Cybersecurity within our Organization
As solar energy emerges as a dominant source of power, installations are considered a significant part of the critical infrastructure in many countries. Grid participation, system maintenance and PV monitoring require heavy reliance on communications technology, and so protecting information integrity and reliability is of paramount importance.
SolarEdge’s comprehensive Cybersecurity Program is aimed at safeguarding its customers, itself, and to raise cybersecurity standards for the entire PV industry.
Our Cybersecurity Program led by the company CISO (Chief Information Security Officer) and Director of Product Cybersecurity, reporting to our CIO (Chief Information Office). The management team provides quarterly updates to the Technology Committee and annually to the full Board of Directors regarding cybersecurity activities, risks, mitigation efforts, material events (if occurred) and other developments that impact our digital security, in keeping with our high organizational focus on this issue.
To maintain the robustness of our cybersecurity program, we employ the following resources and practices.
Technical Expertise
Overall leadership by the company CISO
Dedicated secure development lifecycle (SDL) team
External partnership with an industry-leading Incidence Response Team (IRT)
External partnership with an industry-leading SOC (Security Operational center 24/7)
External partnership with an industry-leading penetration testing team
Supply Chain Controls
Vendor vetting process for critical suppliers including hardware component suppliers (HBOM)
End-to-end software development in EU and Israel, including for inverters and for SolarEdge ONE Controllers
Security analysis of 3rdparty code
External audit on cybersecurity of manufacturing sites.
Organizational Practices
Cyber awareness training for all new employees as part of their on-boarding program, is coupled with an annual cybersecurity online training course, mandatory for all global employees.
Third party certification to ISO 27001 Information Security Management Standard for company-wide IT infrastructure and digital assets. Our products are certified to ETSI 303-645, The Radio Equipment Directive (RED) 2014/52/EU and is compliant with the UK PSTI law.
Recurring penetration testing & mitigation work plan
Annual third-party vulnerability analysis
Annual cyber incident response training, and annual disaster recovery training for relevant company critical systems and personnel (including an executive tabletop DR exercise).
Secure coding training
Continuous security events monitoring in our security operations center
Incident response policies and procedures
Vulnerability Disclosure Program for external researchers (Bug Bounty)
Ad-hoc updates sent to all employees on cybersecurity risks and threats
Protection of main online platforms against Denial-of-Service attacks (that prevent legitimate use of our services)
Information Security Due Diligence
We undertake information security assessments for critical new suppliers in an effort to ensure compliance with our requirements. These assessments cover several topics, including but not limited to- regulatory and standard compliance, information access protocols and controls, information protection, network security, physical protection, Endpoint security, and event management and reporting. In cases of non-compliance, we formulate a corrective action plan with suppliers. We plan to expand this practice and include all major suppliers in the future.
SolarEdge has not experienced any material information security breaches in the past three years. The company has not been subject to any information security breach penalties or settlement payments in the same three-year period. SolarEdge has not experienced a third-party material security breach within the last year that impacted our business.
SolarEdge is an active participant in various technical committees devising international regulatory cyber standards. For further information see section ‘Powering the World through Positive Policy’. We design our solutions in line with such future regulations.
Cybersecurity for our Customers
SolarEdge is committed to continuous cybersecurity improvement. We actively monitor cybersecurity trends, adopt industry best practices, and collaborate with security researchers to enhance our defenses.
To safeguard system connectivity, functionality, and customer data, SolarEdge follows the Cyber Informed Engineering (CIE) principle, embedding information security mechanisms into its products from initial design stages. We apply proactive security measures, perform continuous monitoring, and practice rapid incidence response if an incidence should occur.
Our Product Cybersecurity methodology is based on four pillars:
Unique device passwords per inverter
Restrictions on remote access, allowing pre-authorized users only
Detection and prevention of run-time anomalies by an embedded security agent
Built-in security features such as casual Wi-Fi scanning protections
Static code analysis procedures
3rd party penetration testing of the device
All SolarEdge inverters receive over-the-air security updates upon request, ensuring customers have secure access to signed software and firmware updates
Device Security
The underlying cornerstone of cybersecurity is the product itself. To ensure device security, SolarEdge embeds features such as:
SolarEdge’s security methodology empowers Commercial & Industrial customers’ IT and security teams to monitor their energy assets in real-time. To secure these systems -
Visibility & Control
A recent report by VDE renewables[1] found SolarEdge's robust cybersecurity mechanisms as essential to mitigating risks associated with cyber threats.
All communications between the gateway and the SolarEdge server are encrypted (excluding legacy systems which are still operational[2]).
Our devices contain enhanced opt-in security features, designed to block any remote action on the inverter, unless temporary access is granted by authorized personnel physically present at the device.
