head of Design Office and must possess the necessary competence, experience, and authority to perform compliance verification independently. They review compliance documents, test reports, analyses, and supporting data, and they sign compliance verification reports confirming that the evidence substantiates compliance with each applicable requirement.

An FAA engineer working in an Aircraft Certification Office (ACO) or Aircraft Certification Service directorate who is directly responsible for evaluating compliance data, managing certification projects, and making findings of compliance on behalf of the FAA. ACO engineers are FAA employees — not designees — who review certification plans, issue issue papers, evaluate test results, and approve type design data. When delegated functions are performed by DERs or ODA unit members, the ACO engineer provides oversight, accepts or rejects designee findings, and ensures the overall integrity of the certification basis.

The boundaries placed on designated individuals and organizations regarding the types of certification activities they may perform, and the requirement that those performing delegated functions exercise independent technical judgment free from undue organizational pressure. Delegation limits are documented in appointment letters (for DERs), authorization letters (for ODAs), or the Design Organisation Handbook (for DOAs). Independence means that the person making a finding of compliance or airworthiness determination must not be subject to commercial, schedule, or management pressures that could compromise the integrity of their technical judgment.

A document issued by an authorized person or organization that certifies a part, component, or appliance has been manufactured, inspected, and/or tested in accordance with approved design data and is in a condition for safe operation or installation. The specific form depends on the jurisdiction: FAA Form 8130-3 (Authorized Release Certificate / Airworthiness Approval Tag), EASA Form 1 (Authorized Release Certificate), or TCCA equivalent documentation. The authorized release certificate attests to conformity with design data and condition for safe operation, but it is not an approval of the design itself.

A determination by an authorized person or organization that a design, analysis, test plan, or technical report demonstrates compliance with applicable airworthiness regulations. Engineering approval is distinct from an authorized release certificate: an engineering approval addresses whether the design meets the regulatory requirements, while an authorized release addresses whether a manufactured article conforms to the approved design. Engineering approvals are made by DERs, ODA unit members, CVEs (within DOA), or FAA/EASA/TCCA certification engineers.

A conformity statement (or conformity inspection record) documents that a test article, prototype part, or production item physically conforms to the approved design data and drawings. In the FAA system, conformity inspections are performed before certification testing to ensure the test article accurately represents the type design. FAA Form 8100-1 (Conformity Inspection Record) documents this determination. Conformity is distinct from both engineering approval (which addresses design adequacy) and authorized release (which addresses production parts for installation). Conformity inspection ensures that what is being tested or delivered matches the approved drawings, specifications, and process requirements.

The state in which risks associated with aviation activities, related to or in direct support of the operation of aircraft, are reduced and controlled to an acceptable level. In the context of aircraft certification, safety is achieved by demonstrating that the aircraft design meets quantitative and qualitative safety objectives established by the applicable airworthiness requirements. Safety is not the absence of risk but the management of risk to acceptable levels as defined by regulatory authorities.

The combination of the probability (or frequency) of occurrence of a harmful event and the severity of that event. In system safety analysis, risk is assessed by evaluating how likely a failure condition is to occur and how severe its effects would be on the aircraft, its occupants, and people on the ground. Risk assessment is the basis for determining whether a design meets safety objectives: each failure condition must have a probability of occurrence commensurate with its severity classification.

A condition, event, or circumstance that could lead to or contribute to an unplanned or undesired event resulting in harm. In aviation system safety, a hazard is typically a failure condition or combination of failure conditions at the aircraft or system level that, if not mitigated, could result in injury, death, or damage. Hazards are identified through systematic analysis processes such as Functional Hazard Assessment (FHA) and are characterized by their potential severity and likelihood.

Physical injury or damage to the health of people, or damage to property or the environment. In aviation safety, harm is the ultimate adverse outcome that safety objectives seek to prevent or minimize. The severity classification of failure conditions (catastrophic through no safety effect) is based on the degree of harm that could result: from hull loss and multiple fatalities (catastrophic) to no effect on safety (no safety effect).

A condition having an effect on the aircraft and its occupants, both direct and consequential, caused or contributed to by one or more failures considering flight phase and relevant adverse operational or environmental conditions or external events. A failure condition is not the failure itself but the effect of the failure (or combination of failures) at the aircraft level. Failure conditions are classified by severity and assigned probability objectives accordingly.

Three related but distinct concepts in system safety. A failure is the inability of a system, subsystem, or component to perform its required function within specified limits. A failure is an event — the transition from a working state to a non-working state. A fault is an abnormal condition or defect at the component, subsystem, or system level that may lead to a failure. A fault is a state — a latent or active deficiency in the system. An error is a design mistake, an incorrect action, or an unintended deviation in specification, development, or operation that may cause or contribute to a fault. Errors are causes (often human), faults are states (often latent), and failures are events (observable loss of function).

The categorization of failure conditions by their severity of effect on the aircraft and its occupants. Five classifications are defined: (1) Catastrophic — failure conditions that would result in multiple fatalities, usually with the loss of the aircraft; (2) Hazardous (also called Severe-Major) — failure conditions that would reduce the capability of the aircraft or the ability of the crew to cope with adverse operating conditions to the extent that there would be a large reduction in safety margins or functional capabilities, physical distress or higher workload such that the crew could not be relied upon to perform their tasks accurately or completely, serious or fatal injury to a relatively small number of occupants; (3) Major — failure conditions that would reduce the capability of the aircraft or the ability of the crew to cope with adverse operating conditions to the extent that there would be a significant reduction in safety margins or functional capabilities, significant increase in crew workload or in conditions impairing crew efficiency, or discomfort to occupants possibly including injuries; (4) Minor — failure conditions that would not significantly reduce aircraft safety and that involve crew actions well within their capabilities, including slight reduction in safety margins, slight increase in workload, or some physical discomfort to occupants; (5) No Safety Effect — failure conditions that have no effect on safety.

A designation of the rigor of the development assurance process applied to a system, software item, or hardware item, based on the severity of the most severe failure condition to which the item contributes. DAL is sometimes referred to as Item Development Assurance Level (IDAL). Five levels are defined: DAL A (most rigorous, associated with catastrophic failure conditions), DAL B (hazardous), DAL C (major), DAL D (minor), and DAL E (no safety effect, no development assurance objectives). The DAL drives the rigor of planning, development, verification, and configuration management activities as specified in standards like DO-178C (software), DO-254 (hardware), and ARP4754B (systems).

The quantitative and qualitative targets that a design must meet for each failure condition classification. For transport category aircraft under 14 CFR/CS 25.1309, the quantitative probability targets are: Catastrophic failure conditions must be extremely improbable (typically interpreted as a probability of occurrence on the order of 10^-9 or less per flight hour); Hazardous failure conditions must be extremely remote (on the order of 10^-7 per flight hour); Major failure conditions must be remote (on the order of 10^-5 per flight hour); Minor failure conditions must be probable (no specific numerical threshold, but must be shown to be acceptable). In addition to probability targets, qualitative objectives apply: no single failure should lead to a catastrophic failure condition, and the crew must be able to detect and manage failure conditions through appropriate annunciation and procedures.

A systematic, comprehensive examination of aircraft and system functions to identify and classify failure conditions associated with the loss or malfunction of those functions. The FHA is performed at the aircraft level and at the system level. The Aircraft-level FHA (AFHA) identifies failure conditions by examining what happens when each aircraft-level function is lost, malfunctions, or is provided with erroneous information, across all relevant flight phases and environmental conditions. System-level FHAs decompose the aircraft-level functions into system functions and identify additional failure conditions. The output of the FHA is a list of failure conditions, their severity classifications, and the associated safety objectives.

