ORDER OF THE GOVERNMENT OF THE REPUBLIC OF MOLDOVA

of November 12, 2025 No. 722

About approval of the Regulations on establishment of requirements for risk management of information security which can exert impact on safety of flights, and about modification of some orders of the Government

Based on Item and) parts (3) Article 6 and article 42 of the Aviation code of the Republic of Moldova No. 301/2017 (The official monitor of the Republic of Moldova, 2018, Art. No. 95-104, 189), with subsequent changes, and the Law No. 112/2014 on ratification of the Agreement on association between the Republic of Moldova, on the one hand, both the European Union and European Atomic Energy Community and their state members, from other party (The official monitor of the Republic of Moldova, 2014, Art. No. 185-199, 442), the Government DECIDES:

This resolution shifts:

- The delegated regulations of the Commission (EU) 2022/1645 of July 14, 2022 establishing rules of application of Regulations of the European Parliament and Council (EU) 2018/1139 about requirements for risk management of information security which can exert impact on safety of the flights shown to the organizations falling under action of Regulations of the Commission (EU) No. 748/2012 and No. 139/2014, and No. 748/2012 making changes to Regulations of the Commission (EU) and No. 139/2014, CELEX: 32022R1645, published in the Official magazine of the European Union by L 248/18 of September 26, 2022;

- The implementation regulations of the Commission (EU) 2023/203 of October 27, 2022 establishing rules of application of Regulations of the European Parliament and Council (EU) 2018/1139 about requirements for risk management of information security which can exert impact on safety of the flights shown to the organizations falling under action of Regulations of the Commission (EU) No. 1321/2014, No. 965/2012, No. 1178/2011 and 2015/340 and Implementation regulations of the Commission (EU) 2017/373 and 2021/664, and also to competent authorities No. 748/2012, No. 1321/2014, No. 965/2012, No. 1178/2011, 2015/340 and No. 139/2014 falling under action of Regulations of the Commission (EU) and Implementation regulations of the Commission (EU) 2017/373 and 2021/664, and No. 1178/2011, No. 748/2012, No. 965/2012, No. 139/2014, No. 1321/2014 and 2015/340 making changes to Regulations of the Commission (EU) and in Implementation regulations of the Commission (EU) 2017/373 and 2021/664, CELEX: 32023R0203, published in the Official magazine of the European Union by L 31 of February 2, 2023, taking into account the last changes made by Implementation regulations of the Commission (EU) 2024/1109 of April 10, 2024.

1. Approve:

1.1. Regulations on establishment of requirements for risk management of information security which can exert impact on safety of flights, according to appendix No. 1;

1.2. changes which are made to some orders of the Government, according to appendix No. 2.

2. This resolution becomes effective after 12 months from the date of publication in the Official monitor of the Republic of Moldova.

3. Declare this resolution invalid from the date of accession of the Republic of Moldova to the European Union.

Appendix №1

to the Order of the Government No. 722/2025

Regulations on establishment of requirements for risk management of information security which can exert impact on safety of flights

Chapter I. General provisions

1. The regulations on establishment of requirements for risk management of information security which can influence safety of flights (further - the Provision) establish requirements which shall observe the national organizations and bodies for the purpose of:

1.1. identifications and risk managements of information security which can exert impact on safety of flights and on safety of systems of information and communication technologies, and also the crucial data used in the field of civil aviation;

1.2. detection of events of information security and identification of those from them which are considered as incidents of information security and which can exert impact on safety of flights;

1.3. ensuring response to incidents of information security and liquidation of their effects.

2. This Provision is applied to:

2.1. to the production and project organizations falling under action of provisions of Chapters G and J of the Section A of part 21 of appendix No. 1 to the Regulations on establishment of requirements and ministerial procedures of certification of the flight validity and ecological certification or the aircrafts concerning the declaration of conformity and the related products, spare parts and devices, and also requirements to capability of the project and production organizations approved by the Order of the Government No. 91/2024 (further - the Provision approved by the Order of the Government No. 91/2024) except the production and project organizations which are engaged only in designing and/or production of ELA2, aircrafts as is determined in Item 2 of the Provision approved by the Order of the Government No. 91/2024;

2.2. to the organizations for maintenance falling under action of provisions of Section A (part 145) appendices No. 2 to the Regulations on maintenance of the flight validity of aircrafts and aviation products, parts and devices and about approval of the organizations and personnel having appropriate authority in this sphere, and about recognition voided the orders of the Government, approved by the Order of the Government No. 465/2025 (further - the Provision approved by the Order of the Government No. 465/2025) except the organizations which are engaged only in maintenance of aircrafts according to appendix No. 5b (Part ML);

2.3. to the organizations for management of the maintenance of the flight validity (CAMO) falling under action of provisions of the Section A of appendix No. 5c (part of CAMO) of the Provision approved by the Order of the Government No. 465/2025, except the organizations which are engaged only in management of maintenance of the flight validity according to appendix No. 5b (part ML);

2.4. to operators of airfields and service providers on management of the platform falling under action of provisions of appendix No. 2 "the REQUIREMENT APPLICABLE TO the ORGANIZATIONS (ADR.OR)" to the Regulations on the ministerial procedures concerning airfields, approved by the Order of the Government No. 653/2018;

2.5. to the operators of aircrafts falling under action of provisions of appendix No. 3 (part of ORO) to the Regulations on establishment of technical requirements and ministerial procedures concerning airborne transportations approved by the Order of the Government No. 612/2022, except the operators who are engaged only in exploitation of any of the aircrafts provided below:

2.5.1. ELA aircrafts 2, as it is determined in Item 2 of the Provision approved by the Order of the Government No. 91/2024;

2.5.2. single-motor turbo-propeller airplanes with the maximum operational configuration of passenger seats no more than five which do not belong to the category of difficult motor aircrafts, in case of take off and landing in the same airfield or the place of operation and in case of accomplishment of special flights in the afternoon according to the visual flight rules (VFR);

2.5.3. single-motor helicopters with the maximum operational configuration of passenger seats no more than five which do not belong to the category of difficult motor aircrafts, in case of take off and landing in the same airfield or the place of operation and in case of accomplishment of special flights in the afternoon according to the visual flight rules (VFR);

2.6. to the approved organizations for preparation (ATO) falling under action of provisions of appendix No. 7 (part of ORA) to the Regulations on establishment of technical requirements and ministerial procedures concerning flight personnel of civil aviation approved by the Order of the Government No. 204/2020, except the organizations which are engaged only in the organization of rates of preparation for pilots of ELA aircrafts 2, as it is determined in Item 2 of the Provision approved by the Order of the Government No. 91/2024, or the rates of theoretical preparation which are engaged only in the organization;

2.7. to the centers of aviation medicine for flight personnel falling under action of provisions of appendix No. 7 (part of ORA) to the Regulations on establishment of technical requirements and ministerial procedures concerning flight personnel of civil aviation approved by the Order of the Government No. 204/2020;

2.8. to the operators of the training equipment for flight training (FSTD) falling under action of provisions of appendix No. 7 (part of ORA) to the Regulations on establishment of technical requirements and ministerial procedures concerning flight personnel of civil aviation approved by the Order of the Government No. 204/2020, except the organizations which are engaged only in operation of FSTD for training of pilots of ELA aircrafts 2, as it is determined in Item 2 of the Provision approved by the Order of the Government No. 91/2024;

2.9. to the organizations for training of dispatchers of air traffic control (ATCO) and the aviation medical centers for ATCO falling under action of provisions of appendix No. 2 (the Part of ATCO.OR) to the Regulations on establishment of the requirements and ministerial procedures connected with certificates of dispatchers of air traffic control, approved by the Order of the Government No. 134/2019;

2.10. to the organizations falling under action of provisions of appendix No. 3 (part of ATM/ANS.OR) to the Regulations on establishment of requirements and ministerial procedures for service providers of air traffic management and aeronautical servicing approved by the Order of the Government No. 119/2023, except the following service providers:

2.10.1. the service providers of aeronautical servicing owning the limited certificate according to the Item ATM/ANS.OR.A.010 of the appendix stated above;

2.10.2. service providers of flight and information servicing who declare the activities according to the Item ATM/ANS.OR.A.015 of the appendix stated above;

2.11. to service providers of U-space and suppliers of single information servicing;

2.12. to the approved organizations which are engaged in designing or production of systems and the ATM/ANS components.

3. For the purposes of this provision the following concepts are applied:

3.1. threat - potentially possible event, action, process or the phenomenon which can lead to violation of information security;

3.2. event of information security - the identified event connected with system, service or network specifying possible violation of information security policy, refusal of protective measures, and also emergence of earlier unknown situation which can be connected with safety;

3.3. incident - any event which can break safety of network or information security;

3.4. risk of information security - risk for the organization of aviation activities, and also for assets, physical persons and other organizations, connected with possible emergence of event of information security. Risks of information security are connected with possibility of the threats using vulnerabilities of data asset or group of data assets;

3.5. information security - property of information networks and systems to keep confidentiality, integrity, authenticity and availability;

3.6. vulnerability - lack or weak point of asset or system, procedures, design, realization or measures for ensuring information security which can use and which can lead to violation or non-compliance with information security policy.

Chapter II. The requirements applicable to competent and to the organizations

4. The body responsible for supervision and control of observance of provisions of this provision by the organizations specified in Item 2, is the administrative authority on implementation and realization of policy in the field of civil aviation - Body of civil aviation (further - RSA).

5. For the purpose of ensuring supervision and control of observance of provisions of this provision of RSA involves in the activities competent authority at the national level in the field of cyber security - the Agency of cyber security (further - ASC), according to requirements of the Regulations on organization, the organization and functioning of the Agency of cyber security approved by the Order of the Government No. 1028/2023, and also other adjacent acts.

6. According to provisions of subitems 3) and 4) of Item 6 and the subitem 4) of Item 7 of the Regulations on organization, organization and functioning of the Agency of cyber security approved by the Order of the Government No. 1028/2023, of RSA reports without unjustifiable delay the single contact person - ASC - any relevant information containing in notifications of the identified operators of the main services according to Items. IS.I.OR.230 and IS.D.OR.230 of appendix No. 2 to this Provision.

7. For the purpose of accomplishment of provisions of Items 5 and 6 ASC and RSA the joint order establish general measures on coordination of the actions promoting effective supervision of all requirements which shall be observed by the organizations.

8. The requirements applicable to RSA are established in appendix No. 1 [the PART of IS.AR] to this Provision.

9. The requirements applicable to the organizations specified in Item 2, are established in appendix No. 2 [the PART of IS.D.OR] and [the PART of IS.I.OR] to this Provision.

10. Requirements of this provision are applied also if the organization specified in Item 2, is the operator or the subject owning data, information, information networks or systems, crucial for aviation safety, according to the Law No. 192/2019 on aviation safety.

11. Observance and application of requirements of this provision are performed with observance of the rules of ensuring confidentiality, personal data protection and protection of the data which are the state secret established by the legislation.

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info