1. Piotr CUKIERSKI, Krzysztof ZUBILEWICZ Prague, 26th of November 2019
Workshop on the Technical Pillar of the 4th RP SSC in the framework of the 4th RP
Piotr CUKIERSKI, Krzysztof ZUBILEWICZ
Prague, 26th of November 2019

2. Abbreviations used Increase your attention MS: Member State
ERA: European Union Agency for Railways
NSA: National Safety Authority
SCB: Safety Certification Body (ERA or NSA)
SSC: Single Safety Certificate
SMS: Safety Management System
ECM: Entity in Charge of Maintenance
OSS: One-Stop Shop
RU: Railway Undertaking
IM: Infrastructure Manager
PE: Pre-engagement
PA: Practical Arrangements for issuing SSC
Increase your attention

3. Agenda of the presentation
Overview of the 4th Railway Package – technical pillar (SSC)
What is new?
Transitional period
New legal framework
The safety certification process under the 4th RP
Safety Management Systems
Outline of the safety assessment process
Update, renewal and revocation of the certificate
Single Safety Certificate delivery by ERA: organisational aspects
Language and communication
Fees and charges
Appeal process
One-Stop Shop
OSS Applicants’ perspective
OSS demonstration for SSC

4. What is new?
What is new?

5. OSS and ERA as new certification body
area of operation in more than one Member State (compulsory) or
area of operation in one Member State if the applicant so requests
June or June 2020
OSS
Single
Safety
Certificate
NSA OR
APPLICANT
ALL APPLICATIONS VIA ONE-STOP SHOP
The issuing authority could be either the Agency or the NSA according to the intended area of operation.
Area of operation in one Member State if the applicant so requests

6. Previous legal framework
Main changes
Previous legal framework
Safety certificate part A issued by the relevant NSA
One or more safety certificates part B issued by the relevant NSAs
Applications managed in accordance with national arrangements
Assessment process defined by each NSA in accordance with its own rules
Assessment based on EU criteria (to be applied by NSAs) and national rules
No obligation from authorities to pre-engage with the applicant
New legal framework
Single safety certificate issued by a safety certification body: either the NSA or the Agency
All applications managed through the one-stop shop IT tool in accordance with arrangements set out in EU law
Harmonised assessment process set out in the EU law
Assessment based on homogeneous safety management system requirements (aligned with ISO management system standards), to be applied by both the authorities and the applicants and cleaned up national rules
Authorities must pre-engage on request of the applicant

7. Safety Certification Changes (summary)
Summary of the main changes in the system:
SINGLE SAFETY CERTIFICATE
Board of Appeal
Process approach with more guidance
EU HARMONISED PROCESS
Fees and Charges
Close alignment with ISO Standards
EU Harmonised Process
One-Stop Shop (OSS)
ERA as Safety Certification Body
Possibility of pre-engagement
Closer cooperation between ERA and NSAs

8. Transitional period
Transitional period

9. Transitional period Key principles:
As of 16 of June 2019, ERA is responsible for issuing single safety certificates when the area of operation entails at least one Member State that has transposed Directive (EU) 2016/798 by that date
The national safety authorities of the Member States that postponed the transposition of the new legal framework by one year continue to issue safety certificates in accordance with Directive 2004/49/EC until 16 June 2020
Transposition 16/06/2019
Transposition 16/06/2020
Single Safety Certificate
Certificate Part A and B

10. Transitional period
The single safety certificate has to be issued in the following situations:
Part A or any of Parts B expire in the Member State that transposed the 4th Railway Package by the 16 June 2019.
Part A or any of Parts B is updated in the Member State that transposed the 4th Railway Package by the 16 June 2019.
RU extends its area of operation to the Member State that transposed the 4th Railway Package by the 16 June 2019
During that period some of the RUs need to follow in parallel:
two different legal frameworks
two different assessment processes r. r.

11. Transitional period
Scenarios for RUs whose certificates (either Part A or B) expire after r.:
Registration country
Foreign country
(1)
MS 1 (Part A+B)
06/2019
MS 2 (Part B)
06/2020
ERA issues singe safety certificate
ERA issues single safety certificate
MS 2 issues Part B certificate
MS 1 issues Part A and Part B certificate
ERA issues single safety certificate for MS 2
ERA involved as of 06/20 for update / renewal
(2)
(3)
(4)
MS 1 (Part A+B)
06/2020
MS and certificates it issues
Transposition date in the MS
Color reflecting transposition date

