Data security & regulation

Data security & regulation covers the validation of core rules such as data protection rules and legal requirements.


This is only a summary, see Legal Documentation for full detail.

The European landscape for implementation

There is large variation across Europe regarding the government support initiatives for implementation of smart metering in the residential sector receives. The extent to which smart metering is actually rolled out is also strikingly different across Member States.

A cross-country review of the situation in Spring 2013, carried out by the SmartRegions project [1] , came to the conclusion that “progress has been strongest in the countries with a significant regulatory push”. The study grouped Member States into five categories according to progress in smart meter implementation and support received from the legal and regulatory environment:

  • Dynamic Movers are most advanced, and include Italy, Spain and France.
  • Market Drivers are lagging behind in terms of implementation of the legal and regulatory framework, but have made good progress in roll-out. This group includes Germany.
  • Ambiguous Movers lag behind in terms of roll-out

Many of the so-called dynamic movers have defined very ambitious roll-out plans. In addition, most of these countries have formally agreed on minimal requirements smart meters have to meet, something which is still missing in most other countries. Countries classified as market drivers have achieved only moderate progress so far.

Many countries suffer from a large degree of scepticism, especially on the part of consumer advocates and data privacy activists.



empirica is continuously working on this issue and has extensive documentation of the regulatory development. If you are interested, contact

Various policy initiatives and legislation have been introduced in the last years to address the important role of metering and billing in the energy sector. As part of the Third Energy Package, Member States have performed a quantitative analysis regarding the implementation of the so-called smart meters for electricity and gas. Based on that, most Member States have implemented or are about to implement the installation of smart meters.

The requirements of the Third Energy Package are closely linked to the Energy Service Directive (ESD), which apart from smart meters includes legislation on conventional metering and billing as well. The Directive states that individual meters are to be provided to customers for electricity and gas, but also for district heating, cooling and domestic hot water. With the newest directive - the Energy Efficiency Directive - from 2012, the focus remains on individual metering and providing appropriate billing and billing information, with a special focus on multi-apartment and multi-purpose buildings.

Lessons learnt

Concerns about data privacy

  • Impact
    • Surveys where people are asked to fill in personal information (e.g. their e-mail address) raise concerns
  • Recommendation
    • Ask for personal information only if it absolutely necessary
    • If personal information is requested, give a good explanation why it is needed and what it is used for.
    • If no personal information is needed, announce that the survey is anonymous

Data consistency can fail not only in database

  • Impact
    • Gaps in data affect models or require complex correction understood by few
    • Data loss can go unnoticed for weeks for individual meter if no regular check is done
    • Gap in data also minimises your ability to trace back cause of error as data is lost
    • Users will lose trust in service if data visible is not reliable
  • Recommendation
    • Devices should have temporary storage (e.g. 4 days) in case network breaks down and submit packages later
    • Service provider should be made responsible to track data loss and trigger fixing in time with payments dependent on achieving KPI
    • Implement simple daily procedure checking meter recordings (e.g. meter reading today greater than yesterday) to limit data loss

Keep data processes transparent

  • Impact
    • Users are alarmed whenever their personal data is requested
    • Why keep process and use a secret when you are not going to sell data?
  • Recommendation
    • List if any personnel data is being recorded
    • Explain in writing what data is used and explictely state it is not going to be used beyond this purpose
    • Create link to / Establish a data protection contact point

Do not rely on data to stay consistent

  • Impact
    • Changing to hardware (e.g. boiler) might change meter or measurements
    • Particularly, dangerous if data supplied from outside and
    • when large number of buildings is being managed
  • Recommendation
    • Establish procedure to be informed about changes
    • Make sure data access is requirement at installation and is in fact restored
    • Daily consistency check of data ensuring changes can be seen (at least) ex post

Invite for data / privacy workshop if legislation changes

  • Recommendation
    • Invite all key stakeholders to ensure trust remains untouched
    • Prepare and provide information material on regulatory change
    • Check whether understanding is the same
    • Then check whether changes need to be made to service and collect requirements as in initial set-up
—— Footnotes