EU Regulation 2025/920 became applicable from 1 September 2025 across every EU member state, introducing the most significant structural change to EU air cargo security in over a decade. The regulation introduced a new Established Business Relationship requirement that fundamentally changed the rules under which regulated agents can accept cargo as secure. It introduced new mandatory data fields on air waybills covering all parties in the shipment chain. It removed recognition of several non-EU airports previously deemed to apply equivalent aviation security standards, meaning cargo from those points now requires full EU security controls before loading. And it tightened the known consignor validation process, requiring on-site verification by an EU-approved aviation security validator rather than self-certification. For businesses shipping goods by air to the EU, and for freight forwarders acting as regulated agents in the EU supply chain, EU air cargo security 2026 compliance is no longer optional and enforcement is already active. This guide explains what changed, who is affected, what the consequences of non-compliance are, and the four actions every exporter and freight forwarder must complete to stay in the secure supply chain.
In Plain Language: Why the Rules Changed in September 2025
The background to EU air cargo security 2026 starts with the 2010 parcel bomb incidents, where devices were transported as air cargo from Yemen and intercepted at airports in the Middle East and Europe, triggered the EU’s current air cargo security framework. Until February 2012, security requirements applied only to cargo loaded at EU airports. The framework was progressively extended to non-EU airports carrying cargo into the EU, requiring airlines operating those routes to achieve ACC3 designation, meaning Air Cargo or Mail Carrier operating into the EU from a Third Country. The 2025 regulation tightens the framework in three specific areas where practical compliance had lagged: who can accept cargo as secure, what information must travel with every shipment, and which non-EU origins are trusted enough to contribute to the EU secure supply chain without additional screening.
EU Air Cargo Security 2026: Three Changes Every Shipper Must Know
Change 1: The Established Business Relationship Requirement
Under EU Regulation 2025/920, regulated agents can only accept cargo as secure from a consignor if they have an Established Business Relationship (EBR) with that consignor. The EBR must have been established or re-validated under the new rules, and must be documented with specific information that the regulated agent has obtained and retained from the shipper or consignor:
- Name (of the natural person or company)
- Full address
- Phone number
- Email address
- Payment information: bank account number or traceable credit card number
- VAT number
- Company registration certificate, where applicable
This is an ongoing compliance obligation, not a one-off onboarding tick-box. The regulated agent must have obtained and retained this information as part of a documented business relationship. Ad hoc shippers, new clients whose documentation has not been processed through the EBR protocol, and consignors whose records are incomplete will not qualify as having an EBR. Cargo from non-EBR consignors cannot be accepted as secure and must be physically screened before loading onto any aircraft bound for the EU. For freight forwarders acting as regulated agents, the EBR requirement means every shipper relationship must be reviewed against the September 2025 documentation standard. Existing clients whose records predate September 2024 and were not updated to the new standard need to be re-onboarded under the EBR protocol.
Change 2: New Mandatory Data Fields on Air Waybills
EU Regulation 2025/920 introduced mandatory new data fields for all air waybills covering shipments from or through the EU. The new fields are required under the regulation’s commodity description and party information requirements. For every export shipment from Europe bound for any destination, the air waybill must now include:
- Commodity description in accordance with EU guidance for acceptable goods descriptions: Vague descriptions such as “spare parts”, “goods”, “samples”, or “documents” are no longer acceptable. The description must identify what the goods actually are with sufficient specificity for security risk assessment
- Details of all parties in the shipment chain: The original shipper and consignor, the original consignee and final recipient, and any intermediate parties must be identified. For each party, the regulation requires the full legal name of the natural person or company, their complete address, and contact details including phone number. Where the consignor and original shipper are different entities, both must be identified. Where the consignee and final recipient are different entities, both must appear
Failure to provide the required information results in non-acceptance of the cargo. This is not a warning or a delay. The regulated agent or carrier is required to refuse the shipment until compliant documentation is provided. For shippers who have used simplified or abbreviated party information on air waybills historically, the September 2025 change requires an immediate update to their shipping instructions and documentation templates.
