The NIS 2 Directive imposes strict cybersecurity measures in the energy sector, but Romania faces challenges in implementation, including a lack of resources and cooperation.

Cybersecurity is becoming essential in the context of rapid technological development, especially in critical sectors such as energy. The NIS 2 Directive of the European Union expands security requirements for critical infrastructures, including electricity, oil, and gas networks, and has been transposed into Romanian legislation through Emergency Ordinance no. 155. It targets essential entities in the energy sector, including distribution and transmission operators, energy producers, and market participants.

The implementation of the NIS 2 directive brings significant challenges, such as the complexity of the energy infrastructure and strict incident reporting obligations. Romania faces a lack of a cybersecurity incident response team and low interest in the ISAC center dedicated to the energy sector. Additionally, limited human resources and financial challenges complicate the process of aligning with security requirements.

Coordination between entities and rigorous testing of operational technology (OT) systems are essential to prevent cyberattacks. A concerted strategy is needed to strengthen cybersecurity in the energy sector, considering the importance of critical infrastructures for society.