Compliance & Regulation
Essential Reading
CAA Cybersecurity Requirements
CAA CAP 1753 establishes the UK's aviation cybersecurity strategy — all regulated aviation entities are expected to have documented, proportionate security programmes.
EASA Part-IS
EASA Part-IS entered into force January 2023 — binding cybersecurity requirements now apply to all EU-regulated airlines, MROs, and ATM providers.
NIS2 and Aviation
NIS2 fines for aviation operators can reach €10 million or 2% of global annual turnover — and personal liability for senior managers was introduced for the first time.
Further Reading
ICAO Annex 17 Cybersecurity
ICAO Annex 17 Amendment 17 (2022) explicitly addresses cybersecurity for the first time — requiring all 193 member states to establish national aviation cybersecurity frameworks.
Aviation and GDPR
British Airways fined £20M by the ICO in 2020 for a breach exposing 500,000 customers' data — reduced from an original proposed fine of £183M.