The EU has moved forward with a plan to halt funding for PV projects built with inverters supplied by high-risk vendors.
The move was initially reported by German news outlet Der Spiegel, which said the measure takes effect immediately.
“We are already facing concrete risks that require immediate mitigation,” a European Commission spokesperson told pv magazine. “To this end, the Commission has developed guidance on restricting the use of EU funds for projects involving inverters from high-risk suppliers.”
The guidance requires all EU-funded projects to comply with the latest cybersecurity standards, with the aim of phasing out high-risk suppliers.
“For projects connected, or planned to be connected, to the EU grid (both within and outside the EU), a transitional period is provided for projects already in the pipeline, provided they are notified to the Commission by 1 May and submitted for decision before 1 November,” the spokesperson added. “All other projects should exclude high-risk suppliers.”
For projects outside the EU and not connected, or planned to be connected, to the EU grid, inverters from high-risk suppliers should be phased out by 15 April 2027.
“Targeted derogations are foreseen, such as in cases of delays of more than one year, or other overriding political or security considerations,” the spokesperson said, without providing further details.
Join us on Apr. 29 for pv magazine Webinar+ | Decoding the first massive cyberattack on Europe’s solar energy infrastructure – The Poland case and lessons learned Industry experts will explore real-world cyberattack scenarios, highlight potential vulnerabilities in solar and storage systems, and share practical, actionable strategies to protect your energy assets. Attendees will gain valuable knowledge on how to anticipate, prevent, and respond to cyber threats in the rapidly evolving solar energy sector. In January, the European Commission began to revise its Cybersecurity Act. While presenting the proposals in European Parliament, the commission’s Executive Vice-President for Tech Sovereignty, Security and Democracy, Henna Virkkunen, said dependency on a very limited number of solar inverter suppliers could “pose a significant security risk.” Earlier In December, a security doctrine published by the European Commission identified solar inverters as a high-risk dependency. Last this year, SolarPower Europe published a report on cybersecurity concerns surrounding solar installations in the European Union. Since then, the Dutch government has said it is remaining vigilant to potential cybersecurity threats from solar inverters, while Lithuania has already banned remote Chinese access to management systems of solar, wind and storage facilities. In addition, Czechia’s cybersecurity office said Chinese solar inverters in small power plants are a potential security threat. This content is protected by copyright and may not be reused. If you want to cooperate with us and would like to reuse some of our content, please contact: editors@pv-magazine.com.
By submitting this form you agree to pv magazine using your data for the purposes of publishing your comment.
Your personal data will only be disclosed or otherwise transmitted to third parties for the purposes of spam filtering or if this is necessary for technical maintenance of the website. Any other transfer to third parties will not take place unless this is justified on the basis of applicable data protection regulations or if pv magazine is legally obliged to do so.
You may revoke this consent at any time with effect for the future, in which case your personal data will be deleted immediately. Otherwise, your data will be deleted if pv magazine has processed your request or the purpose of data storage is fulfilled.
Further information on data privacy can be found in our Data Protection Policy.