AI Governance in Energy

Industry Application
AI Governance RegulationEnergy

The energy sector sits at the intersection of two urgent imperatives: the rapid AI-driven transformation of how power is generated, distributed, and traded, and the tightening web of AI governance frameworks that classify critical infrastructure as a high-stakes regulatory domain. As of early 2026, energy companies from grid operators to oil majors are navigating compliance obligations under the AI Governance Regulation landscape while simultaneously deploying AI at unprecedented scale to meet decarbonization targets and manage increasingly complex grids.

Critical Infrastructure Classification and the EU AI Act

The EU AI Act, entering full enforcement in 2025–2026, explicitly designates AI systems used in the management and operation of critical infrastructure—including electricity, gas, water, and heating networks—as high-risk under Annex III. This classification carries significant compliance obligations: mandatory conformity assessments, technical documentation, human oversight mechanisms, logging of system operation, and registration in the EU database of high-risk AI systems. For European energy operators like Enel, RWE, and Ørsted, this means that AI systems controlling grid balancing, fault detection, and load forecasting must undergo rigorous pre-deployment review and ongoing monitoring. ENTSO-E, the European network of transmission system operators, has been coordinating sector-wide guidance on what constitutes a compliant AI governance framework for grid management systems, publishing draft technical standards in late 2025 that map EU AI Act requirements onto operational technology (OT) environments.

Grid Management AI: From Automation to Accountability

Modern electricity grids are managed by AI systems making thousands of real-time decisions—balancing supply and demand, rerouting power around faults, and integrating intermittent renewables. National Grid ESO in the UK deployed its AI-driven Electricity Market Reform platform in 2024, and under the UK's proposed AI regulation framework (aligned broadly with EU principles post-Brexit), such systems require documented decision trails and explainability provisions. In the United States, FERC Order 881 and NERC reliability standards increasingly intersect with AI governance: the Federal Energy Regulatory Commission has signaled that AI systems influencing bulk power system operations must meet cybersecurity and auditability standards equivalent to those for traditional SCADA systems. PJM Interconnection, which operates the world's largest competitive wholesale electricity market, published its AI Governance Policy in early 2025, establishing internal review boards for any AI deployment affecting dispatch decisions or market integrity.

Energy Trading and Market Surveillance

Algorithmic and AI-driven trading now accounts for a substantial share of wholesale energy market activity. Commodity trading firms including Vitol, Trafigura, and the trading arms of Shell and BP use machine learning models for price forecasting, physical optimization, and risk management. In the EU, REMIT II (Regulation on Wholesale Energy Market Integrity and Transparency, revised 2024) explicitly addresses algorithmic trading in energy markets, requiring market participants to notify regulators of AI systems capable of material market impact and to maintain audit logs. ACER (the Agency for the Cooperation of Energy Regulators) issued technical guidance in 2025 on what constitutes an acceptable human oversight mechanism for automated energy trading systems—a direct response to concerns about AI-driven price manipulation and flash crashes in day-ahead and intraday markets. In the US, the CFTC's AI and emerging technology advisory has extended analogous expectations to energy derivatives trading on regulated exchanges.

Predictive Maintenance and Asset Management

Oil and gas operators including BP, TotalEnergies, and Saudi Aramco have deployed AI systems for predictive maintenance of offshore platforms, pipelines, and refinery assets. These systems use sensor fusion, anomaly detection, and failure-mode prediction to reduce unplanned downtime and prevent safety incidents. Under emerging AI governance frameworks, the safety-critical nature of these applications places them in regulatory grey zones: they are not explicitly listed as high-risk under the EU AI Act's Annex III, but their failure modes—missed equipment faults leading to explosions or spills—trigger existing safety and environmental regulations. The UK Health and Safety Executive (HSE) and the US Bureau of Safety and Environmental Enforcement (BSEE) have both issued guidance documents in 2025 treating AI-assisted safety systems as subject to the same functional safety standards (IEC 61511 for process industries) as traditional automated safety systems, effectively creating a de facto AI governance layer through existing safety law.

Renewable Energy Optimization and Demand Forecasting

The integration of large-scale renewable generation requires AI forecasting systems of increasing sophistication. Ørsted, Vestas, and NextEra Energy deploy AI models to predict wind and solar output hours to days ahead, informing bidding strategies and grid planning. These systems sit at an interesting governance boundary: their direct output is a forecast, not a control action, placing them outside the strictest high-risk categories—but their downstream influence on dispatch and investment decisions gives regulators pause. The German Bundesnetzagentur (Federal Network Agency) has required since mid-2025 that any AI forecasting system whose outputs feed directly into grid redispatch decisions be documented and subject to human review before operational use. Demand-side AI, including smart thermostat platforms from companies like Nest (Google) and EDF's market-facing demand response products, faces EU AI Act transparency requirements: consumers must be informed when AI is making decisions that affect their energy consumption or pricing.

Applications & Use Cases

High-Risk AI Compliance for Grid Operators

Transmission and distribution operators subject to the EU AI Act's Annex III classification must conduct conformity assessments, maintain technical documentation, and register grid management AI in the EU high-risk AI database. ENTSO-E member TSOs including RTE (France), Elia (Belgium), and Red Eléctrica (Spain) are implementing compliance programs covering AI systems for load balancing, fault prediction, and congestion management.

Algorithmic Energy Trading Oversight

Under REMIT II and CFTC guidance, energy trading firms must notify regulators of AI systems with material market impact, maintain detailed audit logs, and demonstrate human oversight mechanisms. Shell's trading division and Vitol have established internal AI model governance committees that review trading algorithm changes before deployment, analogous to model risk management frameworks in banking.

