Skip to main content
2016 OAS Guidelines

2.V.5.3. Security requirements in relation to business partners

Article 28(1)(d) of the EEC AU states that the levels of protection and security relating to business partners will be considered appropriate if "the applicant has taken measures that allow its business partners to be clearly identified and that ensure, through the application of appropriate contractual arrangements or other appropriate measures in accordance with the applicant's business model, that those business partners ensure the security of their section of the international supply chain."

The AEO is primarily responsible for its segment of the supply chain, the goods in its custody, and the facilities it uses. Once granted, AEO status belongs only to the person who requested it. However, to ensure the security of the goods under its protection, the AEO also relies on the security standards applied by its trading partners. It is essential that the AEO be aware of all functions in its trading partners' supply chains and make every effort to ensure that its trading partners comply with the AEO's security requirements.

All applicants are expected to ensure that their business partners are aware of their safety and security requirements and obligations, and to ensure, where appropriate and feasible under their business model, that they have written contractual agreements or other appropriate arrangements. In this regard, where necessary, when entering into contractual arrangements with a business partner, the applicant should make every effort to have the other contracting party assess and strengthen the security of its supply chain, include detailed information on how such assessment and reinforcement are to be achieved, and provide evidence of this. Managing the risk associated with business partners is equally essential. Therefore, the applicant should retain documentation in this regard that demonstrates its efforts to ensure that its business partners meet such requirements or, alternatively, that it has undertaken mitigating actions to address the identified risks.

The applicant must know who his potential new business partners are. Furthermore, once the authorization has been issued, when considering the possibility of new potential business partners, the AEO should endeavor to obtain information about the aspects of the potential new partners' businesses that are relevant to the AEO's status.

Below are some examples of how the AEO or applicant could strengthen the security of their supply chain:

  • Collaborate with other AEOs or equivalents.
  • Establish, where appropriate and feasible based on its business model, security contractual agreements with its business partners.
  • Select subcontractors (e.g., a transport company, freight forwarder, etc.) based on their compliance with certain safety standards and, in some cases, with applicable mandatory international requirements, particularly if such subcontractors have already been approved under other safety regimes such as Authorized Agent (AA) or Known Consignor (KC).
  • Include clauses in contracts that prevent the subcontractor from further subcontracting work to unknown parties for whom the subcontractor cannot demonstrate that current identification procedures are being followed and that appropriate security measures are being ensured. This should always be the case when secure air cargo or airmail is transported by a known shipper.
  • Use seals on all modes whenever possible to detect intrusions through entry points into the cargo compartment. Loaded containers must be sealed on the side intended for filling immediately after the loading process is completed, with a seal in accordance with ISO 17712.
  • Submit containers for inspection at the subcontractor's facilities, the terminal, and the recipient's facilities to verify that they have been properly sealed.
  • Review the general information provided by the bodies responsible for registering companies (to the extent possible), as well as the potential partner's products (dangerous or sensitive goods, etc.) before entering into contractual agreements.
  • Conduct security audits of the business partner, or require them to be conducted by a third-party company, to ensure that the business partner meets its security obligations and requirements.
  • Request, where appropriate and feasible based on your business model, a security statement reflecting the respective business models, roles, and responsibilities of both parties.

An example of a security declaration that can be used in Member States in cases where the applicant wishes to satisfy the requirements set out in Article 28(1)(d) of the CAU EA by means of a security declaration from a specific business partner is attached in Annex 3 to the Guidelines. However, if the use of such a declaration is chosen as an appropriate and viable mechanism under its business model, the applicant must be able to ensure that the obligations set out therein are effectively implemented and that the business partner in question complies with them.

  • Use carriers and facilities accredited by international or European security certificates [e.g., the ISPS Code and accredited agents (AA)].
  • Establish non-contractual agreements to specifically address significant safety issues, especially when potential deficiencies have been identified in a safety assessment.

Both customs authorities and economic operators should bear in mind that the aforementioned measures are only examples and that this list is not exhaustive. The choice of one measure or another, or a combination of several, depends largely on the role the trading partner plays in the supply chain and the associated risks, as well as its business model.

Regardless of the measures the applicant has taken to comply with this requirement, it is important that procedures are in place to monitor agreements with business partners and that they are reviewed and updated periodically.

When an applicant or AEO becomes aware that one of its business partners operating in the international supply chain is not meeting established safety and security standards, it shall immediately take appropriate measures to strengthen supply chain security to the best of its ability.

With regard to shipments from unknown trading partners, it is recommended that the applicant or the AEO take appropriate measures to mitigate the security risks associated with the transaction to an acceptable level.

For example, air cargo or airmail originating from an unknown trading partner for which compliance with the current identification procedure and relevant security measures cannot be demonstrated must be controlled by an authorized agent.

This recommendation is particularly relevant when the applicant or the AEO has new or temporary business partners or is involved in the transportation of high-volume shipments, such as in the postal and express courier sectors.

In the case of multiple subcontracting, the responsibility for securing the supply chain is transferred from the applicant or the AEO (e.g. e.g., an exporter) to its own trading partner (e.g. e.g., a freight forwarder). In fact, the business partner is the one who formally commits to securing the corresponding tasks on behalf of the applicant or the AEO. In any case, if the "first-degree subcontractor" (p. e.g., freight forwarder) also uses other parties, it must check that the safety measures are carried out by the next subcontractor (e.g., e.g., the carrier or other subsequent freight forwarder).

If the AEO detects compliance difficulties, it must immediately contact the customs authorities to inform them.