The Inquest Analysis
May 22, 2025
In a revelation that has sent shockwaves through the global energy sector, U.S. energy officials have uncovered undocumented communication devices, including cellular radios, embedded in Chinese-made solar power inverters and batteries. This discovery, first reported by Reuters on May 14, 2025, has raised urgent concerns about cybersecurity risks, particularly for nations like the G7, European Union (EU), and Gulf Cooperation Council (GCC) states, where stringent laws govern sabotage, espionage, and data privacy. With China dominating 70% of the global solar inverter market, the implications of these “rogue” devices—capable of bypassing firewalls and potentially destabilizing power grids—are profound.
Solar inverters are critical components that connect solar panels, wind turbines, and batteries to electricity grids, converting direct current (DC) to alternating current (AC). While designed for remote updates and maintenance, inverters typically operate behind utility-installed firewalls to prevent unauthorized access. However, U.S. experts, during routine security inspections, found unlisted communication modules in inverters from multiple Chinese suppliers, including industry giants like Huawei, Sungrow, and Ginlong Solis. These devices, not disclosed in product documentation, could enable remote actors to manipulate or disable inverters, potentially triggering widespread blackouts or damaging energy infrastructure. One expert starkly warned, “This effectively means there is a built-in way to physically destroy the grid.”
The issue gained prominence after a November 2024 incident when inverters in the U.S. and other regions were remotely disabled from China during a commercial dispute between suppliers Sol-Ark and Deye. This event underscored the vulnerability of renewable energy systems to foreign influence, prompting alarm among government officials. The U.S. Department of Energy (DOE) emphasized the need for transparency, stating, “While this functionality may not have malicious intent, it is critical for those procuring to have a full understanding of the capabilities of the products received.” The DOE is now advocating for mandatory “Software Bill of Materials” (SBOMs) to ensure all components are documented.
For G7 and EU nations, the stakes are high. Europe’s 200 gigawatts of solar capacity—equivalent to over 200 nuclear power plants—relies heavily on Chinese inverters. The European Solar Manufacturing Council (ESMC) called the findings “very concerning,” urging the European Commission to implement a cybersecurity “toolbox” for inverters. Lithuania has already passed legislation banning remote Chinese access to solar, wind, and battery installations above 100 kilowatts, while Estonia’s intelligence chief warned of potential blackmail if Chinese technology remains in critical sectors. The UK is reviewing Chinese renewable energy tech, with results expected soon.
GCC states, heavily invested in renewable energy, face similar risks. Their stringent data privacy and cybersecurity laws could penalize distributors if these rogue devices lead to breaches. Experts note that while manufacturers like Huawei may escape accountability due to their global influence, wholesale and retail distributors could face hefty fines or legal action for supplying compromised products to end-users. This disparity highlights a critical gap in global supply chain oversight.
In India, the discovery is particularly alarming. With ambitious solar energy targets under the National Solar Mission, India imports a significant portion of its inverters from China. Recent cyberattacks, including those reported by Maharashtra’s Cyber Police post the May 2025 India-Pakistan conflict, underscore the nation’s vulnerability. India’s reliance on ISRO’s surveillance satellites, like RISAT-2BR1, and its push for “Atmanirbhar Bharat” (Self-Reliant India) could accelerate efforts to develop indigenous solar technology. Experts urge India to adopt stricter import regulations and invest in local manufacturing to mitigate risks.
Globally, the issue reflects growing U.S.-China tensions. Chinese companies are legally obligated to cooperate with Beijing’s intelligence agencies, raising fears of state-sponsored espionage or sabotage. NATO has warned that China’s control over critical infrastructure is intensifying, urging member states to reduce strategic dependencies. The U.S. has restricted Huawei’s access to its technology since 2019, and a new bill, the Decoupling from Foreign Adversarial Battery Dependence Act, aims to ban purchases from six Chinese battery firms by 2027. However, no similar legislation targets inverters, leaving a regulatory gap.
The Chinese embassy in Washington denied malicious intent, accusing the U.S. of “distorting and smearing China’s infrastructure achievements.” Yet, skepticism persists, fueled by past incidents like the Salt Typhoon cyberattacks linked to China’s Ministry of State Security. As nations reassess their reliance on Chinese renewable energy tech, the push for domestic manufacturing and robust cybersecurity frameworks has never been more urgent. For now, the discovery of these rogue devices serves as a stark reminder: the transition to clean energy must not come at the cost of national security.
