COMMISSION RECOMMENDATION
of 5 December 2014
on matters related to the placing in service and use of structural subsystems and vehicles under Directives 2008/57/EC and 2004/49/EC of the European Parliament and of the Council
(Text with EEA relevance)
(2014/897/EU)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 292 thereof,
Whereas:
(1) In accordance with Article 30(1) of Directive 2008/57/EC of the European Parliament and of the Council(1), the Commission may submit to the Committee referred to in Article 29 of the same Directive any matter related to the implementation of that Directive;
(2) Since 2005 the European Railway Agency (‘the Agency’) has been carrying out several activities supporting the development of an integrated, safe and interoperable EU railway system. Following the adoption of Directive 2008/57/EC, the Agency has had regular meetings with stakeholders and national safety authorities, particularly in the field of cross-acceptance of railway vehicles, i.e. mutual recognition of authorisations for the placing in service of railway vehicles. These meetings have shown that there are different understandings of the authorisation for placing in service of structural subsystems and vehicles as provided for in Chapters IV and V of that Directive.
(3) Without a common understanding, national implementing rules could lead to Member States applying the requirements in different ways which compounds the difficulties for manufacturers and railway undertakings. A common understanding of the process for the placing in service of structural subsystems and vehicles is also needed to ensure consistency between the various recommendations issued by the Agency in relation to several tasks set out by Directive 2004/49/EC of the European Parliament and of the Council(2) and Directive 2008/57/EC.
(4) The Commission adopted its Recommendation 2011/217/EU(3). The aim of the latter was to clarify the procedure for authorising the placing in service of structural subsystems and vehicles as set out in Directive 2008/57/EC.
(5) In order to discuss and analyse questions related to the placing in service of structural subsystems and vehicles which have arisen following the adoption of Recommendation 2011/217/EU, the Commission set up a task force on the vehicle authorisation process in 2011. This task force's final report was published on the Agency website in July 2012.
(6) On 30 January 2013, the Commission adopted its legislative proposals for a fourth railway package. These proposals take into account the results of the above-mentioned task force and include an improved process for the authorisation of vehicles and sub-systems. The clarifications in this Recommendation are needed to optimise the implementation of the current legal framework.
(7) It is therefore necessary to broaden Recommendation 2011/217/EU to cover other aspects related to the authorisation process and to further clarify the following issues:
— relationship between essential requirements, technical specifications for interoperability (TSI) and national rules,
— use of the common safety methods for authorisation purposes,
— integrity of TSIs and national rules,
— verifications which are outside the scope of authorisation for placing in service,
— testing,
— manufacturer's or contracting entity's declaration of verification,
— mutual recognition,
— technical file,
— roles and responsibilities before, during and after authorisation,
— role of the safety management system, and
— management of modifications.
(8) For the sake of clarity and simplification, it is preferable to replace Recommendation 2011/217/EU by this Recommendation.
(9) After consulting the Committee referred to in Article 29 of Directive 2008/57/EC,
HAS ADOPTED THIS RECOMMENDATION:
1. Member States should ensure that national safety authorities, railway undertakings, infrastructure managers, assessment bodes, entities in charge of maintenance, manufacturers, applicants for authorisation for placing in service and other players involved in the authorisation for placing in service and use of structural subsystems and vehicles are aware of and take into account the principles and guidelines set out in paragraphs 2 to 116.
DEFINITIONS
2.
For the purpose of this Recommendation, the definitions of Directive 2008/57/EC and 2004/49/EC should apply. In particular the terms ‘railway undertakings’, ‘infrastructure managers’, ‘keepers of vehicles’, and ‘entity in charge of maintenance’ are used based upon their roles and responsibilities as defined in Articles 3 and 4 of Directive 2004/49/EC. Any entity fulfilling one of the roles mentioned in these Articles might also fulfil another role (e.g. a railway undertaking or an infrastructure manager can also be a keeper of vehicles). The following definitions should also apply:
(a) ‘design operating state’ means the normal operating mode and the foreseeable degraded conditions (including wear) within the range and conditions of use specified in the technical and maintenance files. It covers all conditions under which the subsystem is intended to operate and its technical boundaries;
(b) ‘basic design characteristics’ means the characteristics of a subsystem as defined in the type or design examination certificate;
(c) ‘safe integration’ means the action to ensure the incorporation of an element (e.g. a new vehicle type, network project, subsystem, part, component, constituent, software, procedure, organisation) into a bigger system, does not create an unacceptable risk for the resulting system;
(d) ‘establishment of technical compatibility with the network’ means verification and documentation in the technical file accompanying the EC declaration of verification of the vehicle type's parameters that are relevant for the technical compatibility with the given network and, where applicable, conformity with the limit values specified for this network; the parameters include physical characteristics and functions; the verification needs to be done according to the rules applicable for the given network;
(e) ‘technical compatibility’ means an ability of two or more structural subsystems or parts of them which have at least one common interface, to interact with each other while maintaining their individual design operating state and their expected level of performance;
(f) ‘assessment body’ means the notified body, designated body or risk assessment body;
(g) ‘notified body’ means a body as defined by Article 2(j) of Directive 2008/57/EC;
(h) ‘designated body’ means a body designated by a Member State in accordance with Article 17(3) of Directive 2008/57/EC for verification of compliance of a subsystem with the national rules;
(i) ‘risk assessment body’ means a body as defined by Article 3(14) of Commission Implementing Regulation (EU) No 402/2013(4);
(j) ‘EC declaration of verification’ means, for a subsystem, the ‘EC’ declaration of verification established pursuant to Article 18 and Annex V to Directive 2008/57/EC which is a declaration that the subsystem satisfies the requirements of the relevant European legislation including any national rules that are used to implement the essential requirements of Directive 2008/57/EC;
(k) ‘network project’ means a project to place in service new, renewed or upgraded fixed equipment composed of more than one structural subsystem;
(l) ‘network characteristics’ means the characteristics of a network as described by the TSIs and, where relevant, by national rules;
(m) ‘technical file accompanying the “EC” declaration of verification’ means the combination of all files and documentation gathered by the applicant as required by all applicable EU legislation for a subsystem;
(n) ‘documentation submitted for authorisation’ means the file presented by the applicant to the national safety authority at the time of applying for authorisation;
(o) ‘applicant’ means the signatory of the ‘EC’ declaration of verification in accordance with Article 18 of Directive 2008/57/EC and asking for an authorisation for placing in service of a subsystem. Where the CSM RA is required under Article 15 of Directive 2008/57/EC, the role of the ‘proposer’ according to the CSM RA should be taken by the applicant for authorisation.
(p) ‘applicant for vehicle/network project authorisation’ means the entity asking for an authorisation for placing in service of a vehicle or network project respectively. Where the CSM RA is required under Article 15 of Directive 2008/57/EC, the role of the ‘proposer’ according to the CSM RA should be taken by the applicant for authorisation.
AUTHORISATION FOR THE PLACING IN SERVICE OF SUBSYSTEMS
3.
The authorisation for placing in service of a subsystem is the recognition by the Member State that the applicant for this subsystem has demonstrated that it meets, in its design operating state, all the essential requirements of Directive 2008/57/EC(5) when integrated into the rail system. According to Article 17(1) of the same Directive, this is provided in the form of an ‘EC’ declaration of verification. The following diagram summarises the activities before and after an authorisation for placing in service of a structural subsystem:
[Bild bitte in Originalquelle ansehen]
AUTHORISATION FOR THE PLACING IN SERVICE OF VEHICLES AND AUTHORISATION OF VEHICLE TYPES
4.
