Air Navigation Service Providers (ANSPs), and other critical service providers, are gradually replacing dedicated analogue and Digital Communications Infrastructures (DCI) by a public DCI, provided by a limited number of service providers. This cost-driven measure clashes with the need to assure the safety of ANSPs’ operations by providing safety cases in which they show what has been done to reduce the risk to an acceptable level. In case of DCI, however, they are not always able to prove this because modern DCI are very complex, subject to dynamic (re)configuration, and several level of subcontracting. Traditional risk analysis processes are not equipped for this kind of dynamic assessment. Furthermore, the information provided by the communications service providers is—in general—not sufficient for such assurance purposes. Being public, DCI are also subject to security attacks that would not have been physically possible in the past with dedicated DCI. In this paper, we highlight risks that do not appear in typical risk analyses. We discuss general and air-traffic-management specific challenges in using outsourced communication services. We conclude with some technical, organizational and potentially regulatory steps, which we believe are needed to improve the transparency and long-term safety and security of this increasingly complex infrastructure. We also provide some insight on future challenges by summarising interviews with key stakeholders.