Canada Gazette, Part I, Volume 160, Number 17: Regulations Amending the Canadian Aviation Security Regulations, 2012 (Security Program for Air Carriers)

April 25, 2026

Statutory authority
Aeronautics Act

Sponsoring department
Department of Transport

REGULATORY IMPACT ANALYSIS STATEMENT

(This statement is not part of the Regulations.)

Executive summary

Issues

Canada was subject to an ICAO audit of aviation security provisions in 2016. At that time, Canada did not require air carriers to establish written security programs, and Canada therefore received a finding from ICAO auditors relating to standard 3.3.1 of ICAO Annex 17. The finding directed Canada to “Continue with the regulatory revision of national-level documentation to require all aircraft operators providing service from Canada to establish, implement and maintain a written AOSP [Aircraft Operator Security Program] that is consistent with Canada’s national requirements”. In response to this finding, Canada filed a “difference”^{footnote 3} with ICAO in August 2017 to explain the differences between the standards and Canada’s approach. In this filing, Canada acknowledged the gap and explained that it was considering formalizing a requirement for air carriers operating international flights from Canada to establish, implement and maintain a written AOSP that reflects aviation security procedures as they are applied to aircraft operations from Canada. Canada refiled the difference for standard 3.3.1 in November 2018, July 2020 and in November 2022. A difference was also filed for standard 3.3.2 in November 2022, when it came into effect through Amendment 18 of ICAO Annex 17 – Aviation Security; Standard 3.3.2 did not exist at the time of the 2016 audit. The proposed Regulations would increase Canada’s alignment with these standards.

To better align Canada’s aviation security framework with international standards and provide certain categories of Canadian air carriers with a robust security program that would be recognized by ICAO Member States, amendments to the CASR 2012 are needed to compel those air carriers to establish, implement and maintain a written security program that meets the requirements of Canada’s National Civil Aviation Security Program (NCASP).

Many destinations for international flights departing from Canada, including the United Kingdom, the European Union, and the United States (U.S.), have already established requirements that align with standards 3.3.1 and 3.3.2 of ICAO Annex 17. In addition, air carriers that are members of the International Air Transport Association (IATA) are required to have an AOSP.

Background

ICAO

The Convention on International Civil Aviation (hereinafter referred to as the Chicago Convention) is a foundational agreement that established the principles and framework for international air travel. It was signed in Chicago in 1944 and led to the creation of ICAO, a specialized agency of the United Nations. The Chicago Convention was initially signed by 52 countries, including Canada, and has grown to include 193 Member States. These countries commit to working collectively and diplomatically to establish new international standards and recommended practices (SARPs^{footnote 4}) for international civil aviation to help mitigate the risk of acts of unlawful interference that threaten the aviation industry.^{footnote 5} Member States also agree to align their regulations with ICAO standards to the greatest extent possible. Establishing common approaches to issues improves aviation security by promoting best practices, facilitating adoption, and reducing duplication of effort by aviation stakeholders.

The international requirement for aircraft operators to develop a security program was included in the first edition of ICAO’s Annex 17 in 1974, and subsequent versions of the annex expanded significantly on the initial scope. The requirement for a security program is based on the principle that aircraft operators have a responsibility to their employees and the travelling public to conduct secure operations. An air carrier’s written security program forms part of a much broader security framework that includes the protection of aircraft, aircraft maintenance areas and other restricted areas, and security measures for transit operations, baggage, cargo, mail and catering.

As part of Annex 17, ICAO standards 3.3.1 and 3.3.2 require that all Member States ensure that commercial air carriers operating international air transport flights (domestic and foreign, operating to and from that state) have a written security program that meets the requirements of the member’s national civil aviation security program.^{footnote 6} Standards 3.3.1 and 3.3.2 are intended to provide states a clear mechanism for oversight and accountability so that aircraft operators are prepared for regulatory compliance and can identify and mitigate security vulnerabilities in operations, thereby reducing the risk of unlawful interference.

Standard 3.3.1 provides: “Each Contracting State, as the State of the Operator, shall ensure that its commercial air transport operators have established, implemented and maintained a written aircraft operator security programme that meets the requirements of the national civil aviation security programme of the State of the Operator”.^{footnote 9}

Standard 3.3.2 provides: “Each Contracting State shall require foreign commercial air transport operators providing service to and from that State to establish, implement and maintain written supplementary station procedures that meet the requirements of the national civil aviation security programme of that State”.^{footnote 7} In Canada, this standard requires foreign air carriers to demonstrate that they meet Canada’s NCASP, with any differences between their written AOSP and Canada’s NCASP provided in a supplementary station procedure (SSP).

Canada collaborates with ICAO, other states, and international organizations to develop security standards of ICAO Annex 17 and promote compliance to them, to mitigate risks and threats to commercial aviation. Member States also commit to implementing these standards to the greatest extent possible.

ICAO audits

ICAO audits the aviation safety and aviation security oversight capacities of its 193 Member States. These audits are carried out under ICAO’s Universal Safety Oversight Audit Programme (USOAP) for safety-related activities in civil aviation, and the Universal Security Audit Programme (USAP) for activities pertaining to aviation security. An ICAO audit of Canada’s aviation safety framework was conducted in May and June 2023. This audit evaluated the effectiveness of Canada’s regulatory system and its alignment with international norms. This audit did not include Canada’s aviation security framework, which is assessed separately under a distinct ICAO audit process and aims to ensure that Canada’s aviation system meets or exceeds international standards. Transport Canada (TC) anticipates that ICAO will audit its aviation security framework in 2026.

When ICAO undertakes an audit and identifies a gap between an ICAO standard and the Member State’s regulatory framework, they will issue either a significant security concern (SSeC) or a general finding. The SSeC is a mechanism ICAO utilizes to address the most significant security concerns and is issued by ICAO when it feels a country is permitting aviation activities to continue despite gaps in minimum security requirements related to critical aviation security controls. Examples of critical controls include screening and protection from unauthorized interference of passengers, cabin and hold baggage; security of cargo and catering; access control to restricted and security-restricted areas of airports; and security of departing aircraft. For misalignments with standards that are considered less critical, such as documentation and training, or for standards that have been more recently established and may require more time for implementation, ICAO issues a general finding that includes a request for a corrective action plan and timeline.

Aviation security in Canada

Canadian airports support the movement of over 37 000 registered aircraft (operated by licensed air carriers in Canada), with over 150 million passengers enplaned and deplaned, and over 1.5 million tonnes of cargo loaded and unloaded per year.^{footnote 8} As part of a broader role overseeing activity in the air sector, TC is responsible for aviation security in Canada. The Department develops, implements, and oversees Canada’s civil aviation security program. The program manages risks to the aviation system using a set of policies, regulations and security measures to protect air travel and trade.

Canada has a NCASP that exists as a framework of regulatory instruments, policies, and oversight mechanisms. This framework defines the extent to which Canada meets the SARPs of ICAO Annex 17 and relevant sections of other annexes.

Canada’s NCASP is operationalized through

• the CASR 2012, which mandate compliance with security requirements by regulated entities;
• supplementary instruments such as measures specific to regulated entities and respective guidance;
• TC approved security programs for airports, air carriers, and other stakeholders; and
• the National Oversight Plan, which outlines monitoring, audit, and enforcement activities.

However, to align with international standards, Canada’s existing aviation security framework will need to be enhanced in the areas of security awareness and establishing a security-focused culture through comprehensive risk assessments; development of strategic security plans to mitigate risks; holding mandatory discussion-based exercises; and undertaking audits.

Objective

The objective of the proposed Regulations would be to contribute to a safe and secure aviation industry through increased alignment of the Canadian aviation security framework with that of the international aviation community with the adoption of ICAO standards that Canada helped develop. The proposed Regulations would facilitate the interpretation of existing regulatory requirements, introduce new security measures, and enhance the enforceability of air carrier security programs.

Description

The proposed Regulations would require certain Canadian air carriers to establish, implement and maintain a SPAC that complies with Canada’s aviation security regulations and the security measures set out in Canada’s NCASP. Air carriers operating out of foreign countries would also be required to demonstrate that their security programs align with Canada’s NCASP.

Overall, an air carrier’s security program would need to address requirements that exist in the CASR 2012, as well as related security measures, provided only to authorized parties for operational security reasons. The proposed Regulations would amend the CASR 2012 by adding new requirements to Part 9 that would only apply to air carriers who are required to develop a security program. In addition, changes would be made to existing regulatory requirements in Part 8 of the CASR 2012 to improve their alignment with ICAO standards. It should be noted that the Part 8 requirements apply not only to air carriers required to submit a SPAC, but also to other, generally smaller, air carriers that are not required to submit a written security plan.

The proposed Regulations would require that security plans include the security elements specified by ICAO, such as the need for a designated accountable executive and a security official; the provision of qualified training instructors; and the need for a risk assessment (including a threat, vulnerability and impact assessment) and mitigation strategies; an emergency plan, including a yearly discussion-based exercise; and quality control activities, including for services provided by contractors.

Applicability

The new SPAC requirements would apply to air carriers that offer an air transport service that meets the following criteria:

• a flight is operated by a scheduled commercial service aircraft;
• a flight is operated under a Canadian foreign air operator certificate (FAOC), or the aircraft is one for which a Canadian air operator certificate (AOC) has been issued authorizing the transport of 20 or more passengers and that has a maximum certified take-off weight of more than 8 618 kg; and
• a flight departs or arrives at aerodromes designated for passenger screening by a screening authority.

Coming into force — existing air carriers

Canadian and foreign air carriers operating international flights to and from Canada would be required to obtain security program approvals within three years after the publication of the proposed Regulations in the Canada Gazette, Part II. Air carriers currently operating in Canada would be permitted to continue operating in Canada throughout the submission and review process of their security programs.

Prohibition for new air carriers to operate in Canada without an approved SPAC

On the third anniversary of the day on which the proposed Regulations are published in the Canada Gazette, Part II, any new in-scope air carriers operating international flights would be prohibited from starting to operate an air transport service in Canada without first obtaining the Minister of Transport’s approval of elements of their security plan that demonstrate they have key security elements in place.

In order to begin operating an air transport service that is subject to the new SPAC requirements, a new air carrier would need to demonstrate to the Minister (in writing) that it

• has defined and documented the security-related roles and responsibilities assigned to each of the air carrier’s employee groups and contractor groups. The air carrier would also be required to submit a document that sets out how it plans to communicate this information to the employee groups and contractor groups;
• has established and documented the procedures related to aircraft security and baggage reconciliation;
• has designated at least one accountable executive, one security official and one acting security official; and
• has the ability to provide training to its security personnel. This would be achieved by submitting a training plan that sets out how the air carrier plans to deliver training to its security personnel and how it will ensure that the instructors who provide that training have the qualifications required.

In addition, the new air carrier would also need to receive approval from the Minister for

• its risk assessment;
• its strategic security plan; and
• its emergency plan.

