Frequently Asked Questions

The EU Space Act (COM(2025) 335) is the European Union's comprehensive regulation establishing a unified legal framework for space activities across all EU member states. It covers authorization, registration, supervision, and liability for space operations. The regulation enters into force in 2025, with existing operators required to achieve full compliance by 2030. It replaces the fragmented national space laws with a harmonized European approach.

All entities conducting space activities under EU jurisdiction require authorization. This includes Spacecraft Operators (SCO), Launch Operators (LO), Launch Site Operators (LSO), In-Space Service Operators (ISOS), Collision Avoidance Providers (CAP), Positional Data Providers (PDP), and Third Country Operators (TCO) using EU infrastructure or serving EU customers. The authorization is obtained from your National Competent Authority (NCA) and is valid across all EU member states.

The Light Regime is a simplified authorization pathway for low-risk space activities. You may qualify if your satellite mass is under 500 kg, you operate in LEO (below 2,000 km altitude), your mission duration is under 5 years, and you don't involve nuclear power sources, propulsive stages, or proximity operations. The Light Regime offers reduced documentation requirements, faster 45-day processing (vs. 90 days standard), and lower insurance minimums. CubeSat operators, university missions, and technology demonstrators often qualify.

Non-compliance with the EU Space Act can result in administrative fines up to €20 million or 4% of annual global turnover, whichever is higher. Additional consequences include authorization suspension or revocation, prohibition from conducting space activities, mandatory corrective actions, and potential criminal liability for willful violations. NCAs can also impose periodic penalty payments for ongoing non-compliance.

Standard authorization applications must be processed within 90 days by the NCA. Light Regime applications have a 45-day timeline. Complex cases involving novel technologies or higher risk profiles may extend to 180 days. To expedite the process, ensure your application is complete with all required documentation: technical specifications, debris mitigation plan, insurance certificates, cybersecurity assessment, and financial capability proof.

Yes, the EU Space Act establishes mutual recognition of authorizations. An authorization granted by one EU member state's NCA is valid across all EU member states. This enables true single market access for space operators, eliminating the need for multiple national authorizations. You only need to apply once through your designated NCA.

Existing operators have a transition period until 2030 to achieve full compliance. During this period, you should: (1) Register your existing space objects in the EU Space Registry, (2) Update your debris mitigation plans to meet the new 5-year deorbit requirement, (3) Implement required cybersecurity measures, (4) Obtain compliant insurance coverage, and (5) Submit authorization applications for ongoing operations. Early engagement with your NCA is recommended.

The EU Space Act sets minimum standards that all member states must implement, but national space laws are not fully replaced. Member states may maintain stricter requirements in certain areas. The Act establishes mutual recognition, meaning authorization from one NCA is valid across all EU member states. For matters outside EU scope (certain national security aspects, some data controls like Germany's SatDSiG), national laws continue to apply. This creates a harmonized baseline with room for national specialization.

The EU Space Registry is a centralized database of all authorized space objects and their operators. Registration is mandatory for all EU-authorized space activities. Required information includes: space object identifiers, launch date and vehicle, orbital parameters, mission description, operator details, and contact information. Operators must update registrations within 14 days of material changes, confirm annual status, and notify of end-of-life initiation. The Registry integrates with the UN Register of Space Objects for international coordination.

Third Country Operators (TCOs) need EU authorization when: launching from EU territory, returning space objects to EU territory, operating ground stations in the EU for spacecraft command, providing space services to EU customers as a primary market, or receiving EU government contracts. TCOs receive equivalent treatment to EU operators but must designate an EU-based representative. If your primary market is EU-based or you use EU infrastructure significantly, you likely need authorization.

Yes, the NIS2 Directive (EU 2022/2555) explicitly includes space as a critical infrastructure sector. Space operators may be classified as Essential Entities (large operators, critical services) or Important Entities (medium-sized operators). Covered activities include satellite communications, ground station operations, space data services, and launch services with digital dependencies. Space operators must implement cybersecurity risk management measures and report significant incidents.

