Digital Aviation in Wartime: Why the Restoration of Flights Depends on IT Architecture and Insurance

Table of Contents

• 1. Order No. 511: Ambitious Goal in a Legal Shadow
• 2. From Sea to Sky: Why Unity Became a Legal Blueprint
  • 2.1 Unity as a Legal Template for Aviation
  • 2.2 Limitations Without a Technological Component
  • 2.3 The Role of Lessors as Market Gatekeepers
  • 2.4 Transforming Safety into a Digital Asset
• 3. Airport as an IT Object: Beyond Concrete and Runways
• 4. Legal Anchors of Digital Security
• 5. Legal Architecture of Digital Trust
  • 5.1 Source Code Escrow
  • 5.2 SLA and Maintenance as Insurance Risk Allocation
  • 5.3 Data Retrieval as Condition for Insurance Payouts
  • 5.4 Cybersecurity and Controlled Trace
  • 5.5 IT Contract as Part of the Insurance Package

~ 15 min read

On March 13, 2026, the official website of the Ministry for Communities and Territories Development of Ukraine published a notice establishing a Working Group to prepare for the restoration of air traffic (Order No. 511). Its composition includes representatives from the General Staff, the Air Force, the State Aviation Administration, and executives from key airports — Kyiv, Boryspil, and Lviv.

The composition of the group clearly confirms the strategic direction that we at Jurvneshservice previously analyzed in our paper “Airport Governance Models: A Path for Ukraine.” The state is deliberately concentrating resources on two key hubs — Boryspil and Lviv Danylo Halytskyi International Airport. At the same time, the focus has shifted from Odesa Airport to Kyiv (Zhuliany), possibly due to ownership structure issues we highlighted in our earlier analysis.

At first glance, this appears to be a long-awaited transition from political declarations to the practical implementation of security protocols.

Formally, the group is positioned as an advisory body under the Ministry. Such a status is typical for interagency coordination and, in itself, raises no concerns. Moreover, its establishment has been widely communicated through official channels and in the public sphere, thereby lending it a high level of political legitimacy. In effect, the state is signaling to the market the start of institutional preparations to reopen the skies.

However, there is another, less visible but critically important dimension — the legal one.

As of today, Order No. 511 has not been registered with the Ministry of Justice of Ukraine. Within the classical framework of Ukrainian administrative law, this means that the act has not yet acquired full normative force vis-à-vis third parties.

As a result, a situation emerges that is difficult to explain outside a legal perspective: the working group exists de facto as an institution of public policy, but de jure does not generate any binding legal consequences.

For internal coordination purposes, such a structure may be acceptable in the early stages. However, it raises serious doubts regarding the effectiveness of subsequent implementation, particularly where decisions require legal formalization and enforceability.

In this model, there is a clear risk of institutional dilution: without legal certainty, even a high level of representation does not guarantee that developed approaches will be translated into binding actions.

More broadly, this status of an advisory body:

• does not create a legally relevant subject of responsibility
• does not establish a binding model of risk allocation
• cannot be integrated into international insurance and financing frameworks

This is precisely where the key challenge lies: without a transition from political legitimacy to legal certainty, even the most relevant initiatives remain outside the mechanisms used by international insurers and lessors.

The establishment of the Working Group under Order No. 511 is not a spontaneous decision; it represents a stage in a broader strategy whose foundations were laid well before 2022. In particular, the 2020 Agreement on Political, Free Trade and Strategic Partnership between Ukraine and the United Kingdom of Great Britain and Northern Ireland already outlined directions for developing and protecting critical infrastructure.

In this context, current decisions should not be viewed in isolation but rather as a continuation of building a model for managing war risks.

Back in 2025, in our Jurvneshservice publication “Restarting Flights: Ukraine’s Aviation Insurance Facility”, we argued not only for the possibility but also for the necessity of adapting maritime insurance mechanisms to civil aviation. Today, this logic has been empirically confirmed in the London insurance market.

The Unity mechanism, developed by the broker Marsh (part of Marsh McLennan) together with the Government of Ukraine and Lloyd’s underwriters, has effectively established a new standard for war risk insurance.

Its key value lies not only in reducing premiums (from approximately 3% to 0.75%), but in its structure, which combines:

• a sovereign backstop
• private insurance capital
• a formalized model for risk assessment and monitoring

It is at this point that a fundamental transformation occurs:
war risk ceases to be a political factor and becomes a financial instrument.

