NIS2 and the Space Sector
Ground-based infrastructure supporting space services — including satellite command and control, positioning and earth observation systems — is covered under NIS2 Annex I. The sector is critical for navigation, communications and defence.
Key cyber risks in Space
- ▸Jamming and spoofing of satellite uplink/downlink
- ▸Cyberattacks on ground station control systems
- ▸Supply-chain compromise of satellite software
- ▸GPS/GNSS dependency exploitation
Focus obligations for Space
- ✓Physical and cyber security of ground stations
- ✓72-hour incident reporting to national authority
- ✓Redundancy for critical space-based services
- ✓Anti-jamming and anti-spoofing measures
Who is covered?
Examples of in-scope organisation types:
- ·Satellite ground station operators
- ·Space situational awareness service providers
- ·Earth observation data platforms
- ·Space-based communication service operators
Is your Space organisation in scope?
Answer 5 questions and get a personalised NIS2 scope assessment, obligation checklist and readiness score — free.
Check your scope →Space NIS2 compliance by country
See how national transpositions affect Space obligations in each EU member state:
Frequently asked questions
Is the Space sector covered by NIS2?
Yes. The Space sector is listed in NIS2 Annex I (highly critical sectors). Medium and large organisations in this sector must comply with NIS2 obligations. Ground-based infrastructure supporting space services — including satellite command and control, positioning and earth observation systems — is covered under NIS2 Annex I. The sector is critical for navigation, communications and defence.
Are Space organisations Essential or Important Entities?
Under NIS2, large Space organisations are typically Essential Entities. Medium-sized Space organisations are Essential (large) / Important (medium). The distinction affects supervisory intensity and fine levels.
What are the key NIS2 obligations for the Space sector?
Physical and cyber security of ground stations; 72-hour incident reporting to national authority; Redundancy for critical space-based services; Anti-jamming and anti-spoofing measures. Obligations apply under NIS2 Articles 21 (security measures) and 23 (incident reporting).
Which national authorities supervise NIS2 for Space in each EU country?
Each EU member state designates a national competent authority for NIS2. Visit any country page on NISDESK to see the specific authority and CSIRT for the Space sector in that country.
For decision-support purposes only. Exact scope depends on national transposition.