Introduction
The North American Electric Reliability Corporation (NERC) is introducing high-impact regulatory changes in 2025 that will transform compliance expectations throughout the energy industry. These changes respond to new risks brought by Inverter-Based Resources (IBRs), cybersecurity threats, and increased Bulk Electric System (BES) reliability requirements. As utilities face new demands in 2025, early compliance with NERC standards is critical to avoid penalties and ensure system reliability.
Compliance Landscape Changes
Renewable energy, Distributed Energy Resources (DERs), and storage technologies are rapidly changing the grid. The new NERC regulations reflect this change to increase resilience to disruptions and safeguard digital infrastructure. These new rules also expand the scope of the registered entities, grant stricter monitoring of disturbances, and demand stronger cybersecurity.
The inability to adapt subjects utilities to the high costs of enforcement measures, but also reputational and operational risks. Compliance should now become more of a proactive and continuous process and not a reactive obligation.
Key Requirements Utilities Must Address in 2025
Inverter-Based Resource Thresholds and Deadlines
Perhaps the most significant regulatory change is the lowered registration threshold for IBR facilities. Any resource with 20 MVA capacity interconnected at 60 kV must register as a Generator Owner (GO) and Generator Operator (GOP), with full enforcement starting May 2026.
These facilities are required to comply with new and emerging standards, including:
- PRC-028-1: Disturbance monitoring and reporting for IBRs.
- PRC-029-1: Frequency and voltage ride-through performance.
- PRC-030-1: Corrective actions following unexpected IBR events.
The 2022 Odessa Disturbance, which highlighted vulnerabilities in large-scale solar facilities, underscored the urgency of these requirements. Utilities must prepare systems and staff now to meet these obligations.
Cybersecurity Enhancements under CIP Standards
Cybersecurity remains at the forefront of NERC’s regulatory agenda. The 2025 CIP revisions introduce significant changes and expansions in applicability:
- CIP-003-9: Expanded security management controls.
- CIP-005-7: Updated electronic security perimeter requirements.
- CIP-010-4: Enhanced configuration change management.
- CIP-013-2: Stronger supply chain risk management.
Such updates increase controls and scrutiny on low-impact assets and tighten supply chain requirements. The utilities should re-evaluate the management of their vendors and detection tools and verify their cybersecurity preparedness at all operational levels.
Facility Ratings and Asset Documentation
Facility ratings standard, FAC-008, is among the most violated NERC standards. In 2025, regulators expect greater transparency in documenting rating assumptions and verifying equipment limits. Utilities must confirm that engineering records are accurate, traceable, and aligned with operational practices. Record keeping and audits will be necessary to avoid penalties.
Conclusion
The 2025 regulatory requirements of NERC are more than a series of minor adjustments, as they are a complete change in how utilities need to think about reliability and security. The new NERC registration threshold, more challenging IBR disturbance standards, increased CIP requirements, and a renewed emphasis on facility ratings require immediate action. Utilizing proactive planning of these changes by upgrading their systems, training employees, and establishing solid compliance programs can allow a utility to exceed the standards of regulatory compliance and even become a reliability and security leader. In an increasingly complex energy landscape, compliance is not a burden but a strategic necessity for long-term success.
1. How much are NERC penalties costing utilities annually?
2. What percentage of compliance violations are related to facility ratings?
3. How many IBR facilities are impacted by the new 20–75 MVA threshold?
4. How significant is the cybersecurity compliance gap?
Disclaimer: Any opinions expressed in this blog do not necessarily reflect the opinions of Certrec. This content is meant for informational purposes only.
