The real cybersecurity debate around chinese inverters is only just beginning

The European Commission has announced restrictions on public funding for projects that use high-risk inverter vendors, including Chinese manufacturers, marking a significant policy shift in the solar sector. While these measures aim to enhance energy independence and address cybersecurity concerns, experts emphasize that the core cybersecurity risks are more complex and widespread than hardware origin alone.

In late 2023, the European Commission introduced a policy restricting EU funding for energy projects utilizing inverters from ‘high-risk’ vendors, notably including Chinese manufacturers. This move affects an estimated 10-20% of new solar project financing in Europe and signals a broader shift toward reducing reliance on foreign technology in critical energy infrastructure.

Industry insiders and cybersecurity specialists, such as Uri Sadot of SolarDefend, acknowledge that banning Chinese inverters may support Europe’s strategic energy independence but will not eliminate the fundamental cybersecurity vulnerabilities. Many Western-made inverters also incorporate Chinese components, and the supply chain for solar technology is highly interconnected.

Furthermore, recent cyberattacks on European solar assets have demonstrated that adversaries often exploit network vulnerabilities and human factors rather than hardware origin. Incidents in Poland and Denmark in 2025 relied on VPN and network gateway breaches, involving Western technology providers, highlighting the complexity of the threat landscape.

Implications of Hardware Bans on European Solar Security

This policy shift underscores the importance of comprehensive cybersecurity measures beyond hardware sourcing. While restricting high-risk vendors may reduce some risks, the broader vulnerabilities—such as supply chain dependencies, network security flaws, and human factors—remain unaddressed. The move could also influence industry dynamics, favoring Western manufacturers but complicating efforts to secure Europe’s energy infrastructure effectively.

Shophubio Solar Grid Tie Inverter 1600W, Inverter with MPPTs, IP65 Waterproof, Wireless APP Monitoring for Home Balcony Power Station System(1600w)

【High Accuracy】- The 1600W solar inverter is equipped with high-precision instruments to accurately monitor the working status of…

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

European Policy and the Growing Cybersecurity Challenge

In 2023, the European Commission published the draft Cyber Security Act 2 (CSA 2), explicitly identifying solar energy as a sector requiring enhanced cybersecurity measures. The draft recommends the phase-out of high-risk vendors in critical infrastructure, including 5G and renewable energy systems. These developments follow years of increasing concern over foreign technology dependencies and recent cyberattacks targeting European solar assets.

Historically, many inverters and components used in European solar farms have relied on Chinese manufacturing, which has prompted policy responses aimed at reducing foreign dependency. However, experts argue that the supply chain’s complexity means that hardware origin is only one piece of a larger cybersecurity puzzle.

“Banning Chinese inverters may support energy independence but won’t solve the core cybersecurity challenges. The real threats involve supply chain complexity and network vulnerabilities.”

— Uri Sadot, SolarDefend founder

Unresolved Issues in Solar Cybersecurity Strategies

It remains unclear how effective hardware bans will be in practice, given the widespread integration of Chinese components in Western-manufactured inverters and the interconnected supply chains. Additionally, the extent to which these policies will influence actual cybersecurity outcomes is still uncertain, as recent attacks have exploited network vulnerabilities beyond hardware origin.

2K Security Camera System, 5GHz&2.4GHz WiFi Solar Wireless Cameras for Home Security, Wire-free Installation, AI Detection, Two-way Audio, Mobile alerts, SD/Cloud Storage, Color Night Vision, 4 Packs

100% Wireless Solar & Battery Powered: Enjoy true wireless installation with no outlets or messy cables. The detachable…

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Next Steps in European Solar Cybersecurity Policy

Policy discussions in Brussels are ongoing, focusing on expanding restrictions to wind and battery storage systems. Industry stakeholders are calling for a shift toward establishing clear technical standards, improving asset visibility, and implementing practical cybersecurity measures aligned with the NIS2 directive. The effectiveness of these measures will become clearer over the coming months as policies are finalized and implemented.

Key Questions

Will banning Chinese inverters eliminate cybersecurity risks?

No, experts warn that supply chain complexity and network vulnerabilities mean risks will persist despite hardware bans.

How much of Europe’s solar infrastructure relies on Chinese-made inverters?

Approximately 300 GW of Chinese-made inverter capacity is installed across Europe, which would be costly and complex to replace.

Are Western manufacturers immune from cybersecurity vulnerabilities?

No, many Western-made inverters contain Chinese components and are vulnerable to similar risks, especially through interconnected supply chains.

What other cybersecurity threats exist besides hardware origin?

Recent incidents show attackers exploiting network vulnerabilities, stolen credentials, and human vulnerabilities, often targeting connected devices beyond inverters.

What is the broader goal of European cybersecurity policies for energy?

The aim is to reduce foreign dependency, strengthen infrastructure security, and establish clear technical standards to mitigate evolving cyber threats.

Source: PV Magazine