Certification of Aircraft, Design and Production
Certification of Aircraft, Design and Production
Article Information
Category:
Content source:
Content control:
Aircraft Certification Requirements
Certification requirements for civil [commercial] aircraft are derived from ICAO Annex 8 Airworthiness of Aircraft and the ICAO Airworthiness Manual, Part V State of Design and State of Manufacture. Each ICAO contracting state then establishes its own legal framework to implement the internationally agreed standards and recommended practices.
Procedures for certification of aeronautical products (aircraft, engines and propellers) are published in each state. In the EU, these are contained in EC Regulation 748/2012 Annex I - Part 21, whereas in USA they are within FAR Part 21. These “Part 21” regulations also include procedures for the approval of design organisations (Sub-part J) and production organisations (Sub-part G). These processes are known respectively as Design Organisation Approval (DOA) and Production Organisation Approval (POA).
Such approvals are a necessary pre-requisite to obtaining product certification. The main technical codes to be followed for the design of products for certification are set out below as a list of certification specifications for Europe (EASA) and airworthiness standards for USA (FAA) applicable to different categories of product and environmental consideration.
| EASA | Title | FAA | Title |
|---|---|---|---|
| CS-22 | Sailplanes and Powered Sailplanes | ||
| CS-23 | Normal, Utility, Aerobatic and Commuter Aeroplanes | Part 23 | AIRWORTHINESS STANDARDS: NORMAL, UTILITY, ACROBATIC, AND COMMUTER CATEGORY AIRPLANES |
| CS-25 | Large Aeroplanes | Part 25 | AIRWORTHINESS STANDARDS: TRANSPORT CATEGORY AIRPLANES |
| CS-27 | Small Rotorcraft | Part 27 | AIRWORTHINESS STANDARDS: NORMAL CATEGORY ROTORCRAFT |
| CS-29 | Large Rotorcraft | Part 29 | AIRWORTHINESS STANDARDS: TRANSPORT CATEGORY ROTORCRAFT |
| CS-31GB CS-31HB | (Gas Balloons) (Hot Air Balloons) | Part 31 | AIRWORTHINESS STANDARDS: MANNED FREE BALLOONS |
| CS-E | Engines | Part 33 | AIRWORTHINESS STANDARDS: AIRCRAFT ENGINES |
| CS-P | Propellers | Part 35 | AIRWORTHINESS STANDARDS: PROPELLERS |
| CS-LSA | Light Sport Aeroplanes | ||
| CS-VLA | Very Light Aeroplanes | ||
| CS-VLR | Very Light Rotorcraft | ||
| CS-34 | Aircraft Engine Emissions and Fuel Venting | Part 34 | FUEL VENTING AND EXHAUST EMISSION REQUIREMENTS FOR TURBINE ENGINE POWERED AIRPLANES |
| CS-36 | Aircraft Noise | Part 36 | NOISE STANDARDS: AIRCRFAT TYPE AND AIRWORTHINESS CERTIFICATION |
For full details of EASA Certification Specifications see the EASA Agency rules (Soft law). Full details of FAA Standards are also available.
Compliance with these specifications or standards is approached in one of two ways depending on the requirement. For structures typically the approach is known as Deterministic whereas for systems, a Probabilistic approach is taken. One example of each approach would be:
- For structure - No detrimental deformation of the airframe under the loads produced by a given magnitude of manoeuvre.
- For systems - Any catastrophic failure condition must (i) be extremely improbable [1 x 10-9 per flight hour]; and (ii) must not result from a single failure.
For the safety assessment of aircraft systems, regulations are given in EASA CS25.1309 and FAA Aviation Rulemaking Advisory Committee draft AC25.1309-1B. Useful guidelines for conducting the safety assessment process are also given in ARP4761.
