The AID4RISC-V-EPES lab access enabled a continuation of a previous innovative validation activities of intrusion detection in digital substations of Electric Power and Energy Systems (EPES). In a previous lab access at NSGL in Trondheim, we managed to design and implement a wide area testbench offering hardware-in-the-loop substation operational environment with emulated PowerGrid data. This allowed us to perform advanced validation of a private company’s R&D asset of anomaly-based intrusion detection of high impact attacks. This lab access extended the previous testbench with a focused Edge computing and RISC-V processor architecture to enable validation of our intrusion detection on edge. This new application is strongly aligned with an ongoing EU co-funded project CROSSCON1, and allows us to implement a new (external) use case for the project of protecting edge applications executed on RISC-V processor platforms in digital substations. In our context, the edge application is an implementation of IEC 61850 GOOSE/SV protection function and communications in a physical bus in a substation testbed. There is a strong innovation direction in the EU on adoption of open-source hardware-based solutions, such as those based on RISC-V, for a range of application domains including HPC, IoT, Cloud-edge continuum, automotive, etc. The main results of this lab access can be summarised as (i) Optimised deep learning models for detection of cyber-attacks on the Edge; and (ii) Performance evaluation of deep learning models on embedded systems and restricted IoT devices, such as Xilinx Arty Z7. Regarding optimisation, we managed to co-relate DL model architecture and parameters size to the efficiency of ARM and RISC-V processors. Particularly, we found an optimal state of the size of model parameters that allowed efficient execution of models and at the same time maintain an excellent detection rate of attacks. Furthermore, the size of the model is a factor of several times smaller in memory than the full model parameters size, and the prediction time per single flow telemetry improved 99%. We do, however, recognise that there is always a price on decreasing the parameters’ state size where some deviations of traffic may not be detected as in full state, but in our experiments, we did not observe any deficiency or any limit of detection. We evaluated the performance of our deep learning models on (i) bare-metal RISC-V implementation on Xilinx Arty Z7 board; and (ii) Linux system on ARM Cortex A76 on Raspberry Pi 5. We concluded that our intrusion detection solution is efficient and scalable on edge computing either as a full system deployed on ARM processors, or using RISC-V as a hardware accelerator for our model execution on bare metal. The benefit of RISC-V bare metal model execution is the constant performance in prediction per second of deep learning, and also in terms of energy efficiency of the RISC-V instruction set. A follow up joint publication is planned on the results of the lab access application.