For the purposes of authorisation, a vehicle is composed of the rolling stock subsystem and, where applicable, the on-board control-command and signalling subsystem. A vehicle type authorisation or individual authorisation to place a vehicle in service is a collective authorisation of the subsystem(s) composing the vehicle.
5.
Requirements arising from functional subsystems and affecting the vehicle design (operating) state (including for example operational performance requirements) are set out in the relevant structural TSIs or, where allowed by Directive 2008/57/EC, in national rules (e.g. CCS class B systems).
6.
Since vehicles are composed of one or more subsystems, provisions related to subsystems in Chapter IV of Directive 2008/57/EC are applicable to the vehicle's or vehicle type's relevant subsystems, without prejudice to other provisions of Chapter V.
7.
For authorisations relating to vehicles composed of more than one subsystem, the applicant for authorisation of the vehicle or vehicle type may combine the ‘EC’ declarations of verifications for both subsystems into a single ‘EC’ declaration of verification, as described in Annex V to Directive 2008/57/EC, to demonstrate that vehicles of this type as a whole in their design operating state, when integrated into the rail system, satisfy the requirements of the relevant European legislation including the essential requirements of Directive 2008/57/EC.
8.
A single authorisation for the vehicle type or an authorisation for the placing in service of individual vehicles should be sufficient for the whole EU rail network when the conditions specified in Directive 2008/57/EC are met. This is the case, for example, of a TSI-compliant vehicle or vehicle type which is to be authorised with the condition of use that it is intended to run only on a TSI-compliant network (but only if the relevant TSIs which were applied at the respective authorisations do not contain open points and specific cases related to the compatibility between the network and the vehicle).
9.
The procedures for authorising vehicle types and individual vehicles are harmonised and include clear steps with fixed time limits.
10.
The applicable rules for authorising the placing in service of vehicles and vehicle types should be stable, transparent and non-discriminatory. The rules should be either TSIs, or, when permitted by Directive 2008/57/EC, national rules notified to the Commission and made available through a database set up by the Commission. From the moment a TSI is adopted, Member States should not adopt any national rule related to products or subsystem parts covered by that TSI (except for those declared as ‘open points’) In the case of non-TSI-compliant vehicles and vehicle types, the principle of mutual recognition should be applied as far as possible in order to prevent unnecessary requirements and redundant verifications, unless these are strictly necessary for verifying the technical compatibility of a vehicle of this type with the relevant network.
11.
Authorisations relating to vehicles should refer to the technical characteristics of the vehicles' design operating state, including limits and conditions of use and indicate the network(s)(6) of the Member State(s) for which the vehicles of that type are authorised. The technical characteristics referred to in the authorisation should be:
— declared by the manufacturers or contracting entities, in their role as applicant for authorisation of the vehicle or vehicle type,
— verified and certified by the assessment bodies, and
— documented in the technical file accompanying the EC declaration of verification.
12.
The technical characteristics as referred to in recommendation 11 above are the same for any individual vehicle of the same vehicle type.
13.
Neither the type authorisation nor the authorisation for placing an individual vehicle in service should be related to any particular route, railway undertaking, keeper or entity in charge of maintenance (ECM).
14.
To ensure that there is no need to authorise vehicle types and placing in service of individual vehicles for specific routes and to avoid the need for re-authorisation if the characteristics of any route changes, any limitations and conditions of use attached to a vehicle related authorisation should be specified in terms of the parameters of the technical design characteristics of the infrastructure and not in terms of geography.
TYPE AUTHORISATION
15.
The characteristics of a vehicle's design operating state that are assessed for authorisation are the characteristics associated with the vehicle type. A vehicle type may first be authorised according to Article 26(1) of Directive 2008/57/EC and then individual vehicles of that type (including a series of individual vehicles) may be authorised by verification of their conformity to type according to Article 26(3) of Directive 2008/57/EC. Alternatively, the authorisation of the first vehicle of a type will confer an authorisation of the vehicle type according to Article 26(2) of Directive 2008/57/EC. This also allows subsequent individual vehicles of the same type to be authorised by verification of conformity to type according to Article 26(3) of Directive 2008/57/EC. This concept of vehicle type authorisation allows manufacturers to place vehicle types on the market and in their catalogue, and thus to offer customers the benefit of an authorisation, without already having built the individual vehicles of such types that a customer may order. One of the objectives of this concept is to remove much of the authorisation risk from those who procure vehicles of such types.
16.
The concept of type is also relevant for route compatibility. To assess if the route will support a train, a railway undertaking compares the characteristics of a train composed of vehicles of certain types with the information provided by the infrastructure manager in the register of infrastructure. The obligation of infrastructure managers to make public the nature of infrastructure already exists (Directive 2001/14/EC of the European Parliament and of the Council(7) as far as network access is concerned; Directive 2004/49/EC, 2008/57/EC and TSI related to ‘operation and traffic management’ as far as operation is concerned). Until the register of infrastructure is established and populated, the infrastructure managers should publish this information in another form. This does not empower the infrastructure managers to impose a sort of second authorisation to the vehicles or trains of the railway undertakings.
17.
The processes of authorising vehicles and the subsequent operation and maintenance of particular vehicles are two clearly distinct processes regulated by distinct provisions. This separation enables vehicles of the same type to be placed on the market by manufacturers already with an authorisation, to be operated by different railway undertakings, and to be maintained by different entities in charge of maintenance (ECM) in accordance with different maintenance regimes depending on the operational context.
18.
For vehicle types intended to be authorised in more than one Member State (e.g. for operation on corridors), the national safety authorities may choose to cooperate in order to issue first and additional authorisations at the same time (‘simultaneous’ authorisation). This enables the relevant national safety authorities to share the work between them (e.g. each of them might take a subject area) and for the national safety authority issuing the first authorisation to recognise and benefit from work carried out by the other national safety authorities.
AUTHORISATION FOR THE PLACING IN SERVICE OF FIXED INSTALLATION SUBSYSTEMS
19.
It should be underlined that TSIs for fixed installations do not contain a complete set of requirements to be complied with by the relevant subsystem. The requirements set out in the TSIs include those elements which are relevant for the compatibility of the fixed installation subsystems with a TSI compliant vehicle.
20.
For fixed installations, apart from the application of the TSIs, in order to satisfy essential requirements of all applicable EU legislation, Member States may require application of other rules — which do not need to be harmonised to meet the objectives of Directive 2008/57/EC — such as electrical safety, civil engineering, building, sanitary, fire protection codes, etc. These rules should not contradict the provisions of the TSIs.
21.
For a network project composed of more than one fixed installation subsystem, it is suggested that to simplify the process, the applicant may combine the ‘EC’ declarations of verifications for each subsystem, as described in Annex V to Directive 2008/57/EC, into a single ‘EC’ declaration of verification for the network project as a whole to demonstrate that the network project as a whole when integrated into the rail system satisfies the requirements of the relevant European legislation including meeting the essential requirements of Directive 2008/57/EC.
22.
The applicable national rules for authorising the placing in service of fixed installation subsystems should be stable, transparent and non-discriminatory. Without prejudice to recommendations 19 and 20 above, the rules related the essential requirements of the railway system laid down by Directive 2008/57/EC should be either TSIs, or, when permitted by Directive 2008/57/EC, national rules notified to the Commission and made available through a database set up by the Commission. From the moment a TSI is adopted, Member States should not adopt any national rule related to products or subsystem parts covered by that TSI (except for those aspects duly declared as ‘open points’ in the relevant TSIs).