Under NIS2, space operators must report significant cybersecurity incidents following strict timelines: Early warning within 24 hours of detection, Incident notification within 72 hours with initial assessment, Intermediate report if requested by authorities, and Final report within 1 month including root cause analysis and remediation measures. Reports go to your national CSIRT (Computer Security Incident Response Team).

Essential Entities face stricter requirements: proactive supervision, regular audits, and fines up to €10 million or 2% of global turnover. They include large space operators (250+ employees or €50M+ turnover) and critical infrastructure providers. Important Entities have reactive supervision (triggered by incidents) and lower fines up to €7 million or 1.4% of turnover. They include medium-sized operators (50-249 employees, €10-50M turnover).

NIS2 Article 21 requires comprehensive security measures: risk analysis and security policies, incident handling procedures, business continuity and crisis management, supply chain security assessment, security in network and system acquisition, vulnerability handling and disclosure, cybersecurity training and awareness, cryptography and encryption policies, access control and asset management, and multi-factor authentication where appropriate.

NIS2 requires space operators to address supply chain risks by: identifying and assessing supplier security capabilities, including security requirements in contracts, monitoring ongoing supplier compliance, ensuring subcontractor transparency, implementing component traceability, and having incident notification obligations with suppliers. This is particularly important for space systems given the long supply chains and critical nature of components.

Essential entities face stricter requirements and higher penalties. For space operators, essential entities typically include: satellite communication system operators, critical ground infrastructure, launch service providers supporting government operations, and space situational awareness providers. Important entities include Earth observation providers, satellite manufacturing, and space data services at significant scale. Essential entity penalties reach EUR 10 million or 2% of turnover, while important entity penalties cap at EUR 7 million or 1.4% of turnover.

NIS2 Article 21(2)(d) mandates supply chain security. For space operators, this means: assessing security of direct suppliers and service providers, incorporating security requirements into procurement contracts, verifying component authenticity (especially for spacecraft hardware), managing ITAR/EAR compliance integration, evaluating launch service provider security practices, and considering geographic supply chain risks. Organizations must document their supply chain security approach and conduct periodic reviews of supplier security posture.

For cross-border incidents, report to your primary NCA (where you're established) within the standard timeline (24h early warning, 72h notification). Include cross-border impact assessment identifying affected countries. Your NCA coordinates with other affected NCAs through the EU cybersecurity network. For space systems, cross-border impact is common (satellite coverage spans multiple countries), so include this analysis in your incident response procedures. Consider service-level impacts, not just technical impacts.

Jurisdiction choice depends on several factors: processing time (Luxembourg and UK are typically fastest), fee structure (varies significantly), insurance minimums (range from €5M to €60M+), language requirements, and regulatory expertise. Key considerations include where your company is incorporated, where you plan to launch from, and your operational requirements. Our platform compares 11 jurisdictions to help you find the optimal choice.

Insurance requirements vary by jurisdiction and mission type. EU Space Act mandates third-party liability insurance covering: property damage, personal injury, environmental damage, launch phase, in-orbit operations, and re-entry phase. Typical minimums range from €60 million for standard missions to €500 million for high-risk operations. Light Regime missions have reduced requirements. Coverage must be from approved insurers with EU law jurisdiction clauses.

Registration involves submitting to the EU Space Registry (managed by EUSPA): space object designator/name, launching state and operator details, date and location of launch, basic orbital parameters, general function and purpose, operational status, and liability/insurance information. Registration must occur before launch for new missions. The EU coordinates submissions to the UN Register of Objects Launched into Outer Space.

Frequency coordination is managed through the ITU (International Telecommunication Union). The process involves: Advance Publication Information (API) as initial notification, Coordination Request with detailed technical parameters, Coordination Negotiations to resolve potential interference, Notification for formal registration, and Bringing into Use confirmation. This process can take 2-7 years depending on the orbital regime and potential interference issues. Your authorization cannot proceed without valid frequency assignments.

