EN 1090 vs NERC CIP
EN 1090
European standard for execution of structural steel and aluminium
NERC CIP
Mandatory standards for BES cybersecurity and reliability.
Quick Verdict
EN 1090 mandates CE marking for structural steel/aluminium in EU construction, ensuring execution quality via FPC certification. NERC CIP enforces cyber/physical security for North American grid operators through audits and fines. Fabricators choose EN 1090 for market access; utilities adopt CIP for reliability compliance.
EN 1090
EN 1090 Execution of steel and aluminium structures
Key Features
- Mandates CE marking via certified Factory Production Control
- Risk-based Execution Classes (EXC1-EXC4) scaling requirements
- Technical rules for steel (EN 1090-2) and aluminium (EN 1090-3)
- Requires ISO 3834-aligned welding coordination and qualifications
- Ensures full material traceability, tolerances, and NDT inspection
NERC CIP
NERC Critical Infrastructure Protection Standards
Key Features
- Risk-based tiering of BES Cyber Systems
- Electronic/physical security perimeters
- 35-day patch evaluation cadence
- Incident response and recovery plans
- Supply chain risk management controls
Detailed Analysis
A comprehensive look at the specific requirements, scope, and impact of each standard.
EN 1090 Details
What It Is
EN 1090 is the harmonized European standard family for execution and conformity assessment of steel and aluminium structural components under the Construction Products Regulation (CPR). It comprises EN 1090-1 (conformity assessment), EN 1090-2 (steel execution), and EN 1090-3 (aluminium). Primary purpose: ensure safe fabrication, assembly, and CE marking for load-bearing components in construction. Key approach: risk-based Execution Classes (EXC1-EXC4) scaling controls by consequence, service, and production categories.
Key Components
- **Factory Production Control (FPC)documented system for traceability, welding, inspection.
- **Welding managementISO 3834 integration, qualified coordinators/personnel.
- **Technical requirementsmaterials, tolerances, corrosion protection, NDT.
- Certification model: Notified Body audits FPC, issues certificate enabling Declaration of Performance (DoP) and CE mark.
Why Organizations Use It
Mandated for EU market access; reduces liability, rework. Drives capability in welding/traceability; enhances competitiveness for high-risk projects like bridges/stadia.
Implementation Overview
Phased: gap analysis, FPC build, personnel training, NB certification (3-12 months). Applies to fabricators; requires ongoing surveillance.
NERC CIP Details
What It Is
NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) are mandatory reliability standards for cybersecurity and physical protection of the Bulk Electric System (BES). They apply to high-voltage assets across the US, Canada, and parts of Mexico, using a risk-based, tiered approach categorizing systems as High, Medium, or Low Impact.
Key Components
- Core standards: CIP-002 (scoping), CIP-003 (governance), CIP-004 (personnel), CIP-005/006 (perimeters), CIP-007 (systems), CIP-008-010 (response/recovery/config), CIP-013 (supply chain), CIP-014/015 (physical/monitoring).
- ~45 requirements across 15+ standards.
- Built on BES reliability principles; enforced via audits, penalties by NERC/FERC.
Why Organizations Use It
- Legal mandate for BES owners/operators to prevent misoperation/instability.
- Mitigates cyber/physical risks, reduces outages/fines.
- Enhances resilience, insurance rates, stakeholder trust.
Implementation Overview
- Phased: scoping, controls, testing, audits.
- Targets utilities/transmission entities; annual audits, 15-month reviews.
Key Differences
| Aspect | EN 1090 | NERC CIP |
|---|---|---|
| Scope | Structural steel/aluminium execution & conformity | Cyber/physical security for Bulk Electric System |
| Industry | Construction, fabrication (EU/EEA) | Electric utilities (North America) |
| Nature | Harmonized standard for CE marking | Mandatory reliability standards enforced by FERC |
| Testing | FPC certification, surveillance audits by Notified Bodies | Annual audits, vulnerability assessments, incident drills |
| Penalties | Market exclusion, no CE marking | Fines up to $1M per violation, license suspension |
Scope
Industry
Nature
Testing
Penalties
Frequently Asked Questions
Common questions about EN 1090 and NERC CIP
EN 1090 FAQ
NERC CIP FAQ
You Might also be Interested in These Articles...
Beyond the Boardroom: 5 Ways Modern Compliance Software Elevates Every Department
Discover 5 ways modern compliance software boosts HR, IT, finance & more: automate risks, enhance efficiency, ensure data integrity, stay audit-ready. Elevate y
NIST CSF 2.0 Govern Function Deep Dive: Building Executive Cybersecurity Governance from Scratch
Step-by-step blueprint for NIST CSF 2.0 Govern function: templates, RACI matrices, metrics to elevate cybersecurity governance to boardroom level. Reduce breach
What if the EU would not have made GDPR mandatory...
Explore a world without mandatory GDPR: How would organizations manage data? What data privacy regs would emerge? Uncover impacts on businesses and privacy laws
Run Maturity Assessments with GRADUM
Transform your compliance journey with our AI-powered assessment platform
Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.
Explore More Comparisons
See how EN 1090 and NERC CIP compare against other standards