Special Conditions: Diamond Aircraft Industries, Model DA-40NG; Electronic Engine Control (EEC) System, 55293-55296 [2011-22890]

Download as PDF Federal Register / Vol. 76, No. 173 / Wednesday, September 7, 2011 / Proposed Rules DEPARTMENT OF TRANSPORTATION Federal Aviation Administration 14 CFR Part 23 [Docket No. CE313; Notice No. 23–10–03– SC] Special Conditions: Diamond Aircraft Industries, Model DA–40NG; Electronic Engine Control (EEC) System Federal Aviation Administration (FAA), DOT. ACTION: Notice of proposed special conditions. AGENCY: This notice proposes special conditions for the Diamond Aircraft Industries (DAI), model DA–40NG airplane. This airplane will have a novel or unusual design feature(s) associated with an electronic engine control (EEC), also known as a Full Authority Digital Engine Control (FADEC). The applicable airworthiness regulations do not contain adequate or appropriate safety standards for this design feature. These proposed special conditions contain the additional safety standards that the Administrator considers necessary to establish a level of safety equivalent to that established by the existing airworthiness standards. DATES: Comments must be received on or before October 7, 2011. ADDRESSES: Comments on this proposal may be mailed in duplicate to: Federal Aviation Administration, Regional Counsel, ACE–7, Attention: Rules Docket, Docket No. CE313, 901 Locust, Room 506, Kansas City, Missouri 64106, or delivered in duplicate to the Regional Counsel at the above address. Comments must be marked: CE313. Comments may be inspected in the Rules Docket weekdays, except Federal holidays, between 7:30 a.m. and 4 p.m. FOR FURTHER INFORMATION CONTACT: Pete Rouse, Federal Aviation Administration, Aircraft Certification Service, Small Airplane Directorate, ACE–111, 901 Locust, Kansas City, Missouri, 816–329– 4135, fax 816–329–4090. SUPPLEMENTARY INFORMATION: mstockstill on DSK4VPTVN1PROD with PROPOSALS SUMMARY: Comments Invited Interested persons are invited to participate in the making of these proposed special conditions by submitting such written data, views, or arguments as they may desire. VerDate Mar<15>2010 17:43 Sep 06, 2011 Jkt 223001 Communications should identify the regulatory docket or notice number and be submitted in duplicate to the address specified above. All communications received on or before the closing date for comments will be considered by the Administrator. The proposals described in this notice may be changed in light of the comments received. All comments received will be available in the Rules Docket for examination by interested persons, both before and after the closing date for comments. A report summarizing each substantive public contact with FAA personnel concerning this rulemaking will be filed in the docket. Persons wishing the FAA to acknowledge receipt of their comments submitted in response to this notice must include with those comments a self-addressed, stamped postcard on which the following statement is made: ‘‘Comments to Docket No. CE313.’’ The postcard will be date stamped and returned to the commenter. Background On May 11, 2010 Diamond Aircraft Industry GmbH applied for an amendment to Type Certificate No. A47CE to include the new model DA– 40NG with the Austro Engine GmbH model E4 ADE. The model DA–40NG, which is a derivative of the model DA– 40 currently approved under Type Certificate No. A47CE, is a fully composite, four place, single-engine airplane with a cantilever low wing, T-tail airplane with the Austro Engine GmbH model E4 diesel engine and an increased maximum takeoff gross weight from 1150 kilograms (kg) to 1280 kg (2535 pounds (lbs) to 2816 lbs). DAI will use an EEC instead of a traditional mechanical control system on the model DA–40NG airplane. The EEC is certified as part of the engine design certification, and the certification requirements for engine control systems are driven by 14 CFR part 33 certification requirements. The guidance for the part 33 EEC certification requirement is contained in two advisory circulars: Advisory Circular (AC) 33.28–1 and AC 33.28–2. The EEC certification, as part of the engine, addresses those aspects of the engine specifically addressed by part 33 and is not intended to address 14 CFR part 23 installation requirements. However, the guidance does highlight some of the aspects of installation that the engine PO 00000 Frm 00016 Fmt 4702 Sfmt 4702 55293 applicant should consider during engine certification. The installation of an engine with an EEC system requires evaluation of environmental effects and possible effects on or by other airplane systems, including the part 23 installation aspects of the EEC functions. For example, the indirect effects of lightning, radio interference with other airplane electronic systems, and shared engine and airplane data and power sources. The regulatory requirements in part 23 for evaluating the installation of complex electronic systems are contained in § 23.1309. However, when § 23.1309 was developed, the requirements of the rule were specifically excluded from applying to powerplant systems provided as part of the engine (reference § 23.1309(f)(1)). Although the parts of the system that are not certificated with the engine could be evaluated using the criteria of § 23.1309, the analysis would not be useful and not be complete because it would not include the effects of the aircraft supplied power and data failures on the engine control system, and the resulting effects on engine power/thrust. The integral nature of EEC installations require review of EEC functionality at the airplane level, as behavior acceptable for part 33 certification may not be acceptable for part 23 certification. For over a decade, the Small Airplane Directorate has applied a special condition that required all EEC installations to comply with the requirements of § 23.1309(a) through (e). The rationale for applying § 23.1309 was that it was an existing rule that contained the best available requirements to apply to the installation of a complex electronic system; in this case, an EEC with aircraft interfaces. Additionally, special conditions for High Intensity Radiated Fields (HIRF) were also applied prior to the codification of § 23.1308. There are several difficulties for propulsion systems directly complying with the requirements of § 23.1309. There are conflicts between the guidance material for § 23.1309 and propulsion system capabilities and failure susceptibilities. The following figure is an excerpt from AC 23.1309– 1D. E:\FR\FM\07SEP1.SGM 07SEP1 55294 Federal Register / Vol. 76, No. 173 / Wednesday, September 7, 2011 / Proposed Rules Classification