Lithuania has enacted a new law to bolster the security of its renewable energy infrastructure, requiring strict compliance with cybersecurity standards for control systems of electricity devices. Adopted by the Lithuanian Parliament on November 17, 2024, the legislation, known as Article 733, introduces mandatory safeguards for photovoltaic (PV) inverters, wind power plants, and energy storage systems with capacities exceeding 100 kW.
The law prohibits entities from countries identified as national security risks—explicitly including China in Lithuania's National Security Strategy—from having remote control access to these systems. Grid operators are barred from connecting devices to the electricity grid unless their control systems meet these standards, covering functions such as power adjustment and remote switching.
The regulations will take effect on May 1, 2025, with existing facilities required to comply by May 1, 2026. The transition period allows time for system upgrades to meet the security criteria.
The European Solar Manufacturing Council (ESMC) welcomed the move, highlighting its importance in protecting critical information management systems. The organization encouraged other EU Member States to adopt similar measures and apply resilience criteria from the Net-Zero Industry Act to all renewable energy systems, regardless of their capacity.
The legislation represents Lithuania's proactive approach to mitigating risks associated with remote controllability and strengthening the resilience of its renewable energy infrastructure.
