Disclaimer: The views expressed in this work represent the personal views and conclusions of the authors writing in their personal capacity and do not reflect the official position of the Stanford Space Law Society.

(To access the Print Version, please click here)

Introduction

Despite possessing solid industrial and scientific foundations, the European Union (EU) still lacks the political will that matches the scale of its economic capabilities and technological talent. This mismatch becomes even more magnified when it comes to outer space and the activities that States and private operators can carry out there.[1] The current scene of outer space is dominated by two distinct models, which embody the mainstream ideology of the players involved. On one side is the United States of America (the U.S.), a market-driven model that emphasizes the private sector’s innovation and involvement.[2] On the opposite side stands China, in which the state-centric view prioritizes national security and central control.[3] In between those poles, a “Third Way” may be drawn. There, the conflicting interests of the institutional framework, regulatory capacities, privacy protection, and competitiveness are balanced and can prosper. That place is the EU.

This article argues that the EU can establish itself as a leading space power by leveraging its regulatory excellence in digital rights protection, integrating space infrastructure with privacy‑by-design governance, and exporting this model as a trusted alternative to surveillance-oriented or purely commercial approaches.[4] Instead of treating the General Data Protection Regulation (GDPR) et similia as burdens and constraints for companies or institutions, they should be regarded as assets for the global space governance.[5] This article also proposes actionable policy recommendations across institutional reforms and international strategy development that secure European interests in the 21^st-century space domain. As orbital infrastructure becomes increasingly congested, militarized, and commercialized (especially by private operators), space will not be governed by the same principles of the nation-state that characterized the 20^th century. The international community faces a choice: allow space to devolve into an anarchic domain characterized by debris cascades, cyber vulnerabilities, and geopolitical fragmentation, or construct governance architectures capable of sustaining long-term sustainability, security, and equitable access.

The European “Third Way” in Space Governance

The present space era, which features mostly commercially oriented private players, exhibits significant privacy vulnerabilities for citizens around the globe. In fact, satellite-based services—whether telecommunications, Earth observation, or navigation—generate unprecedented volumes of personal and commercial data. That data includes location tracking, communication metadata, biometric surveillance, and behavioral patterns.[6] In orbit, these infrastructures make it technically feasible to correlate movements, communications, and high‑resolution imagery across borders in real time, eroding the practical anonymity that individuals and even states once enjoyed.[7] In the absence of robust governance, the same satellites that enable connectivity and Earth monitoring can be repurposed into global surveillance architectures, with little transparency, weak accountability, and almost no meaningful consent for the data subjects involved.

The international regulations about outer space date back to the 1960s to 1970s and did not foresee the rapid development of today’s surveillance technology.[8] The international community only began to address these issues in 1986 through a non-binding United Nations (UN) Declaration on Remote Sensing.[9]

Against this backdrop, the EU has built a dense, interoperable data‑governance regime that can be projected into the space domain. What follows is a brief overview of the core pillars of this regime that together operationalize a distinguished privacy‑by‑design approach.

1)    The European Normative Regulatory Framework

The jewel in the crown of Europe’s regulatory excellence is embodied in the General Data Protection Regulation (GDPR), which establishes general standards for privacy protection while allowing for innovation within ethical boundaries.[10] Then, there is the 2020 European Strategy for Data, which is the ace up the sleeve that creates a secure market for data for cross-border sharing and trading. This benefits businesses, research centers, and institutions while maintaining citizen control over personal information.[11] In the future, it may even evolve in order for the “supplier” of that data, i.e., individual users, to personally sell and profit from their data, instead of generating wealth solely for businesses.[12] The June 2025 adoption of the EU Space Act (the Space Act) marks a watershed in European space governance.[13] By establishing harmonized safety, resilience, and sustainability standards across Member States, the Space Act transforms Europe’s historically fragmented approach into a coherent framework capable of competing with centralized Chinese and market-driven American models.[14] Lastly, Europe’s data sovereignty frameworks—particularly the Data Act (effective September 2025) and GDPR—may create legal certainty for space-generated data flows that international competitors cannot match.[15] European space companies operating under clear and transparent regulatory frameworks are well-placed to gain competitive advantages in global markets where clients, particularly governments and regulated industries, demand legal predictability.

