6. State of harmonisation and mutual recognition
6.3. The situation in different security sectors
6.3.1. CBRNE
An important milestone towards harmonized solutions for conformity assessment in the field of CBRNE (chemical, biological, radiation, nulear and explosives) detection was the imple-mentation of the European project CREATIF. Based on the results of this project, Myers et al.278 identified a need for three types of testing: laboratory, human factors, and operational testing. With regards to testing concepts, scenario based testing was regarded as the most effective form of testing.
The authors stress the opportunities of round robin exercises as a tool to compare test results from different laboratories and provide a means of quality assurance for testing. In addition, specifics in the fields of chemical, biological, radiation and nuclear detection as well as ex-plosives detection were explored.279
In the field of chemical (“C”) detection, a wide choice in equipment requirements and test-ing guidelines to be decided upon exists and may lead to conflicts of interest among Member States due to political, tactical, security and other issues.
Concerning further steps, it is regarded as useful to focus on a series of small steps towards a slow but continued progress.280 The results of the project suggest that a roadmap should take several agreed-upon conclusions and recommendations into account. These conclusions in-clude, for example, the following activities:
Developing and agreeing upon the requirements for chemical detectors and the pa-rameters for testing;
Defining or improving standards for testing of detection systems based on require-ments;
Discussing best practises of testing;
278 See Myers et al., op. cit., 2011, p. 2f.
279 See Myers et al., op. cit., 2011, p. 8.
280By Myers et al., op. cit., 2011
Focusing on agreement upon the range and selection of chemical agents and inter-ferents for testing;
Using inter laboratory comparison of testing to harmonise and develop common or mutually agreed-upon protocols; and
Promoting international testing cooperation on regular basis to appoint and certify a group of test centers.
In the field of biological (“B”) detection obtaining certificates for B281 detectors requires the development of standards in advance. The standardisation can be divided into three compo-nents; standardised test conditions, test and evaluation methods, and operational testing.282 Performance metrics to determine are alarm limits, specificity (false alarm rates), response times and operability in different environmental conditions (weather, location, interferents) are regarded as necessary.
Regarding radiation and nuclear (“RN”) detection, the topic of standardisation covers many sub-topics (usability and operational aspects, quality assurance, comparability of test-ing results; definition of minimum requirements of instruments dependent on intended use;
defining relevant scenarios for testing, etc.). The CREATIF consortium regarded it as impos-sible to find global solutions regarding testing. Therefore CREATIF suggests focusing on testing the laboratories. Testing experts agreed that it is desirable to complete round-robin exercises (such as by testing new technologies before testing different brands of the same device, etc.). For such exercises, available standards should be used. The definition of inter-comparison exercises for testing facilities should follow a layered approach. There should be a core list of minimum testing parameters to be covered283.
With regards to explosives (“E”) detection, the necessity of further work in the direction of testing standards development was identified. In addition, a need for inter-comparison exer-cises has been expressed from both end-users and manufacturers in the CREATIF network.284 As described earlier, CEN/TC 391 had included the topic CBRNE in its scope and created a foundation for further activities in that field.
In addition, a concept for a future CBRNE certification association was developed. Accord-ing to this concept, this association is controlled by a General Assembly consistAccord-ing of manu-facturers, certifiers and other stakeholders who discuss common strategic issues concerning European certification on CBRNE on the global market. For several reasons, the joint testing facility concept has not been accepted by the stakeholder community.285
In summary, according to a main representative of a participating institution, CREATIF led to the following conclusions:
281biological
282See Myers et al., op. cit., 2011, p. 11.
283See Myers et al., op. cit., 2011, p. 13f.
284See Myers et al., op. cit., 2011, p. 15.
285It was decided not to include details in the specific document.
Harmonizing test approaches is currently very difficult because each institution wants to use its own know-how and concepts.
On the other hand, major test centers have already testing and test protocols which provide a good basis for common testings.
At first, the test protocols must be harmonized.
The key problem is the mutual recognition of the tests. (Harmonization in the RN de-tection field is regarded as very easy but solutions in the C and B field appear to be very difficult, because environmental factors must be considered.)
Recognition of hardware tests which evaluate the functionality of the system is re-garded as simple, too but recognition of the practical tests is more difficult because tests and test parameters must be agreed on based on scenarios.
To illustrated further suggestions, they used luggage check as an example, consisting of two tests: a laboratory test (test 1) and a scenario-based test (test 2):
Test 1 answers questions like: Does X-ray work? yes / no? This may be defined with the help of a step wedge or grating (technical aspect)
Test 2 is based on a set of special suitcases which is nesessary to determine the false alarm rate and the probably of the detection of explosives.
Both critical values of test 2 were, for example, determined by a national aviation security authority based on a suitcase set whose functional scenario-based aspects are only known by a few test laboratory staff members (higher secrecy). Security personnel then selected the equipment.
According to the expert, one approach to meet the specific needs in the aviation field, can for example, consists of two elements:
1.) Use of pre-tests to get a CBRNE label for a device which can be harmonized
2.) Use of the label as a prerequisite for scenario tests carried out by national security authori-ties (police, border security), governmental institutions or together with semi-public organisa-tions.
