As Europe’s sovereign constellation IRIS², a multi-orbital fleet of 290 satellites under the SpaceRISE concession signed in late 2024, edges toward initial deployments by 2030,1 and Starlink’s megaconstellation continues its deep penetration of the Union market (fully operational in Romania since mid-2025 following landmark EPFD tests with ANCOM and the Ministry of Defence),2 the European regulatory landscape has crystallised into a formidable triad. The Proposal for a Regulation on the Safety, Resilience and Sustainability of Space Operations (EU Space Act, COM(2025) 335 final, June 2025),3 the Artificial Intelligence Act (Regulation (EU) 2024/1689),4 and the Cyber Resilience Act (Regulation (EU) 2024/2847)5 collectively impose the world’s first horizontal regime governing orbital safety, high-risk autonomy, and lifecycle cybersecurity - binding not only Union operators but any constellation serving European users or overflying Union territory.
The EU Space Act establishes unified authorisation for Union operators (Title II) and mandatory assessment/registration for third-country providers whose objects overfly the Union or provide services therein (Title III), with tailored all-hazard resilience requirements (Title IV, Chapter II) operating as lex specialis to NIS2.6 Collision-avoidance manoeuvrability, debris mitigation plans and sustainability reporting become non-derogable.
The Cyber Resilience Act overlays security-by-design on critical digital components - onboard processors, ground-segment software, user terminals - demanding exploited-vulnerability reporting within 24 hours, comprehensive handling protocols and minimum five-year support periods (Arts. 13–14; Annex I).7 Non-compliance invites fines up to €15 million or 2.5 % worldwide annual turnover (Art. 64).
The AI Act completes the lattice by classifying autonomous collision-avoidance and swarm-management systems in space operations as high-risk (Annex III, point 4; Arts. 6-7),8 triggering conformity assessments, transparency logs, robustness testing and human oversight - obligations that cascade extraterritorially whenever outputs affect persons in the Union (Recital 22).
IRIS², bridging GOVSATCOM interim services from 2025 toward full sovereignty by 2030, must embed triad compliance from design: high-risk AI for inter-satellite routing, CRA-secured quantum-key distribution payloads, and Space Act sustainability metrics for its multi-orbital architecture.9 Starlink, having secured Romanian endorsement for relaxed EPFD limits in April 2025 and full commercial rollout thereafter,10 confronts the triad via market-placement triggers: user terminals distributed in the Union invoke CRA lifecycle obligations, while autonomous conjunction avoidance, increasingly AI-driven amid 40 000+ satellites, falls squarely within AI Act high-risk scope.11
The “Brussels Effect” (Bradford, 2020)12 thus exports European standards globally: non-EU operators serving Union citizens must appoint EU representatives, submit to notified-body audits and align with delegated acts yet to come.
Romania, ESA member since 2011 (Law No. 262/2011), IRIS² contributor and host to Starlink’s pioneering EPFD trials, occupies a privileged nexus. Absent dedicated national space legislation, the triad’s density risks SME strangulation, yet Bucharest’s proven collaboration with SpaceX and growing cyber-space talent pool (DNSC, ENISA partnerships) positions it ideally as notified body under CRA Article 36, conformity-assessment hub for AI Act high-risk space systems, and potential Space Traffic Management Centre of Excellence.13
Three pathways illuminate:
Abstract: The European Union's push to legally mandate the removal of Huawei and ZTE from telecom networks unveils profound legal, economic, and geopolitical challenges, demanding innovative frameworks for cyber resilience and supply chain sovereignty. This white paper explores implications and proposes innovative institutional, market and framework solutions grounded in international law and STEAM methodologies.
Weekly Aerospace Digest for Aug 3-9, 2025: Romania's €2B Israel air defense deal amid EU procurement scrutiny; Black Sea Air Show showcasing US-Romanian-German synergies; Pentagon's push to streamline regulations; US-EU tariff exemptions for aircraft; AI's rising role in aerospace liability. Includes space weather calm, STEM history, and upcoming events, urging innovative policies for multi-planetary futures
A Critical Examination of SpaceX's Starship 36 Incident and Mexico's Assertions. Evoking Trail Smelter precedents, the analysis favors terrestrial laws (e.g., La Paz Agreement) over space treaties, critiques unsubstantiated ecological claims, and advocates Artemis Accords-inspired diplomacy for synergistic resolutions - lest cosmic dreams fizzle in earthly squabbles. From a Romanian-EU lens, it urges harmonized protocols to fuel innovation sans sovereignty spats.
.svg)
Partner with Mararu & Mararu SCA to advance your aviation, space, and defense capabilities and initiatives. We provide game-changing and strategic legal support and frameworks that enable fearless innovation, effortless regulatory adherence, and mission-critical achievements — strengthening operational endurance and sector dominance. Launch Your Strategy
Connect today to chart the path forward.
