The Ministry of Energy conveys that it is not pursuing under any circumstances the obligation of prosumers to carry out cyber security audits, but only possibly of large manufacturers/network operators, according to Profit.ro.
The legislative project initiated by the institution, presented by Profit.ro, stipulates that “network operators have the obligation of annual and periodic cyber audits of inverters and all computer systems and networks associated with photovoltaic power plants, under the conditions established by joint order of the president of ANRE and the director National Cyber Security Directorate”.
The initiative was justified by ″findings of the existence of photovoltaic inverters and energy controllers with raw materials from China that are frequently equipped with firmware that transmits data to third parties (from the Asian space) without the user’s knowledge and that can allow attackers to take control of of the device/energy network”. In response, the Association of Prosumers and Energy Communities (APCE) characterized the draft normative act as a “bad spy movie, directed by ANRE”.
″The Ministry of Energy is not in any way looking to compel prosumers to conduct cyber security audits, only possibly large manufacturers/network operators. The individualization of large network producers/operators can only be achieved by reference to the quality of operator of essential services, as defined by the NIS2 Directive and the future transposition law”, according to a press release from the ministry.