JavaScript Required!

We're sorry, this form requires JavaScript to be enabled.

Please enable JavaScript in the browser's settings menu and refresh the page or browse to this form in a browser that supports JavaScript.

Smart Energy Code (SEC) Security Vulnerability and Incident Reporting Form

The Smart Energy Code (SEC) places obligations on DCC Users (SEC Parties who have completed the User Entry Process) to notify the Security Sub-Committee (SSC) of any Vulnerabilities or Incidents that occur in, or cause a material adverse effect on the security of, hardware, software, firmware or a Device. These obligations are G2.11, G2.15, G2.30, G3.5 and G3.18.

In addition, DCC Users make use of the Smart Metering Key Infrastructure (SMKI). SMKI provides a secure and effective means of ensuring that messages to and from Smart Metering Equipment are properly authenticated, provide integrity and, where applicable, provide non-repudiation. SMKI can become Compromised (or suspected of being Compromised) and may adversely affect the security of a DCC User. DCC Users should inform the SSC and the SMKI Policy Management Authority (SMKI PMA) of a Compromise (or suspected Compromise) of their Cryptographic Material.

This form has been created for DCC Users to notify the SSC and/or the SMKI PMA of any Security Vulnerabilities or Security Incidents, or Compromises (or suspected Compromises) of Cryptographic Material. Egress is a secure and effective mechanism using encryption for sharing sensitive information and has been selected as the secure web-based platform to share confidential smart metering related information.

The information you provide within this form will be made available to the SSC and/or SMKI PMA via SECAS – who are the Smart Energy Code Secretariat and Administrator.

Please note that * denotes a mandatory field that the DCC or DCC User must fill in


Part 1: Report of a Security Vulnerability or Security Incident

This report will be reviewed by the SSC and SMKI PMA and referred to any governance groups as appropriate.

Nature of Impact

Part 2

Report of a SMKI Recovery Event (Methods 1, 2 and 3)

If you are using Method 1 to try to recover the SMKI-related Incident and have reported this to the DCC, then nothing further needs to be completed. If you are using Methods 2 or 3, please complete Part 3 below:

Part 3

To be completed only if using Methods 2 or 3

File Uploader

Add any relevant files to your submission

File Upload

  • Allowed Types


    Please complete the captcha question

    Captcha Image