Who does ICAO Annex 19 Edition 3 apply to?

It applies to airlines, Part-145 MROs, CAMOs, and other aviation service providers already required to have an SMS. It also newly captures RPAS operators authorised to conduct international operations, the maintenance organisations serving them, and certified heliport operators. For existing SMS holders, Edition 3 raises the standard of what compliance requires rather than introducing a new obligation.

What will EASA inspectors look for under ICAO Annex 19 Edition 3?

EASA inspectors already evaluate SMS using the Management System Assessment Tool (MSAT), which assesses maturity on a four-stage scale: present, suitable, operating, and effective. Under Edition 3 aligned oversight, inspectors will look for measurable safety performance indicators, trend data connected to management decisions, traceable CAPA chains from report to closure, and evidence that the SMS is actively shaping how the organisation operates rather than just existing on paper.

What is the EASA SMS compliance deadline for Part-145 organisations?

EASA Part-145 maintenance organisations were required to have SMS in place under EU Regulation 2021/1963 by December 2, 2024. ICAO Annex 19 Edition 3 becomes formally applicable on 26 November 2026, raising the standard for what that SMS must demonstrate in terms of operational effectiveness and safety performance.

What is the difference between a documented SMS and an operational SMS?

A documented SMS has the right procedures, policies, and risk matrices in place on paper. An operational SMS is one where safety data flows continuously — reports feed into a live risk register, CAPAs are tracked and closed with evidence, management receives meaningful safety performance data in real time, and trend analysis surfaces patterns before they become incidents or findings. ICAO Annex 19 Edition 3 requires the operational version.

What aviation SMS software supports ICAO Annex 19 Edition 3 compliance?

REDiFly SMS is aviation safety management software built for aircraft operators and Part-145 organisations. It connects reporting, risk management, compliance audits, and management of change in one system, designed to produce the connected, traceable safety performance data that Edition 3 and EASA performance-based oversight now require.

ICAO Annex 19 Edition 3: What It Means for Your Aviation SMS Before November 2026

Q: What is ICAO Annex 19 Edition 3?

ICAO Annex 19 Edition 3, known as Amendment 2, is the most significant update to the international standard for aviation safety management since 2013. Adopted in June 2025 and applicable from 26 November 2026, it shifts the compliance standard from having an SMS to demonstrating it is operationally effective. Organisations must now show their SMS is actively generating safety intelligence, measurable performance data, and influencing operational decisions.

If you’re responsible for safety management at an airline, Part-145 MRO, or CAMO, you’ve probably already heard that ICAO Annex 19 has been updated. The third edition was adopted in June 2025, became effective in November 2025, and reaches its formal applicability date on 26 November 2026.

What you may not have heard, or at least not had spelled out clearly, is what it actually means for how your aviation safety management system needs to operate between now and then. Because this isn’t a documentation update. It’s a fundamental change in what regulators will expect to see when they walk through your door.

What Is ICAO Annex 19 Edition 3 and What Changed in 2026?

ICAO Annex 19 is the international standard for aviation safety management. Published by the International Civil Aviation Organization, it defines the framework that States and aviation service providers — airlines, MROs, CAMOs, aerodromes, and others — are required to follow when implementing a Safety Management System.

The third edition, known formally as Amendment 2, is the most significant update since the Annex was introduced in 2013. Previous editions defined what an SMS needed to contain. The third edition raises the bar by defining how well it needs to work.

The core change for operators and maintenance organisations: ICAO has moved away from a compliance-based model, where having the right procedures documented was broadly sufficient, toward a performance-based, intelligence-driven one, where organisations must show their SMS is actively functioning, generating useful data, and influencing real decisions. To support this, ICAO has published a new Safety Intelligence Manual, Doc 10159, with structured guidance on how organisations should collect, analyse, and act on safety data day to day.

Put simply: the third edition doesn’t just ask whether you have an SMS. It asks whether it’s working.

The Change That Actually Matters

Most of the commentary around ICAO Annex 19 Edition 3 has focused on expanded applicability — RPAS operators, certified heliports, and so on. That matters for those sectors, but for aircraft operators and Part-145 organisations who already have an SMS requirement, the more important shift is subtler and considerably more demanding.

ICAO has moved the standard for a compliant SMS from having one to proving it works.

The third edition puts formal weight on safety intelligence, measurable safety performance indicators (SPIs), and the ability to show that your SMS is actively shaping decisions across the organisation, not just sitting in a manual on a shared drive. Doc 10159 makes the direction clear: organisations need to move beyond collecting safety data toward making sure it’s trustworthy, contextualised, and actually acted on.

Your SMS needs to show its work.

