The EU Space Act, a legislative initiative launched by the European Commission on June 25, aspires to establish Europe as a model for responsible space governance, covering everything from orbital debris mitigation to cybersecurity and infrastructure resilience.1
While these goals are commendable, the current draft risks imposing duplicative and, at times, conflicting obligations on U.S. space companies operating in or serving the EU market.
This article highlights four pressure points where extraterritorial scope, regulatory misalignment and procedural opacity could disrupt commercial activity and innovation on both sides of the Atlantic. We also offer concrete paths forward to resolve these challenges.
1. Extraterritorial Reach and New Obligations
Articles 15 through 17 of the draft act set forth requirements applicable to third-country space operators. These provisions extend the act’s extraterritorial jurisdiction, and would subject U.S. companies to the EU’s regulatory authority across several domains, including operational licensing, debris mitigation and cybersecurity. These are areas where U.S. law may not yet impose comparable obligations.
This could disproportionately affect U.S. companies that wish to serve European customers as launch providers, satellite operators or data service providers.
Without mechanisms to account for existing U.S. licensing and oversight, firms may face duplicative or misaligned regulatory requirements. The result could be additional administrative burden, cost and market-entry delays.
Policy Takeaway
The EU and U.S. should negotiate an equivalency safe harbor. This would allow compliance with one jurisdiction’s regime to satisfy the core obligations of the other. There are clear precedents for this approach in sectors such as aviation, pharmaceuticals and data privacy.
Space activities should be treated with the same level of regulatory cooperation.
2. Cybersecurity Framework Misalignment
The act imposes certain cybersecurity risk-management obligations consistent with the European Parliament’s Directive (EU) 2022/2557.
While many U.S. companies, especially those within the defense industrial base, are already aligned with the National Institute of Standards and Technology SP 800–171 standards, it remains unclear how well the directive maps to that framework.
There are meaningful differences in scope, control families — the categories used to organize related cybersecurity controls, such as access control, incident response, or system integrity — and enforcement mechanisms between the two regimes. This could result in obligations that are not only duplicative but potentially conflicting.
Companies may be required to design compliance programs that meet two separate sets of expectations, without any assurance of regulatory interoperability.
Policy Takeaway
The EU should publish a concordance matrix that compares its directive to globally accepted frameworks, such as the NIST and ISO 27001. Mutual recognition of equivalent cybersecurity outcomes would protect space infrastructure without discouraging international participation.
3. Questions of Equivalency and Legal Overlap
The draft act introduces a process for “third-country equivalence decisions,” allowing the European Union Agency for the Space Programme to recognize foreign regulatory frameworks as functionally equivalent.
A third-party equivalence decision-making process would permit non-EU space operators to demonstrate that their home country imposes requirements comparable to those in the act, thereby reducing or eliminating the need for duplicative compliance. This is a promising tool but will require coordination and clarity.
While certain U.S. frameworks, such as those from the Federal Communications Commission, the National Oceanic and Atmospheric Administration and rules the U.S. Department of Commerce is expected to issue, may satisfy some EU requirements, there are still notable gaps.
The Commerce Department is expected to establish a mission authorization framework for novel commercial space activities that are not currently covered by existing licensing authorities. These include activities such as in-space servicing, assembly and manufacturing, as well as orbital debris mitigation and removal. However, that framework has not yet been implemented.
In particular, on-orbit activities, which are operations performed by spacecraft while in space — such as servicing, assembly and manufacturing — that extend beyond remote sensing and spectrum usage are not currently addressed in U.S. law in a way that would meet the EU’s new expectations.
Unless the equivalency process is used to bridge those gaps, U.S. operators may be required to comply with entirely new layers of regulation, simply by virtue of having European customers or infrastructure ties.
Policy Takeaway
The U.S. Department of State should prioritize bilateral dialogue on equivalency determinations, and advocate for recognition of existing U.S. frameworks where appropriate. Doing so would allow U.S. companies to continue serving European markets without the weight of overlapping licensing and compliance burdens.
4. Structural and Drafting Challenges Within the Act
Beyond its substantive provisions, the act is notable for its breadth, complexity, and frequent reliance on cross-references and annexes. This structure may impose substantial administrative burdens not only on third-country operators but also on EU-based space companies.
Article 70 is a good example of this issue. It illustrates a degree of vagueness and dependence on delegated acts that could complicate both compliance and enforcement. If key requirements are set by future implementing rules, operators will struggle to assess risk and invest with confidence.
Policy Takeaway
The EU should consider ways to streamline the structure of the act, particularly where complexity may hinder rather than help effective governance. Ensuring that the legal obligations are clear and that transatlantic frameworks are mutually recognized would help the act achieve its policy goals without restricting innovation and competition.
Conclusion
The EU Space Act has the potential to raise global standards for safety and sustainability in space. At the same time, its extraterritorial scope, cybersecurity ambiguities, and procedural complexity risk undermining innovation and limiting the agility of commercial operators.
With timely dialogue and practical cooperation, the U.S. and EU can harmonize their regulatory approaches. Doing so will support shared goals without sacrificing the transatlantic competitiveness that drives innovation in the space sector.
End Notes
- European Commission, EU Space Law Initiative – The EU Space Act, Directorate-General for Defence Industry and Space, https://defence-industry-space.ec.europa.eu/eu-space-act_en (June 25, 2025). ↩︎
Jessica Noble is of counsel at Aegis Space Law and a managing partner at Rufina Space LLC.
Adriane Mandakunis is a regulatory specialist and paralegal at Aegis Space.