12. Transitional period
Main scenarios for railway undertakings registered in CZ or SK:
Netherlands
France
Italy
Slovenia
Finland
Romania
Bulgaria
Greece
CZ / SK
06/2020
MS 2
06/2020
NSA CZ/SK issues Part A and Part B (for MS 1)
NSA 2 issues Part B (for MS 2)
ERA issues SSC (for MS 3)
MS 3
06/2019
06/2019 – 06/2020
CZ / SK
06/2020
MS 2
06/2020
NSA CZ/SK issues Part A and B (for MS 1)
MS 2 issues Part B (for MS 2)
ERA involved as of 06/2020 (for all MS)
CZ / SK
06/2019
MS 2
06/2019
New
Updates
Renewals
from 06/2020
ERA issues SSC

13. Transitional period Delays in transposition (real life example):
Negative impact on some of the international RUs
Uncertainty
Two applications
two assessments processes in parallel
Two set of requirements applicable (1158/2010 and 2018/761)
Infringement procedure against the Member State RO
06/2019
EL 06/2019
NSA RO issues Part A and B (for RO)
ERA issues SSC for EL
Delayed transposition (2020 instead of 2019)
If there was no delay = only one application and assessment

14. New legal framework
New legal framework

15. Applicable legislation
Directive
2016/798 – Railway Safety Directive
Regulations
2018/762 – Common safety methods on safety management system requirements
2018/763 – Practical arrangements for issuing single safety certificates to railway undertakings
2015/995 – Technical specification for interoperability relating to the ‘operation and traffic management’ subsystem
2019/773 – Technical specification for interoperability relating to the ‘operation and traffic management’ subsystem
402/2013 – Common safety method for risk evaluation and assessment
1078/2012 – Common safety method for monitoring
2018/761 – Common safety method for supervision
2019/779 – System of certification of entities in charge of maintenance (ECM)
Key message: this is the summary of the applicable legislation
Script:
Commission Implementing Regulation (EU) 2018/763 establishing practical arrangements for issuing single safety certificates to railway undertakings pursuant to Directive (EU) 2016/798 of the European Parliament and of the Council, and repealing Commission Regulation (EC) No 653/2007 .
Note:
Directives need to be transposed by the Member States.
Regulations are directly applicable without being transposed by the Member States.
eur-lex.europa.eu

16. Auxiliary legislation
Directives
2016/797 – Interoperability Directive
2007/59 – Train Drivers Directive
Regulations
2016/796 – Agency (ERA) Regulation
2018/764 – Fees and charges payable to the Agency (ERA) and their conditions of payment
2018/867 – Rules of procedure of the Board(s) of Appeal of the Agency (ERA)
Regulation concerning the International Carriage of Dangerous Goods by Rail (RID)
Technical specifications for interoperability relating to the structural subsystems (ETCS, wagons, etc.)
eur-lex.europa.eu

17. New legal framework (outline)
CSM Supervision (Reg. 2018/761)
CSM Risk Assessment (Reg. 402/2013)
CSM Monitoring (Reg. 1078/2012)
TSI OPE (Reg. 2015/995
Reg. 2019/773)
TRAIN DRIVERS
DIRECTIVE
(2007/59/WE)
ERADIS
Practical Arrangements (Reg. 2018/763)
CSM for SMS Requirements
(Reg. 2018/762)
NOTIF IT
OSS
Criteria for the recognition of training centres
(2011/765)
RAILWAY SAFETY DIRECTIVE (2016/798)
ECM Certification
(Reg. 2019/779)
Board(s) of Appeal
(Reg. 2018/867)
INTEROPERABILITY
DIRECTIVE
(2016/797)
ERA REGULATION
(2016/796)
Fees and charges (Reg. 2018/764)

18. + Agency Guidance NSA application guides
Including i.e.:
List of national requirements
Description of requirements
Language policy
Border stations
Fees and charges
process description
appeal procedures
Responsibility of the NSAs to publish the guides
AGENCY
GUIDANCE
General principles of supervision
Coordination between NSAs
Management maturity model for NSAs
Enforcement management model for NSAs
Application guides for the granting of single safety certificates
SMS Require-ments
Competence management framework for ERA/NSAs
The guidance is on the Agency website and freely downloadable
This is a much more comprehensive and complete set of guidance than was available under the 3rd RP and it represents a step change in the assistance that ERA is providing to users.
The guidance covers application, assessment, supervision ,competence, coordination management maturity and enforcement models
For authorities (ERA and NSAs)
For applicants

19. Agency Guidance Application guides The two guides are complementary
One is for applicants and one is for authorities (NSA/ERA)
Process description from two different perspectives
Description of the application process
Other practical information
Please read carefully Chapter 5 of the ‘guide for applicants’ and Chapter 2 of the ‘guide for authorities’, as it is about the safety assessment process
Available in all EU languages (incl. CS and SK)
Guide for the applicants: CZ, SK
Guide for authorities: CZ, SK

