Cyber-connected EV charging system, which allows customers to use its service remotely, may pose cybersecurity risks for critical energy and transportation infrastructure. With a view to ensuring that EV charging system is prepared for addressing cyberattacks, the Bureau of Standards, Metrology and Inspection (BSMI) announced on June 29, 2023 that cybersecurity requirements are added to its VPC Program for EV charging system. The Program has been implemented for EV charging system since January 13, 2022, covering requirements for safety, electromagnetic compatibility and communication protocols.

The BSMI published the "Technical Specifications for Cybersecurity Testing of Electric Vehicle Charging System" on August 2, 2022 and it will be used as the certification standard for cybersecurity of EV charging system with cyber connectivity. The related mobile applications (apps) and backend management systems used in conjunction with the device are outside of the scope of this standard. The cybersecurity requirements address the essential cybersecurity protection capabilities of EV charging system, including: (1) physical security, (2) system security, (3) firmware updates, (4) communication security and (5) identity authentication and authorization mechanism security.

The new requirements became effective on June 29 and a one-year transitional period till July 1, 2024 is provided for VPC certified products to comply with the new requirements. Current VPC certificate holders are encouraged to have their products tested at BSMI designated testing laboratories against the new cybersecurity requirements and apply to the BSMI for re-issuing their VPC certificates before the end of transitional period to maintain the validity of their certificates.

The BSMI recommends business operators to have their EV charging systems certified on cybersecurity requirements as early as possible to protect consumer privacy and security and further strengthen the overall stability of power grid. When charging their EVs, consumers should avoid connecting to the EV charging equipment through mobile applications of unknown origin and refrain from sharing their account passwords with others to prevent potential cybersecurity breaches. Additionally, consumers should stop charging and notify the manufacturer immediately to solve the problems if any abnormality is found in the charging interface so as to prevent unauthorized manipulation of the EV charging system that could lead to the leakage of important information or accidents.

The BSMI encourages consumers to learn more about the function and performance of EV charging system before using them. The BSMI maintains a website on product safety (https://safety.bsmi.gov.tw/). Consumers are invited to visit the website or call the toll-free number 0800-007123 for more information.

Responsible Division: 3rd Division

Contact Person: Chen, Cheng-Chang, Deputy Director,

Tel. (O): +886-2343-1905

Email: chang.chen@bsmi.gov.tw