=Paper=
{{Paper
|id=Vol-1684/paper27
|storemode=property
|title=AMM and Legal Implications for the Electricity Market
|pdfUrl=https://ceur-ws.org/Vol-1684/paper27.pdf
|volume=Vol-1684
|authors=Václav Stupka
|dblpUrl=https://dblp.org/rec/conf/bir/Stupka16
}}
==AMM and Legal Implications for the Electricity Market==
https://ceur-ws.org/Vol-1684/paper27.pdf
AMM and legal implications for the electricity market
Václav Stupka
Institute of Law and Technology,
Faculty of Law,
Masaryk University, Brno, Czech Repulic
vaclav.stupka@law.muni.cz
Abstract. This paper deals with legislation related to the introduction of AMM
systems in European countries, particularly in the Czech Republic. It identifies
relevant legislation and defines issues which will the legislator and the future
operator of the system have to tackle. It analyzes both EU and Czech legislation.
Keywords: smart grid, electricity market, legal regulation, energy law,
technology law.
1 Introduction
Electricity market is in European countries regulated by a complex systems of national
laws, which are from above heavily influenced by the EU legislation and strategic
documents and from the bottom by international technical standards. Most European
countries are implementing or planning to implement widespread roll-out of
technologies for smart metering of electricity consumption and for distribution of
consumption data, in order to achieve greater efficiency in distribution and
consumption of electricity1. This so-called roll-out is not only technical challenge, but
also a legal one, because it is not certain which laws need to be changed and to what
extent and which legal regulations need AMM (advanced metering management)
systems operators take into account when implementing the roll-out.
In the Czech Republic, this implementation process is just beginning, which is why
we need to discuss, how to tackle this legal challenge. This paper therefore analyzes the
current legislative environment for the use of HDO (hromadné dálkové ovládání, block
remote control) and AMM systems in the Czech Republic and the conditions for the
operation and management of electricity distribution systems. The aim of this analysis
is to identify the parts of current legislation that may regulate, limit or preclude the
implementation of proposed solutions for the distribution networks and to propose
possible legal solutions for identified obstacles from the perspective of the distribution
network operator, customer and the legislator
The analysis focuses on legislation in the Czech Republic, in identifying solutions
to any legislative restrictions but also assesses the possibility of using the legal tools
1 Far greater efficiency may be achieved if the AMM system is accompanied by other
technologies of so-called smart grid. Data gathered by the AMM may be used for controlling
and operation of energy flows in the energy grid itself [1].
�applied abroad (mainly in the EU). The aim is to identify relevant legal regulation,
strategic documents and solutions from abroad, which may help to find relevant answer
to research question – which technical, organizational and legal tools and solutions
should the lawmaker, regulator and operators of distribution networks consider and use
to meet the requirements and needs for the AMM systems?
2 European legislation
In order to analyze current legislative environment, we need to summarize basic
legislative and strategic EU documents dealing with the use of AMM (advanced
metering management) systems. Currently, this area is not regulated by directly
applicable EU regulations, the process of introduction of smart metering technology
and relevant technical requirements are however to be found in some EU directives and
other legislative and strategic documents. Fundament is set by the Directive no.
2009/72/EC concerning common rules for the internal market in electricity, which does
not directly regulate AMM area but its content suggests the EU's intention to require
member states to introduce these technologies. In the directive, there is just one clear
request in this direction – to conduct economic assessment of all the long-term costs
and benefits of the implementation of intelligent metering systems to the market and
the individual consumer or which form of intelligent metering is economically
reasonable and cost-effective. Although EU emphasizes that the implementation of new
systems should be particularly economically beneficial and the Czech economic
assessment from 2012 concluded that implementation of AMM is not economically
feasible (see below), it can be assumed from the recent development that the pressure
to introduce intelligent metering systems will continue to evolve.
For the area of AMM is then crucial the Directive no. 2012/27/EU on energy
efficiency that already includes specific requirements for the functionality of AMM
systems. According to the directive, the AMM system should primarily provide
customers and by them designated persons (eg. suppliers) with sufficiently detailed
information about their consumption, which can then be used to achieve more efficient
energy use and subsequent savings [2]. Roll out of these systems should then be in line
with the economic assessment, and at the same time should be assured the security of
the data to protect customer privacy.
Another binding regulation that could interfere in the issue is the Directive no.
