The EU Space Act: A new proposal, towards a European space economy

On June 25, 2025, the European Commission unveiled the long-awaited proposal for a Regulation on the safety, resilience and sustainability of space activities in the Union (the “Proposal” or “EU Space Bill”) marking a decisive step towards establishing a harmonised and comprehensive regulatory framework for space-based data and space services  across the European Union to achieve a high common level of safety, resilience and environmental sustainability of space services. The Proposal responds to growing calls from industry stakeholders, Member States, and EU institutions for clearer and more consistent rules governing commercial space operations.

Until now, the regulation of space activities in Europe has been left largely to the discretion of individual Member States, with 13 national space laws currently in place, each adopting distinct legal approaches. This fragmented legal environment has led to inconsistencies, duplicative authorisation requirements, and increased compliance burdens for operators engaging in cross-border space activities. As a result, businesses – particularly startups and SMEs – have faced obstacles in scaling their operations and competing globally, while the EU has struggled to present itself as a unified player in the international space sector.

The EU Space Bill aims to remove these barriers, creating the conditions for a Single Market for Space. Its key objectives are to:

• Provide legal certainty and coherence across the Union;
• Streamline authorisation processes and supervision of space activities;
• Open the market to new players, enabling startups and SMEs to thrive;
• Enhance space safety, resilience, and sustainability;
• Strengthen the EU’s strategic autonomy in the space domain.

To these ends, the Proposal introduces a set of common rules for the authorisation, supervision, and safety of space activities carried out in the EU (both by EU operators and providers established in third countries) including satellite launches, in-orbit servicing, and space debris removal. While national authorities will remain responsible for granting authorisations, they will do so within a common EU/harmonised framework, under the guidance of the European Commission and in coordination with the EU Agency for the Space Programme (EUSPA or the “Agency”) and the European Space Agency (ESA).

As detailed in Article 2, the scope of the EU Space Bill appears wide, as it encompasses both EU and non-EU operators offering their services within the EU internal market. Actually, this represents quite a material evolution: authorisations will now be required not just for traditional satellite or launch operators, but also for emerging services such as Earth observation analytics, inter-satellite communications, and in-orbit demonstrations, etc. Notably, the Proposal also covers assets owned by the European Union and by Member States, as well as, under certain conditions, assets operated by international organisations.

However, under Article 4, the Proposal does not affect Member States’ competence in matters of national security. This exclusion is reaffirmed by Article 2(5) and Recital 36, which state that the EU Space Bill shall not apply to space objects used exclusively for defence or national security purposes, or temporarily placed under military control. Moreover, Article 2(3) establishes temporal and sectoral limitations, such as the non-applicability of certain authorisation requirements to space launches prior to 1st January 2030.

Access to the space market: towards a Unified European Licence?

As indicated above, the Commission’s key objective with the Proposal is to harmonise fragmented national rules from 13 jurisdictions and develop an EU-wide single market for space services (Article 1(1) EU Space Bill).

In this regard, following the approach of the Member States that have already issued a specific national space legal framework, the Proposal provides that space operators must obtain an authorisation from a Member State before they can carry out space activities or provide space service - while “light regimes” are introduced in case of operators that are SMEs, research or education institutions or operators applying simplified risk management. The authorisation shall demonstrate compliance with the technical, operational, and safety requirements set out in Title IV, Chapters I to V of the Proposal and has to be granted by the competent authority of the Member State where the operator is established and, if different, by the authority of the Member State from which the operator intends to launch or operate. In this regard, the application must include a detailed technical assessment and Member States may determine - to a certain extent - the entity that will be in charge of carrying out the technical assessment (e.g., through qualified technical bodies for space activities, international organisations with technical expertise, the EUSPA or by combining the above options).

Member States may coordinate to facilitate the authorisation process across jurisdictions. The technical assessment must be completed within 6 months, and the competent authority must issue or deny the authorisation within 12 months of receiving a complete application.

On the other hand, third-country space operators and international organisations must follow a specific authorisation and registration process before they can provide space-based data or space services within the European Union. These entities must apply for registration in the Union Register of Space Objects (“URSO”), managed by the EUSPA, and obtain an electronic certificate (e-certificate) which basically confirms the compliance with the applicable EU requirements. The registration is based either on a Commission equivalence decision (through Article 105) or a case-by-case technical assessment by the EUSPA and approval by the Commission. Operators must provide evidence of compliance with relevant provisions of Title IV and identify a legal representative within the EU. In certain cases, derogations may be granted when justified by public interest and approved through a formal process involving both the EUSPA and the Commission. Once registered and certified, third-country operators must include the e-certificate in contracts for the provision of space services or space-based data within the EU. The EUSPA may suspend or withdraw the registration in case of non-compliance or revocation of authorisation in the third country.

