Regulating the Final Frontier: Why the EU Space Act Matters

Regulating the Final Frontier: Why the EU Space Act Matters

By Thao Pham & Francesco Casaril

Introduction

After years of political inertia and many wake-up calls, the EU Space Act was finally unveiled on 25 June 2025 (‘the Act’). For those of us who have been closely following the space industry, this is a long-awaited moment. Europe has been watching the rapid evolution of global space activity while grappling with rising concerns about its diminishing competitiveness, heavy reliance on foreign services and infrastructure, and growing vulnerabilities in its space assets. All of this is unfolding against a backdrop of increasing geopolitical tension. At the same time, the space domain is becoming more congested and contested, both physically due to the proliferation of satellites and debris and digitally, with escalating cyber risks to orbital and ground-based infrastructure.

The EU Space Act represents a profound and comprehensive effort to consolidate previous strategies into a harmonised legal framework for all space activities across the Union. Safety, resilience, and sustainability are the three pillars that form the backbone of the Act:

• Safety through better space traffic management (STM), trackability of space objects, and a clear strategy for debris management;
• Resilience by introducing binding cybersecurity requirements to better protect European space assets and infrastructure;
• Sustainability by making environmental impact assessments mandatory for space missions and pushing for compliance and innovation in areas like in-orbit servicing technologies or satellite end-of-life management.

At first glance, the Act might seem like bureaucratic overload, spanning 150 pages. Still, it does seek to deliver on the promises outlined in the EU Competitive Compass, which aims to cut red tape, remove barriers within the Single Market, and ensure better coordination, as also evidenced by the choice to use Article 114 of the Treaty on the Functioning of the European Union (TFEU) as the basis of the Act. The initial reactions have also been quite optimistic: Think tanks, legal experts, and academic circles broadly welcomed the Act, while voices from the industry are more mixed, although quite a few companies have expressed clear support.

However, several contentious elements in the Act are expected to come under close scrutiny, particularly those issues that touch on proportionality and concern technical details, the impact of regulation on innovation, and unresolved loopholes related to dual-use space activities. Additionally, some key details are not feasible or still missing from the current draft, raising questions about how future-proof the Act really is in such a fast-moving, complex sector.

This blog post presents some initial observations on the EU Space Act, starting with the context behind its emergence, followed by a brief overview of its core provisions and their implications for EU space actors. We then share our critical reflections on the challenges it may face as it moves through the legislative process.

Context

After years of buildup, the Commission’s long-promised space law was finally revealed. First announced in 2019 and included in the 2024 Work Programme as a Q1 target, its progress was stalled by the EU election cycle, a series of hearings, and a reshuffle in the Defence & Space portfolio. Now, with renewed political momentum, the initiative enters a new phase under the current mandate.

Several developments have underscored the urgency of a binding legal framework for Europe’s space sector. First, as orbital congestion accelerates, more than one million debris fragments larger than 1 cm now pose a threat to active satellites, and an estimated 20,000 new satellites are expected to launch over the coming decade. The once-theoretical Kessler Syndrome, the runaway cascade of orbital collisions, has become a very real concern. In response, the 2022 EU Approach to Space Traffic Management (STM) identified the need for coordinated action on collision avoidance, debris tracking, and data sharing. It proposed key measures, including upgrades to the EU Space Surveillance and Tracking network, the establishment of common operational standards, and a more prominent EU role in shaping global STM governance.

However, long-term sustainability of space activities is only one facet of the mounting risks. Strategic and security concerns have become equally pressing. Russia’s full-scale invasion of Ukraine revealed the geopolitical fragility of space infrastructure and the operational dependence on privately owned constellations, exemplified by Starlink, exposing Europe to the whims of individual commercial actors. Just hours before the 2022 invasion, a Russian cyberattack on a dual-use satellite communication network demonstrated how one single breach can cripple critical infrastructure far beyond the front line. The Commission also estimates that the cost of a cyberattack can be five times higher than that of cyber protection, translating into a potential annual savings of €320 million for manufacturers through stronger resilience measures. In this context, the 2023 EU Space Strategy for Security and Defence elevated space to a strategic domain and explicitly called for an “EU Space Law” to address emerging threats.

The case for a sovereign, resilient, and sustainable European space economy has never been clearer. Taken together, these developments provided the political and strategic impetus behind the EU’s first binding space regulation, an effort to move from ad hoc measures to a coherent, enforceable legal framework.

Major implications for EU space actors

The proposed EU Space Act introduces a transformative regulatory shift for all space operators (‘operators’) active within the Union. Anchored around three pillars - safety, resilience, and sustainability - the Act aims to harmonise national frameworks, establish shared technical and legal standards, and create a level playing field across the internal market. Its effectiveness will largely depend on how member states and private actors manage the operational and institutional changes it requires.

