PV systems and distributed energy assets require stronger cybersecurity and auditability, but measures to protect critical infrastructure must be based on careful, expert judgment rather than hasty policy decisions.
It has long been clear that photovoltaic systems and other distributed energy producers should not be openly monitored or controlled over the Internet without appropriate security measures. At the same time, these assets – just like large-scale consumers – must be increasingly controllable and, where necessary, disconnected within the network infrastructure to guarantee system stability. This is widely accepted. However, decisions on cybersecurity measures and the protection of critical infrastructure should not be taken hastily, but should be based on careful consideration and objective assessment by experts.
But first it is worth looking at the price trends for components in photovoltaic systems that are not yet the subject of data protection advocates or cybercriminals, at least as long as they do not involve switchable module optimizers via an unsecured gateway.
Solar panel prices continue to rise by several percentage points every month in most segments, including in May. High-quality modules are particularly affected, as production capacity appears to be limited. Expectations for efficiency gains from new cell sizes and technologies may have been too optimistic. Customers increasingly expect a power of almost 500 W in the roof segment, but the supply remains limited. As a result, supply and demand continue to determine prices, with prices for high-efficiency modules continuing to rise. Prices have now surpassed January’s forecast levels, albeit about a month later than expected.
The question now is how long this trend can continue. Demand in Germany is already declining compared to the previous month and is currently around 12% lower than in the same period last year. Germany has long ceased to be a decisive factor in global solar energy pricing. Whether the current trend continues or reverses in the summer will largely depend on developments in the international crisis areas and the associated energy price trajectory. As tensions ease, production and transportation costs may also fall.
One factor that could reverse the upward price trend in a photovoltaic market still largely dominated by Chinese products is the exclusion of these products from large-scale European projects. Such a measure would likely have a downward effect on global prices. However, at a local level, the lack of affordable alternatives would likely lead to significant increases in hardware costs. This alone raises serious concerns and calls for the development of alternative supply concepts. Strictly speaking, this is not a blanket ban; instead, access to EU funding would be restricted for projects using inverters from certain suppliers.
This raises several questions, in particular whether such an exclusion is a sensible precaution or an overreaction driven by risk aversion.
Chinese manufacturers have reacted negatively, with government representatives warning of possible countermeasures, including the prospect of trade conflict. Critics claim there is no evidence of any concrete risk associated with Chinese hardware and software. While these risks remain largely hypothetical, the increasing decentralization of energy supply across millions of generation assets in Europe means that potential vulnerabilities cannot simply be ruled out. The risk of large-scale disruption, both internally and externally, must be taken into account and appropriate defense strategies developed.
In this context, the EU’s NIS-2 directive is also relevant. It sets out cybersecurity requirements for companies and institutions in critical sectors, including obligations for risk management, security standards and incident reporting. More than 1,000 critical infrastructure operators (KRITIS) are already registered in Germany. With the implementation of NIS-2, this number is expected to rise to more than 30,000 entities, expanding regulatory requirements to important parts of the German economy, and not just in the renewable energy sector.
The German Association of Energy and Water Industries (BDEW) therefore calls for a substantial strengthening of the resilience and protection of critical infrastructure. However, it is questionable whether a complete exclusion of non-European hardware is really an appropriate means to achieve this goal. The EU’s approach seems instead to reflect clientelistic policymaking. Under pressure from incumbent energy companies, this threatens to strengthen existing structures and limit the further expansion of cost-efficient, decentralized solutions. Moreover, such a measure would at best provide only limited protection to the domestic photovoltaic industry, which itself remains dependent on Chinese components.
Such sweeping measures risk appearing reactionary, driven by an unwillingness to engage with the full complexity of the issue, and are therefore likely to be counterproductive. After all, components that enable malicious external communications could just as well be embedded in European inverters. Likewise, German power management software is not inherently more secure against cyber-attacks than its Chinese equivalents.
What is ultimately needed is the development and consistent application of universally valid software standards for relevant systems, along with associated documentation requirements and additional certification protocols for controllable hardware components. Such standards already exist to a significant extent and could be applied comprehensively without excluding products based on their geographical origin.
Prices May 2025, including changes from the previous month (as of May 15).
Author: Martin Schachinger
About the author: Martin Schachinger studied electrical engineering and has been active in the field of photovoltaics and renewable energy for almost 30 years. In 2004, he founded the online trading platform pvXchange.com. The company has standard components in stock for new installations and solar panels and inverters that are no longer produced.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of the author pv magazine.
This content is copyrighted and may not be reused. If you would like to collaborate with us and reuse some of our content, please contact: editors@pv-magazine.com.
Popular content