23.
An authorisation for placing in service of fixed installation subsystems should refer to its technical characteristics, including limits and conditions of use. The technical characteristics referred to in the authorisation for placing in service should be:
— declared by the applicant,
— verified and certified by the assessment bodies, and
— documented in the technical file accompanying the EC declaration of verification.
24.
The process of authorising the placing in service of fixed installation subsystems and the operation and maintenance of those subsystems are two clearly distinct processes regulated by distinct provisions.
ESSENTIAL REQUIREMENTS, TECHNICAL SPECIFICATIONS FOR INTEROPERABILITY (TSI) AND NATIONAL RULES
25.
The Interoperability Directive lays down essential requirements for the railway system. These are ‘
all
the conditions set out in Annex III which must be met by the rail system, the subsystems, and the interoperability constituents, including interfaces’ (Article 2 point (g) of Directive 2008/57/EC). The essential requirements for the railway system are therefore exhaustive. A Member State or national safety authority may not lay down any requirements or conditions other than as foreseen by Article 17.
26.
Technical compatibility at the interface between network and vehicles is crucial for safety. Although the safety aspect of this interface could be proven through the use of reference systems or explicit risk estimations in accordance with Commission Regulation (EC) No 352/2009(8) (CSM RA), for interoperability reasons, technical compatibility should be proven on the basis of harmonised Union rules, that is the TSIs, or, if no such rules exist, on the basis of national rules. Therefore, for the sake of interoperability, interfaces between vehicle and network should be demonstrated using a rule-based approach.
27.
As a consequence, on one hand, the TSIs should exhaustively specify the interfaces referred to in recommendation 26. Every basic parameter and interface of the target system to be explicitly checked for authorisation should also be fully specified in the TSIs, along with the relevant conformity assessment requirements.
28.
On the other hand, TSIs should only specify the requirements ‘to the extent necessary’ to deliver the optimal level of technical harmonisation and mandatory provisions necessary to meet the essential requirements of Directive 2008/57/EC and to achieve the objectives set out in Article 1 of that Directive (Article 5(3)).The TSIs should therefore specify requirements only to the level of detail that needs to be harmonised in order to achieve these objectives while meeting the essential requirements. They also specify the interfaces between subsystems. Each TSI indicates a target subsystem that may be attained gradually within a reasonable time-scale.
29.
Applicants should have the freedom to use technical solutions of their own choice to meet the essential requirements provided that the specifications of these technical solutions comply with the TSIs and other applicable legislation.
30.
In order to achieve the goal of the Single European Railway Area without internal frontiers, technical specifications of products meeting the essential requirements may be laid down in harmonised standards (EN). In some cases, harmonised standards that cover the basic parameters of the TSIs provide presumption of conformity with certain clauses of the TSIs. In accordance with the spirit of the new approach to technical harmonisation and standardisation, application of these standards remains voluntary but their references are published on the
Official Journal of the European Union
(OJEU). These specifications should also be listed in the TSI application guides in order to facilitate their use by the industry. These specifications should remain complementary to TSIs.
31.
The hierarchy and level of detail of the specifications mentioned in recommendations 26 to 30 are illustrated in the following diagram:
[Bild bitte in Originalquelle ansehen]
32.
The TSIs should not repeat provisions designed to ensure that a subsystem or vehicle design operating state meets requirements from other applicable Directives.
33.
Requirements stemming from EU provisions other than Directive 2008/57/EC need also to be applied when a subsystem or a vehicle is designed/planned and placed into its design operating state. The applicant should ensure that these requirements are fulfilled.
34.
Without prejudice to recommendations 19 and 20, national rules may continue to apply for authorisations only in the cases specified by Article 17(3) of Directive 2008/57/EC. These are
— the circumstances where no relevant TSI exists i.e.:
(a) TSI open points;
(b) networks and vehicles not (intended to be) in the scope of the TSIs;
(c) requirements for legacy systems (i.e. system interfaces not intended to be covered by the TSIs);
(d) requirements for non-TSI-compliant vehicles placed in service before the entry into force of the TSIs or during a transitional period,
— derogations, for which Article 9 of Directive 2008/57/EC applies,
— as specific cases defined in TSIs, which include national variations in the target system.
35.
In the cases listed in recommendation 34, Member States should rely on, make public, and enforce rules covering the essential requirements including technical compatibility between vehicles and their network. In order to preserve the existing level of interoperability and avoid discrimination between applicants, these rules should be at the same level of detail as TSIs and unambiguous in their requirements (i.e. they should specify values for the relevant parameters and conformity assessment methods).
36.
If an application for an additional authorisation is made for an existing non-TSI-compliant vehicle type or individual vehicles Article 25 of Directive 2008/57/EC would allow the Member State where the additional authorisations is sought, to check only the compatibility with its network. In application of the mutual recognition as described in recommendations 52 to 54, this Member State should recognise the first authorisation for placing in service unless it can demonstrate (to the applicant for the additional authorisation) a significant safety risk. This is consistent with the need to avoid discrimination between vehicles types and individual vehicles that were first authorised in one Member State.
37.
Therefore, for the purpose of clarity, Member States should state in their national rules which of the provisions apply: only to new vehicles and subsystems at first authorisation; and/or to existing types; and/or to existing vehicles to be given a new authorisation after renewal or upgrade; and/or to all subsystems and vehicles already in service.
USE OF THE COMMON SAFETY METHODS FOR RISK EVALUATION AND ASSESSMENT (CSM RA) AND THE SAFETY MANAGEMENT SYSTEM (SMS)
38.
The CSM RA is mandatory in the context of the authorisation of placing in service only in the following cases:
(a) when required for a particular subject by a TSI or national rule applicable according to Article 17(3) of Directive 2008/57/EC;
(b) as required by Article 15(1) of Directive 2008/57/EC to perform safe integration of the subsystems when mandatory rules are not available.
In all other cases the use of the CSM RA is not mandatory in the context of such an authorisation.
39.
The term ‘safe integration’ may be used to cover:
(a) safe integration between the elements composing a subsystem;
(b) safe integration between subsystems that constitute a vehicle or a network project;
and, for vehicles:
(c) safe integration of a vehicle with the network characteristics;
(d) safe integration of vehicles into the SMS of railway undertakings. This includes interfaces between vehicles, interfaces with the staff who will operate the subsystem, and maintenance activities by an ECM;
(e) safe integration of a train with the specific routes it operates over;
and for network projects:
(f) safe integration of a network project with the vehicle characteristics defined in TSIs and national rules;
(g) safe integration with adjacent parts of the network (line sections);
(h) safe integration of network project into the SMS of the infrastructure manager. This includes interfaces with the staff who will operate the network project, and maintenance activities by the infrastructure manager or its contractors;
(i) safe integration of a network project with the specific trains operating over it.
40.
