Is there progress toward CUSS 2 in the airline industry?

Yes. The airline industry has moved into active transition toward CUSS 2.0 with updated specifications using OpenAPI, OAuth2, HTML5, JSON, TLS 1.2+, and WebSockets. However, migration remains gradual because CUSS 2 is not backward compatible with many CUSS 1.x deployments.

How many airline kiosks in the United States actually operate in true CUSS mode?

Most U.S. airline kiosks remain proprietary airline-operated systems rather than true shared common-use deployments. Shared CUSS environments are more common in constrained terminals, international hubs, and airport-managed common-use areas.

Who controls and influences the CUSS 2 toolkit?

The CUSS 2 toolkit is controlled by IATA and influenced primarily by major airlines, large airport technology vendors such as SITA and Amadeus, and IATA technical committees. Participation and certification are managed within a controlled ecosystem rather than a fully open standards process.

Why is certificate management becoming a major issue in CUSS environments?

Modern CUSS environments require shared trust models involving certificates, TLS encryption, browser runtimes, middleware coordination, and security synchronization across multiple airlines and vendors. Expired certificates, browser policy changes, or trust-store mismatches can create operational outages affecting check-in, bag drop, payment systems, and passenger processing.

Why are airlines hesitant to retrofit proprietary kiosks to CUSS 2?

Many airlines already operate stable proprietary kiosk environments with existing branding, PCI certification, loyalty integration, and operational workflows. Retrofitting to CUSS 2 introduces recertification costs, security complexity, middleware coordination, interoperability testing, and shared-platform operational risks.

What role does baggage automation play in the future of common-use infrastructure?

Baggage automation and self bag drop are likely to become more strategically important than traditional passenger kiosks. Airports continue investing in shared baggage infrastructure, biometric identity systems, RFID bag tracking, and CUPPS-based processing environments.

What are the U.S. DOT accessibility requirements for airline kiosks?

Under 14 CFR § 382.57 and the Air Carrier Access Act, at least 25% of kiosks in each airport location must be accessible. Accessible kiosks must provide equivalent functions including speech output, tactile controls, accessible keypads, display visibility, and priority access for passengers with disabilities.

What is the likely long-term architecture for airport self-service systems?

The most likely direction is hybrid infrastructure combining common-use physical hardware with logically isolated airline runtimes, containerized workloads, independent certificate chains, and stronger edge security management. The industry increasingly favors controlled standardization and operational resilience over fully shared trust environments.

Insights on CUSS and CUPPS, Airlines, IATA and more

Table of Contents

Frequently Asked Questions – CUSS

CUSS and CUPPS were designed to standardize airport self-service infrastructure, allowing multiple airlines to share kiosks and passenger processing systems. While adoption expanded globally, operational complexity, security management, branding control, biometrics, and mobile-first passenger workflows have reshaped the role of common-use infrastructure in modern airports.

Recently CUSS came up and we decided to take a look. Here is our FAQ —

As standards go is there any progress towards CUSS 2 in airline industry?
How many airline kiosks deployed in US are CUSS capable and how many are actually operating in CUSS mode. We would think 90% are not and are operating airline specific
who is allowed to see and influence the CUSS 2 toolkit that IATA offers
Wasn’t the original CUSS done much in JAVA?
How likely is it that airlines will retrofit their proprietary kiosks to CUSS2 especially given current energy and fuel situation? What are the odds and probability?

What About CUPPS and Baggage

What about Accessibility, ADA, DOT and ACAA?

The interesting conclusion for this look is that the greatest probability after all said and done is “CUSS-lite + strong baggage automation + strong CUPPS.”

Insight by Intel

By Craig Allen Keefner

My first entry into airline kiosks was Check-In kiosks we piloted in Northwest Airlines Commissary in Detroit (1998). Before they went to airport. Fighting IBM and Markham was big losing battle 🙂 Before that I was involved with mobile and also GIS “certification” being pushed by IBM (1994). Aka proprietary guardrails and advantages.

We have seen many standards “authorities” such as IATA, UL, ANSI, PCI DSS, WCAG plus our own Access Board in the US and ETSI in Europe. They all claim to be consensus-based. Always first. The first rule of golf for R&A is .1 “The Spirit of the Game”. Consensus-based and “open standards” are demonstrated in full by our US Access Board, ANSI and ETSI.

IATA is still ruled by certain companies, the names have simply changed from IBM and NCR to SITA and Amadeus. Embross still has IBM roots which is ironic. The original specifications were done in obscure JAVA and Corba. And those very capable companies neglected to factor in features which have now become critical with the aging and inflexible infrastructure. Add the price of jet fuel and things get interesting…

In some ways, the QSR industry is facing the same issues. Healthcare.