2014/94/EU on the implementation of infrastructure for alternative fuels, which only
suggests the possibility of the use of electric vehicles as a means of balancing the load
in the electricity system.
Significantly more specific requirements include strategic materials that aren’t
currently directly or indirectly binding, but we can quite confidently expect that their
principles will apply in future legislation - whether European or national. The key
document would be the Recommendation no. 2012/148/EU on preparations for the roll-
out of smart metering systems. It defines specific requirements for smart metering
systems in terms of features, the list of which is clearly defined, in terms of protection
of personal data, and in terms of economic benefits assessment. The system operator
will be primarily obliged to process the data generated by the system so as to achieve
�the objectives of the roll-out, but also to simultaneously protect customers' personal
data2. For this purpose, the Recommendation defines the essential technical,
organizational and legal measures that will the operator have to implement. It mainly
refers to the data protection impact assessment (DPIA), in which the operator should
assess the risks of the processing of personal data in the AMM system and identify
methods and means which would help to cope with these risks.
It expects the operator of AMM system to cooperate with the national Office for
Personal Data Protection to create a situation where personal data will be utilized so as
to allow the beneficial functioning of the AMM. At the same time however these data
must be processed as little as possible, in as little ways as possible and for as shortest
time as possible, the data should also be processed and transmitted only via secure
communication channels and should anonymized as soon as possible. The
Recommendation also deals with the economic assessment of the benefits of the AMM,
which should be elaborated using the template, which was distributed by the EU
Commission. From a features standpoint recommendations contain requirements that:
- the system should provide updated information on the consumption to
customers and their designated operators often enough and in comprehensible
form
- the system should make the data about the consumption accessible remotely and
often enough for the purpose of network management, installed meters should
also allow two-way communication,
- the system should allow the use of advanced tariffs in order to reduce
consumption3,
- the system should be able to remotely turn on, off or limit the supply points,
- the communication with the meter will be secure,
- the system should be able to provide import/export and reactive metering.
In terms of protection of personal data is the most important the Directive no. 95/46/EC
on the protection of individuals with regard to the processing of personal data and on
the free movement of such data (data protection directive, DPD), which regulates the
obligations of member states for the protection of personal data. Most of the obligations
that the data controllers (which are also operators of AMM systems) meet are
mentioned in the following chapter which deals with the Czech legislation. In terms of
European legislation is the most important the fact, that the operators will be probably
expected to conduct the DPIA (data protection impact assessment).
Further requirements on assessing the impact AMM systems for the protection of
personal data includes the Recommendation no. 2014/724/EU which provides the
template for assessing the impact of smart grids and smart metering systems for data
protection. This Recommendation specifies how and in what cases should the DPIA be
2 Since smart meters have unintended consequences for customer privacy. Energy use
information stored at the meter and distributed thereafter acts as an information-rich side
channel, exposing customer habits and behaviors [3].
3 Advanced tariffs should be used for creating methods for achieving so-called price-responsive
demand. Most extreme approach may be real-time pricing of electricity (RTP). RTP describes
a system that charges different retail electricity prices for different hours of the day and for
different days [4].
�conducted. The template itself contains a fairly extensive description of the whole
process and the various aspects to be taken into account in the evaluation.
Another important aspect is the fact, that the DPD will soon be replaced by the new
EU legislation on personal data protection in the form General data protection
regulation (GDPR). This regulation would quite fundamentally change the functioning
of the data protection in member states, primarily because it will also replace national
legislation and introduce new obligations. Since the adoption of this Regulation is
expected in the next few years, the data controllers should certainly take these new
obligations into account.
In conclusion, from the existing EU legislation we can identify the following
recommendations for the roll-out of AMM systems:
1. During the roll-out of AMM systems should be continually assessed the economic
merits following the Commission template. This assessment should be conducted
not only at the level of each member state or the system operator, but even at the
level of individual new technologies or features.
2. Given the generality of functionality requirements, universal technical solutions
should be chosen to maximize modularity and to enable possible introduction of
additional functionalities in the future, chosen solutions should however be at the
same time economically viable. Mandatory requirements in the EU legislation are
currently rather general, specifics of the AMM systems will therefore primarily
depend on the specific implementation of the new legislation at the national level.
