Plane

What EASA Part 145 Actually Demands From Your MRO Software in 2026

Regulation (EU) No 1321/2014, Annex II — Part-145 — does not mention software once. It doesn’t need to. Part-145 was written to regulate an organisation’s processes, records, and personnel controls, and it was written to be technology-neutral. That neutrality is exactly why so many Approved Maintenance Organisations end up with software that stores the right documents without actually enforcing the obligations behind them. A system can hold a certifying staff’s licence scan, a completed work card, and an EASA Form 1 without ever checking whether that certifying staff member was authorised, current, and qualified for that specific task on that specific date. Storage is not compliance. The distinction matters more in 2026 than it has in years, because Part-145 itself has changed.

The Regulatory Baseline Has Moved

Regulation (EU) 2021/1963 amended Part-145 to require AMOs to implement a management system encompassing safety and quality functions together, with a formal transition deadline of 2 December 2024. That transition is now fully in force across the industry, and it changed what “compliant” means in practice. Occurrence reporting under 145.A.60, safety and quality policy under 145.A.65, and the organisation’s management system now sit inside the same regulatory expectation as the technical records that MRO software has always been built around. Software evaluated against the old Part-145 checklist — certifying staff records, work orders, component release documentation — is being evaluated against half the requirement.

Certifying Staff: Authorisation, Not Just a Filed Licence

145.A.30 sets out personnel requirements, and it is more specific than most software treats it. Certifying staff must hold a valid EASA Part-66 licence in the appropriate category — A, B1, B2, B3, or C — or, for organisations using the Appendix IV derogation, an equivalent qualification assessed and authorised directly by the organisation. Category C certifying staff sign the final release to service on base maintenance, having reviewed the work of the B1 and B2 staff who performed and certified the underlying tasks. Recurrent training, including human factors, is required on a defined cycle, and competence must be reassessed, not merely assumed to persist because the licence hasn’t expired.

Software that “actively supports” this requirement, rather than passively storing it, does several specific things a static record system does not:

  • Prevents a certificate of release to service from being issued against a certifying authorisation that has lapsed, been suspended, or never covered that aircraft type or task.
  • Flags recurrent and human factors training gaps before they become a finding, not after an auditor cross-references a training matrix against a roster.
  • Maintains authorisation scope at the individual level — task, aircraft type, and category — rather than a single blanket “certifying staff” flag that says nothing about what that person is actually authorised to sign.

A spreadsheet can hold a licence expiry date. It cannot stop a work order from being released against an authorisation that no longer applies. That distinction is the entire difference between record-keeping and compliance enforcement.

Work Order Traceability: The Full Chain, Not the Final Signature

145.A.55 sets minimum record-keeping requirements, and the standard practical retention benchmark applied across most Part-145 organisations is a minimum of three years from the date the aircraft or component was released to service. But the record that satisfies an auditor isn’t a single signature at the end of a job — it’s the unbroken chain from work card to parts used to certifying signature to release.

That chain includes the work card or worksheet system itself, evidence that maintenance data used was current and applicable (145.A.45), tool and equipment calibration records under 145.A.40 — every torque wrench and multimeter needs a current, traceable calibration certificate — and component eligibility evidence under 145.A.42, typically an EASA Form 1 or accepted equivalent confirming the part’s release basis before installation. When an auditor asks for the full history behind a single release to service, software should be able to reconstruct every link in that chain in the time it takes to run a query, not the time it takes to open four different systems and cross-reference by hand.

This is precisely where fragmented environments fail. Work cards live in one system, parts eligibility documentation in another, calibration records in a spreadsheet a quality manager maintains separately. Each piece exists. None of them are connected to the others in a way that produces a single retrievable chain, which is the actual definition of traceability Part-145 is built around.

The MOE Has to Match What the Software Actually Does

145.A.70 requires every AMO to maintain a Maintenance Organisation Exposition describing its procedures, and 145.A.65 folds the organisation’s safety and quality management system into that same exposition. Software that requires manual workarounds to match the organisation’s approved procedures creates a quiet but serious risk: the MOE describes one process, and the system in daily use enforces a different one. Auditors test for exactly this gap, because it is one of the most common ways organisations drift out of compliance without anyone deciding to let it happen. Configurable workflows that mirror the approved MOE — rather than forcing the organisation to adapt its procedures to the software’s fixed logic — keep the exposition and the operational reality aligned.

Subcontracting adds another layer. Under 145.A.75, when maintenance is subcontracted, the certificate of release to service is still issued under the parent organisation’s approval, by a certifying authorisation the parent organisation has granted. Software needs to track that authorisation explicitly — who granted it, what scope it covers, and how the resulting release traces back to the accountable organisation — rather than treating a subcontractor’s signature as equivalent to an in-house one.

The Quality System Is Not a Separate Checkbox

145.A.65(c) requires the organisation to maintain a quality system with independent internal audits, managed by a quality or compliance function distinct from the people doing the maintenance work being audited. In practice, this means the software’s compliance data can’t just serve the engineers performing the work — it has to serve an internal auditor checking that work independently, on a defined schedule, without relying on the same people to mark their own record complete.

This is a subtle but important distinction when evaluating platforms. A system that lets a certifying engineer close their own work order, mark their own training current, and self-report their own occurrence is not wrong, exactly — it’s simply missing the separation of duties that 145.A.65(c) is built around. Independent audit access, role-based visibility that distinguishes who performed a task from who verifies it, and a schedule of internal audits that the system itself can track and flag as overdue are what turn a maintenance database into something a quality manager can actually rely on during their own internal reviews — the same reviews an NCA inspector will ask to see evidence of.

For Organisations Holding Approvals Beyond EASA

Many AMOs don’t operate under a single regulatory framework. An organisation approved under EASA Part-145 may also hold FAA or GCAA approvals to service aircraft registered under those authorities, each with its own certifying staff qualification standard, its own record retention expectation, and its own release documentation format. Software built narrowly around one authority’s rules tends to force these organisations into parallel manual systems — one for EASA work, another for FAA-registered aircraft, reconciled by a compliance manager who becomes the only person who actually understands how the two frameworks interact for a given tail number.

The more resilient approach is a certifying staff and release-documentation model that can hold multiple authorisation frameworks per individual and per aircraft simultaneously — tracking that a technician is Part-66 licensed for EASA work and separately authorised under an FAA equivalent, without collapsing the two into a single generic “qualified” flag that obscures which authority’s rules actually apply to which task. For AMOs serving mixed-authority customers, this isn’t a nice-to-have. It’s the difference between a system that reflects regulatory reality and one that quietly assumes it away.

What This Means When Evaluating Software

The practical test for any MRO software claiming Part-145 alignment is straightforward: ask it to produce, on demand, the full traceable chain behind a single certificate of release to service — certifying staff authorisation, work card completion, parts eligibility, tool calibration, and the safety/quality sign-off — without manual reconstruction. If that takes a query instead of a project, the system is enforcing Part-145, not just storing the paperwork it requires.

AircraftCloud MRO is built around exactly this chain, connected to CAMO compliance data and Safety & QMS workflows so that certifying staff authorisation, work order history, and occurrence reporting sit in one auditable environment rather than four disconnected ones. Directive and bulletin compliance evidence feeding into that same chain is handled by ADSmartFlow, giving auditors a single traceable path from applicable directive through to certified release.

Want to see the full compliance chain in a live system? Request a Demo with AircraftCloud.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top