And just imagine telehealth…

In my experience problems almost always come down to two factors:

Permissions (especially after patches and “updates”)
Connections

Occasionally the utility company backhoe accidentally cuts your T1 but that is connection too…

Question: As standards go is there any progress towards CUSS 2 in airline industry?

Answer: Yes, there is real progress toward CUSS 2.0, but it looks more like a standards-led migration than a clean, industrywide cutover.

IATA now has a CUSS 2 toolkit that includes the CUSS 2 specification, API/data model definitions in YAML, a certification document template, and a development guide. The big technical shift is away from older CUSS 1.x dependencies toward web/API technologies such as OpenAPI, OAuth2, HTML5, JSON, TLS 1.2+, and WebSockets, with security-by-design and PCI/GDPR alignment called out by IATA.

The official IATA transition timeline shows a technical specification release on March 31, 2023, the CUSS 2 transition phase starting January 1, 2024, and CUSS 1.x platforms discontinued January 1, 2026. IATA also states that CUSS 2 is not backward compatible, which is a big practical issue for airlines, airports, and kiosk platform vendors.

Vendor movement is visible. Amadeus is marketing a CUSS2 product that can run CUSS 1.x and 2.x side by side, which suggests the market expects a mixed environment for some time rather than a hard flip. Embross described MVP, POC, and limited station/airline rollout plans through 2024 and Q1 2025, while also warning that airlines and stations need active migration planning for 2026. Vision-Box has also promoted CUSS2 migration tooling and backward-compatibility support for legacy CUSS 1.x applications and platforms.

Our read: CUSS 2.0 is now past “standards discussion” and into transition/implementation. The bottleneck is adoption at airports and airline apps, especially because CUSS 2 is not natively backward compatible. Expect dual-stack platforms, conversion layers, and selective station rollouts before broad normalization.

Toolkit is $5000

Question: How many airline kiosks deployed in US are CUSS capable and how many are actually operating in CUSS mode. We would think 90% are not and are operating airline specific

Short answer: Safe to say most U.S. airline check-in kiosks are still airline-specific/proprietary rather than true shared CUSS positions.

There is no public, audited U.S. count for “CUSS-capable” versus “actually operating as CUSS.” Airlines are very competitive. IATA defines CUSS as a shared kiosk that can be used by several participating airlines, and its common-use standards page currently lists CUSS technical specifications at version 2.3.2.

The public evidence points to a few hundred clearly documented U.S. common-use/CUSS kiosk positions, not thousands. John Wayne Airport documents 125 CUSS kiosk positions excluding spares, with nine kiosk-certified airlines including AA, AC, AS, DL, F9, WN, NK, UA, and WS, and says the CUPPS/CUSS system has been operational since 2011. San Diego’s Green Build project included more than 100 IATA-certified CUSS kiosks and 150 CUPPS workstations, but that source is from the 2012 deployment period rather than a current inventory. JFK Terminal 4 has been described as using Amadeus CUSS/ACUS with 100 kiosks and 42 auto bag-drop units, serving a multi-airline terminal environment.

So our working estimate would be:

The tell is that U.S. DOT/IATA accessibility language explicitly distinguishes proprietary and common-use kiosks, which means the market still treats airline-owned/controlled kiosks as a major installed category rather than everything being common-use. The CUSS 2 migration plan also says current certifications are still being conducted against CUSS 1.5 because there are a limited number of certified CUSS 2 platforms, which reinforces that common-use modernization is still transitional rather than ubiquitous.

Our conclusion: our “90% not operating in CUSS mode” is plausible if we mean all U.S. airline check-in kiosks, especially at airline-controlled hubs and counters. The exception is airport-controlled common-use environments: international terminals, constrained terminals, secondary airports with shared counters, and newer CUPPS/CUSS deployments.

Question: who is allowed to see and influence the CUSS 2 toolkit that IATA offers

The short answer is: the toolkit is not truly “open” in the normal open-standards sense. IATA controls it, and meaningful influence generally comes through participation in IATA working groups, airline committees, and major ecosystem vendors.

Here’s how it actually works in practice.

Who Can Access the CUSS 2 Toolkit?

The actual CUSS 2 toolkit (specification, APIs, YAML definitions, certification templates, development guide) is distributed commercially through IATA. $5000

That means access is generally limited to organizations that:

Purchase the toolkit/license from IATA
Participate in IATA Common Use working groups
Are airlines, airports, or recognized industry suppliers
Are ecosystem vendors implementing CUSS platforms/apps

Typical participants:

Airlines
Airport operators
Ground handlers
Common-use platform vendors
Kiosk manufacturers
Software vendors
Integration companies
Large consultants

Examples in the ecosystem include:

Who Actually Influences CUSS 2?

Formally, IATA owns and publishes the Recommended Practice 1706c specification.