of failure conditions No safety effect Minor Major Hazardous Catastrophic Allowable qualitative probability No probability requirement Probable Remote Extremely remote Extremely improbable Effect on Airplane. No effect on operational capabilities or safety. Slight reduction in functional capabilities or safety margins. Significant reduction in functional capabilities or safety margins. Normally with hull loss. Effect on Occupants. Inconvenience for passengers. Physical discomfort for passengers. Effect on Flight Crew. No effect on flight crew Slight increase in workload or use of emergency procedures. Physical distress to passengers, possibly including injuries. Physical discomfort or a significant increase in workload. Large reduction in functional capabilities or safety margins. Serious or fatal injury to an occupant. Physical distress or excessive workload impairs ability to perform tasks. Fatal injury or incapacitation. Classes of airplanes: Allowable Quantitative Probabilities and Software (SW) and Complex Hardware (HW) DALs (Note 2). Class I ................ (Typically SRE under 6,000 lbs.). Class II ............... (Typically MRE, STE, or MTE under 6000 lbs.). Class III .............. (Typically SRE, STE, MRE, & MTE equal or over 6000 lbs.). Class IV ............. (Typically Commuter Category). No Probability or SW & HW DALs Requirement. <10¥3 .......................... Note 1 & 4 ................... P=D, S=D .................... No Probability or SW & HW DALs Requirement. <10¥3 .......................... Note 1 & 4 ................... P=D, S=D .................... No Probability or SW & HW DALs Requirement. No Probability or SW & HW DALs Requirement. Multiple fatalities. <10¥4 .......................... Notes 1 & 4 ................. P=C, S=D .................... P=D, S=D (Note 5) ...... <10¥5 .......................... Notes 1 & 4 ................. P=C, S=D .................... P=D, S=D (Note 5) ...... <10¥5 ....................... Notes 4 ..................... P=C, S=D ................. P=D, S=D (Note 5) ... <10¥6 ....................... Notes 4 ..................... P=C, S=C ................. P=D, S=D (Note 5) ... <10¥6 Note 3 P=C, S=C. <10¥3 .......................... Note 1 & 4 ................... P=D, S=D .................... <10¥5 .......................... Notes 1 & 4 ................. P=C, S=D .................... <10¥7 ....................... Notes 4 ..................... P=C, S=C ................. <10¥8 Note 3. P=B, S=C. <10¥3 .......................... Note 1 & 4 ................... P=D, S=D .................... <10¥5 .......................... Notes 1 & 4 ................. P=C, S=D .................... <10¥7 ....................... Notes 4 ..................... P=B, S=C .................. <10¥9 Note 3 P=A, S=B. <10¥7 Note 3 P=C, S=C. Note 1: Numerical values indicate an order of probability range and are provided here as a reference. The applicant is usually not required to perform a quantitative analysis for minor and major failure conditions. See figure 3. Note 2: The alphabets denote the typical SW and HW DALs for most primary system (P) and secondary system (S). For example, HW or SW DALs Level A on primary system is noted by P=A. See paragraphs 13 & 21 for more guidance. Note 3: At airplane function level, no single failure will result in a catastrophic failure condition. Note 4: Secondary system (S) may not be required to meet probability goals. If installed, S should meet stated criteria. Note 5: A reduction of DALs applies only for navigation, communication, and surveillance systems if an altitude encoding altimeter transponder is installed and it provides the appropriate mitigations. See paragraphs 13 & 21 for more information. There is a conflict between the EEC system loss-of-thrust-control (LOTC), or loss-of-power-control (LOPC), probability per hour requirements given in part 33 guidance material and the failure rate requirements associated with the hazard created by a total loss of power/thrust as given in part 23 AC 23.1309–1D guidance. The part 33 requirements for engine control LOTC/ LOPC probabilities are shown below: Engine type Average LOTC/LOPC events per million hours Turbine Engine ............................................................... Reciprocating Engine ..................................................... 10 (1 × 10–05 per hour) ............................................... 45 (4.5 × 10–05 per hour) ............................................ mstockstill on DSK4VPTVN1PROD with PROPOSALS Note: See AC 33.28–1, AC 33.28–2 and ANE–1993–33.28TLD–R1 for further guidance. The classification of the failure condition for LOTC/LOPC event on a single engine airplane ranges from Hazardous to Catastrophic. The classification of the failure condition for a single engine LOTC/LOPC event on a multi-engine airplane ranges from Major to Catastrophic. The classification of the failure condition for a multi-engine VerDate Mar<15>2010 17:48 Sep 06, 2011 Jkt 223001 LOTC/LOPC event on a multi-engine airplane is Catastrophic. From the AC 23.1309–1D failure probability values, it is obvious that a single engine airplane EEC system will not be able to meet the failure probabilities as shown in the guidance material for § 23.1309. As a result, applicants have elected to declare a reduced hazard severity for a failure of the EEC system. This is not the intent of § 23.1309. The greater hazard severity should be associated with lower PO 00000 Frm 00017 Fmt 4702 Sfmt 4702 Maximum LOTC/LOPC events per million hours 100 (1 × 10–04 per hour). 450 (4.5 × 10–04 per hour). probabilities of failure, and higher probabilities of failure should not establish the lower hazard severities. There is also a conflict between the classification of the failure condition for a failure of an EEC system and the required test levels for the effects of lightning and high intensity radiated frequency (HIRF). Testing to a level lower than required for a catastrophic failure results in a lower level of safety than the mechanical system it replaces. E:\FR\FM\07SEP1.SGM 07SEP1 Federal Register / Vol. 76, No. 173 / Wednesday, September 7, 2011 / Proposed Rules This is contrary to the intent of certification requirements. The advent of EEC also created/ established the ability to dispatch with certain allowable loss of functionality and/or redundancy. This is known as Time-Limited Dispatch (TLD). The TLD allowable configurations must meet the specific risk LOTC/LOPC failure probabilities. FAA policy statement, ANE–1993–33.28TLD–R1, defines the full up and TLD allowable failure probabilities for turbine engines. The ability to use TLD is a risk management endeavor that uses a limited