Skip to main contentSkip to main content
All Guides
Comprehensive Guide25 min readJanuary 2025

The Complete Guide to EU Space Act Compliance

Comprehensive guide to EU Space Act compliance for space operators. Covers all 119 articles, authorization requirements, operator categories, timelines, and step-by-step compliance strategies.

The EU Space Act (COM(2025) 335) represents a watershed moment for European space regulation. For the first time, the EU is establishing a comprehensive, harmonized framework for authorizing and supervising space activities. This guide covers everything you need to know to achieve compliance.

Executive Summary

The EU Space Act creates a single regulatory framework for space activities across all EU member states. It applies to seven categories of operators, establishes authorization requirements through National Competent Authorities (NCAs), and sets binding standards for safety, sustainability, and cybersecurity.

Key facts:

  • 119 articles covering all aspects of space activities
  • 7 operator categories from spacecraft operators to data providers
  • Mandatory authorization before commencing activities
  • Compliance deadline: 2030 for existing operators
  • Strong alignment with NIS2 for cybersecurity

Part 1: Understanding the Regulatory Landscape

Why the EU Space Act?

Europe's space sector has grown dramatically. With over 400 satellites operated by EU entities and plans for mega-constellations, the fragmented national regulatory landscape became untenable. The EU Space Act addresses:

  1. Regulatory Fragmentation: 10+ national space laws with varying requirements
  1. Competitive Disadvantage: Complexity deterring investment
  1. Safety Concerns: Debris proliferation and collision risks
  1. Cybersecurity Gaps: Space systems as critical infrastructure
  1. Strategic Autonomy: Reducing dependence on non-EU frameworks

Relationship with National Laws

The EU Space Act does not replace national space laws entirely. Instead:

  • It sets minimum standards all operators must meet
  • Member states may impose stricter requirements in certain areas
  • National laws remain relevant for matters outside EU scope
  • NCAs implement EU requirements through national processes

Relationship with International Law

The Act operates within existing international frameworks:

  • Outer Space Treaty (1967): State responsibility remains
  • Liability Convention (1972): Damage liability framework
  • Registration Convention (1976): Object registration
  • ITU Radio Regulations: Spectrum coordination

Part 2: Operator Categories and Scope

The Seven Operator Types

Spacecraft Operator (SCO)

Anyone who owns, operates, or controls a spacecraft. This is the most common category.

Typical entities: Satellite operators, constellation operators, hosted payload providers

Key obligations:

  • Pre-launch authorization
  • Registration and tracking
  • Debris mitigation
  • End-of-life disposal
  • Cybersecurity (if essential entity)

Launch Operator (LO)

Entities conducting launch activities to place objects in space.

Typical entities: Arianespace, RocketLab Europe, emerging European launchers

Key obligations:

  • Launch license per campaign
  • Range safety compliance
  • Insurance coverage
  • Environmental assessments

Launch Site Operator (LSO)

Operators of facilities from which launches are conducted.

Typical entities: CSG (Kourou), Andøya, Esrange, SaxaVord

Key obligations:

  • Site authorization
  • Safety perimeter management
  • Environmental compliance
  • Emergency response

In-Space Service Operator (ISOS)

Providers of on-orbit services to other spacecraft.

Typical entities: ClearSpace, Astroscale Europe, D-Orbit

Key obligations:

  • Proximity operations authorization
  • Target coordination
  • Enhanced debris mitigation
  • Additional liability considerations

Collision Avoidance Provider (CAP)

Entities providing collision warning and avoidance services.

Typical entities: Commercial SSA providers, EUSST service providers

Key obligations:

  • Data quality standards
  • Service availability
  • SST network integration
  • Service failure liability

Positional Data Provider (PDP)

Providers of space object tracking and orbit determination.

Typical entities: Tracking networks, radar operators, optical observatories

Key obligations:

  • Accuracy standards
  • Availability requirements
  • EUSST data sharing
  • Security measures

Third Country Operator (TCO)

Non-EU operators with EU market presence.

Typical entities: US operators serving EU customers, non-EU satellites in EU spectrum

Key obligations:

  • EU standard compliance for EU market access
  • Registration requirements
  • Potential NIS2 obligations

Determining Your Category

Many operators fall into multiple categories. A launch service provider might be SCO (for upper stages), LO (for launches), and potentially LSO (if operating a spaceport).

Assessment factors:

  1. What activities do you conduct?
  1. What objects do you operate?
  1. What services do you provide?
  1. Who are your customers?

Part 3: Authorization Requirements

The Authorization Framework

All operators must obtain authorization from their NCA before commencing space activities. The process involves:

  1. Application Submission: Complete dossier to NCA
  1. Technical Assessment: NCA review of capabilities
  1. Safety Evaluation: Debris, collision, re-entry risks
  1. Financial Review: Insurance and guarantees
  1. Decision: Authorization granted or denied
  1. Ongoing Compliance: Supervision and reporting

Who is Your NCA?

Your NCA is determined by:

  1. Place of incorporation (primary factor)
  1. Principal place of business (if different)
  1. Launch location (for launches from EU)
  1. EU nexus (for TCOs)

Authorization Conditions

Authorizations typically include conditions such as:

  • Mission parameters (orbit, duration)
  • Technical requirements
  • Insurance maintenance
  • Reporting obligations
  • Debris mitigation compliance
  • Cybersecurity measures

Timeline Expectations

Authorization processes typically take:

  • Straightforward cases: 6-9 months
  • Complex missions: 12-18 months
  • Novel activities: 18-24 months

Start early to avoid launch delays.