But in reality, influence comes from several layers:

1. Large Airlines (Primary Power)

The biggest airlines have the most influence because:

They are the operational customers
They drive deployment requirements
They fund participation
They dominate IATA committees

Major international carriers tend to shape:

Security models
Identity workflows
UI/UX expectations
Certification requirements
Baggage/drop integration
Mobile/device extensions

Historically, airlines such as:

Lufthansa
British Airways
Delta Air Lines
Singapore Airlines
have been heavily involved in common-use direction.

2. Dominant Common-Use Vendors

This is where much of the practical influence sits.

Vendors like:

SITA
Amadeus

have enormous influence because:

They run many airport common-use systems
They implement the middleware
They handle certification realities
Airports depend on them operationally

So even if IATA “owns” the standard, these vendors heavily influence:

What is feasible
What gets prioritized
Which APIs survive
Backward compatibility
Security architecture
Migration strategy

Our earlier observation is correct:

CUSS started feeling almost proprietary.

That perception exists across the industry because:

The ecosystem is concentrated
Certification is controlled
Participation costs money
The installed base is dominated by a few providers
Interoperability often depends on vendor interpretation

So while CUSS is technically an IATA Recommended Practice, operationally it behaves more like a controlled consortium ecosystem than a fully open standard.

Airports Have Less Influence Than You’d Think

Airports participate, but many airports:

outsource common-use operations,
rely on SITA/Amadeus,
and follow airline requirements.

So airports often influence deployment models and operational workflows more than the underlying technical direction.

Small Vendors Can Participate — But With Limits

A kiosk OEM or software company can:

buy the toolkit,
attend industry groups,
certify products,
submit feedback,
join task forces.

But influence depends heavily on:

installed base,
airline relationships,
airport deployments,
committee participation,
and engineering resources.

A small kiosk manufacturer usually has far less influence than:

a tier-1 airline,
SITA,
Amadeus,
or a large airport consortium.

CUSS 2 Changed the Power Structure a Bit

CUSS 2 moved toward:

OpenAPI
HTML5
OAuth2
JSON
WebSocket
modern TLS/security

That theoretically lowers barriers for web developers and smaller software vendors.

But there is still a major gatekeeping layer:

certification,
interoperability testing,
airport deployment approval,
and airline acceptance.

So the architecture became more modern/open…
while governance remains fairly centralized.

The Real Governance Dynamic

In practice, CUSS 2 governance is roughly:

Group	Real Influence
Major airlines	Very high
SITA / Amadeus	Very high
IATA technical committees	High
Large airports	Moderate
Ground handlers	Moderate
Kiosk OEMs	Moderate to low
Small independent developers	Low

That’s one reason many airlines and airports increasingly explore:

browser-based workflows,
mobile-first passenger processing,
biometric identity layers,
and cloud APIs outside traditional CUSS infrastructure.

CUSS solved interoperability…
but also created a fairly heavyweight ecosystem that can slow innovation.

Question: Wasn’t the original CUSS done much in JAVA?

Yes, very much so. Original CUSS 1.x was heavily tied to the old “enterprise Java / middleware” era.

The usual stack was roughly:

Java applet / Java runtime era: many airline kiosk apps and CUSS client layers depended on Java/JRE-style runtime assumptions.
CORBA / IDL: CUSS 1.x used CORBA/IDL-style interfaces for device abstraction and platform-to-application communication.
Local device middleware: the platform managed peripherals like passport readers, barcode scanners, boarding pass printers, bag tag printers, card readers, and lights through local middleware.
Windows kiosk environment: many deployments ran on Windows-based airport/kiosk PCs with locked-down local runtime components.
Browser/HTML only as part of the UI story: not like modern web apps. The application model was much more local-runtime and middleware-dependent.

That is one reason CUSS 2 matters. CUSS 2 moves toward OpenAPI, OAuth2, HTML5, JSON, TLS 1.2+, and WebSockets, which is much more natural for current web developers and cloud-connected architectures. It also removes a lot of the old Java/CORBA baggage.

So your recollection is right: original CUSS was not “modern web.” It came out of the Java/CORBA/common-use middleware period, and that legacy stack is one of the drivers behind the CUSS 2 transition.

Question: How likely is it that airlines will retrofit their proprietary kiosks to CUSS2 especially given current energy and fuel situation? What are the odds and probability?

The probability is actually lower than many people in aviation expected five years ago.

My estimate for the next 3–5 years:

Scenario	Probability
Full retrofit of proprietary airline kiosks to native CUSS 2	15–25%
Partial retrofit / hybrid coexistence	45–60%
Continued proprietary kiosks with limited interoperability layers	60–75%
Airlines skipping kiosk investment and moving to mobile/biometric workflows instead	50–70%

The key issue is this:

CUSS 2 solves a technical interoperability problem at the exact moment airlines are questioning whether large kiosk fleets are strategic anymore.