time period between inspection/maintenance intervals to mitigate the hazard. As such, the FAA has issued specific guidance for part 23 airplanes in addition to policy statement, ANE– 1993–33.28TLD–R1, in order to adequately capture the necessary time limits between maintenance intervals. A means of compliance issue paper giving specific guidance can be generated, if desired, for the applicant. The advent of EEC also led to incorporation of functions that, while not required by the CFRs, also introduce potentially catastrophic failure(s) and malfunction(s). Consequently, incorporation of these additional functions must be shown to retain part 23 levels of safety. These additional functions have included thrust management, portions of engine indication otherwise provided as part of the engine installation, engine speed synchronization, ignition control, autofeather, etc. The certification of an airplane to the standards of 14 CFR part 25 does not require the application of § 25.1309 via special condition to the EEC installation. In part 25, § 25.1309 is applicable to the powerplant installations in general and as a whole. The part 25 consequences differ from part 23 due to the required multi-engine configuration of part 25 airplanes. Additional applicable part 25, Subpart E requirements are those contained within § 25.901(b)(2) and (c): mstockstill on DSK4VPTVN1PROD with PROPOSALS Section 25.901—Installation (b) For each powerplant— (2) The components of the installation must be constructed, arranged, and installed so as to ensure their continued safe operation between normal inspections or overhauls; (c) For each powerplant and auxiliary power unit installation, it must be established that no single failure or malfunction or probable combination of failures will jeopardize the safe operation of the airplane except that the failure of structural elements need not VerDate Mar<15>2010 17:43 Sep 06, 2011 Jkt 223001 be considered if the probability of such failure is extremely remote. There is language similar to part 25, § 25.901(c) contained in part 23, § 23.1141(e): Section 23.1141—Powerplant Controls: General (e) For turbine engine powered airplanes, no single failure or malfunction, or probable combination thereof, in any powerplant control system may cause the failure of any powerplant function necessary for safety. The requirements contained within § 23.1141(e) were originally intended for the mechanical control interfaces on turbine engines. The rule was first promulgated at Amendment 23–7, effective on September 14, 1969. The preamble justifying the rule change states: ‘‘This proposal would, in effect require that the need for system redundancy, alternate devices, and duplication of functions be determined in the design of turbine powerplant control systems.’’ The overall intent of the above cited rules is to provide a robust and fault tolerant engine control installation that ensures that no single failure or malfunction or probable combination of failures will jeopardize the safe operation of the airplane. Given the unique requirements of an EEC installation, and the lack of specific regulatory requirements, a special condition will be applied to all EEC installations in part 23 airplanes. This special condition is not applicable to the part 33 engine certification requirements, and it specifically excludes any part 33 references. Compliance with this special condition may necessitate changes to the EEC, and may require additional part 33 compliance showings. In like manner, changes to the EEC at the part 33 level may require additional compliance showings to this special condition. The overall intent of this special condition is to leverage off of the part 33 compliance as much as possible and address the airplane level effects of an EEC installation. The EEC system includes all of the subsystems on the aircraft that interface with the EEC and provide aircraft data and electrical power. This special condition is applicable to and includes all functions of the EEC system that have an effect at the airplane level. An example of this is control of the turbine engine compressor variable geometry (VG): the VG function in itself is not an airplane function, but changes to the VG scheduling will require re-substantiating PO 00000 Frm 00018 Fmt 4702 Sfmt 4702 55295 compliance to part 23 requirements, such as § 23.939. The components that should be considered part of the EEC system are defined in Society of Automotive Engineers (SAE) document, Aerospace Recommended Practice (ARP) 5107B, Guidelines for Time-Limited-Dispatch (TLD) Analysis for Electronic Engine Control Systems, section 6.4. This guidance is intended for turbine engine installations; however, the intent is applicable to piston engine installations. A means of compliance issue paper giving specific guidance can be generated, if desired, for the applicant. Part 33 certification data, if applicable, may be used to show compliance with the requirements of part 23 installation requirements; however, compliance with the part 33 requirements does not constitute compliance with the requirements of part 23, nor automatically imply that the engine is installable on a part 23 airplane. The part 23 applicant is required to show compliance in accordance with part 21. If part 33 data is to be used, then the part 23 applicant must be able to provide this data for their showing of compliance to the part 23 requirements. Type Certification Basis Under the provisions of § 21.101, DAI must show that the model DA–40NG meets the applicable provisions of the regulations incorporated by reference in Type Certificate No. A47CE or the applicable regulations in effect on the date of application for the change to the model DA–40. The regulations incorporated by reference in the type certificate are commonly referred to as the ‘‘original type certification basis.’’ If the Administrator finds that the applicable airworthiness regulations (i.e., 14 CFR part 23) do not contain adequate or appropriate safety standards for the model DA–40NG because of a novel or unusual design feature, special conditions are prescribed under the provisions of § 21.16. In addition to the applicable airworthiness regulations and special conditions, the model DA–40NG must comply with the fuel vent and exhaust emission requirements of 14 CFR part 34 and the noise certification requirements of 14 CFR part 36. The FAA issues special conditions, as appropriate, as defined in § 11.19, under § 11.38, and they become part of the type certification basis under § 21.101(b)(2). Special conditions are initially applicable to the model for which they are issued. Should the type certificate for that model be amended later to E:\FR\FM\07SEP1.SGM 07SEP1 55296 Federal Register / Vol. 76, No. 173 / Wednesday, September 7, 2011 / Proposed Rules include any other model that incorporates the same novel or unusual design feature, or should any other model already included on the same type certificate be modified to incorporate the same novel or unusual design feature, the special conditions would also apply to the other model under the provisions of § 21.101(a)(1). Novel or Unusual Design Features The model DA–40NG will incorporate the following novel or unusual design features: Electronic engine control system. Applicability As discussed above, these special conditions are applicable to the model DA–40NG. Should DAI apply at a later date for a change to the type certificate to include another model incorporating the same novel or unusual design feature, the special conditions would apply to that model. Conclusion This action affects only certain novel or unusual design features on one model of airplane. It is not a rule of general applicability, and it affects only the applicant who applied to the FAA for approval of these features on the airplane. List of Subjects in 14 CFR Part 23 Aircraft, Aviation safety, Signs and symbols. Citation The authority citation for these special conditions is as follows: Authority: 49 U.S.C. 106(g), 40113 and 44701; 14 CFR 21.16 and 21.17; and 14 CFR 11.38 and 11.19. mstockstill on DSK4VPTVN1PROD with PROPOSALS The Proposed Special Conditions Accordingly, pursuant to the authority delegated to me by the Administrator, the FAA proposes the following special conditions as part of the type certification basis for Diamond Aircraft Industry GmbH model DA– 40NG with the installation of the Austro Engine GmbH model E4 aircraft diesel engine. 1. Electronic Engine Control a. For electronic engine control system installations, it must be established that no single failure or malfunction or probable combinations of failures of Electronic Engine Control (EEC) system components will have an effect on the system, as installed in the airplane, that causes the loss-of-thrustcontrol (LOTC), or loss-of-power-control (LOPC) probability of the system to exceed those allowed in part 33 certification. VerDate Mar<15>2010 17:43 Sep 06, 2011 Jkt 223001 b. Electronic engine control system installations must be evaluated for environmental and atmospheric conditions, including lightning. The EEC system lightning and High-Intensity Radiated Fields (HIRF) effects that result in LOTC/LOPC should be considered catastrophic. c. The components of the installation must be constructed, arranged, and installed so as to ensure their continued safe operation between normal inspections or overhauls. d. Functions incorporated into any electronic engine control that make it part of any equipment, systems or installation whose functions are beyond that of basic engine control, and which may also introduce system failures and malfunctions, are not exempt from § 23.1309 and must be shown to meet part 23 levels of safety as derived from § 23.1309. Part 33 certification data, if applicable, may be used to show compliance with any part 23 requirements. If part 33 data is to be used to substantiate compliance with part 23 requirements, then the part 23 applicant must be able to provide this data for their showing of compliance. Note: The term ‘‘probable’’ in the context of ‘‘probable combination of failures’’ does not have the same meaning as in AC 23.1309–1D. The term ‘‘probable’’ in ‘‘probable combination of failures’’ means ‘‘foreseeable,’’ or (in AC 23.1309–1D terms), ‘‘not extremely improbable.’’ Issued in Kansas City, Missouri, on August 31, 2011. Earl Lawrence, Manager, Small Airplane Directorate, Aircraft Certification Service. [FR Doc. 2011–22890 Filed 9–6–11; 8:45 am] BILLING CODE 4910–13–P DEPARTMENT OF TRANSPORTATION Federal Aviation Administration 14 CFR Part 39 [Docket No. FAA–2011–0916; Directorate Identifier 2011–NM–127–AD] RIN 2120–AA64 Airworthiness Directives; Bombardier, Inc. Model DHC–8–300 Series Airplanes Federal Aviation Administration (FAA), DOT. ACTION: Notice of proposed rulemaking (NPRM). AGENCY: We propose to adopt a new airworthiness directive (AD) for the products listed above that would supersede an existing AD. This SUMMARY: PO 00000 Frm 00019 Fmt 4702 Sfmt 4702 proposed AD results from mandatory continuing airworthiness information (MCAI) originated by an aviation authority of another country to identify and correct an unsafe condition on an aviation product. The MCAI describes the unsafe condition as: Several cases of aileron terminal quadrant support brackets that were manufactured using sheet metal have been found cracked on DHC–8 Series 300 aircraft. Investigation revealed that the failure of the support bracket was due to fatigue. Failure of the aileron terminal quadrant support bracket could result in an adverse reduction of aircraft roll control. * * * * * These conditions could result in loss of control of the airplane. The proposed AD would require actions that are intended to address the unsafe condition described in the MCAI. DATES: We must receive comments on this proposed AD by October 24, 2011. ADDRESSES: You may send comments by any of the following methods: • Federal eRulemaking Portal: Go to https://www.regulations.gov. Follow the instructions for submitting comments. • Fax: (202) 493–2251. • Mail: U.S. Department of Transportation, Docket Operations, M–30, West Building Ground Floor, Room W12–140, 1200 New Jersey Avenue, SE., Washington, DC 20590. • Hand Delivery: U.S. Department of Transportation, Docket Operations, M–30, West Building Ground Floor, Room W12–40, 1200 New Jersey Avenue, SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. For service information identified in this proposed AD, contact Bombardier, Inc., Q–Series Technical Help Desk, 123 Garratt Boulevard, Toronto, Ontario M3K 1Y5, Canada; telephone 416–375– 4000; fax 416–375–4539; e-mail thd.qseries@aero.bombardier.com; Internet https://www.bombardier.com. You may review copies of the referenced service information at the FAA, Transport Airplane Directorate, 1601 Lind Avenue, SW., Renton, Washington. For information on the availability of this material at the FAA, call 425–227–1221. Examining the AD Docket You may examine the AD docket on the Internet at https://www.regulations. gov; or in person at the Docket Operations office between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. The AD docket contains this proposed AD, the regulatory evaluation, any comments received, and other information. The street address for the Docket Operations E:\FR\FM\07SEP1.SGM 07SEP1

