Data protection and
secure communication

KOSTAL attaches great importance to ensuring that all data generated by monitoring the inverters is stored exclusively in the European Union. The data is stored on servers based on the proven Azure technology. These servers are located in state-of-the-art data centres in the Netherlands and Germany, which comply with strict European data protection laws such as the General Data Protection Regulation (GDPR).

This geographical limitation ensures that data does not travel outside the EU, where less stringent data protection policies may apply. Customers can be confident that their data is secure and legally protected.

No storage of personal data on the devices

One feature of KOSTAL inverters is that no personal data is stored directly on the devices. This conscious decision significantly minimises the risk of data loss or misuse. Even in the unlikely event of physical access to an inverter, no personal information would be jeopardised.

The device merely serves as an interface to transmit relevant operating data to the central servers. There, this data is processed, analysed and made available to the customer in processed form via the solar monitoring portal.

Encrypted communication

Communication between the KOSTAL inverters and the servers is secured by modern encryption technologies. Every software update file provided by KOSTAL is both encrypted and digitally signed. These measures ensure that no unauthorised changes can be made to the files and that only authentic updates are installed on the devices.

Personalised access control

The devices are also equipped with personalised access control. Installers and authorised users receive individual access data to ensure that only authorised persons can make changes to the device parameters. This access data includes:

• An individual "service code" that is issued personalised to the installer.
• A unique "master key", which can only be found on the type plate of the respective inverter.

These multi-level security measures ensure that no unauthorised access is possible, even if an attempt is made to access the devices.

Fending off cyber attacks

KOSTAL's security systems go one step further: the inverter software contains integrated mechanisms that can detect and respond to potentially harmful behaviour. For example, if an unauthorised user attempts to access the web menu of an inverter, the login is automatically blocked after five unsuccessful attempts. This effectively protects the devices against brute force attacks.

Additional protection through EU standards

As a company based in the EU, KOSTAL adheres to strict data protection guidelines and security standards. This includes not only compliance with the GDPR, but also consideration of other relevant standards and guidelines, such as ETSI EN303645 and the Cyber Resilience Act (CRA). These standards promote the secure, transparent and trustworthy use of devices.

Trust as the basis for a networked future

At KOSTAL, data protection and secure communication are more than just legal requirements - they are a promise to our customers. KOSTAL fulfils its responsibility with state-of-the-art technology, sophisticated security mechanisms and a consistent focus on European data protection standards. This commitment reflects the company's role in providing innovative solutions and taking the protection of customer data into account.

With these measures, KOSTAL is strengthening its customers' trust in a secure and sustainable energy transition. After all, data security is the basis for a networked future.