20. Agency Guidance Guide on SMS requirements:
Much more extensive guidance on all the requirements in the new CSM
Available in all EU languages
Guide structure:
Introduction
Main part - requirements:
Purpose and explanatory notes
Evidence and examples of evidence
References and standards
Supervision issues
Annexes – Additional information:
Annex 1 – Correlation tables (between old and new CSMs)
Annex 2 – Cross-acceptance of authorisations, recognitions or certificates of products or services granted in accordance with Union law
Annex 3 – Siding operations, contractual arrangements and partnerships
Annex 4 – Safety Culture
Annex 5 – Human and organisational factors
Annex 6 – Definitions
Guidance available at the ERA Website: CZ, SK

21. New legal framework – summary
Regulation 2018/763 (Practical arrangements)
Regulation 2018/762 (SMS Requirements)
Regulation 2019/779 (ECM Requirements)
Regulation 2015/995
Regulation 2019/773 (TSI Operations and Traffic Mgt.) + + +
EU LEGISLATION
ERA GUIDES + +
Guides to be published by the NSAs
(to explain national safety rules + fees and charges)
Safety certification process is regulated at the EU level (requirements + procedural aspects)
The EU regulations are directly applicable in all of the Member States (harmonization)
National provisions (if contradictory) shall not apply to this specific process

22. New legal framework – summary
Single Safety Certificate
(link for applicants)
4th Railway Package

23. New legal framework – summary

25. New legal framework
New legal framework
ECM

26. ECMs for freight wagons and other vehicles
Article 3 (1)
All ECMs (for locomotives, freight and passenger wagons) must fulfil the requirements of Annex II
ECM maintains freight wagons
ECM is RU/IM and maintains vehicles other than freight wagons operated by other RU/IM
ECM is not RU/IM and maintains vehicles other than freight wagons
ECM is RU/IM, maintains vehicles other than freight wagons exclusively for its own operations
Article 3 (2) a)
Mandatory certificate
Article 3 (2) b)
Mandatory certificate
Article 3 (2) b)
Mandatory certificate
Articles 3 (3) and 3 (4)
2 possibilities for
Annex II requirements checks
Article 3 (4)
Annex II requirements: to be checked via ECM-certification process
Article 3 (3)
Voluntary ECM certificate
Article 3 (5) (if relevant)
ECM certificate deemed evidence for compliance with CSM SMS 5.2.4, during safety certification / authorisation process.
Article 3 (4)
Verification of Annex II requirements as part of safety certification / authorisation process

27. ECMs for freight wagons and other vehicles
06/19
06/20
06/22
06/23
06/25
Attestation of conformity with requirements annex III Reg. 445/2011 *
National attestation of conformity for ECM (vehicles other than wagons)
National attestation of conformity for maintenance functions (Vehicles other than wagons)
From 06/2022 an ECM certificate is mandatory
ECM CERTIFICATE
(Vehicles other than wagons)
ECM CERTIFICATE
For wagons
Application of Regulation 779/2019
Possible period of validity of attestations/certifications
Possible extensions of validity of attestations/certificates
* Attestations of conformity issued before 06/2019 can be valid until 06/2023 at the latest. Attestations of conformity issued after 06/2019 are valid until 06/2022 at the latest.

28. New legal framework
New legal framework
TSI OPE

29. Operations and Traffic Management TSI
Commission Regulation (EU) 2015/995 of 8 June 2015
Current version of TSI OPE (amending Decision 2012/757/EU)
Implementation according to Annex I, Section 7
National Implementation Plans (NIP) – if provided
Regulation 2015/995 together with the Decision 2012/757/EU ends validity on (with some exceptions)

30. Operations and Traffic Management TSI
Commission Implementing Regulation (UE) 2019/773 of 16 May 2019
Applied from 16 June 2021 with some exceptions (art. 6):
rear end signals for freight trains ( ) – from 16/06/2019;
operating rules (4.4): EU railway system operational principles and rules, national rules, Acceptable Means of Compliance (AMoCs) – from 16/06/2019;
During the transition from the application of national rules to the implementation of this Regulation, railway undertakings and infrastructure managers shall review their safety management systems to ensure the continuation of safe operations. If necessary, they shall update their safety management systems (4.4.4)
route compatibility checks ( i Appendix D1) – from 16/06/ or 16/06/2020, depending on 4th RP transposition date;
Appendix A (ERTMS operational principles and rules) and C (Safety related communications methodology) – at the latest from 16/06/2024

