For years, MRO organisations have relied on a practical shortcut: a B1.1 licence holder signs the CRS for the entire work order because they "oversaw everything". EASA NPA 2026-03 formally and definitively ends this practice. If you haven't yet heard the phrase "scope at point of sign" – now is the time, because these changes will hit every Part-145 organisation still running on paper.
What is EASA NPA 2026-03?
Notice of Proposed Amendment 2026-03 is a formal EASA consultation document proposing amendments to Regulation (EU) 1321/2014 – the legal foundation for Part-66 (personnel licensing) and Part-145 (maintenance organisation approvals). Its primary goal is to eliminate ambiguity around certification scope: what exactly does a mechanic certify when they place their signature on a job card?
Key concept: Scope at point of sign
A certifying staff member certifies only tasks that: (a) they personally performed or directly supervised, (b) fall within their active Part-66 licence scope and type rating AS OF the date of CRS signature, and (c) were carried out in accordance with approved technical data available at the time of the work. None of these three conditions can be assumed – each must be documented.
What changes for small MRO and CAMO organisations?
- End of 'generic' CRS: When signing a Certificate of Release to Service, certifying staff must precisely indicate which work order items they are certifying and on what licence basis. A single CRS for an entire annual inspection without task-level itemisation will no longer pass scrutiny.
- Privilege snapshot: Every signature must be linked to the state of the licence and type ratings ON THE DATE of the task, not the date of the report. If a rating expired the week before the inspection but the mechanic signed anyway – that is already a finding.
- Technical data access verification: The organisation must demonstrate that the mechanic had access to current AMM, IPC, SB, and AD content at the exact time of the work – not 'roughly around that period'.
- Dual-sign and independent inspection: Independent inspections (Part-145.A.48) must be documented with a clear distinction between who performed the original task and who conducted the verification – with full privilege profiles of both individuals.
Why paper and spreadsheets won't cope
Imagine an authority audit. The inspector asks: "Show me what type ratings Mr. Smith held on 14 March at 10:32 AM when he signed job card 2024-127." With a paper-based system you begin searching through licence copy binders, personnel files, and training registers. It takes hours. And what if the rating was written in pencil and corrected? Or the licence copy carries a different date than the actual renewal?
Spreadsheets are even more problematic – Excel does not know you modified the file, and change history in typical workbooks is trivial to alter or accidentally delete. EASA is fully aware of this, which is precisely why NPA 2026-03 places strong emphasis on immutable records.
of small MRO organisations in the EU still use paper job cards as their primary documentation medium (EASA General Aviation Roadmap 2025)
How to prepare your organisation before the rules take effect
- Conduct a full privilege inventory of all certifying staff: list active type ratings, expiry dates, and licence categories. Check whether this information lives in one place or is scattered across multiple files.
- Verify your technical data access procedures: can your system prove that a mechanic had access to the current AMM on a specific date? 'We had a subscription' is not sufficient evidence.
- Review your CRS templates for granularity: do they reference specific tasks and ATA chapters, or are they generic?
- Assess whether your current system (paper, Excel, email) can produce an immutable audit trail – one where every change is logged with a timestamp and author and cannot be retroactively altered.
How cuervo.aero addresses 'scope at point of sign'
The cuervo.aero platform was designed with this exact scenario in mind – before NPA 2026-03 was even published. Every signature in the system is 'frozen' as a snapshot: we record exactly which licence, which type ratings, and which privileges the mechanic held at the precise second they clicked 'Sign'. This record cannot be edited – it is a cryptographically immutable entry.
Privilege snapshot in practice
When a mechanic closes a job card in cuervo.aero, the system automatically: (1) validates active type ratings against the aircraft type, (2) checks OJT/type training currency, (3) stores a snapshot of all privileges as a separate, non-modifiable record linked to the signature. Reconstructing the exact state from any past date during an audit takes literally 3 clicks.
When will the rules come into force?
NPA 2026-03 is currently in the consultation phase – the comment period closed in March 2026. Based on the EASA rulemaking schedule, the final Opinion is expected in Q3/Q4 2026, with national implementation (AMC/GM) following in 2027. That sounds like plenty of time, but implementing a digital system, migrating personnel data, and training your team takes a minimum of 3–6 months. Organisations that begin in Q3 2026 will have a comfortable margin. Those starting in Q1 2027 will be in a rush.
Compliance is not a project. It is a continuous process. The most expensive audit findings are the ones that were predictable a year in advance.Przemysław Tarapacki, Founder of cuervo.aero
Summary: 3 things to do right now
- Download and read NPA 2026-03 from the EASA document library (easa.europa.eu/document-library). It is 40 pages, but sections 3.2 and 4.1 are the most critical for your organisation.
- Identify the gap: compare the NPA requirements against your current CRS documents and job cards. How many signatures from the past year do NOT meet the 'scope at point of sign' criterion?
- Evaluate your tools against the immutable audit trail requirement. If anyone can edit a signature date in your current system – you have a problem.