That timing matters enormously.

Why Large-Scale Retrofit Is Less Likely

1. Airlines Already Own the Hardware

Many airlines already have:

depreciated kiosk fleets,
proprietary workflows,
integrated branding,
existing PCI certification,
and tightly coupled backend systems.

Retrofitting means:

application rewrite,
recertification,
testing,
security review,
airport coordination,
vendor coordination,
and operational retraining.

That is expensive even before hardware changes.

And IATA itself acknowledges airlines certifying under CUSS 1.x now will need recertification for CUSS 2.

2. Fuel and Energy Costs Push Airlines Toward Near-Term ROI

What about fuel and energy — that is an important angle.

Airlines today are prioritizing:

fuel efficiency,
fleet modernization,
operational resilience,
labor reduction,
and digital/mobile self-service.

Capital budgets are under pressure from:

fuel volatility,
aircraft delivery delays,
higher interest rates,
labor shortages,
geopolitical instability.

A CUSS 2 migration often does not create immediate passenger revenue.

Compared to:

dynamic retailing,
ancillary upsell,
AI operations,
crew systems,
predictive maintenance,
fuel optimization,

…CUSS retrofit can look like infrastructure plumbing.

That lowers executive urgency.

3. Mobile Is Cannibalizing the Kiosk Value Proposition

This is the biggest structural issue.

IATA’s own passenger surveys show accelerating preference for:

smartphones,
digital ID,
biometrics,
app-centric travel workflows.

So airlines increasingly ask:

“Why invest millions modernizing kiosks if passengers increasingly bypass them?”

That doesn’t mean kiosks disappear.
It means:

kiosk counts flatten,
deployments become more targeted,
and common-use economics weaken.

4. Airlines Prefer Control

Many major airlines still prefer proprietary systems because they control:

branding,
upsell flows,
loyalty integration,
passenger analytics,
disruption handling,
ancillary sales,
payment systems.

CUSS inherently reduces differentiation.

That is why many premium/global airlines still maintain:

dedicated kiosks,
dedicated bag drop,
proprietary workflows,
even at common-use airports.

Where CUSS 2 Will Win

The strongest adoption areas are likely:

Airports Under Capacity Pressure

Especially:

Europe
Asia
constrained terminals
multi-airline international hubs

CUSS helps increase throughput without terminal expansion.

Smaller or Foreign Airlines

For airlines with:

few flights,
limited gate presence,
seasonal operations,
international expansion,

CUSS is economically attractive because it avoids deploying proprietary hardware.

Airports Forcing Standardization

IATA’s migration roadmap suggests some airports may mandate CUSS 2 compliance beginning in late 2026.

This is important:
the pressure may come more from airports than airlines.

Most Likely Real-World Outcome: Hybrid

The most probable outcome is:

Large airlines:

keep flagship proprietary kiosks,
selectively support CUSS 2,
deploy hybrid architectures.

Airports:

expand common-use in overflow/shared areas,
especially for international carriers.

Vendors:

create “bridge” layers between legacy proprietary systems and CUSS 2.

IATA itself explicitly references bridge compatibility during migration phases.

That is a strong clue the industry expects coexistence rather than hard replacement.

My Estimate By Airline Tier

Airline Type	Probability of Significant CUSS 2 Migration
Major US legacy carriers	20–35%
European hub carriers	50–70%
Asian mega-hubs	60–80%
Low-cost carriers	25–45%
Regional airlines	40–60%
International/seasonal carriers	70–85%

US airlines are probably the least enthusiastic overall because:

they already invested heavily in proprietary systems,
they have strong mobile adoption,
and major airports often tolerate dedicated infrastructure.

The Hidden Technical Problem: Trust Stores & Certificates

This has been raised earlier and it matters a lot. Think HTTPS and then old HTTP

CUSS environments create:

shared trust models,
certificate management complexity,
browser/runtime dependencies,
middleware coordination,
security patch synchronization.

Those issues become operationally painful at scale.

Many airlines may conclude:

“If we already operate our own kiosk stack successfully, why inherit shared-platform complexity?”

Especially after:

Windows 10 EOL,
certificate-chain changes,
browser security tightening,
PCI DSS evolution,
and zero-trust security mandates.

See Trust Addendum Below

Strategic Bottom Line

CUSS 2 is technically better than CUSS 1.x:

modern APIs,
OpenAPI,
OAuth2,
HTML5,
WebSockets,
better security.

But the industry question is no longer:

“Should kiosks be interoperable?”

The newer question is:

“How much fixed kiosk infrastructure will airports even need by 2030?”

That uncertainty reduces the probability of massive retrofit programs.

QUESTION – What About CUPPS and Baggage

CUPPS and baggage are actually far more defensible long-term than CUSS kiosks. That’s the key distinction.

