On 30 July 2020, the 11th edition (17th Amendment) of Annex 17 of the International Civil Aviation Organization’s (ICAO) Convention on Civil Aviation came into force. The Annex addresses the ‘Safeguarding International Civil Aviation Against Acts of Unlawful Interference’. The Chicago Convention – the first agreement between countries regarding civil aviation – was implemented on 7 December 1944, whilst the first edition of Annex 17 was published in 1975.
This latest 11th edition was first proposed in the United States in 2019 and the final text was approved in March 2020. In brief, it includes revised definitions, along with new and/or revised provisions on: vulnerability assessments; information sharing between States and stakeholders; training programmes and certification systems; access control; and, staff screening.
Over the last 45 years, ICAO has adapted its recommendations to its member States 16 times in response to international civil aviation needs. In my review of the document, I paid particular attention to the modification to Chapter 3.4, ‘Quality Control and Qualifications’. The changes made convey ICAO’s tougher position regarding the training and screening of staff involved in security at airports and airlines. This, in turn, emphasises the human factor in the security process, and acknowledges that the individuals responsible for maintaining security should receive proper training. ICAO’s recommendations address the capacity for member States to develop the right training programmes, the right quality control programmes and, more importantly, the capacity to ensure that these programmes are properly implemented and controlled.
In the past, technology’s role was prioritised and, while the human factor was not ignored, it was not given adequate consideration. Much training was conducted by technology manufacturers, and security procedures were written by them in favour of their technology. This was supposed to eliminate the risks associated with the human factor and the number of security workers. It was, of course, well received by airports, which benefited from lower operating costs, especially in countries where manpower is expensive.
Another significant modification to the text of the Annex is the use of “shall” instead of “should”. This apparently very small change transforms ICAO’s previous requests into demands, forcing civil aviation authorities (CAAs) to adopt certain controls. This will impact on many authorities, requiring them to modify their national civil aviation security programmes in response.
Chapter 3.4 also identifies an especially important matter regarding background screening of aviation security personnel – not just at the point of recruitment, but periodically throughout each individual’s employment. ICAO recognises the complacency that is pervasive throughout many countries with regards to background screening, but once we fully appreciate terrorists’ abilities to infiltrate organisations and infrastructure and radicalise individuals, ICAO’s more vigorous stance is fully justified. Again, this stance will demand more focused action from CAAs vis-à-vis their airports’ operators and their sub-contractors.
The ICAO position demands that: “Each Contracting State shall ensure that the management, setting of priorities and organization of the national civil aviation security quality control programme shall be undertaken independently from the entities and persons responsible for the implementation of the measures taken under the national civil aviation security programme”. This is a big change for many CAAs as, usually, they require airport security operators to control themselves and their sub-contractors, their security capability, and their training.
Today, many security operators propose their own auditing, testing and training processes, and simply ask their CAA to approve them. This is due to the fact that most CAAs are not sufficiently well-versed in both the nature of the threat to which the industry is exposed or have a sufficient understanding of the requisite operational countermeasures at any given location to be able to draft such programmes; this can result in lengthy delays to the approval process.
Aliquis non debet esse judex in propria causa, quia non potest esse judex et pars. (No-one should be the judge of his own cause because you cannot be judge and party). ICAO understands this point clearly and is therefore implementing a totally new process to ensure the industry addresses it too.
At the time of writing, I cannot yet see any significant changes as the new Annex was only approved in March and has come into force just four months later; however, we hope that all contracting States will make the changes necessary to comply. We are happy to see that relevant security issues continue to be monitored and evaluated by ICAO and that new amendments continue to be proposed (imposed) in response to information collected on the ground.
Jean-Marc Demoulin, AVSEC PM (ICAO) is Managing Director, SRDI SA, Luxembourg. His company won the award for Best International Civil Aviation Security Organisation in the 2019 Benelux Enterprise Awards for 2019.