A merchant ship carries two entirely separate satellite communication systems: the mandatory safety network required by SOLAS, and the commercial internet that keeps the ship’s operations running and the crew connected to their families. Confusing the two — or failing to manage the risks that come with the second — has regulatory consequences.
This article covers what each system does, how VSAT, Iridium, and Starlink compare in a commercial shipping context, what bandwidth actually looks like on a working cargo ship, and what IMO now requires on cybersecurity.
What communication systems does SOLAS require under GMDSS?
The Global Maritime Distress and Safety System (GMDSS) is the mandatory communication framework under SOLAS Chapter IV. It replaced the Morse code watch requirement and defines the equipment every SOLAS vessel must carry based on its Sea Area of operation. GMDSS equipment and requirements are structured around four Sea Areas — A1 through A4 — each requiring a different combination of VHF, MF, HF, and satellite systems.
Sea Area A1 covers waters within range of a VHF DSC coast station — typically up to 20–50 nautical miles from shore. A2 extends to MF range, approximately 150–400nm. A3 covers the Inmarsat satellite footprint between approximately 70°N and 70°S. A4 covers the polar regions beyond A3 coverage, where HF radio and Iridium satellite are the primary options.
The mandatory equipment suite is not optional and not reducible by the shipowner. Deficiencies in GMDSS equipment result in PSC detention. A vessel that cannot demonstrate full GMDSS operability — correctly tested, with current battery and EPIRB hydrostatic release — will not be permitted to sail until the deficiency is rectified.
What is Inmarsat-C and what does it do?
Inmarsat-C is the standard satellite telex system required for vessels operating in Sea Area A3. It provides low-bandwidth two-way data messaging between the ship and shore authorities, including the transmission of distress alerts directly to the nearest Rescue Coordination Centre (RCC). It is not a voice system and not internet — it is a dedicated safety messaging terminal.
Inmarsat-C receives SafetyNET broadcasts — navigational warnings, meteorological alerts, and urgent marine information for the ship’s geographic area. These broadcasts are automated and continuous. The officer of the watch is responsible for monitoring SafetyNET and acting on relevant broadcasts — this is a SOLAS Chapter V navigation safety requirement, not a discretionary function.
The Inmarsat-C terminal operates independently of the ship’s commercial communications system. It must remain powered and operational at all times, including during a main power failure — the GMDSS battery backup must sustain operation for a minimum of six hours. This is tested at each annual GMDSS survey.
What are EPIRB and SART requirements under GMDSS?
An EPIRB (Emergency Position Indicating Radio Beacon) transmits a distress signal on 406 MHz to the Cospas-Sarsat satellite system, which relays the vessel’s position and MMSI to the nearest RCC. Category 1 EPIRBs are mounted in a float-free bracket and activate automatically when submerged to 1–4 metres. International distress signal procedures require the EPIRB to be registered with the flag state — an unregistered EPIRB generates a false alarm response and cannot be matched to the vessel in distress.
A SART (Search and Rescue Transponder) responds to 9 GHz X-band radar pulses from searching vessels and aircraft, displaying a series of dots on the searcher’s radar screen pointing toward the survivor’s position. Radar SARTs are being supplemented by AIS-SARTs on many vessels — the AIS-SART transmits a GPS position directly into other vessels’ AIS displays rather than requiring radar interrogation.
SOLAS requires at least two SARTs per vessel, stowed where they can be rapidly deployed into survival craft. The hydrostatic release on the EPIRB bracket and the battery expiry dates on all GMDSS equipment must be current at the time of each GMDSS survey — both are the first items a PSC officer checks during a GMDSS examination.
How does crew welfare internet differ from safety communications?
Safety communications — GMDSS, Inmarsat-C, VHF Ch16, DSC — are mandatory, dedicated, and ring-fenced from the ship’s general network. Crew welfare internet is a separate commercial system that provides internet access for crew personal use. The two must not share the same infrastructure in a way that allows crew traffic to interfere with safety communications.
