Smart Secure Electricity Systems: Implementing the load control licensing regime

What this is about

Ofgem is consulting on how to operationalise a new licensing regime for load control, the technical activity of remotely starting, stopping, or modulating Energy Smart Appliances such as EV chargers and heat pumps. The regime sits under the Smart Secure Electricity Systems (SSES) programme, run jointly with DESNZ. This consultation covers Ofgem's implementation mechanics: the application process, the monitoring and data requirements, and the compliance and enforcement approach. It runs in parallel with a separate DESNZ consultation on the draft licence conditions and the scope of the licence itself. The two are designed to be read together: DESNZ defines what the licence covers and what it requires, Ofgem defines how a firm gets one and what happens if it breaks the rules.

The timing follows the legislative architecture. The enabling powers come from the Energy Act 2023, which gave government the ability to regulate ESAs and the organisations that control them. The expected sequence is: regulations in force by end of 2026, then a requirement to hold a load control licence to undertake load control activity by end of 2027, after a 12-month transition period. The stated rationale is the standard triad: consumer protection (a third party can now turn your heating down or delay your car charging), cyber security (a fleet of remotely controllable domestic assets is an attack surface with grid-scale consequences), and grid stability (uncoordinated or maliciously coordinated load shifting is a system risk). The deeper move is structural. This creates a new regulated entity class sitting between the grid and the appliance. Whoever holds this licence holds the contractual and technical relationship through which domestic flexibility is actually delivered. The licence conditions, the data obligations, and the entry requirements will shape who can operate in that layer and on what terms, which is why the interaction with the Market Facilitator and with DNO flexibility procurement matters more than the cyber framing suggests.

Options on the table

The consultation does not present a set of cleanly delineated policy alternatives in the source text. It sets out Ofgem's proposed approach across three operational domains and seeks views on that approach rather than asking stakeholders to choose between named models. The decision points are embedded in the design of each domain rather than packaged as discrete options. The three domains are worth treating separately because the burden and the competitive consequences differ across them.

Application and entry process

Ofgem proposes an application process evidenced by the draft application form at Annex C, which illustrates what a prospective licensee must demonstrate before it can hold a licence. The design question here is the height of the entry bar. A demanding evidential threshold (detailed cyber attestations, consumer-protection systems, financial and operational capability) protects consumers and the system but functions as a fixed compliance cost. Fixed costs favour incumbents and large aggregators that can amortise them across a big installed base. Smaller flexibility providers, new entrants, and appliance manufacturers experimenting with control models bear the same absolute cost against a smaller revenue base. Whoever wins the design of the application form wins a structural advantage: a lighter form admits more competitors into the layer, a heavier one consolidates it. The flexibility market needs entrants more than it needs another barrier, so the level set here is the consequential choice even though it is not framed as an explicit option.

Monitoring and data requirements

Ofgem proposes ongoing monitoring and data reporting obligations on licensees. The substantive question is what data flows to Ofgem, at what granularity, and how it connects to the rest of the market architecture. Load-control data is operationally valuable: it reveals who is dispatching what flexibility, where, and when. If the reporting is designed primarily as a compliance audit trail it imposes cost without creating market value. If it is designed to interoperate with the Market Facilitator and DNO flexibility procurement, the same data becomes the spine of a functioning flexibility market rather than a regulatory overhead. The winners and losers here depend on whether the data obligation is an extraction cost or a shared infrastructure investment.

Compliance and enforcement

Ofgem proposes a compliance and enforcement approach for licensed load control. The design tension is between a rules-based regime (prescriptive conditions, mechanical breach tests) and a risk-based one (proportionate to the consumer and system harm at stake). A prescriptive regime is predictable but rigid and tends to penalise smaller operators disproportionately because compliance overhead does not scale down. A risk-based regime is harder to game but demands more regulatory judgement and creates uncertainty about where the line sits. The consumer-protection guidance at Annex D will indicate which way Ofgem is leaning: detailed mandatory measures point to the prescriptive end.

Questions being asked

The source text does not enumerate the formal consultation questions; they sit in the full consultation PDF rather than the webpage. The structure of the consultation indicates the questions cluster around three themes, and stakeholders should respond against these even without the numbered list.

Application process and licensing scope

Questions on whether the proposed application process and evidential requirements at Annex C are proportionate, and whether the 12-month transition period is sufficient. (The real issue is the entry bar: respondents who want a competitive flexibility layer should press on whether the evidential threshold screens for genuine capability or simply screens out small operators, and whether 12 months is long enough for existing unlicensed providers to come into compliance without exiting the market.)

Monitoring, data, and market interoperability

Questions on the proposed monitoring and data requirements and whether they are workable. (The question behind the question is whether the data architecture is being designed as a standalone compliance feed or as something that will interoperate with the Market Facilitator and DNO flexibility procurement. Respondents with a market-design interest should push for the data obligation to be specified once and reused, not duplicated across regimes, because duplicated reporting is a pure transaction cost on the people delivering flexibility.)

Consumer protection, cyber security, and enforcement

Questions on the draft consumer protection guidance at Annex D and on the proposed compliance and enforcement approach. (This is where the prescriptive-versus-risk-based design choice is decided in practice. Respondents should test each proposed consumer-protection measure against whether it addresses a real and demonstrated harm or simply adds an attestation, and should ask whether enforcement is proportionate to harm or mechanical, because mechanical enforcement falls hardest on the smallest licensees.)

A general note for respondents: Ofgem explicitly asks stakeholders to review this consultation alongside the parallel DESNZ consultation on the draft licence conditions and the scope of the licence. Responding to Ofgem's implementation mechanics without engaging the DESNZ scope question risks accepting the boundary of the regulated activity by default. The scope of "load control" determines who needs a licence at all, which is logically prior to how the licence is administered.

How to respond

Deadline: The consultation closed on 19 February 2026 (the webpage records a closed date of 19 February 2026; the body text gives a submission instruction of 18 February 2026, so treat 18 February as the operative submission cut-off and note the one-day discrepancy in the source). Status is now "Closed (awaiting decision)."

Submission method: By email to flexibility@ofgem.gov.uk.

Consultation package: Three documents were open for response: the main implementation consultation (PDF, 883 KB), Annex C (draft load control licence application form, PDF, 583 KB), and Annex D (draft load control consumer protection guidance, PDF, 274 KB). Decisions and the consultation outcome will be published on the same Ofgem consultation webpage.

Who Ofgem sought responses from: Prospective licensees, consumer advocacy groups, industry bodies, trade associations, and any other interested parties.

Because the window has closed, the live action for anyone tracking this is the decision, not a response. Watch for the published outcome on the Ofgem consultation page and read it against the parallel DESNZ decision on licence scope and conditions. The substantive things to check when the decision lands: where the application-form evidential bar settled, whether the data obligations were specified to interoperate with the Market Facilitator and DNO flexibility procurement or as a standalone compliance feed, and whether enforcement came out prescriptive or risk-based. Those three answers will tell you whether the new load-control layer is being built as a competitive market function or as another fixed-cost regulatory tier that consolidates flexibility delivery among incumbents.