FAQ

A Regulated Agent is an air carrier, agent, freight forwarder, or another entity that implements and applies security control measures for cargo or mail. Their role is to ensure that consignments entering air transport are properly secured, which is a key element of the functioning of the secure supply chain within the European Union.

The procedure includes submitting an application to the Civil Aviation Authority for approval of the entity, the security programme, and the required declarations and statements resulting from European and national regulations.
The final stage is an on-site verification conducted at the Regulated Agent’s location, during which compliance with the requirements and procedures described in the security programme is verified. Following a positive assessment, the entity’s details are entered into the Union database on supply chain security.

Obtaining Regulated Agent status is not only confirmation of high aviation security standards, but also brings tangible operational benefits. These include the possibility of exemption from security screening of cargo received from entities participating in the secure supply chain, reduced costs and handling times, and enhanced credibility and competitive position in the air cargo market.

A Known Consignor is an entity that sends cargo or mail on its own account and whose security procedures comply with the common rules and standards set out in European Union and national regulations. As a result, consignments marked with SPX status may be transported on any aircraft without the need for full security screening.
The Known Consignor represents the first and key element of the secure supply chain.

To obtain Known Consignor status, the entity submits an application for approval to the Civil Aviation Authority, together with a security programme, a declaration of commitments, and the statements required under European and national regulations.
This is followed by an on-site verification at the Known Consignor’s premises to confirm that the procedures comply with the requirements and the procedures described in the security programme. After a positive verification, the consignor’s details are entered into the Union database on supply chain security.

Holding Known Consignor status delivers tangible operational and reputational benefits. These include the possibility of exemption from cargo security screening when cooperating with Regulated Agents, reduced handling time and costs, and enhanced credibility and competitiveness in the air cargo transport market.

An Approved Haulier is an entity carrying out ground transport on behalf of a Regulated Agent or a Known Consignor and is responsible for maintaining the integrity of air cargo and air mail for which security control measures have already been applied.
Its procedures must comply with the common security rules and standards in order to ensure an uninterrupted and secure flow of cargo within the Union supply chain.

To obtain Approved Haulier status, the entity submits an application for approval to the Civil Aviation Authority, together with a security programme and a declaration of commitments. The President of the Civil Aviation Authority verifies the documentation and conducts an interview with the person responsible for the implementation of the security programme and the application of security procedures.
Following a positive assessment, the haulier’s details are entered into the Union database on supply chain security. The status is granted for a period of one year, during which time the haulier is subject to on-site verification.

Obtaining this status is not only the fulfilment of an obligation that will become a legal requirement as of 1 January 2027, but also brings a range of tangible benefits. These include exemption from security screening of cargo originating from entities participating in the secure supply chain, reduced operational costs, shorter transport times, and enhanced credibility and competitive position in the air cargo transport market.

A Regulated Supplier of Airport Supplies is an entity whose security procedures comply with the common security rules and standards, enabling the delivery of supplies to restricted areas of airports. Its role is to ensure that delivered goods, materials, and equipment are properly protected and comply with the requirements of European Union and national civil aviation security regulations.

In accordance with the proposed regulations, an entity applying for Regulated Supplier status will be required to submit an application for approval to the Civil Aviation Authority, together with a security programme and a declaration of commitments.
The final stage of the procedure will be an on-site verification, aimed at confirming that the implemented measures comply with EU and national requirements.

This status will enable the delivery of supplies to restricted areas of airports without the need for security screening of supplies. In addition, it will allow the application of uniform security procedures across multiple locations covered by the security programme and the acquisition of a universal status granted by the Civil Aviation Authority, recognised at all airports.
This brings tangible benefits, including reduced costs, shorter delivery times, and enhanced credibility and competitive position in the airport supplies market.

A Known Supplier of Airport Supplies is an entity whose security procedures comply with the common security rules and standards, enabling the delivery of supplies to restricted areas of the airport. Its activities constitute a key element of airport supply operations, ensuring that supplies do not pose a threat to civil aviation security.

To obtain Known Supplier status, the entity submits a security programme and a declaration of commitments to the airport managing body. The airport managing body verifies the completeness and adequacy of the security programme and subsequently assesses its practical implementation.
In terms of security, the status is granted to entities that meet all security requirements and do not demonstrate any irregularities during the assessment.