Elements of a security program

Introduction of new security requirements — Part 9 of the CASR 2012

The proposed Regulations would introduce new requirements in the CASR 2012 for air carriers. The following provisions would be contained in Part 9 of the CASR 2012 and would only apply to air carriers that operate certain types of air transport service. Under the proposed Regulations, air carriers would need to

• define and document security-related roles and responsibilities in their organizations and communicate this information to their employees and contractors;
• designate an accountable executive responsible for ensuring the implementation of the air carrier’s security program and a security official who would be responsible for coordinating and overseeing the security program for the air carrier, among other things;
• ensure that training instructors, including those from contractors, are qualified and that they undergo an evaluation every two years;
• perform a risk assessment (including a threat assessment, a vulnerability assessment and an impact assessment) and develop an associated strategic security plan that includes a strategy to prepare for, detect, prevent, respond to and recover from acts or attempted acts of unlawful interference with civil aviation, and a risk-management strategy that addresses medium to high aviation security risks. If the Minister does not approve the air carrier’s security risk assessment or the strategic security plan, the air carrier must amend the assessment or plan until the Minister is satisfied that the conditions set out for the assessment or plan in the CASR 2012 are met. At least once a year, air carriers must review their security risk assessments and plans. At least once every five years, air carriers would be required to resubmit their security risk assessments and their strategic security plans to the Minister;
• establish an emergency plan that sets out how to respond to acts of interference. Unless an operations-based exercise is carried out during the year, or an emergency happened that triggered the emergency response procedures, implement a yearly discussion-based security exercise and test the effectiveness of the air carrier’s emergency plan against acts of unlawful interference with civil aviation;
• conduct an internal audit once a year of at least one of the air carrier’s security-related procedures, selected by taking into account the security risks that the air carrier has prioritized, and assess the extent to which the procedure is effective in identifying and addressing aviation security risks that the air carrier faces; verify the extent to which its security personnel are complying with that procedure; identify deficiencies and their root causes and contributing factors; and identify areas for improvement. All security-related procedures must be audited at least once every five years;
• verify that all security personnel, including employees and contractors, comply with the obligations under the air carrier’s security program, as well as with the regulatory requirements included in the security measures;
• establish and document procedures related to aircraft security, including the requirements referred to in Part 8 of the CASR 2012 or in a security measure, and reconciliation between checked baggage and passengers;
• ensure that documentation related to its security program is accessible to the Minister on reasonable notice given by the Minister; and
• ensure that documentation related to its risk assessment, strategic security plan and internal audits is kept for a minimum of five years, that training records are kept for one year, and that instructor qualification records are kept for two years.

Introduction of additional training requirements

Although training provisions pertaining to an air carrier’s personnel already exist in security measures, new training provisions related to an air carrier’s personnel would be introduced in Part 9 of the CASR 2012. The provisions would apply only to air carriers operating certain types of air transport services. Affected air carriers would be required to ensure that

• all its employees and contractors receive aviation security awareness training that promotes a culture of vigilance;
• its security personnel receive initial training in relation to a role or responsibility they hold before carrying out any such security-related role or responsibility. Initial training requirements would not apply in respect of (1) security personnel who are employed on the coming into force of the proposed Regulations for any topic for which they have already received training, and (2) an employee of the air carrier who has been authorized to occupy a flight attendant station in accordance with paragraph 705.221(1)(c) of the Canadian Aviation Regulations;
• security personnel receive annual training as well as follow-up training in certain instances, such as when there are changes to governing international instruments, changes to regulations or processes/procedures, or when a shortcoming in their performance of a security-related role or responsibility has been identified;
• security personnel are evaluated after every training session and that training records exist for each employee and contractor that include their marks for the latest session they attended; and
• on-the-job training is provided by a person who has received that same training or has significant experience working as a member of security personnel in the subject matter covered by the training and in the same work environment as where the member receiving the training carries out their duties.

Updates to existing security requirements — Part 8 of the CASR 2012

The proposed Regulations would expand on the following provisions in Part 8 of the CASR 2012 to better align them with ICAO requirements for secure air carrier operations. The procedures for the aircraft security requirements, including those in Part 8, would need to be included in an air carrier’s security program and would also apply to air carriers who are not required to have an approved SPAC (such as an operator of flights with fewer than 20 passengers).

With respect to goods on the aircraft, the proposed Regulations would require that an air carrier remove, after each flight, all goods left on board the aircraft by a passenger that has disembarked.

With respect to measures related to the carriage of weapons, the proposed Regulations would require

• that an unloaded firearm tendered to the air carrier for transportation cannot be accessed throughout the flight;
• that a written declaration be provided by the person tendering the firearm to the air carrier stating that the firearm is unloaded. This update is required, as the existing CASR 2012 do not require that the declaration include whether the firearm is unloaded; and
• that the pilot-in-command and crew be informed that a person carrying or with access to a firearm is on board the flight and where that person is seated. This update is required, as the existing CASR 2012 do not require that the pilot/crew be advised of the seat location.

With respect to measures related to passengers in the custody of an escort officer, the proposed Regulations would

• establish and implement procedures to ensure the safety of an aircraft and those on board when transporting a person in the custody of an escort officer. Such procedures are not required under the existing CASR 2012; and
• inform the pilot-in-command of the seat locations of passengers on board who are in the custody of an escort officer. The existing CASR 2012 do not require that the pilot be advised of the specific seat location of such passengers and their escorts.

Supplementary station procedures

Pursuant to ICAO standard 3.3.2, air carriers coming from other Contracting States must have a written security program that aligns with the Member State’s NCASP. As a result, foreign air carriers who demonstrate that the content of their written security program is aligned with Canada’s NCASP need not provide an SSP to fly into Canada. However, under the proposed Regulations, if there are differences between a foreign air carrier’s security program and Canada’s NCASP, an SSP would need to be prepared and submitted through the Canadian secure portal to demonstrate security program compliance with Canada’s regulatory framework.

Regulatory development

Consultation

The need for additional measures to maintain alignment with existing and evolving ICAO standards and best practices was re-evaluated after differences in response to ICAO’s 2016 audit were filed in 2017. Discussions with stakeholders on Canada’s intention to align its regulatory regime with ICAO’s requirements for a security program for air carriers began in 2021.

The development of a SPAC proposal was first announced at TC’s Advisory Group on Aviation Security (AGAS) forum in March 2021. AGAS membership includes airports, air carriers, the Canadian Air Transport Security Authority, the Canada Border Services Agency, the Canadian Airports Council, the Air Transport Association of Canada (ATAC), cargo entities, TC’s Explosives Detection Dog and Handler Team, and in-flight suppliers of food, beverage, comfort, and safety items.

Since then, discussions with partners and stakeholders have continued at this forum and other related TC and industry-led technical committees and working groups. In addition, consultations took place with certain air carriers (domestic and foreign) and Canadian associations via the creation of the Air Carrier Security Program Working Group in September 2022 at three sessions.

While stakeholders did not express concerns with the requirement that air carriers have written security programs, feedback was received regarding specific elements of the proposal.

All 97 air carriers affected by this regulatory proposal have had the opportunity to be part of TC’s engagement efforts with industry. As part of this engagement, TC sent out a communication through the Transport Canada Secure Communication Portal (TCSCP) to affected air carriers (Canadian-owned and foreign) on October 7, 2024, which provided air carriers with an additional opportunity to provide their views, perspectives, or any concerns that they may have regarding the proposal. TC received seven responses from air carriers (six from foreign air carriers and one from a Canadian air carrier), and all indicated that they have already implemented security programs which they believe align with ICAO standards and protocol questions.

On November 5, 2024, a representative of TC attended the ATAC conference in Vancouver, Canada, and made a presentation on the SPAC proposal. No concerns were raised by industry stakeholders in attendance.

On December 4, 2024, the Air Carrier Security Program Working Group met again, along with some additional foreign air carriers, for a presentation on the proposed Regulations. During the presentation, TC heard the following comments:

• Many air carriers operating internationally already have an ICAO-aligned security program that has been approved either by their country of origin or another country in which they operate. They would prefer to submit a previously approved plan in its current format, and file differences with Canada’s requirements through an SSP. The requirement to develop a new document to demonstrate alignment with Canada’s requirements would be burdensome for air carriers.
• It would be helpful if Canada recognized the security plans developed for the IATA Operational Safety Audit Program or other international organizations rather than require air carriers to submit their security program in a specified format.
• More clarity is needed on requirements and approval processes for the individual elements of the security plan, such as for the risk assessment and emergency plans.

Engagements with industry associations in 2025 advised that a requirement to develop a written security program would be a significant regulatory burden for air carriers who only operate domestic flights due to limited resources and the high-cost relative to the size of their operations. Furthermore, the ICAO standard provides flexibility when it comes to domestic operations, which should be included “to the extent practicable, based upon a security risk assessment.”

As a result of this feedback, the application of changes to Part 9 of the CASR 2012 would only apply to certain categories of air carriers operating international flights. In addition, TC will evaluate options for submitting a SPAC that may not require the air carrier to reproduce previously approved security programs. TC will also ensure guidance and communications provide greater clarity on how to develop an approved security program.

Indigenous engagement, consultation and modern treaty obligations

In accordance with the Cabinet Directive on the Federal Approach to Modern Treaty Implementation, analysis was undertaken to determine whether the proposed Regulations are likely to give rise to modern treaty obligations. The assessment examined the geographic scope and subject matter of the regulatory proposal in relation to modern treaties in effect and no implications or impacts on modern treaties were identified.

A United Nations Declaration on the Rights of Indigenous Peoples Act assessment was conducted to identify any potential impacts of the proposed Regulations on the rights and interests of Indigenous peoples. No direct, indirect, hidden, or unintended effects were found. The proposed Regulations do not intersect with the rights and interests of First Nations, Inuit and Métis Peoples as set out in the United Nations Declaration.

Instrument choice

A review by TC established that regulatory amendments to the CASR 2012 are required to improve the alignment of the CASR 2012 with ICAO standards regarding security programs for air carriers. While guidance documents play a complementary role in helping industry interpret regulated requirements and providing practical methods for implementation, guidance is not legally binding or enforceable. Past audits and communications with ICAO confirm that regulated and enforceable obligations are required. The use of regulations establishes clear requirements that industry is required to follow to operate in Canada. No non-regulatory options were considered.

Regulatory analysis

The proposed Regulations would result in costs to air carriers as well as to TC. Canadian air carriers would carry present value estimated costs of $2.9 million over a period of 12 years from 2027 to 2038, while TC would carry present value costs of $4.3 million over the same time frame. In total, the present value cost of the proposed Regulations would be approximately $7.2 million. The associated benefits would include an additional layer of security to help mitigate or avoid future threats, as well as the reputational and business-related benefits of aligning with international standards.

Analytical framework

The costs and benefits of the proposed Regulations have been assessed in accordance with the Policy on Cost-Benefit Analysis of the Treasury Board of Canada Secretariat (TBS) by comparing the baseline scenario against the regulatory scenario. The baseline scenario depicts what is likely to happen in the future if the Government of Canada does not implement the proposed Regulations. The regulatory scenario provides information on the expected outcomes of the proposed Regulations.

