AS9100 Revision Trends: What Aerospace Auditors Need to Know in 2026

Aerospace auditors are walking into 2026 with an unusual mix of certainty and ambiguity: certainty that the 9100-series will change, and ambiguity about how fast and how big the first wave will be. The International Aerospace Quality Group (IAQG) has been coordinating the next revision to align with the ISO 9001 update cycle, and industry communications increasingly describe a staged approach, with smaller, earlier adjustments followed by a more comprehensive alignment once ISO 9001’s revision is finalized.

QMII opines the practical question isn’t “What will the clause numbers be?” It is, what will organizations struggle to implement, what will certification bodies emphasize, and where will audit trails be weakest during transition? This article focuses on those revision trends—the direction of travel, so our clients, alumni and friends of QMII can sharpen their planning for changes in 2026 without waiting for every last editorial detail.

IAQG’s publicly shared planning materials describe a multi-year schedule that includes coordination drafts, dispositioning of comments, and balloting leading into publication aligned with ISO 9001’s release timing. In parallel, multiple industry briefings and consultants’ summaries describe two update tracks (a narrower-scope update followed by a larger revision tied closely to ISO 9001). ISO 9001 timing matters because it drives the backbone of the expected changes.

The ISO 9001 revision process reached a major milestone with the Draft International Standard (DIS) released on 27 August 2025, and several reputable sources project publication in late 2026 (often cited around September–October 2026 depending on the process steps).
That timing is important because AS9100 (and its next iteration being discussed in industry as “IA9100”) typically layers sector-specific requirements onto the ISO 9001 structure.

A consistent signal from ISO 9001 revision commentary is stronger emphasis on quality culture and ethical conduct, with leadership expected to do more than sign a policy statement. Even where the ISO changes are described as “editorial clarifications,” the interpretation by auditors and customers tends to be that culture and ethics must be demonstrated through governance and day-to-day decisions.

What this looks like in aerospace audits where organizations already operate under intense safety, airworthiness, and customer oversight is that “ethics” often shows up as:

• escalation pathways for quality/safety concerns.
• protections against retaliation.
• independence of quality from production pressure.
• decision records when delivery commitments conflict with conformity risk.

Therefore, the organizational emphasis and audit requirements for 2026 include and must consider:

• Leadership interviews become evidence-seeking, not conversational. Ask for examples where leadership chose quality over schedule/cost and how that decision was communicated and verified.
• Look for “quality culture instrumentation.” Are there measurable indicators beyond NCR counts (e.g., recurrence rates, escape metrics, employee reporting trends, first pass yield vs. risk hotspots)?
• Test the management review inputs. Culture/ethics themes should show up as risks, objectives, corrective action effectiveness, and resource decisions and not just as a slide with no follow-through.

Supply chain resilience becomes a first-class audit theme and an organizational need for aerospace organizations. Even before formal revisions, the market reality is pushing standards interpretation toward resilience, second sourcing, supplier continuity, counterfeit avoidance, and rapid response to disruptions. ISO 9001 revision commentary increasingly calls out supply chain disruptions and resilience as a clearer focus area.

In AS9100 Rev D, many organizations already struggle with “supplier control” as an administrative exercise (scorecards, approvals) rather than a risk-driven system. And AS9100’s established focus areas as counterfeit parts prevention, product safety, and configuration management tend to intensify supply chain expectations. Changes for 2026 include:

• Audit the supplier-control process as risk management. If a supplier is “high risk,” you should see enhanced controls: incoming verification strategy, escape mitigation, alternate routing, tighter change notification, and defined containment plans.
• Trace a disruption scenario. Pick one realistic event (material shortage, special process capacity loss, cyber incident at a supplier) and ask, what is the organization’s playbook? Who triggers it? What evidence exists that it’s been tested?
• Counterfeit prevention isn’t just training. Look for authenticated sourcing, traceability depth, suspect/unapproved parts handling, and supplier flow-down effectiveness (especially in distribution channels).

Risk-based thinking matures with this update and organizations as also auditors will be expected to distinguish “lists of risks” from risk-managed processes. AS9100 Rev D embedded risk-based thinking broadly, but many implementations still look like static risk registers that don’t change decisions. The direction of travel reinforced by ISO’s revision commentary is toward more explicit proactive risk management, including resilience and continuity. Therefore, the expected changes for 2026 include:

• Follow risk into planning and controls. Pick a top operational risk and verify it changed something tangible: inspection plans, process capability targets, staffing plans, supplier strategy, buffer stocks, verification methods, or design reviews.
• Verify risk competence. Who owns risk evaluation? Do they understand likelihood vs. detectability vs. severity? Are criteria consistent across functions?
• Test the corrective action loop. When a failure occurs, do they update risk controls to prevent recurrence, or just close an 8D?

