This document contains security requirements for procuring Smart Meters and Data Concentrators. They are intended as a common baseline that in line with more strict requirements or more detailed specifications used in different European countries.
The requirements are formulated in a technology-independent manner. They describe the security measures that need to be taken functionally, and do not make assumptions on communication protocols or technologies. The requirements cover both technical security measures, and process measures that Vendors should take to ensure secure development, production, and delivery of the devices.
The requirements have been written with an eye towards testing. For each requirement, recommendations are given for evaluating if it has been fulfilled. These recommendations are based on experience with testing many meters from different countries.