Obtaining Known Supplier status allows supplies to be delivered to restricted areas without the need for individual security screening on each occasion. This results in simplified procedures, reduced costs, shorter delivery times, and increased credibility of the company. In addition, cooperation with other entities applying aviation security control measures—such as airport managing bodies or regulated suppliers—strengthens the company’s market position.

A Known Supplier of In-Flight Supplies is an entity whose security procedures comply with common rules and standards, enabling the delivery of supplies to air carriers or Regulated Suppliers of In-Flight Supplies. Although such a supplier does not deliver directly onto the aircraft, its activities constitute a key element of the supply chain, ensuring a high level of security throughout the preparation and distribution process of in-flight supplies.

In order to obtain Known Supplier status, an entity submits a security programme and a declaration of commitments to the Regulated Supplier of In-Flight Supplies to whom it delivers its products. The designation is granted following a positive verification of the adequacy and completeness of the security programme and confirmation that the implemented procedures are properly applied without irregularities.

Obtaining this status allows in-flight supplies to be exempt from security screening before being introduced into restricted areas of the airport, which significantly streamlines the logistics process.

Additionally, this status helps reduce operational costs, accelerate deliveries, and enhance the company’s credibility with air carriers and aviation industry partners.

The primary difference lies in the scope of responsibility and the level of authority in the delivery process.

• A Known Supplier of In-Flight Supplies delivers supplies to a Regulated Supplier or an air carrier, but not directly onto the aircraft. They are designated by the Regulated Supplier, to whom they hand over the supplies, and their procedures are assessed at a local level.

In contrast, a Regulated Supplier of In-Flight Supplies is approved by the Civil Aviation Authority and may deliver supplies directly onto the aircraft. They are responsible for the entire security process for the supplies, which reflects the highest level of trust and full compliance with EU requirements.

A Regulated Supplier of In-Flight Supplies is an entity whose security procedures comply with the common security rules and standards, enabling the direct delivery of supplies onto aircraft. Its activities are crucial for maintaining the integrity and security level of in-flight supplies.

To obtain Regulated Supplier status, the entity submits an application for approval to the Civil Aviation Authority, together with a security programme and a declaration of commitments. CAA inspectors then carry out an on-site verification to confirm that the implemented procedures comply with EU regulations and the security programme requirements.

This status allows in-flight supplies to be delivered without the need for additional security screening before entering restricted airport areas.
It streamlines logistics processes, reduces operational costs, and speeds up delivery handling. In addition, verified status enhances the company’s credibility and competitive position in the aviation supply services market.

Internal quality control is a set of activities that enables systematic assessment of the effectiveness and compliance of civil aviation security procedures with applicable regulations. For entities that are not airports, it includes three main forms: internal audit, internal inspection, and internal testing.
The goal is not only to confirm compliance with legal requirements but also to continuously improve processes and raise the level of civil aviation security within the organization.

Regularly carrying out internal quality control activities allows organizations to identify potential irregularities and threats in real time, improve procedures, and verify the effectiveness of applied security measures. It is a key element of aviation security, ensuring that the system operates in a consistent, efficient, and regulation-compliant manner, aligned with both national and EU requirements.

The Avsec.pl team consists of certified AVSEC instructors and internal auditors who provide comprehensive support in planning, conducting, and documenting control activities.
Thanks to the modern Avsec Connect platform, organizations can easily manage documentation, monitor audit and inspection results, and maintain full compliance with legal requirements. This practical solution combines expert knowledge with technology to streamline everyday work.

Every entity conducting aviation activities is required to implement and maintain internal quality control in accordance with the Regulation of the Minister of Infrastructure of 5 November 2020. This includes systematically monitoring the effectiveness of applied security measures, documenting the results, and reporting any irregularities to the President of the Civil Aviation Authority (ULC).

The annual schedule is a plan of control activities that each aviation entity must prepare by 31 December for the following year. It is developed based on a risk assessment and takes into account the nature of operations, the number of locations, and the types of activities performed. The schedule provides a basis for the systematic execution of audits, inspections, and tests, ensuring continuous oversight of all elements of the security system.

