Agreements, rules and policies

Potential customers shall fully acquaint themselves with the Eligibility and Accountability Conditions prior to requesting access to the NM Operational Services and Products.

In order to protect the data of EUROCONTROL’s operational stakeholders and to ensure a smooth running of operations, EUROCONTROL has published strict rules for the use of data, for operations security, and for acceptable behaviour:

The customer is granted access to the Network Operations Systems and networks only for operational ATFCM purposes and for ATM related studies.

The customer shall not, under any circumstances, convey to third parties* information about Network Operations Systems and networks (such as the exact names or network addresses of the Network Operations Systems, the topology of the networks, personnel lists, user-IDs, passwords, etc.).

Upon any breach of the NM Operations Security Rules applicable to the NM B2B Web Services by the customer or customer’s individual user, EUROCONTROL may in its entire discretion immediately suspend or terminate the customer’s access to this NM B2B Web Services and Network Operations Systems.

The customer shall ensure that:

• accounts (digital identities) provided for access to NM Services (whether user accounts, certificate and/or other means of identification) and associated means of authentication (whether password, certificate private keys, hardware or software token) are not shared or distributed with any other third party (individual or organisation) without the prior and explicit authorisation of EUROCONTROL;
• digital identities are used for the sole purpose they have been provided for;
• information, devices and tools relating to digital identities and their associated means of authentication are protected from any misuse by third parties;
• software components provided are not distributed, copied to third parties or otherwise installed on third party systems;
• knowledge of misuse and/or attempted misuse, weaknesses or of information relating to possible threats to the services are immediately reported to EUROCONTROL, and
• data exchange on the NM WAN and resource usage on NM Services is strictly limited to operational needs.

The customer shall not:

• misuse or attempt to misuse the NM Services provided whether by exploitation of any weakness, usage of another users accounts or customers identity, or resource exhaustion;
• circumvent or attempt to circumvent security measures in place;
• without the explicit prior authorisation of EUROCONTROL, publish or otherwise make available to unauthorised third parties information on other customers (i.e. namely any data held in the Network Operations Systems);
• tamper or attempt to tamper with information of other customers (for example flight information), and
• copy user tokens and/or certificate to simultaneously attempt to access NM Services from more than one (1) computer device (PC, tablet, iPad, Mac, etc.).

The customer shall implement organisational, logical and physical protective measures to protect Network Operations Systems and networks.

EUROCONTROL reserves the right to:

• monitor and audit at any time and without prior notification to the customer all activity conducted on the NM Services. This includes the capture and storage of information relating to the use of NM Services and Network Operations Systems. Information captured may subsequently be transferred to law enforcement authorities.
• restrict or otherwise limit the access to the NM WAN and/or other EUROCONTROL resources and services.

The customer shall be fully accountable for any activities conducted towards Network Operations Systems or with digital identities the customer is entrusted with.

Non-compliance with these NM Rules by the customer (or his staff) will result in the temporary or definitive loss of access and consequent termination of the access to the corresponding NM Service/s.

If wilful misconduct is suspected, EUROCONTROL reserves the right to transfer the information to appropriate law enforcement authorities.

*except to third parties which host/run/operate the customer’s DDS4AO client system on behalf of the customer, such as cloud providers.

The obligations of Aircraft Operators regarding Flight Planning, ATFM and Airport/Flight Plan consistency are defined in the relevant EU Implementing Rules and the Network Operations Handbook. Any deliberate or repetitive non-adherence to these rules and procedures is considered as unacceptable behaviour.

The following paragraphs describe the types of abuse that may occur and provide some examples of unacceptable behaviour. The paragraphs do not constitute an exhaustive list.

Adjustments to EOBT

Adjustments to the Estimated Off-Block Time (“EOBT”) take place mainly for legitimate reasons but may also result from attempts to abuse the ATFCM System. Adjustments include the use of Delay (“DLA”) and Modification (“CHG”) messages. The Aircraft Operator shall always file the EOBT which, at the time of filing, is known to be the true EOBT. For flights subject to ATFM, this EOBT shall be updated if it becomes known that it will vary by 15 minutes or more. It is not necessary to notify changes of the EOBT of less than 15 minutes unless expressly notified by EUROCONTROL for specific reasons.

Knowing the true EOBT is essential to ensuring that the required regulations are applied accurately, and with minimum impact on Aircraft Operators. It also avoids creating unnecessary regulations for areas where demand actually meets capacity, or is close to capacity.

Finally, it is the basic prerequisite for ensuring fair treatment between all Aircraft Operators.

Unacceptable behaviour with respect to adjustments to the EOBT, consists in one or more of the following actions:

• Filing an EOBT which is not the true EOBT of the flight.
• Filing an EOBT which is not consistent with the planned departure time in the company schedule.
• Filing an EOBT which is not consistent with the airport slot where applicable.
• Adjusting the EOBT to an EOBT which is not the true EOBT.
• Adjusting the EOBT by a series of small increments.

Filing an EOBT which is earlier than the opening hour of the airport minus the taxitime e.g. Opening hour 0600 Taxitime in Enhanced Tactical Flow Management System (“ETFMS”) is 15 minutes, earliest EOBT = 0545.

Flight plans

The use of multiple flight plans wastes valuable slots even if the duration of the flight plan duplication is very short.

Filing a flight plan for a flight whilst another flight plan for the same flight is still active constitutes unacceptable behaviour.

ATFM/IFPS messages

ATFM/IFPS Messages are intended for specific purposes, which are defined in the Network Operations Handbook.

Unacceptable behaviour with respect to ATFM/IFPS Messages consists in one or more of the following actions:

• Using ATFM/IFPS Messages for other than their intended purpose.
• Using multiple messages which cannot be justified by operational reasons. This includes the use of multiple DLA or CHG messages.

Exempted flights

Exempted flight status is granted to those flights that fulfil specific criteria, for example ‘Search and Rescue’ and ‘Head of State’ or when approved by the relevant National Authority.

Unacceptable behaviour with respect to Exempted Flights consists in one or more of the following actions:

• Cancelling a flight plan that has received a delay and resubmitting it with an “exempted” status.
• Inappropriate or improperly authorised use of Status Indicator in a flight plan.