The Department for Transport has completed a retained EU law exercise in aviation security, confirming a shift from EU-derived rules to a domestic framework anchored in ICAO standards. The Aviation Security (Amendment, Revocation and Consequential Provision) Regulations 2026 consolidate requirements into UK instruments and programmes, with commencement on 25 January 2027. (gov.uk)
A central legal change is to section 10 of the Aviation Security Act 1982: the term “acts of unlawful interference” is now defined by reference to the 12th edition of ICAO Annex 17. This removes reliance on Regulation (EC) No 300/2008 while keeping the UK aligned with international obligations set by the Chicago Convention system. (assets.publishing.service.gov.uk)
Section 24A of the 1982 Act is updated to insert definitions of “access control” and “security control” and to revise the meaning of “security restricted area”. The revision reflects both the domestic power to designate under section 11A and terminology consistent with Annex 17, improving clarity for operators on where screening and access measures must be applied. Subsection 24A(3) is omitted. (assets.publishing.service.gov.uk)
The Regulations also restate the role of the Secretary of State for Transport as the UK’s appropriate authority for aviation security, explicitly responsible for the National Aviation Security Programme (NASP), a national training policy and a national quality control programme. The update makes the UK’s Annex 17 compliance explicit in domestic law. (assets.publishing.service.gov.uk)
Six items of assimilated law are revoked: the remaining provisions of Commission Implementing Regulation (EU) 2015/1998; Regulation (EC) No 300/2008; Regulation (EC) No 272/2009; Regulation (EU) No 1254/2009; and Council Decisions 2009/97/EC and 2010/302/EU. The Department states that, with limited exceptions, policy requirements will be retained elsewhere. (gov.uk)
Operationally, content from the revoked EU instruments is being relocated into the Single Consolidated Direction (SCD) and associated NASP documents. DfT emphasises this keeps requirements familiar to industry while allowing faster updates to respond to threat changes, without altering the overall level of security. (assets.publishing.service.gov.uk)
Two cross-reference tidy‑ups are made in the Private Security Industry Act 2001 (Exemption) (Aviation Security) Regulations 2010 to align definitions of “prohibited articles” and “security restricted area” with the amended 1982 Act. These adjustments avoid ambiguity for screening and guarding activities at aerodromes. (assets.publishing.service.gov.uk)
In EU aircrew law, a reference in Commission Regulation (EU) No 1178/2011 to awareness of Regulation 300/2008 is removed. The Explanatory Memorandum confirms cabin crew must still receive general aviation security training; the change simply deletes an obsolete cross‑reference. (assets.publishing.service.gov.uk)
The Network and Information Systems Regulations 2018 are amended so that “air carrier” is defined directly in UK legislation as an air transport undertaking holding a valid operating licence or equivalent. For NIS purposes, this removes dependency on EU definitions when determining which aviation entities fall in scope as operators of essential services. (assets.publishing.service.gov.uk)
The instrument applies across the UK and, insofar as amendments to the 1982 Act are concerned, to UK‑registered aircraft worldwide. DfT indicates a delayed commencement to allow alternative arrangements to cover specific gaps, for example overseas training provider listings and measures for certain smaller‑airport flights, before the revocations take effect. (assets.publishing.service.gov.uk)
Parliamentary handling followed the Retained EU Law Act 2023 sifting route. The instrument was laid as a proposed negative on 26 January 2026; Commons and Lords committees agreed the negative procedure during the sifting window, which concluded on 11 February 2026. (statutoryinstruments.parliament.uk)
For airports, carriers and regulated suppliers, the practical task is housekeeping rather than redesign: update legal references in SeMS documentation, ensure “security restricted area” maps and access procedures reflect the amended definition, check training syllabi continue to meet NASP requirements, and prepare for SCD updates ahead of the 25 January 2027 start date. DfT reports no, or no significant, impact on business and will monitor implementation with the CAA. (assets.publishing.service.gov.uk)