Every control activity must be fully documented. Entities are required to:

• Retain documentation for at least three years after the completion of the control;
• Immediately inform the President of the Civil Aviation Authority of any identified irregularities and the planned corrective actions;
• Submit an annual report on internal quality control to the Civil Aviation Authority by 31 January of each year.

These actions ensure transparency and maintain a high level of security across the aviation sector.

An internal auditor is a person with the appropriate qualifications and authorizations granted by the President of the Civil Aviation Authority (ULC), responsible for carrying out and monitoring internal quality control activities. Their role is to provide an independent assessment of the compliance of procedures with applicable regulations and to enhance the civil aviation security system by identifying areas that require improvement.

The core tasks of an internal auditor, in accordance with §18 of the Regulation on the National Quality Control Program, include:

• Preparing documentation necessary for conducting controls;
• Conducting internal audits, internal inspections, and internal tests;
• Reporting significant irregularities to persons authorized by the organization;
• Preparing post-control reports and recommending corrective actions;
• Maintaining confidentiality of the control results.

The auditor operates independently from the personnel managing security services, ensuring objectivity in their work.

To obtain certification as an internal auditor in civil aviation security, candidates must meet the requirements set by the Civil Aviation Authority, including:

• Documented professional experience;
• Completion of specialized training;
• Passing enhanced background check;
• Successfully passing a certification exam.

Once these conditions are met, the President of the Civil Aviation Authority issues a certificate, authorizing the individual to perform internal quality control activities on behalf of entities operating in the aviation sector.

Approval of EU aviation security measures is a formal, documented process of assessment designed to confirm that an entity meets the requirements set out in Regulation (EC) No 300/2008 and its implementing acts. This procedure includes the analysis of security documentation, verification of implemented measures during an on-site verification, and evaluation of compliance with applicable European Union standards.

Approval can be carried out by the competent national authority (e.g., the Civil Aviation Authority) or by a EU Avsec Validators acting on behalf of that authority.

Obtaining approval confirms that the entity applies security measures in accordance with common standards recognized throughout the European Union. In many cases, it is a prerequisite for obtaining or maintaining legal status under Regulation (EC) No 300/2008.
Importantly, this approval is recognized by all EU Member States, facilitating international operations and enhancing the organization’s credibility in the civil aviation sector.

An EU AVSEC Validator is a natural or legal person appointed by an EU Member State, authorized to carry out assessments of compliance with aviation security measures. Their role is to conduct independent and objective verification to ensure that an entity meets the requirements set out in Regulation (EC) No 300/2008 and its implementing acts, particularly regarding the security and quality of applied procedures.

A candidate must:

• Be independent from the industry in which they will perform validations;
• Possess appropriate competence, theoretical knowledge, and practical experience in aviation security, quality control, and EU regulations;
• Successfully undergo enhanced background check;
• Act in an impartial and objective manner, avoiding conflicts of interest;
• Regularly participate in periodic training to maintain and develop their competencies.

These requirements are specified in Chapter 11 of the Annex to Commission Implementing Regulation (EU) 2015/1998.

The list of EU AVSEC Validators is publicly available in the official European Commission database at:
https://ksda.ec.europa.eu/public/screen/home

To find the appropriate validator, select “EU AVSEC Validators” in the Type field.

It is recommended to choose validators who, in addition to meeting EU requirements, also have strong knowledge of national regulations and operational realities in the Member State concerned.

According to the Act on the Protection of Classified Information of 5 August 2010, every entity conducting aviation activities that involve processing classified information is required to appoint a Plenipotentiary for Classified Information Protection. This person is responsible for organizing, supervising, and ensuring compliance with information protection rules, including proper storage, record-keeping, and access control for classified materials.

The Plenipotentiary is responsible for comprehensive management of the classified information protection system within the organization. Their tasks include:

• Ensuring effective protection of classified information;
• Conducting periodic inspections and audits (at least once every three years);
• Developing and updating information protection plans and instructions on how classified information should be processed;
• Training personnel on the principles of classified information protection;
• Supervising the proper circulation of documentation.

Avsec.pl operates a Classified Materials Handling Point, providing:

• Secure storage of documents marked as “Restricted”;
• Full handling of circulation and record-keeping of classified materials;
• Support for the Plenipotentiary for Classified Information Protection;
• Verification of classification levels and monitoring access rights for personnel handling classified materials.

