Sorry, you need to enable JavaScript to visit this website.
calendario

Last modified: Tuesday, 23 December 2025

AESA prepares for the implementation of the European cybersecurity regulation (PART-IS) in the field of air navigation

AESA prepares for the implementation of the European cybersecurity regulation (PART-IS) in the field of air navigation
  • The State Aviation Safety Agency (AESA) has published three guidelines to guide organizations in the implementation of the regulations.
  • The regulation will come into force on 22 February 2026.
Tuesday, December 23, 2025
Suscribirse a canal de noticias Noticias Aesa

 

Madrid, 23 December 2025 (AESA)

The State Aviation Safety Agency (AESA) has developed three technical guides to help air navigation organisations implement European cybersecurity regulations (PART-IS). 

Europe regulates the management of information security risks that may have an impact on the safety of air transport. This work is based on Commission Implementing Regulation (EU) 2023/203 of 27 October 2022 laying down rules for the application of Regulation (EU) 2018/1139 of the European Parliament and of the Council as regards requirements for the management of information security risks that may have an impact on aviation safety.
This Regulation applies to: 

  • Air navigation and air traffic management (ATM/ANS) service providers, in accordance with Implementing Regulation (EU) 2017/373.
  • Air traffic controller training organisations, in accordance with Regulation (EU) 2015/340.
  • U-space and common information service providers, in accordance with Implementing Regulation (EU) 2021/664.


With the aim of guiding organizations in the field of air navigation in the implementation of the Regulation, which will come into application on February 22, 2026, AESA has developed and published, with the collaboration of the organizations themselves, the following guides:

  • Guide to the development of the Information Security Management Manual (MGSI or ISMM).
  • Guide to the development of a procedure for the management of changes to the Information Security Management System (ISMS).
  • Guide to define the process to be followed by organisations to apply for exemptions under Implementing Regulation (EU) 2023/203.
     

The new guidance material is available at the following links:

With this, AESA reaffirms its commitment to organizations in this area to continue advancing in the strengthening of cybersecurity.