Yes, Third Country Operators (TCOs) can obtain EU authorization if they: use EU launch facilities, operate ground stations in the EU, provide services to EU customers, or conduct activities affecting EU space assets. TCOs must designate an EU-based representative, submit equivalent documentation, demonstrate compliance with EU standards, and maintain EU-accessible insurance. The EU may recognize equivalent third-country regulatory regimes through bilateral agreements.

Standard regime authorization takes approximately 90 days from complete application submission. Light regime applications target 45 days. However, actual timelines depend on: application completeness (incomplete applications pause the clock), complexity of the mission, NCA workload, need for clarifications or additional information, and coordination with other authorities. Pre-application engagement with your NCA typically adds 2-4 weeks but significantly improves success rates. Plan for 4-6 months from first contact to authorization.

Yes, authorizations are transferable with NCA approval. The process requires: joint application from transferor and transferee, demonstration that the transferee meets all qualification requirements, evidence of adequate financial capacity and insurance, updated organizational and technical documentation, and verification of ongoing compliance capability. Processing typically takes 30-60 days. The transfer becomes effective upon NCA written approval. Unauthorized transfers can result in authorization revocation.

Not necessarily. The EU Space Act allows constellation-level authorization for homogeneous fleets. Your application can cover multiple spacecraft of the same type operating in similar orbits. Requirements include: type approval for the spacecraft design, constellation-wide debris mitigation assessment, aggregated insurance consideration, phased deployment plan, and fleet management procedures. Individual satellites are registered separately in the EU Space Registry, but operational authorization can be consolidated.

Existing operators have until 2030 for full EU Space Act compliance. Recommended phased approach: 2025-2026 assess current status, identify gaps, engage with NCA; 2026-2027 implement technical measures (debris mitigation, cybersecurity); 2027-2028 formalize documentation, complete authorization application; 2028-2029 NCA review, address any issues; 2030 achieve full compliance. New missions after regulation entry into force must comply immediately. Don't wait until 2030 - NCAs will be overwhelmed with applications.

Post-authorization obligations include: annual status reporting to your NCA, registration updates within 14 days of changes, anomaly and incident reporting (immediately for significant events), collision avoidance participation and response, cybersecurity maintenance and updates (NIS2 entities), insurance coverage maintenance, and NCA inspections/audits. You must also notify of any changes to mission parameters, organizational structure, or technical configuration that affect authorization conditions.

NCA audits examine: authorization condition adherence, technical compliance (debris, cybersecurity), documentation currency, incident response capability, and organizational changes. Preparation includes: maintaining up-to-date compliance documentation, conducting internal audits annually, ensuring staff understand obligations, testing incident response procedures, verifying insurance remains adequate, and documenting all operational decisions. Designate a compliance contact who can coordinate with auditors and access all relevant documentation.

Caelex is a comprehensive space compliance platform that helps satellite operators, launch providers, and space service companies navigate EU Space Act, NIS2, and national space laws. The platform features: AI-powered compliance assessment, 12 specialized compliance modules, coverage of 11 European jurisdictions, document management and deadline tracking, automated reporting, and expert guidance through ASTRA AI. We simplify complex regulations into actionable compliance roadmaps.

Our assessment takes 5-10 minutes and asks 8 key questions about your organization and mission. Based on your answers, we determine: which EU Space Act articles apply to you, your NIS2 classification (Essential, Important, or out-of-scope), which compliance modules you need, applicable national space laws, required documentation, and timeline to compliance. You receive a personalized compliance profile with actionable recommendations.

ASTRA is our AI compliance agent with 22+ specialized tools for space regulation questions. ASTRA can: search EU Space Act articles by topic, explain NIS2 requirements for your situation, compare national space laws across jurisdictions, help draft compliance documentation, calculate regulatory deadlines, identify applicable requirements for your operator type, and answer complex regulatory questions instantly. ASTRA is trained on the full EU Space Act, NIS2, and national space laws.