Regarding the relation between safe integration and the authorisation for placing vehicles in service:
— points (a), (b), and (c) of recommendation 39 should be carried out before authorisation for placing in service. Any condition and limits of use derived from them (e.g. any limitations for train composition including operation in multiple units or operation of the locomotives together with the vehicles forming the train) should be stated in the technical file accompanying the EC declaration of verification referred to in Article 18(3) of Directive 2008/57/EC in such a way that the user of the authorised subsystem or vehicle can apply these conditions and limits of use according to its SMS,
— point (d) of recommendation 39 is not part of the authorisation process. It should be carried out by the railway undertaking due account of all the conditions and limits of use that result from points (a), (b) and (c) and verification of conformity with the TSIs and applicable national rules,
— point (e) of recommendation 39 is not part of the authorisation process. It should be carried out by the railway undertaking on the basis of all the information needed by a railway undertaking to determine train characteristics and establish train-route compatibility (e.g. conditions of use, values of interface parameters) that result from points (a), (b), and (c) and the information contained within the register of infrastructure.
40 bis.
Regarding the relation between safe integration and the authorisation for placing fixed subsystems and network projects in service:
— points (a), (b), (f) and (g) of recommendation 39 should be carried out before authorisation for placing in service. Any condition and limits of use derived from them should be stated in the technical file accompanying the EC declaration of verification referred to in Article 18(3) of Directive 2008/57/EC in such a way that the user of the authorised subsystem or network project can apply these conditions and limits of use according to its SMS,
— point (h) of recommendation 39 is not part of the authorisation process. It should be carried out by the infrastructure manager taking due account of all the conditions and limits of use that result from points (a), (b), (c) and verification of conformity with the TSIs and applicable national rules,
— point (i) of recommendation 39 is not part of the authorisation process. It should be carried out by the infrastructure manager on the basis of all the information needed to determine route characteristics and establish train-route compatibility (e.g. conditions of use, values of interface parameters) that result from points (a), (b), and (c) and the information contained within the register of vehicle types.
41.
Regarding the use of the CSM RA to verify safe integration before authorisation for placing in service:
— point (a) of recommendation 39 is fully in the scope of the TSIs addressing a subsystem; where there are no explicit technical rules covering this matter, the TSI may adopt a risk based approach, require application of the CSM RA and specify to which acceptable level the risk should be controlled,
— where there are no mandatory rules (TSIs, national rules) covering this interface fully, point (b) of recommendation 39 should be checked by using the CSM RA,
— point (c) of recommendation 39 should be fully covered by TSIs and, where envisaged by Article 17(3) of Directive 2008/57/EC, national rules and this rule-based verification should be carried out by a notified body or designated body as part of its responsibility for ‘verification of the interfaces of the subsystem in question with the system into which it is incorporated’ (Article 18 of Directive 2008/57/EC), otherwise the requirements for transparency, non-discrimination and interoperability would be compromised.
— The use of the CSM RA is therefore not mandatory for point (c) of recommendation 39 for the cases where TSIs or national rules exist. In the cases where national rules do not specify this interface fully (e.g. some legacy signalling systems and innovative solutions) these national rule(s) may require the application of CSM RA for addressing the risks not covered.
INTEGRITY OF TSIs AND NATIONAL RULES
42.
It is recognised that the TSIs have been built up by a pool of experts from the sector associations and national safety authorities taking account of national rules and practical experience as their basis. They represent the ‘state of the art’ or best available knowledge having been developed by the Agency, with these experts and reviewed by the Committee referred to in Article 29 of Directive 2008/57/EC. As such, the TSIs have been recognised by the Member States as fit for purpose (including open points) and are legally binding. It is not part of authorisation to check or validate these mandatory requirements.
43.
Nevertheless, to preserve the integrity of the TSIs and national rules, it is the responsibility of every entity that at any time becomes aware of a potential deficiency in the TSIs or national rules that, as a matter of urgency, they raise their doubts with full justification through the applicable procedures so that all entities concerned are immediately made aware of the potential deficiency and may take appropriate action.
44.
Member States should take appropriate measures to amend deficient or incompatible national rules.
45.
If a TSI is deficient, Article 7 of Directive 2008/57/EC applies and the deficiency should be addressed by:
(a) a technical opinion of the Agency; or
(b) a TSI amendment;
or both.
Depending on the case, a TSI may be amended by:
(1) amending the specification of the target system;
(2) adding specific cases, when they concern only a limited number of Member States and harmonisation at EU level is not deemed necessary;
(3) adding open points, when harmonisation at EU level is needed, but cannot yet be explicitly covered in the TSI.
VERIFICATIONS WHICH ARE OUTSIDE THE SCOPE OF AUTHORISATION FOR PLACING IN SERVICE
46.
The verification of train-route compatibility should be independent from the authorisation for placing in service a vehicle type or an individual vehicle. The verification of train-route compatibility is managed by a railway undertaking (or an infrastructure manager if it operates trains) as part of the planning process (for example when bidding for paths) and on a day–to-day basis through its SMS. The railway undertaking should establish compatibility by obtaining information from the infrastructure manager via the register of infrastructure and from the technical file accompanying the EC declaration of verification of the vehicles established at authorisation and maintained thereafter. In the transitional period, i.e. until the register of infrastructure is established and complete with all relevant data for the verification of compatibility with the network, the infrastructure managers should provide necessary information to the railway undertakings by other transparent means.
47.
Assessing the ability of a railway undertaking to manage the operation and maintenance of the vehicles is not part of the process leading to authorisation. It is covered by the safety certification process and ongoing supervision by the national safety authority.
48.
Assessing the ability of an infrastructure manager to manage the operation and maintenance of network projects is not part of the process leading to authorisation. It is covered by the safety authorisation process and ongoing supervision by the national safety authority.
49.
Assessing the ability of an ECM to manage the maintenance of a vehicle is not part of the authorisation process. It is covered by the SMS of the railway undertaking. Where the ECM certification process applies, the SMS of the railway undertaking may take account of this process.
50.
As a consequence, an applicant for a vehicle type authorisation or for an authorisation for placing an individual vehicle or subsystem in service is not required to assess the significance of the potential changes brought by the vehicle or the subsystem design in the railway system as a whole. If the applicant is the railway undertaking or infrastructure manager that intends to operate this vehicle or subsystem, the application of CSM RA as a railway undertaking or infrastructure manager responsible for the management of change to their part of the railway system is independent from their role as applicant for an authorisation for placing in service.
51.
In practice, where the manufacturer is producing a specific design to the order of a railway undertaking, there is usually an overlap in time between:
— the verification of conformity of a structural subsystem in order to establish a ‘EC’ declaration of verification (activity that includes points (a), (b) and (c) of recommendation 39), and
— the integration of this subsystem into the SMS of the railway undertaking or infrastructure manager (activity that includes points (d) and (e) of recommendation 39).
This is a part of good project management that, in certain circumstances, allows minimising the time gap between the authorisation for placing in service and the actual use of the vehicle or network project in commercial operation. In these circumstances the national safety authority is involved at the same time as:
— an authority in charge of granting an authorisation for vehicle type or for placing an individual vehicle in service, and
— an authority in charge of supervision of safety certificates or safety authorisations.
Even though the two tasks may overlap in time, they should be formally independent, the counterpart in the former being the applicant for authorisation of the vehicle or vehicle type and in the latter the railway undertaking or infrastructure manager that intends to use the subsystem or vehicle.
MUTUAL RECOGNITION OF RULES AND VERIFICATIONS ON VEHICLES
52.
Member States should mutually recognise verifications carried out according to national rules of other Member States, unless:
(a) there is no evidence of compatibility with the network; or
(b) a Member State can demonstrate to the applicant a substantial safety risk.
(c) The principle of mutual recognition should be applied as far as possible in order to prevent unnecessary requirements and redundant verifications, unless these are strictly necessary to check the technical compatibility of the vehicle with the relevant network and are not equivalent to the rules of the Member State of the first authorisation.
