The European Solar Manufacturing Council (ESMC) has raised concerns about the cybersecurity risks associated with internet-connected photovoltaic (PV) inverters, particularly those supplied by non-European manufacturers.
The organisation points to a recent study by DNV, commissioned by SolarPower Europe, which highlights potential vulnerabilities in the current approach to inverter security.
“Today, over 200GW of European PV capacity is already linked to inverters manufactured in China – the equivalent of more than 200 nuclear power plants,” said Christoph Podewils, Secretary General of the ESMC.
“This means Europe has effectively surrendered remote control of a vast portion of its electricity infrastructure.”
Modern PV inverters are typically connected to the internet to provide grid services and interact with energy markets.
These connections also allow for remote software updates, which can be used to adjust performance. However, the DNV report notes that this functionality introduces potential cybersecurity risks, including the possibility of coordinated disruptions.
Listed concerns
The ESMC flagged several points from the DNV paper, including the reported statistic that 70% of inverters installed in Europe in 2023 were from Chinese companies.
Two manufacturers currently have remote access to 168GW of European capacity, with projections indicating this could rise to over 400GW by 2030.
In response, the ESMC has proposed an EU “Inverter Security Toolbox,” based on the existing 5G Security Toolbox.
Recommendations include mandatory risk assessments for inverter manufacturers, restrictions on remote access by high-risk vendors, and consideration of national legislation such as Lithuania’s ban on certain inverters.
These calls align with recent recommendations from SolarPower Europe, which has advocated for harmonised EU-level cybersecurity rules for solar systems above 50kW.
“We support the European Commission’s upcoming assessment of cybersecurity risks in the solar value chain and are ready to contribute our expertise,” Podewils concluded.
