Under Energy Ministers’ National CER Roadmap, NEPKI’s purpose is to be the National non-for-profit entity that facilitates secure communications with Consumer Energy Resources (CER) by providing harmonised and scalable public key infrastructure (PKI) services in a single hierarchy through the provision of digital PKI certificates

Purpose

In July 2025, the ACCC granted authorisation for Energy Networks Australia (ENA) to form NEPKI to procure and implement a national ‘public key infrastructure’ service for managing secure communications between CER and parties in the energy grid. This remit has the potential to be expanded by reforms undertaken with the National CER Roadmap, including Virtual Power Plants and EV Charging.

Authorisation

NEPKI has an open membership for any energy related entity, including distribution networks, public interest entities (e.g. AEMO or governments), Electricity Market Participants (aggregators, retailers and their peak bodies), original equipment manufacturers (OEMs) or their peak body and other CER industry entities or peak bodies.

Membership

PKI Consumers are entities who use NEPKI PKI services and fall into two categories: Servers and/or Clients.

  • Servers are PKI Consumers who utilise NEPKI CSIP-AUS server certificates. At incorporation these are 10 founding DNSPs.

  • Clients are PKI Consumers who utilise NEPKI CSIP-AUS aggregator or device certificates. Typically these are original equipment manufacturers (OEMs).

Each PKI Consumer enters into a bilateral agreement with NEPKI

PKI Consumers

1. To create a trusted digital foundation for the modern grid

Australia’s electricity system is rapidly decentralising — millions of CER such as rooftop solar, batteries, EV chargers, and smart hot water systems are now active participants in the grid.

  • These devices need to communicate securely with energy networks, aggregators, and market operators to respond to signals (e.g. to export, curtail, or charge).

  • Without a common trust framework, every manufacturer or network might build their own system — leading to fragmentation, higher costs, and potential security risks.

NEPKI establishes a nationally consistent “digital passport” system for devices and entities, enabling authenticated, encrypted communication.

Why do we need NEPKI?

2. To ensure cybersecurity and prevent malicious control

PKI (Public Key Infrastructure) uses digital certificates and encryption keys to verify that a device or organisation is who it says it is before allowing control commands or data exchanges.

Without a trusted PKI:

  • A hacker could impersonate a legitimate inverter, aggregator, or DNSP signal.

  • Compromised devices could flood the grid with false data or refuse to respond during emergencies.

  • Different state-based or vendor-specific systems would leave gaps for exploitation.

By centralising trust under NEPKI, all participants use the same cryptographic standard, verified by an independent and secure authority.

3. To enable interoperability and compliance with standards

NEPKI underpins CSIP-AUS (Common Smart Inverter Profile – Australia), which standardises how smart energy devices communicate.

  • CSIP-AUS defines the what (the language and functions).

  • NEPKI defines the who (identity and trust layer).

Together, they make sure that devices from different manufacturers can safely and reliably respond to the same network instructions — a key requirement for large-scale CER coordination and programs like flexible export limits or emergency backstops.

4. To support the Emergency Backstop Mechanism (EBM)

Starting in SA, then VIC, and soon NSW and ACT, the EBM allows networks to temporarily curtail CER exports during critical grid events at the direction of the independent market operator (AEMO):

  • NEPKI enables networks to send authenticated commands to inverters that are guaranteed to come from an authorised entity.

  • This is essential to maintain grid stability and public trust — consumers need to know that control actions are legitimate and secure, not random or spoofed.

5. To avoid duplication and reduce costs

Before NEPKI, each distribution network might have needed its own certificate system.
That would mean:

  • Higher setup and operational costs.

  • Different technical requirements for manufacturers in each jurisdiction.

  • Complex compliance processes for retailers and aggregators.

NEPKI provides a single, national trust service — reducing duplication, promoting interoperability, and streamlining device accreditation and onboarding.

6. To future-proof the energy transition

As the energy sector evolves toward:

  • Two-way energy flows,

  • Dynamic tariffs,

  • Real-time orchestration of millions of small devices,

…a scalable, secure digital identity framework becomes as fundamental as the physical poles and wires.
NEPKI is effectively part of the cyber infrastructure for Australia’s energy future — enabling secure, automated, and verified participation in markets and grid services.