Type-certification Process
The process for civil aircraft by which type certification is achieved comprises four steps. These are outlined below, but additional details can be found from EASA (2010), Type certification and FAA Order 8110.4C
1. Technical Overview and Certification Basis The product designer presents the project to the primary certificating authority (PCA) - EASA in EU, FAA in USA - when it is sufficiently mature. The certification team and the set of rules (Certification Basis) that will apply for the certification of this specific product type are established. In principal this agreed certification basis remains unchanged for a period of five years for an aircraft, three years for an engine.
2. Certification Programme The PCA and the designer define and agree on the means to demonstrate compliance of the product type with every requirement of the Certification Basis. Also at this stage the level of regulatory involvement is proposed and agreed.
3. Compliance demonstration The designer has to demonstrate compliance of the aircraft with regulatory requirements: for all elements of the product e.g. the airframe, systems, engines, flying qualities and performance. Compliance demonstration is done by analysis combined with ground and flight testing. The PCA will perform a detailed examination of this compliance demonstration, by means of selected document reviews and test witnessing.
4. Technical closure and Type Certificate issue When technically satisfied with the compliance demonstration by the designer, the PCA closes the investigation and issues a Type certificate. For European-designed aircraft, EASA delivers the primary certification which is subsequently validated by other authorities for registration and operation in their own countries, e.g. the FAA for the USA. Similarly EASA will validate the FAA certification of US-designed aircraft. This validation is carried out under a Bilateral Aviation Safety Agreement (BASA) between the states concerned.
Notes:
a. A Type Certificate applies to an aircraft (engine or propeller) of a particular Type Design. Every individual aircraft of that type has to gain its own Certificate of Airworthiness C of A which is achieved when it can be shown to conform to the certificated Type Design and is in a condition for safe operation. As a general rule civil aircraft are not allowed to fly unless they have a valid C of A.
b. Organisation approvals, issued under Part 21, are based on regulatory assessment of capability, facilities, manpower, resources and quality assurance systems in relation to the tasks undertaken. Helpful supporting standards in this respect are AS/EN 9100 and AS/EN9120B.
c. Certification of military aircraft has in the past not followed the typical Type Certification Process outlined above. However since 2010 in Europe a very similar process has been evolved by the European Defence Agency (EDA). Known as the Military Airworthiness Authorities (MAWA) Forum, one of the documents published is a military guide to certification, denoted EMAR21. The documents are issued as requirements and do not have legal standing but are nevertheless being followed by a number of states both within and outside Europe.
Accidents and Incidents
There follows a sample of extracts from reports held on SKYbrary that involve a design issue as a contributory factor in the accident:
On 31 December 2020, an Airbus A330-200 identified a fuel leak during a routine top-of-climb check but instead of following the prescribed engine shutdown and leak isolation procedure and then landing as soon as possible, the crew had continued on track until diverting to N’Djaména over 90 minutes later by which time nearly six tonnes of fuel was missing. The leak was caused by an incorrectly assembled connection at the pylon/engine interface. The flight crew’s procedural non-compliance was identified as having introduced an avoidable fire risk and been indicative of a systemically weak safety culture at the airline concerned.
On 1 August 2019, an Airbus A320 annunciated an abnormal gear status indication when retraction was attempted after takeoff. Soon afterwards, an aircraft part was observed by an aircraft following the same taxi route as the A320 and recovered. After completing relevant drills, the A320 returned and completed a landing with significant damage to the left main gear which was nevertheless locked down. The runway was vacated and passengers disembarked. The Investigation found that the cause of the problem was the cyclic fatigue of a pin linking the two parts of the left main gear torque link of manufacturing origin.
On 6 March 2018, smoke was detected coming from flight deck and passenger cabin air conditioning vents of an en-route Bombardier DHC8-400. A MAYDAY was declared to ATC but the prescribed response effectively cleared the smoke and no emergency evacuation on landing was deemed necessary. The Investigation found that the smoke was caused by oil leaking into the air conditioning system due to a failed right hand engine seal. The operator subsequently began to implement a recommended engine modification and adopt a system provided by the engine manufacturer to proactively detect such oil leaks before air conditioning systems are contaminated.