The suggestions will be analysed in more detail in following steps of this project. As de-scribed earlier, a recent accomplishment in the field of CBRN was the development of CEN/TS 16595:2013 CBRN - Vulnerability Assessment and Protection of People at Risk by CEN/TC 391.
6.3.2. AIRPORT SCREENING EQUIPMENT
According to Chapter 3.3.3, aviation security is shaped by detailed EU regulation. For several product areas, EU rules have already defined essential performance requirements but harmo-nised standards and harmoharmo-nised conformity assessment, with mutual recognition, are missing and the deployment of equipment has to follow various national procedures in the Member States. In a number of cases, the national procedure relies on the results of a non-binding,
common evaluation process.286 A key foundation for the European engagement in this area was an action plan that was part of the EU 2020 initiative ‘An Integrated Industrial Policy for the Globalisation Era Putting Competitiveness and Sustainability at Centre Stage,’ published in 2012.287 One year later, the Commission communicated the goal to establish an EU-wide harmonised certification system for airport screening (detection) equipment and to achieve mutual recognition of certification systems.288 According to Figure 39, 3 options were de-fined for realizing these goals:
1. "Baseline scenario", where the Commission would not launch any dedicated policy initiative to harmonise the certification procedures.
2. Recommendation to Member States to mutually accept their national certification sys-tems and/or to rely on the common evaluation process of the European Civil Aviation Con-ference. The aim of this recommendation would be to enable a producer of airport screen-ing equipment to certify his product only once in a sscreen-ingle Member State in order to sell it in all Member States.
3. "Legislation" - The Commission would propose a regulation which would be elaborated jointly with regulators, industry representatives and certifiers alike. The aim of this regula-tion would be the same as for the recommendaregula-tion but implemented through a binding leg-islation, which would ensure that the producer can sell his product in all Member States once it was certified in a single Member State. Three different variations of this regulation would be analysed:
3.1. The "Old Approach", characterized by a set of detailed specifications which are laid out in the directive itself. This ap-proach targets specific technologies and not gen-eral areas. The certification would be from a third-party.289
3.2. The "New Approach"
focuses on essential require-ments written in general terms. Product legislation is restricted to the requirements necessary to protect the pub-lic goals of health and safety.
The technical specifications Ap-proach", whereby the certifi-cation would be done cen-trally by an EU agency, such as the European Aviation Safety Agency, which al-ready today certifies central-ly for the whole of the EU commercial aircrafts.
Source: Own figure based on European Commission (2012)
Figure 39: Options for an EU wide harmonized certification system for airport screening equipment
According to DG ENTR’s Option 1 and, to a large extent also Option 2, would not lead to any benefits. Option 2 could even cause negative side-effects. On the other hand, in-depth-analyses showed that Options 3.1, 3.2, 3.3 will lead to a drastic simplification of procedures
286This process was established by the European Civil Aviation Conference. Chapter 6.4.5 will describe its acomplishments but also remaining needs for action.
287See European Commission, op. cit., 2012 288See DG ENTR, op. cit., 2013, p.1.
289 Conformity assessment can be performed through three alternate channels. The assessments can be performed by the suppliers themselves (first-party assessment including self-certification), by the purchasers (second-party assessment), or by independent organizations (third-party assessment), see Guasch, op cit., 2007, p. 63.
and a reduction of administrative burden, as companies will have to certify their products once, instead of up to 28 times depeding on the number of Member States in which they sell their products (as it is currently the case). The transposition of the options should not lead to difficulties in the Member States. However, according to the report, option 3.3. may be strongly resisted by Member States.
CRISP identified a fourth approach, motivated by the industry’s lack of support for CRE-ATIF’s CBRNE-related centralized approach as explained in Chapter 6.3.1. It is regarded as possible that the certification task will not be entrusted to a single entity but to several organ-izations which use the same guidelines and follow the same procedures.
6.3.3. AIR CARGO
The EU Regulation 185/2010 which became valid on 28 April 2013 created a requirement for approval procedures to be created for freight shippers. In 2008 the Regulation (EC) No 300/2008 already laid down the legal framework for air cargo shippers, defined the responsi-bilities of the Member States and called for the establishment of EU-wide standards.290
Furthermore, Regulation (EC) No 300/2008 requires that each Member State develops and advances a “national security program for civil aviation” which regulates air cargo security (Articles 10 and 4). In addition, EU Regulation 185/2010 sets out the obligations of the actors in the secure supply chain for air freight and has led to a need for testing and the approval of freight shippers291. According to Teichler et al.,292 the market for conformity assessment might reach a volume of € 12 million in the future.
6.3.4. ALARM SYSTEMS
6.3.4.1. ALARM SYSTEMS IN GENERAL
In the field of fire alarm systems, some European standards are already available. Multina-tional certificates exist but the authorities of the Member States have no obligation to accept them.293 DG ENTR294 identified three basic policy options to offer solutions. Based on in-depth analyses, the third one (“Legislation”, which consists of two variations) is regarded as beneficial. DG ENTR295 describes this option as follows: “The Commission would propose a regulation which would be elaborated jointly with regulators, industry representatives and certifiers alike. (It would be implemented through a binding legislation), which would ensure that the producer can sell his product in all Member States once it was certified in a single Member State.”