Central to the safety pillar is the creation of a unified authorisation and oversight system. All operators, whether domestic, foreign or intergovernmental entities such as the European Space Agency or the European Organisation for the Exploitation of Meteorological Satellites, will be required to register in the Union Register of Space Objects (URSO) and obtain an electronic certificate confirming compliance with EU standards. This new registry will be set up and managed by the EU Agency for the Space Programme (EUSPA or ‘the Agency’), marking a significant expansion of its role under the existing legal framework, particularly Regulation (EU) 2021/696 which laid down security provisions for Union flagship programmes like Galileo and Copernicus. EUSPA will support the Commission in authorising and supervising all operators providing space-based data and services within the Union, thereby placing itself as a central node in the governance of all space activities that impact EU interests (Articles 40-57).

At the same time, each member state must set up a National Competent Authority (NCA) responsible for supervising and enforcing all space activities within its jurisdiction (Articles 28-30). Countries with established regulatory and institutional capacity, such as France and Italy, are likely to adapt more easily, potentially by expanding the mandate of existing agencies. By contrast, member states with nascent or limited space sectors may face difficulties in building such authorities from the ground up. Nevertheless, the creation of NCAs, working in tandem with the Agency, presents a great opportunity to strengthen regulatory coherence across the Union.

In terms of resilience, the Act introduces a sector-specific cybersecurity regime tailored to space infrastructure, filling gaps left by existing legislation. For example, while the NIS2 Directive sets cybersecurity requirements for medium and large-sized public electronic communications networks and certain ground-segment operators, it excludes key parts of the space sector, such as spacecraft, Earth Observation and Space Situational Awareness satellites, micro-operators, launch services from outside the Union, and notably, Union-owned constellations. Similarly, the Critical Entities Relience Directive (‘CER’) does not apply to Union-owned space assets covered under the EU Space Programme.

To address these critical gaps, a dedicated risk management regime has now been established for space operators. Under Article 75, the Act designates itself as lex specialis over NIS2: for any operator already classified as an “essential” or “important” entity, the Act’s space-specific requirements supersede the more general provisions of Article 21 of NIS2. These obligations now extend across the whole value chain. The Act also complements CER by applying additional physical resilience duties. All in all, that means operators will be required to conduct comprehensive risk assessments, implement security measures proportionate to the criticality of their missions, and maintain continuity protocols across all operational phases (Articles 78-88). A new Union Space Resilience Network (EUSRN) will facilitate coordinated responses to major cyber incidents and again support harmonisation across member states (Article 94).

The Act also imposes new sustainability obligations designed to mitigate long-term risks to the orbital environment. Operators will need to calculate and report the environmental footprint of their missions, using a space-specific life cycle assessment (LCA) methodology (Article 98). Additional requirements include debris mitigation planning, mandatory subscription to collision avoidance services, and adherence to design standards that reduce light and radio pollution (Article 72).

The Act’s scope explicitly includes third-country operators such as those from the United States (US) and the United Kingdom. While the Act provides a mechanism of equivalence to ease market access (Article 28), it could still become a friction point. Yet, this approach could nudge global space governance towards greater alignment with EU norms over time, positioning the Union as a rule-setter in the evolving commercial space economy.

Challenges to the Act moving forward

The EU Space Act will now proceed through the ordinary legislative procedure involving both the European Parliament and the Council. Final adoption is unlikely before 2028, with the regulation expected to take effect around 2030. At the European Space Forum, stakeholders highlighted the extended timeline as necessary, as several sustainability requirements, such as in-orbit servicing and debris removal, are not yet viable at scale. The Commission is therefore aiming to design a future-proof framework that gives industry time to adapt and innovate through targeted research.

Beyond this prolonged process, we believe several provisions will likely spark intense debate during this next phase, especially those concerning proportionality, technical details, the impact of regulation on innovation, and unresolved loopholes related to dual-use space activities.

While the Space Act aims to support the industry, the burden of compliance, particularly regarding cybersecurity and certification, could disproportionately affect SMEs (Articles 6-10; 41; 46). According to the Commission’s own estimates, companies may face up to a 10% increase in manufacturing costs, €4,000 to €8,000 for implementing the product environmental footprint rules, and around €100,000 per product line for authorisation requirements. Although the proposal mentions support mechanisms (Articles 109-111), no concrete measures are outlined. Without reasonable, targeted assistance, many firms may be forced to scale back or even consider relocation, particularly given that around 15% of EU space startups are backed by US-based venture capital. The lack of concrete actions also applies to cybersecurity requirements for space infrastructure, which needs to align with and complement other existing frameworks like NIS2 and CER.

