The European Commission adopts new network code on cybersecurity for EU electricity sector

The European Commission has today adopted the first-ever EU network code on cybersecurity for the electricity sector. Foreseen under the Electricity Regulation (EU) 2019/943 (Article 59) and in the 2022 EU Action Plan to digitalise the energy system, this delegated act is an important step to improve the cyber resilience of critical EU energy infrastructure and services. It will support a high, common level of cybersecurity for cross-border electricity flows in Europe. The dossier now passes to the Council and European Parliament to scrutinise the text and the rules will enter into force once this period is over.

The network code aims to establish a recurrent process of cybersecurity risk assessments in the electricity sector. These assessments are aimed at systematically identifying the entities that perform digitalised processes with a critical or high impact in cross-border electricity flows, their cybersecurity risks, and then the necessary mitigating measures that are needed. For that, this network code establishes a governance model that uses and is aligned with existing mechanisms established in horizontal EU legislation, notably the revised Network and Information Security Directive (NIS2). This is the case, for example, for the reporting of cyberattacks and vulnerabilities using the established Computer Security Incident Response Teams (CSIRTs), or coordination with the CyCLONe network in case of large-scale cybersecurity incidents and crises. The new rules will therefore promote a common baseline, while respecting existing practices and investments as much as possible. This model can develop, follow and regularly review the methodologies of different stakeholders, taking into account the current mandates of different bodies in both the cybersecurity and electricity regulatory systems.

Today’s delegated act follows extensive consultation process with relevant stakeholders, including contributions from ENTSO-E, EU DSO Entity and ACER, an and a 4-week period for public feedback at the end of last year. The Commission has also informed the European Parliament about the initiative.

Under EU rules of procedure, today’s delegated act is now subject to scrutiny by the 2 EU co-legislators. This means that the European Parliament and Council each have a period of 2 months for objection to this secondary legislation, which can be extended by 2 months.

Source: European Commission

The European Commission adopts new network code on cybersecurity for EU electricity sector

OPINIE

FWPA: The greatest investment potential in the green transition is in wind power in Finland

Green Power Denmark: Huge tender for offshore wind turbines is now underway in earnest

Harnessing Sweden’s 106 GW offshore wind potential requires political support

PROJEKTY

Polenergia and Equinor enter into reservation agreements with Heerema Marine Contractors Nederland

50Hertz begins work on the Ostwind 3 grid connection for the offshore wind farm Windanker

Ørsted and Cadeler Sign Long-term Agreement for Offshore Wind Installation Vessel Capacity

REGULACJE

166 key cross-border energy projects in the EU published

Baltic Sea countries pledge closer collaboration to secure critical offshore energy infrastructure

50Hertz Restructures Leadership to Navigate Energy Transition Challenges

Subscribe to our Newsletter

NEWS

OPINIONS

CALENDAR

PROJECTS

REGULATORY

AUTHORS

OFFSHORE JOBS

ABOUT

ADVERTISE

PRIVACY

CONTACT

The European Commission adopts new network code on cybersecurity for EU electricity sector

Share This Story, Choose Your Platform!

Related Articles

OPINIE

PROJEKTY

REGULACJE

Subscribe to our Newsletter