Agencies

[Federal Register Volume 76, Number 173 (Wednesday, September 7, 2011)]
[Proposed Rules]
[Pages 55293-55296]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2011-22890]

[[Page 55293]]

=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration

14 CFR Part 23

[Docket No. CE313; Notice No. 23-10-03-SC]

Special Conditions: Diamond Aircraft Industries, Model DA-40NG;
Electronic Engine Control (EEC) System

AGENCY: Federal Aviation Administration (FAA), DOT.

ACTION: Notice of proposed special conditions.

-----------------------------------------------------------------------

SUMMARY: This notice proposes special conditions for the Diamond
Aircraft Industries (DAI), model DA-40NG airplane. This airplane will
have a novel or unusual design feature(s) associated with an electronic
engine control (EEC), also known as a Full Authority Digital Engine
Control (FADEC). The applicable airworthiness regulations do not
contain adequate or appropriate safety standards for this design
feature. These proposed special conditions contain the additional
safety standards that the Administrator considers necessary to
establish a level of safety equivalent to that established by the
existing airworthiness standards.

DATES: Comments must be received on or before October 7, 2011.

ADDRESSES: Comments on this proposal may be mailed in duplicate to:
Federal Aviation Administration, Regional Counsel, ACE-7, Attention:
Rules Docket, Docket No. CE313, 901 Locust, Room 506, Kansas City,
Missouri 64106, or delivered in duplicate to the Regional Counsel at
the above address. Comments must be marked: CE313. Comments may be
inspected in the Rules Docket weekdays, except Federal holidays,
between 7:30 a.m. and 4 p.m.

FOR FURTHER INFORMATION CONTACT: Pete Rouse, Federal Aviation
Administration, Aircraft Certification Service, Small Airplane
Directorate, ACE-111, 901 Locust, Kansas City, Missouri, 816-329-4135,
fax 816-329-4090.

SUPPLEMENTARY INFORMATION:

Comments Invited

Interested persons are invited to participate in the making of
these proposed special conditions by submitting such written data,
views, or arguments as they may desire. Communications should identify
the regulatory docket or notice number and be submitted in duplicate to
the address specified above. All communications received on or before
the closing date for comments will be considered by the Administrator.
The proposals described in this notice may be changed in light of the
comments received. All comments received will be available in the Rules
Docket for examination by interested persons, both before and after the
closing date for comments. A report summarizing each substantive public
contact with FAA personnel concerning this rulemaking will be filed in
the docket. Persons wishing the FAA to acknowledge receipt of their
comments submitted in response to this notice must include with those
comments a self-addressed, stamped postcard on which the following
statement is made: ``Comments to Docket No. CE313.'' The postcard will
be date stamped and returned to the commenter.