The Maritime Labour Convention 2006 (MLC), Regulation 3.1 and Standard A3.1, requires shipowners to provide seafarers with reasonable access to ship-to-shore telephone communications and internet where practicable. The 2022 amendments to MLC strengthened this: internet access for crew personal use at a reasonable cost is now effectively a flag state enforcement obligation on vessels of 500 GT and above.
In practice, most shipping companies provide crew welfare internet through a separate VLAN or access point, with bandwidth managed separately from operational traffic. The commercial VSAT or LEO satellite link carries both operational data and crew internet — but traffic management systems prioritise operational traffic and cap crew consumption to prevent saturation of the link during cargo planning or port arrival.
What does bandwidth actually look like on a cargo ship?
On a typical bulk carrier or tanker with a conventional VSAT installation, the operational data link may run at 512 Kbps to 2 Mbps — sufficient for email, weather downloads, electronic chart updates, and engine monitoring data. Crew welfare internet on the same vessel is typically throttled to 64–256 Kbps per user, shared among all connected crew members.
The practical result is that a crew member on a conventional VSAT vessel can send messages and browse text-based content, but video calls are unreliable and streaming is not viable. This bandwidth reality is a significant crew retention issue — seafarers comparing their onboard connectivity to shore-based standards increasingly factor internet quality into their employment decisions.
Starlink Maritime and high-throughput VSAT services in the Ku-band and Ka-band have substantially changed this picture on vessels that have upgraded. Aggregate link speeds of 100–200 Mbps are achievable on Starlink Maritime, which fundamentally changes the crew welfare equation — video calls are reliable, streaming is viable, and the crew welfare obligation under MLC is genuinely met rather than nominally satisfied.
How do VSAT, Iridium, and Starlink compare for commercial shipping?
The three dominant satellite technologies in commercial shipping are VSAT (geostationary orbit), Iridium (low Earth orbit, LEO), and Starlink (LEO). Each has different coverage, latency, bandwidth, and cost profiles. The right choice depends on the vessel’s trading area, the operational data requirements, and the ship manager’s crew welfare obligations.
What is VSAT and how is it used on ships?
VSAT (Very Small Aperture Terminal) uses a stabilised dish antenna tracking geostationary satellites at approximately 35,786 km above the equator. The geostationary orbit means the satellite is always in the same position relative to the antenna, allowing continuous high-bandwidth connection — at the cost of high latency, typically 600–700 milliseconds round trip.
VSAT is available in C-band (4–8 GHz, wide coverage, lower bandwidth), Ku-band (12–18 GHz, higher bandwidth, affected by heavy rain), and Ka-band (26–40 GHz, highest bandwidth, more rain fade sensitivity). Most commercial shipping VSAT systems operate on Ku-band. High-throughput satellites (HTS) in Ka-band offer speeds competitive with Starlink on routes with appropriate coverage.
The main limitation of VSAT is coverage: geostationary satellites cover roughly 70°S to 70°N latitude. Vessels trading in Arctic or Antarctic waters — bulk carriers on the Northern Sea Route, supply ships supporting polar research — cannot rely on VSAT and must supplement with HF or Iridium. This is not optional where GMDSS A4 requirements apply.
What is Iridium and when is it used on ships?
Iridium operates a constellation of 66 LEO satellites at approximately 780 km altitude, providing truly global coverage including polar regions. Every point on Earth is within range of an Iridium satellite at all times. This makes Iridium the standard for GMDSS communications in Sea Area A4 and the backup system for vessels operating at high latitudes where VSAT coverage fails.
Iridium Certus is the current generation maritime service, offering data speeds up to 704 Kbps — significantly faster than the legacy Iridium OpenPort but still below VSAT and Starlink for high-bandwidth applications. Iridium’s primary value in commercial shipping is not crew welfare internet — it is coverage reliability where no other system reaches, and its use as a GMDSS-certified safety communication channel.
What does Starlink Maritime offer commercial shipping?
