– The European Commission adopts first-ever EU network code on cybersecurity for the electricity sector
– The network code aims to improve cyber resilience of critical EU energy infrastructure and services
– The rules will support a high, common level of cybersecurity for cross-border electricity flows in Europe
The European Commission has adopted the first EU network code on cybersecurity for the electricity sector in an attempt to improve the cyber resilience of critical EU energy infrastructure and services. The network code aims to establish a recurrent process of cybersecurity risk assessments in the electricity sector, identifying entities involved in digital processes impacting cross-border electricity flows and implementing necessary mitigating measures. The rules will promote a common baseline while respecting existing practices and investments, with a governance model aligned with existing mechanisms in EU legislation.
The energy sector presents areas in need of renewed attention, such as the need for energy systems to react quickly to avoid delays imposed by standard security measures. Many legacy systems in the energy sector were designed without considering cybersecurity, leading to a combination of older systems needing to interact with newer technologies like smart meters and IoT-connected devices without exposing them to cyber threats. The new rules hope to address these issues and ensure a high level of cybersecurity for electricity flows in Europe.
The delegated act is now subject to scrutiny by the EU co-legislators, passing to the Council and European Parliament for review over a period of up to four months before entering into force.