In this regard, it is worth noting that the Proposal introduces a specific procedure also for operators intending to carry out space operations through specific EU owned assets.

Resilience and Security: the Proposal’s second pillar

Another ambitious pillar of the Proposal is the introduction of a dedicated resilience framework, with a particular focus on cybersecurity. Recognising that space infrastructure has become a critical component of Europe’s strategic autonomy – supporting everything from communications and navigation to defence applications – the Proposal opts for a tailored, sector-specific regime that complements and, where necessary, overrides general EU cybersecurity law. In this sense, the EU Space Bill operates as a lex specialis within the meaning of Article 4 of the NIS 2 Directive, effectively taking precedence for space operators that are classified as essential or important entities under that framework (Article. 75).

Rather than applying a one-size-fits-all approach, the Proposal requires each operator to establish a comprehensive risk management system that spans the entire lifecycle of a space mission - from initial design and manufacturing, through launch and in-orbit operation, and extending to end-of-life decommissioning and disposal (Article 76(4)). These systems must account for both digital and physical threats, ensuring continuity of operations even in the event of disruptions or hostile incidents.

Among the concrete obligations, operators will have to implement protective measures across the supply chain (Article 77), enforce robust access controls and physical safeguards for infrastructure (Articles 79-80) and ensure that systems are capable of detecting and responding to cybersecurity incidents in real time (Article 84). Business continuity planning is also required, and operators are expected to adopt specific recovery mechanisms and backup procedures (Article 86). Communications and control data must be encrypted using secure and certified cryptographic protocols (Article 83), a requirement that clearly reflects the rising concern over the vulnerability of satellite telecommands and mission data to cyber intrusion.

Among the concrete obligations introduced, operators will be required to put in place protective measures throughout the entire supply chain (Article 77). They will also need to enforce strong access controls and implement physical safeguards for their infrastructure (Articles 79-80), as well as ensure that their systems can detect and respond to cybersecurity incidents in real time (Article 84). Business continuity is another key focus: operators must establish clear recovery mechanisms and backup procedures (Article 86).

Additionally, communications and control data must be encrypted using secure, certified cryptographic protocols (Article 83) – a requirement that highlights growing concerns about the susceptibility of satellite telecommands and mission data to cyber threats.

Notably, the Proposal places direct responsibility on the management of space operators for ensuring that these measures are implemented and kept up to date.

The safety and sustainability “pillar” and its compliance costs

The third major pillar of the EU Space Bill is sustainability - a concept that shifts from soft law principles to binding legal obligations. Operators must perform Life Cycle Assessments (LCAs) for each mission and submit environmental footprint declarations (EFDs) as part of their authorisation (Articles 96-98). These obligations are tied to a broader effort to develop a unified methodology for assessing the environmental impact of space activities, including disposal, propellant emissions, and re-entry risks (Recital 11, Article 97(3)). Operators must also ensure spacecraft are trackable, capable of avoiding collisions, and able to deorbit at end-of-life. The use of collision avoidance services is mandatory, and coordination procedures for high-interest event alerts are detailed. Missions launched after 2034 involving in-orbit servicing or active debris removal must comply with advanced sustainability criteria, including compatibility with interoperable servicing interfaces.

Compliance with these sustainability obligations introduces significant costs. The Commission’s impact assessment estimates that launch service providers may face additional expenses between €200,000 and €1.5 million per mission, and satellite operators could see a 10% increase in manufacturing and operational costs. No liability cap is introduced – unlike in other European jurisdictions such as France and Germany – potentially discouraging entry by smaller actors, while at the same time encouraging development of risk mitigation technologies and practices (Recitals 65 and 66).

As regards enforcement, the Proposal requires Member States to establish appropriate penalties for non-compliance, ensuring they are effective, proportionate and dissuasive. While the type and level of sanctions are left to national authorities, the overall framework aims to guarantee consistent application across the Union. In more serious cases - particularly involving third-country operators - the Commission and EUSPA may intervene directly, including through the suspension or withdrawal of authorisations or registrations, effectively restricting access to the EU market.

Next steps

The Proposal will enter into force twenty days after its publication in the Official Journal, but most of its obligations will apply only after an eighteen-month transitional period; in any case, the EU Space Bill will apply from January 1^st, 2030. The transitional period is in any case intended to give Member States, operators and institutions the necessary time to prepare for full implementation. In addition, space missions launched before January 1^st, 2030 are explicitly excluded from some of the new requirements, providing regulatory continuity for already planned operations.

Authored by Marco Berliri, Giacomo Bertelli, and Alessandro Bacchilega.