The Italian energy regulator, ARERA, has introduced new mandates requiring solar and wind power plants with capacities exceeding 100 kW to upgrade their grid integration and cybersecurity capabilities. Under resolutions 385/2025/R/EEL and 564/2025/R/EEL, operators must install central plant controllers (CCI) to facilitate remote active power control. These measures, which include staggered compliance deadlines through 2028, are designed to stabilize the national grid and safeguard digitalized energy assets against increasingly sophisticated cyber threats while providing financial incentives for early adoption.
The regulatory shift focuses on making renewable energy plants “grid-aware” by ensuring they can communicate effectively with network operators. Specifically, owners of photovoltaic systems connected to medium-voltage lines must activate remote active power limitation functionalities. Failure to comply with these technical standards could result in the suspension of financial incentives or the loss of payments for energy fed into the grid. To support this transition, ARERA is offering financial contributions of up to €10,000 for plants between 500 kW and 1 MW, and up to €7,500 for those in the 100 kW to 500 kW range.
Compliance timelines are set according to the size of the installation. Large-scale facilities with a capacity of 1 MW or more must meet the new requirements by December 31, 2026. Medium-sized plants between 500 kW and 1 MW have until the end of 2027, while smaller systems ranging from 100 kW to 500 kW are given until March 31, 2028. These deadlines reflect the complexity of upgrading existing infrastructure with the necessary hardware and software to meet CEI 0-16 standards.
The push for tighter security comes as the renewable sector faces a growing “attack surface” due to the widespread adoption of cloud-based management, SCADA platforms, and remote-control systems. Industry experts note that the digitalization of these plants leaves them vulnerable to unauthorized access and data manipulation, which could jeopardize service continuity. In response, the industry is moving toward operational technology (OT) security solutions, such as network intrusion detection systems (NIDS) that utilize artificial intelligence to identify anomalies in real time.
Beyond security, AI is becoming a cornerstone of modern renewable energy management. Operators are increasingly utilizing machine learning for production forecasting, battery optimization, and predictive maintenance to maximize the efficiency of solar modules and storage systems. As Italy looks toward its 2030 energy targets, the integration of digital security and energy infrastructure is expected to become a standard part of the design process for all new renewable projects, ensuring both efficiency and resilience.