Lithuania’s grid operators can now disconnect solar plants without cybersecurity measures
Lithuania’s grid operators can now disconnect solar plants without cybersecurity measures
Publish Date: 2026-06-05 08:10:00
Source Domain: www.pv-magazine.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
Grid operators in Lithuania can now disconnect solar power plants from the grid that are not compliant with cybersecurity measures now in force.
Lithuania first announced plans to tighten its cybersecurity laws in November 2024 by passing legislation that blocked Chinese manufacturers from remotely accessing the country’s solar, storage and wind facilities.
The legislation, applicable to plants and devices with capacities in excess of 100 kW, was brought into effect for new projects on May 1, 2025, with existing sites given until June 1 this year to comply. It requires project owners to comply with cybersecurity requirements spanning multi-factor authentication, secure communications, supply-chain security controls, incident reporting procedures, and physical security, as well as imposing restrictions on remote access. Plant owners must subsequently pass an audit demonstrating compliance.
Lithuanian green energy technology company Inion Software says it has worked with and assessed numerous solar, wind and battery projects across Lithuania as operators prepared for the new rules.
The company’s CEO, Šarūnas Stanaitis, told pv magazine that Lithuania’s power plants are becoming more secure as a result of the measures, in turn making the country’s grid independent and safer, but acknowledged that it requires additional equipment to be installed and programming to work be implemented.
“Here, plant owners are facing two problems,” he explained. “Firstly, for small plants, of say 120 kW, the cost of cybersecurity requirements are pretty high. Secondly, there are not many companies in the market to implement cybersecurity measures and the waiting list is a few months.”
“The cybersecurity deadline has already passed, and many companies are stressed now because grid operators might shut down their plants until they implement cybersecurity measures.”
Stanaitis confirmed that as the deadline to implement cybersecurity measures have already passed, grid operators can theoretically disconnect power plants that have no cybersecurity measures installed.
“In practice, grid operators do not know how to behave, creating uncertainty,” he added. “After discussion with the National Energy Regulatory Council and grid operators, the unofficial version is that those who have started cybersecurity implementation works and have a contract for the work will not be disconnected, others will be.”
When asked what is the main cybersecurity weakness facing power plants, Stanaitis said the biggest threat for solar and battery projects is dependence on China.
“As 99% of power plants are using Chinese inverters, they can be controlled from China remotely, and all at once,” he explained. “The threat from hackers is also pretty high because in most projects, access to the plants is not secure. The situation is better for wind plants, but still, cybersecurity measures are weak there as well.”
Stanaitis told pv magazine he is convinced other European countries will follow Lithuania’s lead and implement similar cybersecurity laws.
“It is a question of national security,” he said. “I would even see this as a question for the European Commission. They should take the lead here and make the law applicable to all countries.”
Lithuania added approximately 600 MW of solar last year, taking total capacity past the 3 GW threshold. Technical permits have been issued for an additional 4 GW of solar.
