Tan Hui Wen highlights some of the key provisions in the Civil Aviation (Security) Regulations 2019.
 
Air transport has revolutionised the way we travel and trade over the past century. With increasing movement of people and cargo across borders, global aviation security has become a focus of the International Civil Aviation Organisation (ICAO) and the 193 Contracting States to the Convention on International Civil Aviation (“Chicago Convention”). Malaysia, as one of the Contracting States, introduced the Civil Aviation (Security) Regulations 2019 (“Security Regulations”) which came into operation on 30 March 2019.
 
Amongst other matters, the Security Regulations provide for the matters discussed below.
 
NEW AVIATION SECURITY AUTHORITIES
 
National Civil Aviation Security Authority 
 
The Security Regulations establish a National Civil Aviation Security Authority (“the Security Authority”) which is responsible for safeguarding civil aviation against any acts of unlawful interference and for regulating the security of civil aviation in compliance with the provisions of Annex 17 to the Chicago Convention.
 
Acts of unlawful interference mean any act which jeopardises the safety of civil aviation, including (i) unlawful seizure of aircraft; (ii) the destruction of aircraft in service; (iii) hostage-taking on an aircraft or in aerodromes; (iv) forcible intrusion on board an aircraft; (v) the introduction on board an aircraft or at an airport of a weapon or hazardous device or material intended for criminal purposes; and (vi) the use of an aircraft in service for the purpose of causing death, serious bodily injury or serious damage to property. 
 
The functions of the Security Authority include: (i) establishing and reviewing civil aviation security policies; (ii) monitoring the implementation of the Security Regulations; (iii) reviewing the National Security Programmes; (iv) approving a security programme and reviewing the same; (v) defining and allocating tasks and co-ordinating civil aviation security activities between various entities; (vi) reviewing the level of threat to civil aviation; (vii) re-evaluating security control and procedures on civil aviation security; and (viii) responding to meet any increased threat to civil aviation security.
 
National Civil Aviation Security Committee 
 
The Security Regulations also establish a National Civil Aviation Security Committee (“the Committee”) whose functions include: (i) advising the Security Authority on matters relating to the implementation of the Security Regulations; (ii) facilitating the co-ordination of civil aviation security activities between various entities responsible for implementing the National Civil Aviation Security Programme (“NCASP”); and (iii) considering the recommendations made by the airport security committees in relation to the civil aviation security and, where appropriate, recommending to the Security Authority any change to the civil aviation security policies.
 
THE NATIONAL SECURITY PROGRAMMES
 
The Chief Executive Officer of the Civil Aviation Authority of Malaysia (“CEO”) is charged with the responsibility for establishing and implementing the National Security Programmes, which shall include (i) the NCASP to safeguard civil aviation operations against any act of unlawful interference; (ii) the National Civil Aviation Security Training Programme (“NCASTP”) to ensure that security awareness and function specific trainings are provided to persons involved in the implementation of the NCASP; and (iii) the National Civil Aviation Security Quality Control Programme (“NQCP”) to determine the compliance with and validate the effectiveness of the NCASP.
 
The Security Regulations impose an obligation on all operators, aerodrome operators, groundhandlers and other persons as may be determined by the CEO to comply with the National Security Programmes and require all Government entities responsible for implementing the National Security Programmes to cooperate with and assist one another to ensure the proper implementation of the said programmes.
 
The Security Regulations also require an operator, aerodrome operator, a groundhandler or any other persons as determined by the CEO to establish a civil aviation security programme, a civil aviation security training programme and a civil aviation security quality control programme in accordance with the requirements of the NCASP, NCASTP and NQCP respectively, which are to be approved by the Security Authority. Such approval is to be renewed within such period as may be determined by the CEO.
 
In addition, an aerodrome operator is required to establish a contingency plan (i.e. a proactive plan which includes measures to be implemented in the event of an actual act of unlawful interference) in accordance with the requirements of the NCASP which is to be approved by the Security Authority.
 
An operator, aerodrome operator, a groundhandler or any other persons as determined by the CEO is required to comply with the approved security programmes. In addition, an aerodrome operator is also required to comply with its approved contingency plans.
 
The CEO may, if he thinks necessary, vary any of the National Security Programmes and direct any person to vary any approved security programmes established by such person to be in accordance with the variations made to the National Security Programmes.
 
The Security Authority may, if it thinks necessary, conduct a review of any approved security programme and direct the person who established the programme to vary the same. The Security Authority may also require a person who establishes any approved security programme to conduct a review of its programme.
 
SECURITY AND SCREENING CONTROLS
 
Amongst others, the Security Regulations require an operator, aerodrome operator, groundhandler or any other person to: (i) use security equipment that is approved by the Security Authority; (ii) permit only a person who holds a security screener certificate issued by the Security Authority to act as a security screener; and (iii) ensure that a security screener complies with the method and manner of screening determined by the CEO. In addition, an aerodrome operator must, with the approval of the CEO, designate an area on the airside of an aerodrome as a security restricted area (“security restricted area”) that is a priority risk area where in addition to access control, other security controls are applied.
 
