A security doctrine published by the European Commission has identified solar inverters from Chinese suppliers as a high-risk dependency.
The document, on how to strengthen EU economic security, outlines how the bloc plans to react to growing external economic threats. It says the commission’s immediate focus will be on six priority high-risk areas, identified as reducing strategic dependencies for goods and services; attracting safe investment into the EU; supporting Europe’s defence, space and critical industrial industries; securing EU leadership across critical technologies; protecting sensitive data and shielding Europe's critical infrastructure.
The communication goes on to specifically highlight reliance on solar inverters as an example of a security risk due to supplier concentration, cyber-manipulation risks, access to grid-relevant operational data and the possibility of actors infiltrating supply chains. Today, around 80% of Europe’s PV systems rely on Chinese inverters.
The commission plans to address these risks via a coordinated assessment under the NIS2 directive, the EU’s cybersecurity framework, to be concluded next year. It says this work will include mitigation measures focused on strengthening preparedness and identifying vulnerabilities using certification and standardization under the Cyber Resilience Act and non-price criteria under the Net Zero Industry Act.
“The Commission will monitor market developments and seek to prevent or mitigate high-risk investments,” the document states. “The Commission will continue to assess the role of foreign subsidies that may distort the level playing field in solar energy markets, notably through subsidized imports.”
Mainstream semiconductors, battery electric vehicles, key components for drones and detection equipment at EU borders are listed as other high-risk dependency areas in the communication.
The European Solar Manufacturing Council (ESMC) has released a statement saying it strongly supports the strategic shift outlined in the document.
The council says it particularly welcomes the council’s intention to “support the development of trusted suppliers of critical subcomponents in the EU and in trusted third countries so that there are viable alternatives” and reiterated that European and other Western manufacturers remain on the technological forefront, with the manufacturing capacity to meet all of European demand.
ESMC is calling for a series of actions, including the establishment of an EU-level whitelist of trustworthy inverter vendors based on cybersecurity and jurisdictional risk criteria that is integrated into NIS2, the ICT supply‑chain toolbox, NZIA Articles and all relevant EU network codes. It also says EU member states should be permitted to deny grid connection to inverter hardware from high-risk vendors.
ESMC Secretary General, Christoph Podewils, added that the doctrine should act as a wake-up call for member states. “They now need to work on massively reducing dependencies and cyber risks,” he added.
The council has established an Inverter, Storage and Energy Management Systems Forum, open to ESMC members and eligible Western non-members, that it says will work with grid operators, energy-security agencies, standardization bodies and other stakeholders to advance Europe’s digital and energy resilience.
In May, ESMC published a warning that Europe's energy sovereignty is at risk due to the unregulated and remote control capabilities of solar inverters from high-risk, non-European manufacturers. In September, Czechia’s cybersecurity office said Chinese solar inverters in small power plants are a potential security threat.
This content is protected by copyright and may not be reused. If you want to cooperate with us and would like to reuse some of our content, please contact: editors@pv-magazine.com.
By submitting this form you agree to pv magazine using your data for the purposes of publishing your comment.
Your personal data will only be disclosed or otherwise transmitted to third parties for the purposes of spam filtering or if this is necessary for technical maintenance of the website. Any other transfer to third parties will not take place unless this is justified on the basis of applicable data protection regulations or if pv magazine is legally obliged to do so.
You may revoke this consent at any time with effect for the future, in which case your personal data will be deleted immediately. Otherwise, your data will be deleted if pv magazine has processed your request or the purpose of data storage is fulfilled.
Further information on data privacy can be found in our Data Protection Policy.