Kempower reveals foundations of ChargEye security system

DC fast charging technology specialist Kempower has released details of the cybersecurity foundations of its ChargEye charging station management system.

This marks the first time Kempower has publicly shared insights into the security architecture of its software, reinforcing its commitment to transparency and digital resilience.

ChargEye was developed and designed entirely in Finland by Kempower’s in-house experts. The platform and its development process are certified under the internationally recognised ISO 27001 standard, ensuring robust information security management across the board.?Kempower was initially granted the ISO 27001 certification in 2024. It recently underwent an official audit of its information security management system to secure it for a second consecutive year.

“We believe cybersecurity is a shared responsibility, and that starts with openness,” said Mikko Veikkolainen, vice president innovations and research at Kempower.

“By sharing information of the cybersecurity of ChargEye, we wish to inspire the whole EV charging industry to pay attention to cybersecurity of EV charging technology. The safety of EV charging infrastructure becomes more and more critical, as the EV adoption evolves.”

ChargEye cybersecurity highlights include:

• ISO 27001 certification: Kempower’s software development lifecycle for ChargEye meets the highest global standards for information security.
• Secure data storage: Data within ChargEye is handled in accordance with the EU’s General Data Protection Regulation (GDPR).
• Developed in Finland: Kempower retains full control over ChargEye’s development, enabling rigorous security oversight and rapid innovation.

ChargEye was built following OWASP (Open Web Application Security Project) best practices to prevent common software vulnerabilities. It incorporates V2G PKI encryption to ensure secure communication between EVs and the grid, supporting the future of smart energy systems.

V2G PKI encryption refers to a cybersecurity framework used in Vehicle-to-Grid (V2G) systems, where electric vehicles can not only charge from the grid but also return electricity back to it.

The ChargEye platform is backed by 24/7 monitoring, an over 99% uptime commitment, and a clear incident response protocol.

Kempower actively tests its defences through initiatives like Hack Day, which the company recently held for the second time in collaboration with its expert partners. At the event more than 50 ethical hackers attempted to breach Kempower’s systems in a controlled environment helping to identify and strengthen potential weak points.

ChargEye undergoes regular third-party security audits, reinforcing Kempower’s commitment to transparency and continuous improvement.

A white paper Certified cybersecurity with ChargEye charging station management system is available for download here