Paris Backs Protectionism and Cybersecurity Requirements to Keep Out Chinese Firms
David Meyer •
April 8, 2026
President Emmanuel Macron has announced a solar procurement schedule to boost France’s renewable capacity. (Image: Shutterstock)
France is saying “non” to Chinese photovoltaic components through a mix of protectionism and cybersecurity requirements as it readies a government-backed program of new solar energy projects.
See Also: AI Impersonation Is the New Arms Race—Is Your Workforce Ready?
President Emmanuel Macron’s government set out a timeline for a solar procurement effort late last week, a couple of months after publishing a 10-year energy-transition roadmap called PP3, which envisions 1.2 gigawatts of new solar capacity. Companies will be able to bid for small and ground-mounted solar projects this coming July, and for other industrial installations in the fall. As is the French way, there’s a strong preference for French companies (see: France Latest EU Country to Ditch US Tech).
“Faced with the climate emergency, and as the consequences of the Iranian conflict have once again revealed the price of our dependencies, PPE3 sets a clear course: produce more low-cost decarbonized energy while strengthening our sovereignty,” junior energy minister Maud Bregeon said.
The government said its chief objective with small solar installations is to encourage citizens to go electric wherever possible, a change in power generation that should also shield them from wild swings in energy prices. For larger projects, the aim is more explicitly to onshore
panel production and break free from China’s grip on the market. The government said more than 80% of key photovoltaic components currently come from China.
In the short term, this will involve a “resilience criterion” in the upcoming calls for bids, requiring diversified sources of supply. The medium term will also see “strengthened requirements regarding durability and cybersecurity,” the government said.
All this is in line with the European Union Net-Zero Industry Act, a 2024 law that aims for member nations to produce 40% of the gear needed for energy-transition deployments by 2030. The law is a regulation rather than a directive – meaning it’s not open to the flexibilities of national interpretation – and it requires EU countries to feature cybersecurity in the pre-qualification criteria for renewable-energy deployment tenders.
Somewhat ironically, one reason China has been so successful in building up its photovoltaic equipment sector is that it also imposed domestic cybersecurity restrictions and pushed for self-reliance in a way that effectively shut out foreign vendors. Its dominance has raised cybersecurity concerns for the rest of the world. Many are particularly worried about the solar panel power inverters that turn harvested energy into current for the grid – and that, if remotely reconfigured or disabled en masse, could result in the hacking or destabilization of the grid.
“The risk is serious,” said Tobias Gehrke, a senior policy fellow at the European Council on Foreign Relations. He pointed to the major blackout that hit Spain and Portugal a year ago, due to cascading grid failures. Although there was no cybersecurity-related cause, Gehrke said, the incident showed “what kind of disruption that can have.”
Lithuania effectively banned Chinese inverters from its solar and wind installations in 2024 due to fears over remote access. Reuters reported in May 2025 that U.S. energy experts found undocumented communication devices in some China-made inverters, which could allow those devices to communicate back home in a way that bypasses the utility-company firewalls meant to prevent such things.
Beijing dismissed the reported concerns as “distorting and smearing China’s infrastructure achievements.” But several months later, EU lawmakers urged the European Commission to block Chinese photovoltaic component vendors such as Huawei and Sungrow from the continent’s critical infrastructure.
The EU’s executive body signaled that it was listening in a December communication on “strengthening EU economic security,” where it highlighted solar inverters as a prime example of a critical infrastructure risk. It suggested that the devices could prove to be vectors for “manipulating electricity production parameters, preventing electricity production, [and] access to operational data.”
The Commission earlier this year proposed a revision of the EU’s 2019 Cybersecurity Act, with a strong focus on protecting European critical ICT supply chains by shutting out certain vendors. When making the proposal, the EU executive body focused on telecommunications networks, but the text makes it clear that the same rules could be used to keep vendors from high-risk third countries – primarily meaning China, though that’s not explicitly written – out of many kinds of supply chains, including solar (see: Europe Readies Law to Eject Chinese Equipment From Telecoms).
Speaking to Information Security Media Group on Wednesday, Gehrke said he doubted that the big Chinese vendors want to attack European infrastructure, but Chinese cybersecurity laws require them to share key information and generally cooperate with the government there.
He suggested the best and “cleanest” way for France to deal with the issue would be to simply exclude companies like Huawei and Sungrow from the upcoming solar tenders.
Alternatively, Paris could allow those firms to supply their hardware, but ban them from remotely operating the control system. “You need to have your controls [in the hands of] a European company,” Gehrke said. But that would still forgo some of the benefits of what France is trying to achieve in terms of bolstering European competitors to the Chinese giants, he said.
China supports its champions with subsidies – both direct and across their supply chain – and also by shutting out foreign competition. If nothing is done to counter this, Gehrke warned, European solar manufacturers could go bust in a couple of years, leaving countries with no choice but to buy Chinese equipment. That would introduce a second-order cybersecurity risk in its own right. “You’d lose entire industry know-how, how to go about designing secure inverters,” he said.
Ultimately, Gehrke noted, there is a strong reciprocity-based argument for limiting Chinese access to the European solar market, given Beijing’s restrictions on non-Chinese equipment. “If the Chinese authorities think there’s a cybersecurity threat, maybe there’s something to it,” he quipped.