A systematic evaluation of a proposed system architecture to determine how failures within the architecture could lead to the failure conditions identified in the FHA, and whether the proposed architecture can meet the safety objectives. The PSSA examines the system design at an early stage using qualitative and preliminary quantitative methods, such as preliminary fault trees, dependency diagrams, and Markov models. The PSSA establishes safety requirements for the system elements — including hardware, software, and human factors — that must be met to achieve the system-level safety objectives. These derived safety requirements are then allocated to lower-level items.

A systematic, comprehensive evaluation of the implemented system design to show that the safety objectives established in the FHA are met by the final design. The SSA compiles and evaluates all safety analysis results — including quantitative analyses (fault trees, reliability analyses), qualitative assessments, common cause analyses, and verification evidence — to provide a complete safety argument for the system. The SSA demonstrates that each failure condition identified in the FHA has been addressed and that the applicable probability and qualitative requirements are satisfied.

A top-down, deductive analytical method used to determine the combinations of lower-level events (hardware failures, software errors, human errors, environmental conditions, and maintenance actions) that could cause a specific undesired top-level event (typically a failure condition identified in the FHA). The fault tree is a graphical model using Boolean logic gates (AND, OR, NOT, voting gates) to represent the logical relationships between events. Quantitative FTA assigns failure rates to basic events and calculates the probability of the top event using Boolean algebra or numerical methods. Qualitative FTA identifies minimal cut sets — the smallest combinations of basic events that can cause the top event.

A bottom-up, inductive analytical method that systematically examines each component or item in a system to identify its potential failure modes, the local and system-level effects of each failure mode, and the means of detection. FMEA examines each item in isolation: for each possible failure mode (e.g., open circuit, short circuit, stuck in position), the analyst determines the immediate effect on the item, the effect on the next higher assembly, and the end effect at the system or aircraft level. The analysis also identifies compensating provisions (redundancy, monitoring, crew alerts) and assesses the severity of the end effect.

A summary-level analysis that consolidates the results of detailed FMEAs to present the system-level effects of component failure modes. The FMES identifies the failure modes of replaceable items (typically LRUs — Line Replaceable Units) and their effects at the system and aircraft level. It provides a higher-level view than the detailed FMEA and is used as input to the SSA and to operational and maintenance documentation.

An extension of FMEA that adds a criticality assessment to each failure mode. The criticality analysis ranks failure modes based on a combination of the severity of their end effect and their probability of occurrence. This ranking helps prioritize design mitigation efforts and focus verification activities on the most safety-critical failure modes. FMECA combines the qualitative failure mode and effects analysis with a quantitative or semi-quantitative criticality assessment.

A set of safety analysis methods that evaluate the susceptibility of a system to events or conditions that could simultaneously affect multiple items or functions, defeating architectural features such as redundancy and independence. CCA encompasses three complementary analyses: (1) Zonal Safety Analysis (ZSA) — evaluates physical proximity and installation-related common causes; (2) Particular Risk Analysis (PRA) — evaluates external hazards such as fire, bird strike, tire burst, uncontained engine rotor failure, and lightning; (3) Common Mode Analysis (CMA) — evaluates systematic common causes such as common hardware, common software, common requirements errors, common manufacturing processes, and common maintenance errors.

A safety analysis that examines each zone of the aircraft to identify potential safety concerns arising from the physical installation of systems and equipment. ZSA evaluates whether items from different systems are installed in the same zone in a way that could create common cause failures, interference between systems, or maintenance errors. The analysis considers wire routing, fluid line proximity, equipment mounting, access for maintenance, and the potential for one system's failure to damage adjacent systems (e.g., a leaking hydraulic line damaging adjacent electrical wiring).

A safety analysis that evaluates the effects of specific external hazards (particular risks) on the aircraft systems, to ensure that these hazards cannot defeat the safety architecture through common cause effects. Particular risks include uncontained engine rotor failure, bird strike, tire burst, wheel rim release, fire, lightning, high-intensity radiated fields (HIRF), fluid leakage, hail, and other external threats. For each particular risk, the analysis identifies which systems and components could be affected, evaluates whether the system architecture provides adequate protection (through segregation, shielding, or separation), and determines the resulting failure conditions.

A failure that is not immediately apparent to the flight crew during normal operations. Latent failures are undetected until revealed by a specific test, inspection, another failure, or a demand on the failed function. In the context of safety assessment, latent failures are significant because they increase exposure time — the period during which the system is operating in a degraded state without the crew's knowledge. The combination of a latent failure and a subsequent active failure can result in a more severe failure condition than either failure alone.

A design characteristic ensuring that a failure, error, or external event affecting one element of a system does not propagate to or simultaneously affect another element. Independence is required when redundancy is used to meet safety objectives: two redundant channels provide safety benefit only if they are truly independent such that a single cause cannot defeat both. Independence can be achieved through physical separation (different locations), functional independence (different interfaces and data paths), electrical isolation (separate power supplies), and logical independence (different software, different design teams).

The provision of more than one means (item, function, or pathway) for accomplishing a given function, such that the failure of one means does not result in the loss of the function. Redundancy can be active (all redundant elements operating simultaneously, as in dual flight computers both processing commands) or standby (a backup element activated only upon failure of the primary, as in a standby hydraulic pump). The effectiveness of redundancy in meeting safety objectives depends on the independence of the redundant elements, the detection and switching mechanisms, and the coverage of failure modes.

A design strategy in which redundant elements are implemented using different technologies, different design approaches, different hardware components, different software implementations, or different development teams, to reduce the likelihood that a common design error, manufacturing defect, or systematic failure affects all redundant elements simultaneously. Dissimilarity specifically targets systematic common causes that cannot be addressed by physical separation alone.

The physical or functional separation of system elements to prevent a failure, external event, or environmental condition affecting one element from propagating to another. Physical segregation involves routing, mounting, or locating redundant elements in different zones, on different sides of the aircraft, or behind different barriers. Functional segregation involves using different interfaces, different power sources, different buses, or different signal paths. Segregation is a key means of achieving independence between redundant elements.

A design philosophy in which the occurrence of any single failure, or likely combination of failures, results in a safe condition or allows continued safe flight and landing. In a fail-safe design, failures are accommodated through a combination of redundancy, designed failure paths, detectability, and crew procedures. The fail-safe concept was the original safety philosophy for transport aircraft structure (fail-safe structure permits damage or partial failure without catastrophic structural failure) and has been extended to systems design. Under 14 CFR/CS 25.1309, the fail-safe design concept requires that no single failure results in a catastrophic failure condition.

A system design approach in which the system continues to perform its intended function without degradation after the occurrence of a failure. In a fail-operational system, redundancy and automatic reconfiguration allow the function to continue operating normally even when one element has failed. Fail-operational capability is typically required for flight-critical functions where any interruption would be unacceptable, such as autopilot systems during automatic landing (Cat III operations) or fly-by-wire flight control systems.

A system design approach in which the system, upon detecting a failure, transitions to a safe, neutral state that does not adversely affect the aircraft's flight path or controllability. In a fail-passive design, the system ceases to provide its function but does so in a way that does not produce a hazardous output. The crew is expected to take over the function manually. Fail-passive is commonly used for autopilot systems in Cat I and Cat II approach operations: upon failure, the autopilot disengages cleanly without introducing a transient upset.

