The European solar industry has issued a set of cybersecurity policy recommendations aimed at helping EU decision-makers address rising digital security risks linked to the growing connectivity of photovoltaic (PV) systems.
The recommendations are outlined in a new report produced by risk management firm DNV and commissioned by industry group SolarPower Europe. The report provides a comprehensive risk assessment of the sector and proposes two key measures to reduce the cybersecurity risk level for solar infrastructure to a ‘low’ category.
The first measure calls for the EU to mandate sector-specific cybersecurity controls for securing internet-connected, remotely operated solar PV systems, particularly inverters. The second proposes rules ensuring that control of such systems remains within the EU or other jurisdictions offering equivalent security protections.
On the second proposal, the report suggests a model similar to the EU’s General Data Protection Regulation (GDPR), under which control over aggregated distributed assets—such as residential rooftop solar—should only occur in countries deemed to offer comparable data and infrastructure security.
The report further recommends that these rules be implemented either through the EU Network of Cybersecurity Centres (NCCS) or a new fast-track mechanism, with high-risk entities subject to mandatory approval and oversight by relevant authorities.
“Like any technological revolution, digitalisation presents incredible opportunity, for example, energy system cost savings of €160bn per year,” said Walburga Hemetsberger, CEO of SolarPower Europe. “It also comes with new challenges, like cybersecurity. We didn’t need anti-virus protection for a typewriter – but we do need it for our laptops.”
She added: “As a responsible, forward-looking sector, we have mapped the cybersecurity challenge, and we’re rising to meet it with clear, comprehensive solutions.”
The push comes as Europe’s renewable energy infrastructure becomes increasingly digital and decentralised, exposing it to evolving cyber threats.