Human factors and “work environment” evidence becomes more specific. The changes look at aerospace quality failures which are often human-system failures, fatigue, confusing work instructions, poor tool control, inadequate lighting/layout, rushed handoffs. AS9100 Rev D already signaled movement in this direction by requiring consideration of human and physical factors when planning the work environment. The changes for 2026 now include:

• Observe, then verify. Start on the floor. If you see error-likely conditions (visual clutter, ambiguous labeling, interrupted work, rework loops), then ask what the system does to prevent escapes.
• Training effectiveness over training completion. Ask operators to demonstrate critical steps and show how competence is maintained when changes occur (new revision levels, tooling changes, new materials).
• Shift handover is auditable. For critical processes, assess how information continuity is protected between shifts and between internal/supplier handoffs.

World is more and more into digitalization and data integrity becomes audit-critical, not “nice to have”. ISO revision discussions frequently highlight digital transformation and data-driven quality practices. In aerospace, that will collide with:

• eQMS workflows.
• digital inspection records.
• automated test systems.
• MES/ERP traceability.
• remote collaboration across the supply chain.

Therefore, the changes for 2026 will trend toward:

• Data integrity checks. Can the organization show controls for access, versioning, audit trails, backups, and cybersecurity-related risks for quality records?
• Software-enabled processes. If an app enforces a step (e-signature, validation gate), test whether it can be bypassed, and whether exceptions are controlled and reviewed.
• Analytics that drive decisions. If they claim, “we use dashboards,” audit one dashboard end-to-end, data source to transformation to interpretation to action and the result.

Climate and sustainability considerations creep into QMS context and risk. ISO 9001 gained climate change considerations via an amendment in 2024, and the 2026 revision discourse continues to treat climate as part of organizational context and risk. This doesn’t automatically mean “environmental management system” requirements but it does mean auditors may increasingly ask how climate-related disruptions affect:

• continuity of operations.
• supplier viability.
• infrastructure risks.
• regulatory/customer expectations.
• product conformity risks (materials, storage, transport).

So, in 2026 changes the organizations consider:

• Keeping it QMS-relevant. Organizations and the auditors are not just looking at ISO 14001 instead the focus is on how climate-related issues are captured in context, risks/opportunities, and planning.
• Look for materiality. For a site in a storm-prone region, do contingency plans and infrastructure maintenance reflect that reality? For temperature-sensitive materials, are storage/transport controls robust?

Therefore, what aerospace organizations and the auditors should do differently in 2026 is:

1. Treat transition readiness as an auditable system. Even before formal adoption dates, organizations will be working on readiness. Audit their change management discipline:

• gap assessment method and assumptions.
• controlled interpretation of drafts/briefings.
• documented transition plan with owners and milestones.
• internal communication and competence-building.
• “No surprises” engagement with customers and certification bodies.

Just having a plan without governance, will not work. With the updated standard governance is emphasized.

1. Increase the depth of process-based auditing. The more standards emphasize culture, resilience, and risk, the less value there is in document conformance audits. Go process-first:

• pick a critical product line or program.
• follow it from contract/design planning through purchasing, production, verification, shipment, and post-delivery feedback.
• sample change events (engineering changes, supplier changes, escapes).

1. Recalibrate “effectiveness” tests. The emerging expectations reward organizations that can show:

• fewer escapes and less recurrence.
• faster detection and containment.
• decisions that reflect risk prioritization.
• leadership actions that protect product safety and conformity under pressure.

A practical closing view on what will be hardest for organizations with the 2026 changes is that the most common weak points are likely to be:

1. Culture/ethics presented as slogans rather than measurable behaviors and governance.
2. Risk registers that don’t change controls, especially in supplier management and production planning.
3. Resilience talked about abstractly, with no tested scenarios or defined triggers/ authorities.
4. Digital records without strong integrity controls, especially across multiple systems and suppliers.
5. Human factors addressed implicitly (“our operators are experienced”) rather than through designed error-proofing and competency evidence.

—

This article was written by IJ, Principal Consultant at QMII. With extensive experience in ISO standards, auditing, and organizational transformation, IJ has guided global organizations in strengthening their management systems. His approach focuses on aligning ISO implementation with strategic business objectives to drive long-term performance improvement.