SolarPower Europe, a Belgium-based solar industry association, has responded to the European Commission’s draft revision of the EU Cybersecurity Act released in Strasbourg. The draft revision would give the European Commission authority to identify cybersecurity risks and require mitigation measures based on formal risk and impact assessments. The response follows SolarPower Europe’s publication of Solutions for PV Cyber Risks to Grid Stability, a report prepared with DNV. The report identifies cybersecurity risks linked to direct inverter controls, particularly in small-scale PV systems. It states that while the compromise of a single installation has limited impact, coordinated control of multiple installations can affect power system efficiency at scale. The analysis further states that a targeted compromise of 3 GW of generation capacity can have significant implications for Europe’s power grid. It also notes that more than a dozen manufacturers control installed inverter capacities exceeding 3 GW. Of the 14 risk areas assessed, five were classified as medium risk, six as high risk, and three as critical risk. SolarPower Europe has reiterated the need for EU-wide cybersecurity standards and has noted that the Commission’s PV cybersecurity impact assessment remains ongoing.