Morocco is strengthening its position on the regional energy map as it increases its exchanges with Spain and moves closer to the European electricity market. In this context, the cybersecurity of critical installations is becoming an unavoidable dimension. While the country aims for 52% of renewable energy in its electricity mix by 2030, the interconnection of networks with the European Union requires the adoption of strict standards in terms of digital resilience. It is in this framework that Russia has put forward a technical cooperation offer, placing Rabat before a strategic choice between solutions not recognized by Brussels and alignment with the standards imposed by the European Directive on Network and Information Security (NIS2).
A Russian proposal focused on operational cybersecurity
Russia has recently proposed to Morocco a cooperation covering the protection of critical energy infrastructures against cyberattacks. The plan highlights the establishment of monitoring centers capable of detecting intrusions in real time on industrial control systems, network segmentation to limit the spread of attacks, and the use of encryption tools based on GOST cryptographic standards. This cybersecurity model is already applied by Moscow in certain bilateral partnerships, combining a defensive approach with the strengthening of technological sovereignty. For Rabat, the offer represents an opportunity to diversify its sources of expertise, but it raises a major problem: the lack of recognition of these technologies by European certification authorities, which could complicate access to the European Union electricity market.
Increasingly restrictive European obligations
The European NIS2 directive, which entered into force at the end of 2024, requires operators in sectors deemed essential, including energy, to notify any major incident within 24 hours, followed by a detailed report within 72 hours. The penalties provided reach 10 million euros or 2% of global turnover, levels that set a high bar for compliance. Even though Morocco is not directly subject to this regulation, the existence of cross-border flows with Spain places its operators in a situation where compliance with European standards becomes indispensable. European network operators, grouped under ENTSO-E (European Network of Transmission System Operators for Electricity), require that all exchanges comply with compatible cybersecurity protocols, such as the upcoming European Network Code on Cybersecurity (NCCS). This structural dependence means that the technical solutions chosen in Rabat must be compatible with the practices in force in the Union.
A power grid strongly integrated with Spain
Morocco is connected to Spain by two submarine alternating current interconnections of 400 kilovolts, commissioned respectively in 1997 and 2006. The combined capacity of these lines reaches 1,400 megawatts, allowing regular flows in both directions depending on market needs. This network proved its usefulness during a blackout in Spain in the spring of 2025, when nearly 900 megawatts were injected from Morocco to help stabilize the Iberian system. Beyond the two existing links, a project for a third interconnection of 700 megawatts is being prepared. Valued at around 156 million euros, it is jointly carried by Redeia, the Spanish transmission system operator, and the Office National de l’Électricité et de l’Eau Potable (ONEE). This new infrastructure aims to double the exchange capacity and strengthen Morocco’s integration into the regional electricity market.
Growing energy flows and regulatory dependence
In 2023, Moroccan electricity exports to Spain reached 1.6 terawatt-hours, a level that illustrates the growing importance of interconnections. These flows, although still modest on a European scale, are part of a strategy to make Morocco a regular supplier to the Iberian market and, ultimately, to the entire European market. But this ambition can only be achieved if technical and regulatory compliance is guaranteed. European standards, which favor certifications recognized by Brussels and rely on international benchmarks such as IEC 62443 for the security of industrial systems, do not recognize GOST cryptographic algorithms. This gap places Rabat in a delicate situation, as the adoption of solutions not aligned with the European Union could compromise the credibility of its exports.
A strategy of diversified partnerships
Morocco is not limited to the Russian offer and has multiplied bilateral agreements in cybersecurity in recent years. Protocols have been signed with France through the Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI), with the United Arab Emirates for the establishment of a joint follow-up committee, and with Israel for targeted technical cooperation. The country also participates in European programs such as CyberSouth and CyberSouth+, led by the Council of Europe, which strengthen its judicial and operational capacities in cybercrime. These initiatives reflect a diversification approach, aiming to draw on multiple expertise while consolidating a national regulatory framework based on Moroccan Law No. 05-20 on cybersecurity and on the activities of the Direction Générale de la Sécurité des Systèmes d’Information (DGSSI).
A dilemma between pragmatism and compatibility
The multiplication of cyberattacks against energy infrastructures in Europe underscores the importance of this issue. In Denmark, 22 companies in the sector were compromised in 2023 during a coordinated attack, highlighting the vulnerability of operators to ransomware. According to the European Union Agency for Cybersecurity (ENISA), energy is the second most targeted sector by such attacks on the continent. For Morocco, the challenge goes beyond the purely technical question: it is a matter of arbitrating between Russian expertise offering operational solutions but not aligned with European standards and strict compliance with Brussels’ frameworks. This choice will have direct consequences on the security of interconnections, the perceived reliability of green electricity exports, and the strategic position of the country in regional exchanges.
