Romania drafts cybersecurity rules for PV, cogeneration up to 1 MW
AI Analysis
Summary
Romania plans to amend its energy law to require the National Cybersecurity Directorate (DNSC) to define technical standards for PV and cogeneration systems up to 1 MW, aimed at preventing data breaches and safeguarding grid operations.
<p class="p1"><span class="s1">Romania plans to amend its energy law to require the National Cybersecurity Directorate (DNSC) to define technical standards for PV and cogeneration systems up to 1 MW, aimed at preventing data breaches and safeguarding grid operations.</span></p><p>Romania’s Senate is discussing a <a href="https://www.senat.ro/legis/lista.aspx?nr_cls=b432&an_cls=2025" rel="noopener" target="_blank">draft proposal</a> to the 2012 Energy Law that would introduce stricter cybersecurity requirements for renewable power generators with a capacity of up to 1 MW.</p>
<p>The measure would mandate the Romanian DNSC to define the technical standards that PV system owners must follow.</p>
<p>The proposal also stipulates that all PV and cogeneration systems up to 1 MW must be granted grid access and priority dispatching under the oversight of the DNSC.</p>
<p>The draft says the new measures are designed to prevent sensitive information from being stolen from power generation assets by actors within the supply chain or by “malicious” states, while also ensuring grid stability and energy supply security.</p>
<p>It also cites the European Union’s <span xml:lang="EN-US"><span><a href="https://www.pv-magazine.com/2024/04/25/european-parliament-votes-in-favor-of-net-zero-industry-act/" rel="noopener" target="_blank">Net-Zero Industry Act</a></span></span> (NZIA), which aims to produce at least 40% of Europe’s annual deployment needs for key clean technologies, including PV modules, batteries, and heat pumps, as part of the rationale for tightening cybersecurity rules.</p>
<p>“<span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">Renewable energy installations face a wide range of potential supply chain cybersecurity risks,” the draft proposal said. “This issue has also been debated at the European Union level, resulting in both its recommendations addressed to various stakeholders and, most recently, the Net Zero Industry Act, which provides that a certain part of tenders for certain renewable energy technologies must include pre-qualification criteria on responsible business conduct, cybersecurity and data security.”</span></span></span></p>
<p>Earlier this year, SolarPower Europe published a <a href="https://www.pv-magazine.com/2025/05/09/cybersecurity-european-solar-power-plants-under-pressure/" rel="noopener" target="_blank">report</a> on cybersecurity concerns surrounding solar installations in the European Union.</p>
<p>In September, Czechia's National Cyber and Information Security Agency (Núkib) said Chinese inverters in small solar power plants represent a <a href="https://www.pv-magazine.com/2025/09/08/czech-cybersecurity-agency-warns-against-chinese-solar-inverters/" rel="noopener" target="_blank">potential security threat to the nation</a>.</p>
<p>In July, the Dutch government said it is <a href="https://www.pv-magazine.com/2025/07/09/netherlands-increasing-vigilance-on-solar-inverter-related-cybersecurity-risks/" rel="noopener" target="_blank">remaining vigilant</a> to potential <a href="https://www.pv-magazine.com/2025/09/05/the-cybersecurity-gap-in-solar-and-how-to-close-it/" rel="noopener" target="_blank">cybersecurity</a> threats from solar inverters, while Lithuania has already <a href="https://www.pv-magazine.com/2024/11/18/lithuania-bans-remote-chinese-access-to-solar-wind-storage-devices/" rel="noopener" target="_blank">banned remote Chinese access</a> to management systems of solar, wind and storage facilities.</p>