New Cyber Rules to Raise Costs for India’s Space Startups

India’s new CERT-In cybersecurity framework is set to significantly raise compliance costs for space startups, requiring rapid incident reporting, mandatory CISOs, and security-by-design systems. These rules will force operational restructuring, heavier audits, and governance upgrades, making cybersecurity a core cost center for emerging players.

CERT-In, under the Ministry of Electronics and IT, in collaboration with SIA-India, released a comprehensive Space Cyber Security Framework at the DefSat 2026 conference in New Delhi.  

Key Compliance Requirements for Space Startups

• 6-hour breach reporting: Startups must report cyber incidents within six hours of detection, a sharp tightening compared to earlier flexible timelines.
• Mandatory CISO appointment: Even small startups must designate a Chief Information Security Officer, adding leadership and payroll costs.
• Security-by-design architecture: Systems must be re-engineered to embed cybersecurity at the design stage, not as an afterthought.
• Regular audits and real-time checks: Continuous monitoring and third-party audits will be required, increasing operational overhead.

Strategic Implications for India’s Space Sector

• Higher compliance costs: Startups will need to budget for governance structures, cybersecurity staff, and audit expenses.
• Operational restructuring: Incident response teams, governance boards, and system redesigns will become standard.
• Barrier to entry: Smaller startups may struggle to absorb these costs, potentially slowing innovation or pushing consolidation.
• Alignment with global standards: The framework positions India’s space ecosystem closer to international cybersecurity norms, critical for satellite communications and defense-linked projects.

Industry Context

• Collaboration with SIA-India: CERT-In worked with the Satcom Industry Association (SIA-India) to develop a comprehensive space cybersecurity framework, signaling government-industry alignment.
• Push for Space Activities Act: The guidelines highlight the need for a formal Space Activities Act, which could further codify responsibilities and liabilities for private players.
• National security dimension: With satellites supporting communication, navigation, disaster management, and defense, the framework reflects India’s strategic need to secure space assets.

Risks & Challenges

• Cost burden on startups: Compliance may divert funds from R&D to governance.
• Talent shortage: Finding qualified CISOs and cybersecurity professionals could be difficult for early-stage companies.
• Innovation slowdown: Smaller players may delay launches or partnerships due to compliance overhead.
• Global competitiveness: While aligning with international standards boosts credibility, it may also raise entry barriers compared to less regulated markets.

Bottom Line

The CERT-In cybersecurity framework is a double-edged sword: it strengthens India’s space ecosystem against cyber threats but imposes heavy compliance costs and structural changes on startups. For Gurugram-based and other Indian space ventures, success will hinge on balancing innovation with governance, possibly through shared compliance infrastructure or industry consortia.