Entities are categorized as "high-impact" or "critical-impact" based on the potential severity of a cyberattack on their processes and related assets, as well as its impact on cross-border electricity flows (NCCS Article 24).
The following entities fall under the scope of NCCS Article 2 Paragraph 1.:
Entities are identified based on defined threshold values (ECII). The competent authority may also assess their participation in EU-wide high-impact and critical-impact processes.
The competent authority classifies entities into high-impact and critical-impact categories.