On 29 September 2017, the crew of an Airbus A320 detected a smell of burning plastic and simultaneously observed black smoke entering the flight deck near the right side rudder pedals. Completion of appropriate response procedures reduced the smoke and a diversion to Athens with a MAYDAY declared was without further event. The origin of the smoke and fumes was traced to the failure of the static inverter which was part of a batch which had been previously notified as faulty but not identified as such by the aircraft operator’s maintenance organisation which has since modified its relevant procedures.
On 8 October 2019, a BAe Jetstream 32 departing Münster/Osnabrück couldn’t be rotated and after beginning rejected takeoff from well above V1, the aircraft departed the side of the runway passing close to another aircraft at high speed before regaining the runway for the remainder of its deceleration. The Investigation noted that the flight was the first supervised line training sector for the very inexperienced First Officer but attributed the whole event to the Training Captain’s poor performance which had, apart many from other matters, led indirectly to the inability to rotate and to the subsequent directional control problem.
On 30 September 2017, an Airbus A380-800 en-route over Greenland suffered a sudden explosive uncontained failure of the number 4 engine shortly after thrust was increased to adjust the cruise level to FL 370. Following recovery of a crucial piece of ejected debris, the Investigation was able to determine that the failure was attributable to a specific type of fatigue failure within a titanium alloy used in the manufacture of the engine fan hub. This risk had not been identifiable during manufacture or in-service and had not been recognised by the engine manufacturer or during the engine certification process.
On 10 May 2012, the crew of a Eurocopter EC225 LP on a flight from Aberdeen to an offshore platform received an indication that the main gearbox (MGB) lubrication system had failed. Shortly after selecting the emergency lubrication system, that also indicated failure and the crew responded in accordance with the QRH drill to “land immediately” by carrying out a successful controlled ditching. The ongoing investigation has found that there had been a mechanical failure of the MGB but that the emergency lubrication system had, contrary to indications, been functioning normally.
On 22 October 2012, the crew of a Eurocopter EC225 LP on a flight from Aberdeen to an offshore platform received an indication that the main gearbox (MGB) lubrication system had failed. Shortly after selecting the emergency lubrication system, that system also indicated failure and the crew responded in accordance with the QRH drill to “land immediately” by carrying out a successful controlled ditching. The ongoing investigation has found that there had been a mechanical failure within the MGB but that the emergency lubrication system had, contrary to indications, been functioning normally.
On 12 July 2013 an unoccupied and unpowered Boeing 787-8, remotely parked at London Heathrow after an arrival earlier the same day caught fire. An investigation found that the source of the fire was an uncontained thermal runaway in the lithium-metal battery within an Emergency Locator Transmitter (ELT). Fifteen Safety Recommendations, all but one to the FAA, were made as a result of the Investigation.
On 17 July 2007, the commander of a TAM Airlines Airbus A320 being operated with one thrust reverser locked out was unable to stop the aircraft leaving the landing runway at Congonhas at speed and it hit buildings and was destroyed by the impact and fire which followed killing all on board and others on the ground. The investigation attributed the accident to pilot failure to realise that the thrust lever of the engine with the locked out reverser was above idle, which by design then prevented both the deployment of ground spoilers and the activation of the pre-selected autobrake.
On 12 March 2009, a Sikorsky S-92A crew heading offshore from St. John's, Newfoundland declared an emergency and began a return after total loss of main gear box oil pressure but lost control during an attempted ditching. The Investigation found that all oil had been lost after two main gear box securing bolts had sheared. It was noted that ambiguity had contributed to crew misdiagnosis the cause and that the ditching had been mishandled. Sea States beyond the capability of Emergency Flotation Systems and the limited usefulness of personal Supplemental Breathing Systems in cold water were identified as Safety Issues.