In the aviation sector, Unity is not merely a success.

It is a legal template demonstrating the conditions under which war risk can be integrated into international insurance and financial mechanisms. However, direct replication of this model is not possible.

Aviation differs significantly from maritime transport. It involves higher asset capitalization (aircraft versus vessel), greater sensitivity to incidents, and a more complex structure of responsibility (operator, airport, state, lessor).

Where the maritime model largely relies on spatial control (of maritime zones), the aviation model requires continuous, real-time safety verification.

This is where the key limitation arises.

The Unity model operates only if the risk is identified, structured, and verifiable.

In the maritime sector, this is achieved by controlling routes and zones. In aviation, this is insufficient. Without systems capable of real-time event recording, immutable data storage, and rapid retrieval for insurers, no insurance model can be integrated into underwriting and claims-handling procedures.

In other words, without a digital evidentiary base in the form of an Audit Trail, the Unity model does not function in aviation.

It is equally important to consider the position of lessors, who are the de facto owners of a significant portion of the aircraft fleet.

For them, insurance is not merely a financial instrument, but a mechanism for asset protection. In the absence of a clear insurance framework and the ability to verify the circumstances of the accident, risk shifts into the realm of default.

In such conditions, the decision to return aircraft to Ukrainian jurisdiction becomes unlikely — regardless of political signals or infrastructure readiness.

In this sense, it is the lessor, rather than the state or operator, who becomes the final arbiter of whether civil aviation returns to Ukrainian skies.

This is why the next stage in the evolution of the Unity model is to transform safety from an operational category into a financial and legal one.

Airport safety must be represented as verifiable, reproducible data that can be integrated into an insurance model.

In this sense, IT infrastructure ceases to be a supporting element.

It becomes:

• part of the insurance product
• an element of underwriting
• a basis for claims payments

This transformation — from physical safety to digital risk verification — is the key to transferring the Unity model from sea to sky.

Thus, the Working Group under Order No. 511 cannot limit itself to general formulations regarding the restoration of flights and protection of critical aviation infrastructure. Its outcome must be defined in a far more rigorous way — as a system that ensures technologically verifiable risk control.

Since in the modern aviation insurance model, risk is assessed not by geography but by the quality of data, the availability of such evidence will determine Ukraine’s ability to integrate into the international insurance and leasing market.

A modern airport is no longer an infrastructure object in the classical sense — it is first of all a digital risk management system. In this context, more than 70% of its operational model depends on IT infrastructure. For an international reinsurer, “security” is not an operational characteristic, but an evidentiary base formed as an Audit Trail. In this context, an Audit Trail should be understood not simply as a log of events, but as a legally significant, immutable, and reproducible chronology of system actions.

However, the level of such digitalization in Ukraine remains uneven.

The most dynamic progress is observed in Boryspil Airport. In February 2026, a mission of the Korean agency KOICA completed technical documentation for the modernization of operational and IT systems. In addition to passenger solutions, the project focuses on building IT infrastructure to securely scale operations. In parallel, in March 2026, the airport engaged with the Japanese agency JICA and UNODC on cybersecurity and biometric system modernization. From a legal perspective, this indicates that Boryspil is already laying the groundwork for requirements such as Immutable Logging and rapid Data Retrieval — transitioning from infrastructure modernization to a system that could be integrated into insurance underwriting.

The situation in Lviv and Kyiv (Zhuliany) is more ambiguous.

In Lviv, despite its status as a leading candidate for reopening flights, there is limited evidence of large-scale international IT projects comparable to KOICA.

In Kyiv (Zhuliany), while management declares operational readiness, from an IT law perspective, such readiness must be confirmed through an independent audit. Without modern cybersecurity systems and Source Code Escrow mechanisms, even a technically functional airport may be refused by international lessors due to a lack of transparency in its digital perimeter.

This, in turn, prevents proper incident verification and jeopardizes insurance payouts.

