UK Introduces Cyber Assessment Framework for Large Load Controllers

The UK government has published a consultation on a new Cyber Assessment Framework (CAF) for large electricity load controllers, effective under the Network and Information Systems (NIS) Regulations 2018. This initiative aims to enhance the cyber resilience of organizations remotely controlling significant electrical loads, specifically those managing 300MW or more. The Cyber Security and Resilience Bill is currently progressing through the House of Lords, which will formalize these requirements. Load controllers will be required to manage cyber risks and undergo yearly self-assessments and inspections by Ofgem. The consultation invites feedback on the proportionality, feasibility, and costs associated with these new requirements. A grace period will be provided for industry adaptation before formal assurance begins. The initiative is part of the Smart Secure Electricity Systems Programme, responding to the growing cyber threats in the energy sector.

Key Points: • New Cyber Assessment Framework targets large electricity load controllers in the UK. • Organizations managing 300MW or more must comply with updated NIS Regulations. • Consultation seeks industry feedback on implementation costs and requirements.