Legislation on aviation cyber security

EU regulation defines the framework and minimum requirements for cyber security management in aviation.

This page contains the aviation cyber security regulations that apply to aviation organisations and explains the obligations they impose. Furthermore, cyber security is included in the airworthiness requirements of aviation products (e.g. aircraft), parts and components.

The security of aviation information systems is also covered by other regulation (e.g. the EU General Data Protection Regulation, GDPR), but the focus here is on regulation aiming to maintain and strengthen aviation safety, aviation security and societal resilience.

Current applicable aviation cybersecurity regulation and estimate schedules for changes for coming years

This list contains the latest publication news in aviation cybersecurity legislation. For more details, see the content from this web page below the list.

On October 31, 2023, 2023 EASA published "First Easy Access Rules for Information Security (External link)". It includes Part-IS regulations (EU) 2023/203 ja (EU) 2022/1645 and their related AMC- and GM-material displayed in a consolidated, easy-to-read format with advanced navigation features through links and bookmarks.
On 3 October 2023, the Ministry of Transport and Communications published a request for a statement on the draft government proposal to implement the Cybersecurity Directive (NIS2) (External link). Statements may be made until 28 November 2023.