Commission official reveals details on cybersecurity aspects – Euractiv
A Commission official revealed key details of the content and shape of the upcoming EU Space Law, in particular its cybersecurity aspects at an event in Paris on Wednesday (24 April).
The European Commission has been preparing the European Space Law, expected around the summer of 2024, though its release date has been postponed twice.
“We need to recognise that space infrastructures are not only crucial but critical,” said the European Commission’s head of innovation and NewSpace unit, Guillaume de la Brosse. He was speaking at the Cybersecurity for the Space Industry (CYSAT) event in Paris on Wednesday (24 April).
During his presentation, de la Brosse said the EU needs “a proper regulatory framework that will set common rules, and avoid fragmentation.”
Single Market Commissioner Thierry Breton said something very similar during a meeting in April with Members of the European Parliament of the Committee on Industry, Research, and Energy, seen as the committee mostly likely tasked to analyse the EU Space Law proposal.
According to various sources contacted by Euractiv, these sentences could very well mean that the Space Law will be a regulation. The term “law” used by Commission officials is often purposedly used to obfuscate exactly what this piece of legislation will be.
According to the European Commission, the upcoming European Space Law will focus on three pillars: safety; stemming risk of collision from space debris, sustainability; calculating and reducing the impact of space activities, and resilience; mainly related to protection against cyber threats.
Cybersecurity
While on stage, de la Brosse explained that “space is increasingly becoming software.”
According to him, the upcoming EU Space Law will therefore focus on cybersecurity by design, hardening the security levels of space’s industry supply chain, and applying (cyber)security measures proportionally to how critical certain products are deemed.
Companies will be required to mitigate their risks, by conducting assessments and evaluating potential events threatening their infrastructure.
According to de la Brosse, companies will be required to prevent, detect and protect themselves against cyber incidents.
The upcoming EU Space Law will also provide a framework on how to handle these incidents. Eventually, the law will detail to whom and how to report cyber incidents, he added.
The Commission unit head pointed out these requirements are needed, since the latest EU cybersecurity legislation, the NIS 2 directive, only partially applies to space actors.
The directive covers telecom operators and ground segments of the EU’s space industry, but space segments are not tackled.
Sustainability
Regarding sustainability, the “level of ambition [of the law] will be quite low,” said de la Brosse, adding that currently there is no methodology to calculate the impact of space activities on the environment.
A common methodology to calculate the industry’s environmental impact is needed, before reducing the impact, he said.
[Edited by Rajnish Singh]