ACI EUROPE releases guidance on airport cyber security governance

As Europe’s airports become ever more digitalised and interconnected, the cyber threat landscape they face is evolving rapidly in scale, sophistication and impact. From operational technology and passenger processing systems to supply chains and third-party service providers, cyber incidents now pose tangible risks to safety, continuity, trust and regulatory compliance.  

Against this backdrop, sustained and strategic investment in cyber resilience has become a core requirement for European airports of all sizes. Produced in cooperation with the ACI EUROPE Cyber Security Committee, the brand-new guidance aims to establish a scalable, adaptable cyber security governance framework for airports of all sizes. Importantly, the guidance recognises cyber security as a strategic governance issue, requiring clear leadership, accountability and integration into overall airport risk management frameworks. 

The guidance was designed to support airports in several key objectives, including enhancing resilience against cyber threats, regulatory compliance and fostering a security-conscious culture across airport environments. The framework also supports airports in navigating an increasingly complex European regulatory landscape, including requirements stemming from NIS2 and critical infrastructure protection obligations. 

By providing a common governance baseline while allowing for local adaptation, the guidance supports greater consistency and maturity across Europe’s airport network and helps ensure airports remain resilient in the face of evolving cyber threats. 

Download the Guidance Document here.