EU regulation defines the framework and minimum requirements for cyber security management in aviation.
This page contains the aviation cyber security regulations that apply to aviation organisations and explains the obligations they impose. Furthermore, cyber security is included in the airworthiness requirements of aviation products (e.g. aircraft), parts and components.
The security of aviation information systems is also covered by other regulation (e.g. the EU General Data Protection Regulation, GDPR), but the focus here is on regulation aiming to maintain and strengthen aviation safety, aviation security and societal resilience.
LATEST NEWS IN AVIATION CYBERSECURITY LEGISTLATION
This list contains the latest publication news in aviation cybersecurity legislation. For more details, see the content from this web page below the list.
- On 25 August 2025, EASA released an updated Part IS FAQ (External link) with 20 new questions and answers and 8 updated answers.
- 24 July 2025 EASA released an update to Part IS's AMC and GM material (External link).
- The Cybersecurity Act was approved by The Finnish Parliament on 25 March 2025. The obligations under the NIS2 Directive entered into force on 8 April 2025. A link to Traficom's press release can be found here (External link).
- Invitation to Traficom`s webinar (in Finnish) on aviation cyber security current themes on (External link) 18th September 2024 at 01-03 pm (External link)
- On June 12, 2024, EASA published the revision for The Easy Access Rules for Information Security (External link). It includes Part-IS regulations (EU) 2023/203 ja (EU) 2022/1645 and their related AMC- and GM-material displayed in a consolidated, easy-to-read format with advanced navigation features through links and bookmarks.