A defined boundary within a system architecture beyond which the effects of a fault cannot propagate. A fault containment region is designed so that any fault originating within the region is either contained within that region (preventing it from affecting other regions) or is detected before it can propagate. Fault containment regions are established through hardware isolation, software partitioning, interface monitoring, and architectural boundaries. The concept is particularly important in integrated modular avionics (IMA), where multiple functions of different DALs share computing resources.

The set of design features, architectural decisions, and implementation strategies that collectively provide the system's ability to meet safety objectives. A safety architecture encompasses redundancy schemes, independence provisions, fault detection and monitoring mechanisms, reconfiguration strategies, crew alerting, reversionary modes, and the overall allocation of safety requirements to hardware, software, and operational procedures. The safety architecture is defined during the system development process (per ARP4754B) and is evaluated through the safety assessment process (per ARP4761A).

Requirements that are generated through the safety assessment process (PSSA, SSA) rather than being directly traceable to a higher-level requirement or regulation. Derived safety requirements emerge from the architecture and implementation decisions made to achieve safety objectives. Examples include requirements for failure monitoring (to detect latent failures), requirements for dissimilarity between redundant channels, independence requirements for power supplies to redundant systems, exposure time limits for maintenance intervals, and requirements for crew annunciation of degraded states.

Failure effects that propagate from one system or function to other systems or functions through physical, electrical, logical, or functional interfaces. A cascading effect occurs when a failure in one system causes degradation or failure in another system that is not directly related, through shared resources (power, cooling, data buses), physical proximity, or functional dependencies. Cascading effects can amplify the severity of a failure condition beyond what would be expected from the initial failure alone.

A structured argument, supported by a body of evidence, that provides a compelling, comprehensible, and valid case that a system is acceptably safe for a given application in a given operating environment. The safety case integrates all safety-related evidence — including safety analyses (FHA, PSSA, SSA), design data, test results, process evidence (development assurance), and operational considerations — into a coherent narrative demonstrating that safety objectives are met. The safety case concept is used explicitly in some regulatory frameworks and implicitly in others where the certification evidence package serves the same function.

An SAE Aerospace Recommended Practice that provides guidelines for the development of civil aircraft and systems, considering the overall aircraft operating environment and functions. ARP4754B defines the aircraft and system development process, including planning, requirements capture, design, implementation, integration, verification, validation, configuration management, quality assurance, and certification liaison. It establishes the framework for assigning Development Assurance Levels (DALs) to functions, systems, and items based on failure condition severity, and describes the integral processes (safety assessment, requirements management, validation) that support development assurance.

An SAE Aerospace Recommended Practice that provides guidelines and methods for conducting the safety assessment process on civil airborne systems and equipment. ARP4761A describes the Functional Hazard Assessment (FHA), Preliminary System Safety Assessment (PSSA), System Safety Assessment (SSA), and Common Cause Analysis (CCA) processes, along with detailed guidance on specific analysis methods including Fault Tree Analysis (FTA), Failure Modes and Effects Analysis (FMEA), Markov Analysis, Dependency Diagrams, and other techniques used to demonstrate compliance with 25.1309 and equivalent regulations.

The primary guidance document used by certification authorities and industry for the development of airborne software. DO-178C defines the objectives, activities, and design considerations for software that performs functions in airborne systems and equipment. It establishes a framework of software lifecycle processes — planning, requirements, design, coding, integration, verification, configuration management, quality assurance, and certification liaison — with objectives that scale based on the software level (DAL A through E). DO-178C replaced DO-178B in 2011, adding technology-specific supplements and clarifying objectives.

A supplement to DO-178C that provides guidance on the qualification of software tools used in the development and verification of airborne software. DO-330 defines Tool Qualification Levels (TQL-1 through TQL-5) based on the potential impact of the tool on the airborne software and the software level. Tools that could introduce errors into the airborne software (development tools) or that could fail to detect errors (verification tools) require qualification at levels commensurate with their impact. The qualification process involves defining tool operational requirements, verifying the tool against those requirements, and demonstrating that the tool satisfies its qualification objectives.

A supplement to DO-178C that provides additional guidance for the use of model-based development and verification in airborne software. DO-331 addresses the use of models (such as Simulink, SCADE, or UML models) as design and requirements representations, including the specification of model-level requirements, simulation-based verification, and auto-code generation from models. The supplement defines when models can be used as requirements, design, or source code, and specifies additional objectives for model coverage analysis, model reviews, and traceability between models and the airborne software.

A supplement to DO-178C that provides additional guidance for the use of object-oriented technology (OOT) and related techniques in airborne software. DO-332 addresses the specific concerns that OOT introduces — including inheritance, polymorphism, dynamic dispatch, overloading, type conversion, exception handling, and templates/generics — and defines additional objectives to ensure these features do not compromise software development assurance. The supplement includes guidance on OOT-specific structural coverage criteria, such as subtype and dynamic coupling measures.

A supplement to DO-178C that provides guidance for the use of formal methods in airborne software development and verification. Formal methods use mathematically rigorous techniques to specify, develop, and verify software. DO-333 allows certain DO-178C objectives to be satisfied through formal analysis rather than through testing, provided the formal analysis is demonstrated to be sound and complete for the properties being verified. The supplement addresses formal specification, formal verification (theorem proving, model checking, abstract interpretation), and the relationship between formal analysis and traditional testing and review activities.

The primary guidance document for design assurance of airborne electronic hardware, including complex programmable hardware devices such as FPGAs, ASICs, PLDs, and complex COTS components. DO-254 defines a hardware design lifecycle similar in structure to DO-178C's software lifecycle, including planning, requirements capture, conceptual design, detailed design, implementation (synthesis, place-and-route), verification, configuration management, and process assurance. The objectives scale based on the hardware Design Assurance Level (DAL A through E). DO-254 applies specifically to complex electronic hardware; simple hardware items may be addressed through conventional quality assurance processes.

The standard that defines environmental test conditions and procedures for airborne equipment. DO-160G specifies the environmental tests that equipment must pass to demonstrate it can function correctly in the aircraft environment, including tests for temperature (altitude, temperature variation, thermal shock), vibration (random, sinusoidal), humidity, shock, power input (normal and abnormal power conditions), voltage spike, audio frequency conducted susceptibility, induced signal susceptibility, radio frequency susceptibility (radiated and conducted), radio frequency emission, lightning (direct and indirect effects), icing, fluid susceptibility, sand and dust, fungus, salt spray, magnetic effect, fire/flammability, and waterproofness.

A standard that establishes requirements for the processing of aeronautical data to ensure data quality and integrity throughout the data chain. DO-200B defines a framework for data quality requirements including accuracy, resolution, integrity, traceability, timeliness, and completeness. It applies to organizations that originate, process, or distribute aeronautical data used in airborne systems, including navigation databases, terrain databases, and obstacle databases. The standard requires data quality assurance processes, including independent verification, configuration management, and traceability from data source to end use.

A standard that defines the airworthiness security process for aircraft systems, addressing intentional unauthorized electronic interactions (IUEI) — cybersecurity threats — that could affect the safety of the aircraft. DO-326A establishes a security risk assessment process that evaluates how threat agents could exploit vulnerabilities in aircraft systems to cause failure conditions. The standard defines security objectives commensurate with safety impact: systems whose compromise could lead to catastrophic failure conditions require the most rigorous security measures. DO-326A integrates security considerations into the existing safety assessment framework of ARP4754B and ARP4761A.

A companion document to DO-326A that provides detailed methods and considerations for implementing the airworthiness security process. While DO-326A defines the process framework, DO-356A provides practical guidance on security risk assessment methods, threat modeling, vulnerability analysis, security requirements development, security architecture design, and security verification. DO-356A addresses topics such as attack surface analysis, threat identification, security testing (penetration testing, fuzz testing), and the relationship between security assurance and development assurance levels.

