Norwegian energy regulator Norges vassdrags- og energidirektorat (NVE) has launched a public consultation on a revision of the kraftberedskapsforskriften regulation, which would require grid operators to factor in a new risk scenario: coordinated attacks affecting at least two installations at the same time. The stated objective is to ensure service continuity in the event of physical or cyber sabotage, with strengthened requirements for rapid repair capabilities, deployable personnel, and critical spare parts stockpiles.
A structural reform driven by the security environment
The reform is part of a broader national resilience strategy aligned with the Norwegian totalforsvar (total defence) doctrine. The Ministry of Petroleum and Energy commissioned NVE to adapt the legal framework to new forms of hybrid threats, including sabotage scenarios below the threshold of open conflict. Intelligence services (PST, NSM and NIS) have supported this direction through their public assessments, citing a heightened risk to critical infrastructure, particularly the power grid.
The proposal introduces a mandatory minimum threshold: the ability to repair at least two sites affected simultaneously, with the possibility of additional requirements based on asset criticality. This marks a departure from previous approaches based primarily on weather or technical events.
Financial and industrial consequences for the sector
The cost of the new requirement would be absorbed through the nettleie (regulated grid tariff), resulting in an annual increase estimated between NOK100 and NOK300 (approximately $9–$26) per household. NVE frames this cost as an insurance premium against low-probability, high-impact incidents. Most of the expected expenditure relates to the acquisition of long-lead components, specialist response crews, and heavy logistics capacity.
Grid operators may be required to enter into pooling agreements for spare parts or emergency crews to meet these obligations. The regulator targets an effective date of 1 July 2026, following the close of the public consultation on 15 March 2026.
A geopolitical signal amid regional tensions
The reform comes amid rising geopolitical tensions, particularly due to the war in Ukraine and the growing use of hybrid tactics targeting critical infrastructure. In April 2025, a sabotage incident against a Norwegian dam was publicly attributed to actors linked to Russia, strengthening the political rationale for regulatory tightening. Norway, a key supplier of gas and electricity to Europe, aims to reduce the payoff of such attacks by ensuring rapid restoration capacity.
The draft regulation also implicitly aligns with European frameworks such as the NIS2 directive on cybersecurity and the ENTSO-E Network Code on Cybersecurity. This orientation reflects a convergence of operational and security requirements for operators connected to continental grids.
