Introduction

On 28 April 2025, the continental electricity systems of Spain and Portugal collapsed.¹ The Iberian Peninsula blackout cut power to more than 55 million people. Electricity was interrupted for approximately ten hours in most areas and up to twenty hours in others. Parts of southern France connected to the Iberian grid were also affected. It was the largest grid failure in Western Europe in decades.¹

The cause was not a cyberattack, nor was it a single catastrophic equipment failure. The European Network of Transmission System Operators for Electricity’s (ENTSO-E) final report, published in March 2026, identified a sequence of interacting factors: oscillations, gaps in voltage and reactive-power control, differences in voltage-regulation practice, rapid output reductions and generator disconnections, producing fast voltage increases and cascading loss of generation across continental Spain and Portugal.¹

The Iberian blackout was not caused by AI. But it exposed the vulnerability that AI is now being deployed to address and, in doing so, it illuminated the liability framework that will govern AI failures in grid management. Grid operators across Europe, North America and Asia are deploying AI systems for load forecasting, demand response, frequency regulation, renewable integration and real-time grid optimisation. When those systems fail and the lights go out, the liability analysis will be materially more complex than the conventional regulatory failure at issue in the Iberian case.

AI in Grid Management: The Current Deployment

AI integration into electricity grid management is proceeding on three tracks. Load forecasting, where machine-learning models predict electricity demand to optimise generation dispatch and reduce the need for expensive peaking capacity. Renewable integration, where AI systems manage the variability of wind and solar generation by predicting output, coordinating battery storage and adjusting grid parameters in real time. And autonomous grid control, where AI systems make operational decisions about load shedding, frequency regulation and voltage management without waiting for human operator approval.²

Operationally, the case for AI grid management is strong. Replacement of synchronous generators with inverter-based renewable resources has diminished overall system inertia, making grids more vulnerable to frequency disturbances.² Traditional grid management relied on the inherent stability provided by large rotating generators. A grid powered substantially by solar panels and wind turbines requires active management to maintain the frequency and voltage stability that rotating mass previously provided. Real-time grid stability increasingly depends on automated control systems operating at speeds human operators cannot match. AI may sit around that control layer through forecasting, optimisation and decision-support, but the fastest stability interventions remain heavily dependent on engineered protection and control systems.

The regulatory exposure tracks the capability. A grid operator that deploys AI for real-time frequency management has adopted a system capable of responding to disturbances faster than any human operator. If that system fails to respond, or responds incorrectly, the operator’s liability will be assessed against the capability of the system it chose to deploy rather than against the slower human-operator standard it replaced.

The Iberian Blackout and Grid Operator Liability

The liability framework for grid failures varies across jurisdictions, but the common principle is that the transmission system operator bears a duty to maintain system security. In Spain, Red Eléctrica operates under obligations imposed by the Spanish Electricity Act and the European Network Codes. In the United States, the North American Electric Reliability Corporation (NERC) administers and enforces mandatory reliability standards under Federal Energy Regulatory Commission (FERC) oversight.³ In the United Kingdom, National Grid ESO (now the National Energy System Operator) operates under licence conditions imposed by Ofgem.³

ENTSO-E’s investigation confirmed that excess renewable generation did not trigger the blackout. The failure sequence lay in voltage control, reactive-power management, stabilisation capability and generator-disconnection dynamics.¹ The allocation questions will take years to resolve. European grid operators reported that a decade-long legal battle over responsibility was plausible.¹

For AI-managed grids, the Iberian precedent establishes the baseline: the grid operator is responsible for system security regardless of the tools it uses. AI does not transfer that responsibility to the technology provider. If a grid operator deploys an AI system for voltage control and the system fails to prevent a cascading blackout, the grid operator remains liable for the system failure because it chose to rely on that system. The technology provider may face secondary claims in product liability or under contractual indemnities, but the primary duty to the public sits with the operator.

Algorithmic Energy Trading and Market Manipulation

AI is now widely used in wholesale energy markets for automated trading, price forecasting and arbitrage between spot and futures markets. The parallels with algorithmic trading in financial markets are direct, but energy markets have sector-specific manipulation risks because energy is a physical commodity that must be generated, transmitted and consumed in real time.⁴

FERC regulates wholesale energy markets in the United States under the Federal Power Act. Market manipulation in FERC-regulated wholesale electricity markets is prohibited principally through Federal Power Act § 222, 16 U.S.C. § 824v, and FERC’s Anti-Manipulation Rule, 18 C.F.R. § 1c.2. The question of whether an AI trading system that exploits structural features of market design constitutes manipulation mirrors the Mango Markets problem in cryptocurrency: if the algorithm operates within the rules of the market as designed, is exploiting an inefficiency fraud or is it rational trading?⁴

The distinction from crypto is that energy markets are subject to mandatory regulatory oversight. FERC can impose civil penalties of at least USD 1 million per day per violation, with the statutory maximum subject to inflation adjustment, and can refer matters for criminal prosecution. The deployment of AI trading systems in energy markets creates a duty of supervision on the market participant that deploys the system. If an algorithm identifies and exploits a pricing anomaly in a way that distorts the market, the participant cannot claim that the algorithm acted independently. The participant designed, deployed and profited from the system.

AI Data Centres and Grid Capacity

On 23 October 2025, the Department of Energy sent a Section 403 directive to FERC to commence a rulemaking to accelerate the interconnection of large loads, explicitly including AI data centres.⁵ The directive responded to the reality that AI data centre construction is consuming grid capacity at a rate that threatens reliability in multiple regions. PJM Interconnection, which operates the largest wholesale electricity market in the United States, has reported a sharp increase in large-load and data-centre-driven interconnection pressure, making AI data-centre demand a central reliability and planning issue.⁵

FERC’s challenge is to balance the economic demand for AI data centre capacity against the reliability obligations imposed by its statutory mandate. The liability dimension arises when grid capacity allocated to AI data centres reduces the reserve margin available for residential and commercial consumers. If a grid operator approves data centre interconnections that compromise system reliability and a blackout results, the operator’s allocation decision will be scrutinised against its reliability obligations.

