The NCCS regulation prescribes a structured process for the identification and evaluation of cybersecurity risks in the European electricity sector. Risk assessment is the central element of this process and occurs cyclically at multiple levels (EU level, regional level, member state level, entity level).