31. Operations and Traffic Management TSI
Date
From 16 June 2019/2020
To 16 June 2021
From 16 June 2021
To 16 June 2024
From 16 June 2024 onwards
TSI OPE applied
TSI OPE 2015 applied
Scope of application described in the National Implementation Plan (NIP)
In case of no NIP, whole regulation applies (to be checked with the proper NSA)
TSI OPE 2019 applied with regards to:
rear end signals for freight trains ( ) and operating rules (4.4) – from 2019
route compatibility check ( and Appendix D1) – according to the 4th RP transposition date
TSI OPE 2019 as main TSI to be applied
TSI OPE 2015 applied only with regards to Appendices
A and C:
Check NIP together with the responsible NSA
In case of no NIP check application of Appendices A and C with the NSA
TSI OPE 2019 applied – all the sections with no exceptions

32. Operations and Traffic Management TSI
Date
From 16 June 2019/2020
To 16 June 2021
From 16 June 2021
To 16 June 2024
From 16 June 2024 onwards
TSI OPE applied
TSI OPE 2015 applied
Scope of application described in the National Implementation Plan (NIP)
In case of no NIP, whole regulation applies (to be checked with the proper NSA)
TSI OPE 2019 applied with regards to:
rear end signals for freight trains ( ) and operating rules (4.4) – from 2019
route compatibility check ( and Appendix D1) – according to the 4th RP transposition date
TSI OPE 2019 as main TSI to be applied
TSI OPE 2015 applied only with regards to Appendices
A and C:
Check NIP together with the responsible NSA
In case of no NIP check application of Appendices A and C with the NSA
TSI OPE 2019 applied – all the sections with no exceptions

33. Operations and Traffic Management TSI
In case of applying TSI OPE 2015 (2015/995) the National Implementation Plan should be used as a reference – with support from the NSA
In case of applying TSI OPE 2019 (2019/773) applicability rules and dates described in the legal text – especially in art. 6 – should be considered
In case of applying for a certificate in other MS in the period before 16/06/2024 it is advised to establish with the responsible NSA the scope of TSI OPE 2015 implementation and the rules for applying TSI OPE 2019

34. New legal framework
Border Stations
New legal framework

35. Border stations
Principle of border station = SSC valid without extension of the area of operation
In case of absence of border agreements (permanent or ad-hoc), the applicant must apply for an area of operation covering the second MS
If MS has not transposed this means an application for a Part B
If the applicant has already submitted an application which includes border station(s) and no agreement can be found, the applicant shall re-submit a new application with an extended area of operation
Border station can also encompass areas of track (border section) for which it makes sense that agreement is reached SK CZ CZ SK
Application to NSA or ERA
SSC Covering CZ + border station
Application to ERA
SSC Covering CZ + SK

36. Border stations YES YES YES NO NO NO Does the RU operate only in 1 MS?
Applying to ERA is not obligatory NO
YES
Applying to ERA is not obligatory
Does the RU operate only in 1 MS +
to border stations in a neighboring MS?
Conditions:
signed cross-border agreement or
ad-hoc agreement between NSAs
+ consultation with relevant NSA NO
YES
Does the RU operate in only 1 MS +
has a partnership agreement with a certified RU in other MS?
Applying to ERA is not obligatory NO
operations based on partnership agreements to be managed through the SMS of both RUs
capability of manage such operations to be assessed by the safety certification body
Applying to ERA is obligatory

37. Safety Management Systems
SMS

38. Safety Management Systems (SMS)
The safety management system (SMS) is a living system of linked processes and procedures, which control risk to ensure the safe management of rail operations
Risk means the frequency of occurrence of accidents and incidents resulting in harm (caused by a hazard) and the degree of severity of that harm (Regulation (EU) 402/2013, Art. 3(1))
SMS
RISK
Process
Przepis krajowy
Przepis krajowy
Przepis krajowy
National Rule
Przepis krajowy
Company Rule

39. SMS document architecture
SMS is an arrangement of higher level processes and procedures, which links to more detailed operational procedures/company operational rules/work instructions.
Safety Reporting
Safety Policy
Safety Policy
Top management
SMS Manual
Assessment
Organisational
Procedures
Operational
Procedures
SMS does not replace existing rules, as:
National rules: rules issued by the Public authorities
Company rules: internal rules issued by the company, covering their own specific activities
Whoever is entrusted for issuing rules, one of the key activities in the SMS is the identification of applicable rules and procedures to assure compliance.
Which rules to apply?
Technical and operational standards or other prescriptive conditions as laid down
in safety rules (permanent operational rules – to be respected by train drivers, accompanying staff, train composition, shunting, loading, etc…);
in technical rules (concerning construction and maintenance of infrastructure and rolling stock);
in other relevant rules (e.g.: transport of dangerous goods), or
in regulatory authority decisions (temporary orders, recommendations, …)
Work
Instructions
Operational staff
Templates,
Forms,
Records
Safety Information and Communication
Policy Process Activity Task

