EU Freezes Funding for Solar Projects Using Chinese Inverters
The European Commission has frozen funding for solar energy projects that use key components from Chinese suppliers, particularly inverters, citing cybersecurity risks to critical infrastructure. The restriction applies to projects financed by the European Investment Bank and partner banks, and officials warned that inverters from high-risk suppliers could be used to manipulate electricity production parameters, disrupt generation, access operational data without authorization, or remotely shut down systems in ways that could contribute to large-scale blackouts.
The move comes as the EU prepares revisions to the Cybersecurity Act that could enable broader market restrictions or bans on inverters from high-risk suppliers. While officials did not publicly name a company, reporting identified Huawei as the likely focus because of China’s high-risk classification and the company’s strong position in the inverter market. The decision also reflects wider concern that Europe’s clean-energy transition is creating strategic dependence on Chinese technology, prompting countries including Lithuania and France to tighten limits on Chinese participation in solar supply chains.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
EU advances Cybersecurity Act revision targeting high-risk inverters
Alongside the funding freeze, the EU was preparing revisions to the Cybersecurity Act that could formally enable broader bans on inverters from high-risk suppliers in the EU market.
European Commission freezes funding for projects using Chinese inverters
The European Commission froze financing for solar energy projects that use key Chinese-supplied components, especially inverters, citing cybersecurity risks to critical infrastructure. The restriction applies to projects backed by the European Investment Bank and partner banks.
France adopts procurement measures to curb Chinese solar dependence
France introduced procurement measures in 2026 aimed at reducing reliance on Chinese components in solar projects, signaling a broader European shift toward restricting high-risk suppliers.
Lithuania bans Chinese involvement in large solar installations
Lithuania moved in 2024 to prohibit Chinese participation in large solar installations, reflecting early national-level concern over supply-chain and cybersecurity risks in energy infrastructure.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
European Commission halts funding for Huawei solar tech solutions - Huawei Central
huaweicentral.com
Open sourceEurope Cuts Off Funding for Chinese Solar Inverters
bankinfosecurity.com
Open sourceEurope Cuts Off Funding for Chinese Solar Inverters
govinfosecurity.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
EU Proposal to Expand Cybersecurity Act and Restrict High-Risk Technology Suppliers
The European Commission unveiled a revised **EU Cybersecurity Act** proposal that would allow the bloc to identify and potentially exclude **“high-risk” suppliers**—including those deemed vulnerable to *third-country influence*—from critical digital infrastructure across **18 essential sectors**. The proposal also aims to streamline and accelerate EU-wide cybersecurity certification, reflecting a shift toward treating supply-chain security as both a technical and **geopolitical** risk-management issue. Reporting highlighted that the proposal, while not naming countries, is widely viewed as targeting Chinese vendors and supply dependencies—particularly around **network equipment** and connected energy technologies such as **solar inverters** that may connect to cloud services and create potential access paths into the energy grid. Separate coverage of the same Commission initiative noted plans to expand **ENISA’s** mandate, including closer operational cooperation with national authorities to help counter threats such as **ransomware**, but emphasized that the proposal still requires negotiation and approval by the European Parliament and member states before it can take effect.
Mar 21, 2026
Europe Warns of Rising Threats to Energy Grids and Undersea Infrastructure
European officials and industry reporting have highlighted a widening threat to critical infrastructure as cyber risks to electricity networks grow alongside military monitoring of subsea assets. An International Energy Agency assessment cited in Spanish reporting said cyberattacks on critical energy infrastructure rose 30% in 2023 to **420 million** globally, while attacks on energy service companies have quadrupled since 2020. Recent incidents include the 2022 satellite communications disruption that knocked **5,800 wind turbines** offline in Germany and breaches affecting more than 20 Danish energy companies. Authorities have also warned that compromised smart meters, solar inverters, and battery systems could be used to destabilize grid frequency or trigger broader outages. The concern extends beyond direct hacking to supply-chain and geopolitical exposure tied to digitally connected clean-energy equipment and other strategic infrastructure. European and U.S. authorities reviewed communications modules in imported solar and battery systems, while Lithuania moved to block remote access by Chinese suppliers to solar, wind, and storage control platforms. Separately, the UK said British and Norwegian forces carried out a month-long operation to track a Russian attack submarine and two GUGI-linked spy submarines near North Atlantic cables and pipelines, underscoring fears that hostile states could target the seabed networks that carry **99% of international telecommunications traffic** and support a major share of regional energy supplies.
Apr 9, 2026
EU Cybersecurity Act Revision Targeting High-Risk Telecom and IT Suppliers
The European Commission is pursuing revisions to the EU Cybersecurity Act to strengthen **union-level supply-chain risk management** for critical IT and telecom infrastructure, including the ability to impose targeted mitigations such as restrictions or bans on components from **“high-risk suppliers.”** Reporting indicates the proposal could effectively force member states to remove non-compliant equipment within a relatively short window—potentially **as little as three years**—as part of a broader effort to counter increasingly sophisticated hybrid threats to European infrastructure. The initiative is widely viewed as an attempt to harmonize and accelerate national actions that have been uneven across the bloc, amid long-running concerns about reliance on vendors such as **Huawei** and **ZTE** in 5G and other network deployments. The Commission’s approach emphasizes coordinated risk assessments and common rules for supplier trust decisions, reflecting ongoing debate over whether certain third-country suppliers could be compelled—via domestic legal obligations—to support state espionage or disruption operations, despite vendor denials of wrongdoing.
Mar 21, 2026