The analysis considers the impact of the proposed Regulations over a 12-year period from 2027 to 2038, to account for the coming-into-force period provided to air carriers. A year in this analysis constitutes a 12-month period starting from the registration date of the proposed Regulations indicated in the Canada Gazette, Part II (expected in 2027) to the same date in the following year. Unless otherwise stated, all values are expressed in 2024 Canadian dollars and are discounted to the base year of 2027 at a 7% discount rate. Note that some values presented in the text may not add up exactly due to rounding. Costs and benefits are considered for domestic stakeholders only; any costs or benefits to foreign stakeholders are considered outside the scope of this analysis.

The formula used to calculate annualized values under the cost-benefit statement and the small business lens follows the methodology prescribed in Canada’s Cost-Benefit Analysis Guide for Regulatory Proposals where impacts occurred in the first period are undiscounted.

Affected stakeholders

In total, it is anticipated that 97 air carriers would be affected by this regulatory proposal, comprising 16 Canadian air carriers that operate internationally and 81 foreign air carriers. The impact of implementing the proposed Regulations for foreign air carriers is not included in the analysis.

TC would also be impacted by the proposed Regulations, as described in the sections below.

The travelling public and businesses in Canada would benefit from enhanced security in the aviation system.

Baseline and regulatory scenarios

Part 8

In the baseline scenario, it is assumed all air carriers operating in Canada implement the existing requirements in Part 8.

In the regulatory scenario, for the air carriers outlined in the “Affected stakeholders” section above, there would be an additional need to submit to TC documented procedures relating to measures set out in Part 8, including for the carriage of weapons and passengers in the custody of an escort officer. For all other air carriers not identified above, it is assumed that there would be no incremental effort required to comply.

Part 9

In the baseline scenario, it is assumed that air carriers who are in scope would continue to operate according to their current regulatory obligations — both Canada’s and those of the States of their international destinations. Based on this, it is estimated from stakeholder consultations that stakeholders operating internationally would already be complying with most of the proposed provisions in Part 9, as these provisions are also elements of the security programs required by other nations. This includes the Canadian-based air carriers that fly internationally.

Air carriers operating internationally that are members of IATA are expected to have some compliance with the proposed Regulations, given IATA requires that they have an AOSP. However, they will likely need to adjust practices and/or documents to reach full compliance with the proposed Regulations by the coming-into-force date and would have until three years from the date of publication of the proposed Regulations in the Canada Gazette, Part II to comply.

Costs

The proposed Regulations would result in costs to air carriers as well as to TC. Canadian air carriers would bear estimated costs of $2.9 million over a period of 12 years from 2027 to 2038, while TC would bear costs of $4.3 million over the same time frame. In total, the cost of the proposed Regulations would be approximately $7.2 million.

Industry costs

Air carriers in-scope of the proposed Regulations would bear costs associated with the development and ongoing work for their security programs. The total cost for industry would be $2.91 million over the analytical time frame.

Time estimates provided in the “Industry costs” section were derived from consultations related to the cost-benefit analysis with air carriers and TC subject matter experts. Estimates of level of effort represent the average time across all air carriers, noting that the size and complexity of each organization could impact the effort. This means that some air carriers may require more time and others less time, but the average is used in calculations. All tasks described in this section would be completed by a security manager or a person in a similar position, with an estimated hourly wage of $76.91 (including 25% overhead).

Since air carriers would be required to be in compliance three years from the date of publication of the proposed Regulations in the Canada Gazette, Part II, and because work would be required in advance of that date, the initial compliance year is assumed to be the third year of the analysis.

General security program documentation

Each air carrier in-scope of the proposed Regulations would need to do general document keeping in the first year of submission and every second year after that, as well as in the fifth year following the initial submission. It is estimated that this would require roughly 15 minutes of effort each time. This cost would occur in years 4, 6, 8, 9, 10 and 12 of the analytical time frame. Additionally, documentation would periodically need to be made available to the Minister, assumed to occur on average three times per year beginning in the first year after the air carrier’s initial submission, with an effort to the air carrier of 30 minutes each time. The total cost of these tasks across all air carriers would be $13,351.

Initial obligations

Each air carrier in-scope of the proposed Regulations would have various initial obligations in order to come into compliance. These obligations would include defining and documenting security-related roles and responsibilities, designating accountable officials, communicating this information internally, and initial providing of the security program to the Minister, in the required format. All these tasks would be expected to occur once in the year of the first submission for each air carrier. The first three tasks are estimated to take 15 minutes each, for a total of 45 minutes per air carrier. The initial submission of the security program would take eight hours. The total cost across all air carriers of the tasks related to security program initial obligations would be $9,404.

As discussed in the “Baseline and regulatory scenarios” section, air carriers would need to provide the documented procedures from Part 8 of the CASR 2012. It is expected that this task would take each air carrier two days (15 hours) and that the effort would occur once in the year of first submission of the procedures for each air carrier. The total estimated cost across all air carriers of submission of Part 8 documented procedures would be $16,122.

Training

Air carriers in-scope of the proposed Regulations would need to perform various tasks related to the training of security instructors within each organization. These tasks include providing security instructor information to TC, evaluating those instructors biannually, initially updating training for security personnel, and updating security training periodically. The total cost associated with training would be $0.15 million for all in-scope air carriers, which is further broken down in the following paragraphs.

In the coming-into-force year, air carriers would need to provide TC the résumé of each security instructor within their organization and a brief justification of how they meet the qualification requirements. This task would not be expected to take air carriers long, roughly three hours for smaller organizations (6) and eight hours for larger organizations (10). The total cost associated with providing résumés and justifications is estimated to be $6,583.

Air carriers would also need to evaluate their instructors every two years, beginning two years after their respective initial coming-into-force date. On each occasion, this evaluation would be expected to take roughly 16 hours for smaller organizations (6) and 35 hours for larger organizations (10). The total estimated cost of these evaluations is $86,424 across all air carriers.

Air carriers would need to initially update their current training programs to include material for all security personnel. This task would take 35 hours and would be completed in the coming-into-force year for each air carrier. Additional updates to follow-up training would be required for air carriers and would be expected to occur, on average, every three years after the initial coming-into-force date for each carrier. On average, it is expected that these updates, when required, would require 8 hours of effort. The total estimated cost of the initial and subsequent updates is $55,043 across all air carriers.

It is not expected that there would be any incremental opportunity costs associated with training for security personnel, as these employees already do annual recurring training and the proposed Regulations would not increase the overall length of this training, only update some of the material. Since the proposed Regulations provide at least one full year of transitional time for all air carriers, security personnel would be able to attend updated training at the time of their annual recurring training.

Risk assessments

Affected air carriers would be required to implement a risk assessment process. This would require undertaking tasks such as risk assessment development and submission, processing of TC feedback, annual review, internal verification, and resubmissions. The total cost associated with risk assessments for all air carriers is estimated to be $0.51 million, which is further broken down in the following paragraphs.

It is expected that the initial development of an air carrier’s risk assessment would take approximately 225 hours (six weeks). This incremental difference considers the level of risk assessment work that an air carrier has completed in the baseline scenario, often to adhere to international standards and/or rules and regulations in countries where they conduct flights. It is estimated that this cost would occur in the year of initial compliance. The total cost of the initial development of the risk assessments for all air carriers is estimated to be $0.24 million.

The initial risk assessment would need to be submitted to TC, with some expected discussions between the Department and the air carrier before approval. It is estimated that the submission process could take an average of 22.5 hours (three days) and that this cost would occur in the year of initial compliance. The total cost of submission of the risk assessments for all air carriers is estimated to be $24,183.

Air carriers would need to do an annual review and internal verification of their risk assessments as part of the proposed Regulations. It is estimated that this process would begin in the year after the initial coming into force for each air carrier and take an annual average of 22.5 hours (three days). The total cost of annual reviews of risk assessments for all air carriers is estimated to be $0.16 million.

It would be required that air carriers resubmit their risk assessments every five years. This resubmission is assumed to take place five years following each air carrier’s initial submission and is estimated to take them 112.5 hours (15 days). Of this effort, two days would be associated with the submission and subsequent communications between the air carrier and TC before approval. The total cost of resubmission of the risk assessments for all air carriers is estimated to be $86,210.

Strategic security plans

All affected air carriers would need to develop a strategic security plan. This would require undertaking tasks such as the initial development and submission of the plan, processing of TC feedback, ongoing amendments, and resubmissions. The total cost associated with strategic security plans for all air carriers is estimated to be $0.51 million.

It is expected that the initial development of an air carrier’s strategic security plan would take approximately 225 hours (six weeks). The total cost of the initial development of the strategic security plans for all air carriers is estimated to be $0.24 million.

The initial strategic security plan would need to be submitted to TC, with some expected discussions between the Department and the air carrier before it is finalized. It is estimated that this submission process could take an average of 22.5 hours (three days). The total cost of submission of the strategic security plans for all air carriers is estimated to be $24,183.

Additionally, air carriers would be required to do an annual review and quality control of their strategic security plan. It is estimated that this process would begin in the year after initial coming into force for each air carrier and take an annual average of 22.5 hours (three days). The total cost of annual reviews of the strategic security plans for all air carriers is estimated to be $0.16 million.

Air carriers would be required to resubmit their strategic security plan every five years after each air carrier’s initial filing. It is estimated this resubmission would take 112.5 hours (15 days). Of this effort, two days would be associated with the submission and subsequent communications between the air carrier and TC before it is finalized. The total cost of resubmission of the strategic security plans for all air carriers is estimated to be $86,210.

Emergency plans and exercises

All air carriers in scope of the proposed Regulations would need to develop emergency plans and conduct discussion-based security exercises. These requirements would entail efforts related to initial submission and approval, annual reviews, periodic amendments, emergency records, exercise preparation, execution and documentation. The total cost associated with emergency plans and security exercises for all air carriers is estimated to be $0.87 million.

It is expected that the initial requirements related to emergency plans would take approximately 30 hours for each air carrier in the year they would need to comply. These initial requirements would involve setting out the procedures to follow in the event of bomb threats, hijacking, or other acts of unlawful interference. These procedures would dictate roles and responsibilities and actions to be taken by security personnel based on different situations. The total cost of these initial requirements for all air carriers is estimated to be $32,244.

The emergency plans would need to be submitted to TC, and this would take each air carrier approximately half a day (3.75 hours) in the year they would need to comply. The total cost of submission of the emergency plans for all air carriers is estimated to be $4,030.

The emergency plans would need to be reviewed annually and amended where needed. It is expected that this review would take each air carrier approximately one day (7.5 hours) in each year following the year of initial compliance. The total cost of review and amendments of emergency plans for all air carriers is estimated to be $52,519.

