The EU has made a landmark move to bolster its cyber defenses in the energy domain by enacting the network code on cybersecurity, designated as delegated act C/2024/1383, for the electricity sector. This first-of-its-kind regulation is set to significantly boost the resilience of key power infrastructures and protect vital cross-border electric currents crucial for market operation and consumer needs. Under the new code, entities key to international electricity trade conducting digital operations are required to undertake periodic cybersecurity risk evaluations.Rooted in the Electricity Regulation (EU) 2019/943, this directive aligns with the EU’s 2022 Action Plan on cybersecurity. It fits snugly within the existing cybersecurity and regulatory structures, emphasizing uniformity and cooperative defense against sophisticated cyber dangers. This code represents a unified approach to securing a paramount industry that is increasingly threatened by cyber adversaries.
Ensuring Cyber Resilience and Coordinated Response
The EU’s new cybersecurity guidance for the energy sector integrates existing frameworks, such as CSIRTs and the CyCLONe network, to ensure a coordinated response during security crises. This effort aligns with the enhanced parameters set by the updated NIS2 directive, reinforcing the EU’s commitment to safeguarding its digital infrastructure.In devising the network code, the EU considered industry practices and insights from primary stakeholders like ENTSO-E, the EU DSO Entity, and ACER. A period for public commentary further enriched the development process. Currently, the European Commission has moved the code forward by notifying the European Parliament, which marks the beginning of a review phase. During this scrutiny period, Parliament and the Council can examine the legislation, offer objections, and request an extension for a more thorough evaluation if needed, ensuring that the new code thoroughly addresses the sector’s cybersecurity resilience needs.