Background

On May 11, 2010 Diamond Aircraft Industry GmbH applied for an
amendment to Type Certificate No. A47CE to include the new model DA-
40NG with the Austro Engine GmbH model E4 ADE. The model DA-40NG, which
is a derivative of the model DA-40 currently approved under Type
Certificate No. A47CE, is a fully composite, four place, single-engine
airplane with a cantilever low wing, T-tail airplane with the Austro
Engine GmbH model E4 diesel engine and an increased maximum takeoff
gross weight from 1150 kilograms (kg) to 1280 kg (2535 pounds (lbs) to
2816 lbs).
DAI will use an EEC instead of a traditional mechanical control
system on the model DA-40NG airplane. The EEC is certified as part of
the engine design certification, and the certification requirements for
engine control systems are driven by 14 CFR part 33 certification
requirements. The guidance for the part 33 EEC certification
requirement is contained in two advisory circulars: Advisory Circular
(AC) 33.28-1 and AC 33.28-2. The EEC certification, as part of the
engine, addresses those aspects of the engine specifically addressed by
part 33 and is not intended to address 14 CFR part 23 installation
requirements. However, the guidance does highlight some of the aspects
of installation that the engine applicant should consider during engine
certification. The installation of an engine with an EEC system
requires evaluation of environmental effects and possible effects on or
by other airplane systems, including the part 23 installation aspects
of the EEC functions. For example, the indirect effects of lightning,
radio interference with other airplane electronic systems, and shared
engine and airplane data and power sources.
The regulatory requirements in part 23 for evaluating the
installation of complex electronic systems are contained in Sec.
23.1309. However, when Sec. 23.1309 was developed, the requirements of
the rule were specifically excluded from applying to powerplant systems
provided as part of the engine (reference Sec. 23.1309(f)(1)).
Although the parts of the system that are not certificated with the
engine could be evaluated using the criteria of Sec. 23.1309, the
analysis would not be useful and not be complete because it would not
include the effects of the aircraft supplied power and data failures on
the engine control system, and the resulting effects on engine power/
thrust. The integral nature of EEC installations require review of EEC
functionality at the airplane level, as behavior acceptable for part 33
certification may not be acceptable for part 23 certification.
For over a decade, the Small Airplane Directorate has applied a
special condition that required all EEC installations to comply with
the requirements of Sec. 23.1309(a) through (e). The rationale for
applying Sec. 23.1309 was that it was an existing rule that contained
the best available requirements to apply to the installation of a
complex electronic system; in this case, an EEC with aircraft
interfaces. Additionally, special conditions for High Intensity
Radiated Fields (HIRF) were also applied prior to the codification of
Sec. 23.1308.
There are several difficulties for propulsion systems directly
complying with the requirements of Sec. 23.1309. There are conflicts
between the guidance material for Sec. 23.1309 and propulsion system
capabilities and failure susceptibilities. The following figure is an
excerpt from AC 23.1309-1D.

[[Page 55294]]

--------------------------------------------------------------------------------------------------------------------------------------------------------
Classification of failure No safety effect Minor Major Hazardous Catastrophic
conditions --------------------------------------------------------------------------------------------------------------------
------------------------------------ No probability
Allowable qualitative probability requirement Probable Remote Extremely remote Extremely improbable
--------------------------------------------------------------------------------------------------------------------------------------------------------
Effect on Airplane................. No effect on Slight reduction in Significant reduction Large reduction in Normally with hull
operational functional in functional functional loss.
capabilities or capabilities or capabilities or capabilities or
safety. safety margins. safety margins. safety margins.
Effect on Occupants................ Inconvenience for Physical discomfort Physical distress to Serious or fatal Multiple fatalities.
passengers. for passengers. passengers, possibly injury to an
including injuries. occupant.
Effect on Flight Crew.............. No effect on flight Slight increase in Physical discomfort Physical distress or Fatal injury or
crew. workload or use of or a significant excessive workload incapacitation.
emergency procedures. increase in workload. impairs ability to
perform tasks.
--------------------------------------------------------------------------------------------------------------------------------------------------------
Classes of Allowable Quantitative Probabilities and Software (SW) and Complex Hardware (HW) DALs (Note 2).
airplanes:
--------------------------------------------------------------------------------------------------------------------------------------------------------
Class I............................ No Probability or SW & <10-3................. <10-4................ <10-5................ <10-6
(Typically SRE under 6,000 lbs.)... HW DALs Requirement. Note 1 & 4............ Notes 1 & 4.......... Notes 4.............. Note 3
P=D, S=D.............. P=C, S=D............. P=C, S=D............. P=C, S=C.
P=D, S=D (Note 5).... P=D, S=D (Note 5)....
Class II........................... No Probability or SW & <10-3................. <10-5................ <10-6................ <10-7
(Typically MRE, STE, or MTE under HW DALs Requirement. Note 1 & 4............ Notes 1 & 4.......... Notes 4.............. Note 3
6000 lbs.). P=D, S=D.............. P=C, S=D............. P=C, S=C............. P=C, S=C.
P=D, S=D (Note 5).... P=D, S=D (Note 5)....
Class III.......................... No Probability or SW & <10-3................. <10-5................ <10-7................ <10-8
(Typically SRE, STE, MRE, & MTE HW DALs Requirement. Note 1 & 4............ Notes 1 & 4.......... Notes 4.............. Note 3.
equal or over 6000 lbs.). P=D, S=D.............. P=C, S=D............. P=C, S=C............. P=B, S=C.
Class IV........................... No Probability or SW & <10-3................. <10-5................ <10-7................ <10-9
(Typically Commuter Category)...... HW DALs Requirement. Note 1 & 4............ Notes 1 & 4.......... Notes 4.............. Note 3
P=D, S=D.............. P=C, S=D............. P=B, S=C............. P=A, S=B.
--------------------------------------------------------------------------------------------------------------------------------------------------------
Note 1: Numerical values indicate an order of probability range and are provided here as a reference. The applicant is usually not required to perform a
quantitative analysis for minor and major failure conditions. See figure 3.
Note 2: The alphabets denote the typical SW and HW DALs for most primary system (P) and secondary system (S). For example, HW or SW DALs Level A on
primary system is noted by P=A. See paragraphs 13 & 21 for more guidance.
Note 3: At airplane function level, no single failure will result in a catastrophic failure condition.
Note 4: Secondary system (S) may not be required to meet probability goals. If installed, S should meet stated criteria.
Note 5: A reduction of DALs applies only for navigation, communication, and surveillance systems if an altitude encoding altimeter transponder is
installed and it provides the appropriate mitigations. See paragraphs 13 & 21 for more information.