The expression “security equipment” refers to a device of a specialised nature for use, individually or as part of a system, in the prevention or detection of any act of unlawful interference with civil aviation and its facilities, including closed-circuit television, hand-held metal detector, walk-through metal detector and body scanner.
 
Screening of person 
 
Subject to the exceptions set out below, the Security Regulations prohibit any person from entering a security restricted area or an aircraft in a security restricted area unless that person undergoes a screening process by a security screener. An operator, aerodrome operator, groundhandler or any other person responsible for providing a screening process is required to ensure that the foregoing is complied with.
 
The screening requirements do not apply to: (i) a transit passenger who remains on board an aircraft; (ii) a transit passenger or transfer passenger who does not mix with an unscreened person from the transiting or transferring airport; and (iii) a transit passenger or transfer passenger who arrives from a Contracting State to the Chicago Convention where the security standards are recognised as being equivalent to the requirements as determined by the CEO.
 
Screening of baggage
 
A person is prohibited under the Security Regulations from taking, or causing to be taken, on board an aircraft, or delivering or causing to be delivered, for loading or carriage on an aircraft any baggage unless it undergoes a screening process by a security screener.  An aerodrome operator is required to ensure that the foregoing is complied with. The foregoing requirements do not apply to cabin baggage carried by a transit passenger or transfer passenger.
 
Screening of cargo, mail and stores
 
A person is prohibited from taking or causing to be taken on board an aircraft, or delivering or causing to be delivered for loading or carriage on an aircraft, any cargo or mail, and from carrying or causing to be carried in a security restricted area or on board an aircraft within a security restricted area, any stores, unless the cargo, mail or stores have been duly screened by a security screener.
 
The expression “stores” refers to any goods, other than cargo or mail, and includes any goods for consumption by a passenger or crew on board an aircraft, any goods used for the operation and maintenance of an aircraft, including fuel and lubricants, and any goods for sale to a passenger or crew on board an aircraft or in a security restricted area.
 
Screening of vehicles
 
The Security Regulations prohibit a person from using or operating, or causing to be used or operated, a vehicle in a security restricted area unless the vehicle undergoes a screening process by a security screener, and require an aerodrome operator to ensure that the foregoing is complied with.
 
AIRCRAFT SECURITY
 
An operator is permitted to fly its aircraft for the purpose of commercial air transport only if the operator has conducted a security search and checks on the aircraft in accordance with the NCASP.
 
The Security Regulations prohibit a person from entering or being in a flight deck of any aircraft flying for the purposes of commercial air transport unless that person is: (i) a crew on duty and authorised by the operator; (ii) performing any regulatory functions under the Civil Aviation Act 1969 or for the purpose of the Civil Aviation Authority of Malaysia Act 2017; or (iii) authorised by the CEO.
 
An operator is required to ensure that: (i) its aircraft is protected from any unauthorised interference from the time the security search and checks are carried out until the departure of the aircraft; (ii) its aircraft is kept under its supervision to prevent any unauthorised access of person or vehicle to or from the aircraft; (iii) no unauthorised person enters or is in a flight deck of any of its aircraft; and (iv) any item left behind in its aircraft by a passenger disembarking from any flight, including a transit flight, is removed from the aircraft.
 
The Security Regulations also require an operator to ensure that its civil aviation security programme contains measures and procedures for carrying of passengers in lawful custody of any law enforcement agency in accordance with the requirements in the NCASP.
 
MOVING FORWARD
 
In line with the introduction of the Security Regulations, Part XXIV (regulation 168) of the Civil Aviation Regulations 2016, which charges the CEO with the responsibility for safeguarding civil aviation against acts of unlawful interference, is deleted by the Civil Aviation (Amendment) Regulations 2019 (“Amendment Regulations”) with effect from 30 March 2019.
 
The Amendment Regulations provide that the National Civil Aviation Security Programme or any other security programme established under Part XXIV before 30 March 2019 is deemed to have been established under the Security Regulations and continues to have effect until reviewed, varied or substituted under the Security Regulations. It also provides that any notice issued under Part XXIV before 30 March 2019 continues to have effect until amended or revoked.
 
In light of the saving provisions described above, all security programmes established and any directions issued under Part XXIV will remain in force until they are varied, amended or revoked, as the case may be.
 
Moving forward, companies would have to comply with the procedures for applying for any approval, certificate or authorisation required under the Security Regulations as contained in regulations 29 to 32 of the Security Regulations, and with payment of fees prescribed by the Civil Aviation (Fees and Charges) (Amendment) Regulations 2019 (which came into effect on 30 March 2019). Companies and other persons with an approval, certificate or authorisation issued under the Security Regulations cannot transfer or assign them, or risk a fine not exceeding RM200,000 if convicted.
 
It would be prudent for passengers, operators, aerodome operators, groundhandlers and other persons to comply with the Security Regulations as conviction of an offence entails a fine up to RM200,000 or to imprisonment for a term not exceeding five years or to both for an individual; or a fine up to RM400,000 for companies, limited liability partnerships, firms, societies or other bodies of persons.