Thus, modernization cannot be reduced to physical reconstruction. It is about creating a “digital twin of safety” — a system capable of recording, verifying, and reproducing risk in a format understandable to the international insurance market

For an insurance model similar to the Unity to work for the sky, the digital architecture of airports must be based on the principles of IT law, which we at Jurvneshservice develop in detail in line with international standards. For a foreign reinsurer, the “reliability” of airport software is not a declaration, but specific legal mechanisms for protecting the asset:

1. Source code and the right to recompile: The airport cannot accept critical software without access to the source code or its deposit. In wartime, if the developer disappears or stops supporting it, the airport security system has no right to become a “brick” that cannot be adapted to new types of threats or new “hardware”.
2. Technical specification and the role of BA: Independent business analysts (BA) should be involved at the tender stage. Without a detailed technical specification, it is impossible to conduct correct acceptance testing (Acceptance Testing). If the customer cannot prove to the insurer that the system is operating in accordance with the strict TS, the risk is considered uncontrolled and therefore uninsurable.
3. Data Retrieval: This is a direct legal requirement for the IT vendor to ensure immediate retrieval of logs. In the event of an incident, the insurer must obtain the airport’s “digital alibi” within hours, not months. Any delay in data recovery/retrieval may result in the denial of payment.

It is these “clues” in IT contracts that create the same Aviation Resilience that lessors demand.

Transposing a model similar to Unity into civil aviation is impossible without transforming approaches to IT contracting in the aviation sector. While in the classical model, IT agreements are treated as an auxiliary element of operational activity, under wartime risk conditions, they become part of the insurance architecture.

For an international insurer and lessor, the reliability of an airport is determined not only by physical security but also by its ability to establish the occurrence of an incident, reconstruct its circumstances, and confirm the proper functioning of systems.

These capabilities are shaped not at the infrastructure level, but at the level of contracts with IT vendors.

Mission-critical airport systems (airspace monitoring, security systems, traffic flow management) cannot depend solely on the developer’s good faith or solvency. For this reason, source code escrow becomes a key element.

Legally, this entails the presence of an independent escrow agent; the definition of clear trigger events granting access to the source code (bankruptcy, termination of support, force majeure); and the customer’s right to access and modify the code.

Without such a mechanism, any security system may lose controllability at a critical moment, automatically increasing insurance risk to an unacceptable level.

In classical IT contracts, an SLA is viewed as a technical indicator of service quality. In the context of aviation insurance, however, the SLA transforms into a mechanism for allocating risk between the operator and the IT vendor.

Key elements include guaranteed uptime of critical systems, incident response time, and the obligation to promptly remediate vulnerabilities.

A breach of these parameters may not only have contractual consequences but may also affect the insurer’s qualification of the incident and, accordingly, the possibility of insurance indemnification.

One of the key requirements of the international insurance market is the ability to quickly access data that confirms or refutes the occurrence of an incident.

This concerns not only data retention but also the legally guaranteed ability to retrieve it promptly. Contracts with IT vendors must explicitly specify deadlines for log delivery, audit-ready data formats, and record immutability.

Any delay or inability to reconstruct data creates a risk of denial of insurance payment or reclassification of the event as non-covered.

In the modern insurance model, cybersecurity ceases to be a separate regulatory domain. It becomes part of the evidentiary framework.

Contracts must provide for the implementation of immutable logging systems, independent security audits, and regular testing (including penetration testing and red teaming).

These elements form the evidentiary basis in the form of an audit trail, which insurers use in risk assessment and which becomes the foundation for decisions on indemnification.

Ultimately, a fundamental shift occurs in the role of the IT contract. It ceases to be an internal document of the operator and becomes part of the documentation package that the insurer and the lessor analyze.

This means that the structure of the contract affects the insurance premium, its level of detail influences the likelihood of obtaining coverage, and its technical provisions impact payout decisions.

Thus, in the modern model of aviation recovery, the contract with the IT vendor performs a function previously attributed exclusively to infrastructure. It becomes an instrument through which trust in the international insurance and financial markets is formed.

For this reason, the legal structuring of such contracts extends beyond IT law and becomes part of a broader aviation safety architecture. Within this architecture, the question is no longer whether the airport is technically ready, but whether it can demonstrate that in a form acceptable to insurers.

This is why airports and IT vendors must already structure their contracts to comply not only with general technical requirements but also with stringent EASA standards (in particular Regulation 2023/203) and the specific requirements of the insurance market.

Only such an approach will make it possible to convert “military skies” into a legally protected and insured aviation space.

For us at Jurvneshservice, this signifies a new role — we become architects of trust between the ambitions of the Ukrainian state and the stringent requirements of global capital.

Ahead lies a detailed analysis of how technical specifications and maintenance terms in airport IT contracts become the foundation for insurance policy payouts. This will be discussed in the next article of our series.

The article is done by Anna Tsirat, a partner