A new statement from SolarPower Europe addresses the growing cyber threats to European energy infrastructure, as the solar industry calls for urgent updates to EU cybersecurity legislation.
A new report by DNV, commissioned by SolarPower Europe, warns that current regulations focus too heavily on traditional, centralised infrastructure, leaving digitalised solar systems vulnerable.
Modern solar PV systems, especially rooftop installations, are increasingly internet-connected via inverters. While these systems offer resilience and cost-saving potential – up to €160bn per year – their decentralised and digital nature introduces new cybersecurity risks.
“Like any technological revolution, digitalisation presents incredible opportunity, for example, energy system cost savings of €160bn per year,” said SolarPower Europe.
“It also comes with new challenges, like cybersecurity. We didn’t need anti-virus protection for a typewriter, but we do need it for our laptops. As a responsible, forward-looking sector, we have mapped the cybersecurity challenge, and we’re rising to meet it with clear, comprehensive solutions.”
The report identifies 14 risk areas, rating five as medium risk, six as high risk, and three as critical.
While utility-scale solar installations are generally secure, smaller systems often lack adequate protections and are remotely managed through third-party cloud services.
The report recommends two key actions to mitigate these risks: developing sector-specific cybersecurity standards and limiting inverter control from outside the EU.
It also proposes treating control over aggregated rooftop solar systems with the same territorial safeguards as the GDPR.
Although the solar sector has not yet experienced the level of cyberattacks seen in other parts of the energy industry, SolarPower Europe warns that the growing scale of distributed solar systems makes proactive protection essential.