SolarEdge devices also collect robust security logs on, system crashes and general system performance.
Data analyzed at SolarEdge’s SOC (Security Operations Center) can be made available to customer IT teams, in accordance with the company's privacy policy.
A critical point for protection in commercial installations is the connection between the customer’s PV system and the company’s IT network. To secure this connection, SolarEdge implements several measures:
Visibility & Control
Network Security
The Wi-Fi LAN communication of our inverters and gateway products is implemented with security-related best practices for strong authentication and encryption algorithms.
We publish clear guidelines to facilitate the configuration of firewall policies using whitelists that will enable communication between on-site inverters and SolarEdge function-specific FQDNs (Fully Qualified Domain Names). The whitelists also enable device support operations in a secure manner.
Connected SolarEdge inverters do not store sensitive customer information and can be fully wiped of all configuration data in a factory reset
Customer system data is stored on-premises at dedicated SolarEdge operated data center
We implement a comprehensive backup cycle to protect our customers’ data and store it with multiple redundancies
Best practice encryption is undertaken in all transit situations and in the cases of critical assets - at rest status as well. Multi-factor authentication is in place for sensitive sever access.
Data Security
To maintain security of our customers data, we ensure the following:
Data Privacy
By adhering to these principles and implementing all the above-described practices, SolarEdge reaffirms its commitment to privacy compliance and its dedication to protecting the privacy rights of all stakeholders. We believe that integrating privacy considerations into our business frameworks strengthens our accountability, transparency, and trustworthiness as a responsible corporate actor.
Transparency: We are transparent about the types of personal data we collect, how we use it, and with whom we share it. We provide clear and easily accessible information about our data processing activities through our privacy policy and communications channels. For further information see our Privacy Policy.
Lawfulness, Fairness, and Purpose Limitation: We collect and process personal data in accordance with all relevant applicable laws and regulations worldwide. We ensure that personal data is obtained and used fairly, and only for specified and legitimate purposes. We do not use personal data for purposes incompatible with the initial one without obtaining appropriate consent or other legal basis.
Data Minimization and Accuracy: We collect and retain only the personal data necessary for the activities we execute on a lawful basis, and we take steps to ensure its accuracy and relevance. We regularly review and update our data collection processes to minimize the amount of personal data collected and to ensure its quality and accuracy.
Security and Confidentiality: We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. We restrict access to personal data to authorized personnel who have a legitimate need to know and who are bound by confidentiality obligations.
Data Subject Rights: We respect the rights of individuals regarding their personal data, including the rights to access, rectify, erase, restrict processing, and portability, as well as the right to object to processing. We have established procedures for responding to data subject requests and inquiries in a timely and effective manner.
Accountability and Governance: We have a designated Data Protection Officer in our organization who is responsible for overseeing our activities on personal data and ensuring compliance with all applicable privacy laws and regulations. We conduct periodic assessments and audits of our privacy practices to identify and address any compliance gaps or risks.
At SolarEdge, we are committed to upholding the highest standards of privacy compliance in all aspects of our operations. We recognize the importance of protecting the personal data and privacy rights of our stakeholders, including employees, customers, suppliers, and investors, and we are dedicated to ensuring that our activities align with all applicable privacy laws and regulations. SolarEdge is fully compliant with the requirements of the GDPR.
Our commitment to privacy compliance encompasses the following principles:
Data Privacy
By adhering to these principles and implementing all the above-described practices, SolarEdge reaffirms its commitment to privacy compliance and its dedication to protecting the privacy rights of all stakeholders. We believe that integrating privacy considerations into our business frameworks strengthens our accountability, transparency, and trustworthiness as a responsible corporate actor.
Transparency: We are transparent about the types of personal data we collect, how we use it, and with whom we share it. We provide clear and easily accessible information about our data processing activities through our privacy policy and communications channels. For further information see our Privacy Policy.
Lawfulness, Fairness, and Purpose Limitation: We collect and process personal data in accordance with all relevant applicable laws and regulations worldwide. We ensure that personal data is obtained and used fairly, and only for specified and legitimate purposes. We do not use personal data for purposes incompatible with the initial one without obtaining appropriate consent or other legal basis.
Data Minimization and Accuracy: We collect and retain only the personal data necessary for the activities we execute on a lawful basis, and we take steps to ensure its accuracy and relevance. We regularly review and update our data collection processes to minimize the amount of personal data collected and to ensure its quality and accuracy.
Security and Confidentiality: We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. We restrict access to personal data to authorized personnel who have a legitimate need to know and who are bound by confidentiality obligations.
Data Subject Rights: We respect the rights of individuals regarding their personal data, including the rights to access, rectify, erase, restrict processing, and portability, as well as the right to object to processing. We have established procedures for responding to data subject requests and inquiries in a timely and effective manner.
