Part NIS
We help you make sense of EASA’s Part-IS — and turn it into something that actually works in practice. From gap analysis to implementing it, I make the process structured, lean, and tailored to your ops.
Get started
Is your organization ready for EASA’s new Part-IS regulations (EU 2022/1645 & EU 2023/203)?
Download our free checklist and see where you stand before the October 2025 deadline.
Where to start?
Part-IS defines how aviation organisations must protect information and systems against cyber threats. It applies to airlines, MROs, ANSPs, OEMs, and airports holding EASA approvals.Each organisation must assess whether its systems or services are relevant for aviation safety — and understand how loss of confidentiality, integrity, or availability could affect safe operations.If you’re navigating EASA Part-IS, this is a good place to start. You might not need help — but if you do, I’m available.
What is Part IS?
Part-IS – EASA’s framework for information security in aviationPart-IS is the section of the EASA regulations that deals with information security in aviation. It applies to airlines, MROs, ANSPs, OEMs, airports, and other organisations holding EASA approvals.It consists of two main parts:IS.AR – Authority Requirements
Defines what national aviation authorities must do, including oversight, risk review, incident reporting, and audits.IS.OR – Organisation Requirements
Defines what approved organisations must implement, such as establishing an Information Security Management System, managing risks, reporting incidents, and integrating information security into their existing management systems.A key point in Part-IS is that each organisation must determine whether its systems, services, or activities are relevant for aviation safety. This assessment is not just technical but operational – it requires understanding how a loss of confidentiality, integrity, or availability could affect safe operations.EASA provides AMC/GM (Acceptable Means of Compliance and Guidance Material) to help interpret and apply these rules in practice.The structure mirrors other EASA frameworks like Part-CAMO or Part-145, but it focuses entirely on information and cyber security.EASA Easy Access Rules for Information Security (EU 2023/203)
This document contains the consolidated version of the regulation on information security in aviation. It explains the requirements for managing information security risks in civil aviation organisations and authorities.
Still need help?
If you still need help understanding how this regulation applies to your organisation or have questions about specific parts of it, feel free to reach out — We are happy to provide more context, explain the key points, or help translate it into something more practical.
Part NIS