There is a conflict between the EEC system loss-of-thrust-control
(LOTC), or loss-of-power-control (LOPC), probability per hour
requirements given in part 33 guidance material and the failure rate
requirements associated with the hazard created by a total loss of
power/thrust as given in part 23 AC 23.1309-1D guidance. The part 33
requirements for engine control LOTC/LOPC probabilities are shown
below:

----------------------------------------------------------------------------------------------------------------
Average LOTC/LOPC events
Engine type per million hours Maximum LOTC/LOPC events per million hours
----------------------------------------------------------------------------------------------------------------
Turbine Engine...................... 10 (1 x 10-05 per hour)..... 100 (1 x 10-04 per hour).
Reciprocating Engine................ 45 (4.5 x 10-05 per hour)... 450 (4.5 x 10-04 per hour).
----------------------------------------------------------------------------------------------------------------

Note: See AC 33.28-1, AC 33.28-2 and ANE-1993-33.28TLD-R1 for
further guidance.

The classification of the failure condition for LOTC/LOPC event on
a single engine airplane ranges from Hazardous to Catastrophic. The
classification of the failure condition for a single engine LOTC/LOPC
event on a multi-engine airplane ranges from Major to Catastrophic. The
classification of the failure condition for a multi-engine LOTC/LOPC
event on a multi-engine airplane is Catastrophic. From the AC 23.1309-
1D failure probability values, it is obvious that a single engine
airplane EEC system will not be able to meet the failure probabilities
as shown in the guidance material for Sec. 23.1309. As a result,
applicants have elected to declare a reduced hazard severity for a
failure of the EEC system. This is not the intent of Sec. 23.1309. The
greater hazard severity should be associated with lower probabilities
of failure, and higher probabilities of failure should not establish
the lower hazard severities. There is also a conflict between the
classification of the failure condition for a failure of an EEC system
and the required test levels for the effects of lightning and high
intensity radiated frequency (HIRF). Testing to a level lower than
required for a catastrophic failure results in a lower level of safety
than the mechanical system it replaces.

[[Page 55295]]

This is contrary to the intent of certification requirements.
The advent of EEC also created/established the ability to dispatch
with certain allowable loss of functionality and/or redundancy. This is
known as Time-Limited Dispatch (TLD). The TLD allowable configurations
must meet the specific risk LOTC/LOPC failure probabilities. FAA policy
statement, ANE-1993-33.28TLD-R1, defines the full up and TLD allowable
failure probabilities for turbine engines. The ability to use TLD is a
risk management endeavor that uses a limited time period between
inspection/maintenance intervals to mitigate the hazard. As such, the
FAA has issued specific guidance for part 23 airplanes in addition to
policy statement, ANE-1993-33.28TLD-R1, in order to adequately capture
the necessary time limits between maintenance intervals. A means of
compliance issue paper giving specific guidance can be generated, if
desired, for the applicant.
The advent of EEC also led to incorporation of functions that,
while not required by the CFRs, also introduce potentially catastrophic
failure(s) and malfunction(s). Consequently, incorporation of these
additional functions must be shown to retain part 23 levels of safety.
These additional functions have included thrust management, portions of
engine indication otherwise provided as part of the engine
installation, engine speed synchronization, ignition control, auto-
feather, etc.
The certification of an airplane to the standards of 14 CFR part 25
does not require the application of Sec. 25.1309 via special condition
to the EEC installation. In part 25, Sec. 25.1309 is applicable to the
powerplant installations in general and as a whole. The part 25
consequences differ from part 23 due to the required multi-engine
configuration of part 25 airplanes. Additional applicable part 25,
Subpart E requirements are those contained within Sec. 25.901(b)(2)
and (c):

Section 25.901--Installation

(b) For each powerplant--
(2) The components of the installation must be constructed,
arranged, and installed so as to ensure their continued safe operation
between normal inspections or overhauls;
(c) For each powerplant and auxiliary power unit installation, it
must be established that no single failure or malfunction or probable
combination of failures will jeopardize the safe operation of the
airplane except that the failure of structural elements need not be
considered if the probability of such failure is extremely remote.
There is language similar to part 25, Sec. 25.901(c) contained in
part 23, Sec. 23.1141(e):

Section 23.1141--Powerplant Controls: General

(e) For turbine engine powered airplanes, no single failure or
malfunction, or probable combination thereof, in any powerplant control
system may cause the failure of any powerplant function necessary for
safety.
The requirements contained within Sec. 23.1141(e) were originally
intended for the mechanical control interfaces on turbine engines. The
rule was first promulgated at Amendment 23-7, effective on September
14, 1969. The preamble justifying the rule change states:

``This proposal would, in effect require that the need for
system redundancy, alternate devices, and duplication of functions
be determined in the design of turbine powerplant control systems.''