  • Grid Stability – secure control of CER is essential for managing a high-renewables grid

  • Consumer Trust – households and businesses must be confident their devices are communicating with trusted sources

  • Interoperability – a national PKI avoids fragmented, duplicative, and costly solutions

  • Regulatory Compliance – Enables Networks, Market Participants, and CER to comply with regulatory requirements and standards

  • Global Alignment – PKI enables harmonisation with international standards.

Why NEPKI Matters

Diagram showing the current state of electrical power generation from various Australian companies, with color-coded icons representing different power sources such as coal, gas, and renewable energy.

Through NEPKI the CER sectors gets a single trusted ‘passport’ that gives you access to all areas without the need for duplicative effort of managing these credentials. Having a single framework for identifying and authenticating parties within the sectors, assists CER to be one step closer to “plug and play” for customers.

One certificate is all you need!

Diagram of renewable energy companies in Australia, showing data storage, transmission, and renewable energy sources, with company logos at the top and a flowchart of energy distribution at the bottom.

Beyond lowering costs, a single national system means we are investing in a stronger, shared security system.

Cyber risks don’t stop at international borders and neither do CER internet connected devices.

As Australia continues to lead CER adoption globally, having coordinated visibility and protection of their identity will strengthen the energy sector and make it more secure.

Overview of the CSIP-AUS PKI solution

The current PKI solution uses existing certificate standards already built into CSIP-AUS and extends industry best practise for cybersecurity.

NEPKI, via a PKI service provider, provides a centralised resource for the CER sector looking to leverage CSIP-AUS communications.

To enable CSIP-AUS use cases including dynamic operating envelopes and emergency backstop, certificates will be provisioned to three types of users. CER certificates are for devices that communicate directly from local hardware, such as a solar inverter, to the server. Aggregator certificates are for CER providers that choose to proxy their communications through a central platform that communicates to the server. Server certificates for utilities that communicate to many CERs and Aggregators.

Relationship to CSIP-AUS testing and compliance

To be eligible for certificates from NEPKI, NEPKI PKI users must be certified by the Australian National University through their CSIP-AUS testing and certification service. More information can be found on the CSIP-AUS website.

Diagram explaining digital certificates, showing a shield with a key at the top, connected to three icons: a CER, an aggregator, and a server, with the label 'Provides digital certificates to'

What is PKI?

Public Key Infrastructure (PKI) is a set of systems and processes that generate and maintain certificates so entities can communicate securely.

For NEPKI, PKI ensures:

  • Authentication – verifying that a solar inverter, battery, and entities are genuine.

  • Confidentiality – protecting data exchanged between entities and devices by ensuring it is encrypted

  • Integrity – preventing tampering with grid signals or device commands.

  • Non-repudiation – ensuring actions (like emergency controls) can be traced.

In practice, PKI allows CER (e.g., rooftop solar, home batteries) to securely connect with energy networks, retailers, and market participants.

How does PKI work

A trusted entity issues certificates to entities

So that NEPKI can securely communicate with CER

Diagram showing NEPKI providing server certificates to DNS providers and retailers, and aggregator or client certificates to cloud services, VPPs, OEMs, and middleware.
Diagram showing a DNSP server connected via IEEE 2030.5 CSIP-AUS protocol to a CER with icons representing data exchange.

NEPKI’s Objective

Develop, deliver and maintain a national PKI on a not-for-profit, fair, non-discriminatory basis to facilitate the expeditious and secure adoption of CER in Australia.

A detailed chart outlining NEPKI Core Commercial Principles, divided into four sections: Non-Discriminatory, Non-Profit, Open Access, and Non-Obligatory. Each section explains what it is and what it means in relation to NEPKI policies, including commitments to transparency, inclusivity, cost recovery, and service delivery.

Acronyms

ACCC Australian Competition & Consumer Commission

AEMO Australian Energy Market Operator

ARENA Australian Renewable Energy Agency

DEIP Distributed Energy Integration Program

CER Consumer/Distributed Energy Resources

CSIP-AUS Common Smart Inverter Profile - Australia

DNSPs Distribution Network Service Providers

ECMC Energy and Climate Change Ministers Council

EV Electric Vehicle

ISC Interoperability Steering Committee

NEPKI National Energy Public Key Infrastructure

OEM Original Equipment Manufacturer

PKI Public Key Infrastructure

VPP Virtual Power Plant