Lithuanian lawmakers have adopted legislation designed to limit the ability of Chinese inverter manufacturers to remotely access the country’s solar and wind power plants.
According to Lithuanian reports, 79 MPs voted in favour of the amendment to the Law on Electricity, which will impose greater security measures on electricity generation and information management systems to insulate them from the influence of “hostile countries”, as designated by the country’s National Security Strategy.
Try Premium for just $1
- Full premium access for the first month at only $1
- Converts to an annual rate after 30 days unless cancelled
- Cancel anytime during the trial period
Premium Benefits
- Expert industry analysis and interviews
- Digital access to PV Tech Power journal
- Exclusive event discounts
Or get the full Premium subscription right away
Or continue reading this article for free
In the case of solar PV, this applies most obviously to Chinese inverter manufacturers. In theory, the digital and cloud infrastructure around inverters allows them to be remotely controlled, or turned off altogether, which can prove a security risk.
From 1 May 2025, operators of new Lithuanian power plants over 100kW in capacity will have to ensure that additional safeguards are in place for the information management systems and inverters at their sites. Existing sites will have to meet the requirements by 1 May 2026.
Lithuania is seeking to install 5.1GW of solar PV capacity by 2030 under its National Energy and Climate Plan (NECP), which was updated last year.
European solar trade bodies have previously called for greater cybersecurity strategies as digital infrastructure and data become increasingly important in the development of physical energy resources. The European Solar Manufacturing Council (ESMC) stated its approval of the Lithuanian law on Linkedin this morning, and called for the wider uptake of similar policies:
“ESMC welcomes these important changes included into the law. We are expecting and looking forward for such kind of decision to be replicated in the other EU Member States. The application of NZIA resilience criterion to all solar and wind power plants and storage devices irrespective of the installed power capacities is a good opportunity to prevent our information management systems from the remote controllability risks. (sic).”
In a paper published in July, SolarPower Europe called for a solar-specific strategy to address growing cybersecurity risks, including higher compliance requirements for inverters, tracker systems and batteries.
PV Tech Premium published an article from cybersecurity firm Claroty about the major risks facing the solar sector as it becomes a more prominent target for cyber attacks. The distributed nature of PV in comparison with traditional, vertically integrated fossil fuel generation plants makes it particularly vulnerable, Claroty’s William Noto wrote, and breaching one inverter can allow attackers to access others within the same network.
