ESMIG announces the first approved European standardisation approach for security certification of smart meters

Brussels, 2 October 2019
The first set of harmonised requirements for security certification of smart meters in Europe, developed by CEN/CENELEC/ETSI Coordination Group for Smart Meters with the support of ESMIG, has been approved by CEN/CENELEC and is in the process of being certified under common criteria by the Dutch certification body NSCIB. Once this protection profile is certified, smart meter certification performed using this protection profile by any of the certification bodies members of the SOG-IS agreement, will gain recognition across the 17 European countries that have signed that agreement. 
The increasing number of connected devices in the energy sector comes with the risk of exploitable vulnerabilities, which could affect the reliability of the energy system and the trust of consumers. With the smart meter being one of the key ICT components of the smart grid, ESMIG actively contributed to the CEN-CENELEC-ETSI Coordination Group on Smart Meters to develop a harmonised European approach for the security certification of these devices. 
“ESMIG is proud to have contributed to the first recognised European security certification approach for smart metering. The certification of smart meters is a pre-requisite for compliance with European legislation such as the Cyber Security Act and GDPR. It is however important for the energy market to understand that it is not our intention to replace already existing certification procedures. Furthermore, every country is free to choose if they want to have their meters certified. The certification approach defined by the Coordination Group is voluntary”, says Willem Strabbing, Managing Director of ESMIG.  
The work started in 2013 with the collection of security requirements from various European countries and the development of a common set of security requirements for smart meters on the European level. Based on this common set of requirements, and in line with the provisions of the “Cyber Security Act” adopted by the European Union in 2019, the Coordination Group and ESMIG have developed an official protection profile for smart meters. This profile will serve as the basis for the security certification of smart meters in Europe and enables the mutual recognition of certificates by multiple EU member states. It prevents further fragmentation of the certification approaches across Europe, reducing substantially the cost of certification and increasing the security level of smart grids.
“The cost of certification is not more than for example the current cost based on the Commercial Product Assurance scheme in the UK, but the big win is a certificate that can be used in multiple countries”. Mr. Strabbing adds: “We have noticed the recent publication of security recommendations by E.DSO and ENCS. Both, ESMIG and E.DSO, agree to look into these recommendations in comparison with the security requirements we have defined in an earlier stage.”
ESMIG is dedicated to delivering high quality products that are interoperable and complying to appropriate security measurements and recognise that compliance starts but does not end with certification. A continuous process of monitoring and adapting is needed to keep on top of security threats. We are committed to working together across the sector to develop this process and ensure the highest standard of security for smart meters. 
ESMIG is the European voice of smart energy solution providers. Our members are European companies that provide products, information technology and services for multi-commodity metering, display and management of energy consumption and production at consumer premises. We work closely with EU policy makers and other EU associations to make Europe’s energy and water systems cleaner, reliable, more efficient and the European consumer informed, empowered, engaged. 
For more information please contact