A standard that provides guidance on managing information security aspects related to the continuing airworthiness of aircraft throughout their operational life. While DO-326A and DO-356A address security during type design and certification, DO-355 addresses the ongoing security management after the aircraft enters service. This includes guidance on monitoring for new threats and vulnerabilities, assessing the airworthiness impact of security events, managing security patches and updates, and maintaining the effectiveness of security measures over the aircraft's operational life.

The EUROCAE publication of the software certification guidance document that is technically identical to RTCA DO-178C. ED-12C is published by EUROCAE (European Organisation for Civil Aviation Equipment) and is the European designation for the same standard. ED-12C is referenced by EASA through AMC 20-115D as the acceptable means for airborne software development assurance in the European regulatory framework. All technical content, objectives, tables, and appendices are identical to DO-178C.

The EUROCAE publication of the hardware design assurance guidance document that is technically identical to RTCA DO-254. ED-80 is referenced by EASA as the acceptable means for complex airborne electronic hardware design assurance. All technical content, objectives, and guidance are identical to DO-254.

The EUROCAE publication of the environmental test standard that is technically identical to RTCA DO-160G. ED-14G defines the same environmental test conditions, procedures, and categories as DO-160G. It is referenced in EASA certification specifications, ETSOs, and certification programs as the accepted environmental qualification standard for airborne equipment.

The EUROCAE publication of the systems development assurance guidance that is technically aligned with SAE ARP4754B. ED-79B provides guidelines for the development of civil aircraft and systems, addressing the same topics as ARP4754B: system development processes, development assurance level assignment, safety assessment integration, validation, verification, and configuration management. ED-79B is referenced by EASA in AMC 20-152A.

The EUROCAE publication of the safety assessment guidelines that is the European equivalent of SAE ARP4761A. ED-135 provides guidelines and methods for conducting the safety assessment process, including FHA, PSSA, SSA, and CCA, as well as detailed guidance on analysis methods such as FTA, FMEA, Markov Analysis, and Dependency Diagrams. ED-135 is referenced by EASA in certification specifications and acceptable means of compliance.

Software that is intended to be used in airborne systems and equipment, and that performs or contributes to a function on the aircraft. Airborne software is subject to development assurance requirements as defined in DO-178C / ED-12C. The scope of airborne software includes embedded software in avionics equipment (flight management systems, display systems, engine controllers), software in line-replaceable units (LRUs), and software that performs functions necessary for continued safe flight and landing. Software used only for ground-based applications (manufacturing test, maintenance ground support) is not airborne software, although it may still require qualification as a tool under DO-330.

A separately identifiable part of a computer program that is a constituent of the airborne software. A software item is the unit at which software development assurance is applied — it has its own software level (DAL), its own set of lifecycle data, and its own compliance demonstration. A software item may be a complete standalone application, a partition in an IMA platform, or a distinct functional module with well-defined interfaces. Software items are identified during the software planning process and documented in the Plan for Software Aspects of Certification (PSAC).

A distinct part of a software item, typically identified at the architectural design level. Software components are the building blocks of a software item's architecture: they implement specific functions, have defined interfaces, and may be composed of lower-level components or code modules. In DO-178C, the term is used in the context of software architecture, where the software item is decomposed into software components that implement the high-level requirements through low-level requirements and source code.

The designation of the software development assurance effort required for a software item, based on the failure condition classification of the system function to which the software contributes. Software levels correspond to Development Assurance Levels (DALs): Level A software contributes to functions whose failure could cause or contribute to a catastrophic failure condition; Level B to hazardous; Level C to major; Level D to minor; and Level E to no safety effect. The software level determines which DO-178C objectives are applicable, the number of objectives that must be satisfied with independence, and the overall rigor of the development and verification processes.

The primary planning document for software certification, submitted to and agreed upon by the certification authority. The PSAC describes the system overview, software overview, certification considerations, software lifecycle processes, software lifecycle data, schedule, and any means of compliance deviations or alternative methods. It identifies the software items, their software levels, the applicable DO-178C objectives, the software lifecycle processes that will be used, the tools that require qualification, and any previously developed or COTS software that will be used. The PSAC is the certification authority's primary reference for understanding and overseeing the software development effort.

A lifecycle planning document that describes the verification methods, procedures, and environment that will be used to verify the software. The SVP defines the overall verification strategy, including what will be verified by review, what by analysis, what by testing, and what by a combination of these methods. It specifies the verification environment (target hardware, host simulation, emulation), the tools used for verification, the coverage criteria (statement, decision, MC/DC as applicable to the software level), and the criteria for verification completeness. The SVP also addresses independence requirements for verification activities.

A lifecycle planning document that describes the configuration management activities, procedures, and environment for the software. The SCMP defines how configuration items are identified, how changes are controlled (change request and problem report processes), how baselines are established and maintained, how configuration audits are performed, and how the integrity of the software lifecycle data is preserved. Configuration management under DO-178C is not optional: it is an integral process that ensures traceability, repeatability, and control throughout the software lifecycle.

A lifecycle planning document that describes the software quality assurance activities, methods, and responsibilities. The SQAP defines how the SQA function will provide assurance that the software development and verification processes conform to the approved plans and standards. SQA activities include process audits, transition criteria checks (ensuring activities are complete before proceeding to the next phase), review of lifecycle data for completeness and correctness, and reporting of deviations and non-conformances. The SQA function provides independence from the development team.

Software requirements that are developed directly from the system requirements allocated to the software item. High-level requirements specify the functional behavior, performance characteristics, timing constraints, interface definitions, and safety-related requirements of the software item in terms that are implementation-independent. HLRs describe what the software must do, not how it does it. Each HLR must be traceable to the system requirement(s) from which it was derived. HLRs that are not traceable to system requirements are classified as derived requirements and must be evaluated for their safety impact.

Software requirements that are developed from the high-level requirements to provide a more detailed description of the software behavior, closer to the implementation level. Low-level requirements are derived from the software architecture and detailed design process. They describe the software behavior at a level of detail sufficient to enable coding without further design interpretation. LLRs include algorithm details, data structure definitions, input/output descriptions, error handling logic, and timing requirements. Each LLR must be traceable to the HLR(s) from which it was derived, and the source code must be traceable to LLRs.

Software requirements (at either the HLR or LLR level) that are not directly traceable to a higher-level requirement but are generated by the software development process itself. Derived requirements arise from design decisions, implementation constraints, or the need to implement functions that are necessary for the software to work correctly but that were not explicitly stated in the system requirements. Examples include requirements for initialization sequences, internal data structures, error handling mechanisms, and resource management. DO-178C requires that derived requirements be provided to the system safety assessment process because they may introduce new failure modes or modify the failure behavior assumed in the system safety analysis.

The ability to trace relationships between lifecycle data items in both forward (from requirements to implementation and test) and backward (from implementation and test back to requirements) directions. DO-178C requires bi-directional traceability at multiple levels: (1) System requirements to HLRs and HLRs back to system requirements; (2) HLRs to LLRs and LLRs back to HLRs; (3) LLRs to source code and source code back to LLRs; (4) HLRs to test cases/procedures and test cases/procedures back to HLRs; (5) LLRs to test cases/procedures (for applicable levels) and test cases/procedures back to LLRs. Forward traceability ensures that all requirements are implemented and tested. Backward traceability ensures that all code and tests can be justified by a requirement (detecting extraneous code and unnecessary tests).

