The rulebook: legislation, codes, and RIIO

Primary legislation sets the boundaries of the entire system. Five Acts are particularly relevant to energy data. They do not prescribe technical details — that is the job of codes and licences — but they create the legal powers, duties, and institutions that everything else depends on.

Electricity Act 1989

“No person shall generate, transmit, distribute or supply electricity except under and in accordance with a licence granted under this section.”

Electricity Act 1989 - Section 6(1)(c)

Section 6 is the foundation of the entire regulatory hierarchy described in this module. Every data obligation — from BSC settlement reporting to smart meter rollout — derives from licence conditions attached to the licences created by this provision. If you want to understand why an organisation is required to share a particular dataset, the answer traces back to here.

The foundation stone. This Act privatised the electricity industry, created the generation, transmission, distribution, and supply licences, and established the regulator (originally OFFER, now Ofgem). Section 3A sets out Ofgem's principal objective: to protect the interests of existing and future consumers. Every data obligation Ofgem imposes must ultimately serve this objective. The Act also created the framework for industry codes by requiring licensees to comply with codes designated by the Secretary of State.

For data professionals, the critical provision is Section 11: Ofgem's power to modify licence conditions. This is how Ofgem can require licensees to collect new data, share existing data, or implement new data platforms — without going back to Parliament. Most data-related changes in the last decade have been implemented through licence condition modifications under Section 11, not through new legislation.

Gas Act 1986

The equivalent for gas. It created the gas transporter, shipper, and supplier licences and established the regulatory framework mirroring electricity. Gas data obligations flow from this Act through Ofgem licence conditions into the Uniform Network Code (UNC). The Act was amended significantly by the Gas Act 1995 to introduce competition in the domestic gas market.

Energy Act 2023

The most important recent legislation for energy data. The Energy Act 2023 received Royal Assent on 26 October 2023 and contains provisions that directly affect data governance. Part 5 creates the Future System Operator (now the National Energy System Operator, NESO) as an independent body with statutory duties covering both electricity and gas system operation. NESO has data-gathering powers that extend beyond traditional settlement data into network planning, flexibility, and whole-system analysis.

Part 3 of the Energy Act 2023 establishes the framework for hydrogen networks, which will eventually generate their own data flows. Part 8 modernises the code governance framework, giving Ofgem powers to reform or consolidate industry codes. This is significant for data because code fragmentation — the same data requirement appearing in different codes with slightly different definitions — is one of the biggest barriers to data interoperability.

Data Use and Access Act 2025 (DUA)

The DUA Act received Royal Assent on 19 June 2025. It is not energy-specific but has profound implications for energy data. Part 1 creates the Smart Data framework, which gives the Secretary of State power to require businesses to share customer data with authorised third parties through secure APIs. Energy is one of the sectors expected to be designated under this framework.

The DUA Act also introduces the concept of “recognised legitimate interests” as a lawful basis for processing personal data under UK GDPR Article 6(1)(f). This could simplify some energy data sharing that currently requires individual consent, though the precise scope is still being worked out through secondary legislation and ICO guidance.

Data Protection Act 2018 (DPA)

The DPA 2018 implements the UK GDPR in domestic law. It applies to all personal data in the energy sector, including smart meter readings, customer records, and consumption profiles. The Act creates the Information Commissioner's Office (ICO) as the supervisory authority. For energy data, the tension between the DPA's data minimisation principle and the industry's need for granular settlement data is the single most contested governance question, as we will explore in Module 9.

RIIO (Revenue = Incentives + Innovation + Outputs) is the framework Ofgem uses to set the allowed revenues for network companies. It replaced the previous RPI-X framework in 2013 and now governs how much DNOs, transmission operators, and gas networks can charge consumers. RIIO is critical for data because it determines how much money is available for network digitalisation, data platforms, and smart grid infrastructure.

How RIIO works

Ofgem sets a price control for each network company that specifies total allowed expenditure (totex), output requirements (what the company must deliver), and incentive mechanisms (rewards and penalties for over- or under-performance). The totex is recovered from consumers through network charges on their bills. The current electricity distribution price control is RIIO-ED2, running from April 2023 to March 2028. RIIO-ED3, covering 2028-2033, is in development.

RIIO-ED2 included specific outputs related to digitalisation. Each DNO was required to publish a Digitalisation Strategy and Action Plan (DSAP) and a Data Best Practice implementation plan. Ofgem assessed these plans and allocated funding accordingly. The total digitalisation allowance across all DNOs in RIIO-ED2 was approximately £400 million.

RIIO-3 and the £876.7M commitment

RIIO-3 (which begins April 2026 for transmission and gas distribution) represents a step change in digitalisation ambition. The total digitalisation and data investment across electricity transmission, gas distribution, and gas transmission is approximately £876.7 million. This funding covers data platform modernisation, network monitoring equipment, digital twin development, advanced analytics, and the workforce transformation needed to support these capabilities.