53.
In the event of additional authorisations, Member States should not call into question national rules applied for a previous authorisation:
— covering the open points not related to technical compatibility between the vehicle and the network, or
— classified as belonging to category ‘A’ in the reference document provided for in Article 27(4) of Directive 2008/57/EC.
54.
Notwithstanding the absence of generic risk acceptance criteria in the CSM on risk assessment, CSM assessments carried out as part of verifications required by the TSIs should be mutually recognised in accordance with Article 7(4) of CSM RA(9).
ROLES AND RESPONSIBILITIES
55.
Before a subsystem may be authorised to be placed in service, the manufacturer or contracting entity (i. e. the applicant in the meaning of Article 18(1) of Directive 2008/57/EC) must carry out all necessary design, construction and testing or have them carried out under their responsibility and sign an ‘EC’ declaration of verification.
56.
The notified bodies verify conformity with TSIs and draw up the certificate(s) of verification intended for the applicant. Article 18(2) of Directive 2008/57/EC states that the notified body's verification ‘shall also cover verification of the interfaces of the subsystem in question with the system into which it is incorporated, based on the information available in the relevant TSI and in the registers provided for in Articles 34 and 35’. This implies that the notified body has a role in checking technical compatibility with other subsystems, which is consistent with the fact that technical compatibility is covered by TSIs. The scope of these checks is limited to the relevant TSIs. Each notified body compiles a technical file in respect of the verifications they have carried out.
57.
The provisions of recommendation 56 apply
mutatis mutandis
to designated bodies and national rules.
58.
On the basis of Article 15(1) of Directive 2008/57/EC, the role of national safety authorities in authorising the placing in service should be to carry out a check of the documents accompanying the application for placing in service and providing evidence of the adequacy of the verification procedure. This check should consist of checking the completeness, relevance and consistency of the documentation submitted for authorisation. It is limited to matters within the competence of the National (railway) safety authorities as defined in Directive 2004/49/EC.
59.
If a Member State (or national safety authority) discovers a problem with the application for authorisation for placing in service in that a structural subsystem covered by the ‘EC’ declaration of verification accompanied by the technical file does not fully comply with Directive 2008/57/EC and in particular does not meet the essential requirements, it should apply Article 19 of Directive 2008/57/EC. This applies
mutatis mutandis
to interoperability constituents in accordance with Article 14 of Directive 2008/57/EC.
60.
National safety authorities should not repeat any of the checks carried out as part of the verification procedure.
61.
National safety authorities should not try to carry out or duplicate the work of rule setters, notified bodies, designated bodies or risk assessment bodies.
62.
National safety authorities should neither carry out an in-depth systematic verification of the work done by the applicant, the notified body, the designated body and the CSM risk assessment body, nor a systematic validation of their results. National safety authorities may call assessment body verifications into question only if there are justifiable doubts. In this case, the principles of proportionality (taking account of the level of risk), non-discrimination, and transparency should be respected. Justified doubts may in particular arise on the basis of the checks referred to in recommendation 58, or when the return of experience has shown that a similar subsystem does not meet the essential requirements as defined in Article 19 of Directive 2008/57/EC.
63.
In accordance with Article 28(2) of Directive 2008/57/EC for notified bodies (and
mutatis mutandis
for designated bodies), Member States should put in place systems to ensure the competence of assessment bodies and take action to address non-compliance with applicable legislation. To ensure a consistent approach, the Commission, assisted by the Agency, should have a coordination role in this matter.
64.
Applicants, infrastructure managers and railway undertakings, in conjunction with ECMs should take account of the return of experience with already authorised vehicle types and subsystem designs or identification of unmanaged risks and put in place appropriate corrective actions.
65.
Applicants should carry out these corrective actions prior to their request for authorisation and should be required to do so as soon as the need is detected.
66.
For vehicles and subsystems already in use, railway undertakings and infrastructure managers should carry out these corrective actions within their SMS. The SMS of railway undertakings should ensure that the ECMs maintaining vehicles used by them introduce any changes necessary into their system of maintenance.
67.
Just as prior to authorisation the role of the national safety authority is not to specify a design solution, similarly the supervision role of national safety authorities is not to prescribe corrective action in the event of return of experience. Instead, national safety authorities should monitor the compliance of a railway undertaking or infrastructure manager with its own SMS. National safety authorities should check that railway undertakings and infrastructure managers define, carry out and manage the appropriate corrective actions by means of their own SMS.
68.
Directive 2004/49/EC makes each of the infrastructure managers and of the railway undertakings responsible for their parts of the system. The railway undertaking is solely responsible for the safe operation of its trains. The infrastructure manager's role is confined to managing the infrastructure and therefore the infrastructure manager has no responsibility for the operation of trains other than to issue permission for train movement. The infrastructure manager has no other authorisation role.
69.
Assessment of the ability of a subcontractor (e.g. a keeper) to manage its part of operation and maintenance of vehicles is not part of the process leading to an authorisation. This is covered by the obligation on the railway undertaking using authorised vehicles to make sure under its SMS that they have a suitable entity in charge of maintenance, according to Article 14a of Directive 2004/49/EC
70.
Article 14a(1) of Directive 2004/49/EC as amended by Directive 2008/110/EC states that, before it is placed in service or used on the network, each vehicle should have an ECM assigned to it. The authorisation for placing in service is independent from the operation of a vehicle by a railway undertaking or the maintenance of the vehicle by an ECM; furthermore, Directive 2004/49/EC relates to the operation (use) and maintenance of vehicles. Therefore the ECM may be assigned either before or after a vehicle has been authorised to be placed in service, but always before it is registered in the national vehicle register (ECM is a mandatory field in the NVR) and before it is actually used on the network.
71.
Organisations should manage the risks created by their activities. Responsibility for managing risks should sit with those who have the greatest capacity to manage them.
72.
As railway undertakings and infrastructure managers are the only actors required to have safety certifications and safety authorisations, supported by SMSs, these organisations should have a key role for managing the contributions of others, and for taking the right decisions regarding their contributions. When railway undertakings or infrastructure managers take such decisions or actions under their safety management systems, this is without prejudice to the responsibilities of other entities, such as keepers, ECMs, manufacturers.
73.
The division of operational responsibilities between the railway undertakings and infrastructure managers is defined in the TSI on operation and traffic management.
74.
Railway undertakings should be held as best placed and most competent to:
(a) identify the potential hazards to their planned operations, including maintenance, and implement control measures, such as departure checks;
(b) properly specify their operational needs to contractors and suppliers, such as required performance, availability and reliability of vehicles;
(c) monitor the performance of vehicles;
(d) provide regular and comprehensive feedback on operations and performance to the keeper and ECM, as appropriate; and
(e) carry out contract reviews to understand and challenge contract performances.
75.
On the other hand, railway undertakings and infrastructure managers should not be held as best placed or most competent to directly manage all the risks all the way down the supply chain. In order to fulfil their responsibilities, railway undertakings and infrastructure managers should design contractual obligations for the supply of goods and services in accordance with their safety management systems, taking into account the legal responsibilities of others. Once in use, it is standard practice for vehicles to be modified to correct defects and continuously improve their performance. Managing these changes safely is the responsibility of the railway undertaking. This responsibility should be fulfilled by applying the change management procedures in its SMS and the Regulation on CSM risk assessment and, when necessary, ensuring that authorisation to place the modified vehicle in service is obtained. The railway undertaking should also ensure that all relevant information is communicated to the ECM for him to up-date the maintenance file.
