FERC
The Federal Energy Regulatory Commission regulates the interstate transmission of electricity, natural gas, and oil — with cybersecurity jurisdiction over bulk electric system infrastructure through its oversight of NERC standards.
The Federal Energy Regulatory Commission (FERC) is an independent agency that regulates the interstate transmission and wholesale sale of electricity and natural gas, the transportation of oil by pipeline, and the licensing of hydroelectric projects. FERC's cybersecurity jurisdiction flows through its authority over the bulk electric system (BES): FERC approves NERC reliability standards — including the NERC CIP cybersecurity standards — and enforces them through its oversight authority. FERC Order 887 (2022) directed NERC to develop new internal network security monitoring standards, expanding the technical requirements for bulk electric system operators.
FERC's Order 2222 (2020) is transforming energy technology systems by requiring that distributed energy resources (DERs) — solar, storage, demand response — be allowed to participate in wholesale electricity markets. This creates new requirements for energy management systems, aggregation platforms, and grid edge technology to interface with wholesale market systems that were never designed for distributed resources. The compliance and interoperability requirements for Order 2222 participation are primarily engineering problems.
FERC's market oversight function creates data and reporting requirements for wholesale market participants. Energy Management Systems (EMS), SCADA platforms, and trading systems must maintain records of bids, offers, and dispatch instructions that FERC can access for market surveillance. The data retention, format, and access requirements create specific engineering obligations for energy trading technology — and FERC enforcement actions for market manipulation (including those involving software systems that produce misleading market signals) have resulted in multi-hundred-million-dollar penalties.
We architect FERC-compliant energy technology systems — designing bulk electric system infrastructure that satisfies NERC CIP standards under FERC's enforcement authority, building DER aggregation platforms that meet Order 2222 market participation requirements, and implementing the data retention and reporting capabilities that FERC market surveillance requires. Our teams work at the intersection of energy regulation and software engineering that most firms cannot navigate.
Compliance-Native Architecture Guide
Design principles and a structured checklist for building software that is compliant by default — not compliant by retrofit. Covers data architecture, access controls, audit trails, and vendor due diligence.