Sovereignty at the Edge of Space: India, Pakistan, and the Starlink Dilemma over Data Access

[Joanna Kulesza is an Assistant Professor of International Law, and Executive Director at Lodz Cyber Hub, University of Lodz, Poland]

Following the initial escalation of conflict between India and Pakistan, marked by India’s missile strikes on Pakistan-administered Kashmir on May 7, 2025, tensions quickly de-escalated. Despite this rapid decrease in hostilities, the episode left significant implications for the contemporary understanding of international law and state sovereignty, regarding satellite communications regulation and data access. Immediately before the escalation of the conflict, India had introduced strict satellite regulations citing national security concerns, reflecting a significant shift in the geopolitical approach to satellite-based communication. These regulations require satellite data to be stored within India and subject to national interception and surveillance laws, highlighting the growing importance of state control over satellite infrastructure

Concurrently, private satellite companies such as SpaceX’s Starlink and Eutelsat’s OneWeb have raised important geopolitical and security considerations. As space-based broadband becomes a key part of national infrastructure, the control of satellite networks increasingly determines power over data and communications. This situation illustrates ongoing tensions between state sovereignty and the transnational nature of digital infrastructure governance. The swift de-escalation of the conflict emphasizes not only the volatility of such crises but also the urgent international legal challenges around regulating and securing satellite communications and data access.

This analysis begins by examining India’s move to impose a 29-point compliance framework on satellite-based internet services, announced by the Department of Telecommunications (DoT) on May 5, 2025, as it exemplifies this significant shift from global governance of telecommunications infrastructure to national data sovereignty policies. These recent Indian regulations require domestic data storage, lawful interception access, and localization of at least 20% of ground infrastructure within five years. These measures are a response to concerns regarding Starlink’s operations in neighbouring countries such as Pakistan and Bangladesh. Regulatory obstacles, including spectrum approval, are delaying companies like Eutelsat and Starlink from launching services in India. Although Starlink is nearing regulatory approval after years of negotiations, it remains uncertain when this will occur, possibly delaying services until late 2025. India’s regulations offer a glimpse into the future of satellite governance, positioning the country as a key player in shaping global satellite operations and digital policies.

The Current Landscape of Satellite-Based Services: India’s Data Sovereignty Model

The rise of satellite connectivity has initiated a rapid increase in relevant state regulation. This results, indirectly, from the lack of dedicated, specific, binding international legal norms on the issue of telecommunications infrastructure regulations and data access. While still merely complementing terrestrial infrastructure based services, SpaceX’s Starlink, Eutelsat’s OneWeb, and Amazon’s Kuiper networks are increasingly seen as key components of global infrastructure. In recent weeks the number of satellite launches reached a historic high, reflecting the hightened competition for orbital resources. Governments worldwide must contend with the challenge of regulating foreign satellite infrastructures that become intrinsic parts of national communication systems and data flows. India’s regulations reflects a broader trend of asserting control over space-based communications. These regulations reflect growing concerns about the security implications of foreign satellite networks operating under national jurisdiction.

Data Sovereignty and National Security: A Growing Challenge

Countries like India, the Philippines, and Ukraine have implemented frameworks to address these challenges, reflecting the need for regulatory oversight over satellite communications. The rise of private satellite networks such as Starlink, operated by multinational companies, complicates the exercise of such national oversight. Unlike traditional telecommunications companies, satellite operators often manage to avoid direct governmental control, making it difficult to enforce data protection laws or ensure national security.

For example, Sri Lanka has expressed concerns about Starlink’s operations within its borders, highlighting the challenges of regulating multinational satellite services. As satellite networks become integral to global communication systems, international regulatory frameworks are necessary to ensure that data access and control remain firmly within national borders. Without such frameworks, countries risk losing control over their digital sovereignty.

India’s recent regulations require satellite operators to coordinate with government liaison teams, ensuring compliance with national security protocols. These teams are tasked with monitoring satellite operations to ensure that data flows remain subject to government oversight. The Philippines has developed similar data-sharing protocols, enabling government agencies to access real-time data on satellite operations and assess security risks. Ukraine, with its geopolitical vulnerabilities, has required foreign satellite companies to comply with strict cybersecurity regulations to prevent espionage and other security threats.

These countries demonstrate that it is possible to foster innovation, ensure connectivity in conflict while ensuring national security of satellite communications. Achieving this balance poses a persistent regulatory challenge, but rather an urgent need in times of international conflict. Their regulatory frameworks set important precedents for countries seeking to govern space-based digital infrastructure in the face of growing international competition.

Beyond GDPR: Inadequacies of Privacy Protection for Satellite Data

While international (personal) data protection frameworks like the EU’s General Data Protection Regulation (GDPR) have set a global standard for the protection of one category of data, defined meticulously as “personal”, they are largely insufficient and inadequate to address the broader security concerns posed by satellite-based services. The GDPR focuses primarily on the protection of personal data, emphasizing transparency, consent, and secure storage. However, it obviously does not directly address the control of sensitive national data or the risks associated with foreign, private satellite operators – themes vital to every national state security authority. While there clearly is a link to be drawn between personal data protection principles and due regard to be granted to the global success of the GDPR’s “Brussels spillover effect”, national security concerns and non-personal data access remain under the exclusive authority of individual lawmakers. As geopolitical tensions rise, other countries, like India, are likely to prioritize national security concerns over individual privacy rights, particularly when foreign entities control critical communications infrastructure.