3. Functions of the AMM systems should be beneficial for both the distribution
network operator and especially for customers. The economic evaluation should
consider savings of the customer, since the customers will be the main source of
the funding for the roll-out.
4. The system operator should conduct DPIA for assessing the impact of the roll-out
on privacy of customers not only because it is expected in EU strategic documents,
but also because in the forthcoming GDPR the DPIA will be probably mandatory.
5. The AMM system operator should also take into the new GDPR which introduces
new requirements and will replace the current legislation at the national level.
6. The present EU standards in the field of cyber security are non-binding. In the
legislative process, however, is already new NIS (network and information
security) directive, which lays down the obligation of member states to ensure a
minimum level of information security of important information systems4. Czech
legislation on cyber security is in line with the requirements of the directive.
4 Even though the cyber security point of view is by the European legislation and strategic
documents mostly overseen, it is definitely an important issue. Studies have shown, that
cyberattack against the AMM system may cause great damages, since for example in some
cases it is possible to remotely disconnect customers from the grid just by sending a disconnect
command [5].
�3 Czech legislation
As we can see from the previous chapter, the EU legislation is very general, let’s focus
more on the national level and summarize the basic principles of the current Czech
legislation that affects or could affect the eventual deployment of AMM system and its
interaction with HDO.
Current legal regulation of the measurement and control in the electricity distribution
networks is to some extent relatively general and technologically neutral. Therefore,
the roll-out of AMM system in Czech distribution system basically shouldn’t face any
fundamental legislative obstacles. The absence of specific legislation which would
regulate the functioning of the AMM system, define its properties, or specify the
procedure for the roll-out, requirements for data handling processes or funding method
does not allow for immediate easy roll-out of AMM system with sufficient legal
certainty. In terms of future legislation, it is therefore necessary to focus more closely
on general issues and gaps in the existing Czech legislation and its adjustment before
the roll-out of the AMM system, particularly in the following areas:
- willingness of customers and property owners to tolerate the installation of
smart meters and other technologies,
- upgrade of the technologies installed in private properties so that it is possible
to install the smart meters
- transfer of consumption data (to what extent, time and to whom)
- data protection, privacy
- trading and distribution tariffs
- funding of the roll-out of AMM systems (by all stakeholders)
- legislative enshrinement of the business model
- flexibility of invoicing
These requirements are to some extent reflected in Update of the Czech national energy
strategy (ASEK) and especially in the Czech national action plan for the smart grid
(NAP SG). In these documents it is clearly stated, that there will be a new legislation
which would change current rules for electricity market in order to allow the roll-out of
AMM systems. The foreseen content of this legislation is however described only in
very general terms.
Current legislation also enables distribution network operators to implement parallel
operation of the HDO and the AMM systems, HDO can perform a wider or narrower
variety of tasks, depending on the architecture of the AMM system. Complete
replacement of the HDO with AMM system with advanced features is in terms of
current legislation not possible.
Another legal challenge that is related to introduction of AMM systems is the
protection of privacy of customers during collection and processing data produced by
AMM systems. Even Czech Office for personal data protection stated in its opinion no.
1/20145 clearly stated that the AMM system will undoubtedly deal with personal data
and its operator will therefore be as a data controller subject to the obligations arising
5 See online at:
https://www.uoou.cz/VismoOnline_ActionScripts/File.ashx?id_org=200144&id_dokumenty
=11445.
�from the Czech data protection legislation. This is why AMM systems operators will
have to identify which personal data will be by the system collected and processed and
for what purposes. This basis will help them to identify appropriate organizational, legal
and technical measures, which will ensure compliance with obligations arising from
data protection laws and at the same time allow them to use the data to achieve
identified purposes.
It is also to be expected that extent, to which will be the personal data processed, and
methods used will be largely determined by the new legislation in energy sector which
will be in connection with the roll-out of AMM systems adopted. The extent to which
the distribution network operators will be responsible for the operation of the AMM
system can in fact expand or narrow the range of their rights and obligations related to
the processing of personal data. Considering the recommendations of the EC and
European legislation, it can be recommended to the AMM operators to conduct DPIA
following a EC template, which is a good starting point for evaluation of purposes for
the processing of personal data.