This ensures that organizations working with Avsec.pl can be confident they meet all legal and security requirements.

Training in the protection of classified information is a statutory requirement under Articles 19 and 21 of the Act on the Protection of Classified Information of 5 August 2010. Completion of the training is a prerequisite for gaining access to classified information. Training is also mandatory for the Plenipotentiary for Classified Information Protection in accordance with §2.1.12 of the National Civil Aviation Security Program.

The training aims to provide knowledge of information protection principles, legal regulations, responsibilities for violations, and methods of responding to threats or unauthorized disclosure of classified information.

Depending on the group of participants, training is conducted by:

• Internal Security Agency (ABW) or Military Counterintelligence Service (SKW) – for security plenipotentiaries, their deputies, sole proprietors, and heads of entities without a designated plenipotentiary;
• ABW or SKW together with the Plenipotentiary for Classified Information Protection – for heads of units handling information classified as “Secret” or “Top Secret”;
• Plenipotentiary for Classified Information Protection – for other personnel performing duties within the organizational unit;

ABW – for Members of Parliament and Senators.

According to the law, training in the protection of classified information must be conducted at least once every five years. In practice, more frequent training is recommended, especially in cases of legal changes or organizational restructuring.

At Avsec.pl, training is delivered by a Plenipotentiary for Classified Information Protection with the appropriate authorizations. Courses are organized for entities cooperating with Avsec.pl under agreements covering classified information protection. Participants gain practical knowledge of protection principles, risks, and obligations related to handling classified information.

According to the National Civil Aviation Security Programme (KPOLC), entities such as airport operators, air carriers, regulated agents, known consignors, regulated suppliers of in-flight supplies, and institutions providing air navigation services are required to:

• Identify critical aviation information and communication technology systems (KLST);
• Assess risks and implement appropriate protection measures;
• Develop and implement procedures to prevent and respond to cyberattacks;
• Ensure personnel have the necessary qualifications and awareness regarding cyber threats.

These measures are designed to protect the integrity, confidentiality, and availability of data critical to the safety of aviation operations.

Entities recognized as operators of essential services (under the Act of 5 July 2018 on the National Cybersecurity System) are subject to more advanced and stringent requirements than standard aviation sector entities. Instead of following KPOLC requirements, they must comply with national cybersecurity regulations, including obligations for incident reporting, security audits, and applying high standards for the protection of ICT systems.

Avsec.pl provides comprehensive support in cybersecurity, including:

• Training approved by the President of the Civil Aviation Authority, compliant with Section 11.2.8 of the Annex to Commission Implementing Regulation (EU) 2015/1998;
• Advisory services for identifying KLST and implementing protection measures against cyber threats;
• Support in developing and improving internal digital security procedures.

By combining expert knowledge and experience in civil aviation security, Avsec.pl helps organizations effectively protect their information assets and critical infrastructure.

Training is offered under a cooperation agreement. The price depends on the scope of the training conducted in accordance with the National Civil Aviation Security Training Programme and Avsec training programmes approved by the President of the Civil Aviation Authority. Payment is made according to the terms set out in the cooperation agreement.

The duration of the training depends on the type of course conducted in accordance with the National Civil Aviation Security Training Programme and Avsec training programmes approved by the President of the Civil Aviation Authority. Training is delivered in the form of lectures, exercises, or practical sessions. Avsec also offers e-learning courses approved for periodic training for selected types of courses.

To attend civil aviation security training, participants must successfully pass a background check. Training is delivered as lectures, exercises, practical sessions, or e-learning depending on the course type and in accordance with the National Civil Aviation Security Training Programme and the approved Avsec training programme. Exams are conducted either in writing on-site or via the Avsec Control platform. Upon passing, participants receive a certificate in Polish, English, or German.

The certificate is valid for three years from the date of completion of the training. If the exam is not passed after two attempts, participants must retake the training.

All Avsec training courses are conducted by instructors approved by the President of the Civil Aviation Authority (ULC) for civil aviation security training. This ensures that participants receive courses in full compliance with applicable regulations and the highest standards of civil aviation security.