Advancing Circularity through IoT and cyber strategy in the European power sector
Cross-sector research and a pragmatic cyber model showed how utilities can use IoT devices to drive Circular Economy while keeping critical grid devices secure.
Starting point
Under a European Union research program focused on innovation and sustainability, a consortium of policy makers, academics, and industry partners set out to answer a practical question: how can circular economy principles be operationalized in power and utilities using IoT and data, without creating unmanageable cyber risk.
Utilities across Europe were already under pressure to decarbonize while integrating distributed energy resources, digital operations, and new customer-side technologies. Circular economy concepts such as Regenerate, Optimize, and Share were gaining traction in policy and academic circles, but they were often discussed at a high level. The program needed a grounded view of where IoT can actually drive circularity in generation, transmission, and distribution, and how cyber risk should be governed as more devices and data flows come online.
Approach
The European Commission engaged a team of three strategists, including Bhuvan Maingi, now at Strathen Group, to work alongside a global consulting firm and a leading think tank based in Brussels, Belgium. The mandate was to translate circular economy frameworks into concrete IoT use cases for utilities, assess barriers and policy levers, and recommend a cybersecurity operating model proportional to device criticality.
The work began with a structured scan anchored in the ReSOLVE framework. Generation, transmission, and distribution were each mapped against circular economy mechanisms. For each subsector, the team identified IoT-enabled use cases already in the field or close to deployment, including digital twins for conventional assets, microgrids for remote or islanded systems, virtual power plants aggregating distributed resources, and demand response programs for peak reduction and flexibility.
In parallel, the team assessed adoption barriers and enabling conditions. This included smart meter penetration, dynamic pricing availability, interoperability and standards for distributed energy resources, and organizational readiness to act on new data. They examined policy and regulatory timing across EU markets, focusing on where pricing reforms, metering rollouts, or grid modernization programs could unlock circularity-aligned IoT use cases at scale.
A second workstream focused on cybersecurity. Drawing on incident reviews, utility realities, and existing standards, the team contrasted a traditional “coconut” model, which relies heavily on a hard perimeter, with a more nuanced “avocado” model. In the avocado model, devices are segmented by criticality, with layered controls and monitoring concentrated around the core: data-altering devices whose compromise could trigger operational incidents. Read-only or lower-impact devices at the edge receive appropriate but lighter controls, aligning protection with risk.
The findings were synthesized into a white paper and executive brief for European Commission stakeholders, combining the CE–IoT mapping, barrier and policy analysis, and the proposed cyber operating model. The materials were designed to provide a common vocabulary for utilities, policy makers, consultants, and researchers.
Instead of treating circular economy and cyber as abstract topics, the program tied them to specific IoT use cases and a concrete model for protecting the devices that can actually change how the grid behaves.
Outcome
The work gave the program and its partners a clearer view of where IoT can most credibly advance circularity in utilities, and what it will take to scale those use cases.
In generation, the analysis highlighted Regenerate and Optimize mechanisms: digital twins and sensorized assets to extend life and reduce losses, and microgrids that blend renewables, storage, and dispatchable assets to deliver reliable power in remote or constrained locations.
In transmission, the focus was on Optimize and Virtualize: sensorized lines and substations for predictive maintenance and congestion management, and virtual power plants that aggregate distributed resources to stabilize high-renewables grids.
In distribution, the emphasis shifted to Share and Exchange: demand response programs and smart home or distributed energy resource orchestration to shave peaks, reduce technical losses, and enable more flexible, circular use of infrastructure, contingent on sufficient metering and dynamic tariffs.
The cybersecurity strand provided a pragmatic operating model for utilities that were wary of either over-engineering controls or underestimating risk. By segmenting devices by their ability to alter processes and concentrating layered protection around that critical core, utilities could strengthen defenses where incidents would be most damaging, without trying to apply the same controls to every sensor and endpoint.
The CE–IoT roadmap and avocado cyber model have been used to inform discussions on pilots, policy moves, and reference architectures, helping align utilities, regulators, and partners on how to scale circularity with digital technologies in a way that is both ambitious and realistic.
For utilities and policy makers, the real value was a shared blueprint: where IoT and circularity intersect by subsector, what stands in the way, and how to manage cyber risk without stopping innovation.
This work continues to shape how Strathen Group thinks about circularity and digital in utilities, insisting on concrete IoT use cases by subsector and cyber models that prioritize protection where devices can actually change how the system behaves.
