Stichting ElaadNL
ElaadNL is het kennis- en innovatiecentrum op het gebied van slimme laadinfrastructuur voor elektrische auto’s.
ID: 779755725199-16
Lobbying Activity
Meeting with Jeannette Baljeu (Member of the European Parliament)
11 Feb 2025 · Charging infrastructure
Response to Cyber Resilience Act
18 May 2022
None of the current EU-instruments specifically addresses the cyber security of the EV-recharging infrastructure at this moment in time. The EU-policy regarding the cyber security of recharging infrastructure seems scattered and there is no comprehensive approach. In this context, the proposed Cyber Resilience Act may act as a safety net to fill in the legislative gaps which are not covered by specific instruments. Thus it covers the entire recharging ecosystem, today and in the future.
Furthermore, the CRA offers important benefits:
1. The horizontal approach covers a wide range and includes new market roles and system interfaces that may appear in future.
2. SaaS can be included.
3. The CRA covers the whole life cycle of a product (please note that for a recharging points this may be 10 years or longer).
4. Conformity assessment rules can be based upon a risk-based approach (please note that the risk of a blackout of the electricity grid is the product of a chance that may be very small and an enormous societal and economic impact).
Read full responseMeeting with Caroline Nagtegaal (Member of the European Parliament, Shadow rapporteur) and Airbus and REG International Trading & Commodities B.V
19 Nov 2021 · AFIR
Response to Smartwatches and connected toys
25 Aug 2021
ElaadNL welcomes the opportunity to give feedback on the European Commission Delegated Regulation concerning the essential requirements for radio equipment. We would like to point out that many radio equipped devices are connected to the electricity grid. Some of these devices such as recharging points for electric vehicles, heat pumps, stationary batteries and inverters for solar panels use a considerable amount of electric power (2-11 kW). Typically, such devices are connected via a GPRS, 4G/5G or WiFi connection to the back office of central system of the manufacturer, the vendor or an independent operator. Such parties may be able to remotely control the devices and thus switch large numbers of devices on or off simultaneously.
The European electricity grid has a delicate balance between electricity production and demand to keep the grid frequency at 50 Hz. This is crucial for the functioning of all electric and specifically electronic equipment. For the European transmission system operation, the reference incident is 3.000 MW in positive or negative direction according to the EU-Regulation. This is the maximum fluctuation that can be countered in time. Larger deviations may result in instability of the entire European electricity grid, even in a black out situation in multiple countries.
If a malicious party is able to enter the central system, or can compromise the communication itself, of a large number of radio equipped devices, the total switchable power may exceed the 3.000 MW mentioned above. For example: 300.000 recharging points for electric vehicles of 11 kW each represent such power. 300.000 recharging points is a relatively small number, knowing that more than one million plug-in vehicles were registered in the EU27 in 2020 and that electric mobility is growing exponentially. Many member states have the policy that new car sales will be entirely zero emission from 2035 or even 2030 onwards.
Also the energy transition in general is speeding up and the volumes of heat pumps and solar systems increase rapidly. The EU ‘Fit for 55’- package will accelerate market adoption of the devices mentioned.
Therefore we have to make sure that such radio equipped devices with relatively large (> 2 kW) electric power are secure by design and have secure communication to their back end systems.
The majority of such devices for domestic or business application use GPRS/4G/5G, the local WiFi-connection of the property and sometimes Zigbee or other techniques. In public areas, devices generally use mobile communication varying form GPRS to LTE and even 5G. Also in this domain other techniques such as LoRa, Sigfox, LTE-M or NB-IoT are being used.
Of course, the security of the devices themselves must be organised. This includes certification of software, access control for authorized service staff, incident handling etc. These subjects are within the scope of other European regulation such as the EU Directive on security of network and information systems (NIS).
But, for the sake of the stability of the European electricity grid, we must make sure the communication itself is not falling between the cracks.
Read full response