The European Union has officially classified solar inverters as a high-risk technology within its new Economic Security Doctrine, highlighting significant concerns over cybersecurity and supply chain vulnerabilities. This designation, which has been praised by European solar manufacturers, stems from the continent’s heavy reliance on a single foreign country for these critical components. The doctrine signals a potential shift towards stricter security protocols and increased support for domestic manufacturing to safeguard the EU’s energy infrastructure from potential disruptions and cyber threats.
In a recent announcement, the EU identified solar inverters as a critical dependency, citing the risks associated with a supply chain dominated by a single supplier and the potential for cybersecurity breaches. The European Solar Manufacturing Council (ESMC) lauded the decision, with its secretary general, Christoph Podewils, describing the doctrine as a “wake-up call” for member states to urgently address these dependencies and cyber risks. The EU Commission is now considering a range of tools to tackle the issue, including the NIS2 cybersecurity directive and the Net Zero Industry Act, and may also scrutinize subsidized imports that could distort the market.
This move comes as Chinese-made inverters account for approximately 80% of the components used in Europe’s new solar energy systems, with a few major vendors dominating the market. While Europe possesses enough domestic manufacturing capacity from companies like SMA Solar and Fronius to meet its needs, these firms have faced financial difficulties and job cuts amid intense competition and lower prices from foreign rivals. The ESMC has welcomed the EU’s plans to support the development of trusted suppliers within the bloc and in allied third countries to create viable alternatives to the current market structure.
Unlike solar panels, which are largely static hardware, inverters function as the “brains” of a renewable energy system. They are complex devices that require continuous software operation, monitoring, and data flows for both solar and energy storage installations. This software dependency creates significant security vulnerabilities. The ESMC has warned that malicious firmware or software updates could simultaneously impact millions of systems, potentially causing severe damage to the European power grid, including large-scale blackouts.
While the EU’s security doctrine does not explicitly name China, the reference to a “single supplier” is widely interpreted as pointing to the nation’s market dominance. This approach has drawn some criticism from security experts, who argue that a lack of specific targets can lead to vague recommendations rather than effective, targeted mitigation measures. The cybersecurity threat is not limited to one country; energy security specialists also point to the aggressive posture of Russian hackers and the potential for technical vulnerabilities in energy hardware to be exploited by malicious actors from anywhere in the world. This broader concern is underscored by recent actions in the Czech Republic and Lithuania, which have already introduced restrictions on specific Chinese-made inverters due to energy security risks.