Cybersecurity
Essential Entity
Under NIS2, a large organization or critical infrastructure operator subject to enhanced cybersecurity obligations and supervision.
Essential entities under NIS2 face the strictest cybersecurity requirements due to their importance to society and the economy.
Classification Criteria (Space Sector) An entity is essential if it:
- Provides critical space infrastructure services
- Is a large enterprise (250+ employees or €50M+ turnover)
- Operates systems designated as critical by member states
- Provides services essential to public safety
Enhanced Obligations Essential entities must:
- Implement comprehensive risk management
- Report incidents within 24/72 hours
- Undergo regular security audits
- Ensure supply chain security
- Participate in coordinated vulnerability disclosure
Supervision Regime
- Proactive supervision by authorities
- Regular audits and inspections
- Security scanning
- Information requests
Penalties Non-compliance can result in:
- Fines up to €10 million or 2% of global turnover
- Management liability
- Temporary service prohibition
- Public disclosure of violations
Space Sector Examples
- Satellite communication providers (large)
- Critical ground station operators
- Navigation system providers
- Space traffic management services