Redesigning the Machine: NERC Board Accepts Transformational Standards Modernization Plan
By Patrick Miller
The NERC Board accepted the MSPP Task Force’s final recommendations to overhaul the Reliability Standard development process. Aiming for a 12–18 month timeline, the plan modernizes initiation, drafting, and balloting to address emerging risks from IBRs, data centers, and VPPs. Full implementation and ROP revisions are expected through 2027.
Overview
At its meeting on February 12, 2026, the NERC Board of Trustees officially accepted a comprehensive set of recommendations from the Modernization of Standards Processes and Procedures (MSPP) Task Force. This action sets in motion the most significant transformation of the Reliability Standards development framework since its inception nearly two decades ago.
The Modernization of Standards Processes and Procedures (MSPP) Task Force was established by the NERC Board of Trustees in February 2025 to transform the Reliability Standard development framework. The primary driver for this transformational change is the unprecedented speed and complexity at which risks to the bulk power system (BPS) are emerging, specifically those related to inverter-based resources (IBRs), large dynamic loads like data centers and cryptocurrency mining, and the integration of virtual power plants. Recent challenges, including the need for the Board to twice invoke special authority to finalize stalled standards for cold weather and IBR ride-through performance, highlighted that the existing process was no longer sufficient to keep pace with the rapid transformation of the grid.
The Driver: Managing Unprecedented Grid Transformation
The North American bulk power system (BPS) is undergoing a rapid evolution characterized by the acceleration of traditional baseload plant retirements and the massive deployment of variable and energy-limited resources.
The Board charged the MSPP Task Force in February 2025 to re-envision a process that can keep pace with this transformation. A critical driver was the recent need for the Board to twice invoke its "special authority" under Section 321 of the Rules of Procedure to complete stalled standards for Inverter-Based Resources (IBR) and Generator Cold Weather, events that signaled the existing consensus-based model was struggling to meet the speed of emerging risk.
Emerging Technology Spotlight
The new framework is specifically designed to address complex, fast-moving risks from newer grid technologies that often challenge traditional planning:
Large Dynamic Loads: Rapid growth in data centers (for AI and cloud computing) and cryptocurrency mining operations is significantly altering load profiles.
Virtual Power Plants (VPPs) and Storage: The integration of DER aggregators and co-located storage with variable resources requires more agile standards.
Inverter-Based Resources (IBRs): Ensuring ride-through performance for solar, wind, and battery storage remains a top priority.
The Three-Phase Transformation Plan
The MSPP recommendations divide the standard development process into three distinct phases, each re-engineered for speed and efficiency:
I. Standard Initiation: Strategic Prioritization
Instead of the current ad-hoc submission of Standard Authorization Requests (SARs), NERC will implement a semiannual review and prioritization process.
Technical Vetting: The Reliability and Security Technical Committee (RSTC) will technically vet all "Standard Initiation Requests" (SIRs) to ensure a mandatory standard is the optimal solution for the identified risk.
New Oversight Body: A new RISC subcommittee, comprised of both elected sector representatives and strategic experts, will oversee prioritization.
Reliability Standard Term Sheets: To expedite drafting, the initiation phase will conclude with a "Term Sheet" that outlines the high-level requirements and scope of the standard before a single line of code or requirement is written.
II. Standard Drafting: The Expert Bench
The drafting process will move away from the current model of forming independent, project-specific teams for every task.
Stakeholder SME Pool: NERC will maintain a pre-vetted pool of at least 75 subject matter experts who can be called upon fluidly to assist NERC staff.
Increased NERC Staff Role: To reduce the burden on industry volunteers, NERC staff will take a more active role in day-to-day drafting, including the development of "Version Zero" draft standards based on the approved term sheets.
Human-Led AI Tools: NERC staff is encouraged to use AI assistance for summarizing stakeholder comments and initial drafting, provided there is strict human oversight for quality control.
III. Standard Balloting: Confirming Consensus
The role of the ballot is being re-centered from the primary driver of drafting to a tool used to confirm consensus that was built earlier in the process.
Engagement-Based Voting: To be eligible to vote on a final standard, an organization must have participated in at least one prior comment period during that project's development.
Simplified Segments: Several Registered Ballot Body (RBB) segments will be consolidated, such as merging Large and Small End Users, to improve quorum reliability and address low participation in certain categories.
Implementation and the Transition of Active Projects
Implementing these recommendations will require a massive revision of the NERC Rules of Procedure (ROP) through 2027.