Followingly, India’s regulatory framework went beyond the scope of the GDPR, establishing clear mechanisms for ensuring national security by enforcing strict data localisation laws. This includes ensuring that foreign satellite operators comply with Indian laws regarding data access, surveillance, and interception. While the GDPR may serve as a foundation for data protection laws, India’s approach has proven to be more comprehensive, incorporating national security considerations alongside privacy protection.

ITU and the Global Governance of Satellite Infrastructure

“It should not be inferred from the above that international law has nothing to offer in the sensitive regard of satellite data access and infrastructure governance – on the contrary. The International Telecommunication Union (ITU) plays a central role in the technical coordination of global satellite infrastructure, particularly through the allocation of satellite orbits and radio frequencies. Yet the ITU’s mandate is primarily technical, and it fully recognizes the importance of national control over satellite infrastructure within the broader telecommunications ecosystem. The ITU also acknowledges the critical role of cybersecurity in protecting satellite and other telecommunication services, reflecting the intersection of technical coordination with national security concerns. This technical framework supports the orderly use of space resources while ensuring states’ sovereign rights over their telecommunications networks. 

From an international law perspective, the developments described above highlight the critical need for cooperative frameworks that ensure national sovereignty over digital infrastructure is respected without compromising the principles of peaceful use of outer space and global connectivity. Satellite infrastructure governance must comply with international legal principles enshrined in key treaties such as the Outer Space Treaty (1967), which establishes fundamental principles including the prohibition on national appropriation of outer space (Article II), the duty to avoid harmful contamination (Article IX), and the mandate to conduct space activities for the benefit and interests of all countries (Article I). The Convention on Registration of Objects Launched into Outer Space (1976) requires states to provide information about space objects to the United Nations, enhancing transparency and accountability, which is essential to satellite tracking and security. Additionally, the Radio Regulations, developed under the ITU framework, are legally binding and regulate the use of the radio-frequency spectrum and satellite orbital positions to prevent harmful interference, thereby maintaining orderly access to these scarce resources. The Liability Convention (1972) further holds states liable for damage caused by their space objects, reinforcing state responsibility in satellite operations. 

In recent years, the international community has recognized the increasing relevance of cybersecurity and data protection in outer space activities. While no dedicated global treaty yet governed cybersecurity in space, this gap is being addressed by the new UN Cybersecurity Treaty, which officially opens for signature in May 2025. This treaty aims to establish binding international norms for state behaviour in cyberspace, including critical infrastructure protection, which encompasses satellite communication networks. The treaty’s progress is an telling indication of growing need to address cyber threats that affect both: terrestrial networks and space-based assets.  

This developing international discourse also intersects with international human rights law, particularly regarding the right to privacy and data protection, that must be observed within satellite data governance regimes. The United Nations Committee on the Peaceful Uses of Outer Space (COPUOS) and its Working Group on the Long-term Sustainability of Outer Space Activities have been active in developing guidelines to enhance the safe and sustainable use of outer space. These efforts reflect a growing consensus on the necessity for states to coordinate policies that reconcile sovereign interests with the collective need to prevent space debris, promote transparency, and ensure equitable access to space-based infrastructure. 

Also the UN Sustainable Development Goals (SDGs)—notably SDG 9 (Industry, Innovation, and Infrastructure) and SDG 16 (Peace, Justice, and Strong Institutions)—reflect the importance of leveraging satellite technologies to ensure inclusive and sustainable development while maintaining international peace and security.

This complex legal and technical landscape requires an enhanced international dialogue and cooperation to ensure the development of governance frameworks that balance national sovereignty, cybersecurity, and the legal framework behind global commons. Ensuring compliance with these treaties and norms will be essential to prevent fragmentation of satellite governance, reduce geopolitical tensions, and promote the peaceful and equitable use of outer space.

From Orbit to Policy: Strengthening Global Cooperation to Prevent a Fragmented Space Internet

The growing issue of satellite-based data access and national sovereignty highlights a significant gap in the existing global governance framework. Satellite services operated by multinational companies like Starlink often remain outside traditional regulatory frameworks, exposing states to strategic vulnerabilities. The absence of an enforceable cross-border regulatory framework for satellite services presents new risks for national security, particularly in regions with ongoing geopolitical tensions.

India’s recent regulatory amendments signal a shift toward a more assertive approach to satellite governance. By introducing measures like data localization and interception mandates, India aims to construct a sovereign satellite governance regime that ensures national security while enabling the growth of satellite services. If these measures are effectively implemented, India could become a model for other countries seeking to balance national security with economic growth

Pakistan, by contrast, faces a more complex challenge. Lacking comparable satellite infrastructure and regulatory capacity, it remains dependent on foreign satellite operators. If India’s regulations extend to monitoring links with Pakistani networks, Pakistan could find itself increasingly isolated from regional satellite connectivity unless regional coordination mechanisms are established.

The lack of a coordinated regulatory approach in South Asia could aggravate the fragmentation of the digital ecosystem, creating barriers to innovation and collaboration. The upcoming ITU World Summit on the Information Society +20 (WSIS+20) presents a unique opportunity to address these issues by advancing discussions between governments, industry leaders, civil society and organizations like the ITU. A comprehensive global framework for satellite data governance is essential to protect sovereignty while ensuring global connectivity.