‘Rogue’ devices found in Chinese solar inverters raises cybersecurity alarm in Europe

Facebook
Twitter
LinkedIn
Reddit
Email
Undocumented and ‘rogue’ communication devices have been found in a number of Chinese-made solar inverters. Image: Baywa r.e.

US energy officials have found unexplained communication equipment inside some Chinese-made inverter devices, according to a report from the Reuters news agency.

This morning, Reuters reported the presence of undocumented and “rogue” communication devices in a number of Chinese-made solar inverters. These could potentially introduce unregulated and undocumented remote communication channels to the inverters, by which an actor could remotely bypass the cybersecurity firewalls that utility companies use to prevent direct communication back to China.

This article requires Premium SubscriptionBasic (FREE) Subscription

Unlock unlimited access for 12 whole months of distinctive global analysis

Photovoltaics International is now included.

  • Regular insight and analysis of the industry’s biggest developments
  • In-depth interviews with the industry’s leading figures
  • Unlimited digital access to the PV Tech Power journal catalogue
  • Unlimited digital access to the Photovoltaics International journal catalogue
  • Access to more than 1,000 technical papers
  • Discounts on Solar Media’s portfolio of events, in-person and virtual

Or continue reading this article for free

Similar devices were also found in Chinese-made batteries.

Inverters are highly digitalised products, often referred to as the “heart” or “brain” of a PV system. In theory, hackers could remotely disrupt or switch off solar power supply if they could control the inverter, resulting in power losses, blackouts or damage to energy infrastructure.

The concerned parties that spoke to Reuters did not disclose the manufacturers or the number of products where they found the rogue devices. Energy analyst Wood Mackenzie said that Chinese firms Huawei and Sungrow dominated over 50% of the global inverter market share in 2023.

In response to PV Tech for this article, CEO of US trade body Solar Energy Industries Association (SEIA), Abigail Ross Hopper, said “This is a serious issue that the industry needs to address, and it’s even more reason for Congress to maintain tax credits that are onshoring the production of inverters and the entire solar supply chain in the United States.

“Continuing the buildout of domestic solar manufacturing is essential to give us more control over the security and integrity of our energy systems.”

European concerns

Though discovered in the US, the presence of unregistered equipment has raised alarm in Europe.

The European Solar Manufacturing Council (ESMC), the body which represents the interests of some Europe-based PV companies, said that: “With over 200GW of Europe’s solar capacity relying on these inverters—equivalent to more than 200 nuclear power plants—the security risk is systemic.”

In a LinkedIn post, it called on the European Commission (EC) to examine the “risk potential for sabotage and espionage” of manufacturers of components that can “significantly influence the behaviour” of the European grid. It also called for “rigorous audit and validation tools” and a fully transparent software bill of materials (BOM).

The ESMC and fellow trade body SolarPower Europe have been ramping up calls for greater cybersecurity protection for European inverters. Earlier this month, the ESMC called for a restriction for remote access to inverters from “high risk” Chinese manufacturers.

This followed a report from SolarPower Europe and consultancy DNV highlighting the security risks posed by digital inverters. The report said that the risks were “above acceptable limits”, as an attack on just 3GW of inverter capacity—far lower than the production capacity of the leading suppliers—could have “significant implications” for the power system.

In the report from DNV and SolarPower Europe published last month, the authors said there is “growing concern for potential damage” from cyber attacks in the solar industry as it grows. It also cited hacker groups which had been associated with the Chinese and Russian governments, identified by the US Cybersecurity and Infrastructure Security Agency (CISA) “with a focus on attacking critical infrastructure in the US and Europe.”

Opinions from Intersolar Europe

Last week, PV Tech spoke to a leading European inverter manufacturer at the Intersolar Europe trade show in Munich, who said that the risk of cyberattacks to cut power supply from solar inverters was “real”, and that “it’s very clear inverter companies could switch off the grid if they want to.”

