The new Network Code on Cybersecurity will cover issues such as:

  • establishing methodologies and governance for electricity cross-border risk assessment,
  • define a set of common minimum cybersecurity requirements and standards applicable to all actors for the electricity markets,
  • further development and orchestration of cybersecurity information co​llection and dissemination among all electricity community actors,
  • planning,
  • monitoring,
  • and reporting obligations​. 

         
          
 New                             

 

 

In particular, the revised Network Code on electricity cybersecurity submitted on 14 July 2022 by the ACER to the European Commission includes rules on various electricity cybersecurity-related aspects, such as:

  • a common electricity cybersecurity framework aimed to standardise the measures in place to protect the EU electricity cyber perimeter;
  • governance of cybersecurity for the electricity sector;
  • a comprehensive cross-border risk management process;
  • cybersecurity information sharing flows to ensure timely information and foster quick and coordinated reaction of relevant stakeholders;
  • rules on incident handling and crisis management;
  • a cybersecurity exercise framework to enhance preparedness of all operators;
  • rules for the protection of information exchange;
  • a framework for monitoring, benchmarking and reporting.

clip2  Links

 

ACER website on cybersecurity

The main changes introduced by ACER’s review to the network operators’ proposal include:

  • specifying the elements and principles to be included in terms, conditions and methodologies;
  • elaborating on governance-related issues;
  • introducing the legal basis to develop guidelines for the exchange of information;
  • introducing the possibility for Member States to be exempted from provisions for national security reasons.

 

 

chronicle   Regulatory chronicle 

 

 

11 March 2024

 

Commission Delegated Regulation of 11.3.2024 supplementing Regulation (EU) 2019/943 of the European Parliament and of the Council by establishing a network code on sector-specific rules for cybersecurity aspects of cross-border electricity flows, C(2024) 1383 final

 

20 October 2023

The opening of the public feedback period on Commission Delegated Regulation supplementing Regulation (EU) 2019/943 of the European Parliament and of the Council by establishing a network code on sector-specific rules for cybersecurity aspects of cross-border electricity flows 

 

14 July 2022


ACER submits to the European Commission the revised Network Code on electricity cybersecurity 

 

27 July 2021

 

ACER publishes its Framework Guideline to establish a Network Code on Cybersecurity

 

The Framework Guideline covers various security-related topics, such as:

  • governance
  • cross-border risk assessment & management
  • a common electricity cybersecurity framework
  • information sharing and essential information flows
  • incident handling and crisis management (including data collection)
  • an electricity cybersecurity exercise framework
  • protection of information exchange in the context of data processing
  • monitoring, benchmarking and reporting

 

29 June 2021

 

Consultation response – ACER Consultation on the Draft Framework Guideline on sector-specific rules for cybersecurity aspects of cross-border electricity flows

 

30 April 2021

 

Public Consultation on the Draft Framework Guideline on sector-specific rules for cybersecurity aspects of cross-border electricity flows
 

Framework Guideline on sector-specific rules for cybersecurity aspects of cross- border electricity flows (Draft), PC_2021_E_04)

 

 

 IMG 0744   Documentation

 


ACER Framework Guideline on sector-specific rules for cybersecurity aspects of cross- border electricity flows, 22 July 2021


Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - the NIS Directive

 

Proposal for a Directive of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union, repealing Directive (EU) 2016/1148 (COM(2020) 823 final, the NIS2 Directive)


Proposal for a Directive of the European Parliament and of the Council on the resilience of critical entities (COM(2020) 829 final)

 

Cookies

We use cookies on our website to support technical features that enhance your user experience and help us improve our website. By continuing to use this website you accept our Privacy Policy.