India to Enforce Strict Cybersecurity Law for Power Sector from 2026 to Guard Against Attacks – EQ
In Short : The government is finalising the Central Electricity Authority (Cyber Security in Power Sector) Regulations to safeguard critical power systems from cyber threats, MoS Power Shripad Naik said. Effective January 1, 2026, IT equipment must be cleared via the Trusted Telecom Portal. Utilities will also undergo regular cybersecurity audits to ensure resilience and protect national energy infrastructure.
In Detail : The government is moving ahead with plans to strengthen cybersecurity in the power sector through a new legislative framework. Minister of State for Power Shripad Naik informed the Rajya Sabha that the Central Electricity Authority (Cyber Security in Power Sector) Regulations are in the final stages of preparation.
These regulations are aimed at protecting critical control systems, such as solar inverters and real-time data management infrastructure, from potential cyberattacks. They will also ensure that critical operational data remains within India’s national boundaries.
The new rules will come into effect from January 1, 2026, giving utilities and equipment providers ample time to comply. One of the key provisions mandates that all IT equipment used in the power sector must be approved through the Trusted Telecom Portal of the National Security Council Secretariat.
The move follows rising global concerns over cyber threats targeting critical infrastructure. By enforcing stringent hardware and software approval mechanisms, the government aims to prevent security breaches that could disrupt electricity supply or compromise sensitive operational data.
In addition to equipment certification, the regulations will reinforce regular cybersecurity audits across the sector. These audits will be conducted by auditors empanelled with the Indian Computer Emergency Response Team (CERT-In).
Operational technology (OT) systems will be audited annually, while information technology (IT) systems will undergo checks every six months. This structured approach is designed to quickly identify and address vulnerabilities before they can be exploited.
The guidelines build on the Central Electricity Authority’s existing Cyber Security in Power Sector Guidelines issued in 2021. These earlier guidelines had already laid the foundation for enhanced digital security measures, but the new regulations will make several provisions legally binding.
To further improve audit effectiveness, the Computer Security Incident Response Team for the power sector (CSIRT-Power) has also issued a detailed scope of work for cybersecurity assessments. This ensures that inspections cover all critical systems and processes.
By combining technical safeguards, mandatory approvals, and regular monitoring, the government hopes to create a robust shield around India’s power infrastructure, ensuring uninterrupted and secure electricity supply in the face of evolving cyber threats.
