Posted on by MIL OSI Publisher

Written question – Toolbox to restrict risky photovoltaic (PV) inverters from European electricity grid – P-001967/2025

Source: European Parliament

Priority question for written answer  P-001967/2025
to the Commission
Rule 144
Bart Groothuis (Renew)

Huawei, designated a risky vendor by the Commission, accounts for over 115 GW of the solar inverter market share[1] in Europe. It is one of six Chinese vendors that collectively control over 219 GW. Given that Spain’s grid collapsed after a 2.2 GW drop, these vendors could remotely shut down Europe’s grid. Reports[2] of rogue communication devices in Chinese inverters, allowing them to bypass firewalls, further highlight the need for action.

The NIS 2 Directive[3] allows the Commission to conduct coordinated risk assessments of critical supply chains, such as those carried out for 5G. The Council conclusions of October 2022 invite the Network and Information Systems Cooperation Group and the Commission to develop a toolbox for reducing information and communication technology supply chain risks beyond 5G, also covering non-technical risk factors.

  • 1.Why does the Commission label Huawei a risky 5G vendor, banning it from its contracts and research, yet take no action on PV inverters, and does it not consider this risky dependency to be a threat to European energy security?
  • 2.Will the Commission conduct a coordinated risk assessment and develop a toolbox that also restricts risky vendors of PV inverters?
  • 3.Will the Commission classify PV inverters as ‘important products with digital elements that fall under class I’ in accordance with the Cyber Resilience Act[4]?

Submitted: 15.5.2025

  • [1] https://api.solarpowereurope.org/uploads/SPE_2025_Solutions_for_PV_Cyber_Risks_to_Grid_Stability_032dc2ae5a.pdf?updated_at=2025-04-29T07:11:32.315Z.
  • [2] https://www.reuters.com/sustainability/climate-energy/ghost-machine-rogue-communication-devices-found-chinese-inverters-2025-05-14/.
  • [3] Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (OJ L 333, 27.12.2022, p. 80, ELI: http://data.europa.eu/eli/dir/2022/2555/oj).
  • [4] Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828 (OJ L, 2024/2847, 20.11.2024, ELI: http://data.europa.eu/eli/reg/2024/2847/oj).
Last updated: 21 May 2025