Agreements, rules and policies

Activities

Potential customers shall fully acquaint themselves with the Eligibility and Accountability Conditions prior to requesting access to the NM Operational Services and Products.

Eligibility

The NM Operational Services and Products are only available to entities who are actively engaged in:

  • flight operations (and related support services),
  • air traffic management and/or
  • airport operations.

EUROCONTROL therefore reserves the right to reject requests for access to entities not falling under the above categories, and/or suspend or terminate access to entities not complying with the terms of the agreements (in particular the NM Data Rules, the NM Operations Security Rules and the Acceptable Behaviours Rules) governing such access.

Designation of a Single Point of Contact (SPOC)

EUROCONTROL requires customers to designate a SPOC who has the authority to approve customer’s requests for access to NM Operational Services and Products. The SPOC (usually an operations manager) is expected to exercise on the customer’s side overall responsibility concerning the access to accounts applied for and for which access has been granted.

When EUROCONTROL receives a new request for NM Operational Services and Products, it checks with the SPOC that the request is coordinated within the customer’s organisation and is approved by the SPOC.

Agreements

Access to NM Operational Services and Products is granted subject to the acceptance of the terms and conditions covering the description of services, the rights and obligations, liability, duration, suspension and termination and the NM Data Rules, the NM Operations Security Rules and the Acceptable Behaviour Rules.

NM data, operations security and acceptable behaviour rules

In order to protect the data of EUROCONTROL’s operational stakeholders and to ensure a smooth running of operations, EUROCONTROL has published strict rules for the use of data, for operations security, and for acceptable behaviour:

Data Rules

When using NM Operational Services and Products, customers receive access to the Network Operations Systems and consequently to NM Data contained therein. The NM Data is subject to various restrictions (imposed namely by initial data providers).

Each individual user of an access to Network Operations Systems and NM Data (granted to the customer) is responsible for his/her actions and shall therefore understand and respect the present NM Data Rules of the Network Operations Systems he/she is authorised to use.

Therefore, the customer shall abide, and ensure that its staff members (i.e. the individual users) having access to the Network Operations Systems and NM Data abide, by the following NM Data Rules:

  • NM Data extracted from the Network Operations Systems may be used exclusively for operational ATFCM purposes and for ATM related studies of the customer.
  • The use of NM Data for value added products and/or commercial purposes, such as resale, is strictly prohibited.
  • NM Data shall not be further transmitted or otherwise provided to any third party without the explicit agreement of EUROCONTROL and/or the original data provider.
  • NM Data may not be displayed in any publication without the prior explicit approval of EUROCONTROL; in which case, EUROCONTROL shall be mentioned as the data source.

Operations Security Rules

The customer is granted access to the Network Operations Systems and networks only for operational ATFCM purposes and for ATM related studies.

The customer shall not, under any circumstances, convey to third parties* information about Network Operations Systems and networks (such as the exact names or network addresses of the Network Operations Systems, the topology of the networks, personnel lists, user-IDs, passwords, etc.).

Upon any breach of the NM Operations Security Rules applicable to the NM B2B Web Services by the customer or customer’s individual user, EUROCONTROL may in its entire discretion immediately suspend or terminate the customer’s access to this NM B2B Web Services and Network Operations Systems.

The customer shall ensure that:

  • accounts (digital identities) provided for access to NM Services (whether user accounts, certificate and/or other means of identification) and associated means of authentication (whether password, certificate private keys, hardware or software token) are not shared or distributed with any other third party (individual or organisation) without the prior and explicit authorisation of EUROCONTROL;
  • digital identities are used for the sole purpose they have been provided for;
  • information, devices and tools relating to digital identities and their associated means of authentication are protected from any misuse by third parties;
  • software components provided are not distributed, copied to third parties or otherwise installed on third party systems;
  • knowledge of misuse and/or attempted misuse, weaknesses or of information relating to possible threats to the services are immediately reported to EUROCONTROL, and
  • data exchange on the NM WAN and resource usage on NM Services is strictly limited to operational needs.

The customer shall not:

  • misuse or attempt to misuse the NM Services provided whether by exploitation of any weakness, usage of another users accounts or customers identity, or resource exhaustion;
  • circumvent or attempt to circumvent security measures in place;
  • without the explicit prior authorisation of EUROCONTROL, publish or otherwise make available to unauthorised third parties information on other customers (i.e. namely any data held in the Network Operations Systems);
  • tamper or attempt to tamper with information of other customers (for example flight information), and
  • copy user tokens and/or certificate to simultaneously attempt to access NM Services from more than one (1) computer device (PC, tablet, iPad, Mac, etc.).

The customer shall implement organisational, logical and physical protective measures to protect Network Operations Systems and networks.

EUROCONTROL reserves the right to:

  • monitor and audit at any time and without prior notification to the customer all activity conducted on the NM Services. This includes the capture and storage of information relating to the use of NM Services and Network Operations Systems. Information captured may subsequently be transferred to law enforcement authorities.
  • restrict or otherwise limit the access to the NM WAN and/or other EUROCONTROL resources and services.