2)    European Telecommunications Governance

Regarding telecommunication technology and internal cooperation, the European Electronic Communications Code (EECC) sets rules for high-capacity networks, like 5G and fiber, emphasizing spectrum management and universal service obligations.[16] Member States’ National Regulatory Authorities (NRAs) implement EECC rules.[17] The EU coordinates the NRAs through bodies like the Body of European Regulators for Electronic Communications (BEREC), which in turn cooperates closely with the International Telecommunication Union (ITU) on electronic communication.[18] When it comes to telecommunications via satellite, the IRIS² satellite constellation might embody the essence of European values for a secure, privacy-protected communications infrastructure.[19] It was designed for governmental resilience, eliminating dead zones and therefore connecting the whole population of the EU without relying on foreign interference. The Space Act’s cybersecurity requirements, mandating satellites’ lifetime assessments and incident reporting, directly complement the IRIS² program’s quantum cryptography capabilities.[20] The December 2024 signing of the IRIS² concession contract with the SpaceRISE consortium further accelerates Europe’s timeline toward operational sovereignty.[21]  The multi-orbital constellation of 290 satellites will provide secure governmental communications and civilian broadband connectivity, integrating IRIS² with the European Quantum Communication Infrastructure (EuroQCI).[22] In doing so, it will position the EU as one of the first major powers to deploy quantum-secured space communications at scale.[23] IRIS² will become the de facto global standard, compelling convergence toward European norms. And herein lies the “Third Way’s” distinctive advantage: the ability to embed ethical governance within technological infrastructure.

Moreover, the EU Space Strategy for Security and Defence explicitly calls for space security dialogues with the United States and like-minded partners, positioning Europe as the trusted intermediary capable of bridging American innovation and broader international stakeholder concerns.[24] Similarly, the Galileo navigation system provides positioning services independent of American GPS or Chinese BeiDou, while the Copernicus project offers open-access Earth observation data that democratizes environmental monitoring globally.[25]

This structure reflects deeper European institutional characteristics: shared competencies between EU and national levels (EECC), consensus-building among diverse stakeholders (BEREC and NRAs), and the integration of human rights considerations into policy frameworks (GDPR).

This approach also differs fundamentally from its competitors. The U.S. prioritizes market efficiency and private sector innovation, producing remarkable technological advances but often at the expense of comprehensive privacy protection and equitable access.[26] China, instead, emphasizes rapid deployment and state security,[27] achieving impressive scale but raising concerns about surveillance and authoritarian control. Europe’s “Third Way” seeks technological excellence while incorporating democratic values, multilateral cooperation, and individual rights protection into the infrastructure itself. Rather than viewing these features as obstacles to space development, Europe can leverage them as competitive advantages. In particular, within an increasingly privacy-conscious environment in which satellites can constantly “observe” every inch of the Earth’s surface and monitor every human activity, trust becomes a decisive competitive factor. The entire development of European space power is strictly entangled with the protection of its citizens. This deliberate prioritization is one of the main reasons behind its slow development, as the lengthy IRIS² constellation negotiations to make the system GDPR-compliant illustrate.[28]  Yet, Europe’s approach has the characteristics of a long-term vision.[29] Conversely, the U.S. and China are competing primarily under the “first-come, first-serve” rule, as exemplified by SpaceX’s filing for 42,000 Starlink satellites to claim orbital slots under ITU coordination rules, and China’s rapid launch of the Guowang constellation of 13,000 satellites.[30]

Competitive Advantages of Space-Based Digital Sovereignty

Space-based digital sovereignty, as defined by this article, refers to the ability of the EU to retain effective control over the data, infrastructures, and decision-making processes that depend on space-enabled services, as well as to ensure their compliance with EU fundamental rights and regulatory standards.[31] In practical terms, it concerns who controls the infrastructure and data flows that underpin space-enabled services. Europe’s integration of space capabilities with digital sovereignty principles, as presented in the previous paragraph, creates multiple competitive advantages and assets for the long-term horizon:

