Security
Cyber Security
What is Aviation Cybersecurity?
It refers to aviation operators and service providers that identify and manage information security risks to information and communications technology systems and data used in civil aviation that have or may have an impact on aviation security or aviation security, as well as strengthening the resilience of the aviation system.
The aviation system is a system of widely interconnected systems that requires the aviation industry and operators to have current awareness of direct and indirect cybersecurity threats.
What is the role of AESA?
The aim of the regulatory and supervisory work by the civil aviation authority is to ensure that aviation operators and service providers have sufficient capacity in aviation cybersecurity management in an ever-changing operational environment.
Which regulation is applicable?
- RSIAC Certification
- Provisional list of validation RSIAC 1/2024
- RSIAC certification procedure resolution, by validation
SECURITY The
cybersecurity regulation is included in Commission Implementing Regulation (EU) 2015/1998, updated by Commission Implementing Regulation (EU) 2019/1583, with entry into force on 31 December 2021.
The requirements apply to airport operators, air carriers and entities as defined in the National Civil Aviation Security Programme (PNS).
For any questions on this matter, you can contact cybersecurity.aesa@seguridadaerea.es
The regulation
on cybersecurity is contained in Implementing Regulation (EU) 2023/203 and Decision 2022/1645, with entry into force, depending on the entity involved, on 16 October 2025 and 22 February 2026.
You can consult the FAQ section for further information on the implementation of the PART-IS Regulation