FAQs
Essential Reading
EASA Part-IS Requirements
EASA Part-IS applies to all EU-regulated aviation entities — airlines, MROs, airports, and ATM providers — with full ISMS implementation required from February 2025.
CAA CAP 1753 Cybersecurity
CAA CAP 1753 establishes cybersecurity expectations for all UK-regulated aviation entities — and the NIS Regulations create binding obligations for airports and ANSPs designated as Operators of Essential Services.
NIS2 and Aviation Operators
NIS2 fines for aviation essential entities can reach €10M or 2% of global annual turnover — with personal management liability introduced for the first time.
GPS Spoofing Aircraft Protection
Over 1,000 GPS spoofing incidents were reported in 2023 alone — affecting aircraft across Middle East, Black Sea, and Baltic regions with false position data and navigation disruptions.
Aviation Cyber Incident Reporting
A single aviation cyber incident can trigger simultaneous reporting obligations to the CAA, ICO, EASA/NAA, and NCSC — with the ICO's 72-hour deadline running from the moment you become aware.