Air carriers would need to create records of each time there is a threat to aviation security, including a description of the threat, an evaluation of their emergency plan’s effectiveness in dealing with the threat, and any actions planned to address identified deficiencies. These threats could involve very concentrated types of events, such as the discovery of a prohibited item, or larger events, such as a cyber breach or the discovery of an improvised explosive device. For all impacted air carriers, it is expected that these types of records and evaluations are already being completed, but there may need to be some minor amendments to ensure adherence to the proposed Regulations. Based on internal TC data, there are an estimated 15 incidents in scope annually that would require reporting. Given the level of effort in the baseline scenario, it is expected that each report would require an incremental increase of approximately 30 minutes on average. To simplify the analysis, it is assumed that each carrier has one incident per year requiring reporting.^{footnote 10} Air carriers would begin preparing these reports upon their respective coming-into-force dates. The total cost of emergency reporting for all air carriers is estimated to be $4,039 over the analytical time frame.

Air carriers would need to conduct or take part in security exercises on an annual basis to test the effectiveness of their emergency plans when responding to acts of unlawful interference. The annual requirement could be complied with in three ways: exercises could be done in a discussion-based format; the air carrier could participate in an operations-based exercise conducted by the operator of an aerodrome; or the air carrier could implement the emergency plans to respond to a genuine threat. It is assumed that most of the time, air carriers would satisfy this requirement through discussion-based exercises. The other two options, if completed, are needed under the baseline scenario and therefore no incremental cost is expected. For the purpose of the analysis, based on the assumptions outlined, it is assumed that air carriers would carry incremental costs associated with discussion-based exercises on four occasions within each five-year span. The preparation and execution of the exercises are estimated to take five days of total effort each time. The security exercises are expected to take on average half a day (3.75 hours) and would require the effort of various employees. Larger air carriers (10) would be expected to involve an average of 15 people, while smaller carriers (6) would involve an average of 8 people. Additionally, approximately three days of total effort would be required each time related to the documentation of these exercises. The total cost of security exercises for all air carriers is estimated to be $0.77 million.

Internal review

As part of the proposed Regulations, air carriers would be required to undergo various forms of quality control and assurance on a recurring basis over the analytical time frame. Further, the quality assurance activities would need to be documented. The total cost associated with these internal review activities for all air carriers is estimated to be $0.84 million, further detailed below.

Air carriers would need to perform quality control (QC) activities to confirm that their systems are operating properly and that their security personnel are performing duties as planned. It is expected that there would be on average three QC-type activities per year, beginning in the year following initial compliance. These activities are assumed to involve an average of three days (22.5 hours) of effort for each air carrier, including any time taken to identify and implement corrective actions. The total cost of QC activities for all air carriers is estimated to be $0.47 million.

Air carriers would need to verify their effectiveness in identifying and addressing aviation security risks through the use of quality assurance (QA) activities. It is expected that there would be one QA-type activity per year, beginning in the year following initial compliance. These annual activities are assumed to involve an average of one week (37.5 hours) of effort for each air carrier, including any time taken to identify and implement corrective actions. The total cost of QA activities for all air carriers is estimated to be $0.26 million.

Air carriers would need to record each QA review by stating: the procedure(s) reviewed, the methodology used, the date and place it happened, who performed the review, and the findings of the review. This recording of information is expected to take an additional two days of effort for the air carriers. The total cost for all air carriers of this QA record keeping is estimated to be $0.11 million.

Government costs

TC would require effort from various employees over the analytical time frame associated with risk assessments, certification and authorization, application framework and processing, oversight, and audits. The total estimated cost to Government would be $4.27 million over the 12-year analytical time frame.

The total effort as a function of full-time employees (predominantly PM-04s, PM-05s, PM-06s, and TI-06s) required to implement the proposed Regulations is presented in Table 1. The salaries of the incremental full-time employees are presented in Table 2. More detailed information regarding the work that would be required in each resource area is presented in the text following.

Table 1: Expected government effort by resource area and analytical year

Resource area	Year 1	Year 2	Year 3	Years 4–7	Years 8+
Framework, guidance, and risk assessment	2.5	2.5	2.5	0	0
Application processing	1.498	3.995	5.99	0	0
Oversight	0	0	0	2.5	1.75
Audits	0	0	0	0.5	0.25
Total full-time equivalents	3.998	6.495	8.49	3	2

Table 2: Government salaries including overhead

Employee classification	Salary in 2024 dollars	Salary including 30% overhead
PM-04	$87,108	$113,240
PM-05	$104,044	$135,257
PM-06	$129,017	$167,722
TI-06	$118,477	$154,020
EX-02	$177,809	$231,152

Framework, guidance, and risk assessment

As displayed in Table 3, in years one to three following the final publication of the proposed Regulations in the Canada Gazette, Part II, the effort of one PM-04, one PM-05, and half the time of one PM-06 would be required to develop the administrative framework of the program, draft and provide guidance for both the inspectors and the air carriers, and to develop a risk assessment methodology. The total estimated cost to the Government of this effort, including a 30% overhead, would be $0.93 million.

Table 3: Government employees required for framework, guidance, and risk assessment

Employee classification	Year 1	Year 2	Year 3	Years 4+
PM-04	1	1	1	0
PM-05	1	1	1	0
PM-06	0.5	0.5	0.5	0

Application processing

TC would need to receive, review, consult, and ultimately approve security programs. It is expected that this would involve a varying level of effort starting in year one after the final publication of the proposed Regulations in the Canada Gazette, Part II, for any air carriers who voluntarily choose to submit early and ending once the coming-into-force date has passed. The job classifications and total full-time employees required by year are provided in Table 4. The total cost to Government related to application processing, including a 30% overhead, is estimated to be $1.33 million.

Table 4: Government employees required for application processing

Employee classification	Year 1	Year 2	Year 3	Years 4+
PM-04	0.875	2.3345	3.5	0
PM-05	0.3	0.8004	1.2	0
PM-06	0.0625	0.16675	0.25	0
TI-06	0.25	0.667	1	0
EX-02	0.01	0.02668	0.04	0

Oversight

In year four after the final publication of the proposed Regulations in the Canada Gazette, Part II, and in all years following, TC would need to provide oversight and enforcement functions associated with the security programs. It is expected that the effort required would decrease slightly over time. The percentage of these employees’ time that would be spent on application processing is shown in Table 5. The total cost to Government related to oversight, including a 30% overhead, is estimated to be $1.71 million.

Table 5: Government employees required for oversight

Employee classification	Years 1–3	Years 4–7	Years 8+
PM-04	0	0.45	0.3
PM-05	0	1	0.7
PM-06	0	0.2	0.15
TI-06	0	0.85	0.6

Ongoing support

Starting in the fourth year of the analytical time frame and in each of the subsequent years, TC would likely carry costs associated with ongoing support related to changes to security programs for existing air carriers and any new air carriers seeking to operate in Canada. As seen with the oversight function, it is expected that the effort required would decrease over time. The employees expected to work on these tasks are shown in Table 6. The total cost to Government related to ongoing support, including a 30% overhead, is estimated to be $0.29 million.

Table 6: Government employees required for ongoing support

Employee classification	Years 1–3	Years 4–7	Years 8+
PM-04	0	0.22	0.1
PM-05	0	0.085	0.05
PM-06	0	0.02	0.01
TI-06	0	0.17	0.085
EX-02	0	0.005	0.005

Benefits

The proposed Regulations would increase Canada’s compliance with ICAO standards and further secure the Canadian air transportation system by ensuring that certain categories of air carriers based in Canada that operate internationally meet a consistent standard of security across their operations. The benefits would include an additional layer of security to help mitigate or avoid future threats and the reputational and business-related benefits of aligning with international standards.

With the introduction of these requirements, in-scope air carriers would take steps to better protect Canada’s aviation sector from threats. The added security preparedness introduced by the proposed Regulations would help to reduce the level of security risk in the baseline scenario and, in turn, decrease the likelihood that a catastrophic event could occur in the future.

As there is a lack of historical incidents in Canada that would be considered in-scope of the proposed Regulations, the baseline risk level cannot be quantified and projected over the analytical time frame. Further, the potential effectiveness of the proposed Regulations in incrementally reducing that risk is uncertain. Such data would be needed to perform the calculations required to report monetized expected benefits.

Given the data scarcity issues, and the significant variability and uncertainty around the likelihood and potential consequences of an avoided incident in the future, the benefits have mostly been described qualitatively. The proposed Regulations nonetheless represent a clear step towards complying with ICAO standards that aim to make the air sector more secure. Given the potentially very high costs that would be avoided by preventing a single incident, TC believes that the qualitative benefits of the proposed Regulations, described in the following sections, would outweigh the costs.

Security and operational benefits

Due to an increasingly robust and integrated aviation security regime across the world, unmitigated security-related aviation incidents are rare. While this regime has been effective, potential assailants consistently look to develop new techniques and search for possible vulnerabilities in these systems, which requires TC and other regulators to keep pace to ensure that the protections in place remain effective at preventing incidents. ICAO has proven to be effective in developing SARPs, and it is important that, to protect the air sector, Member States adhere to ICAO SARPs wherever feasible.^{footnote 11} The proposed Regulations would package together both existing tools and new ones into a comprehensive security program for in-scope air carriers.

Due to this evolving dynamic, there remains a level of baseline security risk to the air transportation sector. Despite unmitigated security incidents having been rare, in some cases where they have been carried out as intended, the societal consequences have been immense. While paradigm-shifting events, such as Air India Flight 182,^{footnote 12} Pan Am Flight 103,^{footnote 13} and September 11, 2001,^{footnote 14} have resulted in many fatalities and billions of dollars in societal costs, there have also been numerous smaller incidents over this time. These smaller incidents, such as the discovery of a weapon or unauthorized access to a secured zone, often not resulting in human consequences, can still be costly to air carriers from an operational standpoint. It is expected that the proposed Regulations would ensure that in-scope air carriers are well prepared to react and to respond to these incidents.

Given the potential costs, avoiding future security-related incidents is critically important to TC, the Government of Canada, Canadians, and the global community. This package of security-related requirements would help ensure that Canada is in line with other nations and that air carriers are well protected against future threats.

Alignment with international standards

The proposed Regulations would enhance national aviation security, improving alignment of Canada’s NCASP with standards under ICAO Annex 17. Alignment with international standards is important to avoid the possibility of ICAO issuing a SSeC during Canada’s next ICAO security audit, which is expected to take place in 2026. A poor result during the audit could put Canada’s reputation at risk, undermine its leadership position, and diminish its influence on ICAO working groups responsible for establishing new standards.

Also, threat actors may look to take the “path of least resistance” through the system, which means that all States and air operators should pay close attention to threats to aviation, even when they might not view their business or their citizens to be the most at risk. This necessitates all States involved in the global aviation security system to work towards consistent compliance with the ICAO requirements. From a business and international relations standpoint, Canada cannot risk being perceived to be that “path of least resistance” in this broader security system. The proposed Regulations would increase the Canadian aviation security regime’s alignment with international standards for air operator security programs, which would directly improve Canada’s reputation and provide the assurance to businesses already operating or looking to operate in Canada that the country’s aviation sector is safe and secure.

Furthermore, Canada following ICAO standards would improve the reputation of Canadian air carriers and ease their ability to conduct operations in other foreign countries that also require air carriers to have a well-developed SPAC or AOSP.