The evaluation of the outputs of a software lifecycle process to ensure correctness and consistency with respect to the inputs and standards for that process. In DO-178C, verification encompasses three primary methods: (1) Reviews — systematic examination of lifecycle data by qualified personnel to detect errors, omissions, and inconsistencies; (2) Analyses — examination of lifecycle data using mathematical or logical reasoning to detect errors or demonstrate properties (e.g., data flow analysis, control flow analysis, stack usage analysis, timing analysis); (3) Testing — execution of the software with defined inputs and comparison of actual outputs to expected outputs. Requirements-based testing is the primary testing strategy, supplemented by structural coverage analysis to assess the thoroughness of the test set.

A testing strategy in which test cases are derived from the software requirements (both HLRs and, where applicable, LLRs) rather than from the software implementation. Each test case is designed to verify one or more specific requirements by defining inputs that exercise the required behavior and expected outputs that demonstrate the requirement is correctly implemented. Requirements-based testing includes normal range testing (inputs within specified operating ranges), boundary value testing (inputs at the boundaries of specified ranges), and robustness testing (inputs outside specified ranges, where applicable). The goal is to demonstrate that every requirement is correctly implemented, that the software produces the correct outputs for the specified inputs, and that no unintended function exists.

An analysis of the source code structure to determine which code statements, decision branches, and conditions are exercised by the requirements-based test set. Structural coverage is not a testing method but a measure of test thoroughness. DO-178C defines three levels of structural coverage, required based on the software level: (1) Statement Coverage (Level C and above) — every statement in the code has been executed at least once; (2) Decision Coverage (Level B and above) — every decision (branch) in the code has taken both its true and false outcomes at least once; (3) Modified Condition/Decision Coverage (MC/DC) (Level A) — every condition within a decision has been shown to independently affect the decision outcome. If structural coverage analysis reveals code that is not exercised by requirements-based tests, the analysis must determine whether the gap indicates missing requirements, missing test cases, dead code, or deactivated code.

Testing that evaluates the software's response to abnormal inputs, conditions, and environmental stresses that are outside the normal operating envelope but that the software might encounter. Robustness testing verifies that the software handles invalid inputs, out-of-range values, corrupted data, timing anomalies, and resource exhaustion gracefully — without producing hazardous outputs, entering undefined states, or crashing. Robustness testing complements normal-range requirements-based testing and is driven by the HLR requirements for error handling, input validation, and fault tolerance.

The requirement that certain verification activities be performed by persons who are not the developers of the item being verified. Independence in DO-178C means separation of the verification function from the development function such that the verifier has no vested interest in the outcome and can provide an objective assessment. The degree of independence required increases with software level: at Level A, many verification objectives require independence (the person verifying an output must not be the same person who produced it); at Level D, fewer independence requirements apply. Independence can be provided by another engineer, a separate team, or an independent organization.

A designation under DO-330 / DO-178C that defines the qualification effort required for a software development or verification tool based on the potential impact of the tool on the airborne software. Five TQL levels are defined: TQL-1 (most rigorous) applies to tools whose output is part of the airborne software and that could insert errors, when used for Level A software; TQL-2 through TQL-4 apply to lesser combinations of tool impact and software level; TQL-5 (least rigorous) applies to tools that automate processes but whose output can be verified by other means. The TQL determines which DO-330 objectives must be satisfied for the tool qualification.

A design technique that provides isolation between software components or applications sharing common computing resources (processor, memory, I/O), such that a fault in one partition cannot adversely affect software in another partition. Partitioning has two dimensions: time partitioning (ensuring each partition receives its allocated processing time regardless of the behavior of other partitions) and space partitioning (ensuring each partition can only access its own memory regions and cannot corrupt another partition's data or code). Robust partitioning provides sufficient isolation that a software error in one partition cannot propagate to another partition, allowing partitions of different software levels to coexist on the same hardware platform.

Commercial Off-The-Shelf (COTS) software is software that was not developed with DO-178C compliance as a primary objective and is available commercially (e.g., operating systems, libraries, protocol stacks). Previously Developed Software (PDS) is software that was developed under DO-178C for a prior certification program and is being reused in a new application. Both categories present certification challenges. For COTS software, the full DO-178C lifecycle data is typically unavailable, so alternative means of compliance must be established — such as extensive testing, operational history credit (with caveats), or wrapping the COTS component with qualified interface protection. For PDS, change impact analysis and configuration management verification are required to ensure the software is applicable to the new installation.

A configuration item (CI) is a hardware or software entity that is designated for configuration management. In DO-178C, software lifecycle data — including plans (PSAC, SVP, SCMP, SQAP), requirements documents (SRD, SDD), source code, object code, test cases, test procedures, test results, traceability data, and the Software Accomplishment Summary — are all configuration items subject to configuration identification, change control, status accounting, and configuration audit. Each CI has a unique identifier, a defined baseline state, and a controlled change history.

A baseline is a formally established and configuration-controlled snapshot of the software lifecycle data at a specific point in the development process. DO-178C identifies several key baselines in the software lifecycle: the requirements baseline (after requirements are reviewed and approved), the design baseline (after design is reviewed and approved), the code baseline (after code is reviewed and passes testing), and the release baseline (the final configuration of the software approved for certification). Once a baseline is established, any change to its constituent configuration items must go through the formal change control process, with appropriate review, approval, and regression analysis.

A problem report (PR) is a document that records a discrepancy, deficiency, or anomaly discovered in any software lifecycle data — including requirements, design, code, test cases, test results, or documentation. A change request (CR) is a formal request to modify a configuration item. DO-178C requires that all problems discovered during the software lifecycle be recorded in problem reports, that problem reports be analyzed for their impact, and that corrective actions be tracked to closure. Open problem reports at the time of certification must be evaluated for their safety impact and documented in the Software Accomplishment Summary (SAS). The problem reporting and change control system is a critical element of configuration management.

Certification liaison is the ongoing communication between the applicant and the certification authority throughout the software lifecycle. Stages of Involvement (SOIs) are structured review points at which the certification authority evaluates the software development and verification progress. The FAA defines four SOIs for software: SOI #1 (Planning Review) — reviews the PSAC, plans, and standards before significant development begins; SOI #2 (Development Review) — reviews requirements, design, and initial development outputs; SOI #3 (Verification Review) — reviews verification results, including test results, coverage analysis, and traceability; SOI #4 (Final Review) — reviews the Software Accomplishment Summary, open problem reports, and the complete lifecycle data package. SOIs may also include audits of the development and verification environment.

The primary certification document produced at the conclusion of the software development and verification process. The SAS provides a summary of the software lifecycle, including: the software identification (part number, version); the system and software overview; the software lifecycle processes used; deviations from plans and standards; a summary of the software verification results; the status of configuration management activities; a summary of open problem reports and their disposition; a statement of compliance with DO-178C objectives; and a description of any unresolved issues. The SAS is the certification authority's primary evidence that the software development and verification process has been completed in accordance with the approved plans.

Electronic hardware items (circuit board assemblies, components, programmable logic devices, and associated wiring) that perform functions in airborne systems or equipment. AEH is distinct from software and is subject to its own assurance processes under DO-254/ED-80.

Airborne electronic hardware whose function can be fully verified through deterministic testing alone, without requiring the full DO-254 design assurance process. Simple hardware items have limited functionality and their correct behavior can be assured through comprehensive testing of all operational conditions.

Airborne electronic hardware whose function cannot be fully verified through deterministic testing alone due to the complexity of its design, the presence of programmable logic, or the impracticality of exhaustive testing. Complex hardware requires the full DO-254 design assurance lifecycle.