Active Drafting Teams: Projects currently active in the Standards Development Plan will continue under their current protocols. A formal Transition Plan will be developed to determine when and if ongoing projects shift to the new modernized method.
Stability of Governance: The existing Standards Committee will remain in place to oversee current work until the ROP changes are filed with FERC and Canadian authorities and the new RISC subcommittee is operational.
Regulatory Path: NERC management expects to submit final ROP changes to the Board for approval in Q1 2027.
Restructured Registered Ballot Body (RBB) Segments
The following table reflects the detailed changes to the voting segments designed to better represent the modern grid ecosystem:
| New Segment | Change Analysis |
|---|---|
| Segment 1: Transmission Owners | Remains a core industry interest segment. |
| Segment 2: ISOs and RTOs | Adjusted to ensure this limited-entry segment can achieve its full 10% potential weight in the voting formula; now includes standalone Reliability Coordinators like the FRCC. |
| Segment 3 & 4: LSEs and TDUs | The Board decided to keep these separate to protect the unique voice of smaller Transmission-Dependent Utilities. |
| Segment 5: Electric Generators | Consolidated with former Segment 6 (Brokers/Marketers) to represent a more equitable balance of interest. |
| Segment 7: Electricity End Users | Consolidates former Large (Seg 7) and Small (Seg 8) End Users into a single segment to address chronic undersubscription and quorum issues. |
| Segment 9: Govt. & Public Interest | Broadened to include the NY State Reliability Council and other non-profit public interest entities; clarifies that oversight authorities (like FERC) do not vote. |
Strategic Roadmap: NERC Standards Modernization (2025–2027)
Phase 1: Foundation & Recommendations (Complete)
February 2025: NERC Board of Trustees officially forms the industry-led MSPP Task Force to evaluate the standards development process.
July 2025: Task Force releases a white paper outlining initial findings and potential opportunities for improvement across initiation, drafting, and balloting.
October 2025: Draft recommendations are posted for a public comment period, and a summary of proposed refinements is shared with stakeholders.
January 2026: Final recommendations document is publicly posted, and stakeholders provide final feedback leading up to the Board’s decision.
Phase 2: Transition & Rulemaking (Current – Mid-2027)
February 12, 2026: NERC Board formally accepts the final MSPP Task Force recommendations in Savannah, GA.
Mid-2026: NERC staff begins developing the formal Transition Plan for active Standards Drafting Teams (SDTs) and pilots the new semiannual Standards Initiation Workshop.
May 15, 2026: CRITICAL COMPLIANCE DEADLINE: Registration is required for all identified "Category 2" Inverter-Based Resource (IBR) owners and operators.
Q4 2026: NERC initiates formal proceedings under Section 1400 of the Rules of Procedure to draft the specific regulatory language for the new standards process.
Q1 2027: Expected submission of the revised Rules of Procedure (ROP) and Standard Processes Manual to the NERC Board for final approval.
Phase 3: Full Implementation (2027 & Beyond)
Mid-2027: Pending Board approval, NERC files the ROP revisions with FERC and Canadian authorities.
Late 2027: The Standards Committee is officially retired after all transitional projects have either concluded or shifted to the new framework.
2028: NERC begins a two-year review cycle to assess the performance of the new process against established efficiency metrics.
The Broader Regulatory Shift: Where MSPP Meets the CIP Roadmap, CMEP v8, and Internal Controls
The MSPPTF reforms do not exist in a vacuum; they are the "engine" designed to power a broader, fundamental shift in the NERC regulatory ecosystem. To understand the full impact of these changes, utilities must look at how MSPP intersects with three other major developments: the CIP Roadmap, the stabilization of CMEP Version 8, and the move toward Continuous Internal Controls oversight.
1. Powering the CIP Roadmap’s Rapid Evolution
NERC’s recently released CIP Roadmap signals a dramatic expansion of cybersecurity scope, specifically targeting Inverter-Based Resources (IBRs), Cloud-hosted platforms, and public telecommunications. The Roadmap identifies urgent, near-term standards actions, such as multi-factor authentication (MFA) for low-impact systems and expanding protections for facility-to-center communications.
The MSPPTF framework is the critical enabler for this Roadmap. By reducing the standard development timeline to 12-18 months, NERC can finally close the "regulatory lag" that has historically left the grid exposed to rapidly evolving cyber threats. Without the efficiencies of the Stakeholder SME Pool and Term Sheets, the aggressive timelines in the CIP Roadmap would likely be unattainable.