Cost-benefit statement

• Number of years: 12 (2027–2038)
• Price year: 2024
• Present-value base year: 2027
• Discount rate: 7%

Table 7: Monetized costs (in millions)

Impacted stakeholder	Description of cost	2027	2029	2038	Total (present value)	Annualized value
Air carriers	General security program documentation	$0	$0.002	$0.001	$0.01	$0.002
	Initial obligations	$0	$0.03	$0	$0.03	$0.003
	Training	$0	$0.04	$0.005	$0.15	$0.02
	Risk assessments	$0	$0.27	$0.01	$0.51	$0.06
	Strategic security plans	$0	$0.27	$0.01	$0.51	$0.06
	Emergency plans and exercises	$0	$0.15	$0.07	$0.87	$0.10
	Internal review	$0	$0	$0.07	$0.84	$0.10
	Total cost to air carriers	$0	$0.75	$0.17	$2.91	$0.34
Government of Canada	Full-time employees administering SPAC	$0.52	$0.96	$0.13	$4.27	$0.5
All stakeholders	Total costs	$0.52	$1.71	$0.30	$7.18	$0.85

Qualitative impacts

• Enhanced security in Canada’s air sector
• Consistent level of emergency preparedness across in-scope internationally operating air carriers
• Reputational benefits of Canada increasing alignment with international standards

Distributional analysis

Increased costs would impact an air carrier’s operational expenses, which they often choose to pass on to passengers in the form of higher ticket prices to maintain profitability. Based on forecasted passenger and flight data, this potential cost passed on would range from $0.0007 to $1.91 per passenger, whereas for air carriers only transporting cargo, this cost would translate to $1.59 to $4.28 per flight, depending on the air carrier.

Sensitivity analysis

A sensitivity analysis was conducted to test uncertainties around key variables. The multi-variable sensitivity analysis examines how the estimated total cost would change if an assumption around one or both variables is changed. The following variables were analyzed for the two-variable sensitivity analysis: incremental time required for air carriers to comply and discount rates.

Incremental time for air carriers to comply

The costs that air carriers would bear to comply with the proposed Regulations were estimated using TC subject matter expert opinions and were then validated by industry. To account for the uncertainty around baseline compliance, the sensitivity analysis presents the costs should the time required to comply be 25% less, as well as 25% more. These results are shown below in Table 8.

Discount rates

The central analysis used a 7% discount rate as recommended by TBS. For the sensitivity analysis, alternative results using a no discount rate, a 3% discount rate, as well as a 10% discount rate have been presented in Table 8.

Table 8: Total cost with alternate air carrier effort levels and discount rates (in millions)

Scenarios	25% less	Central analysis	25% more
Undiscounted	$8.75	$9.82	$10.90
3%	$7.62	$8.52	$9.42
7% (central analysis)	$6.45	$7.18	$7.91
10%	$5.77	$6.40	$7.03

Small business lens

Analysis under the small business lens concluded that the proposed Regulations would not impact Canadian small businesses. None of the 16 impacted air carriers are considered small businesses.

One-for-one rule

The one-for-one rule applies since there is an incremental increase in administrative burden on business, and the proposed Regulations is considered burden “in” under the rule. No regulatory titles are repealed or introduced. In total, the proposed Regulations would result in an annualized administrative cost of $7,608, or an average of $476 per affected business.

As per the Red Tape Reduction Regulations, the assessment of administrative impacts was conducted for a period of 10 years commencing from registration of the proposed Regulations (expected in 2027). All values listed in this section are presented in 2012 dollars, discounted to the base year of 2012 at a discount rate of 7%. The individual administrative task costs presented below may not add up to the total due to rounding.

Using the data and assumptions presented above, it is estimated that

• the requirement under the “General security program documentation” section for air carriers to keep documentation is expected to result in an annualized total cost of $45;
• the requirement under the “General security program documentation” section for air carriers to make documentation available to the Minister is expected to result in an annualized total cost of $376;
• the requirement under the “Initial obligations” section for air carriers to provide the initial security program to the Minister is expected to result in an annualized total cost of $314;
• the requirement under the “Initial obligations” section for air carriers to provide the documented procedures listed in Part 8 of the CASR 2012 is expected to result in an annualized total cost of $588;
• the requirement under the “Training” section for air carriers to provide résumés and justifications for their security trainers to TC is expected to result in an annualized total cost of $240;
• the requirement under the “Risk assessments” section for air carriers to submit their initial risk assessments is expected to result in an annualized total cost of $882;
• the requirement under the “Risk assessments” section for air carriers related to their subsequent submissions of risk assessments is expected to result in an annualized total cost of $419;
• the requirement under the “Strategic security plans” section for air carriers to submit their initial security plan is expected to result in an annualized total cost of $882;
• the requirement under the “Strategic security plans” section for air carriers related to subsequent submissions of their security plan is expected to result in an annualized total cost of $419;
• the requirement under the “Emergency plans and exercises” section for air carriers to submit their initial emergency plans is expected to result in an annualized total cost of $147;
• the requirement under the “Emergency plans and exercises” section for air carriers to create emergency records is expected to result in an annualized total cost of $125; and
• the requirement under the “Internal review” section for air carriers to create review records is expected to result in an annualized total cost of $3,170.

Regulatory cooperation and alignment

ICAO standards focus primarily on international operations and allow greater flexibility for domestic operations, which should be included “to the extent practicable, based upon a security risk assessment.” Although standards 3.3.1 and 3.3.2 are intended to apply to all air carriers offering air transport services, the proposed Regulations do not extend Part 9 requirements of the CASR 2012 to air carriers operating exclusively within Canada or those operating aircraft below a certain weight class.

These proposed Regulations focus on air carriers operating international flights, ensuring that their operations align with ICAO standards as they relate to requirements for written security programs. In addition, the proposed Regulations would only apply to larger aircraft (i.e. aircraft that can transport 20 or more passengers and that have a maximum certified take-off weight of more than 8 618 kg), as it has been determined that operators of small aircraft and domestic-only flights have a lower security risk and because stakeholders advised that written security programs would be a significant regulatory burden for these air carriers due to limited resources and the high-cost relative to the size of their operations.

ICAO standards also require that instructors be certified to provide training to air carrier security personnel. Implementing a robust certification requirement would require development of an overarching aviation security certification framework for training and trainers. This requirement is considered outside of the scope of the proposed Regulations but could be considered in the future.

Overall, the proposed Regulations would increase Canada’s alignment with ICAO requirements for air carrier security programs and close an alignment gap for Canada dating back to 2017. As there are certain gaps in the proposed Regulations, TC acknowledges that Canada would need to file a difference with ICAO regarding the scope of the proposed Regulations. Should an audit result with a finding, Canada would provide ICAO with a corrective action plan to address the identified gap. TC remains committed to meeting international ICAO standards.

Effects on the environment

In accordance with the Cabinet Directive on Strategic Environmental and Economic Assessment (SEEA Directive), a preliminary scan concluded that a SEEA is not required.

Gender-based analysis plus

A gender-based analysis plus (GBA+) assessment was conducted to determine whether the proposed Regulations would have differential impacts based on identity factors such as gender, race, ethnicity, and sexuality. No GBA+ impacts were identified, as the proposed Regulations aim to implement a security program containing internationally aligned requirements specific to air carrier operations. Furthermore, while women are under-represented in the aviation industry, the proposed Regulations are not expected to create or contribute to any barriers to the participation of women in the industry.

The proposed Regulations would create requirements for the protection of aircraft, security checks and searches, protection of the flight crew compartment during flight, carriage of weapons, reconciliation and authorization of hold baggage for carriage, escorted passengers, and notification of passenger seating. While more detailed planning, reporting, and oversight requirements would be introduced for each of these items, none of the associated tasks and functions would be new and their implementation would not require new skills or abilities (physical or knowledge-based) to fulfill them. Certified air carriers are already required to demonstrate the ability to plan, report, and oversee operations. The security program is increasingly comprehensive and prescriptive in what needs to be done, but consultations confirmed that the general tasks are already being performed. For example, there is already communication between air carriers and pilots; however, moving forward, the security program would require specific information to be communicated regarding passengers being escorted and those with firearms. Therefore, the proposed Regulations would not create nor contribute to gender or race inequities that may exist in the aviation security sector.

There is a risk that more stringent regulatory requirements would increase the cost-of-service delivery for the air carrier, and that this cost would be transferred to the public. In this way, the regulatory proposal could make air travel less affordable for lower-income Canadians. However, TC is aligning with ICAO standards 3.3.1 and 3.3.2, which is already mandatory for most international air carriers regardless of Canada’s enforcement of its own regulatory obligations. Therefore, an incremental cost impact to Canadians would probably apply to the 16 air carriers who only fly domestically. Consultations confirmed, however, that the security requirements are not expected to deviate significantly from the risk and planning activities they already undertake, which should help mitigate any potential cost impact.

Implementation, compliance and enforcement, and service standards

Implementation

The proposed Regulations would come into force three years following publication in the Canada Gazette, Part II.

At the time of publication in the Canada Gazette, Part II, TC would provide guidance material and respond to questions from air carriers as they develop their security programs. This support would help ensure that, by the coming-into-force date, the air carriers have a security program approved by the Minister of Transport.

The coming-into-force period provides industry with regulatory certainty, while softening the regulatory burden associated with implementation.

Regular communication between TC and air carriers through existing working groups and industry associations would help ensure the successful implementation of new requirements. Sensitive components of the CASR 2012 such as security measures and guidance documents would be disseminated via the TCSCP. The TCSCP is a secure, access-controlled portal for sharing security-sensitive information with stakeholders who have a verified operational need-to-know.

Compliance and enforcement

The proposed Regulations would introduce new obligations for Canadian-owned and foreign air carriers operating larger aircraft in Canada (i.e. aircraft that can transport 20 or more passengers and that have a maximum certified take-off weight of more than 8 618 kg).

Existing air carriers operating an international air transport service would need to comply with the proposed requirements by the coming-into-force date at the end of the third year following the publication of the proposed Regulations in the Canada Gazette, Part II. In addition, by this date, any new air carrier operating larger aircraft and seeking to operate international flights in Canada would need to obtain the Minister of Transport’s approval of its security plan (demonstrating its ability to meet key program requirements) before operating any air transport services in Canada.

Once key elements of their respective security programs are approved, air carriers would be required to undertake an internal review of their security program on a regular basis to ensure it continues to comply with the aviation security provisions of the Aeronautics Act and its regulatory requirements, confirm security personnel are complying with the procedures, and assess the effectiveness of procedures to address aviation security risks. Corrective actions would need to be taken by air carriers to address any weaknesses found in their security program or operations, and air carriers would be required to advise the Minister of Transport of any changes to their procedures. This review would have to include a verification of at least one security-related procedure every year, and all procedures would need to be reviewed at least once every five years.

It should be noted that TC would also monitor compliance with the proposed Regulations through regular inspections.

Air carriers (corporations) that fail to comply with the requirements in the proposed Regulations could be subject to an administrative monetary penalty of up to $10,000 or $25,000, depending on the designated provision that has been contravened.

