Skip to main contentSkip to main content
Module 11 of 14

NIS2 Compliance

Full NIS2 Directive compliance for space essential entities.

NIS2 Art. 21, 23, 27, 29

The NIS2 Directive (EU 2022/2555) establishes cybersecurity requirements for essential and important entities, including space operators. This module provides comprehensive NIS2 compliance guidance specific to the space sector.

Regulatory Context

Regulations

NIS2 Directive (EU 2022/2555)National NIS2 Implementations

Jurisdictions

EUAll EU Member States
Key Capabilities

What this module does

Entity Classification

Determine your entity classification (essential vs. important) under NIS2 based on sector, size, and criticality criteria.

Security Measures Assessment

Gap analysis against all Art. 21(2) security measures (a)–(j) with space-sector-specific control mappings.

Incident Reporting Workflows

Structured workflows meeting the 24h early warning, 72h notification, and 1-month final report requirements.

Supply Chain Security

Evaluate and document supply chain security measures for critical space system components and services.

Assessment

What the assessment includes

    Entity classification (essential vs important)
    Security measures gap analysis
    Incident reporting requirements
    Supply chain security assessment
    Management liability review
Output

Auto-generated compliance documents

NIS2 Compliance Assessment
Security Measures Implementation Plan
Incident Reporting Procedures
Supply Chain Security Policy
Automation

What we automate for you

Automated entity classification questionnaire

Pre-mapped controls to Art. 21(2) measures

Incident timeline enforcement and reminders

Management liability documentation

Related Modules

See if this module applies to you

Take the free compliance assessment to find out which modules are relevant to your operation.

Start assessmentRequest a demo
Module 10Spectrum Management
Module 12COPUOS & IADC Guidelines
FAQ

Frequently Asked Questions — NIS2 Compliance

Am I an essential or important entity under NIS2?+

Classification depends on your size and role: Large entities (more than 250 employees or more than EUR 50M turnover) in the space sector are typically essential. Medium entities or SATCOM providers for government or critical infrastructure are important. Micro entities (fewer than 10 employees, less than EUR 2M turnover) are generally out of scope unless designated by a member state.

What security measures does NIS2 require?+

Article 21(2) requires: risk analysis policies, incident handling procedures, business continuity, supply chain security, vulnerability management, cryptographic controls, access control, and personnel security training.

What are the penalties for NIS2 non-compliance?+

Essential entities face fines up to EUR 10M or 2% of global annual turnover. Important entities face fines up to EUR 7M or 1.4% of turnover. Member states may also impose additional administrative sanctions.

Related NIS2 Cybersecurity Resources

NIS2 for Space Operators

How the NIS2 Directive applies to satellite operators and space services.

Cybersecurity Module

NIS2-aligned cybersecurity assessment and compliance tracking.

NIS2 Assessment

Classify your organization under the NIS2 Directive.

Supervision & Reporting

Ongoing supervisory obligations and incident reporting.