The Network Code on Cybersecurity for Cross-Border Electricity Flows establishes binding cybersecurity requirements for electricity system operators involved in the coordination and management of cross-border flows. It was adopted by the European Commission under the legal mandate provided by Article 59 of the Electricity Regulation (EU) 2019/943.
The regulation applies to transmission system operators, nominated electricity market operators, and regional coordination centres, setting common rules across the European Union. These include obligations related to:
- Risk assessment and classification of entities
- Implementation of information security management systems
- Incident detection, reporting, and coordinated response
- Supply chain risk management and governance structures
The Network Code is intended to complement the NIS2 Directive and forms part of the EU’s broader efforts to improve the digital resilience of the electricity sector. It is directly applicable across all Member States and is expected to be implemented in coordination with national regulatory authorities and cybersecurity agencies.