China Holds a Kill Switch to European Power Grids

As the EU leans into its ambitious climate goals, solar energy has become the poster child of the energy transition. On the surface, it appears to be a success story in the global race toward decarbonization. But peel back the layers, and a more troubling picture emerges: Europe’s solar backbone increasingly runs through China.

A critical portion of Europe’s solar systems is connected to remote management platforms developed by Chinese companies, hosted on Chinese servers, and bound by Chinese law. At the center of this control lies the solar inverter – the device that acts as the digital brain of a solar system. It converts electricity generated by solar panels into usable power, while also connecting the system to external platforms for monitoring, remote management, software updates, and control.

As flagged by intelligence agencies such as MI5 and other Five Eyes partners, China’s dominance in clean technology – and particularly its access to remote connectivity – is increasingly viewed as a weapon that could be used for remote shutdowns, takeovers, or strategic coercion during a geopolitical crisis.

Banned from 5G, Welcomed into the Power Grid

Europe celebrates each added gigawatt of solar capacity as a win for strategic autonomy, carefully sidestepping the fact that the underlying infrastructure is anything but autonomous. Despite years of debate about supply chain resilience, more than 70 percent of world’s solar inverters come from Chinese manufacturers. The three biggest players – Huawei, Sungrow, and Ginlong Solis – are all Chinese. Here lies the first paradox: Huawei has been banned from a large portion of Europe’s 5G networks due to national security concerns, yet its technology is welcomed into the power grid.

Only a few countries, such as Estonia and the United Kingdom, appear to recognize this inconsistency. After banning Huawei from its 5G infrastructure, Estonia is now sounding the alarm as the same company pivots aggressively into the energy domain. Britain faces a similar dilemma. As reported by the Telegraph, experts warn that allowing a company once deemed a national security threat in telecommunications to build the digital backbone of the UK’s clean energy transition is a dangerous contradiction. Lithuania has gone even a step further. In April 2024, it became the first EU country to act decisively, passing a law explicitly banning China from remotely accessing and controlling the digital systems of its renewable energy assets, treating Chinese remote access for what it really is: a national security vulnerability.

The rest of Europe, meanwhile, seems content to look the other way, treating solar as a climate success story free from strategic entanglements. Energy sovereignty may be the buzzword in Brussels, but little is being done to confront the reality that Europe’s energy systems are becoming increasingly dependent on Chinese remote platforms. All the while, Chinese inverters – heavily subsidized and offered at prices few customers can resist – continue to flood the European market.

Critical Infrastructure by Accident

This brings us to the second paradox, exemplified clearly by the Czech Republic. The country has worked diligently to exclude Chinese companies from its nuclear energy sector, citing national security concerns. Chinese firms were barred from participating in the tender for new reactors at the Dukovany Nuclear Power Station – a project involving the construction of two 1.15-gigawatt units and representing the nation’s largest energy investment to date. At the same time, however, Czechia has installed over 3.5 gigawatts of solar capacity, much of it managed via Chinese remote platforms, without any significant public debate.

What’s happening in Czechia is merely a localized version of a continent-wide contradiction. Across Europe, solar is scaling rapidly, with far too little scrutiny of who ultimately controls it. With more than 380 gigawatts of installed capacity now integrated into the EU grid, the technology has reached the scale of critical infrastructure – yet it still remains largely outside the strategic and regulatory frameworks that govern such essential systems.

Positioned to Strike

Before we discuss what could happen with all these remotely controllable gigawatts, we should recall what has already happened. The timeline of incidents targeting electric energy infrastructure over the last decade tells a clear story: the two most persistent, well-resourced, and strategically focused actors are Russia and China.

Take Russia’s GRU-affiliated hacking group Sandworm, responsible for the 2015 and 2016 cyberattacks on Ukraine’s power grid. The 2015 attack caused widespread blackouts using relatively crude malware, but by 2016, Sandworm deployed Industroyer – first malware designed specifically to disrupt grid operations. These attacks caused severe blackouts, directly impacting civilian populations. In 2022, during Russia’s full-scale invasion of Ukraine, Sandworm resurfaced with Industroyer2, aimed at high-voltage substations. This time, however, Ukrainian defenders successfully neutralized the threat before it could trigger widespread outages.

