The EMSC bases its analysis and demands on the recently published report by DNV on behalf of SolarPower Europe.
“Today, over 200 GW of European PV capacity is already linked to inverters manufactured in China – the equivalent of more than 200 nuclear power plants,” said Christoph Podewils, the ESMC Secretary General. “This means Europe has effectively surrendered remote control of a vast portion of its electricity infrastructure.”
Significant cybersecurity threats
“The risk is not theoretical“, Podewils underlined. Modern inverters are required to be connected to the internet to fulfill essential grid functions or to participate in the power market. However, these connections also allow for software updates – meaning any manufacturer can alter the performance of these devices remotely.
SolarPower Europe calls for action plan to save the European PV inverter industry
This introduces significant cybersecurity threats, including the potential for deliberate interference or mass shutdowns. The DNV report would reinforce this concern and warns of the real possibility of cascading blackouts caused by malicious or coordinated inverter manipulation.
Further concerns include:
• 70% of all inverters installed in 2023 came from Chinese vendors, mainly Huawei and Sungrow.
• These two companies alone already control remote access to 168 GW of PV capacity in Europe (DNV Report, p. 40).
• By 2030, this figure is projected to exceed 400 GW – comparable to the output of 150–200 nuclear power plants.
• One of these vendors is already banned from the 5G sector in many countries and is currently under investigation in Belgium for bribery and corruption.
Restrict remote access from high-risk vendors
In light of these findings, the ESMC calls for the immediate development of an EU "Inverter Security Toolbox", modeled after the successful 5G Security Toolbox. This would involve:
• A comprehensive risk assessment of inverter manufacturers.
• A requirement that high-risk vendors must not be permitted to maintain an online connection to European electricity systems.
• Consideration of outright bans for such vendors from connecting to the grid.
• A replication of Lithuania’s proactive legislation - banning inverters from China - across all EU Member States – ensuring security measures apply to PV systems of all sizes.
“Europe must act now to prevent a future energy crisis that would rival the gas dependency on Russia,” said Podewils. “We support the European Commission’s upcoming assessment of cybersecurity risks in the solar value chain and are ready to contribute our expertise.” (hcn)
