Inside ENODA's European Blockchain Sandbox Experience 

How regulatory dialogue is shaping the future of DLT in energy markets 

Energy markets have rules. Lots of them. Network codes, cyber-security requirements, data-sharing obligations, role definitions for aggregators and operators. These exist for good reason, but they were written when balancing services came from large, centralised assets, not from thousands of distributed energy resources coordinated through a shared digital ledger. 

When we set out to build Ensemble, a distributed ledger platform for coordinating energy balancing services across Europe, we knew the technology was only half the challenge. The more complex question was how we could shape our approach to successfully operate within a regulatory framework that had not been designed for it. 

What is the European Blockchain Sandbox? 

The European Blockchain Sandbox is an initiative of the European Commission, funded through the Digital Europe Programme and facilitated by an experienced senior legal team at Bird & Bird. Running from 2023 till 2025, it supported 20 innovative blockchain use cases annually through structured regulatory dialogues with national and EU authorities. 

The sandbox doesn't offer regulatory approval or legal endorsement. What it does offer is something arguably more valuable: a confidential, solutions-focused environment where innovators and regulators can work through hard questions together. The output isn't a certificate. It's regulatory clarity. 

For the third cohort, announced in April 2025, ENODA was selected alongside 19 other use cases. Our dialogues ran from June through November 2025, with the Best Practices Report published February 2026. 

Why we applied 

Ensemble isn't a typical blockchain project. We're building infrastructure that allows transmission and distribution system operators, aggregators, and distributed energy resource owners to coordinate balancing services with cryptographic evidence of what was bid, dispatched, and settled. 

That positioning creates regulatory questions without straightforward  answers: 

• Data Act interplay. The EU Data Act establishes horizontal rules for data sharing. But energy has its own sector-specific legislation, implemented differently across Member States. When a device-generated data-sharing platform operates in energy, which rules take precedence? 

• Cybersecurity classification. The NIS2 Directive covers entities providing balancing services. The Cyber Resilience Act covers products with digital elements. The Network Code on Cybersecurity addresses cross-border electricity flows. If you're an aggregator using DLT-based settlement and coordinating smart grid hardware across multiple jurisdictions, how do you position yourself across these frameworks? 

• Auditability and evidence. One of Ensemble's core value propositions is providing tamper-evident records. But what legal weight does a cryptographic commitment carry in a settlement dispute? How do regulators view hash-based proofs versus raw data? 

• Role definitions. Energy regulation defines specific market roles: TSOs, DSOs, BSPs, BRPs, aggregators. Digital regulation defines others: data holders, service providers, managed security service providers. When a single platform touches multiple roles across both domains, how do you classify it? 

These weren't questions we could answer by reading legislation. We needed dialogue. 

What the process looked like 

The Sandbox Protocol establishes a structured approach: use case owners submit detailed documentation, then the facilitating consortium matches them with relevant authorities. In our case, that meant energy regulators, data protection authorities, and cybersecurity specialists from across the EU/EEA. 

The dialogues themselves are confidential by design. Confidentiality enables candour. Regulators can explore hypotheticals without setting precedent. Innovators can describe their architecture without competitive exposure. 

The dialogues consisted of multiple sessions over a few months. Bird & Bird's legal experts facilitated, helping translate technical architecture into regulatory terms and vice versa. The average third-cohort dialogue involved approximately eleven regulators per use case, with representation from authorities responsible for electricity markets, network security, personal data, and digital infrastructure. 

Key themes that emerged 

While specific dialogue content remains confidential, several themes have broader relevance: 

Sector-specific regulation isn't disappearing. Horizontal frameworks like the Data Act and NIS2 will work alongside, not replace, sector-specific rules. DLT solutions in energy need to speak both languages. 

Classification requires case-by-case analysis. Whether an aggregator using blockchain qualifies as an essential entity under NIS2, or whether its components constitute products with digital elements under the CRA, depends on specific architectural choices, contractual arrangements, and operational realities. 

Auditability has regulatory value. The ability to provide cryptographic evidence of commitments resonates with authorities concerned about market integrity and compliance verification. 

Compliance-by-design beats retrofit. Data minimisation through cryptographic commitments. Role-based access controls that map to regulatory permissions. Security postures aligned to recognised frameworks like IEC 62443 and ISO 27019. These choices are easier to make early. 

What we changed 

The dialogue refined our approach. Our documentation now explicitly addresses the interplay between horizontal and sector-specific regulation. Our compliance roadmaps incorporate the emerging cybersecurity certification landscape. Our data-flow architecture has been stress-tested against Data Act obligations. 

More fundamentally, the process reinforced that regulatory engagement isn't a box to tick before market entry. It's a continuous discipline. The frameworks are evolving, and staying in dialogue is the only way to build infrastructure that lasts. 

What's next 

We'll continue engaging with regulators as frameworks evolve, refining our compliance approach, and advocating for sandbox initiatives that bring innovators and authorities together in productive dialogue. 

Building the energy system of the future requires technology that works. It also requires technology that fits into markets, regulations, and the institutional structures that keep the lights on. The European Blockchain Sandbox gave us a structured way to test that fit, but also a forum to give regulators feedback where outdated regulation might be inadvertently harming emerging technology. 

ENODA is building Ensemble, a web3 coordination and settlement platform for distributed energy resources. This article is the first in a series exploring regulatory themes from our EBS participation.