290See Teichler et al., op. cit., 2013, p. 141.
291In Germany for example, all companies that are active in the air freight field need to pass evaluation and registration procedures by the LBA (Luftfahrtbundesamt) to get a registration as a ‘known consignor‘, see chapter 5.
292 See Teichler et al., op. cit., 2013.
293 The certificates are offered by the industry-led certification mechanism CertAlarm. European Commission, op. cit., 2012, p. 37. Chapter 6.4.6 will describe its acomplishments but also remaining needs for action.
294See DG ENTR, op. cit., 2013.
295 See DG ENTR, op. cit., 2013.
The first variation is based on the ‘Old Approach’ which is characterized by a set of detailed specifications. It targets specific technologies while general areas are not considered. The certification would be based on a third party certification.
The second variation is based on the ‘New Approach’ (Council Resolution 85/C 136/01), which focuses on essential health and safety-related requirements written in general terms.
The technical specifications would be created by CEN/CENELEC or ETSI. The certification would be based either on a third party certification or on a self-certification.
Additional activities to analyse the two variations in more detail were announced by the EU.
6.3.4.2. FIRE ALARM SYSTEMS
For a long time the technical requirements for fire alarm systems have been determined by standards at the national level and for about ten years at the European level. In addition to standardisation institutes, private players have defined quality and safety standards that go partly beyond the legal requirements.296
Besides the accomplishments, remaining issues require further problem-solving activities.
The use, installation and maintenance of these solutions in more complex security systems have been not considered by European standards. This lack of understanding inhibits the functioning of the European market in that field. In addition, labeling with the relevant mark of strong national conformity assessment bodies is a necessary prerequisite for the use of a product in many Member States. Nevertheless, a few multinational collaborations exist. VdS provides examples. In Europe, agreements for the mutual recognition of test results exist be-tween VdS and several other certification and inspection bodies, see Figure 40.297
Test / Certification body Country Product range
LPCB United
Kingdom
Fire protection and security (e.g. detector, con-trol and indicating equipment, power supply) AFNOR, CNPP France Fire protection and security (e.g. fire detector,
control and indicating equipment, security con-tainer)
DIFT, Delta Denmark Fire protection (e.g. fire detector, control and indicating equipment)
SBSC, SSF Sweden Security (e.g. security container) ICIM, Istituto Giordano
SpA
Italy Security (e.g. security container)
296See Teichler et al., op. cit., 2013, p. 140.
297See VdS, “International Certification Partners”, 2011.
(figure continues)
National certification cen-ter of the Emergency Min-istry of Ukraine
Ukraine Fire protection (e.g. components for fire detec-tion and fire alarm systems, extinguishing tems, smoke and heat exhaust ventilation sys-tems)
TZUS Praha, s.p. Czech
Republic
Fire protection (e.g. components for fire detec-tion and fire alarm systems, extinguishing tems, smoke and heat exhaust ventilation sys-tems)
Source: Own figure based on information taken from the website of VdS Figure 40: European collaborations of VdS
In addition, VdS collaborates closely with two partners in the U.S. which are shown in the following figure.
Test / Certification body Country Product range
U.S. Coast Guard (USCG) U.S. Fire protection (e.g. components for fire protec-tion systems)
FM Approvals U.S. Fire protection (e.g. fire detector, control and indicating equipment, power supply equipment) Source: Own figure based on information taken from the website of VdS
Figure 41: Collaborations of VdS with the U.S.
VdS defined the clear goals of “One-Stop-Testing” and “Multiple Certification”.
6.3.5. SECURITY SERVICES
According to Chapter 4, CEN/TC 384 has developed a standard for aviation security services, and a standard for marine port security services is under development by CEN/TC 417. In addition, Chapter 4.3.2 shows that a basic European standard for security services related to technical systems is currently being developed at CEN/CLC/TC 4. This standard is planned to be used as a foundation for application standards for different security areas as well as a foundation future certification processes.
At the moment, little collaboration regarding the certification of security services exist in Europe. A significant barrier is that the certification processes build on specific national standards. Therefore the certificates are not comparable.
6.3.6. NEED FOR ACTION
As mentioned earlier, the interrelation between standards and certification is an important aspect. According to an interviewee interviewed for this document there are barriers. To overcome them, his certification organization:
Uses guidelines for areas in which no standards exist;
Offers specific solutions/procedures to certify innovative technologies for which standards do not exist yet; and
Uses guidelines in addition to standards for areas in which only minimum require-ments were negotiated at the European level, while certificates certify a higher level of quality.
The relevant guidelines were developed with stakeholders. Therefore, the problem is not that alternative documents are used for certification instead of standards. The problem is related to documents which are used in addition to standards. To realize more standards-based certifica-tion, a need for new European directives was expressed. The European Directive for Fire Pro-tection was described as a good example for that. In addition, a need for similar documents in the areas of CCTV, access control, protection of critical infrastructures and smart grids was expressed.