Passenger-facing kiosks are increasingly optional. Baggage infrastructure is not.

First: CUPPS vs CUSS

CUSS

Common Use Self Service

Passenger kiosks
Self check-in
Boarding pass printing
Bag tag printing
Shared passenger devices

CUPPS

Common Use Passenger Processing Systems

Shared check-in counters
Gate systems
agent workstations
boarding gates
backend airline processing environment

CUPPS is much deeper operationally.

It replaced older CUTE systems and became core airport infrastructure.

Why CUPPS Is Safer Than CUSS

Airlines Can Skip Kiosks

Passengers increasingly use:

mobile boarding passes,
biometric identity,
digital wallets,
remote check-in.

But airlines still need:

staffed counters,
irregular operations handling,
rebooking,
visa checks,
baggage exception handling,
gate processing.

So CUPPS remains operationally essential.

Baggage Is the Real Anchor

This is the huge point many outside aviation miss:

The airport baggage system is still fundamentally physical infrastructure.

Unlike check-in apps, baggage requires:

conveyors,
reconciliation,
security screening,
tag issuance,
transfer routing,
exception management,
oversize handling,
customs integration.

You cannot virtualize baggage.

That means:

bag drop,
tag printing,
baggage reconciliation,
airline/airport interoperability,
remain critical.

Self Bag Drop Is the Real Driver

The strongest future investment area is probably not kiosks themselves.

It is:

self bag drop,
biometric bag drop,
assisted bag drop,
integrated baggage identity.

This is where CUSS and CUPPS intersect.

Likely Industry Direction

The trend appears to be:

Area	Long-Term Outlook
Traditional airline kiosks	Flat/declining
Mobile passenger processing	Strong growth
Self bag drop	Strong growth
CUPPS shared infrastructure	Stable/moderate growth
Biometric identity systems	Strong growth
Baggage automation	Strong growth
Dedicated airline counters	Gradual reduction
Shared airport infrastructure	Increasing

So baggage keeps common-use relevant even if kiosks weaken.

Why Airports Still Care Deeply About Common Use

Airports want:

higher utilization,
flexible airline allocation,
less dead counter space,
dynamic gate assignment,
scalable passenger throughput.

Without common-use:

every airline requires dedicated infrastructure,
which wastes terminal capacity.

This becomes economically painful at large hubs.

That’s why:

Europe,
Asia,
Middle East hubs,
tend to favor common-use more aggressively than many US airports.

The Big Baggage Technology Shift

The real modernization wave is now around:

1. Off-Airport Processing

Examples:

remote bag drop,
hotel bag acceptance,
rail integration,
cruise integration.

2. Biometric Identity

Connecting:

passenger,
passport,
bag,
boarding entitlement.

3. RFID and Digital Bag Tracking

Driven partly by IATA Resolution 753.

4. AI/Computer Vision

For:

oversize detection,
prohibited items,
queue management,
exception handling.

5. Robotics & Automated Bag Drop

Especially in Asia and Europe.

CUSS2 Matters More for Bag Drop Than Check-In

Ironically, CUSS 2 may end up more valuable for:

bag-drop interoperability,
device integration,
shared peripheral management,
than for traditional kiosk UI itself.

That’s because self bag drop requires:

scanners,
scales,
printers,
passport readers,
payment sometimes,
reconciliation systems,
security integration.

Those environments benefit from standardized APIs.

Where the Real Money Is

The airport industry increasingly sees value in:

baggage throughput,
labor reduction,
queue reduction,
security integration,
utilization optimization.

Not necessarily in kiosk modernization itself. That changes vendor economics.

Strategic Industry Direction

The likely future architecture:

Passenger Identity

mobile
biometrics
cloud entitlement

Airport Infrastructure

CUPPS
shared processing
identity federation

Physical Processing

self bag drop
automated gates
baggage reconciliation

Kiosk Role

More limited:

exception handling,
bag tag issuance,
passport validation,
assisted service.

Probability Outlook

CUPPS survival/growth through 2035

Very high:

75–90%

Self bag drop expansion

Extremely high:

80–95%

Traditional kiosk fleet expansion

Much lower:

20–40%

Hybrid passenger processing

Almost certain:

90%+

The Hidden Reality

The aviation industry may ultimately move toward:

“CUSS-lite + strong baggage automation + strong CUPPS.”

Meaning:

fewer massive kiosk deployments,
more distributed identity,
but stronger shared airport infrastructure underneath.

That’s probably the most realistic outcome today.

Question — What about Accessibility, ADA, DOT and ACAA?

Answer – For airline kiosks, the key U.S. law is ACAA, not mainly ADA. The ADA generally does not govern disability discrimination in air transportation; the Air Carrier Access Act applies instead. DOT enforces the ACAA, and the rule applies to flights within, to, or from the United States by U.S. airlines and to flights to or from the U.S. by foreign airlines.

