As drone operations become increasingly embedded in critical sectors such as public safety, infrastructure inspection, logistics, and smart city management, cybersecurity and operational resilience have never been more important. The European Union’s NIS 2 Directive (EU 2022/2555), which came into effect in January 2023 and must be transposed into national law by October 17, 2024, marks a major evolution in Europe’s approach to digital and physical risk in essential and important sectors.

In this article, we explore what NIS 2 is, who it applies to, how it impacts drone operators and UAS ecosystems and how AirHub supports compliance through both our consultancy services and software platform.

What Is the NIS 2 Directive?

The NIS 2 Directive is the successor to the original Network and Information Security (NIS) Directive adopted in 2016. It sets baseline requirements for the cybersecurity and operational resilience of essential and important entities across the EU, expanding the scope and enforcement compared to its predecessor.

Key objectives include:

• Improving cyber resilience of critical infrastructure and digital services

• Enhancing incident reporting and response

• Establishing stronger governance, oversight, and penalties for non-compliance

• Ensuring supply chain and third-party security

Who Must Comply?

The directive applies to two main categories of entities across a broad range of sectors:

• Essential Entities: Including energy, transport, health, drinking water, wastewater, digital infrastructure, public administration, and space.

• Important Entities: Including postal and courier services, waste management, chemicals, food production, and manufacturers of critical products.

Both public and private organisations can fall under the directive depending on their size and sector.

For drone operators and their ecosystem, this means:

• Public agencies operating drones in law enforcement, firefighting, border control, and infrastructure inspection will likely be classified as essential entities.

• Private companies involved in critical infrastructure inspection, logistics, or drone software platforms may be considered important entities.

The threshold typically includes medium and large organisations (50+ employees or €10M+ turnover), but micro and small companies can also fall under NIS2 if they provide services deemed essential or if they are key technology suppliers.

How Does NIS 2 Impact Drone Operations?

NIS 2 is not just about IT security, it covers all systems critical to service continuity, including uncrewed aircraft systems (UAS), communication links, cloud services, ground control software, and data storage.

For drone operators, NIS 2 introduces requirements such as:

1. Risk Management Measures

• Secure command and control links (e.g. encrypted C2 over 4G/5G or RF)

• Access control for drone software and remote pilots

• Physical security of drone docking stations or GCS

• Supply chain checks for third-party hardware and software

2. Incident Handling

• Ability to detect and report security incidents (e.g. data breaches, drone takeovers)

• Logbooks and audit trails for drone missions and access

3. Business Continuity & Crisis Management

• Backup of operational data (e.g. flight logs, maintenance records)

• Emergency protocols for cyber or physical attacks on drone infrastructure

4. Security in the Supply Chain

• Ensuring subcontractors and platform providers also meet cybersecurity standards

5. Governance and Oversight

• Appointing security officers or DPOs (Data Protection Officers)

• Ensuring regular training and awareness for staff and operators

AirHub Software: Built with Security by Design

At AirHub, we understand how critical data security is to your drone operation. Our platform is developed to align with NIS 2 and broader ISO 27001 requirements.

Key features that help support ongoing compliance:

• ISO 27001 Certified: Our information security management system is certified, with robust policies covering access control, encryption, backups, and incident response.

• Secure Data Mode: Blocks all outgoing data except to our servers or those explicitly chosen by our customers, ideal for high-security and sovereign operations.

• Single Sign-On (SSO): We enforce SSO authentication to simplify secure access across teams, enabling consistent identity and access management without relying on traditional role-based access control models.

• Flight Logging and Audit Trails: Automatically store mission data, checklists, and approvals to support traceability and investigations.

• Custom Data Retention Policies: Ensure data is only stored for as long as needed.

For public safety agencies, security companies, or critical infrastructure users, AirHub can be deployed in on-premise or private cloud environments to meet internal data residency and compliance policies.

AirHub Consultancy: Supporting Your NIS 2 Readiness

For many organisations, the first step is understanding how the directive applies to your drone operations and what practical steps must be taken. Our consultancy team provides tailored support including:

• NIS 2 readiness assessments for public and private drone operations

• Gap analyses based on ISO 27001 and NIS 2 requirements

• Development of cybersecurity policies for drone operations (including C2 links, maintenance systems, software)

• Third-party risk management and supplier vetting for drone hardware/software

• Integration with existing information security and business continuity plans

We support both standalone drone operators and integrated teams (e.g. ports, police forces, inspection units) in mapping out compliance and implementing controls that are realistic, effective, and aligned with aviation best practices.

Final Thoughts

As drone technology matures and becomes embedded in essential operations, so too must our approach to risk, resilience, and compliance. The NIS 2 Directive is not only a legal requirement, it’s an opportunity to build trust, safeguard critical services, and future-proof drone operations against cyber and operational threats.

Whether you're a government agency using drones for public safety or a private company managing infrastructure inspections, now is the time to ensure your organisation is NIS 2-ready.

If you'd like support in assessing your compliance or want to explore how the AirHub platform can help meet your cybersecurity obligations, don’t hesitate to reach out.

Need help with NIS 2 compliance for your drone operations?
Contact info@airhub.nl to speak with our experts.