Mapping of EU cybersecurity rules on aviation endorsed by the NIS Cooperation group

Mapping of EU cybersecurity rules on aviation endorsed by the NIS Cooperation group

The mapping of EU cybersecurity rules applicable to the aviation sector (Part-IS, NIS2 and AVSEC) has been endorsed by the NIS Cooperation Group. 
This concludes a process that began almost two years ago with the EU Commission leading the efforts with the support of EASA and ENISA and the participation of the authorities from the Member States (Competent, Appropriate and NIS authorities)

The aim of the Aviation Cybersecurity Subgroup that was formed for this purpose was to provide guidance to enable a harmonised approach and facilitate the effective and cost-efficient implementation of European information security measures in the aviation domain.

Among other elements, the mapping document aims to provide support towards the following:

• Clarify where aviation stakeholders fall in the scope of the respective rules
• Identify requirements in areas where aviation regulations could constitute compliance with the requirements of NIS2
• Avoid potential gaps or duplications of cybersecurity obligations on aviation entities 
• Enhance coordination among authorities for the recognition & oversight of cybersecurity measures
• Support aviation entities in integrating all cybersecurity frameworks to increase efficiency and minimize unnecessary administrative and operational burden

The document includes the following thematic areas:

• Interplay between Article 21 cybersecurity risk management measures of NIS2 and the Part-IS requirements and the requirements stemming from point 1.7 of the Annex to the Implementing Reg. 2015/1998
• Interplay between the Article 23 on reporting obligations of NIS and relevant Part-IS requirements
• Terms & definitions used under the three frameworks
• Key common points and differences between the three frameworks
• Relevant sources and guidance material per framework
   

This document will serve as non-binding reference that can be used by authorities to identify overlaps and potential gaps with regards to EU cybersecurity requirements of different frameworks applicable to aviation organisations.

The NIS Cooperation Group has decided that this material will be disseminated only to the authorities of the Member States and to the stakeholders groups that participated in the consultation last summer. This means that for the time being the document is not publicly available.

Under the related content below you may find a brief presentation of the mapping contents and the objectives of the Aviation Cybersecurity Subgroup as well as other relevant material.