The European Space Law (EUSL)

What is the European Space Law (EUSL)?

On the 13th of September 2023, in the State of the Union, President von der Leyen presented Commission priorities for 2024.

The Letter of intent included an initiative for an EU Space Law (EUSL). The legislative proposal envisages common EU rules addressing the safety, resilience and sustainability of space activities and operations. It intends to avoid and remove fragmentation and barriers across the single market caused by the heterogeneity or lack of national space legislations, while ensuring the competitiveness of the European space sector in an international trade context.

On the 10th of March 2023, the European Commission and the High Representative presented for the first time a Joint Communication on a European Space Strategy for Security and Defence.

The Strategy proposes actions to strengthen the resilience and protection of space systems and services in the EU. The Commission should:

- Propose a European Space Law (EUSL) to provide a common framework for security, safety, and sustainability in Space, that would ensure a consistent and EU-wide approach.

- Set up an Information Sharing and Analysis Centre (ISAC) to raise awareness and facilitate exchange of best practices among commercial and relevant public entities on resilience measures for space capabilities.

- Launch preparatory work to ensure long-term EU autonomous access to space, addressing in particular the security and defence needs.

- Enhance the technological sovereignty of the EU by reducing strategic dependencies and ensuring security of supply for space and defence, in close coordination with the European Defence Agency and the European Space Agency.

Note, from Cyber Risk GmbH: We are closely monitoring the developments and will keep you updated with any significant changes. The European Commission has been preparing the challenging European Space Law for years, and the release date of the proposal has been postponed twice. We expect the proposal in Q3, 2024 (this is our estimate, it has not been confirmed).

EU Space Strategy for Security and Defence.

The EU Space Strategy for Security and Defence is the next step after the Strategic Compass for Security and Defence. You can find more at Understanding the Strategic Compass for Security and Defence, from Cyber Risk GmbH.

The Strategic Compass for Security and Defence defined space as a strategic domain, the security of which must be ensured.

The EU Space Strategy for Security and Defence outlines the main threats in space that put at risk space systems and their ground infrastructure, building on a common definition of the space domain. To increase the common understanding of threats across Member States, the High Representative will prepare a classified annual space threat landscape analysis at EU level.

The EU Space Strategy for Security and Defence asks to maximise the use of space for security and defence. The Strategy asks to:

- Launch two pilot projects, one to test the delivery of initial space domain awareness services building upon capacities of Member States, and a second one to test a new earth observation governmental service as part of the evolution of Copernicus.

- Better connect space, defence and security at EU level and ensure synergies and cross-fertilisation, notably in terms of research and development.

- Propose concrete measures to foster collaborative work between space and defence start-ups. Enhance skills related to the development of space services for security and defence.

Space as a strategic domain.

Europe is a global space power. The European Union (EU) owns and operates space assets for positioning, navigation and timing (PNT - Galileo) and earth observation (EO - Copernicus) and will launch a third constellation, Union Security Connectivity Programme (IRIS²), for secure communications.

Member States own and operate national space assets, including assets that serve security and defence purposes. The EU Satellite Centre (SatCen) provides a unique geospatial intelligence analysis capability, to support decision-making and actions of the EU and its Member States.

Space is critical for the strategic autonomy of the EU and its Member States. The functioning of economies, citizens and public policies increasingly relies on space-related services and data, including those in the field of security and defence. Space also contributes to achieving the EU’s political agenda, enabling the digital and green transitions, and enhancing its resilience.

Yet, space is an increasingly contested area.

Some space powers have the capabilities to target critical space infrastructure. Some of them have developed and tested anti-satellite capabilities that can disrupt or destroy space systems and services.

Most recently, in November 2021, Russia tested an anti-satellite (ASAT) weapon against one of its own satellites, generating a large amount of space debris. China pursues its geopolitical agenda through its growing presence in space and is developing extensive space programmes and counterspace capabilities.

In a geopolitical context of increasing power competition and intensification of threats to the EU and its Member States, EU leaders have identified space as a strategic domain in the Strategic Compass and have called for an EU Space Strategy for security and defence.

The EU Security Union Strategy recognises space infrastructure as essential services which must be adequately protected against current and anticipated threats and be resilient.

The EU and its Member States will continue to promote the preservation of a safe and secure space environment and the peaceful use of outer space on an equitable and mutually acceptable basis.

The EU recognises outer space as a global commons. It is committed to the mutually reinforcing role of transparency and confidence-building measures, by reducing the risks of misperception, miscalculation, and unintended conflict escalation. Additional measures are needed to defend the EU’s strategic interests and to deter hostile activities in and from space.

While privileging international cooperation and promoting responsible behaviours in space, the EU will also strengthen its strategic posture and autonomy in the space domain.

It will make space systems and services more resilient, respond to any hostile activities or threats and further develop space-enabled services for security and defence.