A general category of integrated circuits whose logic function is defined by the user after manufacture through programming rather than during the semiconductor fabrication process. PLDs include SPLDs (simple PLDs such as PALs and GALs), CPLDs, and FPGAs.

A programmable logic device consisting of multiple programmable logic array blocks interconnected through a centralized switch matrix. CPLDs provide deterministic timing, non-volatile configuration storage, and moderate logic capacity, making them suitable for glue logic, bus interface, and control applications in avionics.

A programmable logic device containing an array of configurable logic blocks (CLBs) interconnected through a programmable routing fabric, with configuration typically stored in volatile SRAM cells loaded at power-up from external non-volatile memory. FPGAs provide high logic density, parallel processing capability, and in-field reconfigurability.

An integrated circuit designed and manufactured for a specific application, with the logic function permanently defined during the fabrication process. Unlike FPGAs, ASICs cannot be reprogrammed after manufacture. ASICs include full-custom designs, standard-cell designs, and gate-array-based implementations.

A pre-designed, reusable block of logic, cell, or chip layout design that is the intellectual property of one party and can be integrated into a larger hardware design. IP cores are categorized as soft cores (synthesizable HDL), firm cores (optimized netlist), or hard cores (physical layout). In avionics, IP cores may be vendor-supplied or developed in-house.

Previously developed hardware design elements, including HDL modules, schematics, or IP cores, that are incorporated into a new hardware design. Reuse may involve using the design in a new application context, a different technology (e.g., migrating from one FPGA family to another), or a different design assurance level.

The set of documented conditions, capabilities, and constraints that the hardware item must satisfy, derived from system-level requirements through the system safety and requirements allocation processes. Hardware requirements include functional requirements, performance requirements, interface requirements, environmental requirements, and safety requirements allocated from the system level.

Requirements that arise from the hardware design process itself and are not directly traceable to higher-level system requirements. Derived requirements emerge during conceptual design, detailed design, or implementation when design decisions introduce additional requirements that were not anticipated at the system level.

The documented association between hardware requirements, design elements, implementation artifacts, and verification activities throughout the DO-254 lifecycle. Traceability demonstrates that every requirement has been implemented in the design and verified, and that every design element and verification activity traces to a requirement.

A verification method using computer-based models to evaluate the behavior of a hardware design against its requirements before physical implementation. For programmable logic, simulation typically involves functional simulation of HDL code, timing simulation with back-annotated delays, and system-level simulation of the integrated design.

An analytical verification method that evaluates hardware circuit performance under the most adverse combination of operating conditions, component tolerances, and aging effects. WCA encompasses worst-case circuit analysis (WCCA), thermal analysis, power analysis, timing analysis, and signal integrity analysis.

A structured evaluation of hardware design data by qualified reviewers to assess correctness, completeness, compliance with requirements, and conformance to applicable standards. Reviews are applied throughout the DO-254 lifecycle to requirements, conceptual design, detailed design, implementation data, and verification results.

Physical testing of the manufactured hardware to verify that it meets its requirements and performs correctly under specified operating conditions. Hardware testing includes unit testing of individual components or modules, integration testing of assembled hardware, and environmental testing across the specified operating envelope.

The process of evaluating electronic design automation (EDA) tools used in the DO-254 hardware lifecycle to determine whether their output can be trusted without independent verification, or whether additional measures are needed to mitigate tool-related risks. Tool assessment considers the tool's potential to introduce errors and the ability of subsequent activities to detect such errors.

The primary planning document for DO-254 hardware certification, establishing the agreement between the applicant and the certification authority on the hardware design assurance approach. The PHAC identifies the hardware items requiring design assurance, their design assurance levels, the lifecycle processes to be applied, the standards and guidance to be followed, and any deviations or alternative methods of compliance.

The final summary document for DO-254 hardware certification, providing evidence that all planned hardware design assurance activities have been completed and that the hardware item satisfies its requirements and is safe for its intended function. The HAS is submitted to the certification authority as part of the final certification data package.

The process of demonstrating, through analysis and testing, that airborne equipment performs its intended function within its specified performance envelope when subjected to the environmental conditions defined by its installation location on the aircraft. Environmental qualification encompasses both the test program and the supporting analysis that together establish equipment suitability for the intended operating environment.

Testing performed to demonstrate compliance with applicable airworthiness regulations and technical standards, the results of which are submitted to the certification authority as part of the type certificate, supplemental type certificate, or technical standard order authorization data package. Certification testing may include functional testing, performance testing, environmental testing, and safety-related testing.

The classification system defined in DO-160/ED-14 that assigns severity levels to environmental tests based on the equipment's installation location, intended use, and operational environment on the aircraft. Categories are designated by alphanumeric codes (e.g., A1, A2, B1, B2) within each test section, with each category specifying a set of test conditions and limits.

The specific test severity parameters (e.g., temperature extremes, vibration amplitudes, voltage limits) associated with each environmental test category in DO-160. Qualification levels define the exact conditions under which the equipment must operate or survive, and they vary based on the equipment's installation zone and the aircraft type (fixed-wing, rotorcraft, etc.).

DO-160 Sections 4 (Temperature and Altitude) and 5 (Temperature Variation) define tests that subject equipment to the extremes of temperature and altitude expected during aircraft operation. Section 4 tests include short-term and steady-state exposure at temperature extremes combined with altitude, ground survival temperature exposure, and (for unpressurized installations) decompression. Section 5 tests assess the equipment's ability to withstand rapid temperature changes.

DO-160 Section 8 defines vibration tests that subject equipment to sinusoidal or random vibration profiles representative of the vibration environment at the equipment's installation location on the aircraft. Test profiles vary by aircraft type (fixed-wing jet, propeller, helicopter) and installation location (instrument panel, rack-mounted, engine-mounted, etc.).

DO-160 Section 7 (Operational Shocks and Crash Safety) defines tests that subject equipment to mechanical shock pulses representative of operational events (e.g., hard landings, turbulence) and, where applicable, crash safety conditions. Operational shock tests verify continued function after shock; crash safety tests verify that equipment does not detach or become a hazard to occupants during a survivable crash.

DO-160 Section 10 (Waterproofness) defines tests that evaluate the equipment's resistance to water ingress. Test methods include water spray, water drip, condensation, and immersion, depending on the applicable category and the equipment's installation exposure to moisture.

DO-160 Section 11 (Fluids Susceptibility) defines tests that evaluate the equipment's resistance to degradation when exposed to operational fluids commonly encountered in the aircraft environment, including hydraulic fluid, jet fuel, lubricating oil, de-icing fluid, cleaning agents, and other fluids applicable to the installation.

DO-160 Section 12 (Sand and Dust) defines tests that evaluate the equipment's resistance to the ingress and abrasive effects of fine sand and dust particles. Testing verifies that the equipment maintains its function and that moving parts, seals, and filters are not adversely affected by particle exposure.

DO-160 Section 13 (Fungus Resistance) defines tests that evaluate whether the materials and components of the equipment support fungal growth that could degrade performance or safety. Equipment is exposed to fungal spore cultures under conditions favorable to growth (high humidity and temperature) and evaluated for evidence of fungal colonization.

DO-160 Section 14 (Salt Fog) defines tests that evaluate the equipment's resistance to corrosion and functional degradation when exposed to a salt-laden atmosphere representative of marine or coastal operating environments. The equipment is subjected to a fine salt spray mist for a specified duration, followed by a drying period and functional evaluation.