Should a notice of assessment of monetary penalty be issued, air carriers may request a review hearing with the Transportation Appeal Tribunal of Canada if they believe it was issued incorrectly.

Contact

Stacey Coburn
Executive Director
Transport Canada Civil Aviation
Place de Ville, Tower C, 13th Floor
330 Sparks Street
Ottawa, Ontario
K1A 0N5
Telephone (support centre): 1‑866‑375‑7342
TTY: 1‑888‑675‑6863
Email: stacey.coburn@tc.gc.ca

PROPOSED REGULATORY TEXT

Notice is given that the Governor in Council proposes to make the annexed Regulations Amending the Canadian Aviation Security Regulations, 2012 (Security Program for Air Carriers) under section 4.71^{footnote a} and paragraphs 7.6(1)(a)^{footnote b} and (b)^{footnote c} of the Aeronautics Act ^{footnote d}.

Interested persons may make representations concerning the proposed Regulations within 60 days after the date of publication of this notice. They are strongly encouraged to use the online commenting feature that is available on the Canada Gazette website but if they use email, mail or any other means, the representations should cite the Canada Gazette, Part I, and the date of publication of this notice, and be sent to Stacey Coburn, Executive Director, Program Development, Aviation Security, Department of Transport, Tower C, Place de Ville, 330 Sparks Street, 13th Floor, Ottawa, Ontario K1A 0N5 (tel.: 613‑218‑4649; email: stacey.coburn@tc.gc.ca).

Ottawa, April 16, 2026

Janna Rinaldi
Acting Assistant Clerk of the Privy Council

Regulations Amending the Canadian Aviation Security Regulations, 2012 (Security Program for Air Carriers)

Amendments

1 Paragraph 2(i) of the Canadian Aviation Security Regulations, 2012 ^{footnote 15} is replaced by the following:

• (i) Part 9 deals with air carriers;

2 The Regulations are amended by adding the following after section 525:

Goods Left on Board Aircraft

Requirement to remove goods

525.1 An air carrier must ensure that, after each flight, all goods left on board the aircraft by a passenger that has disembarked are removed.

3 Sections 528 and 529 of the Regulations are replaced by the following:

Transport of unloaded firearms

528 An air carrier must not knowingly allow a person to transport an unloaded firearm on board an aircraft unless the person has provided the air carrier with a signed declaration that the firearm is unloaded.

Storage of unloaded firearms

529 An air carrier that transports an unloaded firearm on board an aircraft must store the firearm such that it is not accessible during flight time.

4 Subsection 532(1) of the Regulations is replaced by the following:

Requirement to inform

532 (1) If a person is carrying or has access to a weapon on board an aircraft, as authorized by an air carrier under section 531, 533 or 533.1, the air carrier must, before the departure of the flight, inform the following persons that such a person is present and which seat that person occupies:

• (a) the pilot-in-command of the aircraft;
• (b) subject to subsection (2), the crew members assigned to the flight or the aircraft and any peace officer on board the aircraft; and
• (c) subject to subsection (2), all other persons carrying or having access to a weapon on board the aircraft, as authorized by the air carrier under section 533 or 533.1.

5 Paragraph 534(2)(a) of the Regulations is replaced by the following:

• (a) the air carrier has established and implemented procedures to ensure the safety of the aircraft and of the persons on board the aircraft when transporting a person in custody;
• (a.1) the organization responsible for the person in custody has provided the air carrier with a written confirmation that the organization has assessed the pertinent facts and determined whether the person in custody is a maximum, medium or minimum risk to the safety of the travelling public and the operations of the air carrier and aerodrome;

6 Section 538 of the Regulations is replaced by the following:

Notification

538 (1) An air carrier must ensure that the pilot-in-command is notified when a person in the custody of an escort officer is on board the aircraft and informed of the seat occupied by the person in custody.

Prohibition — seating of persons in custody

(2) The air carrier must not allow a person in custody on board an aircraft to be seated next to an exit.

7 Part 9 of the Regulations is replaced by the following:

PART 9
Security Program for Air Carriers

Overview

Part overview

617 This Part sets out the regulatory framework for promoting a comprehensive, coordinated and integrated approach to air carrier security. The processes required under this Part are intended to facilitate the establishment and implementation of effective security programs for air carriers that reflect the circumstances of each air carrier to whom this Part applies.

Interpretation

Definition of security personnel

618 In this Part, security personnel means individuals who are employed by an air carrier or by a contractor of an air carrier to prepare for, detect, prevent and respond to, as well as assist in the recovery from, acts or attempted acts of unlawful interference with any flight to or from an aerodrome located in Canada.

Processes and procedures

619 For greater certainty, any reference to a process in this Part includes the procedures, if any, that are necessary to implement that process.

Application

Application

620 This Part, other than section 621, applies in respect of an air carrier that operates an air transport service, as defined in subsection 101.01(1) of the Canadian Aviation Regulations, that meets the following conditions:

• (a) the service is operated under Subpart 1 or 5 of Part VII of the Canadian Aviation Regulations;
• (b) the service is operated to or from an aerodrome listed in Schedule 1, 2 or 3 of these Regulations or to or from any other place designated by the Minister under subsection 6(1.1) of the Canadian Air Transport Security Authority Act;
• (c) in the case where the service is operated for the purpose of transporting persons, the air carrier operates flights for which passengers are subject to screening; and
• (d) the service is operated between Canada and a foreign state.

Prohibition

621 (1) An air carrier must not operate an air transport service that meets the conditions set out in section 620 unless it has

• (a) demonstrated to the Minister, in writing, that it meets the requirements of paragraphs 622(2)(a), (c) and (k);
• (b) demonstrated to the Minister, in writing, that it has the ability to meet the requirements of paragraphs 622(2)(b) and (e); and
• (c) received approval from the Minister under subsections 634(3), 637(3) and 639(4).

Requirements

(2) For the purposes of paragraph (1)(b), the air carrier must submit

• (a) a document that sets out how it will communicate the information referred to in paragraph 622(2)(a) to the employee groups and contractor groups referred to in that paragraph; and
• (b) a training program that sets out how it will ensure that training is provided to its security personnel in accordance with this Part and a plan that sets out how it will ensure that the instructors who provide that training meet the requirements set out in subsection 633(1).

Exception

(3) Subsection (1) does not apply to an air carrier that, on the day on which this subsection comes into force, is operating an air transport service that meets the conditions set out in section 620.

Requirements for Security Program for Air Carriers

Requirement to establish and implement

622 (1) An air carrier must establish and implement a security program for air carriers.

Program requirements

(2) As part of its security program, the air carrier must

• (a) define and document the security-related roles and responsibilities assigned to each of the air carrier’s employee groups and contractor groups;
• (b) communicate the information referred to in paragraph (a) to the employees and contractors in those groups;
• (c) designate the persons referred to in subsection 624(1);
• (d) establish and document a training program that meets the training requirements of this Part and keep the documented information up-to-date;
• (e) ensure that training is provided to its security personnel in accordance with this Part;
• (f) conduct a security risk assessment in accordance with sections 634 to 636;
• (g) establish a strategic security plan in accordance with sections 637 and 638;
• (h) establish an emergency plan in accordance with sections 639 and 640;
• (i) carry out security exercises in accordance with section 642;
• (j) conduct internal audits of security-related procedures in accordance with section 643; and
• (k) establish and document procedures respecting the security-related requirements that it must meet under the Act and keep the documented information up-to-date.

Documentation

623 (1) An air carrier must keep

• (a) documentation related to its security risk assessment and any review of it for at least five years;
• (b) documentation related to its strategic security plan and any amendment to it for at least five years;
• (c) the training record that it creates for an employee or a contractor under subsection 632(1) for at least one year after the day on which that individual ceases to be employed by, or ceases to act on behalf of, the air carrier;
• (d) the record that it creates for an instructor under subsection 633(4) for at least two years after the day on which that instructor ceases to act in that capacity;
• (e) each record that it creates under subsection 643(5) for at least five years; and
• (f) any other document, including records, related to its security program for at least two years.

Ministerial access

(2) The air carrier must make the documentation available to the Minister on reasonable notice given by the Minister in a form and manner determined by the Minister.

Personnel and Training

Accountable Executives and Security Officials

Requirement

624 (1) An air carrier must have at least one accountable executive, one security official and one acting security official.

Contact information

(2) The air carrier must provide the Minister with

• (a) the name of each individual designated as accountable executive, security official or acting security official; and
• (b) contact information for each accountable executive and 24-hour contact information for each security official and each acting security official.

Accountable executive

625 (1) An accountable executive must ensure that the air carrier’s security program is implemented, including by

• (a) reviewing and approving all documentation made under paragraph 622(2)(a), (d) or (k);
• (b) reviewing and approving the security risk assessment and any amendments to the assessment;
• (c) reviewing and approving the strategic security plan and any amendments to the plan;
• (d) reviewing and approving the emergency plan and any amendments to the plan;
• (e) reviewing and approving the security exercises carried out in accordance with section 642;
• (f) reviewing internal audits conducted under section 643 and approving any findings referred to in paragraph 643(5)(g); and
• (g) ensuring that the air carrier’s security program can be financed and adequately staffed.

Security official

(2) A security official must support the accountable executive, including by

• (a) monitoring and managing the development, administration and functioning of the air carrier’s security program;
• (b) coordinating and overseeing the air carrier’s security controls and procedures; and
• (c) acting as the principal contact between the air carrier and the Minister with respect to security matters, including the air carrier’s security program.

Training

Security awareness training

626 (1) An air carrier must ensure that all its employees and contractors receive aviation security awareness training that promotes a culture of vigilance.

Training elements

(2) The training must include

• (a) a description of the main aviation security risks;
• (b) an overview of any potential threats and any other security concerns related to aviation and how to recognize them;
• (c) the actions to be taken with respect to potential threats and other security concerns related to aviation; and
• (d) any measures taken by the air carrier that are designed to enhance aviation security, including reporting of security incidents.

Initial training

627 (1) An air carrier must ensure that a member of its security personnel does not carry out a security-related role or responsibility unless the member has received initial training in relation to that role or responsibility.

Training elements — certain members

(2) If a member of the security personnel carries out a role or responsibility for which initial training is not required under a security measure, their initial training must include any of the topics set out below that are relevant to that role or responsibility:

• (a) the security controls and procedures at the location where the member carries out their duties;
• (b) systems and equipment at the location where the member carries out their duties;
• (c) an overview of threats to aviation security and acts or attempted acts of unlawful interference with civil aviation;
• (d) the recognition of goods that are listed or described in TP 14628 or that pose an immediate threat to aviation security; and
• (e) the actions to be taken by security personnel in response to a threat to aviation security or an act or attempted act of unlawful interference with civil aviation.

Exemption

(3) Security personnel who are employed by an air carrier or by a contractor of an air carrier on the day on which this subsection comes into force are exempted from initial training in relation to any topic for which they have already received training.

