The Cybersecurity Act in the Energy Context
A CEER Response Paper on the European Commission’s Cybersecurity Proposals
8 December 2017

Today, the Council of European Energy Regulators (CEER) publishes its Response Paper on the European Commission’s Cybersecurity Proposals: The Cybersecurity Act in the Energy Context.

This paper is in response to the European Commission’s proposal of 23 September 2017, which includes specific articles on the European Cybersecurity Certification Schemeknown as the Cybersecurity Act.  The proposed Cybersecurity Act introduces important changes, some of which may eventually affect the cybersecurity ecosystem within the energy sector. CEER welcomes the European Commission’s proposal to establish a substantial and structured step forward to set up a stronger European system for cybersecurity. CEER sees these new proposals as potentially aiding European energy regulators in their daily regulatory functions.

However, the proposed legislation poses some issues which European energy regulators believe should be reconsidered before final legislation is approved. In this context, CEER recommends certain changes that could improve the draft legislation:

•    Clarify the role and type of certification regarding cybersecurity schemes for energy markets;
•    Ensure that existing national and European rules on cybersecurity schemes in the energy sector remain in force;
•    Clarify energy regulators’ role and the need for an energy cybersecurity strategy;
•    Set a clear obligation for the active participation of energy regulators prior to setting up schemes which may impact energy markets;
•    Allow for a more-gradual and better-defined transition phase, particularly when it has an impact on critical infrastructure, in line with the evolution of cyber threats;
•    Increase cooperation among sectors for defining cybersecurity schemes and for subsequent activities to implement controls; and
•    Strengthen the role of ENISA (the “EU Cybersecurity Agency”) in respect to the use of the European Cybersecurity Certification Framework and its schemes.

This paper has been submitted to the European Commission as part of the formal public comment process.


Tel: +32 2 788 73 30