• Trust and Ethical-Leadership. The GDPR’s global influence demonstrates international appetite for privacy-protective frameworks, embodying the state-of-the-art legislation on privacy protection worldwide. Space-based digital sovereignty extends this trust to Earth’s orbit: the IRIS² constellation, when enhanced with privacy-by-design architecture (fully operational by 2030), could provide communications services that meet the highest ethical standards while delivering competitive performance through encrypted data protection during transmissions.[32] This creates immense soft power, making European systems particularly attractive to nations and international organizations that seek alternatives to surveillance-oriented or commercially exploitative systems.
• Technical Innovation through Ethical Constraints. The integration of GDPR‑compliant data processing with satellite uplinks creates novel technical solutions for edge computing in space, like ESA’s PhiSat-1 and PhiSat-2 satellites with onboard AI, enabling real-time analytics while maintaining data sovereignty. European researchers have also developed AI governance frameworks specifically for space applications, i.e., “cyber due diligence.”[33] These frameworks, while still at the scholarly and experimental stage, may ensure that automated systems remain accountable and transparent.
• Protected and Secured Space-based Digital Solution. A “space-based digital solution” denotes a satellite-enhanced cloud and connectivity architecture in which critical processing (like routing) occurs within infrastructures subject to EU law, rather than in opaque, extra-territorial data centers.[34] Users might be more willing to use a structure in which data processing and storage remain under customer control, instead of using the systems of private companies or those controlled by a central authority. This appeals particularly to emerging economies, which do not yet possess space capacities, but nonetheless are seeking digital independence and are concerned about data protection.

Policy Recommendations

1. Institutional Reforms

Europe must establish an integrated “Digital Space Sovereignty Initiative” that coordinates space capabilities with digital rights protection across the relevant institutions. This requires creating an EU Authority with the mandate of ensuring that all European space‑based telecommunications assets—whether operated at national, EU, or ESA level—shall comply with privacy-by-design principles. Furthermore, the European Commission should establish a “Space-Digital Convergence Office” within the Directorate-General for Communications Networks, Content and Technology (DG Connect) to drive policy integration and identify synergies between space investments and digital sovereignty objectives at the EU and national levels. [35]

2)    Investment and Infrastructure Development

Accelerated deployment of IRIS² requires integration with privacy-by-design architecture from the outset rather than retrofitting privacy protections onto existing systems. This demands increased funding for quantum encryption research specifically tailored to satellite communications. Building on the space-based digital solution framework outlined above, Europe should fund the development of an “EuroCloud Space”, a satellite-enhanced sovereign cloud infrastructure that processes data in orbit while maintaining GDPR compliance. This approach would position Europe at the forefront of next-generation cloud services while guaranteeing data sovereignty regardless of ground-based server locations. Relatedly, investments in AI governance for space applications must accelerate and focus on the development of AI’s ethical decision-making algorithms for space.

3)    International Strategy and Standards

Europe should be at the forefront of the world’s privacy protection within the international fora, leading the development of global standards through international organizations like the ITU, the United Nations Office for Outer Space Affairs (UNOOSA), and emerging space governance bodies. This involves proposing binding international agreements on space-based data protection and advocating for democratic governance principles in space resource utilization. These partnerships should include technology sharing agreements, joint satellite missions, and coordinated standards development. Space diplomacy initiatives should actively export European values and regulations by offering technical assistance and capacity building to developing nations seeking to establish space capabilities.

4)    Implementation Challenges and Solutions

Funding gaps represent the most immediate challenge, as European space-digital integration requires substantial investment. Solutions may include innovative public-private partnerships that leverage private sector efficiency while maintaining public control over critical infrastructure. Moreover, the technical complexity in integrating space systems with privacy protection requires a carefully phased implementation.  This needs to start with specific use cases, such as secure government communications, that allow refinements before full-scale deployment. Nonetheless, geopolitical resistance from competitors, as well as their possible catch‑up in the future, may threaten European leadership.[36]

Conclusion: Europe’s Kairos Moment in Space Governance

The convergence of digital sovereignty and space capabilities represents not merely an opportunity but a kairos moment, a juncture where technological and geopolitical stars align to enable transformative action.[37] Europe’s “Third Way” is neither idealistic rhetoric nor defensive protectionism; it is a pragmatic strategy grounded in demonstrable regulatory excellence and universal values that transcend narrow geopolitical competition.

