This roundtable event was organized by the Aspen Institute Romania (AIR), under the aegis of the AIR Brussels Office & European Hub, the European Center for Economic Security, Technology and Resilience (EESTR) powered by AIR, and the Aspen Energy & Sustainability Program, with the support of the Romanian Energy Center (CRE). This by invitation only, Chatham House rules event aimed to bring together European and Romanian policymakers, regulatory authorities, cybersecurity experts, and industry representatives to discuss the strategic, operational, and legal implications of NIS2 – and how Romania can position itself as a proactive and resilient actor in the European cybersecurity ecosystem.

The digital transformation of Europe is accelerating, but so are the cyber threats facing its public and private sectors. The NIS2 Directive, adopted by the European Union, marks a significant step in strengthening the resilience and security of essential and important entities across Member States – introducing stricter supervision, enforcement, and risk management requirements. As Member States navigate the complexities of NIS2 implementation, key challenges emerge: coordination among competent authorities, capacity-building in critical sectors, cross-border cooperation, and aligning national strategies with EU-wide frameworks.

The event focused on the energy sector – a cornerstone of critical infrastructure, but increasingly vulnerable to cyberattacks – from SCADA systems in electricity grids to remote control of gas and oil infrastructure. The NIS2 Directive classifies a wide range of energy actors as essential entities, including electricity, gas, oil, district heating, hydrogen providers, and cross-border operators. Transposition of NIS2 presents both a compliance challenge and an opportunity to embed cybersecurity as a core pillar of the energy transition.

Key Topics: 

  • What are the core obligations and timelines of the NIS2 Directive?
  • Sector specific challenges – How are the EU and Romania’s electricity, gas, and renewables sectors preparing for NIS2 – compliance, risk assessments, and real-time threat mitigation;
  • National transposition challenges and legislative gaps in Romania;
  • How can Romanian energy regulators, operators, and cybersecurity bodies can work together to ensure resilience?
  • Opportunities for capacity-building and EU-funded cooperation.