We have not seen any specifications in CUSS 2 covering ADA or Accessibility or DOT or ACAA.

For kiosks, the operative rule is 14 CFR § 382.57. It applies to automated airport kiosks that a carrier owns, leases, or controls at U.S. airports with 10,000 or more enplanements per year. It also applies to shared-use kiosks jointly owned, leased, or controlled by carriers and airport operators, with carriers jointly and severally liable with the airport/operator/participating carriers for shared-use compliance.

The core rule is the 25% requirement. New kiosks installed on or after Dec. 12, 2016 had to be accessible until at least 25% of kiosks in each airport location or cluster met the standard, and by Dec. 12, 2022 at least 25% of kiosks in each location had to meet the technical accessibility specifications. The DOT fact sheet says the same rule applies to airline-owned/leased/controlled kiosks and to airport/carrier jointly owned or controlled shared-use kiosks at airports with 10,000+ annual enplanements.

Important practical details:

Same functions: If the inaccessible kiosks in a cluster print boarding passes, print bag tags, take payments, rebook tickets, or sell upgrades, the accessible kiosks in that location must provide the same functions.
Priority access: A passenger with a disability who requests an accessible kiosk must get priority access to an available accessible kiosk in that location.
Identification and uptime: Accessible kiosks must be visually and tactilely identifiable and maintained in proper working condition.
Equivalent service: If a passenger cannot readily use the kiosk, the carrier must provide equivalent service, such as directing the passenger to an accessible kiosk, assisting with an inaccessible kiosk, or allowing the passenger to move to the front of the check-in counter line.
Technical requirements: The kiosk standard includes clear floor space, operable parts, privacy, speech output, volume control, captioning, tactile input controls, QWERTY/numeric keypad requirements, display contrast/visibility, Braille instructions for initiating speech mode, and restrictions on biometrics as the sole identification method.

For CUSS, IATA explicitly warns airlines, airports, and service providers about the U.S. DOT kiosk accessibility rule and says CUSS 1.4 and later provide the technical framework to support current accessibility standards. So in practice, both proprietary airline kiosks and CUSS/common-use kiosks need an accessibility compliance plan, but shared CUSS deployments create extra responsibility because airlines, airports, and vendors may all be in the chain.

Addendum Trust

What looks elegant on a PowerPoint slide becomes extremely ugly in airport operations.

The promise of CUSS (Common Use Self Service) has always been:

shared hardware
shared infrastructure
shared application runtime
multiple airlines on one kiosk
reduced airport footprint
lower CapEx

But the technical reality underneath is that CUSS effectively creates a shared trust and security ecosystem across airlines, airports, middleware providers, peripheral vendors, operating systems, and remote management layers.

That is where things get difficult.

The Hidden Technical Problem: Trust Stores & Certificates

At a high level, every modern kiosk transaction depends on chains of trust. Any good webmaster is very familiar with these items.

Think:

HTTPS certificates
TLS encryption
device certificates
signed executables
browser trust stores
payment terminal certificates
VPN certificates
airline web services
API authentication
baggage interfaces
boarding pass validation
biometric identity systems

In a proprietary airline kiosk stack, the airline controls nearly all of this.

In CUSS, the trust model becomes federated and shared.

That sounds efficient.

Operationally, it can become fragile.

Old HTTP vs HTTPS Analogy

Our comparison is actually very accurate.

Old web:

Simple
Open
Minimal dependencies
Fewer certificate failures
Lower security

Modern HTTPS ecosystem:

Certificate chains
Root CA dependencies
Browser enforcement
TLS version compliance
OCSP/CRL validation
HSTS
Cipher requirements
Continuous updates

Now apply that complexity to:

kiosks
airports
airline applications
badge readers
boarding pass printers
passport scanners
payment systems
baggage drops
biometric verification
multiple airlines sharing the same endpoint

That is effectively what modern CUSS environments become.

Shared Trust Models Become Political

In proprietary kiosks:

Delta controls Delta.
United controls United.

Simple accountability.

In CUSS:

Who owns trust?

Possible stakeholders:

airport authority
SITA
Amadeus
airline IT
kiosk OEM
OS vendor
payment provider
security middleware vendor
browser engine vendor

Now imagine:

one expired certificate
one outdated root CA
one unsupported TLS version
one revoked signing cert

Suddenly:

boarding fails
check-in fails
payment fails
bag tag printing fails
biometrics fail

And every airline points at someone else.

Certificate Management at Scale

Airports may operate:

hundreds of kiosks
multiple terminals
multiple airlines
multiple VLANs
multiple trust zones
different OS versions
different peripheral firmware levels

Now layer on:

certificate expiration schedules
intermediate CA rotations
root trust updates
code-signing renewals
PCI key rotation
TPM requirements
secure boot validation

One missed update can create a cascading operational outage.