EASA has been heading this way for a while. Their Management System Assessment Tool, the framework EASA inspectors use when they evaluate your SMS, states directly that “being compliant with the requirement does not necessarily mean being safe” and that assessors must look at the difference between compliance and performance. That’s not new language. But the November 2026 deadline gives it real teeth for organisations that still haven’t closed that gap.

Under current EASA SMS requirements, this assessment is already happening. The MSAT framework is the live benchmark, not a future consideration — evaluating systems on a four-stage scale: present, suitable, operating, and effective.

What "Operational" Actually Looks Like

There’s a distinction that comes up constantly in the safety world: the gap between a documented SMS and an operational one.

A documented SMS ticks the right boxes on paper. If an auditor shows up and asks to see the manual, you can hand it over.

An operational SMS is something different. It’s one where frontline staff are actually submitting reports — regularly, confidently, without friction. Where hazards flow from those reports into a live risk register. Where CAPAs are assigned, tracked, and closed with evidence. Where management is getting meaningful safety data and doing something with it. Where, if an inspector asks to see how a specific hazard evolved over the past six months, you can pull that up in five minutes, not spend an afternoon piecing it together from three different spreadsheets.

Under ICAO Annex 19 Edition 3, the second version is what’s required. And here’s the uncomfortable question: if you’re running your SMS on spreadsheets, shared folders, and email chains, which version do you actually have?

Why Your Current Tools May Be the Problem

This is where the conversation tends to get a bit uncomfortable.

Spreadsheets and email-based safety management don’t fall short because the people running them aren’t capable or committed. They fall short because the tools themselves make a genuinely operational SMS impossible to sustain. We’ve looked at the hidden administrative burden of spreadsheet-based safety management before, but the Edition 3 deadline makes the stakes considerably higher.

Think about what actually happens day to day. A report arrives by email and sits in an inbox. The hazard doesn’t reach the risk register until someone manually moves it across. The CAPA lives in a separate document with no reminders, no escalation, no automatic trail. The audit record, who approved what, when, and why, exists only if someone remembered to save the right version of the right file at the right time.

Edition 3 asks organisations to demonstrate defined SPIs, alert thresholds, trend analysis, and evidence of management review cycles. You can’t produce that reliably from a fragmented, manual system. Most aviation SMS software built around disconnected tools simply wasn’t designed for this kind of joined-up output, and the administrative effort required to fake it is more than most lean safety teams can absorb.

EASA’s own inspector framework puts it clearly: being compliant with the requirement does not necessarily mean being safe, and that’s the standard assessors are now formally applying. Demonstrated effectiveness is the bar, not documented intent.

Add Your Heading Text Here

There’s another dimension to this that the regulatory guidance doesn’t spell out directly, but that anyone who’s been doing this job for more than a year already knows.

Performance-based SMS only works if people are reporting.

ICAO’s safety intelligence framework assumes your organisation is generating a meaningful, consistent flow of data — occurrence reports, near-miss observations, hazard identifications — that can be analysed for trends. If your frontline staff aren’t reporting, there is nothing to analyse. You’re measuring silence, not safety.

Reporting culture is shaped by leadership, trust, Just Culture, and how people feel their reports will be used. ICAO Annex 19 Edition 3 strengthens the requirements around protecting reporting sources and supporting Just Culture environments precisely because data quality depends entirely on whether people feel safe contributing to it. You can’t mandate that culture into existence. But you can make it easier or harder through the tools you put in front of people.

When submitting a report takes fifteen minutes, involves a clunky form, or disappears into an inbox with no visible outcome, people quietly stop doing it. Not because they don’t care, but because the process tells them it doesn’t matter. The organisations that hold up well under Edition 3 oversight will be the ones where reporting is genuinely frictionless, where the gap between a crew member noticing something and that observation reaching the safety system is as small as possible.

If your tools make reporting hard, you’re not just failing a usability test. You’re eroding the data foundation that Edition 3 now formally requires you to demonstrate.

What Regulators Will Actually Ask For

Here’s what demonstrating SMS effectiveness looks like in practice, because it’s more concrete than it might sound.

When an EASA inspector or national authority auditor sits down with your safety team, expect questions along these lines:

Can you show me how a specific hazard was identified, assessed, mitigated and closed, with timestamps and owners at each stage?
What are your current SPIs, and when I look at your last three management review records, will I find evidence that safety trends actually changed any operational decisions?
How does safety data from frontline reporting connect to decisions made at management level?
Can you give me examples of changes your organisation made as a direct result of SMS data, and show me the trail that led to that decision?

These aren’t gotcha questions. They’re reasonable expectations for any organisation that’s had an SMS requirement for several years. But they need connected, traceable, time-stamped data behind them, and the ability to pull that together quickly. If the answer involves an afternoon of spreadsheet consolidation while the inspector waits, that gap won’t go unnoticed.