76.
Railway undertakings, infrastructure managers, ECMs and keepers should make sure that any support they may need through this process is provided for in the contract with the manufacturer.
77.
Before the railway undertaking procures access to the network for the train from the infrastructure managers, they should first know the nature of the access that the infrastructure manager has offered for sale. The railway undertaking needs to be sure that the route to which they intend to purchase access is capable of supporting the trains they intend to run.
78.
Railway undertakings should find in the infrastructure register all information (on the nature of the infrastructure) which they need in order to establish whether the train they intend to run is compatible with the specific route (train/route compatibility). The infrastructure manager should describe in the infrastructure register for each parameter the nominal values and, where applicable, the limit values of the interface parameters to which the route section is maintained. The railway undertakings rely upon the integrity of this information to ensure the safe operation of their trains. The infrastructure manager should inform the railway undertaking of any temporary changes to the nature of the infrastructure not listed in the register of infrastructure.
79.
Once a railway undertaking has established, by using the infrastructure register and the file accompanying the vehicle authorisation/authorisation for type of vehicle, and considering the conditions of use and other restrictions on the authorisation for placing in service of the vehicle/authorisation for type of vehicle, that the route can support the train it intends to run, it should then refer to the provisions of the TSI related to ‘operation and traffic management’ (particularly its sections relating to train composition, train braking and running order) to ascertain whether there are any train related restrictions inhibiting operation on the route (e.g. speed limits, length limits, power supply limits).
80.
If an infrastructure manager or railway undertaking has concerns relating to the use of a specific vehicle or piece of fixed equipment on a specific line, it should bring this to the attention of the other party in order to find a solution. If the party that raises the issue is not satisfied with the response, it should raise the issue with the national safety authority, which should take decisions in accordance with its powers.
81.
According to Article 4(2) of Commission Regulation (EU) No 1078/2012(10), railway undertakings infrastructure managers and entities in charge of maintenance need to inform all the parties involved (including the national safety authorities) about any relevant safety risk as regards defects and construction non-conformities or malfunctions of technical equipment. This obligation of information also concerns the manufacturers and the contracting entities that established the ‘EC’ declaration of verification after the authorisation for placing in service.
82.
In addition to its task of authorising the placing in service of structural subsystems and in accordance with Article 16 of Directive 2004/49/EC, national safety authorities should also supervise that railway undertakings and infrastructure managers are operating under the requirements of EU legislation and, where allowed by Directive 2008/57/EC, national legislation. This supervision should also cover the management by railway undertakings and infrastructure managers of the risks related to the interface with their suppliers (such as manufacturers, keepers and rolling stock leasing companies), in particular during the procurement of goods and services and their integration into the SMSs of railway undertaking and infrastructure managers
83.
The nature of the national safety authorities involvement in the use of a subsystem and its maintenance by a railway undertaking or infrastructure manager under the auspices of their SMS is of a supervisory nature. In particular national safety authorities should refuse to take the responsibility for meeting the essential requirements from the manufacturer/contracting entity or railway undertaking/infrastructure manager by specifying or explicitly checking and/or approving particular design solutions, maintenance requirements or corrective actions. The national safety authority should therefore focus on the appropriateness and suitability of the responsible actors management systems and should not act as ‘finished work inspector’ of the detailed outputs or decisions taken by these actors.
84.
If Member States consider introducing urgent measures as a consequence of accidents or incidents, they should recognise that the safety management system of the railway undertaking is the primary mechanism for managing new risks to the operation of vehicles that may have been discovered in the course of accident/incident investigations or findings in the context of supervision. Even if a Member State believes that a new rule for authorising the placing in service is urgently required, it should follow the procedures specified in applicable Union legislation, including notification of the draft new rule to the Commission under Directive 98/34/EC of the European Parliament and of the Council(11) or 2004/49/EC.
TESTING
85.
The only tests that may be required for authorisation, which have to be performed before the authorisation for placing in service and which require the involvement of an assessment body, should be the tests which are:
— explicitly specified in the TSIs, modules, and, where relevant, in national rules,
— defined by the applicant for demonstrating the compliance with the requirements of the TSIs and/or national rules,
— defined in other EU legislation, or
— defined by the applicant, in accordance with the application of CSM RA as described in recommendation 41.
86.
The involvement of the notified bodies and/or designated bodies in the verification of compliance with essential requirements is specified by the relevant TSIs and, respectively, national rules.
87.
Tests not covered by recommendation 85 (e.g. tests needed by a railway undertaking to establish train-route compatibility before using a vehicle type or new subsystem on a particular route, or by a contracting entity to establish compliance with customer requirements) are not part of the authorisation for placing in service.
88.
If on-track testing is to be carried out in order to verify conformity with requirements for authorisation before authorisation for placing in service has been given by the national safety authority, then any operational and organisational arrangements for carrying out these tests should be defined in each Member State's national legal framework and shall comply with Directives 2008/57/EC and 2004/49/EC. These should cover both the administrative arrangements and any mandatory technical and operational requirements. In general, Member States may adopt either of two approaches:
— The Member State may include testing competence in a railway undertaking's safety certificate. This can be to the extent that a testing body may be certified as a railway undertaking with its scope of operation confined to only testing.
— The Member State may require a competent entity (which may or may not be the national safety authority) to give permission to carry out tests. In this case the competent entity (in the absence of verification of conformity with requirements for authorisation by a notified body or designated body) must have sufficient depth of technical knowledge to make such decisions. To fulfil the requirements for transparency and legal certainty, the Member State must ensure that the entity is suitably independent and publish the process for authorising testing in its national legal framework making clear its requirements and the decision criteria to be used by the competent entity for granting authorisation to test.
89.
The infrastructure managers have a direct role in the context of facilitating the authorisation process. In the case of additional tests required by a national safety authority, Article 23(6) of Directive 2008/57/EC requires that ‘the infrastructure manager, in consultation with the applicant, shall make every effort to ensure that any tests take place within 3 months of the applicant's request’.
TECHNICAL FILE
90.
According to Article 18 and Annex VI to Directive 2008/57/EC, an ‘EC’ declaration of verification for a subsystem should be accompanied by a technical file, including the documentation describing the subsystem, the documentation resulting from the verifications carried out by different assessment bodies and the documentation of the elements relating to the conditions and limits of use and to the instructions concerning servicing, constant or routine monitoring, adjustment and maintenance. The technical file accompanying the EC declaration of verification includes all supporting documents needed for the authorisation for placing in service.
91.
A vehicle or network project is covered by the technical file (s) accompanying the EC declaration of verification of the subsystems(s) it is composed of.
92.
Several assessment bodies may need to intervene in the verification process of a subsystem, each of them according to their scope of competence. The applicant should be held responsible for gathering all files required by all applicable EU legislation. The combination of these technical files, complimented by any other information required by EU legislation (including the items specified in Annex VI 2.4 to Directive 2008/57/EC), is referred to as technical file accompanying the ‘EC’ declaration of verification for the subsystem.
93.
The applicant for a type authorisation or an authorisation for placing in service of a vehicle should produce the documentation to be submitted for authorisation.
This documentation should include the technical file accompanying the EC declaration of verification compiled by the applicant for that subsystem.
In the case of a vehicle consisting of two subsystems, the documentation to be submitted for authorisation should include the two technical files accompanying the ‘EC’ declaration of verification of these two subsystems.