This is exactly the kind of issue enterprises increasingly hate.

Browser/Runtime Dependency Hell

Modern CUSS increasingly depends on:

Chromium runtimes
WebView frameworks
browser security policies
sandboxing
JavaScript compatibility
web APIs
containerized components

The problem:
Browsers evolve fast.
Airports evolve slowly.

A kiosk deployment may remain operational for:

7 years
10 years
sometimes longer

But Chromium security assumptions may change every few months.

Examples:

deprecated TLS support
removed root certificates
stricter cookie enforcement
cross-origin restrictions
certificate pinning changes
deprecated cryptographic algorithms

Suddenly:
the airline application that worked for years no longer works after a mandatory security update.

Middleware Coordination Is the Silent Killer

CUSS depends heavily on middleware abstraction.

That means:

airline app
device abstraction layer
printer services
scanner services
payment services
kiosk management platform
OS security stack

All must coordinate perfectly.

One mismatch breaks the chain.

Example:

Windows patch updates driver signing enforcement
scanner middleware no longer trusted
bag-tag printer stops enumerating
airline app cannot detect peripheral

Passenger sees:
“Kiosk Out of Service”

Actual root cause:
certificate trust mismatch between middleware layers.

Security Patch Synchronization

This may be the single biggest operational problem.

Modern cybersecurity now assumes:

continuous patching
rapid vulnerability response
zero-trust segmentation
endpoint hardening
least privilege
signed code validation

But airports hate rapid change.

Because uptime matters more than novelty.

Now multiply this problem across:

airports
airlines
CUSS providers
kiosk vendors
peripheral suppliers
payment providers

A critical CVE may require:

OS patch
middleware patch
browser patch
device firmware patch
certificate update

If even one layer lags:
the whole ecosystem becomes vulnerable or unstable.

Windows 10 EOL Is a Major Trigger

This is probably underestimated.

A massive percentage of deployed kiosks globally still rely on Windows 10 variants.

Windows 10 EOL forces decisions around:

TPM requirements
secure boot
driver compatibility
hardware acceleration
kiosk lockdown tools
certificate handling
browser engine compatibility

Many older kiosks:

technically still work
but fail modern security assumptions

This creates a brutal economic question:

Do we:

retrofit?
virtualize?
isolate?
replace?
migrate to Linux?
abandon shared CUSS infrastructure?

Some airlines may decide:
“We already operate proprietary kiosks successfully. Why complicate this?”

PCI DSS 4.0 Changes the Equation

PCI Security Standards Council requirements increasingly emphasize:

continuous monitoring
stronger authentication
tighter segmentation
vulnerability management
encrypted transmission
software integrity

Shared environments are inherently harder to secure.

A proprietary airline kiosk:

smaller attack surface
fewer dependencies
clearer ownership
faster incident response

A shared CUSS environment:

broader attack surface
multiple tenants
dependency sprawl
harder segmentation
harder forensic attribution

Security teams increasingly dislike this model.

Zero-Trust Architecture Conflicts With Shared Platforms

This is the deepest strategic issue.

Zero-trust philosophy says:

“Never trust shared environments.”

But CUSS fundamentally IS a shared environment.

Zero-trust prefers:

identity-centric access
segmentation
isolated workloads
application containment
hardware attestation
minimal lateral trust

CUSS historically evolved from:
“shared infrastructure is efficient.”

Modern cybersecurity says:
“shared infrastructure increases risk.”

Those two philosophies are colliding.

Why Airlines May Resist CUSS 2 Retrofits

Many airlines may quietly conclude:

“We gain little operationally but inherit major security complexity.”

Especially if they already have:

mature proprietary kiosks
cloud-managed fleets
standardized peripherals
centralized monitoring
existing vendor contracts
integrated loyalty/payment systems

Retrofitting into CUSS 2 means:

revalidation
recertification
trust federation
middleware testing
peripheral interoperability testing
security coordination with third parties

That is expensive.

And often politically difficult.

The Irony

CUSS originally solved fragmentation.

But modern cybersecurity and platform evolution may now make highly shared systems less attractive.

The industry trend elsewhere is actually toward:

containerization
workload isolation
edge security
device identity
dedicated trust boundaries
platform simplification

In other words:
the broader IT industry is moving AWAY from the architectural assumptions that originally made CUSS attractive.

That does not mean CUSS disappears.

But it may explain why adoption momentum can feel slower than the original vision suggested.

But non-working kiosks are intolerable. How to get around economically?

That is exactly the core issue. A failed self-service kiosk in an airport is not merely an “IT problem.”

It immediately becomes:

queue congestion
missed flights
baggage delays
staffing escalation
gate pressure
customer dissatisfaction
operational disruption

In aviation, uptime is king.

That reality often overrides architectural elegance.