Our interviewee likened the prospect to Russia restricting gas supply to Europe after its invasion of Ukraine. “Probably 99% of people would have said ‘No, there’s no risk [of that happening].’ But it did. We saw it. And I see the same risk here.”

PV Tech Premium also spoke to companies present at the event, including SolarEdge and Solargis, about growing cybersecurity concerns in the European solar sector.

What could have been thought of as a hypothetical “risk” is perhaps now closer to reality with today’s report from the US.

3 June 2025
Messe Stuttgart Stuttgart, Germany
Meet battery manufacturers, suppliers, engineers, thought leaders and decision-makers for a conference and battery tech expo focused on the latest developments in the advanced battery and automotive industries. Stay plugged in for all the latest information on The Battery Show Europe 2024 including: Keynote Speakers & Conference Overview Show Features Floor Plan & Exhibitor News Travel & Transport information
17 June 2025
Napa, USA
PV Tech has been running PV ModuleTech Conferences since 2017. PV ModuleTech USA, on 17-18 June 2025, will be our fourth PV ModulelTech conference dedicated to the U.S. utility scale solar sector. The event will gather the key stakeholders from solar developers, solar asset owners and investors, PV manufacturing, policy-making and and all interested downstream channels and third-party entities. The goal is simple: to map out the PV module supply channels to the U.S. out to 2026 and beyond.
7 October 2025
San Francisco Bay Area, USA
PV Tech has been running an annual PV CellTech Conference since 2016. PV CellTech USA, on 7-8 October 2025 is our third PV CellTech conference dedicated to the U.S. manufacturing sector. The events in 2023 and 2024 were a sell out success and 2025 will once again gather the key stakeholders from PV manufacturing, equipment/materials, policy-making and strategy, capital equipment investment and all interested downstream channels and third-party entities. The goal is simple: to map out PV manufacturing in the U.S. out to 2030 and beyond.
21 October 2025
New York, USA
Returning for its 12th edition, Solar and Storage Finance USA Summit remains the annual event where decision-makers at the forefront of solar and storage projects across the United States and capital converge. Featuring the most active solar and storage transactors, join us for a packed two-days of deal-making, learning and networking.
2 December 2025
Málaga, Spain
Understanding PV module supply to the European market in 2026. PV ModuleTech Europe 2025 is a two-day conference that tackles these challenges directly, with an agenda that addresses all aspects of module supplier selection; product availability, technology offerings, traceability of supply-chain, factory auditing, module testing and reliability, and company bankability.
10 March 2026
Frankfurt, Germany
The conference will gather the key stakeholders from PV manufacturing, equipment/materials, policy-making and strategy, capital equipment investment and all interested downstream channels and third-party entities. The goal is simple: to map out PV manufacturing out to 2030 and beyond.

Read Next

June 3, 2025
US independent power producer (IPP) Silicon Ranch has invested US$3 million in autonomous robotics company Swap Robotics.
June 3, 2025
A joint venture featuring global oil major bp will begin construction on a 240MW solar PV project in Azerbaijan.
June 3, 2025
US capital infrastructure investor NextEra Energy Resources has commissioned its first 100MW utility-scale Amite Solar facility in Tangipahoa Parish, Louisiana.
June 3, 2025
Danish renewables firm European Energy has secured a €145 million (US$158 million) long-term loan to finance a 78.5MW solar park co-located with a 50MW battery storage plant in Anykščiai, Lithuania.
June 3, 2025
The US Department of Energy budget proposal promises to remove funding for solar and wind energy and expand support for nuclear weapons.
June 3, 2025
Canadian solar manufacturer Heliene has opened a 500MW module assembly plant in Rogers, in the US state of Minnesota.

Subscribe to Newsletter

Upcoming Events

Solar Media Events
June 17, 2025
Napa, USA
Upcoming Webinars
June 30, 2025
10am PST / 6pm BST
Solar Media Events
July 1, 2025
London, UK
Solar Media Events
July 1, 2025
London, UK
Solar Media Events
July 8, 2025
Asia