40. Outline of the new certification framework
Structure of the new CSM on SMS Requirements (762/2018)
Context of the organisation
Leadership
2.1. Leadership and commitment
2.2. Safety policy
2.3. Organisational roles, responsibilities, accountabilities and authorities
2.4. Consultation of staff and other parties
Planning
3.1. Actions to address risks
3.2. Safety objectives and planning
Support
4.1. Resources
4.2. Competence
4.3. Awareness
4.4. Information and communication
4.5. Documented information
4.6. Integration of human and organisational factors

41. Outline of the new certification framework
Structure of the new CSM on SMS Requirements (762/2018)
Operation
5.1. Operational planning and control
5.2. Asset management
5.3. Contractors, partners and suppliers
5.4. Management of change
5.5. Emergency management
Performance evaluation
6.1. Monitoring
6.2. Internal auditing
6.3. Management review
Improvement
7.1. Learning from accidents and incidents
7.2. Continual improvement

42. Outline of the new certification framework
New requirements in the legal framework
Leadership
Human and organisational factors
Safety Culture

43. Outline of the new certification framework
New requirements in the legal framework
Leadership
Involvement of the top management in the implementation, development and improvement of the SMS
Includes strategic decision-making, providing resources, promoting continual improvement, risk-based approach and a positive safety culture
Covered partially in the previous CSM as [G] Management commitment
Human and organisational factors
Safety Culture

44. Outline of the new certification framework
New requirements in the legal framework
Leadership
Involvement of the top management in the implementation, development and improvement of the SMS
Includes strategic decision-making, providing resources, promoting continual improvement, risk-based approach and a positive safety culture
Covered partially in the previous CSM as [G] Management commitment
Human and organisational factors
Safety Culture

45. Outline of the new certification framework
New requirements in the legal framework
Leadership
Human and organisational factors
HOF are a theoretical concept of including human behavior and it’s organisational context in safety related activities
The way people behave and execute (safety related) tasks is taken into consideration from the design phase to monitoring and improvement of safety critical systems and processes
Important aspects: a strategy, expertise and recognized methods, managing risk related to human performance
Previously implicitly included in a number of criteria, now explicitly mentioned in 4. Support; additional part in the SMS requirement guidance (Annex 5)
Safety Culture

46. Outline of the new certification framework
New requirements in the legal framework
Leadership
Human and organisational factors
Safety Culture
Safety culture refers to the interaction between the requirements of the safety management system, how people make sense of them, based on their attitudes, values and beliefs and what they actually do, as seen in decisions and behaviors
Mentioned explicitly in requirements on leadership and improvement
Explained in Annex 6 of the SMS requirements guidance

47. Outline of the new certification framework
Extended requirements in the legal framework
Context of the organisation
Evidence that the RU manages all the interfaces with other stakeholders
Operations
Evidence on the connection between safety requirements and operational activities (link with TSI OPE and other relevant TSIs)
Support
All the activities required for the safe conduct of railway operations
Human and organisational factors are included here, as well as requirements on awareness, competence, resources, information and documentation

48. SMS Wheel
Previous structure of SMS requirements

49. SMS Wheel – new version / mobile app
Click here to see the video
New structure of SMS requirements

50. SMS application – leadership
Demonstration of commitment
Communication
Safety culture
Risk management and responsibility

51. SMS application – safety culture
Positive attitudes values and beliefs
Safety culture is the glue that holds the SMS together

52. SMS application – safety culture
era.europa.eu

53. SMS application – Human and organisational factors (HOF)
Those HOF factors which influence safe decision making
Ensuring HOF is included in the risk analysis

54. SMS application - operations
Arrangements to manage activities
Processes to manage risks
Staff understand and apply
Vehicles are operated safely under different operating conditions

55. Outline of the safety assessment process

56. Stages of the safety assessment process
Pre-engagement
Receipt of application
Initial screen
Detailed assessment
Decision-making
Closing of the assessment

57. Stages of the safety assessment process
Pre-engagement
Receipt of application
Initial screen
Detailed assessment
Decision-making
Closing of the assessment
(+)
Facilitating early contact
Developing the relationship between assessors and applicant
Applicant gaining familiarity with process and requirements
SCB gaining familiarity with applicant’s SMS level of maturity
Mitigating the risks of delays in issuing the SSC
One-stop shop used to submit the request, info can be re-used for later submission
( - )
Long-time perspective
Additional and constant commitment by the applicant
and the SCB
Subject to charges
NOT MANDATORY BUT RECOMMENDED
The applicant chooses a safety certification body when requesting pre-engagement but this can be changed at later stage

