The energy sector subject to strict regulations. These regulations play a crucial role in ensuring that energy remains stable, affordable, and sustainable in every economy and society. As a result, energy is as 'vital infrastructure'.

‍

‍

These interrelated factors require more cyber protection of the unified European electricity supply system than has previously been implemented, without the security of. Recognizing this need, the EU has initiated an extensive codification exercise that will result in a set of EU regulations and corresponding national legislation, binding for the majority of energy market participants and control system suppliers.

‍

‍

‍

‍

The energy sector is experiencing significant regulatory changes to enhance cybersecurity and protect critical infrastructure.

‍

Key developments include:

Network Code on Cybersecurity (June 2024): The European Commission adopted the first-ever EU network code on cybersecurity for the electricity sector in June 2024. This delegated act establishes sector-specific rules for cybersecurity aspects of cross-border electricity flows, including common minimum requirements, planning, monitoring, reporting, and crisis management1. The rules aim to enhance the cyber resilience of critical EU energy infrastructure and services.

‍

NIS2 Directive (October 2024): The Network and Information Systems Directive (NIS2) came into effect, overhauling cybersecurity risk management regulation in Europe. For the energy and critical utilities sector, NIS2 introduces stricter security measures, new incident reporting obligations, and expands enforcement powers, including substantial fines for non-compliance.

‍