+65 6956-6170 [email protected]

Stifle your initial yawn – our lives depend on a technical oxymoron of innovation & certitude.

You have surely wondered at the checks & balances, the machinations & controls that go into realising the approvals on the aircraft in which you fly. Fear not – they are extensive, but fear(!) – inevitably there is an element of compromise.

First and foremost, aircraft certification is not given in the belief that it will prevent accidents. Anything that defies gravity and leaves terra-firma, is certain, now-and-again, to come down unexpectedly and with a big bump. The aim of regulatory authorities is to seek to minimize design and human error as a cause, and to put controls in place by exacting technical and operational systemization. But as is now common in any risk analysis, acceptable risk is not zero risk.  In aviation it is 0.002%. In other words, when you fly you have a 99.998% of reaching your desired destination (albeit, not always in a timely manner !!). As a measure of overall safety, this far exceeds that of ground transportation that you use most days. But, notwithstanding this elevated targeting, the process is not without surprising discrepancies.

The world of aviation is based on a baseline set of regulations (in massive tomes) drawn up by the International Civil Aviation Authority (ICAO), now effectively the aviation arm of UNO (the United Nations). Dull as puddle water, its origins were a riveting bit of history, dating back to 1944 during the still uncertain and intense hostilities in the latter years of WW-II.  

Recognizing that aircraft now transporting bombloads of destruction, would one day carry passengers and freight in similar quantities, all parties to the war gathered in Montreal, Canada to agree a set of baseline regulations for the conduct of commercial aviation once the war was over – whoever won it. The logistics of getting everyone to that meeting and the underlying diplomacy which produced the final declaration (below), is as extraordinary as the regulatory document is dull – and it is very dull! Also, to this day, ICAO remains based in Montreal.

On that foundation three main aviation genus have evolved, inevitably based aviation hubs of design, innovation, and manufacture – the American FAA, the European EASA, and the Russian ‘WhatevA’!  Roughly 90% of aviation is controlled by the first two and that in most of the former Russian empire (the USSR) by the latter. As is true for most things Russian, the devil is in the (lack of) detail. That doesn’t make Russian designs bad – indeed they build robust aircraft, particularly helicopters. But historically lower levels of control and verification have led to higher levels of risk**, albeit matched by significantly lower cost of purchase (an 18 Pax. helicopter in ‘the West’ costs more than 5 times that of an equivalent manufactured in Russia).  Fortunately, now (or at least until the invasion of Ukraine), with most commercial aircraft operated by Russian airlines being of western manufacture, there is a better alignment in accident statistics.

(**By way of example, there are similar numbers of aircraft on the Russian and UK registers but, over the last 50 years, with more than five times the accident rate in Russia)

Not surprisingly there is a high level of commonality between the two western systems which themselves form the basis of most other global national regulatory practices (even in China) – with nations’ choice of US or EU alignment typically being based on countries’ historical alignments.

So, the regulatory big picture is multi-tiered. ICAO approves a country to operate the aircraft on its register internationally but has no control, only influence, in what goes on within each country’s internal airspace. There, the National Civil Aviation Authority, going under many different names, but to which here we will refer as ‘the NCAA’, certifies each air operator by periodic award of an AOC (Air Operator’s Certificate) and each registered aircraft by issue of an annual CofA (Certificate of Airworthiness). You’ve guessed it – the potential for corruption is rife!!  And there is another issue, the dual hatted nature of NCAAs – to both promote and to regulate their national aviation industries. These two roles are, in the main, incompatible and is an issue that remans largely unresolved as exemplified, in part, by the Boeing Max-saga discussed in an earlier article on this site. As such, while the regulations are based on the ICAO baseline with FAA or EASA alignment, the quality of the detail and consistency of its implementation by NCAAs varies enormously.

The principal control in this regard is ICAO through a single sanction – the right to deny corrupt nations’ aircraft the right to use international airspace. Of course, they don’t shoot down a sanctioned nation’s aircraft if they stray outside their national airspace, but ICAO can decertify any international airport which allows them to land – a fully effective commercial sanction. Unfortunately, such NCAA declassification by ICAO is only used in extremis, with less than a dozen (mostly small and backward) countries thus black-listed.