Since then, suspected Russian-linked cyberattacks have targeted renewable energy infrastructure elsewhere in Europe. In 2022, several German offshore wind farms and a key energy company were hit by cyber incidents linked to Russian threat actors. Two years later, in 2024, Lithuania suffered cyberattacks attributed to the Russian JustEvil group, allegedly disrupting the operation of solar power systems.

China, meanwhile, plays a longer game. Unlike Russia’s smash-and-break approach, China prioritizes stealth: it uses legitimate tools to move undetected, blending into normal operations, to hold leverage until the moment arises. For years, Chinese state-linked groups have methodically infiltrated foreign cyberspace. The recently exposed Volt, Salt, and Flax Typhoon threat actors were just the latest chapters of this long-term strategy. US officials have confirmed that these groups had infiltrated critical infrastructure networks, including power systems in Guam and potentially the US mainland, with the intent of positioning themselves for future disruptions. In China’s playbook, every foothold is a future bargaining chip – and history shows it will use them.

The Price of Dependence

Beijing fosters dependence on China-dominated supply chains, and then weaponizes these links. When political tensions rise, Beijing does not hesitate to act. Lithuania experienced this firsthand after strengthening ties with Taiwan, prompting China to block Lithuanian goods at customs and choke its exports. In Czechia, security concerns over Huawei’s role in 5G networks were met with direct economic threats, with Chinese officials warning that the exclusion of Huawei would lead to retaliation that would impact the country’s GDP growth.

In similar cases, South Korea’s approval of the THAAD missile defense system triggered Chinese retaliation, as Korean businesses were quietly cut off from Chinese consumers, exposing their economic reliance. Norway too faced frozen diplomatic ties and throttled seafood exports after awarding the Nobel Peace Prize to a Chinese dissident, with Beijing again turning trade dependence into a tool of punishment. The pattern is always the same: build dependencies, then squeeze them when political loyalty wavers.

The Kill Switch Scenarios

There are many ways China could use its remote access to Europe’s solar fleet to apply pressure without ever flicking a switch. In a non-physical-damage scenario, access to Europe’s solar infrastructure becomes just another lever of pressure – a reminder to decision-makers that European grids could become unstable if relations with Beijing sour. But if tensions escalate, the technical possibilities get much uglier.

The nightmare scenario is a coordinated remote shutdown. Tens or hundreds of thousands of inverters could be disabled by remote command. Within seconds, gigawatts of solar generation would vanish from the power grid. Europe’s transmission system can typically absorb a sudden 2-to-5-gigawatt loss without falling apart. Push beyond 10 gigawatts, and you risk cascading failures. Grid sections would start detaching themselves to survive, frequency would plummet, spinning reserves would struggle to keep up, resulting in fragmentation and rolling blackouts.

But crude shutdowns are not the only threat. Modern solar inverters can be remotely switched from supplying real power to injecting reactive power – a change that can destabilize voltage profiles across the grid. A sudden surge of reactive power could overload compensation systems, trigger protection relays, and knock sensitive generators offline – without any clear sign of sabotage. Thousands of inverters, acting in sync, could ripple distortions across Europe’s power grid and destabilize entire regions.

The Choice Ahead

Considering the significance of these risks, Europe can no longer afford to treat clean energy as geopolitically neutral. Defusing the hidden risks requires action in at least four areas:

1. 1. Recognize Solar as Critical Infrastructure: Solar inverters are active participants in grid stability. From a cybersecurity perspective, they must no longer be treated as low-risk consumer electronics; instead, strict cybersecurity standards must be applied by design.
2. 2. Rethink Power Grid Defense: Distributed solar assets are scattered across millions of rooftops, with no unified defense perimeter. Because of this, the same protection strategies used for centralized assets like nuclear power plants cannot be applied. The rise of distributed critical infrastructure demands a redefinition of what critical infrastructure means, as well as a new methodology for securing millions of interconnected, remotely accessible assets.
3. 3. Prohibit Remote Access from Adversarial Jurisdictions: Following Lithuania’s example, the EU must ban remote access from adversarial countries. Remote access must be restricted exclusively to trusted entities operating under European or allied partners’ legal frameworks.
4. 4. Diversify the Supply Chain: The EU must move beyond slogans and actively support European and allied manufacturers struggling to compete with China’s heavily subsidized, state-backed solar technology.

Europe faces a simple but uncomfortable decision. It can continue down the current path, celebrating solar expansion while ignoring who ultimately holds the switch, or it can act now, confront the risks, and rebuild energy sovereignty before the next crisis makes the cost of inaction painfully clear.