AI-Driven Predictive Maintenance Governance

Oil and gas operators applying AI for safety-critical equipment monitoring must satisfy both AI governance expectations and existing functional safety standards (IEC 61511). BP's AI-powered platform monitoring system on its North Sea assets underwent a parallel review process in 2025 combining HSE safety case assessment with internal AI model documentation requirements derived from the EU AI Act's high-risk framework.

Demand Response and Consumer-Facing AI Transparency

Energy retailers and demand response aggregators deploying AI to manage consumer load must satisfy EU AI Act transparency requirements. EDF and Octopus Energy have updated their customer-facing AI systems to disclose when automated decisions affect billing or consumption, and to provide meaningful explanations of optimization logic to residential and commercial customers.

Renewable Forecasting and Dispatch Integration

Germany's Bundesnetzagentur requires human review before AI forecasting outputs influence grid redispatch decisions. Ørsted and Vestas have adapted their forecasting pipelines to produce uncertainty-quantified outputs with explainable confidence intervals, giving grid operators the information needed to exercise meaningful human oversight rather than rubber-stamping AI recommendations.

Cybersecurity and AI System Integrity in OT Environments

NERC CIP standards and the NIS2 Directive (EU, effective 2024) require energy operators to treat AI systems embedded in operational technology environments as cybersecurity assets. This means adversarial robustness testing, supply chain review of AI components, and incident reporting obligations for AI system compromises—a governance layer that major utilities including Duke Energy and National Grid have integrated into their OT security programs.

Key Players

  • Enel (Italy) — Europe's largest utility has established a dedicated AI Ethics and Governance Board overseeing 400+ AI use cases across grid management, customer service, and renewable optimization, publishing conformity documentation for EU AI Act high-risk systems across its operations in Italy, Spain, and Latin America.
  • National Grid ESO (UK) — The UK's electricity system operator has published an AI Governance Framework aligned with the UK AI Safety Institute's voluntary code, covering its AI-driven balancing mechanism and day-ahead forecasting tools, with independent third-party audits of high-impact systems initiated in 2025.
  • BP — Through its bp.pulse EV charging network and Launchpad digital ventures unit, BP has deployed AI governance tooling from Credo AI to audit model fairness and compliance across its trading and infrastructure AI portfolio, with particular focus on REMIT II obligations for its European gas and power trading operations.
  • TotalEnergies — The French major has embedded AI governance requirements into its digital project lifecycle, requiring that any AI system categorized as high-risk under the EU AI Act complete a structured impact assessment before deployment, with oversight from a cross-functional AI Review Committee established in early 2025.
  • Ørsted (Denmark) — The world's largest offshore wind developer uses AI governance frameworks to manage forecasting and asset optimization models, working with regulators in Denmark, the UK, and Germany to establish sector-specific technical standards for wind energy AI systems under the EU AI Act's Annex III compliance pathway.
  • PJM Interconnection (USA) — The largest wholesale electricity market operator in North America published a formal AI Governance Policy in 2025 covering market-facing and dispatch-influencing AI systems, establishing model validation requirements and a governance review board with FERC-aligned auditability standards.
  • Saudi Aramco — Operating outside EU jurisdiction but responding to global investor and partner expectations, Aramco published its AI Principles Framework in 2024 covering safety, transparency, and human oversight for AI deployed in upstream operations, refining, and trading—positioning the company for compliance with emerging international AI standards through the OECD and ISO TC 42 process.

Challenges & Considerations

  • Legacy OT/IT Integration — Energy infrastructure was built over decades on operational technology systems not designed for AI governance requirements like audit logging, explainability, or remote attestation. Retrofitting EU AI Act documentation and monitoring requirements onto AI systems embedded in decades-old SCADA and EMS platforms is technically complex and expensive, with many utilities estimating multi-year programs to achieve full compliance.
  • Cross-Border Regulatory Fragmentation — Energy systems are physically interconnected across jurisdictions with divergent AI regulations. A single AI grid management system may operate across EU member states, the UK post-Brexit, and neighboring countries under different frameworks. Multinational operators like Enel and RWE must navigate simultaneous compliance with the EU AI Act, UK AI governance expectations, and NERC standards in North American subsidiaries—without clear harmonization mechanisms.
  • Defining Human Oversight in Real-Time Operations — Electricity grid management requires decisions in milliseconds, making meaningful human oversight technically challenging for the fastest AI interventions. Regulators and operators are debating what constitutes an adequate human oversight mechanism when grid frequency response AI must act faster than human reaction time—with proposed solutions including pre-approval of operating envelopes, post-hoc review, and automatic fallback to predetermined control strategies.
  • AI Supply Chain Transparency — Energy companies increasingly rely on AI systems from third-party vendors (GE Vernova, Siemens Energy, ABB, Schneider Electric) embedded in hardware and software products. EU AI Act obligations for high-risk AI apply to the deployer as well as the developer, creating pressure on energy companies to demand AI governance documentation from vendors who have historically treated their algorithms as proprietary black boxes.
  • Market Manipulation and Fairness in AI Trading — As AI trading systems become more prevalent in wholesale energy markets, regulators face the challenge of distinguishing legitimate optimization from manipulative behavior. The line between sophisticated forecasting and market manipulation is blurry when AI systems can anticipate and influence price signals, and ACER and FERC enforcement capacity has not kept pace with the complexity of AI-driven trading strategies.
  • Workforce and Governance Capability Gaps — Effective AI governance in energy requires staff who understand both AI systems and energy operations—a rare combination. Most utilities lack internal AI governance expertise at the depth required for EU AI Act conformity assessments, creating demand for external consultants and auditors that exceeds available supply, and risking governance processes that are formally compliant but substantively shallow.