Exception

(4) Subsection (1) does not apply in respect of an employee of the air carrier who has been authorized to occupy a flight attendant station in accordance with paragraph 705.221(1)(c) of the Canadian Aviation Regulations.

Annual training

628 An air carrier must ensure that the members of its security personnel receive annual training related to their security-related roles or responsibilities.

Follow-up training

629 (1) An air carrier must ensure that members of its security personnel receive follow-up training when any of the following circumstances arise:

• (a) a change is made to international instruments respecting aviation security and the change is relevant to the roles and responsibilities of those members;
• (b) a change is made to the aviation security provisions of the Act, to regulatory requirements or to the aviation security provisions of the Criminal Code and the change is relevant to the roles and responsibilities of those members;
• (c) a change is made to the aviation security controls and procedures in place at the location where the members carry out their duties and the change is relevant to the roles and responsibilities of those members;
• (d) a new or modified action is to be taken by those members in response to a threat to aviation security or an act or attempted act of unlawful interference with civil aviation;
• (e) a significant risk or an emerging trend in aviation security is identified to the air carrier by the Minister or, in the case of a foreign air carrier, by the civil aviation authority of the relevant foreign state, and the risk or trend is relevant to the roles and responsibilities of those members.

Follow-up training — shortcoming

(2) The air carrier must ensure that a member of its security personnel receives follow-up training when the Minister or the air carrier identifies a shortcoming in the member’s performance in carrying out a security-related role or responsibility.

Training elements

(3) Follow-up training must include

• (a) a review of any initial-training element related to the circumstance that gave rise to the follow-up training; and
• (b) instruction and evaluation in relation to that circumstance.

On-the-job training

630 If training for a member of an air carrier’s security personnel includes on-the-job training, the air carrier must ensure that the on-the-job training is provided by a person who has received that same training or has significant experience working as a member of security personnel in the subject matter covered by the training and in the same work environment as where the member receiving the training carries out their duties.

Evaluation

631 An air carrier must evaluate the knowledge and skills of its employees or contractors after any training that they receive under sections 626 to 629.

Training records

632 (1) The air carrier must create a training record for each employee and contractor that includes

• (a) the individual’s name;
• (b) the individual’s position title and, in the case of a member of its security personnel, a description of the member’s security-related roles and responsibilities;
• (c) the following information in respect of each training that the individual has received:
  • (i) the type of training received, namely whether it was security awareness, initial, annual or follow-up training,
  • (ii) the dates on which the training was received,
  • (iii) the subject matter covered by the training, and
  • (iv) the name of the instructor;
• (d) in the case of a member of its security personnel, the results of the member’s most recent evaluation following initial or annual training; and
• (e) subject to subsection (2), the results of any evaluation following any security awareness or follow-up training that the individual received.

Retention period — results

(2) Despite paragraph 623(1)(c), the air carrier is not required to keep results referred to in paragraph (1)(e) for more than one year after the date of the applicable evaluation.

Requirements for instructor

633 (1) An air carrier must ensure that an instructor who provides any training referred to in subsection 627(1), section 628 or subsection 629(1) or (2)

• (a) is at least 18 years of age;
• (b) has a security clearance or has undergone a background check that indicates that they do not pose a risk to aviation security;
• (c) has specialized knowledge of aviation security operations;
• (d) has successfully completed instructor training on the subjects to be taught related to aviation security or has been an instructor on aviation security for at least two years as a member of an air carrier’s security personnel; and
• (e) has knowledge of current and emerging aviation security threats and trends and of regulatory requirements related to the roles and responsibilities of security personnel.

Exception

(2) Paragraph (1)(d) does not apply to an instructor who is providing training to security personnel who are carrying out a role or responsibility for which initial training is not required under a security measure.

Evaluation

(3) The air carrier must, every two years, evaluate the knowledge and skills of the instructor by subjecting them to theoretical and practical examinations.

Records — qualifications

(4) The air carrier must create a record for each instructor that includes

• (a) the instructor’s résumé;
• (b) any other documents necessary to demonstrate that the instructor meets the requirements set out in subsection (1); and
• (c) the results of the examinations conducted under subsection (3).

Security Risk Assessments

Security risk assessment requirements

634 (1) An air carrier must have a security risk assessment that identifies, assesses and prioritizes aviation security risks and that includes

• (a) a threat assessment that indicates the probability of an aviation security incident that would affect the air carrier’s assets or operations;
• (b) a vulnerability assessment that indicates the extent to which the assets and operations of the air carrier are susceptible to any incidents identified in the threat assessment; and
• (c) an impact assessment that, at a minimum, indicates the consequences of an aviation security incident or potential aviation security incident in terms of
  • (i) a decrease in public safety and security,
  • (ii) financial and economic loss, and
  • (iii) a loss of public confidence.

Submission for approval

(2) The air carrier must submit its security risk assessment to the Minister for approval.

Approval

(3) The Minister must approve a security risk assessment if

• (a) the assessment meets the requirements of subsection (1);
• (b) the assessment has been approved by the air carrier’s accountable executive;
• (c) the air carrier has considered all available and relevant information; and
• (d) the air carrier has not overlooked an aviation security risk that could affect its operations.

Obligation to amend

(4) If the Minister does not approve a security risk assessment, the air carrier must amend the assessment until the Minister is satisfied that the conditions set out in subsection (3) have been met.

Security risk assessment — review

635 (1) An air carrier must review and, if necessary, amend its security risk assessment if

• (a) there is an environmental or operational change that could affect the security of the air carrier’s assets or operations;
• (b) there is a change in regulatory requirements that could affect the air carrier’s security program; or
• (c) the Minister informs the air carrier that there is a change in the threat environment that could result in a new or unaddressed medium to high risk.

Mandatory amendments

(2) The air carrier must amend its security risk assessment if the air carrier identifies a vulnerability that is not addressed in the assessment or the Minister identifies such a vulnerability to the air carrier.

Annual review

(3) At least once a year, the air carrier must

• (a) review its security risk assessment to assess whether the conditions set out in subsection 634(3) are met; and
• (b) amend its security risk assessment to address any deficiencies identified during the review.

Documentation

(4) When the air carrier conducts a review of its security risk assessment, the air carrier must document

• (a) for a review under subsection (1),
  • (i) any decision to amend or not to amend the assessment,
  • (ii) the reason for that decision, and
  • (iii) the factors that were taken into consideration in making that decision; and
• (b) for a review under subsection (3), any deficiencies identified.

Submission of amended assessment

(5) If the air carrier amends its security risk assessment, the air carrier must, within one month after the amendment, submit the amended assessment to the Minister for approval.

Approval

(6) The Minister must approve an amended security risk assessment if the conditions set out in subsection 634(3) have been met.

Obligation to amend

(7) If the Minister does not approve an amended security risk assessment, the air carrier must amend the assessment until the Minister is satisfied that the conditions set out in subsection 634(3) have been met.

Submission — five years

636 If an air carrier does not submit an amended security risk assessment within five years after the date of the most recent approval, the air carrier must submit a security risk assessment under subsection 634(2).

Strategic Security Plans

Strategic security plan requirements

637 (1) An air carrier must establish a strategic security plan that

• (a) summarizes the air carrier’s strategy to prepare for, detect, prevent, respond to and recover from acts or attempted acts of unlawful interference with civil aviation; and
• (b) includes a risk-management strategy that addresses the medium to high aviation security risks identified and prioritized in the air carrier’s security risk assessment.

Submission for approval

(2) The air carrier must submit its strategic security plan to the Minister for approval.

Approval

(3) The Minister must approve a strategic security plan if

• (a) the plan meets the requirements of subsection (1);
• (b) the plan has been approved by the air carrier’s accountable executive;
• (c) the plan is likely to enable the air carrier to prepare for, detect, prevent, respond to and recover from acts or attempted acts of unlawful interference with civil aviation;
• (d) the risk-management strategy is in proportion to the risks it addresses;
• (e) the air carrier has not overlooked an aviation security risk that could affect its operations; and
• (f) the plan can be implemented without compromising aviation security.

Obligation to amend

(4) If the Minister does not approve a strategic security plan, the air carrier must amend the plan until the Minister is satisfied that the conditions set out in subsection (3) have been met.

Requirement to implement

(5) The air carrier must, as soon as its strategic security plan is approved, implement its risk-management strategy.

Strategic security plan — amendments

638 (1) An air carrier may amend its strategic security plan at any time, but must do so if

• (a) the plan does not reflect the air carrier’s most recent security risk assessment;
• (b) the Minister informs the air carrier that there is a change in the threat environment that could result in a new or unaddressed medium to high risk;
• (c) the Minister informs the air carrier that its risk-management strategy is not in proportion to a medium to high risk identified in the air carrier’s security risk assessment;
• (d) the air carrier identifies a deficiency in the plan; or
• (e) a change is made to the aviation security provisions of the Act or to regulatory requirements.

Annual review

(2) At least once a year, the air carrier must review its strategic security plan to assess whether the conditions set out in subsection 637(3) are met.

Documentation

(3) If the air carrier amends its strategic security plan, the air carrier must document

• (a) the reason for the amendment; and
• (b) the factors that were taken into consideration in making that amendment.

Submission of amendment

(4) If the air carrier amends its strategic security plan, the air carrier must, within one month after the amendment, submit the amendment to the Minister for approval.

Approval

(5) The Minister must approve an amendment if

• (a) in the case of an amendment to the summary required under paragraph 637(1)(a), the conditions set out in paragraphs 637(3)(a) to (c) have been met; and
• (b) in the case of an amendment to the risk-management strategy required under paragraph 637(1)(b), the conditions set out in subsection 637(3) have been met.

Obligation to amend

(6) If the Minister does not approve an amendment, the air carrier must amend the amendment until the Minister is satisfied that the applicable conditions set out in subsection 637(3) have been met.

Requirement to implement

(7) If the air carrier amends its risk-management strategy, the air carrier must implement the amended version of the strategy once it is approved by the Minister.

Emergency Plans

Emergency plan requirements

639 (1) An air carrier must establish an emergency plan that sets out the response procedures to be followed to prepare for and respond to, in a coordinated manner, each of the following emergencies:

• (a) bomb threats;
• (b) hijackings of aircraft;
• (c) other acts of unlawful interference with civil aviation.

Response procedures

(2) The response procedures must

• (a) set out in detail the actions to be taken by the employees and contractors of the air carrier and identify the responsibilities of all other persons or organizations involved;
• (b) include detailed procedures for the evacuation of aircraft;
• (c) include detailed procedures for the search of the interior and exterior of aircraft;
• (d) include detailed procedures for the handling and disposal of a suspected bomb;
• (e) include detailed procedures for the detention on the ground of any aircraft involved in a bomb threat or hijacking; and
• (f) include detailed procedures for the operation of any aircraft in flight involved in a bomb threat or hijacking.

Submission for approval

(3) The air carrier must submit its emergency plan to the Minister for approval.

Approval

(4) The Minister must approve an emergency plan if the plan

• (a) meets the requirements of subsections (1) and (2);
• (b) has been approved by the air carrier’s accountable executive; and
• (c) is likely to enable the air carrier to prepare for and respond to each of the emergencies referred to in subsection (1).