The certification process, like everything in life, is subject to financial limitation. In all aspects of regulation, there is just not enough money available to do things ‘properly’ across the board. So, under ICAO rules, the regulatory focus is on the carriage of passengers. Hence, as a general principal, the less the passengers on an aircraft type or mission profile, the less the regulation. This is reflected in the ICAO specified levels of certification, with increasing degrees of monitoring at each level along these lines: –

  • Experimental – this is what all aircraft fly under during the certification process under FAA/EASA. Aircraft are limited as to when and where they can fly, what flight profiles are followed and with whom on board. Each series of test flights is endorsed by the National Authority with approvals of subsequent steps being subject to the reporting of the previous series. Some wild things can go on within this category and it is here that most aviation technical development occurs.
  • Aerial Work – this is the lowest level of certification under which aircraft can fly ‘for hire & reward’ basically only for freighting or specialist missions. Pax. on board are limited to crew members. This includes such things such as cargo carriage, heavy-lifting, forest firefighting, logging, aerial advertising, aerobatics, paramilitary agency marine surveillance and pilot training. Transport Category aircraft (see below) can recertify themselves at this lower level to do specific jobs. So, if you want to do something ‘extra-ordinary’ with an aircraft, this is the way to go.
  • Transport Category – this is for the carriage of fare-paying passengers (Pax.) and under ICAO regulations is evidently the most highly controlled. However, within a national context, this again is to various levels.
    • Part-91: is for private aircraft servicing a restricted & specified range of Pax. such as corporate business jets, flying clubs and the like. Controls & limitations are kept to a minimum, it being very similar to Aerial Work. Even more lofty service providers such as Airforce-One in the USA and the Queen’s (now King’s) Flight in the UK, nominally are also likely to be operated under this category.
    • Part-135: is for General Aviation (GA) including all charter operations. So if a business jet is offered for charter, it must upgrade to this level. On the technical side, the level of service provider surveillance and controls is essentially the same as Part-121 (below) but with less stringency on operating criteria and passenger controls.
    • Part-121: is for Commercial Aviation. As such, any Airline accepting ad-hoc, fare-paying Pax., must operate to these most stringent criteria where everything is done to the highest standard, in accordance with a proscribed and documented methodology from which no deviation is permitted.

Not surprisingly, the US-FAA and the European EASA use the same certification benchmarks, but separately developed.  But with their respective aircraft designs now only differing in the detail, the two set of regulations have steadily become more aligned to the point of being almost identical. Only the Russians hold out to their own (lack of) rules and for that reason, while designing robust and relatively inexpensive aircraft, they can only use them for carriage of Pax. within their (albeit massive) national borders. As yet, and not for want of trying, none of the established Russian-built airliners have achieved EASA/FAA certification standards. However, a new generation of Russian (and Chinese) aircraft designs are stumbling uncertainly towards that goal.

The big difference between EASA and the FAA is in the method of certification of new aircraft types.  The US-FAA is a tortuously labyrinthine bureaucracy, while the Europeans, while still ever the bureaucrat, the style is more corporate than governmental. So, while in the US certification is at fixed rates based on the nature of the task, in Europe it is man-hour related. So, while this makes European certification more expensive (which, since the OEMs there have access to low-cost government loans, to the fury of their US competitors, the European counterparts can afford), it is also quicker and more adaptive, as the Authority is as much a Service Provider as a Government Agent.

The Brits (as is their eccentric way) have taken this to an extreme. In the 1930s, as aviation became a mainstream service and the government sought to legislate, the industry kicked back and formed a self-regulating body – as such the UK-CAA fulfils the same regulatory role but, as a Non-governmental Organisation (NGO), it is largely funded by the industry it regulates. As such, in the UK, certification is a contractual task with obligations on both sides and the ability to sue if the Regulator fails to provide the agreed certification within the contracted timeframe.

As a result, while with EASA and the FAA, the onus is on the OEM to demonstrate that a product is safe, in the UK it is the other way round, with the onus is on the CAA to substantiate that a product is unsafe to require its modification. The path to certification in the UK is thus surer, but a lot more expensive. The one bonus of FAA certification is that the experimental category which, being a domain dominated by DARPA (the Defence Advanced Project Agency), extremes are acceptable. The European experimental counterparts are typically more conservative. It is for this reason that the USA now leads in most aspects of aeronautical development.

