← Back to all briefings

Infrastructure · Credibility 50/100 · · 5 min read

Infrastructure Briefing — January 12, 2026

TSOs and DSOs face 2025–2026 milestones to operationalize the EU network code on cybersecurity, from entity classification to incident sharing with NIS2 authorities.

Executive briefing: The EU Network Code on Cybersecurity entered into force in 2024, obligating transmission and distribution system operators to map critical ICT assets that support cross-border electricity flows and to classify themselves by criticality within the first 12 months. Implementation plans filed with national regulators in 2025 must show how risk management, procurement, and incident handling align with the code’s common rules and NIS2 reporting standards. By 2026, operators need to evidence segmentation of critical control assets, vetted supplier access, and near-real-time event sharing with national CSIRTs for incidents affecting interconnected operations.

Implementation checkpoints

  • Entity classification packages. Confirm that each control area owner has submitted criticality self-assessments, asset inventories, and contact points for the operational security officer role defined in the code.
  • Risk management alignment. Update procurement and change-control workflows so that new substations, HVDC links, and telemetry expansions undergo cybersecurity risk analysis consistent with the network code annexes.
  • Incident convergence. Map incident thresholds to NIS2’s 24-hour early warning and 72-hour notification windows, and validate that cross-border event data can be shared with ENTSO-E and national CSIRTs without breaching data residency controls.

Operational priorities for 2026

  • Segmentation and access control. Complete network separation between corporate IT and operational technology for interconnector assets, ensuring multi-factor authentication and privileged access management for vendor connections.
  • Logging and monitoring. Deploy security event collection for SCADA gateways, IEC 60870-5-104 and IEC 61850 endpoints, and data exchange points used for balancing and capacity calculation, feeding playbooks tied to inter-TSO coordination.
  • Contingency rehearsals. Run joint restoration and islanding exercises that show how cybersecurity incidents affecting neighboring TSOs will be contained while maintaining critical supply to protected loads.

Evidence and supplier management

  • Ensure contracts with telecom, cloud, and OT service providers include explicit obligations to support network code controls, including vulnerability disclosure, encryption standards, and rapid credential revocation.
  • Maintain audit-ready documentation: governance charters signed by accountable executives, diagrams of cross-border data flows, incident drill reports, and third-party assessment results covering critical vendors.
  • Track regulator responses to implementation plans and integrate remediation actions into 2026 capital and operating budgets.

Sources

Zeph Tech tracks EU network code milestones, aligning TSO/DSO implementation evidence with NIS2 supervisory expectations and cross-border operational security drills.

  • Grid cybersecurity
  • TSO/DSO compliance
  • Incident reporting
Back to curated briefings