58. Stages of the safety assessment process
Pre-engagement
Receipt of application
Initial screen
Detailed assessment
Decision-making
Closing of the assessment
Content of the stage:
Confirmation of the receipt of application (automatically through the OSS)
Setting the starting date of the assessment (automatically through the OSS)
If NSA is SCB = first working day following the submission of application
If ERA is SCB = first working day common for all involved authorities
Appointing the assessment team
Kick-off meeting (if necessary)
working language
cooperation principles
planning of the process

59. Stages of the safety assessment process
Pre-engagement
Receipt of application
Initial screen
Detailed assessment
Decision-making
Closing of the assessment
The assessment team:
VERIFICATION AGAINST CZECH NOTIFIED NATIONAL SAFETY RULES CZ
OSS +
VERIFICATION AGAINST SMS REQUIREMENTS (Reg. 2018/762) SK
VERIFICATION AGAINST SLOVAK NOTIFIED NATIONAL SAFETY RULES

60. Stages of the safety assessment process
Pre-engagement
Receipt of application
Initial screen
Detailed assessment
Decision-making
Closing of the assessment
Content of the stage:
To check that the documents submitted by the applicant (i.e. the evidence) are sufficient, relevant and consistent to carry out the assessment
If not, the safety certification body (NSA or ERA together with relevant NSAs) may request for additional information (through the „issue log” of the OSS)
The timeframe for the provision of missing evidence is agreed with the applicant
In the case of significant deficiencies or a significant number of minor deficiencies, the timeframe of the stage may be extended (1 month +)
The results of the initial screen are summarized in the initial screen reports
The acknowledgement of completeness is notified through the OSS

61. Stages of the safety assessment process
Pre-engagement
Receipt of application
Initial screen
Detailed assessment
Decision-making
Closing of the assessment
Content of the stage:
To check that the evidence complies with the legal requirements set by the EU legislation (SMS Part) and national ones (notified national safety rules)
If not, the safety certification body (NSA or ERA together with relevant NSAs) may request for additional information (through the „issue log” of the OSS)
The timeframe for the provision of missing evidence is agreed with the applicant
In the case of significant deficiencies or a significant number of minor deficiencies, the timeframe of the stage may be extended (4 month +)
The certification body may carry out an audit or inspection as part of the certification process

62. Stages of the safety assessment process
Pre-engagement
Receipt of application
Initial screen
Detailed assessment
Decision-making
Closing of the assessment
Content of the stage:
Not all identified issues need to be resolved before completing the assessment of the application and issuing the decision:
Issues classified as residual concerns can be checked during supervision
The certificate can also be issued with restrictions or conditions of use
The results of the initial screen are summarized in the initial screen reports
If the Agency is the safety certification body, it aggregates the information form different reports in the final assessment report
This report available in the language of the applicant

63. Stages of the safety assessment process
Pre-engagement
Receipt of application
Initial screen
Detailed assessment
Decision-making
Closing of the assessment
Content of the stage:
To notify the applicant of the safety certification body’s decision
The Notification is made through the OSS
Negative decision means:
Rejection of the application
Issuing of the certificate with restrictions or conditions of use
Negative decision can be subject to review and then subject to appeal and actions before the competent court

64. Stages of the safety assessment process
Pre-engagement
Receipt of application
Initial screen
Detailed assessment
Decision-making
Closing of the assessment
Content of the stage:
Recording lessons learned
Recording all of the relevant documents in the OSS (e.g. invoice)
Formal closing of the application in the OSS (>1 month after the decision)

65. Update, renewal and revocation

66. Update and renewal of the certificate
Certificate update might be needed in case of:
extension of the area of operation or
substantial change proposed to the type or extent of operation or
substantial change to the legal framework if the Agency or the NSA so requires
RU is responsible for engaging with the safety certification body when it plans a change to the conditions under which the single safety certificate was issued. The information provided by an RU shall cover:
Clear description of the planned change
Evidence of the assessment of potential safety risks
The safety certification body (in the case of ERA in agreement with the NSA) informs the RU about the need to update the certificate.
The safety certification body and the NSA(s) shall take proportional approach to the re-assessment based on the degree of changes proposed
Update. Changes can be of technical, operational or organisational nature (see Article 10(13) and Article 10(14) of Directive (EU) 2016/798).
Other possible changes might involve:
The safety regulatory framework (see Article 10(15) of Directive (EU) 2016/798)
The conditions under which the CCS was issued, even if without any impact on the type, extent or area of operation.

