A take-off warning system must be installed and must meet the following requirements:

(a) The system must provide to the pilots an aural warning that is automatically activated during the initial portion of the take-off roll if the aeroplane is in a configuration, including any of the following that would not allow a safe take-off:

(1) The wing-flaps or leading edge devices are not within the approved range of take-off positions.

(2) Wing spoilers (except lateral control spoilers meeting the requirements of CS 25.671),speed brakes, or longitudinal trim devices are in a position that would not allow a safe take-off.

(3) The parking brake is unreleased.

(b) The aural warning required by subparagraph

(a) of this paragraph must continue until-

(1) The take-off configuration is changed to allow a safe take-off;

(2) Action is taken by the pilot to terminate the take-off roll;

(3) The aeroplane is rotated for take-off;

or

(4) The warning is manually silenced by the pilot. The means to silence the warning must not be readily available to the flight crew such

that it could be operated instinctively, inadvertently, or by habitual reflexive action.

Before each take-off, the warning must be rearmed automatically, or manually if the

absence of automatic rearming is clear and unmistakable.

(c) The means used to activate the system must function properly for all authorised take-off

power settings and procedures, and throughout the ranges of take-off weights, altitudes, and temperatures for which certification is requested.

4. BACKGROUND. A number of aeroplane accidents have occurred because the aeroplane was not

properly configured for takeoff and a warning was not provided to the flight crew by the takeoff

configuration warning system. Investigations of these accidents have indicated a need for guidance

material for design and approval of takeoff configuration warning systems.

5. DISCUSSION.

a. Regulatory Basis.

(1) CS 25.703, "Takeoff warning system," requires that a takeoff configuration warning

system be installed in large aeroplanes. This requirement was introduced with JAR25

Amendment 5

effective 1.1.79. On the FAR side, this was added to Part 25 by Amendment 2542

effective on March 1, 1978. CS 25.703 requires that a takeoff

warning system be installed and provide an aural warning to the flight crew during the initial portion of the take off roll, whenever the aeroplane is not in a

configuration which would allow a safe takeoff.

The intent of this rule is to require that the takeoff configuration warning system cover (a) only those configurations of the required systems which would

be unsafe, and (b) the effects of system failures resulting in wrong surface or system functions if there is not a separate and adequate warning already provided. According to the preamble of Amendment 2542, the takeoff warning system should serve as "backup for the checklist, particularly in unusual situations, e.g., where the checklist is interrupted or the takeoff delayed." Conditions for which warnings are required include wing flaps or leading edge devices not within the approved range of takeoff positions, and wing spoilers (except lateral control spoilers meeting the requirements of CS 25.671), speed brakes, parking brakes, or longitudinal trim devices in a position that would not allow a safe takeoff.

Consideration should also be given to adding rudder trim and aileron (roll) trim if these devices can be placed in a position that would not allow a safe takeoff.

(2) Prior to CS25

Amendment 5 and FAR 25 Amendment 2542,

there was no requirement for a takeoff configuration warning system to be installed in large aeroplanes. Since this amendment is not retroactive, some large aeroplane models in service today may not have takeoff configuration warning systems; however, all large turbojet transports currently in service, even those with a certification basis established prior to 1978, include a takeoff configuration warning system in the basic design. These include the majority of large aeroplanes.

(3) Other general rules such as CS 25.1301, 25.1309, 25.1322, 25.1357 and 25.1431 for electronic system installations also apply to takeoff configuration warning systems.

b. System Criticality.

(1) It has been Aviation Authorities policy to categorize systems designed to alert the flight crew of potentially hazardous operating conditions as being at a level of criticality associated with a probable failure condition. (For a definition of this terminology together with discussions and guidelines on the classification of failure conditions and the probability of failures, see AMC 25.1309). This is because failures of these systems, in themselves, are not considered to create an unsafe condition, reduce the capability of the aeroplane, or reduce the ability of the crew to cope with adverse operating conditions. Other systems which fall into this category include stall warning systems, overspeed warning systems, ground proximity warning systems, and windshear warning systems.

(4) Even though CS 25.703 specifies those inputs common to most large aeroplanes that must be included in the design, each aeroplane model should be carefully reviewed to ascertain that any configuration or trim setting that could jeopardize a safe takeoff has an input to the takeoff warning system unless a separate and adequate warning is already provided by another system. There may be aeroplane configurations or electronically positioned lateral or longitudinal trim unique to a particular model that constitute this hazard. In the event that it is necessary to inhibit the warning from

a particular system during the entire takeoff roll, an equivalent level of safety finding would be required.

(5) Automatic volume adjustment should be provided to maintain the aural warning volume at an appropriate level relative to cockpit ambient sound. According to Report No. DOT/FAA/RD81/

38, II entitled "Aircraft Alerting Systems Standardization Study, Volume II Aircraft Alerting System Design Guidelines," aural signals should exceed masked threshold by 8 ± 3 dB.

(6) Of particular importance in the design of takeoff configuration warning systems is the elimination of nuisance warnings. These are warnings generated by a system which is functioning as

designed but which are inappropriate or unnecessary for the particular phase of operation. Attempting to eliminate nuisance warnings cannot be over-emphasized because any indication which could cause

the flight crew to perform a high speed rejected takeoff, or which distracts or adversely affects the flight crew's performance of the takeoff manoeuvre, creates a hazard which could lead to an

accident. In addition, any time there are nuisance warnings generated, there is a possibility that the flight crew will be tempted to eliminate them through system deactivation, and by continually doing this,

the flight crew may be conditioned to ignore a valid warning.