DO-160 Section 16 (Power Input) defines tests that evaluate equipment behavior under the range of power supply conditions encountered on the aircraft electrical bus, including normal voltage range, abnormal voltage conditions (overvoltage, undervoltage), power interruptions, voltage transients, and frequency variations (for AC equipment). The equipment must operate correctly within the normal power envelope and must not be damaged by abnormal power conditions.

Transient voltage disturbances on the aircraft power bus that arise from load switching, relay operation, generator faults, or lightning-induced coupling. DO-160 Section 17 (Voltage Spike) defines test waveforms and amplitudes that equipment must withstand without damage or unacceptable functional upset.

The characteristics of the electrical power supplied by the aircraft generating system and distributed through the power bus, including voltage regulation, frequency stability (AC systems), waveform distortion, and harmonic content. DO-160 Section 16 defines the expected power quality envelope that equipment must tolerate, while equipment design must also ensure it does not degrade power quality for other loads on the bus.

Electromagnetic energy generated by the equipment that is conducted back onto the aircraft wiring (power lines, signal lines) and may cause interference with other equipment connected to the same wiring. DO-160 Section 21 (Emission of Radio Frequency Energy) defines conducted emission limits measured on power input lines using a Line Impedance Stabilization Network (LISN).

Electromagnetic energy radiated into free space by the equipment or its associated wiring that may cause interference with aircraft radio systems or other electronic equipment. DO-160 Section 21 defines radiated emission limits measured at a specified distance from the equipment under test, covering the frequency range from 2 MHz to 6 GHz.

The ability of equipment to operate correctly in the presence of electromagnetic interference from external sources, including RF fields from aircraft radios, portable electronic devices, radar, and other installed equipment. DO-160 Sections 18 (Audio Frequency Conducted Susceptibility), 19 (Induced Signal Susceptibility), 20 (Radio Frequency Susceptibility — Conducted), and 20 (Radio Frequency Susceptibility — Radiated) define susceptibility test methods and severity levels.

Interconnected design practices that form the foundation of electromagnetic compatibility (EMC) in aircraft installations. Shielding uses conductive enclosures and cable shields to contain or exclude electromagnetic fields. Grounding provides a low-impedance return path for electrical currents and a reference potential. Bonding provides low-impedance electrical connections between metallic structural elements, equipment chassis, and cable shields to equalize potentials and facilitate current flow for EMC, lightning protection, and static charge dissipation.

The physical damage caused by lightning attachment to the aircraft structure, including burning, blasting, bending, and pitting at the attachment and exit points, as well as resistive heating and magnetic force effects along the current flow path. Direct effects are addressed through structural design, material selection, and the provision of adequate current-carrying paths that prevent catastrophic structural failure or fuel ignition.

The transient voltages and currents induced in aircraft wiring and equipment by the electromagnetic fields and resistive voltage drops produced when lightning current flows through the aircraft structure. Indirect effects can cause upset, damage, or erroneous operation of avionics and electrical systems. DO-160 Section 22 defines equipment-level tests for lightning indirect effects (pin injection testing and cable bundle testing).

The high-level radio frequency electromagnetic environment produced by ground-based and shipboard radar, broadcast transmitters, satellite communication stations, and other high-power RF sources that can illuminate aircraft during flight or ground operations. The HIRF environment can induce currents in aircraft wiring sufficient to cause upset or damage to avionics equipment. Regulatory requirements for HIRF protection are defined in 14 CFR 25.1317 (FAA) and CS-25.1317 (EASA).

A rapid transfer of electrostatic charge between bodies at different electrical potentials, caused by direct contact or a strong electrostatic field. In the aircraft context, ESD events can be generated by flight crew or maintenance personnel interacting with equipment and can cause upset, latch-up, or permanent damage to electronic circuits. DO-160 Section 25 defines ESD test methods and severity levels for airborne equipment.

The formal document recording the results of environmental qualification testing, including test configuration, test conditions, measured data, pass/fail determinations, and any anomalies or deviations. The QTR provides the certification authority with evidence that the equipment meets its environmental qualification requirements as defined in the Equipment Qualification Test Plan.

An avionics system architecture in which each system function is implemented in a dedicated, self-contained Line Replaceable Unit (LRU) with its own processor, memory, I/O interfaces, and power supply. Each LRU communicates with other LRUs over point-to-point or shared data buses. In a federated architecture, functions are isolated by physical separation: each box performs one or a small number of related functions.

An avionics system architecture in which multiple aircraft functions of potentially different criticality levels are hosted on shared computing hardware (processors, memory, I/O modules, network switches) within a common cabinet or platform. IMA relies on robust partitioning mechanisms to ensure that functions are isolated from each other in time and space, preventing a fault in one hosted application from affecting other applications sharing the same hardware.

A widely used avionics data bus standard that defines a unidirectional, point-to-point serial data bus operating at either low speed (12.5 kbit/s) or high speed (100 kbit/s). Each ARINC 429 bus has a single transmitter and up to 20 receivers. Data is transmitted as 32-bit words using a bipolar, return-to-zero modulation scheme over a twisted shielded pair of wires.

Avionics Full-Duplex Switched Ethernet (AFDX), defined by ARINC 664 Part 7, is a deterministic, full-duplex, switched Ethernet network for avionics data communication. AFDX uses standard Ethernet physical layer and frame format with additional mechanisms for determinism: Virtual Links (VLs) with defined bandwidth allocation, redundant network paths, frame sequencing, and integrity checking. AFDX provides guaranteed bandwidth and bounded latency for each communication flow.

A standard for the Application/Executive (APEX) interface in Integrated Modular Avionics, defining the software interface between hosted applications and the underlying operating system. ARINC 653 specifies robust time and space partitioning: each application executes within a partition that has guaranteed processor time windows and protected memory regions, preventing faults in one partition from propagating to others.

The property of a data communication network that guarantees bounded, predictable message delivery timing under all operating conditions, including worst-case loading. A deterministic data bus ensures that any message transmitted will be received within a known maximum latency, enabling time-critical avionics functions to rely on data freshness and delivery guarantees.

A modular component or assembly of an avionics system designed to be removed and replaced at the aircraft (at the flight line) by maintenance personnel without specialized tools or extensive disassembly, enabling rapid return of the aircraft to service. LRUs are the fundamental unit of line-level maintenance and typically include the complete electronic assembly in its enclosure with connectors, mounting hardware, and a nameplate identifying part number, serial number, and modification status.

A component or sub-assembly within an LRU that is designed to be removed and replaced in a repair shop (not at the aircraft line) using appropriate shop tooling and procedures. SRUs are the fundamental unit of shop-level (bench) maintenance and include items such as circuit board assemblies, power supply modules, display subassemblies, and other modules within the LRU.

Maintenance activities performed on an aircraft at the gate, ramp, or hangar by line maintenance personnel, without requiring the aircraft to be taken out of the operational fleet for an extended period. Line maintenance encompasses pre-flight checks, transit checks, daily checks, troubleshooting, and LRU replacements. It is characterized by the use of standard tools, limited ground time, and the objective of returning the aircraft to service as quickly as possible.

The process of assigning Design Assurance Levels to system components based on the failure condition classifications determined during the system safety assessment, and the use of architectural partitioning to limit the propagation of faults between components of different assurance levels. Partitioning enables a lower-DAL component to coexist with a higher-DAL component on the same hardware or in the same system without requiring the lower-DAL component to be developed at the higher level.

The process of assigning aircraft-level functions to specific systems, and subsequently allocating system functions to hardware items and software components within the system architecture. Functional allocation establishes which physical elements implement each required function and defines the interfaces between them.