The definition of the space domain.

The space domain includes any element relevant for the functioning of space systems and the delivery of space-based services in the EU and the Member States, e.g.: the outer space environment, the various relevant orbits and spacecraft and related information on the systems they belong to, the ground and launch infrastructure, radio frequency links, user terminals and cyber. It also includes the underlying industrial space sector.

Counterspace and threats in the space domain.

Unlike safety risks arising from technical incidents, accidents and natural hazards, space threats are intentionally hostile activities through counterspace capabilities. Counterspace is used to demonstrate capabilities, deter competitors, deny them the use of their space systems or gain an information advantage. They are directed to space assets in orbit, their supporting ground infrastructure, and the data links between them.

The effects of counterspace are to intentionally disrupt, degrade, destroy, deceive, or deny the use of space systems, and to inspect, manipulate, eavesdrop, or intercept corresponding data as well as deny access or freedom of movement in the space domain. The effects of counterspace may be reversible or irreversible Counterspace capabilities can take many different forms, such as kinetic measures3 against spacecraft or ground infrastructure, or directed energy.

The specific features of space infrastructure – both in orbit and on the ground – also make it particularly vulnerable to cyberattacks. Beyond space systems, counterspace can interfere with the space sector as a whole, including underlying supply chains and radiofrequency spectrum.

Several third countries have been developing and maintaining counterspace capabilities and related doctrines. However, since most space technologies are dual use, what constitutes a space threat cannot be identified by observing space objects, technologies or space capabilities in isolation, but by taking into account behaviour.

Assessing space threats requires a comprehensive analysis of capabilities and related behaviours in orbit, on the ground and in the cyber domain based on a thorough understanding of counterspace capabilities.

An EU-wide security framework for the protection of space systems, information sharing and cooperation on space security incidents.

Some Member States have put national rules in place to regulate space operations, including security aspects. Without a common framework, these rules may differ. This divergence could affect the competitiveness of the EU space industry and the security of the EU.

To ensure a consistent EU-wide approach, and building on the joint communication on an EU Approach for Space Traffic Management, the Commission will consider proposing an EU Space Law. While protecting national security interests, such legislative proposal could provide the framework to collectively enhance the level of resilience of space systems and services in the EU and ensure coordination between Member States, including in remote strategic ground infrastructure locations such as the EU outermost regions.

It could provide a comprehensive and consistent framework for resilience of space systems and services in the EU, together with the NIS 2 and CER Directives. The Commission will take as a starting point, for stakeholder consultation and impact assessment of options, certain key features of those existing regimes, and the experience in their application, where relevant. For example, Member States could be required to identify essential space systems and services.

This could include major supply chain actors, to define and implement a common minimum level of resilience for critical space services and to develop coordinated national preparedness and resilience plans and emergency protocols. The initiative could also extend to developing security monitoring centres, to allow for the notification of security incidents in a systematic manner.

The Commission could also consider requirements to make sure that security, including cyber-security, is part of the design of all space systems delivering essential services. It could propose the more systematic integration of relevant security standards in the early design phase of these systems.

Moreover, the Commission would incentivise the exchange of information on threats targeting space assets or their supply chain, focusing on actionable information to relevant security operation centres (SOCs).

Building on its experience for Galileo, the EU Space Programme Agency (EUSPA) would ensure a consistent security monitoring of all EU space programmes. In close cooperation with the Commission, the Computer Security Incident Response Team of all the EU institutions (CERT-EU) and the European Union Agency for Cybersecurity (ENISA), EUSPA will play a key role as space security monitoring and operations centre in the EU. On request, it may also assist operators of essential space systems and services in Member States.

Space services are provided by public and private operators, with an increasing and dynamic role for New Space. A common understanding of what the essential space services are is necessary to share relevant security information, coordinate actions and facilitate EU cooperation.

In complement to such a possible legislative proposal, the Commission would raise awareness and facilitate the exchange of best practices among commercial entities on resilience measures, including cyber-related ones. Such supporting measures would be especially relevant for SMEs, including New Space. In this context, the Commission, with the support of EUSPA, would consider establishing an Information Sharing and Analysis Centre (ISAC), bringing together commercial entities, and relevant public entities, including possibly the European Space Agency (ESA).

In addition, the implementation of the NIS 2 Directive and the Cyber Resilience Act, as well as other existing cybersecurity frameworks, will incentivise the uptake of cybersecurity requirements for critical digital products that are used in space. Specific cybersecurity standards and procedures in the space domain could be considered as part of the EU Space Law where relevant.

Finally, greater steering of the EU in the development of standards and its better representation in international standardisation organisations are crucial, in particular to protect the security interests of the EU and its Member States. Coherence with North Atlantic Treaty Organization (NATO) standards will be encouraged.