Caelex offers 12 compliance modules: Authorization (licensing process), Registration (EU Space Registry), Cybersecurity (NIS2 compliance), Debris Mitigation (end-of-life planning), Environmental (sustainability requirements), Insurance (coverage requirements), Supervision (ongoing compliance), Export Control (ITAR/EAR), Spectrum (ITU coordination), COPUOS (UN guidelines), US Regulatory (FCC/FAA/NOAA), and UK Space (post-Brexit requirements). Each module provides checklists, documentation templates, and progress tracking.

Our jurisdiction comparison feature analyzes 11 European space jurisdictions across key factors: authorization processing time, fee structure, insurance minimums, language requirements, regulatory expertise, EU Space Act alignment, and track record. We score each jurisdiction's favorability for different mission types and provide recommendations based on your specific requirements. Covered jurisdictions include France, UK, Germany, Luxembourg, Netherlands, Belgium, Austria, Denmark, Italy, Norway, and the EU framework.

Caelex offers flexible pricing for operators of all sizes: Starter (free compliance assessment and basic resources), Professional (full module access, document management, deadline tracking), Enterprise (unlimited users, custom integrations, dedicated support, SSO). All plans include ASTRA AI access. Contact us for custom pricing for large constellations or government organizations. We offer monthly and annual billing with discounts for annual commitments.

Caelex provides API access (v1) for integration with: flight dynamics systems (orbital data import), ground segment software (operational status), document management systems (compliance documentation), GRC platforms (governance integration), and incident management tools (NIS2 reporting). Our API supports standard formats including CCSDS for orbital data. Enterprise customers can configure custom integrations. Contact us for specific integration requirements.

Yes, Caelex supports multi-mission and constellation management. Features include: organization-level compliance dashboards, mission-specific tracking and deadlines, fleet-wide reporting capabilities, shared documentation libraries, role-based access across missions, and consolidated regulatory timeline view. Enterprise plans include advanced multi-mission features including constellation-level compliance assessment and aggregated reporting.

The EU Space Act incorporates and strengthens IADC guidelines: LEO spacecraft must deorbit within 5 years post-mission (stricter than the IADC 25-year guideline), GEO spacecraft must insert into graveyard orbit 300+ km above GEO, all spacecraft must passivate at end-of-life (deplete propellant, discharge batteries, vent pressure vessels), design for demise is encouraged for uncontrolled re-entries, and collision avoidance capability is mandatory. Detailed debris mitigation plans must be submitted with authorization applications.

A compliant deorbit plan must include: orbital lifetime analysis showing natural decay timeline, disposal method selection (controlled vs. uncontrolled re-entry), propellant budget allocation for deorbit maneuver, timeline for end-of-life operations, passivation procedures for all energy sources, contingency procedures for system failures, casualty risk assessment for uncontrolled re-entry (must be <10⁻⁴), and verification method for successful disposal.

Operators must maintain collision avoidance capability including: ability to receive and process Conjunction Data Messages (CDMs), maneuver capability to avoid predicted collisions, participation in SSA data sharing programs, response to conjunction warnings within required timeframes, reporting of avoidance maneuvers to NCAs, and coordination with other operators when possible. Conjunction assessment services are available through EU SST and commercial providers.

Passivation eliminates explosion risk from decommissioned spacecraft by addressing all energy sources: propellant must be vented or burned, batteries must be discharged and disconnected, pressure vessels must be vented, reaction wheels must be spun down, and solar arrays should be disconnected from the bus. Passivation should occur after final mission operations while ground contact is reliable, and must be documented and reported to your NCA.

Yes, CubeSats must comply but typically qualify for Light Regime authorization due to their small size and lower risk profile. Requirements include: authorization from NCA (simplified process), registration in EU Space Registry, debris mitigation plan showing <5 year orbital lifetime, basic insurance coverage (reduced minimums), and trackability considerations. Deployable drag devices may be needed for higher orbits. University missions may have additional exemptions.