Looking forward, three critical actions will determine whether Europe’s potential translates into realized leadership. First, the EU must accelerate investment in complementary technologies to ensure the operability of a fully European telecommunication ecosystem rather than depending on external components. Second, Europe as a whole must expand its space diplomacy beyond traditional Western partners, engaging emerging space nations in Africa, Southeast Asia, and Latin America, where demand for trustworthy, rights-respecting space services is rapidly expanding.[38] Third, the EU must resist protectionist temptations that would undermine the “Third Way’s” normative credibility. European leadership needs openness to international collaboration, distinguishing itself from both American market capture and Chinese strategic exclusivity.

Europe’s “Third Way,” grounded in operational capability, institutional coordination, and universal values, offers the international community a viable alternative to binary American‑Chinese competition. The question is not whether Europe can lead in space governance—the operational and regulatory foundations already exist. Rather, the question is whether Europe possesses the political will to convert technical excellence into sustained geopolitical influence. The answer to that question will shape not only Europe’s role in outer space but the future of space governance itself.

* Marco Franzoso, Juris Doctor (University of Padova), Advanced Master of Laws (University of Leiden), is a legal consultant and researcher specializing in international law, space law, and intellectual property. He is a research Co-Lead at Space Generation Advisory Council (SGAC), Legal Counsel at Studio Legal Veronese, Italy, and a Member of the International Institute of Space Law (IISL) and of the International Institute of Air and Space Law (IIASL). ORCiD: 0009-0000-1818-9671. During the preparation of this work, the author used Claude Sonnet 4.5 (Anthropic) for research assistance and citation formatting. The author reviewed and edited the content as needed and takes full responsibility for the content of the published article.

[1] Sinead O’Sullivan, “Europe’s Cosmic Dreams Have a Billionaire Problem,” Financial Times, April 12, 2023, https://www.ft.com/content/da1d6fb9-6668-4362-acad-d40c90791f01.

[2] Emilio Cozzi and Alessandro Gili, “To Watch 2025: The New Space Race,” Italian Institute for International Political Studies, December 23, 2024, https://www.ispionline.it/en/publication/to-watch-2025-the-new-space-race-195445.

[3] India is also a rising power in this field. For further insights, see Satya Vrat Pandey and Gibran Raza, Galactic Governance: Navigating the Legal Frontier of Indian Space Exploration (Lucknow: BFC Publications, 2025); Michaela Janovská, “Rivals Beyond Earth: China, the US, and the EU in the New Space Era,” China Observers in Central and Eastern Europe, March 4, 2025, https://chinaobservers.eu/rivals-beyond-earth-china-the-us-and-the-eu-in-the-new-space-era/.

[4] Privacy-by-design governance is an approach to privacy that considers privacy throughout the whole engineering process.

[5] Evie Kim Sing, “EU Eases GDPR Burdens on Businesses,” Identity Week, April 3, 2025, https://identityweek.net/eu-moves-to-cut-gdpr-red-tape-amid-business-soncerns/.

[6] See Frans G. von der Dunk, “Outer Space Law Principles and Privacy,” in Evidence from Earth Observation Satellites: Emerging Legal Issues, eds. Denise Leung and Ray Purdy (Leiden: Brill, 2013), 247-250.

[7] For example, see “SAR Data for Copernicus Security Services,” ICEYE, accessed December 4, 2025, https://www.iceye.com/partnerships/esa-ccm/security.

[8] See Treaty on Principles Governing the Activities of States in the Exploration and Use of Outer Space, Including the Moon and Other Celestial Bodies article VI, opened for signature January 27, 1967, 610 United Nations Treaty Series 8843 (entered into force October 10, 1967), https://treaties.un.org/doc/Publication/UNTS/Volume%20610/volume-610-I-8843-English.pdf.; von der Dunk, supra note 6 at 247; Marco Franzoso, “Le nuove frontiere della Sovranità: riflessioni sull’Outer Space e sulla decadenza del Corpus [The New Frontiers of Sovereignty: Reflections on Outer Space and the Decline of the Corpus],” Ius in Itinere, July 12, 2022, https://iusinitinere.it/le-nuove-frontiere-della-sovranita-riflessioni-sullouter-space-e-sulla-decadenza-del-corpus/.

