From orbit to office: what the EU Space Act means for financial leaders

In short, the EU Space Acts (the “Act”) aims to harmonise the legal framework for space activities across the EU in three core areas, namely the safety, resilience and environmental sustainability. The Act sets out minimum key rules for tracking space objects and mitigating space debris (safety), ensuring physical and cybersecurity requirements to protect European space infrastructure including ground segments (resilience), and assessing the environmental footprint of their space activities (sustainability).

A central and publicly available Union Register for Space Objects (URSO) will list all space service providers that are allowed to freely provide their services across the EU, including third-country space operators and international organisations. Upon registration, providers will receive an e-certificate confirming compliance with the Act. The proposal will be subject to discussions in the European Parliament and Council before its final version is voted on and will likely undergo amendments. The current proposal provides for application from 1 January 2030.

The Act will apply directly to (i) public and private space operators, including operators of space objects, but also launchers, launch site operators and providers of in-space services, (ii) collision avoidance service providers, (iii) primary providers of spacebased data, which does not only refer to (earth) observation data but can also include for example satellite-based telecom providers, and (iv) international organisations providing space services or space-based data in the EU and operating space objects for these purposes.

The Act applies to both publicly and privately owned and operated space assets, including dual-use assets under civilian control. Only space objects exclusively used for defence or national security purposes, or temporarily placed under military operation and control, fall outside its scope. Although some derogations exist, non-EU space operators and launchers offering services to EU space operators or related to EU space assets will have to comply with the same obligations as their EU based counterparts. The European Commission (not Member States’authorities) will oversee non-EU space operators through their designated EU-based legal representatives.

The broader space industry supply chain will be indirectly affected. Supplier contracts must include mandatory elements such as information security requirements, obligations to provide data needed by the space operator to calculate the environmental footprint of its activities, and provisions ensuring compliance of space objects and components with legal design and manufacturing standards.

Besides mandatory authorisation and registration, a mix of technical, organisational and governance obligations apply to space operators. Research and education institutions as well as small-sized enterprises may benefit from certain exemptions and simplified regimes.

Member States may grant authorisations only to space operators meeting the Act’s requirements. Once authorised, the space operator may register in the URSO and receive an e-certificate confirming compliance. Satellite constellations may, under certain conditions, benefit from a simplified‘singleuthorisation’regime. Under this, one authorisation may cover the entire constellation based on the assessment of a single satellite, while authorities retain the right to inspect others in the constellation.

Member States must recognise the authorisations issued by others, but only as regards EU-level requirements. Member States may still apply more stringent national standards. As a result, a full level playing field is not guaranteed and forum shopping cannot be excluded.

Spacecraft operators and launchers must meet specific safety obligations. For example, launchers must submit a launch and flight safety plan as well as space debris mitigation plans containing debris control measures and end-of-life disposal plans. Spacecraft operators must subscribe to collision avoidance services, ensure spacecraft maneuverability, comply with space traffic coordination requirements, justify their orbital choices, and submit space debris and light and radio pollution mitigation plans.

Space operators - including spacecraft operators, launchers, launch site operators and in-space service providers - must manage, in accordance with the principle of proportionality, risks to both their network/information systems and physical infrastructure. Measures similar to those under the Digital Operational Resilience Act (DORA) for the financial sector, include, among other things, cybersecurity policies and staff training, identity and access control protocols for ground segments, business continuity and response and recovery plans, testing programmes for network and information systems - including threat led penetration testing (TLPT) prior to launch, crisis communication strategies and incident management processes.

In principle, the Act’s requirements will take precedence over those of the NIS2 Directive concerning space infrastructure ground segments. However, incident reporting obligations under the Act will apply without prejudice to the reporting obligations pursuant to the NIS2 and CER Directives. As with NIS2, the management body of a space operator may be held liable for risk management implementation.

Operators sharing cybersecurity information on a voluntary basis must ensure arrangements protect sensitive data and comply with business confidentiality, personal data protection, and competition law. These arrangements must include mandatory elements such as specific conditions to enter, specific operational aspects such as the use of dedicated ICT platforms and details governing the involvement of public authorities.

Space operators must comply with environmental sustainability requirements. These include calculating and declaring the environmental footprint of their activities as part of the authorisation process. The declaration must include an electronic footprint certificate issued by a qualified technical body for space activities. Aggregated datasets from these declarations may be made publicly available via a central database.

It is no coincidence that the European Commission published its Vision for a European Space Economy on the same day as the Act. The Vision outlines over 40 actions to strengthen the EU’s space ecosystem, including support for emerging areas such as space mining and in-space resource utilisation which are key interests for the Luxembourg space ecosystem.

The Act includes targeted initiatives to support space commercialisation and improve access to finance. For example, the European Commission commits to co-funding joint R&D projects in areas such as encryption technologies, on-board safety systems and in-space operations and services (ISOS) technologies. Vouchers will be made available for coaching programmes related to environmental footprint calculations. Further, initiatives will also be introduced to support SME access to TLPT services within the EU. A centralised information portal will help operators navigate and implement the Act.

The use of space-based data is increasingly important to the finance and insurance sector. In this context, the Luxembourg Space Agency and the European Investment Bank launched their “Space for Finance” partnership in May 2025, aiming to expand the satellite data usage in the financial domain.

Thanks to the Act’s (cyber)security and resilience requirements, banks and investors will be able to place greater trust in the reliability of satellite-based data. This enhanced confidence could, for instance, support ESG reporting and compliance. Space-based data can thus certainly improve financial services’ reporting and sustainability efforts. Investors will benefit from a clearer, harmonised regulatory framework which includes e-certification, mandatory registration, and publicly available data related to the environmental footprint of space activities.

The insurance sector which already uses space-based data, such as Earth Observation (EO) imagery, to validate claims and assess natural disaster damage, may also benefit from the Act’s positive impact on the safety and resilience of space activities, which they can integrate in their own risk assessments.

The Act marks a significant step towards a unified and forward-looking regulatory framework for space activities across the European Union. By establishing clear rules on safety, resilience and sustainability, the Act not only strengthens the security and environmental integrity of Europe’s space infrastructure but also creates a more predictable environment for businesses, investors, and insurers. As the legislative process unfolds, the final shape of the Act will determine how effectively it balances regulatory oversight with industry growth and competitiveness.

This article was published in the July 2025 edition of Agefi Luxembourg.