2. Supporting CMEP Version 8’s Call for Technical Competence
The Compliance Monitoring and Enforcement Program (CMEP) Version 8 represents the maturation of NERC oversight into a disciplined, professional regulatory model. It places a heavy emphasis on technical competence and professional judgment, moving away from "artifact-hunting" and toward understanding how systems actually function in operational environments.
MSPP supports this by improving the quality and clarity of the standards themselves. Standards developed through a technically-vetted initiation process and drafted with an expert "SME bench" are inherently more defensible and easier for technically competent auditors to interpret consistently across all Regions.
3. Enabling Sustainable Compliance for Continuous Oversight
Perhaps the most significant intersection is with the new Internal Controls model. NERC has retired the old "Internal Controls Evaluation" (ICE) model in favor of continuous, risk-based oversight. Internal controls are now the "regulatory trust score" that determines how often an entity is monitored and how deep an audit goes.
The MSPP process is designed to produce not just standards, but a complete "compliance package" including Reliability Standard Audit Worksheets (RSAWs) and implementation guidance developed alongside the requirements. This allows utilities to build the "sustainable compliance" and "automated evidence" needed to succeed under the new model. If a standard is clear, risk-based, and technically sound from "Version Zero," utilities can more effectively embed the necessary controls into their operational workflows rather than relying on manual, after-the-fact evidence.
Also see Earl Shockley’s great post on this topic. Earl argues that U.S. preparedness is failing because leaders still treat cyber as an IT problem rather than a governance responsibility. Stop hiding behind your policies and start proving that your controls actually function in reality.
What Utilities Should Be Doing Now?
The convergence of MSPPTF's speed, the CIP Roadmap’s expanded scope, and the Continuous Internal Controls model requires a shift from periodic preparation to permanent readiness.
1. Inventory the "Invisible" Grid Edge
The CIP Roadmap and MSPPTF recommendations both identify new systemic risks from entities currently outside traditional NERC registration.
Identify Operational Dependencies: Catalog every DER aggregator, Virtual Power Plant (VPP), and large dynamic load (data centers/crypto mining) within your footprint that has real-time operational influence.
Map Telecom Paths: In anticipation of the CIP-012 expansion, inventory every control path that traverses public or carrier-dependent networks, as these will likely require encryption or gateways under the new expedited standards track.
Inventory Low Impact Facilities: Asset inventories are coming soon to Low Impact assets. Depending on the number of low impact assets you have, it makes sense to start performing asset inventories in the low impact assets. With a solid asset inventory you can then move forward with a rigorous change control process to manage the inventory over time.
Plan for MFA: Soon, your boundary/perimeter electronic access control devices for CIP-003 Requirement 2, Attachment 1, Section 3 will need to support MFA. You may even need to refresh your technology platform here.
Design for Monitoring: This may be the time to start thinking about how you want your low impact network architecture to be designed to support the INSM requirements. This may require network outages to complete.
2. Formalize "Engagement-Based" Participation
Because the MSPPTF process shifts voting eligibility to those who participate early, "watching and waiting" is no longer a viable regulatory strategy.
Audit your Commenting Process: Ensure your regulatory team is prepared to submit substantive comments or at least a "statement of support" during the first comment period of a project to preserve your organization's final voting rights.
Target the SME Pool: Identify technical leads to nominate for the new Stakeholder SME Pool. Having your experts "on the bench" ensures your operational realities are reflected in the initial "Version Zero" drafts that will now drive the process.
3. Shift from Evidence Collection to Control Design
With the retirement of the ICE model and the stabilization of CMEP Version 8, the "trust" NERC places in your organization is now driven by your internal controls.
Build for Sustainability: Rather than manual spreadsheet tracking, focus on implementing automated, operational controls for high-velocity tasks like MFA, access reviews, and patch management.
Validate Design and Effectiveness: Ensure your internal controls aren't just documented but are producing verifiable evidence (audit trails, system outputs) that CEAs can evaluate during their continuous oversight activities.
4. Coordinate the Compliance and Operations Divide
The new framework requires a tighter link between those who run the grid and those who manage the regulations.
Upskill Technical Competence: As auditors move toward a maturity-based model, your front-line operators must be able to explain the "why" behind system architecture and design decisions, not just point to a policy document.
Prepare for Cloud Governance: With the CIP Roadmap accelerating cloud adoption standards, start defining shared responsibility models for any operational or security systems you plan to move to third-party environments.
