Lithuanian lawmakers have adopted legislation designed to limit the ability of Chinese inverter manufacturers to remotely access the country’s solar and wind power plants.
According to Lithuanian reports, 79 MPs voted in favour of the amendment to the Law on Electricity, which will impose greater security measures on electricity generation and information management systems to insulate them from the influence of “hostile countries”, as designated by the country’s National Security Strategy.
Unlock unlimited access for 12 whole months of distinctive global analysis
Photovoltaics International is now included.
- Regular insight and analysis of the industry’s biggest developments
- In-depth interviews with the industry’s leading figures
- Unlimited digital access to the PV Tech Power journal catalogue
- Unlimited digital access to the Photovoltaics International journal catalogue
- Access to more than 1,000 technical papers
- Discounts on Solar Media’s portfolio of events, in-person and virtual
In the case of solar PV, this applies most obviously to Chinese inverter manufacturers. In theory, the digital and cloud infrastructure around inverters allows them to be remotely controlled, or turned off altogether, which can prove a security risk.
From 1 May 2025, operators of new Lithuanian power plants over 100kW in capacity will have to ensure that additional safeguards are in place for the information management systems and inverters at their sites. Existing sites will have to meet the requirements by 1 May 2026.
Lithuania is seeking to install 5.1GW of solar PV capacity by 2030 under its National Energy and Climate Plan (NECP), which was updated last year.
European solar trade bodies have previously called for greater cybersecurity strategies as digital infrastructure and data become increasingly important in the development of physical energy resources. The European Solar Manufacturing Council (ESMC) stated its approval of the Lithuanian law on Linkedin this morning, and called for the wider uptake of similar policies:
“ESMC welcomes these important changes included into the law. We are expecting and looking forward for such kind of decision to be replicated in the other EU Member States. The application of NZIA resilience criterion to all solar and wind power plants and storage devices irrespective of the installed power capacities is a good opportunity to prevent our information management systems from the remote controllability risks. (sic).”
In a paper published in July, SolarPower Europe called for a solar-specific strategy to address growing cybersecurity risks, including higher compliance requirements for inverters, tracker systems and batteries.
PV Tech Premium published an article from cybersecurity firm Claroty about the major risks facing the solar sector as it becomes a more prominent target for cyber attacks. The distributed nature of PV in comparison with traditional, vertically integrated fossil fuel generation plants makes it particularly vulnerable, Claroty’s William Noto wrote, and breaching one inverter can allow attackers to access others within the same network.
