Swiss utilities face new, measurable expectations: Annex 1a links compliance to the ICT Minimum Standard’s overall maturity score. Many SMEs lack capacity, clear roles, and consistent monitoring. Market offers differ in OT depth and rarely map outputs to DE/RS or the Assessment Tool. Interfaces, onboarding and pricing are often unclear, making decisions and audits harder.

Methods combined a targeted review of StromVG/StromVV (incl. Annex 1a), the ICT Minimum Standard and Assessment Tool, the VSE OT guideline, and selected research with provider interviews and short surveys. A gap analysis mapped A/B essentials (DE.CM and Respond) to what providers deliver.

Category A needs broader source coverage and near-continuous to 24/7 attention, passive OT visibility (SCADA/historian/engineering PCs, remote/vendor access, key chokepoints), tight escalation, short playbooks, and labeled reports tied to Detect/Respond. Category B can start narrower (remote/vendor access, identity/perimeter, core SCADA/historian/engineering servers) with extended hours plus on-call, if escalation is reliable and reports feed the Assessment Tool. Outputs for buyers: two readiness checklists (A/B), a simple decision tree (Yes/Not yet/Not appropriate), and viable alternatives (IR retainer/pay-on-activation, targeted or extended-hours monitoring, shared/federated models, tabletop exercises). To close market gaps, require: a traceability matrix (service → DE/RS → Assessment Tool), a short interface note, a one-page RACI, a high-value initial scope, and a compact evidence pack (monthly summaries, incident notes, improvement log). Action sequence: readiness first, then decision tree, then a bounded pilot with a written evidence plan and one tabletop; if “Not yet,” apply alternatives and hygiene steps, then re-assess. Track two KPIs: time to detect and time to respond.