EU Solar Power at Risk: Experts Call for Cybersecurity

European report calls for urgent action to protect residential and commercial PV systems against cyberattacks

Solar power is transforming the European energy landscape. But this transformation, driven by digitalisation and decentralisation, is exposing thousands of solar systems to new risks. The lack of specific cybersecurity standards for so-called distributed generators – such as rooftop solar panels – is now one of the biggest weaknesses in the EU’s electricity grid.

Solar power in Europe at risk: experts call for tailored cybersecurity rules

This is the main message of a report prepared by DNV and commissioned by the SolarPower Europe association, which advocates immediate political action to protect equipment connected to the electricity grid, especially those outside the direct control of large operators .

“We are entering a new era of energy, where digital protection is as essential as physical production,” warns Walburga Hemetsberger, CEO of SolarPower Europe.

Unlike large power plants, which already follow strict regulations, small-scale PV systems — managed by households, SMEs and installers — are seen as ordinary electronic equipment . Many operate as smart devices connected to the Internet, but without adequate protection. This scenario makes them easy targets for malicious attacks, which can have real consequences for the stability of the electricity grid .

The report identifies 14 critical cyber risk areas . Of these, 3 are classified as critical risk , 6 as high risk and the rest as medium risk . The researchers highlight that a successful attack on 3 GW of decentralised solar capacity could have a profound impact on the entire European grid .

The need for political intervention becomes even more urgent after the blackout that affected Portugal and Spain on April 28, 2025. Although the cause is still being investigated — it is said to be a rare atmospheric phenomenon — experts warn that similar events could result from coordinated cybercrime actions or state-sponsored cyberattacks.

Currently, laws such as the NIS2 directive and the new Cyber ​​Resilience Act cover some areas of digital energy infrastructure. However, according to the report, these rules are insufficient to address the fragmented and decentralized reality of domestic and commercial solar systems .

DNV recommends that the European Union restrict remote control of solar inverters to operators within the bloc itself , preventing external access that could compromise security.

Digitalisation promises significant gains in energy efficiency. It is estimated that savings for the European system could reach €160 billion per year if they are harnessed safely. But for this to happen, risks need to be anticipated and local energy systems need to be protected more effectively .

SolarPower Europe therefore calls for the implementation of a cybersecurity policy tailored to the new energy reality : thousands of producers, at hundreds of thousands of points, connected to a network that needs to be resilient, secure and reliable.

The organization had already published a position paper in July 2024 , warning of these gaps and advocating the creation of a specific European standard for solar equipment.

Latest News about Solar Energy