Back to articles
Illustrative image: solar inverters and energy cybersecurity

Chinese inverters with ghost communications: the risk many ignore

Published on 12 May 2025 by Catarina Costa

  • Solar PV
  • Innovation & Technology
  • Energy Transition
In this post

The energy transition is accelerating across Europe.

Thousands of photovoltaic systems are installed every month, connected both to the electricity grid and to the internet.

This interconnection is essential for efficiency and modernisation in the sector, but it also opens the door to new risks, especially in cybersecurity and equipment integrity.

Recently, a Reuters investigation published on 14 May 2025 revealed an alarming finding: the presence of undocumented communication devices in Chinese-made solar inverters.

Ghost machine: Rogue communication devices found in Chinese inverters (Reuters)

This episode raises serious concerns about the transparency, traceability and security of many of the devices that now support Europe's electricity grid.

Undocumented communication devices: what was discovered?

The investigation found that certain Chinese inverters contained undeclared communication modules, meaning components capable of transmitting data externally without operators' knowledge and without any mention in the technical documentation.

In some cases, these modules continued to emit signals even when conventional communications were switched off, indicating the existence of parallel active transmission channels.

These devices were connected to residential and commercial installations in several countries, operating invisibly and without an auditable record.

This is a serious vulnerability in a context where energy and cybersecurity have become inseparable.

Implications for energy infrastructure

The energy sector is undergoing a deep digital transformation.

Systems have become smarter, more connected and more automated, but also more exposed.

Every device connected to the grid represents a potential entry point for attacks.

When that device is opaque, unauditable and does not follow international standards, the risk increases exponentially.

In this case, many of the identified inverters send data and receive commands through external servers, without guarantees of compliance with European standards such as:

  • IEC 62443: industrial cybersecurity;
  • GDPR: personal data protection;
  • EN 303645: security for IoT devices.

The importance of European technological sovereignty

The incident raises a critical question: who controls the technology that controls energy?

Dependence on low-cost equipment, without traceability or independent certification, puts not only consumer privacy at risk, but also national and European energy security.

Choosing equipment based only on price, while ignoring firmware origin, data destination and the associated cloud architecture, is incompatible with the European Union's energy security needs.

Europe needs to regain technological sovereignty in the energy sector. That path begins by prioritising auditable and trusted equipment.

Enbiente's position

Since its foundation, Enbiente has maintained a clear and rigorous policy for selecting equipment:

  • We work exclusively with European and auditable manufacturers, such as SMA, Fronius, Victron, Studer, FAAM and WeCo;
  • We require all firmware to be traceable, updateable and documented;
  • We ensure security logs, version history and certified technical support;
  • We reject equipment whose internal architecture prevents independent verification of communications;
  • We prioritise manufacturers with a solid presence in Europe, subject to EU technical and legal standards.

This approach is more demanding, but it is also the only one that guarantees security, reliability and long-term sustainability.

At Enbiente, we refuse to integrate solutions of unclear origin, even when that means higher costs or more difficult commercial decisions.

Because we believe clean energy must never compromise digital security.

Conclusion: cybersecurity is the new pillar of the energy transition

The case revealed by Reuters should not be seen as an exception, but as a strategic warning.

As Europe advances in the energy transition, it is essential to ensure that the infrastructure on which this autonomy is built is transparent, secure and sovereign.

Cybersecurity is no longer a technical detail. It is an essential condition for trust in the electricity system of the future.

Do you want to make sure your photovoltaic system is secure and auditable?

Enbiente's technical team performs specialised audits, validates equipment compliance and proposes secure, certified solutions for each installation.

Contact us.

The energy transition is only sustainable when it is also secure.

Go deeper