[9] United Nations General Assembly Resolution 41/65, “Principles Relating to Remote Sensing of the Earth from Outer Space,” (December 3, 1986). Remote sensing refers to the science of collecting information from a distance, i.e., from a satellite, without making any physical contact with the subjects of the observation. See “What is Remote Sensing?” National Oceanic and Atmospheric Administration, June 16, 2024,https://oceanservice.noaa.gov/facts/remotesensing.html.

[10] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation), 2016 O.J. (L 119) 1; for instance, GDPR Article 25 requires “data protection by design and by default,” mandating that privacy safeguards be integrated into technological systems from their inception.

[11] “A European Strategy for Data,” European Commission, accessed December 4, 2025, https://digital-strategy.ec.europa.eu/en/policies/strategy-data.

[12] Aleksei Zelianin, “Personal Data as a Market Commodity in the GDPR Era: A Systematic Review of Social and Economic Aspects,” Acta Informatica Pragensia 11, no. 1 (2022): 139.

[13] Proposal for a Regulation of the European Parliament and of the Council on the Safety, Resilience and Sustainability of Space Activities in the Union, COM (2025) 335 final (June 25, 2025).

[14] Karolina Muti et al., “The Proposal for an EU Space Act: An Italian Perspective,” Istituto Affari Internazionali 25, no. 13 (2025): 8-10, https://www.iai.it/sites/default/files/iai2513.pdf.

[15] Regulation (EU) 2023/2854 of Dec 13, 2023, Harmonised Rules on Fair Access to and Use of Data, 2023 O.J.; see Gábor Hulkó et al., “The Politics of Digital Sovereignty and the European Union’s Legislation: Navigating Crisis,” Frontiers in Political Science 7 (2025), https://www.frontiersin.org/journals/political-science/articles/10.3389/fpos.2025.1548562/full.

[16] Directive (EU) 2018/1972 of the European Parliament and of the Council of 11 December 2018 Establishing the European Electronic Communications Code, 2018 O.J. (L 321) 36; Andrej Savin, “Regulating Telecommunications in the EU,” in EU Telecommunications Law, 30 (Cheltenham: Edward Elgar Publishing, 2018), https://doi.org/10.4337/9781786431806.00006.

[17] “BEREC – Body of European Regulators for Electronic Communications”, ANACOM, accessed November 24, 2025, https://www.anacom.pt/render.jsp?categoryId=166042#:~:text=BEREC%20functions%20with%20independence%2C%20impartiality,the%20European%20Union%20regulatory%20framework.

[18] “Mission & Strategy,” Body of European Regulators for Electronic Communications (BEREC), accessed October 14, 2025, https://www.berec.europa.eu/en/mission-strategy?language_content_entity=en; Memorandum of Understanding Between the International Telecommunications Union  and the Body of European Regulators for Electronic Communications (BEREC) to Establish a High-Level Framework of Cooperation in the Area of Electronic Communication, October 3, 2019, BoR (19) 173,  https://www.berec.europa.eu/sites/default/files/files/document_register_store/2019/10/BoR_%2819%29_173_MoU_BEREC-ITU_.pdf.

[19] Jean-Pierre Diris, “IRIS2: Everything You Need to Know about This New European Constellation,” Polytechnique Insights, March 11, 2025, https://www.polytechnique-insights.com/en/columns/industry/iris2-everything-you-need-to-know-about-this-new-european-constellation/.

[20] Tommaso De Zan et al., “Securing EU (Cyber)Space: New Cyber Requirements in the EU Space Act,” Access Partnership, 28 August 2025, https://accesspartnership.com/opinion/securing-cyberspace-new-cyber-requirements-eu-space-act/.

[21] The SpaceRISE consortium includes SES (Luxembourg), Eutelsat (France), and Hispasat (Spain). See European Commission Press Release IP/24/6439, Commission Takes Next Step to Deploy the IRIS² Secure Satellite System (December 16, 2024).