Starlink Maritime (SpaceX) operates a LEO constellation at approximately 550 km altitude, providing low latency — typically 20–40 milliseconds — and high aggregate bandwidth. The flat-panel antenna (Dishy) requires no mechanical stabilisation, which reduces installation complexity and maintenance requirements compared to VSAT dishes with gyro-stabilised mounts.
Starlink Maritime is not yet a GMDSS-certified communication system. It cannot replace Inmarsat-C, EPIRB, or the GMDSS VHF/MF/HF suite. Its role on commercial vessels is as a crew welfare and operational data link — email, ECDIS chart updates, performance monitoring data, video conferencing — not as a safety communication channel. The mandatory GMDSS systems must remain operational alongside it.
Coverage limitations apply: the polar constellations that extend Starlink coverage above 70°N are expanding but remain less dense than the equatorial and mid-latitude coverage. Vessels trading Arctic routes should verify coverage for their specific route before relying on Starlink as the primary operational data link.
What are the IMO cybersecurity obligations for ships?
IMO Resolution MSC.428(98), adopted in June 2017, requires that maritime cyber risks be appropriately addressed in the vessel’s Safety Management System (SMS) no later than the first annual verification of the Document of Compliance (DOC) after 1 January 2021. This is not a recommendation — it is a flag state enforcement obligation implemented through ISM Code compliance.
The practical requirement is that the SMS must include procedures for identifying cyber risks, protecting systems against those risks, detecting anomalies, responding to incidents, and recovering affected systems. IMO MSC-FAL.1/Circ.3 provides the high-level guidelines on maritime cyber risk management that inform how class societies and flag states assess compliance.
The introduction of VSAT, Starlink, and operational data systems connected to the internet has created attack surfaces that did not exist on vessels with only HF radio. Every connection between the ship’s operational technology (OT) network — ECDIS, AIS, engine monitoring, ballast control — and the internet is a potential intrusion vector. The SMS must address each of these connections explicitly.
What is the difference between OT and IT networks on ships?
Operational technology (OT) networks carry the data that controls the vessel — ECDIS, AIS, engine management systems, cargo control systems, ballast water management, GPS. IT networks carry business and crew data — email, crew internet, administrative systems. The cardinal rule of maritime cybersecurity is that these networks must be segmented: OT traffic must not be reachable from the crew internet or from any externally connected system.
In practice, network segmentation is frequently inadequate on older vessels where OT and IT systems were installed by different contractors at different times and were never formally separated. A VSAT or Starlink installation that connects to the ship’s main switch without proper firewall configuration creates a direct path from the internet to the ECDIS. This is the scenario IMO MSC.428(98) is designed to prevent.
BIMCO, in collaboration with CLIA, ICS, INTERCARGO, and INTERTANKO, has published cybersecurity guidelines for the maritime sector that provide practical implementation guidance for the SMS requirements. Port state control officers increasingly examine the SMS for evidence of cyber risk management — a ship that cannot demonstrate it has assessed and addressed its network architecture will receive a deficiency. Port state control inspections under the Paris MoU now include cybersecurity as a specific examination area.
What cyber risks does satellite internet introduce on cargo ships?
- Phishing via crew email — malware delivered to a connected device that can propagate to OT systems if networks are not segmented
- Ransomware — cargo shipping companies have been targets of ransomware attacks that disrupted port operations and cargo management systems
- GPS spoofing — not a satellite internet risk per se but part of the same electronic environment; vessels have reported false position data in high-risk areas
- ECDIS vulnerability — chart updating via internet connection creates an update pathway that can be exploited if the ECDIS is not properly isolated
- Remote access exploitation — remote maintenance connections to engine management systems create persistent access points if not properly managed and closed after use
- Social engineering — crew members on welfare internet may be targeted specifically because they have physical access to the vessel
The SMS cyber risk procedure must identify each connected system, state how it is protected, name the responsible officer, and specify the response procedure if a compromise is detected. A procedure that describes cyber risk in general terms without naming specific systems on the vessel will not satisfy a flag state auditor or a PSC officer conducting a detailed ISM examination.
Why does bandwidth matter for crew retention on cargo ships?
