A draft normative act currently in the approval circuit in Parliament proposes the introduction of new rules regarding access to the network for electricity produced from renewable sources, including photovoltaic panels.
Those who install photovoltaic panels will be forced to comply with new rules. Archive photo
The draft law to supplement the Electricity and Natural Gas Law no. 123/2012 introduces a single new article, which refers to cyber security measures.
“Cybersecurity rules for access to the network for electricity produced from renewable sources and in high-efficiency cogeneration The National Cybersecurity Directorate, by virtue of its quality as the competent authority at national level for the national civil cyberspace, as well as for the management of cybersecurity risks and incidents in accordance with the provisions of the Emergency Ordinance of Government no. 104/2021 on the establishment of the National Cyber Security Directorate, establishes technical cyber security rules by order of the Director of the National Cyber Security Directorate for guaranteed access to electrical networks and priority dispatching of electricity produced from renewable energy sources and in high-efficiency cogeneration, as well as for priority access to electrical networks and the priority dispatching of electricity produced from renewable energy sources and in high-efficiency cogeneration in power plants with installed powers lower than or equal to 1 MW, to the extent that the safety level of the SEN is not affected”the cited document states.
In support of the approval of the proposal, the initiators cited the fact that cyber security risks in the energy sector can negatively affect the confidentiality of information processed in the construction and operation of renewable energy installations and can affect the operator's ability to maintain operational control of the installation.
“Renewable energy installations face a wide set of potential cyber security risks related to the supply chain, such as the unavailability of communications (ICT), products, services or processes in the supply chain or cyber attacks initiated by actors in the supply chain, including by malicious states. This aspect has also been debated at the level of the European Union, resulting in both its recommendations addressed to various interested parties and, most recently, The Net Zero Industry Act which stipulates that a certain part of the tenders for certain energy technologies from renewable sources must include: i) prequalification criteria regarding responsible commercial conduct, cyber security and data security, as well as the ability to deliver the projects in full and on time; and ii) criteria of pre-qualification or award to assess the tender's contribution to sustainability and resilience”, claim the initiators.
From the perspective of cyber security, the project ensures a high level of cyber security and data security in energy production facilities, which is essential for maintaining the security of energy supply and critical energy infrastructure.
DNSC will establish the technical rules that prosumers must meet
The mentioned measures must cover risk management, supply chain security and vulnerability management policies.
Minimizing the risks related to the potential influence of some hostile actors on the national energy system of Romania contributes to ensuring the energy independence of Romania and the resilience of the national energy system, for which the present regulations, ensuring the legal basis for the introduction of the future minimal cyber security rules for systems and devices in the field of energy from renewable sources, intervene on the existing regulatory framework in the sense of:
• ensuring the integration of distributed energy resources while protecting the stability and safety of the electrical grid and the national energy system.
• preventing unauthorized access to data and remote control of energy infrastructures that can be acquired by exploiting cyber security vulnerabilities of intelligent devices that fulfill the roles of sensors, information management equipment, communications or control within the electronic systems dedicated to managing the generation, storage and automated trading of energy electricity from renewable sources.
According to the project, the National Cyber Security Directorate (DNSC) will establish technical cyber security rules for guaranteed access to electrical networks and priority dispatching of electricity produced from renewable sources.