Secondly, some technical details may prove unworkable in practice. For instance, the proposal calls for supply chain risk management focused on software integrity and authenticity controls (Articles 80; 92). While the intent is valid, implementing this across the multilayered supply chain is near impossible, given the number (and tiers) of subcontractors involved. US space companies face similar challenges,[1] with many suppliers openly stating they cannot realistically comply.

Additionally, the proposal for constellation licensing, which grants a single approval for an entire constellation (Article 9), sounds appealing but comes with a major caveat. It applies only if all satellites are identical, performing the same tasks and launched from the same site using the same vehicle. In reality, this is rarely the case. Constellations, such as those used for Earth observation, typically comprise various types of satellites. Moreover, operators often diversify launch providers for a single constellation to reduce risk from delays, technical failures, or scheduling bottlenecks, and to optimise costs. Tying constellation licensing to a single launch configuration not only undermines operational flexibility but also inadvertently disincentivises the use of EU-based launch services, which are still ramping up capacity and competitiveness.

This launching crisis is indirectly acknowledged in Article 19, which introduced an ad-hoc derogation for third-country operators of large constellations from the authorisation process. This condition can be granted if there is “no readily available substitute or realistic alternative exists in the Union” (Article 19§2(a)) or if the operator can “promote the technological capabilities of strategic importance for the Union or Member States” (Article 19§2(b)). This language is a direct admission of Europe’s current launch capability gap and its dependency on SpaceX’s technology. As we see it, these clauses reflect a pragmatic but somewhat uncomfortable reality: the EU lacks confidence that its own industry can close the technology gap in the near future and is forced to write a legal exemption rather than risking disrupting vital deployment timelines.

A third potential point of tension lies in the classic debate over regulation versus innovation and echoes the recurring question: Is the EU regulating too much, too soon? In our view, at least when it comes to space, the answer is no. To be able to compete head-on with major space powers like China and the US requires a unified European approach. The Space Act, with its comprehensive legal framework, can provide much-needed certainty for companies, investors, and insurers to confidently scale their operations and capital commitments. When it comes to setting norms for STM and sustainability, the EU also has a chance to let the “Brussels Effect” shine.[2] If implemented well, the EU can steer global standards in a way that aligns with its values and interests, thanks to the large market size and first-mover advantage. To our knowledge, neither the US nor China have introduced regulations as comprehensive as those advanced in this Act.

Legal clarity around dual-use missions may also become a flashpoint in the legislative process. Some Members of Parliament have voiced their intent to close certain loopholes, specifically citing Article 4 of the proposal, which states: “This Regulation shall be without prejudice to the responsibilities of Member States for safeguarding national security and other essential State functions.” According to their interpretations, this clause can effectively exempt dual-use constellations from the Act’s core requirements -authorisation, licensing, and risk management. Yet, as more space assets are designed with both civilian and military applications in mind (e.g. the contract between Planet and Germany), this carve-out could become a backdoor for avoiding oversight.

One final observation: the Act remains silent on space resource utilisation with topics like space mining, in-situ resource use, or commercial activity in the (cis)lunar domains. Understandably, this is a highly sensitive area that touches on questions of international treaties, property rights, and national sovereignty. Some countries have already taken unilateral steps: Luxembourg recognises that space resources can be owned under authorisation conditions; the US grants companies property rights over extracted resources; China permits utilisation but is less clear on ownership. Therefore, providing some basic regulatory signals or a roadmap for future EU action could help support private investment and encourage European competitiveness in this growing global interest.

Conclusion

As Commissioner Kubilius rightly put it: “Fragmentation is bad for business, bad for competitiveness, and bad for our future in space.” The EU Space Act is a bold response to those issues, aiming to create a more unified and innovation-friendly environment for the European space sector. But of course, as always, the devil is in the details. In this blog post, we have outlined several areas that may face challenges in the next legislative step and during implementation, including, but not limited to, proportionality, constellation licensing, exemption clauses for foreign launch services, and dual-use loopholes. It will be interesting to see how these will be addressed (or not) in the next steps of the proposal.

Importantly, the Act focuses on supply-side fixes: integrating the Single Market, harmonising regulation, and creating conditions for space businesses to scale-up across the EU. The next step must be a strong demand-side response through increased private and public investment, as well as broader downstream adoption across various sectors. Only through this synergy can the EU transform legal clarity into genuine industrial momentum and secure its position in the next chapter of the global space economy.

 

^[1] See also Jordan & Mapp (2023)

^[2] See also Gleason & Melograna (2024),  Ünüvar (2025), and Miglio (2025)