Overview
Commission Delegated Regulation (EU) 2022/1645 is an amendment to Regulation (EU) No 748/2012, introducing cybersecurity management requirements in Subparts J and G of Part 21 for Design Organisations (DOs) and Production Organisations (POs). These entities are required to implement and maintain an Information Security Management System (ISMS) to identify and manage security risks impacting aviation safety, establish incident reporting mechanisms, and ensure continuous improvement in cybersecurity. Key challenges include integrating ISMS with existing safety systems, managing compliance with evolving regulations, and addressing supply chain and cultural resistance issues. The regulation aligns with EASA cybersecurity rulemaking and addresses risks like legacy system vulnerabilities, remote work security, and insider threats.