Germany’s cyber defence plans risk slowing the energy transition, utilities warn

The German government’s plans to protect critical infrastructure against cyberattacks would slow the energy transition and undermine supply security, the country’s utilities warned. Instead of increasing cybersecurity, the plans would create “massive bureaucracy and delays for grid extensions and digitalisation”, industry associations BDEW and VKU said.

Germany’s coalition government in July backed the interior ministry’s proposal for implementing the EU’s updated Network and Information Systems directive (NIS-2), aimed at strengthening cybersecurity across the Union. Parliament still needs to approve the law and began debating it this week.

The energy company associations said in a joint statement they are “particularly critical of Germany going it alone without joint coordination at the European level,” as well as narrowing the market to just a few manufacturers. “This could create oligopolies, which could threaten security of supply and lead to rising prices and less innovation,” the lobby groups said.

The proposed retroactive ban on components already in use without compelling security reasons would interfere deeply with existing systems, devalue investments and cause project delays, the statement said. “In addition, the proposed notification procedure could lead to hundreds of thousands of administrative acts each year without any discernible gain in security.”

“We share the goal of strengthening cybersecurity, but the current procedures lead to legal uncertainty, additional costs and bottlenecks in supply chains,” BDEW head Kerstin Andreae said. “We urgently need practical solutions that ensure planning and supply security. This can only be achieved with European-coordinated, risk-based approaches.”

Germany’s office for information security BSI warned earlier this year that foreign powers could gain control over relevant parts of the country’s energy supply. Many of the inverters for solar panels used in German homes are made by Chinese manufacturers, raising fears the government in Beijing or other actors could access devices that are connected to the internet and influence the electricity system, the office warned. It also said electricity supply infrastructure has emerged as a prime target for cyberattacks due to its increasing decentralisation.