The political dimension is explicit. The DOE’s Section 403 letter characterised grid access for AI data centres as a matter of economic competitiveness and national security.⁵ The regulatory framework must accommodate political pressure for rapid interconnection while maintaining the engineering margin necessary to prevent cascading failures.

The EU AI Act and Energy Infrastructure

Under the EU AI Act, AI systems intended to be used as safety components in the management and operation of critical infrastructure, including electricity supply, are classified as high-risk.⁶ AI systems used for grid control, load management, energy dispatch and network operation will fall within the high-risk regime where they are intended to operate as safety components in the management or operation of electricity supply or other covered critical infrastructure. Those dates are now politically in flux. The May 2026 Digital Omnibus provisional agreement would move standalone high-risk AI obligations to 2 December 2027 and product-embedded high-risk AI obligations to 2 August 2028, subject to formal adoption.⁶

The practical consequence is that AI systems already deployed in European grid operations will need to be brought into compliance with the Act’s requirements, including conformity assessments, technical documentation and post-market monitoring. For grid operators, this creates a dual regulatory burden: compliance with the existing energy regulatory framework (the European Network Codes, national electricity legislation and ENTSO-E standards) and compliance with the AI Act’s horizontal requirements for high-risk AI systems.

How these two regulatory layers interact has not been fully mapped. The energy regulatory framework prescribes what the grid operator must achieve (system security, frequency stability, supply adequacy). The AI Act prescribes how the AI tools used to achieve those outcomes must be built, tested and monitored. A grid operator could be compliant with the AI Act’s requirements for its AI system and still suffer a blackout because the AI system, while meeting the Act’s technical standards, was not adequate for the specific grid conditions it encountered.

Strategic Outlook

The electrification of transport, heating and industrial processes is increasing demand on grids that are simultaneously transitioning from synchronous generation to variable renewable sources. AI is one of the technologies now being used to make that transition operationally manageable. The liability framework for AI-managed grids will be shaped by three dynamics.

Grid operator liability will not diminish because the operator delegates operational decisions to AI. The Iberian blackout demonstrates that the operator bears responsibility for system security regardless of the tools it deploys. The operator’s duty of care includes the selection, validation and monitoring of AI systems and the maintenance of human oversight sufficient to intervene when those systems fail.

Energy trading liability will follow the pattern established in financial markets and, more recently, in DeFi: the deployer of an algorithmic trading system is responsible for the system’s market conduct. FERC’s enforcement powers provide a sector-specific regulatory mechanism that DeFi markets lacked in the Mango Markets litigation, where the attempt to apply conventional market-manipulation doctrine produced a contested and ultimately unstable criminal result.

The AI Act’s classification of grid management AI as high-risk will create compliance obligations that go beyond existing energy regulation. The interaction between the two regulatory frameworks will produce interpretive disputes. European grid operators will face the challenge of meeting energy-security obligations with AI tools that must simultaneously satisfy the Act’s trustworthiness requirements.

The grid is the infrastructure on which every other sector depends. When AI-managed grids fail, the economic, social and political consequences will exceed those of any other AI failure outside military applications. The liability framework for that failure is being constructed now, through regulatory rulemaking, insurance market pricing and the contractual allocation of risk between grid operators, technology providers and the governments that are simultaneously mandating the energy transition and the AI deployment intended to make it work.

Notes

1. 2025 Iberian Peninsula blackout, 28 April 2025; power lost across Spain, Portugal and parts of southern France; approximately 55 million people affected; power interrupted for 10-20 hours. ENTSO-E expert panel factual report October 2025; final report published 20 March 2026 identified sequence of interacting factors including oscillations, voltage and reactive-power control gaps, differences in voltage-regulation practice, rapid output reductions, generator disconnections and uneven stabilisation capabilities. ENTSO-E confirmed excess renewable generation did not trigger the blackout. IEEFA, pv-magazine, ENTSO-E reporting.

2. AI grid management applications: load forecasting, renewable integration, autonomous grid control. Replacement of synchronous generators with inverter-based resources reduces system inertia and increases vulnerability to frequency disturbances. AI Frontiers, academic literature on AI grid stability.

3. NERC mandatory reliability standards administered under FERC oversight (United States). National Energy System Operator under Ofgem licence conditions (United Kingdom). European Network Codes and ENTSO-E standards (EU).

4. Federal Power Act § 222, 16 U.S.C. § 824v; FERC Anti-Manipulation Rule, 18 C.F.R. § 1c.2. FERC civil penalties of up to USD 1 million per violation per day. Mango Markets/Eisenberg: convictions subsequently vacated by the district court (Venable, June 2025 reporting).

5. Department of Energy Section 403 directive to FERC, 23 October 2025, directing rulemaking to accelerate large-load interconnection including AI data centres. PJM Interconnection data centre interconnection demand. Technostatecraft, Utility Dive reporting.

6. EU AI Act (Regulation (EU) 2024/1689); critical infrastructure AI classified as high-risk under Article 6 and Annex III. High-risk obligations originally scheduled for August 2026. Digital Omnibus provisional agreement 7 May 2026 (Consilium press release): standalone high-risk AI obligations moved to 2 December 2027; product-embedded high-risk AI obligations moved to 2 August 2028; subject to formal adoption. Kennedys Law, Gardner Law, Consilium reporting.