67. Update and renewal of the certificate
Changing the type of operation means adding or removing:
Passenger transport (including high speed services)
Freight transport (including dangerous good services)
Shunting services
Changing the extent of operation means increasing or decreasing:
The number of passengers and/or volume of goods
The estimated size of the company in terms of the number of employees (micro, small, medium sized, large)
Renewal of the certificate is required in the case of expiry of its validity
The safety certification body and the NSA(s) shall take proportional approach to the re-assessment (inputs form past assessment and supervision)
Information in the certificate
Context of organisation
The terms “type” and “extent” of operation are defined in Article 3 of Directive (EU) 2016/798

68. Restricting or revoking a single safety certificate
A SSC may be restricted or revoked by the safety certification body that has issued it (either Agency or the NSA).
Such a restriction or revocation happens when the safety certification body is notified that the holder of the certificate no longer satisfies the conditions under which it has been certified.
In case of certificates granted by ERA, such notification always comes from the NSA that is responsible for supervision of the RU.
Furthermore:
If the NSA identifies a serious safety risk it may decide to take proportionate enforcement action, including where necessary suspending the rail operations

69. Restricting or revoking a single safety certificate
Information on restriction or revocation of the certificate
SUPERVISION PROCESS
CERTIFICATION PROCESS
INPUTS
NSA SK
NSA SK
Cooperation between the NSAs
SMS
NSA CZ
INPUTS
NSA CZ
Information that an RU no longer satisfies conditions for certification

70. SSC delivery by ERA: organisational aspects

71. Single safety certificate
Content of the certificate generated in the one-stop shop
Issued certificate automatically transferred to ERADIS
Validity period: maximum 5 years
Validity dates set manually, to accommodate to the expiry date of the previous certificate
Single safety certificate replaces all previous certificates issued by the Member States that transposed the 4th railway package

72. Language and communication
Language of the application:
PART OF APPLICATION COVERING SMS
Any language selected by the Applicant
European Union Agency for Railways
NATIONAL PART OF APPLICATION Language specified by the NSA
(Information in the NSA guide)
SAFETY CERTIFICATION BODY
PART OF APPLICATION COVERING SMS Language specified by the NSA
(Information in the NSA guide)
National Safety Authority
NATIONAL PART OF APPLICATION Language specified by the NSA
(Information in the NSA guide)
Working language:
Agreed communication language within the assessment team (and if agreed also with the applicant). For example for application covering FR + DE + NL it can be English.

73. Language and communication
The exchange of information between the applicant, the Agency and the NSA(s) concerned with the area of operation is managed through the one-stop stop or via other communication channels (phone, videoconferencing, etc.)
The information supporting the decision must be recorded in the OSS, regardless of the form in which it was obtained
Response to issue in the issue log
Minutes of coordination meeting
Report form audit / inspection / visit
The project manager is responsible for coordinating the assessment
This is the contact person for both the applicant and the competent NSAs

74. Language and communication (issues)
Problems / questions are communicated to the Applicant through the ISSUE LOG (in the OSS)
Identified issues are classified based on four types
Type 4 issues lead to the
rejection of application
restrictions or conditions
Type 3 issues may be checked during later supervision
The applicant responds to issues in the ISSUE LOG
(4)
Major non-compliance
(3)
Minor non-compliance or residual concern for supervision
(2)
Observation or remark
(1)
Query
Remarks about the categories of issue:
Type 1 query: the applicant is requested to provide additional information to clarify some aspects of the application file Type 2 observation or remark: left to the judgement of the applicant but this will be checked at renewal
Type 3 minor non-compliance or residual concern: the SSC is granted, but the applicant must sort out the issue according to a timetable agreed with the NSA . The NSA will address the issue during supervision and will indicate to the relevant SCB whether the applicant has addressed the matter either at certificate renewal or if they have not addressed the issue the NSA could request the SCB to restrict or revoke the certificate.
Type 4 major non-compliance due to important absence of information or lack of clarity thereof. Thus, the application cannot be accepted as it stands and a SSC cannot be issued unless the issue is closed

75. Language and communication (audits, visits, inspections)
The authorities involved in the safety assessment may conduct audits, inspections or visits on the site of the applicant in order to:
Collect additional evidence
Close out issues identified within the assessment
Ascertain applicant’s awareness on some areas of concern
Audits, visits and inspections have to be coordinated between ERA, the relevant NSAs
Audits, visits and inspections do neither replace nor duplicate the supervision carried out by the NSAs
AUDITS WITHIN ASSESSMENT = SUPERVISION
Audit: structured intervention where the RU is examined against a particular safety management standard or against a particular audit protocol
Inspection: use of an authorised and competent staff member of the safety certification body or relevant NSA, as appropriate, to examine a particular and limited aspect of the activity of a RU (e.g., establishing compliance with the SMS requirements and the notified national rules, verifying that the process is in place and examining how well it works)
Visits to the site of the applicant: short notice interventions to specific parts of the site of the RU aimed at observing the correct implementation of an SMS procedure
Examples of areas of concern: applications never surveyed by the authority; new applications which the RU asked the SSC renewal for