For the first time, RIIO-3 will include explicit data quality metrics as output measures. Network companies will be assessed not just on whether they collect data, but on whether that data meets defined quality standards. This represents a fundamental shift: data is no longer a byproduct of network operations but a regulated output in its own right.

Innovation funding

Alongside the main price control, RIIO includes ring-fenced innovation funding. The Strategic Innovation Fund (SIF) funds large-scale projects addressing net-zero challenges, many of which involve data and digitalisation. The Network Innovation Allowance (NIA) funds smaller projects at individual network company level. Both mechanisms have funded data-related projects including digital twins, predictive asset management, and data sharing platforms.

Below the Acts and Ofgem sit the industry codes: detailed, legally binding documents that specify exactly how the energy market operates. Each code is maintained by a code administrator, governed by a panel of industry representatives, and subject to Ofgem approval for material changes. For data professionals, the codes are where the operational detail lives: what data must be collected, in what format, by whom, how quickly, and who can access it.

1. Balancing and Settlement Code (BSC)

The BSC governs electricity balancing and settlement. It is administered by Elexon and is the single most important code for electricity data. The BSC runs to thousands of pages and is divided into lettered sections. Key data-related sections include:

Section K — Classification and registration of metering systems. Defines how meters are registered, what data they must record, and the technical standards they must meet. Section S — Supplier Volume Allocation. Specifies how half-hourly meter data is collected, validated, and allocated to Grid Supply Points for settlement. Section T— Settlement Administration. Defines the settlement calculation, reconciliation runs, and imbalance pricing. Section Q — Performance Assurance. Sets out the framework for monitoring and enforcing data quality across all BSC parties. Section V — Reporting. Specifies what settlement data must be published and to whom.

The BSC is currently being modified extensively to support Market-Wide Half-Hourly Settlement (MHHS), which changes settlement from profile classes to actual half-hourly data for all meters. This is the largest single change in the BSC's history and affects virtually every data flow in electricity settlement.

2. Retail Energy Code (REC)

The REC was created in 2021 by merging the Master Registration Agreement (MRA) and the Supply Point Administration Agreement (SPAA). It governs retail market processes including change of supplier, meter point registration, and customer data management. The REC is administered by RECCo. For data, the REC is critical because it controls the Address Data Working Group output, the Green Deal registration data, and the Data Access Framework that determines who can access customer-related data.

3. Smart Energy Code (SEC)

The SEC governs the DCC and the smart metering infrastructure. It specifies the technical standards for smart meters (SMETS1 and SMETS2), the DCC's service levels, data security requirements, and the privacy framework for smart meter data. The SEC is administered by the Smart Energy Code Company (SECAS). Section H defines the DCC Service Requests that control how data flows between meters, the DCC, and market participants.

4. Grid Code

The Grid Code governs the connection and operation of the electricity transmission system. It is maintained by the National Energy System Operator (NESO). For data, the Grid Code specifies what operational data generators, interconnectors, and large demand customers must provide to NESO for system operation, including Physical Notifications, demand forecasts, and generation availability data.

5. DCUSA (Distribution Connection and Use of System Agreement)

DCUSA governs the relationship between DNOs and users of the distribution network. It contains the Distribution Use of System (DUoS) charging methodology and specifies what data DNOs must provide to suppliers and what data suppliers must provide to DNOs. The metering data flows in DCUSA interface directly with the BSC settlement process.

6. CUSC (Connection and Use of System Code)

CUSC governs connection to and use of the transmission system. It contains the Transmission Network Use of System (TNUoS) charging methodology and specifies the data requirements for transmission connection agreements. CUSC data feeds into NESO's system planning and constraint management processes.

7. UNC (Uniform Network Code)

The UNC is the equivalent of the BSC for gas. It governs gas transportation, balancing, and settlement. The UNC is administered by the Joint Office of Gas Transporters. For data, the UNC specifies gas meter reading requirements, the volume correction process (converting cubic metres to kWh using calorific values), and the allocation and reconciliation framework for gas settlement. Xoserve operates the central data services under the UNC.

Data governance maturity model

Ofgem has proposed a five-level data governance maturity model for assessing how well organisations manage energy data:

Level 1 — Initial. Data management is ad hoc with no formal processes. Data quality is inconsistent and unmeasured. Most small suppliers and some IDNOs sit here.

Level 2 — Developing. Basic data management processes exist but are not consistently applied. Data quality is measured sporadically. Many mid-sized suppliers are at this level.

Level 3 — Defined. Formal data management policies and processes are in place. Data quality is measured regularly. Most DNOs target this level under RIIO-ED2.

Level 4 — Managed. Data management is integrated into business processes with quantitative performance targets. Data quality is actively managed and improved. Leading DNOs and Elexon aspire to this level.

Level 5 — Optimising. Data management is continuously improved using analytics and automation. Data is treated as a strategic asset with clear value metrics. No GB energy organisation has credibly achieved this level yet.