Accountability and Governance: We have a designated Data Protection Officer in our organization who is responsible for overseeing our activities on personal data and ensuring compliance with all applicable privacy laws and regulations. We conduct periodic assessments and audits of our privacy practices to identify and address any compliance gaps or risks.
At SolarEdge, we are committed to upholding the highest standards of privacy compliance in all aspects of our operations. We recognize the importance of protecting the personal data and privacy rights of our stakeholders, including employees, customers, suppliers, and investors, and we are dedicated to ensuring that our activities align with all applicable privacy laws and regulations. SolarEdge is fully compliant with the requirements of the GDPR.
Our commitment to privacy compliance encompasses the following principles:
Sustainability Report 2024 /
Cybersecurity
and Data Privacy
Data Privacy
Cybersecurity within our Organization
Join the SolarEdge Conversation
Contact our sustainability / ESG team
Contact us
How can we help you?
Join the SolarEdge Conversation
Contact our sustainability / ESG team
Contact us
How can we help you?
Information Security Due Diligence
We undertake information security assessments for critical new suppliers in an effort to ensure compliance with our requirements. These assessments cover several topics, including but not limited to- regulatory and standard compliance, information access protocols and controls, information protection, network security, physical protection, Endpoint security, and event management and reporting. In cases of non-compliance, we formulate a corrective action plan with suppliers. We plan to expand this practice and include all major suppliers in the future.
SolarEdge has not experienced any material information security breaches in the past three years. The company has not been subject to any information security breach penalties or settlement payments in the same three-year period. SolarEdge has not experienced a third-party material security breach within the last year that impacted our business.
SolarEdge is an active participant in various technical committees devising international regulatory cyber standards. For further information see section ‘Powering the World through Positive Policy’. We design our solutions in line with such future regulations.
Supply Chain Controls
Vendor vetting process for critical suppliers including hardware component suppliers (HBOM)
End-to-end software development in EU and Israel, including for inverters and for SolarEdge ONE Controllers
Security analysis of 3rdparty code
External audit on cybersecurity of manufacturing sites.
Organizational Practices
Cyber awareness training for all new employees as part of their on-boarding program, is coupled with an annual cybersecurity online training course, mandatory for all global employees.
Third party certification to ISO 27001 Information Security Management Standard for company-wide IT infrastructure and digital assets. Our products are certified to ETSI 303-645, The Radio Equipment Directive (RED) 2014/52/EU and is compliant with the UK PSTI law.
Recurring penetration testing & mitigation work plan
Annual third-party vulnerability analysis
Annual cyber incident response training, and annual disaster recovery training for relevant company critical systems and personnel (including an executive tabletop DR exercise).
Secure coding training
Continuous security events monitoring in our security operations center
Incident response policies and procedures
Vulnerability Disclosure Program for external researchers (Bug Bounty)
Ad-hoc updates sent to all employees on cybersecurity risks and threats
Protection of main online platforms against Denial-of-Service attacks (that prevent legitimate use of our services)
Cybersecurity within our Organization
Technical Expertise
Overall leadership by the company CISO
Dedicated secure development lifecycle (SDL) team
External partnership with an industry-leading Incidence Response Team (IRT)
External partnership with an industry-leading SOC (Security Operational center 24/7)
External partnership with an industry-leading penetration testing team
To maintain the robustness of our cybersecurity program, we employ the following resources and practices.
[1]
[2]
‘SolarEdge Report’, VDE Renewables (a subsidiary of the VDE Group), April 2025, p.8,https://www.vde.com/resource/blob/2386102/dd880651470c61e0e5ecb25a7f256402/solaredge-report-2025-data.pdf.
The excluded legacy systems were sold before 2019, and constitute less than 5% of our installed base
By adhering to these principles and implementing all the above-described practices, SolarEdge reaffirms its commitment to privacy compliance and its dedication to protecting the privacy rights of all stakeholders. We believe that integrating privacy considerations into our business frameworks strengthens our accountability, transparency, and trustworthiness as a responsible corporate actor.
Transparency: We are transparent about the types of personal data we collect, how we use it, and with whom we share it. We provide clear and easily accessible information about our data processing activities through our privacy policy and communications channels. For further information see our Privacy Policy.
Lawfulness, Fairness, and Purpose Limitation: We collect and process personal data in accordance with all relevant applicable laws and regulations worldwide. We ensure that personal data is obtained and used fairly, and only for specified and legitimate purposes. We do not use personal data for purposes incompatible with the initial one without obtaining appropriate consent or other legal basis.
Data Minimization and Accuracy: We collect and retain only the personal data necessary for the activities we execute on a lawful basis, and we take steps to ensure its accuracy and relevance. We regularly review and update our data collection processes to minimize the amount of personal data collected and to ensure its quality and accuracy.
