Is the European Union preparing to ban Chinese solar equipment in an effort to strengthen its cybersecurity posture? That was the question looming over today’s debate in the European Parliament, as Commission Vice President for Tech Sovereignty, Security and Democracy Henna Virkkunen presented plans for a revised EU Cybersecurity Act.
Ahead of the session, an article in the Financial Times had already fuelled speculation that the Commission could move towards effectively excluding Huawei solar inverters from the European market. Whether the proposal will go that far, however, remains unclear.
What was outlined today envisions a significant strengthening of the EU Agency for Cybersecurity (ENISA), with expanded mandates and additional resources intended to improve the bloc’s ability to respond to cyber threats. At the same time, the Commission is considering the introduction of a list of “high-risk” equipment manufacturers. Inclusion on such a list would, under the current plans, bar affected companies from accessing the EU market.
The approach would mirror elements of the so-called 5G-toolbox, which has been in place on a voluntary basis since 2020. That framework has led to uneven outcomes across member states: while some have excluded Huawei and ZTE entirely from their 5G networks, others have merely restricted their involvement in critical infrastructure.
As Virkkunen now seeks to extend this model from telecommunications to solar equipment, key questions about the final position of the European Parliament, the stance of the Council, and, ultimately, how individual member states will implement any new rules remain open.
Effectively, the revision is designed to enhance the security of the EU’s information and communication technology (ICT) supply chains by reducing risks from third-country suppliers that raise cybersecurity concerns, according to a statement published by the commission, while also simplifying procedures under the existing European Cybersecurity Certification Framework.
The measures also include simplifying jurisdictional rules and streamlining data collection on ransomware attacks and reinforcing the EU Agency for Cybersecurity.
The proposals were presented during a plenary session in European Parliament this afternoon. During her opening statement, Virkkunen, said there are “many areas where dependencies on a single or very limited number of suppliers could pose a significant security risk.”
“For example, … solar inverters,” Virkkunen said. “This is why I propose today a new framework for derisking the ICT supply chain in our EU critical infrastructure.”
During the plenary session, MEPs backed the cybersecurity act’s proposals and voiced commitment to working together to protect European citizens and businesses from cyber attacks, while recognizing global cyber threats from countries including China and Russia.
Bart Groothuis, MEP for The Netherlands, commented that while there are rightfully obligatory rules and provisions for telecommunications, all of Europe’s critical infrastructure is in the hands of China.
“I must be honest, 80% of all PV inverters that we import are Chinese. How about solar panels, batteries and the control panels? All Chinese” he said. “I don’t see a difference between telecommunications, electrical grids and other critical sectors. It’s not just telecommunications, there’s more we should do about.”
“It is very good that the European Commission takes cybersecurity topics seriously,” commented Dries Acke, Deputy CEO of Europes solar industry body, Solarpower Europe. “As we underline in our ‘Solutions for PV Cyber Risks to Grid Stability’ report with DNV’, a 21st century economy calls for 21st century security.”
He further highlighted that the key remains to have EU-wide standards and protocols for cybersecurity that apply to all digital components and companies active on the European energy market. Acke looked forward to an ongoing “constructive cooperation” between Solarpower Europe and the Commission with regards to the solar-specific risk and impact assessment on cybersecurity.
In December, a security doctrine published by the European Commission identified solar inverters as a high-risk dependency. Earlier in the year, the European Solar Manufacturing Council published a warning that Europe’s energy sovereignty is at risk due to the unregulated and remote control capabilities of solar inverters from high-risk, non-European manufacturers.
This content is protected by copyright and may not be reused. If you want to cooperate with us and would like to reuse some of our content, please contact: editors@pv-magazine.com.
By submitting this form you agree to pv magazine using your data for the purposes of publishing your comment.
Your personal data will only be disclosed or otherwise transmitted to third parties for the purposes of spam filtering or if this is necessary for technical maintenance of the website. Any other transfer to third parties will not take place unless this is justified on the basis of applicable data protection regulations or if pv magazine is legally obliged to do so.
You may revoke this consent at any time with effect for the future, in which case your personal data will be deleted immediately. Otherwise, your data will be deleted if pv magazine has processed your request or the purpose of data storage is fulfilled.
Further information on data privacy can be found in our Data Protection Policy.