THE HAGUE, Netherlands — Hidden components in Chinese-made solar power equipment have caused alarm bells in Western capitals amid concerns over Beijing’s ability to interfere with power grids. Europe may be particularly vulnerable, experts say, with most of its solar farms potentially at risk of remote shutdown.
The revelation of undeclared remote access devices in American solar farms, first reported by Reuters earlier this month, came less than a month after a power outage that shut down electricity for millions throughout Spain, Portugal, Andorra and parts of France, highlighting the possible fragility of even highly developed and integrated European power grids.
According to unnamed sources cited by Reuters, the communication devices that were embedded in solar farm gear were not shown on schematics and customer information of the products, suggesting they may have been deliberately concealed. The undisclosed devices were reportedly found during a routine disassembly of Chinese-made power inverters, which serve to connect solar farms to the electricity grid, control the flow of power and maintain the all-important grid frequency.
While Iberian authorities have ruled out a cyber attack in the case of the peninsula’s massive blackout, the finding has nonetheless instilled a new sense of urgency in European planning to make the continent’s integrated electrical grid safe and resilient.
Market dominance
Inverters are crucial in linking photovoltaic (PV) power plants, which output DC electricity, to the broader electricity network, which runs on AC. In 2023, 78% of all inverters installed in Europe came from Chinese vendors, with the overwhelming majority being made by Huawei and SunGrow, according to DNV, a risk consultancy. The report was commissioned by SolarPower Europe, an industry advocacy group.
This market dominance can likely be explained by a combination of China’s large manufacturing capacity and the comparatively lower prices of Chinese inverters compared to European ones.
Control over the inverters allows outsiders to simultaneously disconnect generating capacity from the grid, which can cause blackouts. It would also allow them to manipulate voltage and frequency settings to destabilize local grids and to override safety protections like anti-islanding systems.
Both Huawei and Sungrow have documented links to the Chinese government and the country’s ruling Communist Party, including formal ties, participation in government projects, and officials holding high-ranking positions simultaneously in both the companies and the state.
Under Chinese law, Huawei faces mandatory cooperation requirements with intelligence services. The 2017 National Intelligence Law declares that Chinese companies must “support, assist, and cooperate with” China’s intelligence-gathering authorities. As a result of questions over its independence and safety, the electronics giant has already faced restrictions on work on critical communications infrastructure – especially 5G networks – in several countries. It is also front and center in a major investigation currently ongoing in Brussels surrounding bribery of European officials.
Energy sovereignty at risk
“Europe’s energy sovereignty is at serious risk due to the unregulated and remote control capabilities of photovoltaic inverters from high-risk, non-European manufacturers – most notably from China,” said the European Solar Manufacturing Council, an industry association.
This isn’t purely hypothetical, either. In November 2024, some solar inverters in the U.S., U.K. and Pakistan were actually disabled remotely from China. Very little was publicly revealed about this incident and its consequences; investigations later showed that the shutdown may have been the result of an industry dispute, according to Günter Born, a German tech and cybersecurity journalist.
Following the decoupling of Europe’s energy needs from cheap and readily available Russian gas after the invasion of Ukraine, energy sovereignty has become a new priority for capitals across the continent. Renewables have been front and center, building on existing momentum to combat climate change and residual skepticism of nuclear power for its perceived safety shortcomings and high cost.
“Today, over 200 GW of European PV capacity is already linked to inverters manufactured in China – the equivalent of more than 200 nuclear power plants,” said Christoph Podewils, the ESMC secretary general, citing numbers by the DNV consultancy.
“This means Europe has effectively surrendered remote control of a vast portion of its electricity infrastructure.”
The Iberian Peninsula blackout was triggered by a 2.2-gigawatt (GW) loss in electricity generation that occurred within seconds. Previously, DNV had estimated that a loss of 3 GW of generating power could have serious ramifications for the European power grid. A loss of this amount of input can result in cascading effects, leading to a large-scale shutdown of the power grid, just as had occurred in Spain on April 28.
The DNV report identified over a dozen threat scenarios, most of which it considered “high” or “critical” risks even after the full implementation of existing EU cybersecurity measures.
In the first three months of 2025 alone, nearly 68 terawatt hours of electricity were produced by solar panels, data from the energy think tank Ember shows. This marks an increase by almost a third over the same period a year earlier. It amounted to 8.2% of Europe’s electricity production in March, despite the shorter days at that time of year. In summer, around 15% of Europe’s electricity may come from the sun, with some countries – particularly around the Mediterranean – relying on it to make up over a quarter of their total energy mix during the daytime.
According to SolarPower Europe, the industry advocacy group, the installed PV capacity in Europe is expected to exceed 800 GW by 2030.
Wrangling the dragon
The shock of the Spanish power outage – even without it being caused by an attack – has jolted some in Europe into action. But consciousness surrounding a China vulnerability predates the grid collapse.
Lithuania on May 1 implemented new legislation that requires photovoltaic projects above 100kW to use inverters that meet national safety standards. Existing projects must also be retrofitted. This practically outlaws Chinese inverters in the country’s power infrastructure.
Late last year, Estonia’s spy chief Kaupo Rosin said that Chinese technology in critical infrastructure, particularly solar farms, could open Europe up to Chinese blackmail.
Some EU lawmakers are also taking note, with one member of the European parliament submitting an inquiry on the topic of solar inverters and the risk of Chinese influence on May 15.
A 2022 EU directive called NIS2 provides the basis for joint cybersecurity defense measures of critical infrastructure, outlining 18 broad sectors that require particular attention, including electrical grids.
However, the directive primarily applies to very large projects, leaving smaller power generation projects vulnerable. This is particularly relevant to solar, which is not only produced in large farms but also by countless dispersed, smaller photovoltaic projects, such as those on rooftops and factory grounds.
Linus Höller is a Europe correspondent for Defense News. He covers international security and military developments across the continent. Linus holds a degree in journalism, political science and international studies, and is currently pursuing a master’s in nonproliferation and terrorism studies.