Security and Confidentiality: We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. We restrict access to personal data to authorized personnel who have a legitimate need to know and who are bound by confidentiality obligations.
Data Subject Rights: We respect the rights of individuals regarding their personal data, including the rights to access, rectify, erase, restrict processing, and portability, as well as the right to object to processing. We have established procedures for responding to data subject requests and inquiries in a timely and effective manner.
Accountability and Governance: We have a designated Data Protection Officer in our organization who is responsible for overseeing our activities on personal data and ensuring compliance with all applicable privacy laws and regulations. We conduct periodic assessments and audits of our privacy practices to identify and address any compliance gaps or risks.
Data Privacy
At SolarEdge, we are committed to upholding the highest standards of privacy compliance in all aspects of our operations. We recognize the importance of protecting the personal data and privacy rights of our stakeholders, including employees, customers, suppliers, and investors, and we are dedicated to ensuring that our activities align with all applicable privacy laws and regulations. SolarEdge is fully compliant with the requirements of the GDPR.
Our commitment to privacy compliance encompasses the following principles:
SolarEdge’s security methodology empowers Commercial & Industrial customers’ IT and security teams to monitor their energy assets in real-time. To secure these systems -
Visibility & Control
All communications between the gateway and the SolarEdge server are encrypted (excluding legacy systems which are still operational[2]).
Our devices contain enhanced opt-in security features, designed to block any remote action on the inverter, unless temporary access is granted by authorized personnel physically present at the device.
SolarEdge devices also collect robust security logs on, system crashes and general system performance.
Data analyzed at SolarEdge’s SOC (Security Operations Center) can be made available to customer IT teams, in accordance with the company's privacy policy.
SolarEdge is committed to continuous cybersecurity improvement. We actively monitor cybersecurity trends, adopt industry best practices, and collaborate with security researchers to enhance our defenses.
To safeguard system connectivity, functionality, and customer data, SolarEdge follows the Cyber Informed Engineering (CIE) principle, embedding information security mechanisms into its products from initial design stages. We apply proactive security measures, perform continuous monitoring, and practice rapid incidence response if an incidence should occur.
Our Product Cybersecurity methodology is based on four pillars:
Unique device passwords per inverter
Restrictions on remote access, allowing pre-authorized users only
Detection and prevention of run-time anomalies by an embedded security agent
Built-in security features such as casual Wi-Fi scanning protections
Static code analysis procedures
3rd party penetration testing of the device
All SolarEdge inverters receive over-the-air security updates upon request, ensuring customers have secure access to signed software and firmware updates
Device Security
The underlying cornerstone of cybersecurity is the product itself. To ensure device security, SolarEdge embeds features such as:
A critical point for protection in commercial installations is the connection between the customer’s PV system and the company’s IT network. To secure this connection, SolarEdge implements several measures:
Network Security
The Wi-Fi LAN communication of our inverters and gateway products is implemented with security-related best practices for strong authentication and encryption algorithms.
We publish clear guidelines to facilitate the configuration of firewall policies using whitelists that will enable communication between on-site inverters and SolarEdge function-specific FQDNs (Fully Qualified Domain Names). The whitelists also enable device support operations in a secure manner.
Connected SolarEdge inverters do not store sensitive customer information and can be fully wiped of all configuration data in a factory reset
Customer system data is stored on-premises at dedicated SolarEdge operated data center
We implement a comprehensive backup cycle to protect our customers’ data and store it with multiple redundancies
Best practice encryption is undertaken in all transit situations and in the cases of critical assets - at rest status as well. Multi-factor authentication is in place for sensitive sever access.
Data Security
To maintain security of our customers data, we ensure the following:
Cybersecurity for our Customers
As solar energy emerges as a dominant source of power, installations are considered a significant part of the critical infrastructure in many countries. Grid participation, system maintenance and PV monitoring require heavy reliance on communications technology, and so protecting information integrity and reliability is of paramount importance.
SolarEdge’s comprehensive Cybersecurity Program is aimed at safeguarding its customers, itself, and to raise cybersecurity standards for the entire PV industry.
Our Cybersecurity Program led by the company CISO (Chief Information Security Officer) and Director of Product Cybersecurity, reporting to our CIO (Chief Information Office). The management team provides quarterly updates to the Technology Committee and annually to the full Board of Directors regarding cybersecurity activities, risks, mitigation efforts, material events (if occurred) and other developments that impact our digital security, in keeping with our high organizational focus on this issue.
A recent report by VDE renewables[1] found SolarEdge's robust cybersecurity mechanisms as essential to mitigating risks associated with cyber threats.
Cybersecurity
and Data Privacy
Sustainability Report 2024 /