The Clock Is Running

November 2026 isn’t far away. For many organisations, there’s one oversight cycle between now and that applicability date. If your aviation safety management system isn’t generating the kind of structured, traceable performance data Edition 3 expects, the time to sort that is now, not September when an audit is already in the diary.

EASA is realistic about this. Their guidance acknowledges that SMS maturity takes time and they’re not expecting perfection at the first inspection. What they are looking for is clear evidence the system is active, that data is being collected, acted on, and that the organisation can show improvement over time. That’s an achievable bar. But reaching it needs the right infrastructure, and putting that in place takes longer than most teams expect when they’re starting from scratch or migrating from spreadsheets.

A useful starting point for any lean safety team is an honest self-assessment, not against the ideal, but against what an inspector would actually find tomorrow. What could you demonstrate immediately? What would take time to pull together? What simply doesn’t exist yet in any traceable form?

How to Assess Your SMS Readiness for ICAO Annex 19 Edition 3

If you’re taking stock of your SMS in light of Edition 3, these are the questions that cut to it:

Can your team submit reports in the field, quickly and without friction? If it takes real effort, it won’t happen consistently enough to give you meaningful data.

Is your risk register live and connected to your reports? If hazards are sitting in an inbox before anyone touches them, you’re building exactly the kind of data gap Edition 3 oversight is designed to find.

Can you demonstrate CAPA traceability? Not just that actions were completed, but who owned them, when they were due, what changed, and how you verified it worked.

Can you export audit-ready evidence in minutes, not hours? If every inspection means reformatting spreadsheets, that’s a structural problem, not a capacity one.

Are your SPIs actually connected to your safety data? Or are they assembled manually from multiple places, slow to produce, easy to miss, and hard to defend under questioning?

Can you show that reporting sources are protected? Edition 3 puts real weight on Just Culture and data governance. Inspectors want to see that your system supports anonymous or confidential reporting where appropriate, and that how you handle that data reflects it.

If most of those answers are no, the issue isn’t how hard your team is working. It’s what they’re working with.

What the Right Infrastructure Actually Looks Like

It’s worth being specific about what that looks like in practice, because it maps closely to how we built REDiFly SMS.

On reporting: crews shouldn’t need to be at a desk, on the network, or searching for the right form. Reports should be submittable from a mobile device in a couple of minutes, with built-in risk scoring so what arrives in the system is already structured data, not unformatted text someone has to manually reclassify later. Anonymous reporting needs to be built in too, both for Just Culture reasons and because Edition 3 requires it.

On risk: individual reports are only one part of the picture. What Edition 3 is really asking for is a connected view where hazards from reports feed directly into a live risk register, mitigations are assigned to named owners with due dates, and residual risk is tracked over time rather than assessed once and forgotten. That’s not an advanced feature. That’s what a risk management system is for. Without it, you’re not managing risk. You’re logging it.

On compliance and audits: running audits in the same system that holds your safety data is what actually makes traceability work. When findings link to hazards and CAPAs link to findings, the whole chain is time-stamped and exportable. You’re not scrambling to prepare for an audit. You’re already ready. That difference matters a great deal when an inspector gives short notice.

On management of change: Edition 3 expects organisations to show that safety risk assessment is embedded in how they handle operational change, not just how they respond to incidents. A structured MoC process where changes are proposed, assessed, approved, and tracked with clear ownership is part of demonstrating that the SMS runs through the organisation rather than sitting in a corner of it.

The common thread is connection. What you need is aviation compliance software that ties these things together: reporting, risk, audits, and change management, rather than leaving safety teams to manually bridge four separate systems. Data that lives in one place, flows between functions, and can be pulled into an evidence pack at short notice is what Edition 3 oversight is built around. Systems that need manual assembly at every stage aren’t going to get you there consistently.

Add Your Heading Text Here

ICAO Annex 19 Edition 3 doesn’t redefine what good safety management looks like. Safety professionals have understood the gap between documented and operational SMS for a long time. It comes up at every conference, in every honest post-audit conversation.

What it does is attach a regulatory deadline to that gap. From November 2026, your SMS will be judged on whether it’s demonstrably effective, not just whether it exists. Whether data flows through it, not just into it. Whether it’s genuinely shaping decisions, not just recording what happened.

Most people reading this already know which side of that line they’re on. The ones who act on it now will find November manageable. The ones who leave it will find it arrives a lot faster than expected.

REDiFly SMS is aviation safety management software built for aircraft operators and Part-145 organisations. Reporting, risk, compliance and management of change in one connected system, designed around how safety teams actually work, and built to meet the performance-based oversight expectations of ICAO Annex 19 Edition 3 and EASA environments.

If you’d like to see how it works in practice, book a demo and we’ll walk you through it.