CSM-Assessment and ECM supervisory decisions: practical implications for vehicle lessors
Recent ERA and EBA supervisory activity has turned the Keeper / ECM / Designated-Workshop interface into a live credit and operational-risk issue for lessors and PTA vehicle pools. Four items that leasing contracts, Fahrzeugnutzungsverträge and pool access agreements should now spell out explicitly.
The regulatory baseline
Regulation (EU) 2019/779 consolidated the Entity in Charge of Maintenance (ECM) certification regime across all vehicle types — a step beyond the original freight-only ECM framework in Directive 2008/110/EC. The ECM is responsible for maintenance management, the maintenance-development function, the fleet-maintenance-management function and the delivery of maintenance. Functions can be outsourced to Designated Workshops, but the certified ECM remains accountable to the safety authority.
The Common Safety Methods (CSM) that surround the ECM regime — CSM-Risk (Regulation (EU) 402/2013), CSM-Assessment (Regulation (EU) 2018/762) and CSM-Supervision — set the benchmarks that ERA, EBA and other NSAs apply when they audit railway undertakings and ECMs.
What recent supervisory activity has exposed
A wave of ERA-led supervisory visits and EBA inspections in 2025 has highlighted three recurring findings: (i) the interface between a Keeper (typically a lessor) and an ECM is not always documented at a level that survives an audit; (ii) Designated-Workshop contracts often lack the audit-right and data-access clauses the ECM needs to satisfy its own supervisory obligations; and (iii) the notification of ECM changes, which formally only binds the ECM and the NSA, in practice disrupts the lessor's view of the asset if the leasing contract is silent.
Four items to put in every leasing / pool-access contract
First, a covenant that the EVU/operator will not change the ECM without the Keeper's prior written consent, with the carve-out that the Keeper will not unreasonably withhold consent for a change to a certified ECM of at least equivalent competence.
Second, a data-room clause entitling the Keeper to receive from the operator the maintenance plan, the ECM's supervision reports from the NSA, CSM-Assessment findings, and a list of Designated Workshops, with renewable audit rights.
Third, an event-of-default trigger for (a) withdrawal or suspension of the ECM certificate, (b) material adverse supervisory findings by ERA or the NSA, and (c) failure to remediate identified non-conformities within a defined cure period.
Fourth, an end-of-term hand-back standard that is expressed in CSM-verifiable terms — the condition of the vehicle on hand-back should be demonstrable against ECM maintenance records, not just against a visual inspection regime.
Where this sits
See the ECM section of the Regulation page and the financing structures page on how ECM/Keeper risk interacts with PTA-owned pools and Fahrzeugnutzungsverträge.
Last reviewed: 18 April 2026. These notes are not legal advice. See the Disclaimer.