The EU Agency for the Cooperation of Energy Regulators (ACER) has submitted to the European Commission its revision of the Network Code for cybersecurity aspects of cross-border electricity flows. This cybersecurity network code aims to further contribute to maintaining the security and resilience of the electricity system across Europe.
The Agency revised the proposal for a network code submitted by ENTSO-E and the EU DSO Entity in January 2022. The network code includes rules on various electricity cybersecurity-related aspects, such as:
- A common electricity cybersecurity framework aimed to standardise the measures in place to protect the EU electricity cyber perimeter.
- Governance of cybersecurity for the electricity sector.
- A comprehensive cross-border risk management process.
- Cybersecurity information sharing flows to ensure timely information and foster quick and coordinated reaction of relevant stakeholders.
- Rules on incident handling and crisis management.
- A cybersecurity exercise framework to enhance preparedness of all operators.
- Rules for the protection of information exchange.
- A framework for monitoring, benchmarking, and reporting.
The main changes introduced by ACER’s review to the network operators’ proposal include:
- Specifying the elements and principles to be included in terms, conditions, and methodologies.
- Elaborating on governance-related issues.
- Introducing the legal basis to develop guidelines for the exchange of information.
- Introducing the possibility for Member States to be exempted from provisions for national security reasons.
What are the next steps?
ACER has submitted the revised Network Code to the European Commission within the allowed time limit of six months. Next, the Commission will review the submitted Network Code and initiate its procedure for the adoption of delegated acts. When adopted by Member States, it becomes legally binding across the EU.
Source: Press release