Skip to main content

11.2.8 – Cyber Security Awareness Schulung

Cyber Security Awareness Training under EU Regulation 11.2.8

What is the 11.2.8 Training under EU Regulation 2015/1998?

The training according to Chapter 11.2.8 of EU Regulation 2015/1998 is a mandatory security briefing focused on cybersecurity for specific personnel working in the aviation sector. Its goal is to protect critical information and communication systems (CICS) from unauthorized access and cyber threats.

Who is required to take this training?

The training is mandatory for individuals with:

  • Physical access to critical aviation IT systems (Group I / Category a)
  • Electronic access or administrative privileges to such systems (Group II / Category b)
  • Responsibilities for security configuration or system hardening (Group III / Category c)

Typical employers include:

  • Air cargo handlers
  • Airlines and airports
  • IT service providers in aviation
  • Known consignors, regulated agents

Why was this training introduced?

Aviation is a high-value target for cyberattacks. With increasing digitalization, the risk of data breaches, system failures, or targeted attacks is growing. The 11.2.8 training was introduced to ensure a baseline level of cybersecurity awarenessacross all relevant personnel.

Training Content

Content varies by group but typically includes:

  • Cybersecurity basics
  • Password protection and access controls
  • Phishing and social engineering
  • Incident response behavior
  • Mobile device protection
  • Network security (for admins)

Table 1: Providers of Mandatory Training under EU 11.2.8

Provider Format Duration Price (net) Target Group Highlights
AFK-International GmbH Web-Based Training (Online) Variable €14.90 / €29.90 Groups I–III DE/EN, group-specific content, 5-year validity
AWiAS GmbH Web-Based Training (Online) ~45 minutes €14.50 Groups I–III Compact and low-cost training
EUWISA GmbH Web-Based Training (Online) ≥ 2 lessons (UE) from €20 Groups I–III Universally usable for all groups
IAGO Group Online / Inhouse ≥ 2 lessons (UE) On request Groups I–III Flexible in-house options
Behrendt Consulting Web-Based Training (Online) Variable €29.90–€135 Groups I–III Highly differentiated by risk level

🧠 Table 2: Voluntary Cybersecurity Awareness Training (non-EU-regulated)

Provider Format Duration Price (net) Highlights
TÜV NORD Akademie E-Learning ~2 hours €98 Certificate included, 1-year access
G DATA Online Training ~15 min/module On request Gamified training, phishing simulations
SoSafe E-Learning + AI Features Variable On request Behavior-focused, AI-powered awareness tools

Conclusion

The 11.2.8 training is not only a legal requirement but a key pillar of modern aviation security strategies. With pricing between €14 and €135 per person, organizations can find a suitable provider based on their access level and language needs.

Tip: Look for multilingual options and the ability to integrate with your existing e-learning platforms.

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.