The overall intent of the above cited rules is to provide a robust
and fault tolerant engine control installation that ensures that no
single failure or malfunction or probable combination of failures will
jeopardize the safe operation of the airplane.
Given the unique requirements of an EEC installation, and the lack
of specific regulatory requirements, a special condition will be
applied to all EEC installations in part 23 airplanes. This special
condition is not applicable to the part 33 engine certification
requirements, and it specifically excludes any part 33 references.
Compliance with this special condition may necessitate changes to the
EEC, and may require additional part 33 compliance showings. In like
manner, changes to the EEC at the part 33 level may require additional
compliance showings to this special condition. The overall intent of
this special condition is to leverage off of the part 33 compliance as
much as possible and address the airplane level effects of an EEC
installation.
The EEC system includes all of the subsystems on the aircraft that
interface with the EEC and provide aircraft data and electrical power.
This special condition is applicable to and includes all functions of
the EEC system that have an effect at the airplane level. An example of
this is control of the turbine engine compressor variable geometry
(VG): the VG function in itself is not an airplane function, but
changes to the VG scheduling will require re-substantiating compliance
to part 23 requirements, such as Sec. 23.939.
The components that should be considered part of the EEC system are
defined in Society of Automotive Engineers (SAE) document, Aerospace
Recommended Practice (ARP) 5107B, Guidelines for Time-Limited-Dispatch
(TLD) Analysis for Electronic Engine Control Systems, section 6.4. This
guidance is intended for turbine engine installations; however, the
intent is applicable to piston engine installations. A means of
compliance issue paper giving specific guidance can be generated, if
desired, for the applicant.
Part 33 certification data, if applicable, may be used to show
compliance with the requirements of part 23 installation requirements;
however, compliance with the part 33 requirements does not constitute
compliance with the requirements of part 23, nor automatically imply
that the engine is installable on a part 23 airplane. The part 23
applicant is required to show compliance in accordance with part 21. If
part 33 data is to be used, then the part 23 applicant must be able to
provide this data for their showing of compliance to the part 23
requirements.

Type Certification Basis

Under the provisions of Sec. 21.101, DAI must show that the model
DA-40NG meets the applicable provisions of the regulations incorporated
by reference in Type Certificate No. A47CE or the applicable
regulations in effect on the date of application for the change to the
model DA-40. The regulations incorporated by reference in the type
certificate are commonly referred to as the ``original type
certification basis.''
If the Administrator finds that the applicable airworthiness
regulations (i.e., 14 CFR part 23) do not contain adequate or
appropriate safety standards for the model DA-40NG because of a novel
or unusual design feature, special conditions are prescribed under the
provisions of Sec. 21.16.
In addition to the applicable airworthiness regulations and special
conditions, the model DA-40NG must comply with the fuel vent and
exhaust emission requirements of 14 CFR part 34 and the noise
certification requirements of 14 CFR part 36.
The FAA issues special conditions, as appropriate, as defined in
Sec. 11.19, under Sec. 11.38, and they become part of the type
certification basis under Sec. 21.101(b)(2).
Special conditions are initially applicable to the model for which
they are issued. Should the type certificate for that model be amended
later to

[[Page 55296]]

include any other model that incorporates the same novel or unusual
design feature, or should any other model already included on the same
type certificate be modified to incorporate the same novel or unusual
design feature, the special conditions would also apply to the other
model under the provisions of Sec. 21.101(a)(1).

Novel or Unusual Design Features

The model DA-40NG will incorporate the following novel or unusual
design features:
Electronic engine control system.

Applicability

As discussed above, these special conditions are applicable to the
model DA-40NG. Should DAI apply at a later date for a change to the
type certificate to include another model incorporating the same novel
or unusual design feature, the special conditions would apply to that
model.

Conclusion

This action affects only certain novel or unusual design features
on one model of airplane. It is not a rule of general applicability,
and it affects only the applicant who applied to the FAA for approval
of these features on the airplane.

List of Subjects in 14 CFR Part 23

Aircraft, Aviation safety, Signs and symbols.

Citation

The authority citation for these special conditions is as follows:

Authority: 49 U.S.C. 106(g), 40113 and 44701; 14 CFR 21.16 and
21.17; and 14 CFR 11.38 and 11.19.

The Proposed Special Conditions

Accordingly, pursuant to the authority delegated to me by the
Administrator, the FAA proposes the following special conditions as
part of the type certification basis for Diamond Aircraft Industry GmbH
model DA-40NG with the installation of the Austro Engine GmbH model E4
aircraft diesel engine.
1. Electronic Engine Control
a. For electronic engine control system installations, it must be
established that no single failure or malfunction or probable
combinations of failures of Electronic Engine Control (EEC) system
components will have an effect on the system, as installed in the
airplane, that causes the loss-of-thrust-control (LOTC), or loss-of-
power-control (LOPC) probability of the system to exceed those allowed
in part 33 certification.
b. Electronic engine control system installations must be evaluated
for environmental and atmospheric conditions, including lightning. The
EEC system lightning and High-Intensity Radiated Fields (HIRF) effects
that result in LOTC/LOPC should be considered catastrophic.
c. The components of the installation must be constructed,
arranged, and installed so as to ensure their continued safe operation
between normal inspections or overhauls.
d. Functions incorporated into any electronic engine control that
make it part of any equipment, systems or installation whose functions
are beyond that of basic engine control, and which may also introduce
system failures and malfunctions, are not exempt from Sec. 23.1309 and
must be shown to meet part 23 levels of safety as derived from Sec.
23.1309. Part 33 certification data, if applicable, may be used to show
compliance with any part 23 requirements. If part 33 data is to be used
to substantiate compliance with part 23 requirements, then the part 23
applicant must be able to provide this data for their showing of
compliance.

Note: The term ``probable'' in the context of ``probable
combination of failures'' does not have the same meaning as in AC
23.1309-1D. The term ``probable'' in ``probable combination of
failures'' means ``foreseeable,'' or (in AC 23.1309-1D terms), ``not
extremely improbable.''

Issued in Kansas City, Missouri, on August 31, 2011.
Earl Lawrence,
Manager, Small Airplane Directorate, Aircraft Certification Service.
[FR Doc. 2011-22890 Filed 9-6-11; 8:45 am]
BILLING CODE 4910-13-P

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.