Part 4: Safety and Sustainability

Debris Mitigation (Articles 10-12)

The Act imposes binding debris mitigation requirements:

Design Phase:

  • Minimize release of mission-related objects
  • No intentional fragmentations
  • Secure all components

Operational Phase:

  • Collision avoidance capability
  • Tracking and identification
  • Coordination with SST

End of Life:

  • LEO: Deorbit within 5 years (new missions)
  • GEO: Graveyard orbit (+235 km)
  • Passivation of energy sources

Re-entry Safety (Article 11)

For uncontrolled re-entry:

  • Casualty probability < 1:10,000
  • Use of demisable materials
  • Assessment and documentation

Controlled re-entry is preferred where feasible.

Space Situational Awareness (Article 15)

Operators must:

  • Provide tracking data to EUSST
  • Participate in conjunction assessments
  • Execute avoidance maneuvers when necessary
  • Share operational information

Part 5: Cybersecurity Requirements

NIS2 Integration (Article 16)

Space operators classified as essential or important entities under NIS2 must implement comprehensive cybersecurity measures.

Essential entities (typically larger operators):

  • Maximum penalties: EUR 10M or 2% turnover
  • Proactive supervision
  • Regular audits

Important entities:

  • Maximum penalties: EUR 7M or 1.4% turnover
  • Reactive supervision
  • Self-assessment

Required Security Measures

Per NIS2 Article 21(2), operators must address:

  1. Risk analysis and security policies
  1. Incident handling
  1. Business continuity
  1. Supply chain security
  1. Network security
  1. Effectiveness assessment
  1. Cyber hygiene and training
  1. Cryptography
  1. HR security
  1. Access control and MFA

Incident Reporting

Timeline for cyber incidents:

  • 24 hours: Early warning to authority
  • 72 hours: Incident notification
  • 1 month: Final report

Space-Specific Considerations

Space systems face unique cybersecurity challenges:

  • Command link security
  • Telemetry protection
  • Ground station security
  • Software update integrity
  • Supply chain attacks

Part 6: Insurance and Liability

Mandatory Insurance (Article 14)

Operators must maintain third-party liability insurance covering:

  • Damage to third parties on Earth
  • Damage to other space objects
  • Full mission lifecycle

Coverage Amounts

The EU Space Act establishes minimum coverage requirements, though member states may require higher amounts:

Activity TypeMinimum Coverage
LEO satellitesEUR 20-60 million
GEO satellitesEUR 60+ million
LaunchesEUR 60+ million
ISOSCase-by-case

State Guarantee Mechanisms

Several member states provide government backing for claims exceeding insurance coverage, reducing operator costs while ensuring victim compensation.

Part 7: Supervision and Enforcement

Ongoing Supervision (Articles 17-20)

NCAs conduct ongoing supervision including:

  • Regular reporting requirements
  • Inspection rights
  • Documentation reviews
  • On-site audits

Enforcement Powers

NCAs can:

  • Issue warnings and orders
  • Impose conditions on authorizations
  • Suspend authorizations
  • Revoke authorizations
  • Impose administrative penalties

EUSPA Coordination

For EU-wide matters, EUSPA coordinates between NCAs:

  • Consistent implementation
  • Information sharing
  • Best practice development
  • Technical guidance

Part 8: Compliance Roadmap

Phase 1: Assessment (Months 1-3)

  1. Determine operator category
  1. Identify applicable NCA
  1. Map current status against requirements
  1. Identify compliance gaps
  1. Estimate resource needs

Phase 2: Planning (Months 4-6)

  1. Develop compliance timeline
  1. Assign responsibilities
  1. Budget for implementation
  1. Engage with NCA
  1. Procure insurance quotes

Phase 3: Implementation (Months 7-18)

  1. Implement technical measures
  1. Develop documentation
  1. Deploy cybersecurity controls
  1. Establish reporting systems
  1. Train personnel

Phase 4: Authorization (Months 18-24)

  1. Submit authorization application
  1. Respond to NCA queries
  1. Complete assessments
  1. Finalize insurance
  1. Receive authorization

Phase 5: Operations (Ongoing)

  1. Maintain compliance
  1. Submit required reports
  1. Update documentation
  1. Respond to changes
  1. Prepare for audits

Key Takeaways

  1. Start now: Authorization takes 6-18 months
  1. Know your category: Determines your obligations
  1. Engage your NCA: Build relationship early
  1. Address cybersecurity: NIS2 integration is critical
  1. Plan for debris: 5-year rule is coming
  1. Maintain insurance: Continuous coverage required
  1. Document everything: Evidence for audits

How Caelex Helps

Caelex provides comprehensive EU Space Act compliance support:

  • Automated Assessment: Determine your category and gaps in minutes
  • Compliance Tracking: Monitor progress across all 119 articles
  • Document Generation: Auto-generate authorization applications
  • Deadline Management: Never miss a regulatory milestone
  • Expert Guidance: AI-powered answers to compliance questions

Start your free assessment today.

Ready to assess your compliance?

Get your personalized regulatory profile across EU Space Act, NIS2, and national space laws in minutes.

Start Free Assessment