Sofema Online (SOL) Reviews ICAO Amendment 178: The Global Standard
Introduction
Amendment 178 introduced Chapter 5 to Annex 1, specifically defining the technical specifications for EPLs. Its primary goal is to ensure that a digital license issued by one State is recognized and verifiable by any other State.
Core Requirements
-
Offline Verification:
A license must be verifiable without an active internet connection (e.g., during a ramp inspection in a remote area). -
Data Integrity:
Use of cryptographic signatures to prevent tampering. -
Accessibility:
The license must be displayed on a “self-contained mobile electronic visual display device” (smartphone/tablet).
Implementation Challenges
While the goal is efficiency, several technical and legal hurdles persist for National Aviation Authorities (NAAs) and pilots:
Challenge Category & Specific Issues
| CHALLENGE CATEGORY | SPECIFIC ISSUES |
|---|---|
| Interoperability
|
Ensuring that an inspector in Country A can read the QR code or data stream from a pilot licensed in Country B.
|
| Hardware Reliability
|
Battery life, device theft, or screen damage. If a pilot’s phone dies during an inspection, they are technically “unlicensed” in that moment.
|
| Cybersecurity
|
Protecting against “spoofing” (fake digital licenses) and ensuring the privacy of the pilot’s personal data (GDPR compliance).
|
| Dual Systems
|
ICAO suggests an individual should not hold both a physical and electronic license for the same privilege to prevent fraud, creating a “hard cut-over” risk.
|
| Standardization
|
Lack of a universal “reader” app; many states are building proprietary apps that may not “talk” to each other.
|
EASA’s Approach & Advisory
EASA has been proactive in transposing Amendment 178 into the European framework, primarily through NPA 2024-08.
EASA’s Current Strategy
-
The “mDoc” Model:
EASA advises following ISO/IEC 18013-5, the same standard used for Mobile Driver’s Licenses (mDL). This allows for “proximity” verification (NFC/Bluetooth) rather than just scanning a static image. -
Optionality for States:
EASA does not mandate EPLs yet; it allows National Competent Authorities (NCAs) to choose when to offer them, but mandates that all NCAs must recognize EPLs from others. -
Transitional Medical Clause:
EASA allows a 10-year transition where a digital license can be held, but the medical certificate may still be required in physical format if the digital infrastructure isn’t fully ready.
Comparison: EASA vs. Optimum Path
-
The Centralized Trust Store:
While EASA focuses on the ISO standard, an “optimum” path involves a global ICAO Public Key Directory (PKD) similar to what is used for e-passports. This would allow any inspector to verify any license without needing to download dozens of different national apps. -
The “Hybrid” Digital Solution:
Instead of a simple PDF, the optimum way forward is a Verifiable Credential (VC) stored in a digital wallet (Apple/Google Wallet). This solves the “offline” issue and utilizes existing smartphone security.
EASA’s advice is technically superior by adopting the ISO/IEC 18013-5 standard, as it moves away from static QR codes toward secure, proximity-based data exchange.
The “optimum” path, however, requires more global coordination via ICAO to ensure that a pilot from an EASA state can be seamlessly verified in a non-EASA state (e.g., Southeast Asia or Africa) where infrastructure may differ.
Next Steps
Sofema Aviation Services and Sofema Online provide Regulatory Compliant and Vocational Classroom, Webinar and Online Training For EASA, FAA, UAE GCAA, Saudi GACA, OTAR – Please see the websites or email [email protected]
Tags:
EASA, Annex 1, National Aviation Authorities (NAAs), Electronic Personnel Licenses (EPL), ICAO Amendment 178, digital license, National Competent Authorities (NCAs), Mobile Driver's Licenses (mDL), Public Key Directory (PKD), QR codes
