What this theme covers
Safety, Security & Resilience in ATM addresses the operational and regulatory frameworks that protect the integrity of the global air traffic management system. At ASW 2026 the track spans two converging disciplines: safety — the systematic management of hazards to prevent accidents in ATM operations — and security, both cyber and physical, as ANSPs face threats that were not part of the operational picture a decade ago.
The cybersecurity agenda in 2026 is dominated by NIS2 compliance (the EU Network and Information Security Directive 2, in force since October 2024), the operational response to the GNSS jamming and spoofing incidents that have disrupted navigation in European and Middle Eastern airspace, and the design of security operations centres capable of monitoring both IT and operational technology environments simultaneously.
The safety agenda addresses automation's effect on human performance — specifically the risk of skill degradation and automation bias in an era of increasingly capable AI-assisted ATC tools — and the collaborative safety culture frameworks that ICAO and CANSO are promoting as the primary mechanism for learning across organisational and national boundaries.
The track also covers the resilience dimension: what happens when systems fail, and how ATM operations continue in degraded or contingency configurations.
Why it matters now
GNSS jamming incidents in the Baltic, Eastern Mediterranean, and Middle Eastern airspace in 2023–25 have moved from isolated anomalies to a persistent operational hazard. Multiple commercial aircraft have experienced loss of GPS navigation integrity, with some incidents requiring ATC intervention. ANSPs are implementing mitigation measures, but the 2026 question is whether those measures are adequate as jamming intensity and geographic spread continue to increase.
On the cyber side, ANSPs are in the assessment phase under NIS2 — no longer preparing for compliance, but being audited against it. The first administrative penalties are flowing to essential entities in adjacent sectors, and ANSP boards are under direct accountability for cybersecurity governance that was previously treated as an IT department concern.
Five questions, answered
What is the GNSS jamming and spoofing threat in European airspace?
GNSS (Global Navigation Satellite System) jamming is deliberate radio frequency interference that degrades or denies GPS/GNSS signal reception, causing aircraft navigation systems to lose position accuracy or lock entirely. GNSS spoofing is a more sophisticated attack in which false signals are transmitted to make aircraft navigation systems display an incorrect position.
Jamming incidents have been recorded across a wide arc from the Baltic Sea to the Eastern Mediterranean, coinciding with areas of military activity. The operational impact ranges from nuisance degradation of GPS-dependent features to loss of Required Navigation Performance capability, requiring crew to revert to conventional radio navigation. Several incidents have involved aircraft receiving incorrect position data for extended periods without crew awareness.
ANSPs and Eurocontrol have been developing mitigation guidance, including crew procedures, ATC support protocols, and the longer-term case for ground-based navigation backup systems.
What is the NIS2 Directive and what does it require of ANSPs?
The Network and Information Security Directive 2 (NIS2, Directive (EU) 2022/2555) places air navigation service providers under explicit obligations as essential entities. The principal requirements are: documented cybersecurity risk management covering incident handling, business continuity, supply chain security, and access control; mandatory incident reporting to national competent authorities within 24 and 72-hour windows; senior management personal accountability for cybersecurity governance; and ongoing supervision by the designated national authority.
NIS2 entered application from October 2024. The first compliance audit cycles of essential entities are running through 2025–26, and penalties for non-compliance can reach €10 million or 2% of global annual turnover. ANSP boards that previously delegated cybersecurity to IT departments must now engage directly with governance and risk.
How does increasing automation affect safety in air traffic control?
Increasing automation in ATC changes the human performance risk profile rather than eliminating it. The principal concerns in 2026 are automation bias — the tendency of controllers to over-trust automated recommendations, reducing the independent cross-checking that catches system errors — and skill degradation — the gradual erosion of manual ATC skills through reduced practice in a high-automation environment.
Both effects are well-documented in aviation and other safety-critical industries that have automated heavily. The mitigation strategies being discussed at ASW 2026 include the deliberate design of AI-human interfaces that keep controllers cognitively engaged rather than passive; structured practice regimes for manual operations in simulation; and the definition of controller task and authority boundaries that automation cannot cross without explicit human confirmation.
What is a collaborative safety culture and why does it matter for ATM?
A collaborative safety culture is one in which safety information — incidents, near-misses, system anomalies, and operational workarounds — flows freely between controllers, operational managers, technical staff, and regulatory oversight, without the fear of punitive consequences that suppresses reporting in blame cultures.
ICAO and CANSO promote Just Culture frameworks as the foundation of collaborative safety culture in ATM. Just Culture separates unintentional human error and system-induced violations (which are learning opportunities requiring system improvement) from gross negligence and wilful violations (which warrant disciplinary response). In practice, establishing Just Culture requires explicit policy, management behaviour modelling, and often legislative protection for reporters.
The ATM safety record globally is excellent, but the incidents that do occur disproportionately involve complex human-automation interaction, cross-border coordination gaps, and language standardisation failures — categories where collaborative safety culture and information sharing across organisational boundaries are the primary defence.
What does ATM resilience mean in operational practice?
ATM resilience is the capability of the air traffic management system to maintain an acceptable level of service when normal systems or processes fail — whether due to technical failure, cyber incident, weather event, or external disruption. In operational practice it covers three categories: technical resilience (redundant systems, fallback modes, degraded operations procedures); operational resilience (staffed contingency centres, cross-training, mutual support agreements between ANSPs); and network resilience (the Network Manager's ability to re-route traffic flows around an ANSP that has lost capacity).
European ATM demonstrated network resilience during several significant disruptions in 2023–25, including ANSP industrial action events and technical failures. The 2026 track examines where the remaining resilience gaps are, and what the investment case is for closing them.
Sessions covering this theme
ASW 2026 sessions under this track cover GNSS jamming mitigations, NIS2 ANSP compliance, cybersecurity operations, automation and human performance, and ATM resilience frameworks.
What ASW 2025 told us about this theme
ASW 2025 addressed NIS2 transposition for the first time with a dedicated session on ANSP compliance obligations, and the first publicly reported operational data on GNSS jamming impacts. Read the ASW 2025 retrospective
For organisations exhibiting at ASW 2026: Your safety, security, or resilience content can be structured like this. Maxifi Digital turns conference sessions into AI-citable authority pages in four weeks. See the Conference Sprint →