The customer shall be fully accountable for any activities conducted towards Network Operations Systems or with digital identities the customer is entrusted with.

Non-compliance with these NM Rules by the customer (or his staff) will result in the temporary or definitive loss of access and consequent termination of the access to the corresponding NM Service/s.

If wilful misconduct is suspected, EUROCONTROL reserves the right to transfer the information to appropriate law enforcement authorities.

*except to third parties which host/run/operate the customer’s DDS4AO client system on behalf of the customer, such as cloud providers.

Additional NM B2B Web Services Security Rules

The following additional eligibility criteria and use conditions apply for access to the “Flight Plan Filing” option of the NM B2B Web Services:

  • The ‘Flight Plan Filing’ option is only available to Aircraft Operators, Airport Reporting Offices, Air Navigation Service Providers, and Computer Flight Plan Service Providers (CFSPs) and Handling Agents which are duly mandated by an Aircraft Operator to perform flight related activities on their behalf.
  • The customer acknowledges that by submitting flight plans to the Integrated Initial Flight Plan Processing System (“IFPS”), it acquires the role of “Flight Plan Message Originator” as defined in the Network Operations Handbook and shall therefore fulfill the corresponding obligations described in the Network Operations Handbook.
  • In the event that the customer submits flight plans (to the IFPS) which it receives from third parties, it shall ensure that these third parties are entitled to submit flight plans to EUROCONTROL - namely that these companies are Aircraft Operators or have been delegated by Aircraft Operators the authorisation to file and manage flight plans on their behalf.

The quality of the flight plan messages submitted by the customer - measured by the IFPS automatic acceptance rate of these messages - shall equal or exceed 95%.

Acceptable Behaviour Rules for Flight Planning and air traffic flow and capacity management (ATFCM) Operations

The obligations of Aircraft Operators regarding Flight Planning, ATFM and Airport/Flight Plan consistency are defined in the relevant EU Implementing Rules and the Network Operations Handbook. Any deliberate or repetitive non-adherence to these rules and procedures is considered as unacceptable behaviour.

The following paragraphs describe the types of abuse that may occur and provide some examples of unacceptable behaviour. The paragraphs do not constitute an exhaustive list.

Adjustments to EOBT

Adjustments to the Estimated Off-Block Time (“EOBT”) take place mainly for legitimate reasons but may also result from attempts to abuse the ATFCM System. Adjustments include the use of Delay (“DLA”) and Modification (“CHG”) messages. The Aircraft Operator shall always file the EOBT which, at the time of filing, is known to be the true EOBT. For flights subject to ATFM, this EOBT shall be updated if it becomes known that it will vary by 15 minutes or more. It is not necessary to notify changes of the EOBT of less than 15 minutes unless expressly notified by EUROCONTROL for specific reasons.

Knowing the true EOBT is essential to ensuring that the required regulations are applied accurately, and with minimum impact on Aircraft Operators. It also avoids creating unnecessary regulations for areas where demand actually meets capacity, or is close to capacity.

Finally, it is the basic prerequisite for ensuring fair treatment between all Aircraft Operators.

Unacceptable behaviour with respect to adjustments to the EOBT, consists in one or more of the following actions:

  • Filing an EOBT which is not the true EOBT of the flight.
  • Filing an EOBT which is not consistent with the planned departure time in the company schedule.
  • Filing an EOBT which is not consistent with the airport slot where applicable.
  • Adjusting the EOBT to an EOBT which is not the true EOBT.
  • Adjusting the EOBT by a series of small increments.

Filing an EOBT which is earlier than the opening hour of the airport minus the taxitime e.g. Opening hour 0600 Taxitime in Enhanced Tactical Flow Management System (“ETFMS”) is 15 minutes, earliest EOBT = 0545.

Flight plans

The use of multiple flight plans wastes valuable slots even if the duration of the flight plan duplication is very short.

Filing a flight plan for a flight whilst another flight plan for the same flight is still active constitutes unacceptable behaviour.

ATFM/IFPS messages

ATFM/IFPS Messages are intended for specific purposes, which are defined in the Network Operations Handbook.

Unacceptable behaviour with respect to ATFM/IFPS Messages consists in one or more of the following actions:

  • Using ATFM/IFPS Messages for other than their intended purpose.
  • Using multiple messages which cannot be justified by operational reasons. This includes the use of multiple DLA or CHG messages.

Exempted flights

Exempted flight status is granted to those flights that fulfil specific criteria, for example ‘Search and Rescue’ and ‘Head of State’ or when approved by the relevant National Authority.

Unacceptable behaviour with respect to Exempted Flights consists in one or more of the following actions:

  • Cancelling a flight plan that has received a delay and resubmitting it with an “exempted” status.
  • Inappropriate or improperly authorised use of Status Indicator in a flight plan.