The European Solar Manufacturing Council (ESMC) has called for restrictions on unregulated and remote-control capabilities of solar inverters from “high-risk non-European manufacturers,” mostly from China.

Inverters must be connected to the internet to fulfill essential grid functions. These connections also allow for software updates, meaning manufacturers can remotely alter the performance of these devices.

This control increases cybersecurity risks, such as deliberate interference or mass shutdowns.

Christoph Podewils, Secretary General, ESMC, said, “Today, over 200 GW of European capacity is already linked to inverters manufactured in China – the equivalent of more than 200 nuclear power plants.”

He added, “This means Europe has effectively surrendered the remote control of a vast portion of its electricity infrastructure.”

The council said 70% of the inverters installed in 2023 came from Chinese vendors, mainly Huawei and SunGrow. It expects this figure to exceed 400 GW by 2030. The council also noted that one of these vendors (Huawei) is banned from the 5G sector in many countries and is under investigation in Belgium for bribery and corruption.

Inverter Security Toolbox                                                                        

ESMC has suggested developing an “Inverter Security Toolbox,” including a comprehensive risk assessment of inverter manufacturers.

It called for replicating Lithuania’s proactive legislation and banning inverters from China across all European Union member states to ensure security measures for solar systems of all sizes. This legislative replication will also require banning high-risk vendors from maintaining an online connection to European electricity systems.

“Europe must act now to prevent a future energy crisis rivaling the gas dependency on Russia,” said Podewils.

He extended ESMC’s support for the European Commission’s upcoming assessment of cybersecurity risks in the solar value chain.

In 2022, ESMC released policy proposals for building extensive solar module manufacturing capacities with long-term competitiveness in Europe.

India’s Ministry of Power released guidelines for cybersecurity in 2021 for the power sector to keep the industry secure from cyber-attacks. The guidelines lay down actions required to ramp up security measures across various utilities to raise preparedness in the power sector. They also include a cyber assurance framework that strengthens the regulatory framework, security threat early warning mechanisms, vulnerability management, and response to security threats.