Pending the adoption of a recommendation by the Commission describing the content of the documentation to be submitted by the applicant, a Member State may allow that only a part of the technical file(s) accompanying the ‘EC’ declaration of verification is included in the documentation accompanying the application for authorisation of a vehicle or vehicle type. This should be clearly indicated in the national legal framework of the Member State published on the website of the European Railway Agency.
The technical file accompanying the ‘EC’ declaration of verification for a vehicle, vehicle type or subsystem should include all the information listed in Annex V and the documentation supporting the ‘EC’ declaration(s) of verification (e.g. the certificate(s) of verification and the technical files established by the notified and designated body(ies), calculation notes, records of the tests and examinations carried out, and technical characteristics to be recorded according to applicable TSIs and national rules). Information from the technical file accompanying the ‘EC’ declaration of verification which is not contained in the documentation submitted for authorisation should be made available to the relevant national safety authority on request.
The documentation accompanying the first authorisation for placing in service of a vehicle is to be submitted to the national safety authority at the time of authorisation and kept by the national safety authority as a record of what was authorised.
94.
Where the suggestion included in recommendation 21 is followed, recommendation 93 should apply,
mutatis mutandis
, to the documentation to be submitted for authorisation of a network project and the technical files accompanying the relevant EC declaration of verification(s).
95.
The applicant for an additional authorisation for placing in service of a vehicle should add to the original technical file accompanying the ‘EC’ declaration of verification the information required in Article 23(3) or 25(3) of Directive 2008/57/EC; this additional information is part of the information to be submitted to the national safety authority. The applicant should however preserve the structure of the technical file accompanying the ‘EC’ declaration of verification.
96.
The part of the technical file accompanying the ‘EC’ declaration of verification defining ‘all the elements relating to the conditions and limits of use and to the instructions concerning servicing, constant or routine monitoring, adjustment and maintenance’ should be made available, for network projects, to the infrastructure manager and, for vehicles, to the railway undertaking operating the vehicle so that they may provide it to the ECM. For vehicles, this transmission of the information contained in the technical file accompanying the ‘EC’ declaration of verification may be done via the keeper of vehicles. After the placing in service it is the responsibility of the railway undertaking or infrastructure manager in conjunction with an ECM, to continuously review maintenance interventions and amend this information to ensure that it reflects the duty cycle and return of experience (Articles 4 and 9 of Directive 2004/49/EC).
97.
The technical file accompanying the ‘EC’ declaration of verification should include the information needed to manage the design operating state of the vehicle or network project throughout its lifecycle.
98.
The technical file accompanying the ‘EC’ declaration of verification should be updated if additional verifications are carried out (e.g. verification of conformity with national rules for obtaining additional authorisation for placing in service). In the case of an additional authorisation, the applicant should inform the national safety authority that issued the first authorisation.
‘EC’ DECLARATION OF VERIFICATION
99.
According to Article 15 of Directive 2008/57/EC and Article 4(3) and (4) of Directive 2004/49/EC, it is the responsibility of the railway undertakings or infrastructure managers to ensure that a vehicle or subsystem meets all the essential requirements when it is in use. This is without prejudice to the responsibility of the other players involved (e.g. the responsibilities of the signatory of the ‘EC’ declaration of verification). Each manufacturer, maintenance supplier, wagon keeper, service provider and procurement entity must ensure that rolling stock, installations, accessories and equipment and services supplied by them comply with the essential requirements and that the conditions for use are specified in the technical file accompanying the EC declaration of verification so that they can be safely put into operation by the railway undertaking and/or infrastructure manager.
100.
The responsibility for ensuring that the essential requirements of all applicable EU legislation are fully met in every detail by the subsystems in their design operating state at authorisation rests only with the applicant for authorisation of a subsystem, who issues the ‘EC’ declaration of verification. On the basis of the verification by the notified body or designated body and, where applicable, an overall assessment of the subsystem or vehicle, the applicant declares that all essential requirements are fulfilled. Therefore, if the compliance of the subsystem in its design operating state with the essential requirements at the time of authorisation is called into question at a later stage, the applicant, who has signed the relevant ‘EC’ declaration of verification should be considered as bearing the primary responsibility.
101.
As a consequence, neither a type authorisation nor an authorisation for placing in service should be considered as handover of the responsibility to ensure or verify that the subsystem meets all essential requirements from the applicant to the authorising national safety authority.
102.
If the compliance with the essential requirements of a subsystem in its design operating state is called into question, the authorising national safety authority should only be held accountable for the specific tasks allocated by Article 16 of Directive 2004/49/EC to the authorising or supervising national safety authority. The national law should reflect this principle in line with recommendations 58 to 62 and 67.
103.
Independently from the verification of compliance with TSIs and national rules and the verification of safe integration carried out under Article 15(1) of Directive 2008/57/EC, the applicant signs the ‘EC’ declaration of verification on his sole responsibility. Therefore, the applicant should have a process in place to make sure that it has captured and fulfilled all the essential requirements and complied with all applicable EU legislation.
104.
Although the CSM RA was originally not developed for that purpose, the applicant may choose to use the methodology in the CSM RA as a tool to fulfil part of his responsibility to ensure that all parts of the subsystem/vehicle meet in all respects and in every detail the essential requirements for the railway system set out in Annex III to Directive 2008/57/EC.
105.
Equally, the applicant may choose to use any other means allowed by the relevant legislation to ensure that all parts of the subsystem or vehicle meet the essential requirements for the railway system.
106.
The ‘EC’ declaration of verification covers all applicable EU legislation. It is the responsibility of the signatory of the ‘EC’ declaration to comply with that legislation, including the corresponding conformity assessment and to involve, where necessary, assessment bodies required by that legislation.
107.
In the case of an authorisation relating to vehicles or a network project consisting of more than one subsystem:
(a) there may be more than one applicant (one for each subsystem), each establishing an ‘EC’ declaration of verification for his part including its interfaces. In this case each applicant takes responsibility for the relevant subsystem in accordance with the scope of his ‘EC’ declaration of verification. A manufacturer or contracting entity may combine these two declarations in an application for a vehicle or network project;
(b) the manufacturer or contracting entity for the vehicle type, individual vehicle or network project may combine the ‘EC’ declarations of verification for each subsystem, as described in Annex V to Directive 2008/57/EC, into a single ‘EC’ declaration of verification for the vehicle type, individual vehicle or network project. In this case he declares on his sole responsibility that the subsystems comprising the vehicle type, individual vehicle or network project concerned have been subject to the relevant verification procedures, and satisfy the requirements of the relevant European Union legislation including any applicable national rules and that the vehicle or network project itself therefore satisfies the requirements of the relevant European Union legislation including any applicable national rules.
108.
To the end of establishing an ‘EC’ declaration of verification, the relevant TSIs may allow partial conformity to a TSI only if the TSI itself provides that specific functions, performances and interfaces required to fulfil the essential requirements are not mandatory in specific circumstances.
109.
Only when all the preceding evidence and declarations have been compiled is the applicant in a position to formally apply to the competent national safety authority for an authorisation for placing in service of the subsystem. However it is recognised as a good practice for applicants to engage informally with national safety authorities as early as possible so that the process, requirements, roles and responsibilities, scope of application and limitations and conditions of use are clear and that there are no difficulties at a later stage.
MANAGEMENT OF MODIFICATIONS
110.
Concerning the application of Articles 5(2), 15(3) and Article 20 of Directive 2008/57/EC, any modification of an existing structural subsystem should be analysed and categorised as only one of the following modifications:
1.