(7) There are a number of operations that could produce nuisance warnings. Specifically, single engine taxi for twin engine aeroplanes, or in the case of 3 and 4 engine aeroplanes, taxi with

fewer than all engines operating is a procedure used by some operators for the purpose of saving fuel. Nuisance warnings have also been caused by trim changes and speed brake handle adjustments.

(8) The means for silencing the aural warning should not be located such that it can be operated instinctively, inadvertently, or by habitual reflexive action. Silencing is defined as the

interruption of the aural warning. When silenced, it is preferred that the system will be capable of rearming itself automatically prior to takeoff

. However, if there is a clear and unmistakable annunciation that the system is silenced, manual rearming is acceptable.

(9) Each aeroplane model has a different means of arming the takeoff configuration warning system, therefore the potential for nuisance warnings varies accordingly. Some existing systems use only a single throttle position, some use position from multiple throttles, some use EPR or N1, and some use a combination of these. When logic from a single operating engine was used, nuisance warnings were common during less than all engine taxi operations because of the higher power settings required to move the aeroplane. These systems were not designed for that type of operation.

Because this procedure is used, inputs that arm the system should be judiciously selected taking into account any likely combination of operating and shutdown engines so that nuisance warnings will not occur if the aeroplane is not in takeoff configuration.

(10) CS 25.703 requires only an aural alert for the takeoff warning system. CS 25.1322 currently specify requirements for visual alerts while related reading material reference 3a(2), 3a(4) and 3b(1) provide guidance for integrated visual and aural annunciations for warnings, cautions and advisory alerting conditions. It has been common industry practice to incorporate the above mentioned references in their aeroplane designs. FAR/CS 25.1322 are planned for revision to incorporate the guidance of these references to reflect current industry practices. Manufacturers may wish to incorporate these alerting concepts to the takeoff warning system. If such is the case , the following guidance is offered:

a) A master warning (red) attention getting alert may be provided in the pilot's primary field of view simultaneously with the aural attention getting alert.

b) In addition to (or instead of) the aural attention getting alert (tone), voice may be used to specify the general problem (Configuration), or the exact problem (slats, flaps, trim, parking brake, etc…).

c) The visual alert may also specify the general problem (Configuration), or the exact problem (slats, flaps, trim, parking brake, etc…).

d) A visual cautionary alert associated with the failure of the Takeoff warning system may be provided

e.g. "T/O WARN FAIL".

(11) The EASA Agency approved Master Minimum Equipment List (MMEL) includes those items of equipment related to airworthiness and operating regulations and other items of equipment

which the Agency finds may be inoperative and yet maintain an acceptable level of safety by appropriate conditions and limitations. No MMEL relief is provided for an inoperative takeoff configuration warning. Therefore, design of these systems should include proper system monitoring including immediate annunciation to the flight crew should a failure be identified or if power to the system is interrupted.

d. System Tests and Test Intervals.

(1) When manual tests or checks are required to show compliance with CS 25.1309, by detecting the presence of and limiting the exposure time to a latent failure that would render the warning inoperative, they should be adequate, simple and straight forward in function and interval to allow a quick and proper check by the flight crew and maintenance personnel. Flight crew checks may be specified in the approved Aeroplane Flight Manual (AFM) and, depending on the complexity of the takeoff configuration warning system and the aeroplane, maintenance tasks may be conventional

Maintenance Review Board (MRB) designed tasks or listed as Certification Check Requirements (CCR) where appropriate, as defined in AMC 25.1309, and determined as part of the approval process between the manufacturer and the certification office.

(2) The specified tests/checks established in accordance with subparagraph 5d(1) above should be demonstrated as part of the approval process and should show that each input sensor as well as the control and logic system and its emitters, including the indication system, are individually verified as required to meet subparagraph 5b(3). It should also be demonstrated that the warning self cancels when required to do so, for example by retarding the throttles or correcting the wrong configuration.

e. Test Considerations.

(1) During flight testing it should be shown that the takeoff configuration warning system does not issue nuisance alerts or interfere with other systems. Specific testing should be conducted to ensure that the takeoff configuration warning system works satisfactorily for all sensor inputs to the system. Flight testing should include reconfiguration of the aeroplane during touch and go manoeuvres.

(2) It should be shown by test or analysis that for all requested power settings, feasible weights, taxiway slopes, temperatures and altitudes, there will be no nuisance warnings, nor failure to give a warning when necessary (e.g., cold conditions, derated takeoff), for any reasonable configuration of engines operating or shut down. This is to test or simulate all expected operational configurations. Reasonable pilot technique for applying power should be presumed.

(3) The means for silencing the aural warning by the flight crew will be evaluated to assure that the device is not accessible instinctively and it is properly protected from inadvertent activation.

Automatic or manual rearming of the warning system will be evaluated.

[Amdt. No.:25/2]

Page 485

2. BACKGROUND

Flight crews make a positive contribution to the safety of the air transportation system because of their ability to assess continuously changing conditions and situations, analyse potential actions, and make reasoned decisions. However, even well trained, qualified, healthy, alert flight-crew members make errors. Some of these errors may be influenced by the design of the systems and their flight crew interfaces, even with those that are carefully designed. Most of these errors have no significant safety effects, or are detected and/or mitigated in the normal course of events,. Still, accident analyses have identified flight crew performance and error as significant factors in a majority of accidents involving transport category aeroplanes. Accidents most often result from a sequence or combination of errors and safety related events (e.g., equipment failure and weather conditions). Analyses show that the design of the flight deck and other systems can influence flight crew task performance and the occurrence and effects of some flight crew errors.