Space Situational Awareness (SSA) is the comprehensive knowledge of the space environment including tracking of space objects, space weather monitoring, and near-Earth object surveillance. For operators, SSA is critical for: collision avoidance, regulatory compliance (participation required under EU Space Act), launch window planning, anomaly detection, and re-entry prediction. The EU operates an SST (Space Surveillance and Tracking) programme providing these services to European operators.

Requirements vary by orbital regime: LEO (160-2,000 km) has the strictest debris rules with 5-year post-mission deorbit requirement, highest conjunction risk, and most trackability requirements. MEO (2,000-35,786 km) has case-by-case disposal assessment, lower debris density, but longer orbital lifetimes. GEO (~35,786 km) requires graveyard orbit insertion 300+ km above GEO, slot coordination through ITU, and station-keeping capability. Insurance and authorization complexity also varies by orbit.

In-Space Service Operators (ISOS) face unique requirements under EU Space Act: enhanced debris mitigation obligations, special insurance minimums covering third-party spacecraft, coordination protocols with client operators, authorization for proximity operations, liability allocation agreements for end-of-life responsibility, and additional cybersecurity measures for cross-spacecraft communications. The regulatory framework for ISOS is still evolving as this market develops.

Active Debris Removal (ADR) operations fall under ISOS regulation with additional considerations: ownership/jurisdiction questions over debris objects, authorization requirements for capture and deorbit operations, liability for removal attempts (what if capture fails?), international coordination requirements, and technology demonstration approvals. The EU Space Act includes provisions encouraging ADR development while establishing safety standards. Several European companies are pioneering this market.

Large constellations face additional scrutiny: comprehensive spectrum coordination for thousands of satellites, cumulative debris risk assessment across the constellation, coordinated collision avoidance procedures, phased deployment authorization, fleet-wide insurance considerations, enhanced cybersecurity for networked systems, and environmental impact assessment for atmospheric effects. Regulators are developing specific guidelines for constellation operators given the scale of impact on the orbital environment.

The EU Space Act requires demonstration that your spacecraft can be tracked by ground-based systems. Requirements include: sufficient radar cross-section or optical signature, consideration of tracking aids (corner reflectors, laser retroreflectors), registration in tracking catalogs, sharing of orbital data with EU SST, and unique identification capability. Small satellites (under 10cm) may need tracking aids. Your debris mitigation plan must address trackability throughout the mission lifecycle.

Design for demise (D4D) means designing spacecraft to fully break apart and burn up during atmospheric re-entry, minimizing casualty risk on ground. Required when: controlled re-entry isn't feasible, spacecraft has significant re-entry mass, or when materials might survive re-entry. D4D involves: using demisable materials, avoiding high-melting-point components where possible, structural design for early break-up, and assessment of ground casualty risk (must be below 1:10,000). Document D4D analysis in your debris mitigation plan.

Propulsion is not universally required, but may be necessary depending on: orbit selection (high LEO may require active deorbit), collision avoidance obligations (must be able to respond to conjunction warnings), mission profile (station-keeping needs), and end-of-life disposal strategy. For light regime missions, passive deorbit via natural drag may be acceptable if orbital lifetime is under 5 years. If your orbit doesn't naturally decay within 5 years, you need either propulsion or a demonstrated passive deorbit device.

Space weather impacts compliance in several ways: orbital lifetime calculations must account for solar activity effects on atmospheric drag; radiation environment affects spacecraft design requirements; geomagnetic storms can affect conjunction assessment accuracy; and solar events may require operational responses. Your orbital analysis should use appropriate solar activity models. Cybersecurity measures should account for space weather effects on communications. Consider space weather in your continuity planning.

Hosted payloads typically require separate authorization from the host spacecraft. The host operator is authorized for spacecraft operation, while the payload operator needs authorization for their specific activities (e.g., Earth observation, communications). Both operators must coordinate on: liability allocation, insurance coverage, frequency coordination, cybersecurity responsibilities, and end-of-life procedures. Document the relationship in both authorization applications. Some NCAs allow streamlined processes for hosted payload authorization.