RegulationNIS2
NIS2 Directive
The EU Directive 2022/2555 on measures for a high common level of cybersecurity across the Union, applicable to space infrastructure operators.
The NIS2 Directive (EU 2022/2555) is the updated European cybersecurity framework that significantly expands the scope of cybersecurity obligations. For space operators, NIS2 introduces mandatory security requirements for critical infrastructure.
Space Sector Coverage Space is explicitly listed as a critical sector under NIS2. This includes:
- Satellite communication providers
- Ground station operators
- Space data service providers
- Launch service providers with digital dependencies
Entity Classification Space operators are classified as either:
- Essential Entities: Large operators or those providing critical services
- Important Entities: Medium-sized operators or those with significant impact
Key Requirements
- Risk management measures (Art. 21)
- Incident reporting within 24 hours (Art. 23)
- Supply chain security
- Business continuity planning
- Encryption and access controls
Penalties
- Essential entities: Up to €10 million or 2% of global turnover
- Important entities: Up to €7 million or 1.4% of global turnover
Implementation Deadline Member states must transpose NIS2 by October 17, 2024.
Related EU Space Act Articles
Art. 21Art. 23Art. 27