The specification of a hardware or software item that results from the functional allocation and system architecture definition process. Item definition establishes the item's functional requirements, performance requirements, interface requirements, environmental requirements, and design assurance level, forming the starting point for the item-level development process under DO-254 (hardware) or DO-178C (software).

An Interface Control Document (ICD) formally defines the physical, electrical, logical, and data characteristics of the interface between two or more systems, subsystems, or components. ICDs specify connector types and pin assignments, signal characteristics (voltage levels, timing, protocols), data formats and message definitions, and the responsibilities of each side of the interface.

The means by which the flight crew interacts with the avionics system, including displays, controls, annunciators, aural alerts, and haptic feedback. The HMI design must enable the crew to effectively monitor system status, receive alerts and warnings, input commands, and maintain situational awareness under normal and abnormal operating conditions.

A legally enforceable regulation issued by an airworthiness authority that mandates inspection, modification, operational limitation, or replacement actions on an aircraft, engine, propeller, or appliance to correct an unsafe condition. Compliance with an AD is mandatory for continued operation of the affected product. ADs are issued when an unsafe condition exists or is likely to exist in other products of the same type design.

A document issued by the type certificate holder (aircraft, engine, or equipment manufacturer) that provides instructions for inspection, modification, or repair of a product to address a design improvement, reliability enhancement, or safety concern. Service bulletins are generally not mandatory unless mandated by an Airworthiness Directive, although operators may choose to implement them voluntarily to improve safety, reliability, or performance.

The set of documents provided by the type certificate holder that contains the information necessary for an operator to maintain an aircraft, engine, or appliance in an airworthy condition throughout its operational life. ICAs include the maintenance manual, overhaul manual, structural repair manual, illustrated parts catalogue, wiring diagram manual, and scheduled maintenance requirements, as well as airworthiness limitations that are regulatory-approved and mandatory.

A set of interrelated concepts defining the initial scheduled maintenance program for transport category aircraft. MSG-3 (Maintenance Steering Group - 3) is the analysis methodology used to develop the initial scheduled maintenance requirements. The Maintenance Review Board (MRB) is the regulatory body that oversees the MSG-3 process and approves the resulting Maintenance Review Board Report (MRBR), which defines the minimum initial scheduled maintenance tasks and intervals. The Maintenance Planning Document (MPD) is the TC holder's document that incorporates the MRBR requirements along with additional manufacturer recommendations.

14 CFR Part 43 (FAA) defines the standards and rules for maintenance, preventive maintenance, rebuilding, and alteration of aircraft, engines, propellers, and appliances. It establishes who is authorized to perform maintenance, what standards must be followed, and what records must be kept. Equivalent regulations exist in EASA (Part-M and Part-ML for continuing airworthiness management, Part-145 for maintenance organizations) and TCCA (CAR 571 for maintenance requirements, CAR 573 for approved maintenance organizations).

A maintenance facility certificated by the aviation authority to perform maintenance, preventive maintenance, and alterations on aircraft, engines, propellers, and appliances. In the FAA system, these are certificated under 14 CFR Part 145 as Repair Stations. In EASA, they are approved under Part-145 as Maintenance Organisations. In TCCA, they are approved under CAR 573 as Approved Maintenance Organizations (AMOs).

An organisation approved by EASA (under Part-M Subpart G, or Part-CAMO for air carrier aircraft) to manage the continuing airworthiness of aircraft and their components. The CAMO is responsible for ensuring that all required maintenance is planned, scheduled, and accomplished, that the aircraft configuration is properly managed, and that the aircraft remains in compliance with its approved maintenance programme, ADs, and airworthiness limitations throughout its operational life.

The Master Minimum Equipment List (MMEL) is a document established by the type certificate holder and approved by the certification authority that identifies equipment and instruments that may be inoperative for dispatch under specified conditions and limitations, while still maintaining an acceptable level of safety. The Minimum Equipment List (MEL) is the operator-specific document, derived from the MMEL, tailored to the operator's specific aircraft configuration, operations, and maintenance capability, and approved by the operator's national aviation authority.

A data-driven program that monitors the in-service performance of aircraft systems and components to detect adverse trends, identify reliability issues, and provide a basis for adjusting maintenance tasks and intervals. The reliability program collects and analyzes data on component removals, failures, delays, cancellations, pilot reports, and maintenance findings to assess whether the aircraft maintenance program remains effective.

Escalation is the process of extending scheduled maintenance task intervals beyond the initial intervals established in the MRBR/MPD, based on accumulated in-service reliability data demonstrating that the current intervals are conservative and that safety is maintained with longer intervals. Bridging is the transitional process of extending intervals from the current approved interval toward a target interval in defined steps, with reliability monitoring at each step to confirm that the extended interval remains adequate.

The systematic process of tracking and managing the physical configuration of each aircraft and its components throughout the operational life, ensuring that the aircraft conforms to its approved type design (including all incorporated modifications, service bulletins, and airworthiness directives) and that the configuration is accurately documented in the aircraft's continuing airworthiness records.

The process of recording and monitoring the current modification status of each aircraft and its individual components, including which service bulletins have been incorporated, which ADs have been complied with, and the current part number, serial number, and software version of each installed item. Modification status tracking ensures that each aircraft's physical configuration is accurately known and documented at all times.

The regulatory framework that governs the certification of aircraft, engines, propellers, and articles (parts and appliances), including procedures for type certificates, supplemental type certificates, production approvals, airworthiness certificates, and export airworthiness approvals. Part 21 is the foundational regulation that defines how a product progresses from design approval to production and operational service.

The mechanisms by which certification authorities delegate specific approval privileges to qualified individuals or organizations, enabling them to perform certain certification activities on behalf of the authority. Delegation reduces the authority's direct workload while maintaining safety oversight. Each jurisdiction has evolved different delegation structures reflecting its regulatory philosophy.

A Technical Standard Order (TSO) is a minimum performance standard issued by the certification authority that an article (equipment or appliance) must meet in order to receive a TSO Authorization (TSOA). A TSOA certifies that the article meets the applicable TSO performance standard and may be installed on any applicable aircraft. The FAA issues TSOs under 14 CFR Part 21 Subpart O. EASA issues European Technical Standard Orders (ETSOs) under Part 21 Subpart O. TCCA issues Canadian Technical Standard Orders (CAN-TSOs).

A design approval issued for a major modification to the type design of an existing type-certificated product (aircraft, engine, or propeller). The STC approves the design change and the associated installation instructions, maintenance data, and, where applicable, flight manual supplements. The STC holder has the authority to produce the modification kit and the obligation to provide Instructions for Continued Airworthiness.

Non-mandatory guidance material published by certification authorities that provides acceptable means of compliance with the regulatory requirements, explanatory material, and recommended practices. While not legally binding, guidance documents describe methods that the authority has pre-accepted as demonstrating compliance with the applicable rules, and deviation from them typically requires coordination with the authority to establish an equivalent alternative means.

Formal mechanisms used by certification authorities to document and track specific certification issues, concerns, or special conditions that arise during a certification project and require resolution between the applicant and the authority. These instruments capture the authority's position on a compliance matter, the agreed means of compliance, and the resolution.

The authorized release certificate that accompanies an aircraft part, component, or appliance to attest that the article has been manufactured, inspected, and/or tested in accordance with approved data and is in a condition for safe installation. The release certificate provides the traceability between the physical article and its approved design, and it is the primary document used by maintenance organizations to determine whether an article is eligible for installation on an aircraft.