A protection relay vendor recently told PTR that their biggest competitive threat isn't a rival relay manufacturer. It's a software company they've never heard of.
That's not a warning sign on the horizon. It's happening now. Substation virtualization is dismantling the product boundaries OEMs have built their businesses around for decades - and the companies that treat this as a product evolution will lose to the ones treating it as a business model reinvention.
Here's what the transformation actually looks like, and what it demands from every player in the substation automation ecosystem.
The Hardware Catalog Is Losing Its Power
For most of the past 30 years, a substation OEM's job was clear: produce the most reliable, standards-compliant hardware device in its category. Utilities specified by product. Tenders listed brands. The approved vendor list was the moat.
Virtualization breaks that model at its foundation. With software-defined architecture, intelligent electronic devices (IEDs) consolidate into dozens of high-performance servers, delivering significant benefits for all stakeholders.[1] In practice, the individual product spec - response time per device, form factor, panel footprint - stops being the primary evaluation criterion. System-level outcomes take over.
Utilities are now asking: Can you deliver availability across the whole substation? Can you enable predictive analytics without a hardware refresh cycle? Can you push a security patch without dispatching a field crew?
OEMs that answer those questions with a hardware catalog aren't answering the question at all.
| Dimension | Traditional OEM Model | Software-Defined Service Model |
|---|---|---|
| Core product | Hardware IEDs, relays, panels | Virtualized software applications (vIEDs) |
| Value proposition | Spec-sheet performance per device | System-level outcomes: availability, resilience, insight |
| Revenue model | CAPEX: one-time equipment sale | OPEX: subscriptions, managed services, updates |
| Customer relationship | Project-based, periodic upgrades | Continuous, lifecycle engagement |
| Cybersecurity | Add-on, post-deployment | Built-in by design (IEC 62351, NIS2) |
| Update cycle | Hardware replacement (7-15 years) | Software patches and functional upgrades (continuous) |
| Ecosystem posture | Proprietary, closed architecture | Open, interoperable, multi-vendor compatible |
| Competitive moat | Legacy installed base | Service depth, data, and ecosystem integration |
Cybersecurity Is No Longer a Feature. It's the Baseline.
PTR's analysis of utility buying behavior consistently surfaces cybersecurity and system monitoring as the highest-priority service components utilities evaluate when assessing virtualized substation vendors. This isn't about compliance checkboxes - utilities are navigating real operational risk.
The EU Network Code on Cybersecurity (NCCS) sets a European standard for the cybersecurity of cross-border electricity flows, including rules on cyber risk assessment, common minimum requirements, and cybersecurity certification of products. For OEMs selling into European transmission and distribution markets, this isn't optional. The compliance burden lands directly on vendors who embed software into grid-critical systems.
Centralized systems improve cybersecurity management across numerous devices - one of the structural advantages virtualization offers over distributed IED architectures. But that advantage only materializes if cybersecurity is built into the virtualized platform from day one, not retrofitted after launch.
The OEMs getting this right have reframed cybersecurity as an architecture decision, not a product feature. Standards compliance - IEC 62351, NERC CIP, NIS2 - becomes part of the engineering brief, not the sales pitch.
The CAPEX-to-OPEX shift is the hardest part of the OEM transformation. Most utility procurement frameworks are built around regulated asset base (RAB) models that reward capital investment. OEMs moving to subscription and managed-service models must help utilities re-frame digital infrastructure as a cost-reducing OPEX play - not just a technology upgrade. This requires new commercial conversations, not just new product catalogs.
No Single OEM Can Own IT/OT Convergence - And Utilities Know It
Here's the dynamic that catches incumbents off-guard: utilities don't expect any single OEM to solve IT/OT convergence alone. They expect their vendors to know how to operate inside an ecosystem.
The market signal is clear. SEAPATH is an open-source software hypervisor designed for IEC 61850 Digital Substation Automation Systems, built as an industrial-grade solution dedicated to the critical context of digital stations, meeting the challenges of interoperability, real-time performance, high availability, standards compliance, and cybersecurity constraints. SEAPATH hosts and runs vPAC (Virtualized Protection, Automation and Control) applications for the power grid industry. Major TSOs including RTE and National Grid Electricity Transmission are already contributing to and deploying SEAPATH in live environments - not waiting for a proprietary OEM solution to mature.
The vPAC Alliance pushes the same direction: open, interoperable standards that let utilities mix and match best-of-breed solutions rather than accept monolithic stacks from a single vendor. Utilities are explicit about this. Vendor lock-in is a disqualifier, not just a concern.
