Cybersecurity
Incident Reporting
The mandatory notification of cybersecurity incidents and space safety events to relevant authorities within specified timeframes.
Incident reporting obligations require space operators to promptly notify authorities of significant events affecting safety, security, or operations.
Cybersecurity Incidents (NIS2) Timeline for significant incidents:
- Early Warning: Within 24 hours of detection
- Incident Notification: Within 72 hours
- Intermediate Report: If requested
- Final Report: Within 1 month
Space Safety Events (EU Space Act) Reportable events include:
- Anomalies affecting control
- Collision avoidance maneuvers
- Debris-generating events
- Re-entry incidents
- Loss of spacecraft
Reporting Channels
- National CSIRT (cybersecurity)
- NCA (space safety)
- EUSPA (significant events)
- Insurance providers
Content Requirements Reports must include:
- Event timeline
- Impact assessment
- Root cause (when known)
- Mitigation measures taken
- Lessons learned
Confidentiality Incident information is protected but may be anonymized and shared to improve sector-wide security.