Don’t miss your compliance deadline.
Standing for “Part of the Implementing Regulation (EU) 2023/203 on Information Security in the Aviation System,” Part-IS establishes a unified set of rules and guidelines, aiming to ensure that entities within the aviation sector achieve a fundamental level of cyber security.
You may be aware of the changes that you need to make to comply to the regulation; but you’re concerned about the time, expertise and resources needed. Or you may be starting from scratch.
Whatever your situation, NCC Group is here to help.
Just one ‘Part’ of a global regulatory challenge
The aviation industry is rapidly adopting new technologies to improve efficiency and safety, reduce costs, and enhance the passenger experience.
However, this is leading to increased connectivity, and the sector’s cyber security risks increase as a result. Freshly adopted technologies is why many regulators want to establish measures for managing cyber and data risks in the aviation sector.
A key component of Part-IS is the need aviation companies to demonstrate their ability to identify cyber risks, protect against attacks, detect suspicious activity, respond effectively to incidents, and recover normal operations.
We're helping aviation companies assess their security posture, identify gaps, and implement controls aligned to industry best practices and Part-IS’s expectations.
Part-IS fact check
Who is in scope?
Part-IS applies broadly to The National Aviation Authorities (NAA) and virtually all licensed aviation organizations globally.
Deadlines?
Q4 2025 and Q1 2026; the deadlines differ depending on what type of organization you are within the aviation sector and supply chain.
Consequences of Non-Compliance?
The NAA may:
- Issue a warning letter.
- Impose fines.
- In severe cases, suspend or revoke the operating certificate.
Prominent standards and cyber regulations to be aware of:
- NIS/NIS2
- Cybersecurity Maturity Model Certification (CMMC)
- Part-IS(EU)/ISMS Regulation(UK)
- TSA cyber security requirements (US)
- DO-326A & DO356A / ED-202A & ED-203A
- DO-392 / ED-206
- FAA AC 119-1A (US) & ED-204A / DO-355A
Our support extends to all licensed aviation organizations worldwide, including aerodrome operators, air operators, air navigation service providers, designers, manufacturers, maintainers, “CAMO”, and trainers. This support spans the entire aviation ecosystem, aiming to maintain safety, availability, and public confidence.
Want to learn more about Part-IS?
Get our comprehensive guide to Part-IS which will help your organization achieve compliance, avoid fines and other penalties, from 2025:
Trusted experience securing the aviation sector
30
Years of industry experience
250 +
Aviation organisations supported by our services
54 +
Countries benefiting from our specialist aviation services
NCC Group’s specialist transport practice understands aviation companies' unique challenges in complying with Part-IS. As a leading cyber security partner to the sector, we're regularly helping aviation companies meet regulatory requirements and protect their systems and data.
We offer a comprehensive range of specialized services for our aviation clients, including:
- A thorough understanding of commercial aviation standards and regulations.
- Creating and supporting security policies – especially around emerging tech like AI.
- Vast experience of aviation systems and cyber security engineering engagements.
- Managed 24/7 cyber security detection and response.
- Penetration testing.
- Digital Forensics and Incident Response.
- Cyber Threat Intelligence and Threat Modelling.
- Escrow services.
- Safety assurance from our Adelard team - Assurance and Safety Case Environment (ASCE), which is the most widely adopted commercial software for the creation and management of safety and assurance cases.
Independently verified
NCC Group is a founding member of the Tailored Assurance Service (CTAS).
We are also accredited by the UK Assure scheme.
We vet our experts in line with CREST standards, and our CHECK teams undergo HM Government clearance to 'Security Cleared' level and higher.
Related resources
Part-IS CSR
Organize a Cyber Security Review which is meticulously aligned with Part-IS (and all aviation standards, if required), aiming to prepare your company achieve compliance against your relevant deadline.
Don’t miss your Part-IS compliance deadline.
Learn more about our specialist transport practice and how we’re supporting the aviation sector with their unique challenges in complying with Part-IS.