What PART-IS changes, who is affected, how to prepare.
PART-IS, in a nutshell:
PART-IS is the first European regulation to imposes a civil aviation-wide ISMS (ISMS/ISO 27001-like)by explicitly linking cybersecurity and operational safety. Two deadlines : October 16, 2025 for airports, designers and manufacturers February 22, 2026 for airlines, MROs, CAMOs, ATM/U-Space providers and national authorities.
Why now?
Transport has become the 2ᵉ most targeted sector in Europe (11 % of cyber incidents in 2024). A faulty patch paralyzed Delta Air Lines in July 2024: 7000+ cancelled flights and an estimated loss of 500 M$ - a brutal illustration of a risk operational. In addition to "classic" attacks, the supply-chain and operational disruptions are of greatest concern; the average cost of a breach is estimated at 4.88 M$ (5.17 M$ if cloud). PART-IS therefore places cybersecurity at the heart of aerial continuitynot in the IT periphery.
Who is PART-IS for and what does it cover?
The scope covers digital systems whose reliability is a prerequisite for safe operations These include: on-board systems (e.g. FMS), traffic infrastructures (ATM/ANS), predictive maintenance, ground-to-board bridges, airport digital tools and the aircraft logistics chain. Obligations include airline operators, MRO/CAMO, manufacturers/OEMs, ATM/U-Space service providers and authorities - with a from start to finish to manage interdependencies.
Key requirements
Structured ISMS (policy, scope, roles).
Risk analysis regularly reviewed integrating safety impact.
Technical measures : appropriate encryption, access controlspatch management, network segmentationsupervision/SOC.
Incident management : detect < 24 h, notify authority, activate continuity & recovery.
Safety culture Role-based training, regular exercises (table-top, cyber-range).
Business value: why invest now?
Reduced risk of stoppage An efficient ISMS limits major interruptions and their operational costs.
Easy insurability demonstrable risk governance = often better coverage conditions.
Differentiation better cyber scores correlate with less of major incidents; a visible advantage in calls for tender.
Growing market aeronautical cybersecurity is making great strides - getting up to speed means anticipate.
Ready for a PART-IS blank test?
Start with a PART-IS diagnosis You'll have a clear vision of your project: critical scope and interfaces, key gaps, compliance plan with evidence in the right format. In just a few weeks, you'll have a clear course and presentable initial results.