Change 3: Airports No Longer Recognised as Equivalent
EU Regulation 2025/920 removed a number of non-EU airports from the list of locations recognised as applying aviation security standards equivalent to the EU. Cargo originating from these airports, or having transited through them, previously benefited from a presumption of security equivalence that allowed it to enter the EU secure supply chain without additional screening. Under the updated regulation, cargo from these airports must undergo full EU security controls before being loaded on any aircraft bound for the EU. The specific airports removed from the equivalence list are published on the EU Commission air cargo security official portal. The Commission updates this list periodically so always confirm current equivalence status on the portal before routing cargo through any non-EU transit airport. Exporters and freight forwarders routing cargo through transit points at non-EU airports should confirm the current equivalence status of each transit airport before booking. Shipments routed through an airport that has lost equivalence recognition will face additional screening requirements that affect transit time and cost.
How the EU Secure Supply Chain Framework Works
Understanding EU air cargo security 2026 compliance requires understanding the secure supply chain framework within which every air shipment to the EU must operate:
The table below shows how each role works and which applies to your business:
| Role | Who It Applies To | Requirement | Validity | Can Hand Cargo as Secure? |
|---|---|---|---|---|
| Known Consignor (KC within EU; KC3 for non-EU) | Manufacturers and exporters shipping their own goods | On-site validation by EU-approved validator or accredited national authority delegate | 5 years | Yes. Directly to an ACC3 or RA without additional screening |
| Regulated Agent (RA within EU; RA3 for non-EU) | Freight forwarders, ground handlers, entities that screen cargo | EU aviation security validation plus documented EBR with every consignor from September 2025 | 5 years | Yes. Delivers secured cargo to ACC3 airlines after screening |
| ACC3 | Airlines carrying cargo into the EU from non-EU airports | EU validation confirming equivalent security standards. Can only load secured cargo from KC3s or RA3s. Unsecured cargo must be physically screened before loading | Periodic review | Not applicable. Final node loading cargo onto EU-bound aircraft |
The consequence of a break in the EU air cargo security 2026 secure supply chain is physical screening of every affected consignment. Physical screening at major EU-bound hub airports carries a minimum cost premium and a delay that can range from several hours to multiple days depending on the volume at the screening facility and the nature of the goods. For time-critical IT hardware deployments, pharmaceutical shipments, and industrial equipment with project deadlines, a physical screening hold is commercially significant.
ICS2: The Data Requirement Running Alongside the New Security Rules
Alongside EU air cargo security 2026, the Import Control System 2 (ICS2) pre-arrival data requirement now covers all modes of transport into the EU, including air, sea, road, and rail. ICS2 requires an Entry Summary Declaration (ENS) containing detailed cargo information to be submitted before a shipment enters EU customs territory. For air freight, the ENS must be filed 24 hours before loading at the port of departure. Carriers operating long-haul or transhipment routings may require earlier submission depending on their internal risk assessment timelines. ICS2 requires richer, more granular data than the previous system, including detailed commodity descriptions, routing information, and identification of all parties in the transport chain. The data requirements under ICS2 closely mirror the party information requirements introduced by EU Regulation 2025/920. Shippers who have updated their documentation to comply with the new AWB data fields under the aviation security regulation will largely satisfy the ICS2 data requirements simultaneously. The two frameworks are complementary and should be addressed together rather than as separate compliance projects.