For OEMs, the strategic implication is uncomfortable but clear: your product needs to work inside someone else's architecture. The ecosystem IS the product. OEMs that design for interoperability and actively build partnerships with IT infrastructure providers, cloud analytics vendors, and cybersecurity specialists will get specified. Those that compete against openness will get designed around.
The Moves Being Made Right Now
The early movers in this transition are making concrete bets that signal where the market is heading.
Siemens launched SIPROTEC V, which consolidates the functionality of up to 60 hardware-based SIPROTEC 5 devices into a single server-based solution. It achieves CAPEX reduction of up to 25% by minimizing installed protection and control panels, reduces space utilization by up to 45%, and slashes carbon emissions by up to 50% through elimination of extensive copper cabling. Critically, SIPROTEC V breaks traditional dependencies between protection and control software and embedded devices - its software-defined approach enables protection and control applications to scale virtually within a substation, supporting centralization of up to 60 virtual IEDs. This is Siemens repositioning a flagship hardware product line as a software-defined service platform.
Nokia is addressing the communications layer virtualization depends on, evolving grid communications infrastructure to unlock the benefits of virtualizing OT and PAC systems in substations - a segment that previously sat outside the traditional protection OEM's scope entirely.
At DISTRIBUTECH 2026, Crystal Group and Lanner both showcased IEC 61850-3 certified servers purpose-built for substation environments - rugged computing infrastructure designed specifically to host vIED workloads. These aren't IT companies entering the grid space by accident. They're targeting the physical compute layer every virtualized substation requires.
The pattern across all of these moves: virtualization enables comprehensive digital testing of substation protection and control technology before commissioning, which simplifies installation, speeds up testing, minimizes errors, and allows quick adaptation to changing system requirements regardless of hardware limitations.
What the Strategic Pivot Actually Requires
Understanding the technology shift is the easy part. The harder question is what OEMs need to change organizationally and commercially.
Invest in service infrastructure as much as product R&D. A virtualized protection system that can't be remotely updated, monitored, or supported as a managed service isn't a service - it's hardware with a software wrapper. Utilities will treat it as such during vendor evaluation.
Build modular, ecosystem-compatible offerings. SIPROTEC V's modular software architecture allows rapid adaptation to evolving system requirements, unconstrained by hardware limitations, enabling seamless deployment of software updates, patches, and functional enhancements. Modularity isn't a product feature - it's a go-to-market position that signals compatibility with the multi-vendor architectures utilities are actively building toward.
New entrants should target high-value gaps, not full-stack competition. Simulation and digital twin capabilities, predictive analytics, and cybersecurity-as-a-service sit at the intersection of high utility demand and limited OEM supply. Most electricity network operators in the EU are regulated under models that allow TSOs and DSOs to earn returns on capital expenditures such as substations or transformers, but often provide no comparable incentive for investments in software platforms, analytics tools, or cloud-based services - with digital solutions frequently falling under operational expenditures. Companies that help utilities reframe the OPEX conversation - building ROI cases around reliability improvement and deferred capital replacement - will win specifications on commercial merit, not just technical capability.
Cybersecurity posture becomes a vendor selection criterion. OEMs that demonstrate compliance with IEC 62351, NERC CIP, and the EU NCCS as a baseline - not as an optional module - will clear a bar many competitors cannot.
The OEMs that lead the virtualized substation market won't necessarily be those with the largest hardware installed base. They'll be the ones that recognized, early enough, that their customers stopped buying equipment and started buying outcomes. Understanding the grid modernization and substation automation market dynamics driving this transition is what separates vendors that get specified from those that get bypassed.
The Business Model Gap Is the Real Competitive Threat
Most OEM boardrooms are focused on the technology roadmap. The harder conversation is about the revenue model.
Utilities adopting virtualized substation platforms aren't buying a product once every 15 years. They're entering a continuous service relationship - software updates, cybersecurity monitoring, performance analytics, configuration management. That relationship requires sales capability, support infrastructure, and pricing models most hardware OEMs have never needed to build.
The OEMs that close this gap - between technical capability and commercial service delivery - will define the approved vendor lists of the next decade. Those that don't will find themselves specified out, not because their hardware was inferior, but because their business model no longer matched what utilities needed to buy.
PTR's market intelligence services track exactly these dynamics - where utility demand is forming, which vendors are gaining specification traction, and what decision criteria look like from the utility side of the table.
