Excitement about "solar peak law": no control via manufacturer clouds

On the weekend, media reports about a planned change in the law caused a stir: The planned “Solar Peak Act” would provide control options for inverters of photovoltaic systems, which would enable grid operators to ensure the stability of the grids in the event of oversupply. As many of these systems or their components come from Chinese manufacturers, the amendment to the law creates a massive safety risk. However, there is no such direct connection, as the German Solar Industry Association confirmed when asked.

The proposed amendments to the Energy Industry Act were the subject of a hearing on Wednesday last week in the Bundestag Committee on Climate Protection and Energy. The aim of the law is to smooth out the peaks in photovoltaic feed-in. A key measure: no feed-in tariff is to be paid in times of negative electricity prices.

However, it is not only this financial measure that is planned, but also a technical one: the word “control” appears 171 times in the draft law. The text does not mention that the manufacturers' cloud services are to be used to reduce surpluses, for example. According to media reports from the weekend, the German Federal Office for Information Security (BSI) has raised concerns about IT security in this context. The BSI will not confirm this when asked by heise online. As a matter of principle, the authority does not comment on proposed legislation.

What does the “Solar Peak Act” say about control?

The German Solar Industry Association was one of ten experts consulted on the planned amendments by the Bundestag Committee on Climate Protection and Energy. heise online therefore asked the interest group whether the proposed amendments or the law provide for or imply control via manufacturer clouds. The answer:

“No, as far as we are aware, such a thing is not required by the current draft law,” a spokesperson for the German Solar Industry Association explained to heise online. The digital security of the electricity system must of course be guaranteed. “The authorization to issue an ordinance planned in Section 94 EEG-E merely gives the Ministry of Economic Affairs [BMWK] and the transmission system operators the fundamental option of limiting the feed-in of solar systems if this is necessary to ensure that the systems are operated in a way that serves the system.”

The German Solar Industry Association adds: “The authorization only covers systems in the feed-in tariff, i.e., smaller PV systems under 100 kilowatts peak (kWp). The authorization to issue an ordinance enables the BMWK to create another option for the transmission system operators to improve the system integration of smaller photovoltaic systems. This strengthens system stability.” He also clarifies: “Contrary to what was reported in the media on the weekend, Section 94 EEG-E does not introduce control of PV systems via inverter manufacturers. It is merely an authorization for the BMWK to regulate this issue.”

The Federal Association continues: “Should the BMWK issue an ordinance, the Kritis Roofs Act already in force today and the Kritis ordinances and the NIS 2 (Second EU Directive on Network and Information Security) Implementation Act, which are also in the legislative process, must, of course, be complied with.” As a result, the same security standards would continue to apply to these systems smaller than 100 kW as already apply to large PV and wind farms today. The regulation authorization also leaves room for additional security standards.

Warning against manufacturer clouds

Irrespective of the planned amendment to the law, there are fundamental concerns about the safety of manufacturer clouds of inverters. Many of these inverters come from Chinese manufacturers. Bayerischer Rundfunk quotes the BSI as saying that “the central government in Beijing could exert direct influence on a system-relevant part of the German power supply” via the internet-enabled components of solar systems.

These concerns are understandable. At the end of last year, for example, Deye and Sol-Ark inverters in the USA were shut down – although in this case, a “check of the authorization status” was the decisive factor. Nevertheless, the incident shows that the systems could be maliciously misused to destabilize grids. However, this should be viewed separately from the “Solar Peak Law”, there is no direct connection.

(dmk)