Underlying the above systemisation and controls are financial realities – money still talks! In truth, no electro-mechanical device testing and certification is fool proof. But at least in cars it reflects the vehicles’ guarantee period. With aircraft, as a function of operating costs and development timeframes, the level of testing during the certification process gets nowhere near to this. Typically, the process from first flight to type certification takes some 3-5 years and with barely a couple of a thousand hours of test flying – and with the latter flight hours typically spread over several test aircraft (hence, with only a few hundred hours on each unit).

This is driven purely by commercial pressures and ALARP principals.  So, notwithstanding certified airworthiness by the FAA/EASA, the parties in the sale any new aircraft type, will have little idea of what will happen in the latter part of the 5 year or 5000 flight-hours typically covered in an aircraft guarantee period, and not an inkling of what might occur thereafter (a typical aircraft life being some 30 years and/or more than 40,000 flight hours – choppas rather less). So, even the best and most exacting of aircraft designs can have awful incidents.  

An example of this occurred in one of the most powerful, hence safest, of helicopters. Having passed the normal certification process with flying colours and taken the market by storm, as a function of its very high-power output, after 3000+ hours of flying a few individual aircraft experienced serious tail-rotor problems with a few of them dropping-off in flight!!  With the half-dozen test vehicles each having only flown less than 1000 hours under test, there was no way such failure could have been reasonably predicted.

A detailed design review immediately imposed by the OEM Regulatory Authority quickly produced an effective solution, and there have been no problems since.  But sometimes, driven by commercial pressures, technical solutions can be fudged. There is an example of a much-used Part-121 Airliner flying to this day with such an egregious compromise. Like any cell phone its lithium battery at the core of the electrical system risks severe overheating and associated fire-risk. The Authorities of course suggested a different battery be used.  However, there was none on the market with the required capability and output. Such predicated a restructuring of the aircraft electronic design which at such a late stage in the certification process was commercially unthinkable. The fudge therefore was to accept the risk but to mitigate it by locating the battery in a specially designed fireproof compartment. So, to this day, hundreds of these airliners are flying with a potential fire-bomb encased in its technical core.  While such has been shown to meet acceptable ALARP and Risk Management criteria, subjectively it is somewhat unnerving and clearly shows the financial constraints on the certification process.  

Unfortunately, almost every new aircraft type experience something similar. Regulatory Authorities therefore oblige and formalize the end-user community reporting of all failures and, where deemed a risk to flight safety, aircraft by type or batch can be immediately grounded by issue of an ASB – Alert Service Bulletin (ASB) – by the manufacturer. This is then rapidly endorsed by the OEM Regulatory Authority by issue of an ASR (Aircraft Servicing Requirement) or an AD (Aircraft Directive). These remain in force until the failure is corrected or mitigated. Typically, this will be measured in days or weeks, but in the case of the B737-Max, it took almost two years.

And talking of the Max., one of the aspects of this sorry tale that the scandalising multi-media made a feast of, was that the OEM Quality department did many of the FAA certification tasks in-house. This was seen as corporate duplicity. It is, in fact, a norm throughout the aviation industry.  The FAA annual budget, along with every other NCAA in the world, is insufficient for the task.  So, there are never enough inspectors not least because, anyone qualified for that role, can earn a lot more money in the commercial sector that is being inspected – so there is no waiting list of applicants. As a result, QA (Quality Assurance) managers world-wide are twin-hatted, reporting both to the CEO of the Airline and the Technical Directorate of the NCAA. 

This works because it takes a lot of graft to get an engineering license – at some 10 years, it is significantly longer than, say, a doctor: and a QA license is only awarded to folk having many years experience in engineering management.  As such, it is effectively the top of the technical tree, and no-one there will allow an ‘amateur’ CEO/CFO to put his valuable and hard-earned license at risk by demanding he cover-up any incident that may occur within an air operator! The Boeing Max saga was a very rare exception to this rule.

In summary, the only way to guarantee safety in aviation, is not to fly. So, while the process of aircraft certification is far from flawless, the systematic and frequent checks and balances of every process, and every electro-mechanical part of an aircraft, ensures that the level of risk is significantly less than that relating to an outing in your car. But systems are only as good as the humans that implement them so, as on the road, one should keep a beady eye out for folk who do not look after their vehicles properly!