‘Substitution in the framework of maintenance’ and other changes that do not introduce a deviation from the technical file accompanying the ‘EC’ declaration of verification. In this case there is no need for verification by an assessment body, the Member State does not need to be informed, and the initial ‘EC’ declaration of verification remains valid and unchanged;
2.
Changes that introduce a deviation from the technical file accompanying the ‘EC’ declaration of verification which may require new checks (and therefore require verification according to the applicable conformity assessment modules) but do not have any impact on the basic design characteristics of the subsystem. In this case, the technical file accompanying the ‘EC’ declaration of verification needs to be updated, and the relevant information should be made available upon request by the national safety authority;
3.
Renewal or upgrading (i.e. a major substitution or change that requires informing the Member State) which do not require a new authorisation for the placing in service; modifications that include a change in the basic design characteristics of the subsystem fall into this category;
4.
Renewal or upgrading (i.e. a major substitution or change that requires informing the Member State) which require a new authorisation for placing in service.
It should be noted that decisions by a contracting entity or manufacturer on the changes of a subsystem based on the four categories above must be completely independent from the decision on the significance of a change in the meaning of the CSM RA to the railway system to be made by a railway undertaking or infrastructure manager making a change to their part of the system. The decisions involve different actors in different circumstances with different decision criteria.
Categories 3 and 4 above introduce a deviation from the technical file accompanying the ‘EC’ declaration of verification with an impact on the basic design characteristics of the subsystem.
111.
For both subsystems placed in service according to Directive 2008/57/EC and subsystem placed in service earlier for the sake of legal certainty and mutual recognition the TSIs should provide criteria to determine if a modification has an impact on the basic design characteristics of the subsystem and if it fits into category 3 or 4. Until the TSIs provide these criteria, Member States may specify them on national level.
112.
The modification should always be considered by reference to the subsystem or vehicle at the moment of authorisation. An accumulation of minor modifications may result in a major modification.
113.
The manufacturers or contracting entities should manage modifications to existing structural subsystems on the basis of the following:
(a) On the basis of recommendation 110, the manufacturer or contracting entity evaluates to which category the change belongs and whether the conformity assessment bodies or Member State authorities need to be informed. In the event of modifications of categories 2 to 4 of recommendation 110 resulting in an amendment of the technical file accompanying the ‘EC’ declaration of verification or affecting the validity of the verifications already carried out, the manufacturer or contracting entity, when introducing a change, should assess the need of a new ‘EC’ declaration of verification according to the criteria defined in paragraph 2 of Annex V to Directive 2008/57/EC(12). For modifications in category 4, the Member State should decide to what extent the TSIs need to be applied to the project.
(b) Where the use of the CSM RA is required by a TSI for a particular parameter, the TSI should specify the circumstances in which a significance test is to be carried out in respect of this parameter.
(c) Similarly, for parameters which are relevant to perform the safe integration as part of authorisation according to recommendation 40 above, a significance test should be carried out for each parameter taking account of the extent of the change concerning the design operating state.
114.
Railway undertakings and infrastructure managers are each responsible for their part of the railway system. In accordance with Article 4 of Directive 2004/49/EC, they should manage their part of the railway system using an SMS. The SMS should, where appropriate, make use of the CSM RA.
115.
When a railway undertaking or infrastructure manager brings a vehicle or subsystem into use, it must use the CSM RA starting with an assessment of the significance of the change to the part of the railway system for which it is responsible. As part of this process, railway undertakings and infrastructure managers should address the following questions:
(a) concerning vehicles or subsystems to be brought (back) into use after modification and, where required, authorisation: railway undertaking and infrastructure managers should assess using their SMS whether the bringing into use of the vehicle or subsystem represents a change which is significant for the railway system as a whole;
(b) concerning any change to the operation of a subsystem or vehicle: railway undertaking and infrastructure managers should assess whether the change is significant in respect to their SMS and, if it is significant, whether the control of all relevant risks is covered by the SMS or the SMS needs to be adapted;
(c) concerning any changes to the maintenance of a subsystem or vehicle: railway undertakings and infrastructure managers should assess using their SMS whether the change is significant and if it significant ensure that the systems of maintenance of ECMs and SMS of the railway undertaking and infrastructure manager are appropriately adapted.
116.
The national safety authorities should supervise the changes introduced in the subsystems in service through the supervision of the safety authorisations and safety certificates of the infrastructure managers and railway undertakings respectively. For this the national safety authorities should supervise if indent (a), (b) and (c) of recommendation 115 is applied correctly.
117.
Recommendation 2011/217/EU is repealed.
This Recommendation is addressed to the Member States.
Done at Brussels, 5 December 2014.
For the Commission
Violeta BULC
Member of the Commission
(1) Directive 2008/57/EC of the European Parliament and of the Council of 17 June 2008 on the interoperability of the rail system within the Community (
OJ L 191, 18.7.2008, p. 1
).
(2) Directive 2004/49/EC of the European Parliament and of the Council of 29 April 2004 on safety on the Community's railways and amending Council Directive 95/18/EC on the licensing of railway undertakings and Directive 2001/14/EC on the allocation of railway infrastructure capacity and the levying of charges for the use of railway infrastructure and safety certification (Railway Safety Directive) (
OJ L 164, 30.4.2004, p. 44
).
(3) Commission Recommendation 2011/217/EU of 29 March 2011 on the authorisation for the placing in service of structural subsystems and vehicles under Directive 2008/57/EC of the European Parliament and of the Council (
OJ L 95, 8.4.2011, p. 1
).
(4) Commission Implementing Regulation (EU) No 402/2013 of 30 April 2013 on the common safety method for risk evaluation and assessment and repealing Regulation (EC) No 352/2009 (
OJ L 121, 3.5.2013, p. 11
).
(5) Directive 2008/57/EC sets out in Annex III the essential requirements for the rail system (Article 3(1)). These requirements are specific to the rail sector. The rail system, the subsystems, the interoperability constituents, and all interfaces must meet these essential requirements (Article 4(1)). Meeting the essential requirements is a prerequisite before a structural subsystem can be placed in service. Compliance with the essential requirements of Directive 2008/57/EC is without prejudice of the application of other EU provisions (Article 3(2)).
(6) The territory of a Member State may include one or more railway networks.
(7) Directive 2001/14/EC of the European Parliament and of the Council of 26 February 2001 on the allocation of railway infrastructure capacity and the levying of charges for the use of railway infrastructure and safety certification (
OJ L 75, 15.3.2001, p. 29
).
(8) Commission Regulation (EC) No 352/2009 of 24 April 2009 on the adoption of a common safety method on risk evaluation and assessment (
OJ L 108, 29.4.2009, p. 4
). This Regulation will be repealed and replaced as of 21 May 2015 by Implementing Regulation (EU) No 402/2013.
(9) This will be replaced by Article 15(5) of the Implementing Regulation (EU) No 402/2013, which shall apply from 21 May 2015.
(10) Commission Regulation (EU) No 1078/2012 of 16 November 2012 on a common safety method for monitoring to be applied by railway undertakings, infrastructure managers after receiving a safety certificate or safety authorisation and by entities in charge of maintenance (
OJ L 320, 17.11.2012, p. 8
).
(11) Directive 98/34/EC of the European Parliament and of the Council of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations (
OJ L 204, 21.7.1998, p. 37
).
(12) See separate proposal to amend Annex V to Directive 2008/57/EC.
Feedback