Crew retention is a documented commercial problem in deep-sea shipping. ITF and ITF Seafarers surveys consistently identify communication with family as one of the top factors in seafarers’ decisions to remain in the profession or leave it. A vessel with genuinely usable internet — not throttled to 64 Kbps per user — has a measurable advantage in attracting and retaining experienced officers.
The MLC 2006 framework places the cost of crew welfare internet on the shipowner, not the seafarer. ITF-affiliated unions have successfully argued in port state enforcement actions that charging seafarers commercially for internet that the MLC requires the shipowner to provide constitutes a violation of the seafarer’s rights under the convention.
The practical impact on vessel operations is direct. An officer who has spent four months unable to make a reliable video call home makes decisions about contract renewal accordingly. Crew shortage in specific vessel types and flag states is already a crewing constraint — internet quality is a retention variable that shipowners can control at relatively low cost compared to crew recruitment and retraining.
Frequently Asked Questions
Is GMDSS the same as the ship’s internet?
No. GMDSS is the mandatory safety communication system required by SOLAS Chapter IV — it includes Inmarsat-C, EPIRB, SART, VHF DSC, and MF/HF radio. The ship’s internet is a separate commercial service for operational data and crew welfare use. GMDSS must remain operational at all times regardless of the status of the commercial internet connection.
Can Starlink replace Inmarsat-C on a cargo ship?
No. Starlink is not GMDSS-certified and cannot replace any SOLAS-mandated communication system. Inmarsat-C, EPIRB, SART, and the VHF/MF/HF DSC suite must remain installed and operational regardless of what commercial satellite service the vessel uses. Starlink operates as a supplementary operational and crew welfare link, not as a safety communication system.
What Sea Areas require which GMDSS systems?
Sea Area A1 requires VHF DSC and EPIRB. A2 adds MF DSC. A3 adds Inmarsat-C or equivalent satellite EPIRB, plus the full MF/HF suite. A4 — polar regions — requires HF radio and a satellite EPIRB capable of global coverage, since geostationary Inmarsat coverage does not extend reliably beyond approximately 70 degrees latitude in either hemisphere.
What must the SMS include for cyber risk compliance under IMO?
The SMS must identify all internet-connected systems on the vessel, describe the protective measures for each, name the responsible officer for cyber risk management, and specify detection and response procedures for a suspected compromise. Generic cyber risk language that does not reference the specific systems installed on the vessel will not satisfy a flag state DOC audit or PSC examination after 2021.
What is the bandwidth difference between VSAT and Starlink Maritime?
Conventional VSAT on a cargo ship typically provides 512 Kbps to 2 Mbps aggregate, shared between operational and crew use. Starlink Maritime provides 100–200 Mbps aggregate under normal conditions, with latency of 20–40 milliseconds versus 600–700 milliseconds for geostationary VSAT. The practical difference for crew welfare is that Starlink supports reliable video calls and streaming; conventional VSAT generally does not.
Does MLC 2006 require shipowners to provide free internet to crew?
MLC 2006 Regulation 3.1 requires reasonable access to ship-to-shore communications at reasonable cost. The 2022 amendments strengthened this to effectively mandate internet access provision. The convention does not require zero-cost access, but flag states have interpreted ‘reasonable cost’ as meaning the shipowner absorbs the infrastructure cost and charges crew only a nominal or zero fee for personal use.
ECDIS receives chart updates via satellite internet connection, either through the ship’s VSAT or via USB delivery at port. AIS data is transmitted and received via VHF — not satellite internet — though AIS information is accessible to shore systems via satellite relay networks. Ship navigation equipment increasingly depends on internet-connected update and support services, which is precisely why OT network segmentation is essential for cybersecurity compliance.
- Boat Salvage Yards in Oregon (2026): Used Marine Parts & Locations – May 30, 2026
- Boat Salvage Yards in Washington (2026): Used Marine Parts & Locations – May 28, 2026
- Nautical Science: A Practical Guide to How Ships Work at Sea – April 16, 2026
