The DIP Assurance Strategy ensure that parties interact with the DIP in line with agreed standards.

All DIP content pages

 

Contact information

For all DIP enquiries, contact Elexon Support

How we monitor compliance

The rules governing how Elexon intends to monitor DIP User compliance are set out in DSD003 – DIP Assurance and Reporting

These activities will provide transparency, support accountability, and help maintain the reliability and integrity of the platform as it becomes a central part of the market’s digital infrastructure.

Annual assurance timeline

The DIP Assurance Strategy follows the financial calendar and aligns with the industry’s Performance Assurance Operating Period (POAP).

The strategy operates on an annual cycle, starting in full from April 2026, with key activities taking place in the first quarter of each year:

January – DIP Risk Evaluation

We begin the year by assessing potential risks that could impact the Data Integration Platform (DIP) or its users. This evaluation may involve consultation with DIP Users to ensure a comprehensive understanding of emerging risks.

February – Consultation and Review

DIP Risk Operating Plan consultation: A draft of the DIP Risk Operating Plan is shared with stakeholders for feedback and discussion.

Annual Assurance Report: We publish a review of the previous year’s Risk Operating Plan, highlighting successes and areas for improvement.

March – Finalisation of the Risk Operating Plan

The final DIP Risk Operating Plan is issued, detailing how identified risks will be monitored, assessed, and managed throughout the year using targeted assurance techniques.

Timeline for transition period September 2025 – March 2026

To align with the mid-year launch of the DIP production environment and the reduced number of interfaces that will be sent to begin with, the DIP Manager has adapted the DIP Assurance Strategy to cover a transitional six-month period. This approach ensures continuity and effective risk management ahead of the full-year cycle beginning in April 2026.

The strategy will adopt a light-touch approach to minimise the burden on new DIP Users during this significant period of transition.

End of June 2025 – Compilation of DIP Risk Register

The DIP Manager will begin by compiling a register of potential failures in the DIP Rules and identifying the parties that may be impacted. This forms the foundation for risk evaluation.

End of July 2025 – DIP Risk Evaluation

A formal evaluation of identified risk events is conducted. The outcomes of this evaluation inform the development of the draft DIP Risk Operating Plan.

Beginning of August 2025 – Consultation on the Risk Operating Plan

The draft DIP Risk Operating Plan is published on the Elexon website for a 15 working day consultation period, allowing stakeholders to provide feedback.

End of August 2025 – Finalised Risk Operating Plan

Following consultation, the finalised DIP Risk Operating Plan is issued. For this transitional period, the plan will adopt a light-touch assurance strategy, tailored to the six-month timeframe.

Risk Register

The DIP Risk Register is a key component of the DIP Assurance Strategy, designed to capture and track potential risks that could impact the integrity of data exchange across the market.

A DIP Risk is defined as:

A potential failure or issue within a DIP User’s processes, systems, or interfaces that may lead to inaccurate, incomplete, delayed, or misrouted data exchange between market participants.

The Risk Register will provide a structured overview of these risks, detailing their causes, potential impacts, and any planned mitigation measures. It supports transparency and proactive risk management, helping to safeguard the reliability and efficiency of the DIP.

Risk ID

Category

Title

Description

Issue

Risk references

1

Operational

Incomplete or Failed DIP Onboarding
  • Risk that a DIP Applicant is not onboarded successfully and in a timely manner.
  • Risk that DIP Manager does not perform technical and non-technical checks correctly.
  • Code Bodies do not inform the DIP Manager of Qualification completion.

Prevents access to DIP, halting participation

DSD002 section 2

2

Security

Certificate Failure
  • The Risk that a Digital Certificate is created, maintained or revoked incorrectly.
  • Risk that a Digital Certificate is compromised.

Potential data breach or denial of service

DSD002 section 4

3

Security

Private Key Compromised
  • Risk of Private Key compromised by DIP User or DCP.
  • Risk that digital signatures are not created correctly.

Identity spoofing, fraudulent access

DSD002 Annex 2 section 4

4

Security

Cyberattack
  • Risk of cyberattack on DIP infrastructure.
  • A DIP user system causes introduces malware or causes a cyber security incident.

Platform disruption, data exposure

DSD002 Annex 2 section 6

5

Security

Personal Data Breach
  • Risk that a DIP User’s system causes a data breach

ICO fines

DSD002 Annex 2 section 7

6

Technical

DIP Message Failure
  • Risk of DIP message loss or corruption in transit
  • Risk that DIP messages are not responded to in the prescribed latency.

Settlement and operational errors

DSD002 Annex 2 section 9

7

Compliance

ISO27001 Non-compliance
  • Risk of system breach or audit failure

System breach, audit failure

DSD002 Annex 2 section 10

8

Technical

Failure of API/Webhooks
  • Risk of APIs and webhooks not working correctly.
  • Risk that DIP Users do not use APIs or webhooks correctly

Messaging downtime or duplication

DSD002 Annex 2 section 11

9

Technical

DIP System Performance
  • Risk of DIP infrastructure overload or underperformance during peak volumes.
  • The Risk that DIP User systems cannot handle DIP messages during peak volumes.

Delayed or dropped messages

Risk references

10

Financial

Late/Failed Payments by DIP Payees
  • Risk that DIP Payees do not pay

Cash flow issues, emergency funding requirements

DSD002 section 2

11

Operational

Incorrect DIP Off-Boarding
  • Risk that a DIP User is Off-Boarded incorrectly.
  • Risk that a DIP User is suspended incorrectly.

Loss of service for DIP User

DSD002 section 4

12

Operational

SoLR Failure
  • Risk that the DIP manager does not route DIP messages from a previous Supplier to the SoLR

Messages missed by SoLR

DSD002 Annex 2 section 4

 

Risk evaluation for 2025/2026

The DIP Manager Risk Evaluation Document (DM RED) has been developed to assess potential risk events that could occur between September 2025 – April 2026 that may directly affect a DIP users ability to fulfil the obligations set out in the DIP Rules.