On 27 February 2001, a Loganair SD3-60 lost all power on both engines soon after take off from Edinburgh. An attempt to ditch in the Firth or Forth in rough seas resulted in the break up and sinking of the aircraft and neither pilot survived. The loss of power was attributed to the release of previously accumulated frozen deposits into the engine core when the engine anti icing systems were selected on whilst climbing through 2200 feet. These frozen deposits were considered to have accumulated whilst the aircraft had been parked prior to flight without engine intake blanks fitted.
On 7 January 2013, a battery fire on a Japan Air Lines Boeing 787-8 began almost immediately after passengers and crew had left the aircraft after its arrival at Boston on a scheduled passenger flight from Tokyo Narita. The primary structure of the aircraft was undamaged. Investigation found that an internal short circuit within a cell of the APU lithium-ion battery had led to uncontained thermal runaway in the battery leading to the release of smoke and fire. The origin of the malfunction was attributed to system design deficiency and the failure of the type certification process to detect this.
On 29 December 2010 an American Airlines Boeing 757-200 overran the landing runway at Jackson Hole WY after a bounced touchdown following which neither the speed brakes nor the thrust reversers functioned as expected. The subsequent investigation found that although the speed brakes had been armed and the deployed call had been made, this had not occurred and that the thrust reversers had locked on transit after premature selection during the bounce. It was noted that had the spoilers been manually selected, the thrust reverser problem would not have prevented the aircraft stopping on the runway.
On 22 December 2010, a Finnair Airbus A330-300 inbound to Helsinki and cruising in very cold air at an altitude of 11,600 metres lost cabin pressurisation in cruise flight and completed an emergency descent before continuing the originally intended flight at a lower level. The subsequent Investigation was carried out together with that into a similar occurrence to another Finnair A330 which had occurred 11 days earlier. It was found that in both incidents, both engine bleed air systems had failed to function normally because of a design fault which had allowed water within their pressure transducers to freeze.
Related Articles
- Airworthiness
- Accident and Serious Incident Reports: AW - a list of reports concerning events where airworthiness was a causal or contributory factor.
- FAA Product Certification Process
Further Reading
- De Florio F (2016), Airworthiness: An Introduction to Aircraft Certification, 3rd edition, Butterworth-Heinemann
- EASA (2016), Certification Specifications and Acceptable Means of Compliance for Large Aeroplanes CS-25 (external links)
- EASA (2010), Type certification, PR.TC.00001-002 (external link)
- EASA (2017) Agency rules (Soft law), Certification Specifications
- EC (2012), Commission regulation (EU) No 748/2012, laying down implementing rules for the airworthiness and environmental certification of aircraft and related products, parts and appliances, as well as for the certification of design and production organisations. (external link)
- EC (2014), Commission regulation (EU) No 1321/2014 on the continuing airworthiness of aircraft and aeronautical products, parts and appliances, and on the approval of organisations and personnel involved in these tasks. (external link)
- EDA (2017) Military Airworthiness Authorities (MAWA) Forum
- EDA (2016), EMAR 21 - Certification of Military Aircraft and Related Products, Parts and Appliances, and Design and Production Organisations, Edition 1.2
- FAA (2011), Type Certification, Order 8110.4C (external link)
- FAA, FAA Standards
- FAA, FAR Part 21 - Certification Procedures for Products and Articles (external link)
- FAA (2002), AC25.1309-1B System Design and Analysis, Draft Arsenal edition. (external link)
- ICAO (2016), Annex 8 Airworthiness of Aircraft, 11th Edition, ICAO
- ICAO (2014), Doc 9760 Airworthiness Manual, Part V. State of Design and State of Manufacture, 3rd Edition, ICAO.
- SAE International (1996), ARP 4761 Guidelines and Methods for conducting the safety assessment process on civil airborne systems and equipment, SAE (1996)
- SAE International (2016), AS/EN9100D, Quality Management Systems - Requirements for Aviation, Space, and Defence Organisations
- SAE International (2016), AS/EN9120B Quality Management Systems – Requirements for Aviation, Space, and Defence Distributors
Categories
