ACER submits to the European Commission the revised Network Code on electricity cybersecurity
ACER submits to the European Commission the revised Network Code on electricity cybersecurity
What is it about?
Today, the EU Agency for the Cooperation of Energy Regulators (ACER) has submitted to the European Commission its revision of the Network Code for cybersecurity aspects of cross-border electricity flows. This cybersecurity network code aims to further contribute to maintaining the security and resilience of the electricity system across Europe.
The Agency, with the support of an expert group and extensive consultation, revised the proposal for a network code submitted by ENTSO-E and the EU DSO Entity in January 2022. The network operators’ proposal was based on the ACER Framework Guideline on sector-specific rules for cybersecurity aspects of cross-border electricity flows, which provided high-level principles for the development of an EU-wide binding network code.
The network code includes rules on various electricity cybersecurity-related aspects, such as:
- A common electricity cybersecurity framework aimed to standardise the measures in place to protect the EU electricity cyber perimeter;
- Governance of cybersecurity for the electricity sector;
- A comprehensive cross-border risk management process;
- Cybersecurity information sharing flows to ensure timely information and foster quick and coordinated reaction of relevant stakeholders;
- Rules on incident handling and crisis management;
- A cybersecurity exercise framework to enhance preparedness of all operators;
- Rules for the protection of information exchange;
- A framework for monitoring, benchmarking and reporting.
The main changes introduced by ACER’s review to the network operators’ proposal include:
- specifying the elements and principles to be included in terms, conditions and methodologies;
- elaborating on governance-related issues;
- introducing the legal basis to develop guidelines for the exchange of information;
- introducing the possibility for Member States to be exempted from provisions for national security reasons.
Additionally, ACER performed a thorough check of the provisions of the proposed Network Code to ensure its compatibility with the NIS Directive and the Risk Preparedness Regulation.
What are the next steps?
ACER has submitted the revised Network Code to the European Commission within the allowed time limit of six months. Next, the Commission will review the submitted Network Code and initiate its procedure for the adoption of delegated acts. When adopted by Member States, it becomes legally binding across the EU.
Find out more about ACER and Cybersecurity