Toulouse, 22-23 April 2026 — The ECAC Study Group on Cyber Security in Civil Aviation met in Toulouse to review progress on developing new guidance in this area.
Responding to needs expressed by Member States at the 2025 Security Forum meeting, the group developed and endorsed a new document entitled "Best Practices for Conducting Cyber Security Audits and Inspections in the Aviation Security Domain".
This document supports Appropriate Authorities from ECAC Member States in assessing the compliance of cyber security measures implemented by airport operators, air carriers and other relevant entities, in line with ECAC Doc 30, Part II (Security) and the National Civil Aviation Security Programmes. It also includes an illustrative set of questions to assist national auditors when conducting aviation cyber security audits and inspections.
The group also discussed the draft guidance on criticality in aviation cyber security and agreed to develop the document further, particularly the section addressing the criticality of ICT systems and data from an aviation security perspective.
Looking ahead, the group prepared a survey to identify Member States’ needs for additional guidance or best practice material for development by the group in 2026 and 2027. The survey will be launched in early May 2026.