76. Fees and charges (introduction)
OSS
Fees and charges set at the national level and explained in the NSA Guide CZ 1
NSA CZ
Fees and charges set at the national level for the assessment of CZ part +
NSA CZ
OSS CZ + 2
Fees and charges set at the national level for the assessment of SK part
NSA SK + SK
Fees and charges set in the Regulation 2018/764 for the assessment of SMS
ERA

77. Fees and charges (applications submitted to ERA)
Regulation 2016/796 (ERA Regulation)
The level of fees and charges (...) should cover the full cost of services delivered
The fees and charges should be equal to or lower than the current average
Regulation 2018/764 (Fees and charges)
The fees and charges payable to the Agency should be set in a transparent, fair and uniform manner, in particular with the objective of simplification. They should not result in the imposition of unnecessary financial burden on enterprises and should not jeopardise the competitiveness of the European railway sector.
The Agency shall, at the request of the applicant, issue a non-binding estimate of the amount of the fees and charges related to the application / pre-engagement. ERA and NSA(s) shall:
monitor the cost vs. the estimate
inform the applicant when the costs risk exceeding the estimate by >15%

78. Fees and charges (applications submitted to ERA)
NSA 1
NSA 2
NSA 3 + +
(No. of hours) x (… EUR)
Flat rate of …. CZK
No fee
STATEMENT OF COSTS
STATEMENT OF COSTS +
(No. of hours) x (130 EUR)
Denominated in EUR.
Number of hours (ERA)
Cost of each of the NSAs
Right to appeal (BoA)

79. Fees and charges (workload estimate and reporting)
Workload estimates:
Generic workload estimates for each type of project (80 hrs.– 320 hrs.)
Adapted individually for each submitted application by the Project Manager
Workload reflected in the MS Project planning
Workload reporting:
Daily basis
MS Project as a reporting tool
Verification and validation by the Project Manager / Programme Manager

80. Means of appeal
In case of issuing a negative decision (refusal of the single safety certificate or issuing a certificate with restrictions other that those requested in the application) following means of appeal are available:
Request a review of the application (in the OSS)
Appeal to an appeal body
In case of applications to ERA: Board of Appeal
In case of applications to NSA: national appeal body for the concerned MS
Actions for the annulment
In case of applications to ERA: Court of Justice of the EU
In case of applications to NSA: national court
The applicant must first submit a request for the review of the decision taken by the authority before lodging an appeal
The case can be brought before the EU Court of Justice only if all other remedies (review, appeal) have been exhausted.

81. Means of appeal Timeframe for an appeal (applications to ERA) T0 T0+1m
2 months for ERA
3 months for BoA T0
T0+1m
T0+3m
T0+5m
T0+8m
T0+8m
Negative decision
Request for review
The Agency confirms or reverses its decision
Appeal
Findings of the Board of Appeal
Final decision taken by the Agency
* Deadlines

82. Introduction to the OSS

83. One-stop shop (applicants’ perspective)
OSS = IT tool supporting all applications
Allows submission of applications
Allows communication on issues
Allows update of application
Allows issuing of the SSC
All applications addressed to ERA or NSA have to be submitted through the OSS
It’s recommended to submit applications at least 6 months in advance to
Expiry date of current certificate
Starting date of new operations

84. One-stop shop (applicants’ perspective)
All applicants follow the self-registration process
Registration process is individual (registration of a person not an entity)
RUs are invited to set their internal rules for applying through the OSS
Who is entitled to draft and submit the application
How is the continuity of processing of application is ensured
How access to previous files is ensured in the case of staff turnover
Potential solution:
Register a number of users
Appoint one user as a „lead user”
Initiate all applications by the „lead user”
Share initiated applications with other registered users (the same rights)

85. One-stop shop (applicants’ perspective)
Application process in 5 steps with 2 sub-steps: 1
Fill in the application form (organizational data + scope of the request) 2
Upload evidence for establishing of the safety management system
Map uploaded evidence with all SMS and TSI OPE requirements 3
Upload evidence for compliance with notified national safety rules
Map uploaded evidence with the requirements in the national rules 4
Upload additional documents (e.g. financial or administrative ones) 5
Check the content of your application and submit it

86. One-stop shop (applicants’ perspective)
Navigation tab: 1 2 3 4
1. Application: preview of the submitted application + update through issue
2. Issues: issues logged by the assessment team + responses to issues
3. Dashboard: progress of the assessment (key milestones)
4. Library: all documents (application file + assessment file)

87. One-stop shop (applicants’ perspective)
Application issues:
Issue log:
To get to know the issue
To understand if update of an application is required
To reply to issue

88. One-stop shop (applicants’ perspective)
OSS to be available in all languages. The pre defined language is the language of the internet browser used by the user. But this may be easily changed either at log-in stage or later (see upper right box with language selection or user profile at later stage).