Obligation to amend

(5) If the Minister does not approve an emergency plan, the air carrier must amend the plan until the Minister is satisfied that the conditions set out in subsection (4) have been met.

Emergency plan — amendments

640 (1) An air carrier may amend its emergency plan at any time, but must do so if

• (a) the Minister informs the air carrier that there is a change in the threat environment that could result in a new or unaddressed medium to high risk; or
• (b) the air carrier identifies a deficiency in the plan.

Annual review

(2) At least once a year, the air carrier must review its emergency plan to assess whether the conditions set out in subsection 639(4) are met.

Submission of amendment

(3) If the air carrier amends its emergency plan, the air carrier must, within one month after the amendment, submit the amendment to the Minister for approval.

Approval

(4) The Minister must approve an amendment if the conditions set out in subsection 639(4) have been met.

Obligation to amend

(5) If the Minister does not approve an amendment, the air carrier must amend the amendment until the Minister is satisfied that the conditions set out in subsection 639(4) have been met.

Records — emergencies

641 Each time an emergency referred to in subsection 639(1) occurs, the air carrier must create a record that includes

• (a) a description of the emergency;
• (b) an evaluation of the effectiveness of the air carrier’s emergency plan; and
• (c) a description of any actions that are planned to address deficiencies identified during the emergency.

Security Exercises

Discussion-based security exercise

642 (1) An air carrier must, at least once a year, carry out a discussion-based security exercise that tests the effectiveness of the air carrier’s emergency plan in response to an act of unlawful interference with civil aviation and that involves the persons and organizations referred to in the plan.

Exception — operations-based exercise

(2) Despite subsection (1), the air carrier is not required to carry out a discussion-based security exercise in any year in which it participates in an operations-based security exercise carried out by the operator of an aerodrome under an airport security program.

Exception — response procedures

(3) Despite subsection (1), the air carrier is not required to carry out a discussion-based security exercise in any year in which an emergency referred to in subsection 639(1) occurs if the air carrier follows the applicable response procedure.

Records — exercises

(4) Each time a discussion-based security exercise is carried out, the air carrier must create a record that includes

• (a) an outline of the exercise scenario;
• (b) an evaluation of the effectiveness of the exercise; and
• (c) a description of any actions that are planned to address deficiencies identified during the exercise.

Internal Audits

Internal audits of procedures

643 (1) An air carrier must, every year, conduct an internal audit of at least one of its security-related procedures, which is to be selected by taking into account the aviation security risks that the air carrier has prioritized.

Audit — five years

(2) Every procedure must be audited at least once every five years.

Elements of an internal audit

(3) When an air carrier conducts an internal audit of a procedure it must

• (a) assess the extent to which the procedure is effective in identifying and addressing aviation security risks that the air carrier faces;
• (b) verify the extent to which its security personnel are complying with that procedure;
• (c) identify deficiencies and determine their root causes and contributing factors; and
• (d) identify areas for improvement.

Corrective action

(4) An air carrier must take corrective action as soon as feasible to address any deficiency identified during an internal audit.

Records

(5) Each time an air carrier conducts an internal audit, it must create a record that includes

• (a) the procedure that was audited;
• (b) the methodology that was used to conduct the audit;
• (c) the employee groups and contractor groups that were audited;
• (d) the dates on which the audit was conducted;
• (e) the location where the audit was conducted;
• (f) the name of the individual who performed the audit; and
• (g) the findings resulting from the audit, including a description of any corrective actions.

8 The reference “[627 to 667 reserved]” after the heading of Part 10 of the Regulations is replaced by the following:

[644 to 667 reserved]

9 Schedule 1 to the Regulations is amended by replacing the references after the heading “SCHEDULE 1” with the following:

(Paragraph 2(d), sections 6, 82, 83, 117, 273, 428, 505, 506 and 508, subsection 516(1), paragraph 620(b) and section 778)

10 Schedule 2 to the Regulations is amended by replacing the references after the heading “SCHEDULE 2” with the following:

(Paragraph 2(e), paragraph 15(b) of the table to subsection 78(2), sections 246, 247 and 273, paragraph 351(1)(a), subsection 351(2), paragraphs 352(1)(a), (2)(a) and 3(a), sections 428, 505, 506 and 508, subsection 516(1), paragraph 620(b) and section 778)

11 Schedule 3 to the Regulations is amended by replacing the references after the heading “SCHEDULE 3” with the following:

(Paragraph 2(f), paragraph 15(b) of the table to subsection 78(2), sections 401, 402 and 428, paragraph 459(1)(a), subsection 459(2), paragraphs 460(1)(a) and (2)(a), sections 505, 506 and 508, subsection 516(1), paragraph 620(b) and section 778)

12 Schedule 4 to the Regulations is amended by adding the following after the reference “PART 8 — AIRCRAFT SECURITY”:

Column 1 Designated Provision	Column 2 Maximum Amount Payable ($) Individual	Column 3 Maximum Amount Payable ($) Corporation
Section 525.1		25,000
Section 528		25,000
Section 529		25,000
Paragraph 532(1)(a)		25,000
Paragraph 532(1)(b)		25,000
Paragraph 532(1)(c)		25,000
Paragraph 534(2)(a)		25,000
Subsection 538(1)		25,000
Subsection 538(2)		25,000

13 Schedule 4 to the Regulations is amended by adding the following after the reference “Section 545”:

Column 1 Designated Provision	Column 2 Maximum Amount Payable ($) Individual	Column 3 Maximum Amount Payable ($) Corporation
PART 9 — SECURITY PROGRAM FOR AIR CARRIERS
Subsection 621(1)		25,000
Subsection 622(1)		25,000
Paragraph 622(2)(a)		25,000
Paragraph 622(2)(b)		25,000
Paragraph 622(2)(d)		25,000
Paragraph 622(2)(k)		25,000
Paragraph 623(1)(a)		10,000
Paragraph 623(1)(b)		10,000
Paragraph 623(1)(c)		10,000
Paragraph 623(1)(d)		10,000
Paragraph 623(1)(e)		10,000
Paragraph 623(1)(f)		10,000
Subsection 623(2)		25,000
Subsection 624(1)		25,000
Subsection 624(2)		25,000
Subsection 625(1)	5,000
Subsection 626(1)		25,000
Subsection 627(1)		25,000
Section 628		25,000
Subsection 629(1)		25,000
Subsection 629(2)		25,000
Section 630		25,000
Section 631		25,000
Subsection 632(1)		10,000
Subsection 633(1)		25,000
Subsection 633(3)		25,000
Subsection 633(4)		10,000
Subsection 634(1)		25,000
Subsection 634(2)		25,000
Subsection 634(4)		25,000
Subsection 635(1)		25,000
Subsection 635(2)		25,000
Subsection 635(3)		25,000
Subsection 635(4)		10,000
Subsection 635(5)		25,000
Subsection 635(7)		25,000
Section 636		25,000
Subsection 637(1)		25,000
Subsection 637(2)		25,000
Subsection 637(4)		25,000
Subsection 637(5)		25,000
Subsection 638(1)		25,000
Subsection 638(2)		25,000
Subsection 638(3)		10,000
Subsection 638(4)		25,000
Subsection 638(6)		25,000
Subsection 638(7)		25,000
Subsection 639(1)		25,000
Subsection 639(3)		25,000
Subsection 639(5)		25,000
Subsection 640(1)		25,000
Subsection 640(2)		25,000
Subsection 640(3)		25,000
Subsection 640(5)		25,000
Section 641		10,000
Subsection 642(1)		25,000
Subsection 642(4)		10,000
Subsection 643(1)		25,000
Subsection 643(2)		25,000
Subsection 643(3)		25,000
Subsection 643(4)		25,000
Subsection 643(5)		10,000

Coming into Force

14 These Regulations come into force on the third anniversary of the day on which they are published in the Canada Gazette, Part II.

Terms of use and Privacy notice

Terms of use

It is your responsibility to ensure that the comments you provide do not:

• contain personal information
• contain protected or classified information of the Government of Canada
• express or incite discrimination on the basis of race, sex, religion, sexual orientation or against any other group protected under the Canadian Human Rights Act or the Canadian Charter of Rights and Freedoms
• contain hateful, defamatory, or obscene language
• contain threatening, violent, intimidating or harassing language
• contain language contrary to any federal, provincial or territorial laws of Canada
• constitute impersonation, advertising or spam
• encourage or incite any criminal activity
• contain external links
• contain a language other than English or French
• otherwise violate this notice

The federal institution managing the proposed regulatory change retains the right to review and remove personal information, hate speech, or other information deemed inappropriate for public posting as listed above.

Confidential Business Information should only be posted in the specific Confidential Business Information text box. In general, Confidential Business Information includes information that (i) is not publicly available, (ii) is treated in a confidential manner by the person to whose business the information relates, and (iii) has actual or potential economic value to the person or their competitors because it is not publicly available and whose disclosure would result in financial loss to the person or a material gain to their competitors. Comments that you provide in the Confidential Business Information section that satisfy this description will not be made publicly available. The federal institution managing the proposed regulatory change retains the right to post the comment publicly if it is not deemed to be Confidential Business Information.

Your comments will be posted on the Canada Gazette website for public review. However, you have the right to submit your comments anonymously. If you choose to remain anonymous, your comments will be made public and attributed to an anonymous individual. No other information about you will be made publicly available.

Comments will remain posted on the Canada Gazette website for at least 10 years.

Please note that communication by email is not secure, if the attachment you wish to send contains sensitive information, please contact the departmental email to discuss ways in which you can transmit sensitive information.

Privacy notice

The information you provide is collected under the authority of the Financial Administration Act, the Department of Public Works and Government Services Act, the Canada–United States–Mexico Agreement Implementation Act,and applicable regulators’ enabling statutes for the purpose of collecting comments related to the proposed regulatory changes. Your comments and documents are collected for the purpose of increasing transparency in the regulatory process and making Government more accessible to Canadians.

Personal information submitted is collected, used, disclosed, retained, and protected from unauthorized persons and/or agencies pursuant to the provisions of the Privacy Act and the Privacy Regulations. Individual names that are submitted will not be posted online but will be kept for contact if needed. The names of organizations that submit comments will be posted online.

Submitted information, including personal information, will be accessible to Public Services and Procurement Canada, who is responsible for the Canada Gazette webpage, and the federal institution managing the proposed regulatory change.

You have the right of access to and correction of your personal information. To seek access or correction of your personal information, contact the Access to Information and Privacy (ATIP) Office of the federal institution managing the proposed regulatory change.

You have the right to file a complaint to the Privacy Commission of Canada regarding any federal institution’s handling of your personal information.

The personal information provided is included in Personal Information Bank PSU 938 Outreach Activities. Individuals requesting access to their personal information under the Privacy Act should submit their request to the appropriate regulator with sufficient information for that federal institution to retrieve their personal information. For individuals who choose to submit comments anonymously, requests for their information may not be reasonably retrievable by the government institution.