Four Actions Every Exporter Must Take Now for EU Air Cargo Security 2026
For businesses shipping goods by air to EU destinations, EU air cargo security 2026 compliance creates four specific obligations, the EU air cargo security 2026 changes create four specific obligations:
- Register as a Known Consignor (KC3) or ensure your freight forwarder has a documented EBR with your facility. If you regularly ship goods by air to the EU from outside the EU, KC3 registration eliminates the risk of physical screening holds on your cargo. The KC3 validation process requires an on-site visit by an EU-approved aviation security validator or accredited national authority delegate. The designation is valid for five years. Alternatively, confirm with your freight forwarder that they hold RA3 designation and that your business has been formally onboarded under their EBR protocol since September 2024. Our Exporter of Record service ensures that all goods exported from our clients’ facilities are handled through validated regulated agent relationships with documented EBRs
- Update your air waybill templates and shipping instructions to include the new mandatory data fields. Every air shipment from a European origin must now include specific commodity descriptions and complete party information for all entities in the chain: original shipper, consignor, consignee, and final recipient with full name, address, and phone number. Update your ERP or shipping management system to capture and transmit this data automatically. One shipment refused at the regulated agent due to incomplete AWB data will cost more in delay and rebooking than the implementation effort
- Audit every transit point in your Asia-to-EU and Americas-to-EU air routing for equivalence status. If your regular air routing includes a transit or consolidation point at a non-EU airport, confirm with your freight forwarder whether that airport currently holds EU aviation security equivalence recognition. Airports that lost equivalence under EU Regulation 2025/920 create a mandatory screening requirement for transiting cargo that adds cost and time to every shipment through that point
- Align your ICS2 ENS filing process with the new AWB data requirements. ICS2 Entry Summary Declaration requirements for air freight run on a 24-hour pre-loading timeline. The party and commodity data you need for a compliant ENS filing is the same data now required on the air waybill under EU Regulation 2025/920. Build a single data collection process that satisfies both requirements rather than maintaining two separate documentation workflows. Our Freight Forwarding service integrates ICS2 ENS filing with EU aviation security documentation requirements on all EU-bound air freight shipments from Asia, the Middle East, and the Americas
How Carra Globe Manages Your Air Freight Compliance Into the EU
Understanding what an Importer of Record does in the EU destination market is as important as the export-side security compliance. The IOR named on the EU customs entry is responsible for the import compliance layer: correct HS classification, import duty payment, and ICS2 ENS data accuracy. Carra Globe provides IOR services for air freight shipments into Germany, France, Netherlands, and all EU markets, integrating ICS2 ENS filing with import customs clearance in a single managed process. Our Exporter of Record service manages EU Regulation 2025/920 compliance for clients exporting goods by air from Asia, the Middle East, and the Americas to EU destinations, ensuring EBR documentation, compliant AWB data fields, and ICS2 ENS pre-filing are in place before cargo moves. Our Freight Forwarding service operates through RA3-validated relationships with EU-bound carriers, managing the complete air cargo security documentation chain from origin to EU airport.
Frequently Asked Questions: EU Air Cargo Security 2026
What exactly is the EBR requirement under EU air cargo security 2026?
A documented relationship between a regulated agent and a consignor, established after 1 September 2024, containing the consignor’s name, full address, phone, email, payment details, VAT number, and company registration. Without a valid EBR, the regulated agent cannot accept the cargo as secure. The cargo must be physically screened before loading. If your freight forwarder has not formally re-onboarded you under the new EBR protocol since September 2024, your cargo may not qualify as secure.
What happens to my shipment if it fails EU air cargo security 2026 checks?
The regulated agent or carrier must refuse to accept it as secure. It must be physically screened before loading. Physical screening adds cost, time, and uncertainty to every affected shipment. At major hub airports, screening backlogs can add one to three days to transit time. For time-critical technology hardware, pharmaceutical, or industrial shipments with project deadlines, a screening hold has direct commercial consequences.
What is the difference between a Known Consignor and a Regulated Agent?
A Known Consignor originates cargo for their own account and has been validated as applying EU-equivalent security procedures at their facility. A Regulated Agent screens cargo and handles it securely on behalf of consignors and delivers it to airlines. KC3 and RA3 are the non-EU equivalents requiring EU aviation security validation. Most manufacturers and exporters seek KC3 status. Freight forwarders and ground handlers seek RA3 status.
Do EU air cargo security 2026 rules affect imports or only exports and transit?
Primarily exports and transit cargo moving through non-EU airports before entering the EU. The secure supply chain framework governs how cargo is handled before it is loaded onto EU-bound aircraft at non-EU origin and transit airports. The ICS2 ENS filing requirement runs in parallel and applies to all cargo entering EU customs territory by any mode of transport, covering the import data declaration layer.
How does ICS2 connect to EU air cargo security 2026 compliance?
They are separate but complementary requirements. EU Regulation 2025/920 governs the physical security of cargo before loading at non-EU airports. ICS2 governs the data submission to EU customs authorities before arrival. Both require detailed party and commodity information for every shipment. The data you collect for EU Regulation 2025/920 AWB compliance largely satisfies the ICS2 ENS data requirements. Treat them as a single documentation project rather than two separate compliance workstreams.