For the operation of AMM systems are also relevant provisions of the Act on
cybersecurity, its implementing regulations, as well as the crisis act. According to the
current diction, the Act on cybersecurity would cover the operator of the AMM system
only if the system was classified as critical information infrastructure. It is impossible
to predict, whether the AMM system will be classified this way, but it definitely may
happen since such a system may be critical for functioning of smart grid systems and
subsequently for operation of the whole distribution network [6]6. Therefore, it can be
recommended, to design the entire system so that it can meet the requirements of the
Act on cybersecurity and its implementing regulations without any further
modifications or with only minor ones. This approach may be also helpful in case the
operator will have to prove that processed personal data are protected well enough,
because the requirements for the technical protection of personal data in the current
data protection legislation are too general.
Since it is also possible to use wireless communication to transmit data within the
AMM system, it is also necessary to analyze the Act on Electronic Communications,
which regulates the use of individual frequency bands. If a wireless network will be
chosen as the main communication channel for the data of the AMM system, it can by
recommended to analyze possible risks arising from the nature of the regulation of use
of needed radio frequencies in the country.
4 European countries
According to my findings it is clear that legislative intervention affecting AMM
systems / SG in individual EU countries differed quite significantly. For example, Italy
and Greece basically started the roll-out of AMM without any legislative definition of
its functions, implementation procedure or the nature of the system. On the other hand
6 As suggested by Knapp E. et. al. in: ERIC D. KNAPP, RAJ SAMANI, Eric D. Knapp, Raj
Samani a technical editor.JOEL LANGILL. Applied Cyber Security and the Smart Grid
Implementing Security Controls into the Modern Power Infrastructure. Online-Ausg.
Burlington: Elsevier Science, 2013. ISBN 9780124046382.
�in, say, Germany, the legislative bodies opted for the opposite approach, and regulated
the procedure of the roll-out as well as requirement for the system quite heavily. From
the perspective of the Czech Republic it certainly seems advisable to opt for adoption
of more detailed legislation before the roll-out takes place. Not only in order to ensure
greater legal certainty, but above all because of better technical and operational
coordination of the roll-out of AMM systems in the distribution networks of individual
operators. At the same time however, the legislation should be technologically neutral
and general enough, so the technical implementation of the system will be viable and
the operators can choose economically and functionally effective technical solution.
4 Conclusion
From the abovementioned analysis it is clear, that there are more ways how to solve
issues related to the roll-out of AMM systems in the Czech Republic. My research will
therefore in the future focus more on proposed legislation at European and national
level and mainly on comparative study of solutions chosen in other European countries.
This comparative study will be based on the data collected from legislation of foreign
countries and mainly from national studies and analyses focused on the issue. This data
will then be compared and evaluated in terms of effectivity and applicability of specific
solutions in the Czech legislative environment. Proposed solutions may serve as
significant contribution to the expert discussion on how to implement roll-out of AMM
systems in Czech distribution networks.
References
1. CARVALLO, Andres a John COOPER. The Advanced Smart Grid: Edge Power Driving
Sustainability. Second edition. Artech House, 2015.
2. SIOSHANSI, Fereidoon P. Smart grid: integrating renewable, distributed & efficient
energy. Boston: Elsevier/Academic Press, 2012. ISBN 9780123864529.
3. MCDANIEL, Patrick a Stephen MCLAUGHLIN. Security and Privacy Challenges in the
Smart Grid. IEEE Security & Privacy Magazine [online]. 2009, 7(3), 75-77 [cit. 2016-07-
13]. DOI: 10.1109/MSP.2009.76. ISSN 1540-7993. Available at:
http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=5054916
4. BORENSTEIN, Severin, Michael JASKE and Arthur ROSENFELD. Dynamic Pricing,
Advanced Metering, and Demand Response in Electricity Markets. UC Berkeley, 2002, ,
101.
5. CLEVELAND, F. M. Cyber security issues for Advanced Metering Infrastructure (AMI).
In: 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of
Electrical Energy in the 21st Century [online]. IEEE, 2008, s. 1-5 [cit. 2016-07-13]. DOI:
10.1109/PES.2008.4596535. ISBN 978-1-4244-1905-0. Available at:
http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=4596535
6. ERIC D. KNAPP, RAJ SAMANI, Eric D. Knapp, Raj Samani a technical editor. JOEL
LANGILL. Applied Cyber Security and the Smart Grid Implementing Security Controls
into the Modern Power Infrastructure. Online-Ausg. Burlington: Elsevier Science, 2013.
ISBN 9780124046382.