[22] “IRIS²,” European Union Agency for the Space Programme, last modified April 25,2025, https://www.euspa.europa.eu/eu-space-programme/secure-satcom/iris2.

[23] Ibid.

[24] Joint Communication to the European Parliament and the Council European Union Space Strategy for Security and Defence, at 15, JOIN(2023) 9 final (March 10, 2023); Karolina Muti and Michele Nones, “European Space Governance and Its Implications for Italy,” Documenti Istituto Affari Internazionali (2024): 3, https://www.iai.it/en/pubblicazioni/c04/european-space-governanceand-its-implications-italy.

[25] European Court of Auditors, “EU Space Programmes Galileo and Copernicus – Services Launched, but the Uptake Needs a Further Boost,” Special Report No. 07 (2021), https://data.europa.eu/doi/10.2865/073967.

[26] See Yiyang Mei and Matthew Sag, “The Illusory Normativity of Rights-Based AI Regulation,” Emory Legal Studies Research Paper 101 (2025).

[27] See Janovská, supra note 3.

[28] “EU Accepts ‘Best-and-Final Offer’ Bid for Satellite Mega-Constellation Project,” EuroNews, November 1, 2024, https://www.euronews.com/next/2024/11/01/eu-accepts-best-and-final-offer-bid-for-satellite-mega-constellation-project.

[29] Ibid.

[30] Aaditya Vikram Sharma, “Starlink and International Law: The Challenge of Corporate Sovereignty in Outer Space,” EJIL:Talk!, March 17, 2025, https://www.ejiltalk.org/starlink-and-international-law-the-challenge-of-corporate-sovereignty-in-outer-space/; Mike Wall, “China Launches 8^th Batch of Satellites for 13,000-Strong Internet Megaconstellation,” Space.com, August 14, 2025, https://www.space.com/space-exploration/launches-spacecraft/china-launches-8th-batch-satellites-guowang-satnet-internet-megaconstellation-video.

[31] The notion of space-based digital sovereignty builds on the idea of “digital sovereignty” more generally, see “Digital Sovereignty for Europe,” European Parliamentary Research Service Ideas Paper (2020), https://www.europarl.europa.eu/RegData/etudes/BRIE/2020/651992/EPRS_BRI(2020)651992_EN.pdf.

[32] See Diris, supra note 19.

[33] Nonetheless, the PhiSat AI is still an “early building [block]” that Europe has produced, see Jason Rainbow, “Think Tank Urges Europe to Scale Up Space-Based Data Center Efforts,” SpaceNews, November 21, 2025, https://spacenews.com/think-tank-urges-europe-to-scale-up-space-based-data-center-efforts/; Giovanni Tricco et al., “The Protection of AI-Based Space Systems from a Data-Driven Governance Perspective,” Acta Astronautica 234 (2025): 79.

[34] Rainbow, supra note 33; “Digital Sovereignty for Europe,” supra note 31.

[35] Directorate-General for Communications Networks, Content and Technology (DG CONNECT) is a directorate within the European Commission responsible for coordinating EU digital policy, telecommunications regulation, and emerging technologies. “Communications Networks, Content and Technology,” European Commission, accessed October 14, 2025, https://commission.europa.eu/about-european-commission/departments-and-executive-agencies/communications-networks-content-and-technology_en.

[36] For instance, China has rapidly accelerated its satellite constellation deployments (Guowang, with 13,000 planned satellites) specifically to compete with Western systems, while U.S. commercial operators have lobbied against European regulatory standards as potential trade barriers. See Wall, supra note 30; Zsolt G. Pataki, “EU Capabilities in Space: Scenarios for Space Security by 2050,” European Parliamentary Research Service (2024), https://www.espas.eu/files/EU%20capabilities%20in%20space%20-%20Zsolt%20Pataki.pdf.

[37] Kairos refers to the ancient Greek concept of the opportune moment for decisive action, distinct from chronos (chronological time). Frederick M. Jelly, review of Kairos and Logos: Studies in the Roots and Implications of Tillich’s Theology, by John J. Carey, Theological Studies 40, no. 4 (1979): 766-67.

[38] Pataki, supra note 36.