Compliance · NERC CIP · Bulk Electric System
NERC CIP holds the Bulk Electric System. The obligation extends to every agent inside the perimeter.
NERC CIP, the suite of cybersecurity standards FERC enforces for the Bulk Electric System, is built around what can be documented and attributed: which entity owns the asset, who has electronic access, what changed, who approved it, what was detected, what was restored. FERC enforces with civil penalties up to one million dollars per day per violation. FERC Order 919 (published March 2026, effective May 2026) updated standards CIP-002-7 through CIP-013-3, with mandatory compliance July 2028. When AI agents touch any of those control surfaces, they inherit the documentation and attribution burden the standards expect of the humans who used to do the work.
§ 01 The control burden
Agents inherit the controls. The evidence has to come with them.
CIP standards are designed around what can be reconstructed after the fact: which entity owns the asset, who has electronic access, what changed, what was reviewed, who signed off. The framework assumes the chain of authority for any action on a covered asset is reviewable on demand.
When an AI agent operates on a CIP-covered system, that assumption does not change. The agent has to be attributable like the operator, the change has to be reviewable like the change ticket, the access has to be controllable like the human session. Otherwise the documentation has a gap where the agent used to be, and an auditor finds it.
The standards do not exempt non-human operators. They expect the same record, regardless of what produced the action.
§ 02 The evidence
The record NERC CIP assumes, by construction.
The substrate makes the record a property of the action. Every agent action is attributed to a specific agent under a specific policy you write, and hash-chained into a tamper-evident audit trail an auditor can interrogate after the fact, kept inside your Electronic Security Perimeter.
This material is informational, not legal or regulatory advice. The substrate produces the record; it does not by itself make a Registered Entity compliant. Assess your specific obligations under NERC CIP and FERC-approved standards with qualified counsel.
§ 03 Questions
NERC CIP and AI agents, answered.
Does NERC CIP cover AI agents directly?
NERC CIP does not name AI agents as a category, but its standards apply to actions on Bulk Electric System Cyber Assets regardless of what produced the action. The framework is asset-and-action centric, not operator-centric. An AI agent that changes a configuration, accesses a Critical Cyber Asset, or operates inside an Electronic Security Perimeter is in scope of the same standards a human operator would be.
Which CIP standards bear most directly on agent operations?
CIP-004 Personnel and Training (access authorization), CIP-005 Electronic Security Perimeters (access into the ESP), CIP-007 System Security Management (configuration and change), CIP-008 Incident Response (what was detected, by whom, when), CIP-009 Recovery Plans (what was restored), and CIP-010 Configuration Change Management (the documentation of what changed) all imply an attributable, reviewable trail that has to extend to whatever produces actions on covered assets.
What does the substrate produce against NERC CIP's documentation expectations?
Every agent action on a CIP-covered system is attributed to a specific agent under a specific policy you write, hash-chained into a tamper-evident audit trail kept inside your operational boundary. Refusals, escalations, and approvals are recorded as durable events the same as actions. The trail is what an auditor reviews; it is also what an incident-response or recovery procedure reconstructs from.
Is this legal or regulatory advice?
No. This material is informational. The substrate produces the record; it does not by itself make a Registered Entity compliant. Assess your specific obligations under NERC CIP and FERC-approved standards with qualified counsel.