‘Rogue’ devices found in Chinese solar inverters raises cybersecurity alarm in Europe

May 14, 2025
Facebook
Twitter
LinkedIn
Reddit
Email
Undocumented and ‘rogue’ communication devices have been found in a number of Chinese-made solar inverters. Image: Baywa r.e.

US energy officials have found unexplained communication equipment inside some Chinese-made inverter devices, according to a report from the Reuters news agency.

This morning, Reuters reported the presence of undocumented and “rogue” communication devices in a number of Chinese-made solar inverters. These could potentially introduce unregulated and undocumented remote communication channels to the inverters, by which an actor could remotely bypass the cybersecurity firewalls that utility companies use to prevent direct communication back to China.

This article requires Premium SubscriptionBasic (FREE) Subscription

Try Premium for just $1

  • Full premium access for the first month at only $1
  • Converts to an annual rate after 30 days unless cancelled
  • Cancel anytime during the trial period

Premium Benefits

  • Expert industry analysis and interviews
  • Digital access to PV Tech Power journal
  • Exclusive event discounts

Or get the full Premium subscription right away

Or continue reading this article for free

Similar devices were also found in Chinese-made batteries.

Inverters are highly digitalised products, often referred to as the “heart” or “brain” of a PV system. In theory, hackers could remotely disrupt or switch off solar power supply if they could control the inverter, resulting in power losses, blackouts or damage to energy infrastructure.

The concerned parties that spoke to Reuters did not disclose the manufacturers or the number of products where they found the rogue devices. Energy analyst Wood Mackenzie said that Chinese firms Huawei and Sungrow dominated over 50% of the global inverter market share in 2023.

In response to PV Tech for this article, CEO of US trade body Solar Energy Industries Association (SEIA), Abigail Ross Hopper, said “This is a serious issue that the industry needs to address, and it’s even more reason for Congress to maintain tax credits that are onshoring the production of inverters and the entire solar supply chain in the United States.

“Continuing the buildout of domestic solar manufacturing is essential to give us more control over the security and integrity of our energy systems.”

European concerns

Though discovered in the US, the presence of unregistered equipment has raised alarm in Europe.

The European Solar Manufacturing Council (ESMC), the body which represents the interests of some Europe-based PV companies, said that: “With over 200GW of Europe’s solar capacity relying on these inverters—equivalent to more than 200 nuclear power plants—the security risk is systemic.”

In a LinkedIn post, it called on the European Commission (EC) to examine the “risk potential for sabotage and espionage” of manufacturers of components that can “significantly influence the behaviour” of the European grid. It also called for “rigorous audit and validation tools” and a fully transparent software bill of materials (BOM).

The ESMC and fellow trade body SolarPower Europe have been ramping up calls for greater cybersecurity protection for European inverters. Earlier this month, the ESMC called for a restriction for remote access to inverters from “high risk” Chinese manufacturers.

This followed a report from SolarPower Europe and consultancy DNV highlighting the security risks posed by digital inverters. The report said that the risks were “above acceptable limits”, as an attack on just 3GW of inverter capacity—far lower than the production capacity of the leading suppliers—could have “significant implications” for the power system.

In the report from DNV and SolarPower Europe published last month, the authors said there is “growing concern for potential damage” from cyber attacks in the solar industry as it grows. It also cited hacker groups which had been associated with the Chinese and Russian governments, identified by the US Cybersecurity and Infrastructure Security Agency (CISA) “with a focus on attacking critical infrastructure in the US and Europe.”

Opinions from Intersolar Europe

Last week, PV Tech spoke to a leading European inverter manufacturer at the Intersolar Europe trade show in Munich, who said that the risk of cyberattacks to cut power supply from solar inverters was “real”, and that “it’s very clear inverter companies could switch off the grid if they want to.”

Our interviewee likened the prospect to Russia restricting gas supply to Europe after its invasion of Ukraine. “Probably 99% of people would have said ‘No, there’s no risk [of that happening].’ But it did. We saw it. And I see the same risk here.”

PV Tech Premium also spoke to companies present at the event, including SolarEdge and Solargis, about growing cybersecurity concerns in the European solar sector.

What could have been thought of as a hypothetical “risk” is perhaps now closer to reality with today’s report from the US.

2 December 2025
Málaga, Spain
Understanding PV module supply to the European market in 2026. PV ModuleTech Europe 2025 is a two-day conference that tackles these challenges directly, with an agenda that addresses all aspects of module supplier selection; product availability, technology offerings, traceability of supply-chain, factory auditing, module testing and reliability, and company bankability.
10 March 2026
Frankfurt, Germany
The conference will gather the key stakeholders from PV manufacturing, equipment/materials, policy-making and strategy, capital equipment investment and all interested downstream channels and third-party entities. The goal is simple: to map out PV manufacturing out to 2030 and beyond.
16 June 2026
Napa, USA
PV Tech has been running PV ModuleTech Conferences since 2017. PV ModuleTech USA, on 16-17 June 2026, will be our fifth PV ModulelTech conference dedicated to the U.S. utility scale solar sector. The event will gather the key stakeholders from solar developers, solar asset owners and investors, PV manufacturing, policy-making and and all interested downstream channels and third-party entities. The goal is simple: to map out the PV module supply channels to the U.S. out to 2027 and beyond.

Read Next

October 28, 2025
GreenYellow plans to invest US$116 million in Poland over the next three years to expand its installed capacity and customer base.
Premium
October 28, 2025
BESS are 'the new player that everyone is talking about,' in Europe’s power purchase agreement (PPA) space, according to LevelTen.
October 28, 2025
GoldenPeaks Capital secures EUR114 million (US$132 million) financing package for two solar PV Portfolio in Poland.
October 28, 2025
Navigating module procurement in this financial environment will be a key topic of conversation at the PV ModuleTech Europe 2025 event.
October 28, 2025
PV projects operate close to technical and financial limits, meaning that inaccurate inputs can have performance and profitability impacts.
October 28, 2025
Chinese solar inverter producer GoodWe has launched a new “low noise, low weight” string inverter for the European corporate & industrial solar market.

Subscribe to Newsletter

Upcoming Events

Upcoming Webinars
November 12, 2025
10am PST / 1pm EST
Solar Media Events
November 25, 2025
Warsaw, Poland
Solar Media Events
December 2, 2025
Málaga, Spain
Solar Media Events
February 3, 2026
London, UK
Solar Media Events
March 10, 2026
Frankfurt, Germany