The economic question becomes:

“What architecture minimizes operational chaos at acceptable cost?”

Not:

“What architecture is theoretically most interoperable?”

And that is where the industry may be quietly pivoting.

The Real Economic Equation

Airlines and airports increasingly evaluate:

${Operational Risk} >Hardware Savings}$

CUSS originally promised:

fewer kiosks
shared hardware
lower CapEx
space efficiency

But modern complexity introduces:

higher support burden
more coordination
certification overhead
security synchronization
troubleshooting ambiguity

A proprietary kiosk may cost more upfront.

But if it reduces outages by even a small percentage:
the operational savings can dwarf hardware costs.

One major outage during peak operations can cost enormous money.

Airlines Optimize for Predictability

Airlines generally prefer:

boring
stable
controlled
repeatable
isolated

The same reason airlines resist rapid OS changes is why they may resist deep shared-platform dependencies.

A dedicated airline stack means:

known hardware
known software
known certificates
known peripherals
known update cadence
known rollback path

That has tremendous operational value.

Economically, the Industry Is Moving Toward Hybrid Models

This is probably the most likely long-term outcome.

Not:

full proprietary
full common-use

Instead:

“Managed isolation”

Examples:

shared enclosure
shared footprint
shared airport management layer

BUT:

isolated airline containers
isolated certificates
isolated runtimes
isolated trust domains
isolated update pipelines

Essentially:
physical sharing with logical separation.

That aligns much better with modern zero-trust thinking.

The Containerization Direction

Modern enterprise IT solved similar problems using:

VMs
containers
workload isolation
Kubernetes-style orchestration
sandboxed runtimes

CUSS 2 may eventually evolve toward:

airline-specific containers
cryptographically isolated workloads
independent certificate chains
modular updates

Instead of:
“One giant shared trust ecosystem.”

This reduces blast radius.

If Airline A breaks:
Airline B still operates.

That is operationally critical.

Edge Management Is Becoming Central

The hidden shift in kiosks is that they increasingly behave like managed edge devices.

The future architecture likely includes:

remote orchestration
continuous health monitoring
predictive maintenance
certificate lifecycle automation
automated rollback
immutable OS images
secure edge compute

In other words:
more like cloud infrastructure deployed physically at the edge.

This is where companies like:

have indirectly influenced kiosk architecture thinking.

The Winning Economic Strategy May Be “Controlled Standardization”

Not fully open.
Not fully proprietary.

Instead:

standard hardware
standardized APIs
standardized peripherals
standardized management

BUT:

isolated applications
isolated security domains
airline-level operational control

This gives:

operational stability
easier certification
lower downtime risk
manageable security

without requiring every airline to completely surrender control.

Why Retrofit Economics Matter

This is where retrofit becomes extremely attractive.

Many airports already have:

functioning enclosures
peripherals
mounts
power
networking
scanners
printers

The expensive part is often:

certification
integration
software migration
trust/security modernization

Thus:
adding:

TPMs
Edge AI accelerators
modern management layers
Linux migration
containerized runtimes

may be far cheaper than total replacement.

This mirrors broader enterprise IT trends.

Airlines May Quietly Prefer “Private Common Use”

This may sound contradictory, but it is likely where the market heads.

Meaning:

common-use physically
proprietary logically

Example:
same kiosk hardware platform,
but:

airline-specific runtime
airline-specific certificates
airline-specific cloud control
airline-specific UX
airline-specific release cycle

Passengers still perceive:
“shared airport kiosks.”

Operationally:
they are semi-isolated systems.

Why Linux May Gain Ground

Windows lifecycle churn is becoming economically painful for long-lived kiosks.

Linux offers:

longer lifecycle control
customizable trust stores
smaller attack surface
lower licensing costs
stable embedded deployments

But Linux increases:

integration burden
support complexity
driver coordination

Thus:
large sophisticated operators may adopt it,
while others remain Windows-centric.

The Harsh Reality

The cheapest architecture on paper is often the most expensive operationally.

Airport kiosks exist in:

regulated environments
high uptime environments
public environments
hostile cyber environments
multi-vendor ecosystems

That combination punishes architectural fragility.

So the industry increasingly optimizes for:

resilience
rollback
isolation
observability
lifecycle stability

rather than pure hardware-sharing efficiency.

The Big Strategic Insight

The future of airport kiosks may look less like:
“shared PCs”

and more like:
“secure edge appliances with orchestrated workloads.”

That is a fundamentally different philosophy than early CUSS assumptions.

And it may explain why:

proprietary stacks remain strong
airlines hesitate on retrofit mandates
airports move cautiously
vendors emphasize lifecycle management
edge orchestration becomes strategic
security architecture becomes central to procurement decisions

The kiosk itself is no longer the product.

The operational trust architecture is.

Resources

Post Views: 54