{"id":180000,"date":"2026-01-20T12:13:00","date_gmt":"2026-01-20T17:13:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/20\/eus-revised-cybersecurity-law-targets-high-risk-suppliers\/"},"modified":"2026-01-20T12:15:10","modified_gmt":"2026-01-20T17:15:10","slug":"eus-revised-cybersecurity-law-targets-high-risk-suppliers","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/20\/eus-revised-cybersecurity-law-targets-high-risk-suppliers\/","title":{"rendered":"EU\u2019s revised cybersecurity law targets &#8216;high risk&#8217; suppliers"},"content":{"rendered":"<p><a href=\"https:\/\/www.pv-tech.org\/eus-revised-cybersecurity-law-targets-high-risk-suppliers\/\">EU\u2019s revised cybersecurity law targets &#8216;high risk&#8217; suppliers<\/a><\/p>\n<p><a href=\"https:\/\/www.pv-tech.org\/eus-revised-cybersecurity-law-targets-high-risk-suppliers\/\">https:\/\/www.pv-tech.org\/eus-revised-cybersecurity-law-targets-high-risk-suppliers\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-20 12:13:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.pv-tech.org\">www.pv-tech.org<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>The proposal outlines measures to identify high-risk \u201cthird countries\u201d and companies supplying digital equipment or components to the EU and exclude them from key digital infrastructure.<\/p>\n<p>The Commission said the proposal aims to enable \u201cthe EU and Member States to jointly identify and mitigate risks across the EU\u2019s 18 critical sectors\u201d, which includes energy. Though a press statement by the Commission only outlines the \u201cmandatory derisking\u201d of the telecommunications sector.<\/p>\n<p>For renewable energy, particularly solar PV and energy storage, the major \u201cthird country\u201d of risk is China, though the Commission\u2019s proposal does not mention the country at all. Chinese companies have supplied the majority of the EU\u2019s solar inverters in recent months, which has raised cybersecurity concerns in the industry and in Brussels. The EU has already identified solar inverters as a \u201chigh-risk\u201d supply dependency in its Economic Security Doctrine published late last year.<\/p>\n<p>For example, data from European PV wholesaler Sun.store says that Huawei has been a leading supplier of solar inverters \u2013 many of which are digital and connected to cloud servers \u2013 despite the fact that the company has been restricted from the EU\u2019s 5G network on security grounds.<\/p>\n<p>The proposal includes provisions to potentially recall and phase out products that are already deployed in EU infrastructure if the supplier is found to be high-risk. PV Tech Premium analysed the implications of a phaseout of Chinese technology for the solar sector last week.<\/p>\n<p>The supply chain restrictions focus on \u201cnon-technical\u201d risks, which the Commission says refers to the risk that a supplier is \u201csubject to influence by a third country\u201d that could disrupt an essential service or \u201cthe exfiltration of data, \u201cincluding for the purposes of espionage or revenue generation\u201d.<\/p>\n<p>\u201cCybersecurity threats are not just technical challenges. They are strategic risks to our democracy, economy, and way of life,\u201d said Henna Virkkunen, the Commission executive vice-president for tech sovereignty, security and democracy. \u201cWith the new Cybersecurity Package, we will have the means in place to better protect our critical ICT supply chains but also to combat cyber attacks decisively. This is an important step in securing our European technological sovereignty and ensuring a greater safety for all.\u201d<\/p>\n<p>The proposal also introduced clarifications for the European Cybersecurity Certification Framework (ECCF) which it said would \u201cbring more clarity and simpler procedures\u201d and allow some certifications to be \u201cdeveloped within 12 months\u201d. Businesses will also be able to voluntarily submit to ECCF compliance, which it said would be a \u201ccompetitive asset for EU businesses\u201d. This seems to avoid a mandatory certification process, which was discussed during the CSA review process. <\/p>\n<p>It also brought in measures to bolster the EU\u2019s Agency for Cybersecurity (ENISA), which was introduced with the first passage of the CSA in 2019.<\/p>\n<p>In response to the proposal, Dries Acke, deputy CEO of SolarPower Europe, said: \u201cIt is very good that the European Commission takes cybersecurity topics seriously.<\/p>\n<p>\u201cThe key remains to have robust EU-wide standards and protocols for cybersecurity that apply to all digital components and companies active on the European energy market. Europe needs to be resilient to all types of attacks from all sides.\u00a0<\/p>\n<p>\u201cAs the solar-specific risk and impact assessment on cybersecurity is ongoing, we look forward to continuing the constructive cooperation with the Commission, and engage with the renewed mandate of ENISA, as well as through the streamlined European Cybersecurity Certification Framework.\u201d<\/p>\n<p>PV Tech has contacted the Commission for clarification on the Act\u2019s implications for renewable energy. \u00a0<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>EU\u2019s revised cybersecurity law targets &#8216;high risk&#8217; suppliers https:\/\/www.pv-tech.org\/eus-revised-cybersecurity-law-targets-high-risk-suppliers\/ Publish Date: 2026-01-20 12:13:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":180001,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.pv-tech.org\/wp-content\/uploads\/2022\/04\/European_Commission_flags-768x576-1.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-180000","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/180000"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=180000"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/180000\/revisions"}],"predecessor-version":[{"id":180002,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/180000\/revisions\/180002"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/180001"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=180000"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=180000"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=180000"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}