Are India’s EV chargers safe? How Chinese components could pose cyber risks

The renewed scrutiny comes as India prepares to spend ₹2,000 crore to install over 72,000 public EV charging stations under the PM E-Drive scheme by FY28. Industry executives and security experts warn that India’s reliance on Chinese-made components for EV chargers could leave vehicles and infrastructure vulnerable to cyber risks.

The concerns are compounded by a wider shift in China’s approach to the global EV supply chain. Since April, Beijing has imposed new export restrictions on lithium-ion batteries and rare earth magnets—two vital components for EVs—and tightened control over related technologies.

These developments have forced Indian manufacturers to identify other weak spots in their EV ecosystem, including the heavy reliance on imported electronic components for chargers.

“As EV chargers evolve into connected, intelligent systems, cybersecurity has become as critical as electrical safety," said Anshuman Divyanshu, CEO EVSE (EV supply equipment) business, Exicom. “A charger today is not just a power device; it is a digital interface that talks to the vehicle, the grid, and the user’s app. The integrity of its hardware, firmware, and data pathways is therefore central to both the security and the trust that underpin the EV charging network."

Exicom, which manufactures chargers at its Gurugram facility, is setting up a new manufacturing unit in Hyderabad that it plans to make operational by the end of 2025.

China dominates the global EV charger supply chain, accounting for nearly 80% of all EV charger exports and between 50% and 80% of key components such as connectors and power modules, according to trade data portal Volza. That dominance extends to India, where most EVSE makers rely on imported connectors and chips to meet current demand.

Given this heavy reliance, India has sought to boost domestic manufacturing through targeted policy interventions.

Policy push and localization

Under the PM E-Drive scheme, the government on 26 September notified detailed guidelines to expand India’s public EV charging infrastructure. The scheme will cover up to 80% of the cost of upstream infrastructure—such as power supply, cables, and transformers—for chargers installed in cities and along highways. It will also subsidize 70% of the cost of the EVSE itself. For chargers set up on government premises, the government will bear 100% of both upstream infrastructure and EVSE costs.

The PMP specifies 12 key components, including software systems, panels, and charging guns, aimed at fostering domestic manufacturing.

Yet, industry estimates suggest that localization of the charging ecosystem has not exceeded 50%, prompting companies to seek relaxation from the government earlier this year as their participation remains nascent.

Trade data from Volza shows that 80-85% of EV charger components in India are still imported from China, underscoring the scale of dependency.

While the PMP requires chargers to be tested and approved by certified agencies, the government has yet to issue specific cybersecurity guidelines for EV chargers, leaving potential gaps in oversight.

Growing risks

Vehicle security specialists warn the risk lies in how these components communicate with the vehicle’s internal network.

"There is significant cybersecurity risk associated with electric vehicle (EV) charging infrastructure, particularly concerning potential vulnerabilities introduced by foreign-made components," said Shantanu Das, chief architect, Sasken Technologies.

The concern about the "Vehicle-to-Grid (V2G)" or "Vehicle-to-Infrastructure (V2I)" communication capabilities are being exploited for malicious purposes, such as unauthorized diagnostics, ECU flashing, or other deep system interactions, highlights a major security challenge, said Das.

He added that risks can carry forward to other infrastructure involved in the EV ecosystem. “Also, these systems interact with power grids, networks, payment gateways, et cetera, and malicious forces can damage them and may cause long-term impact."

An ECU controls most of an EV’s core functions, from managing the powertrain and battery features to diagnostics. A single compromised ECU, experts warn, could disrupt charging or data flows, potentially even disabling a vehicle remotely.

“EVs have to connect with chargers which have Chinese components. Sometimes, Chinese electric vehicles cross our borders and use charging infrastructure facilities in India. Given there are complex software and hardware involved in the process, there is a data and information vulnerability," said Sharif Qamar, associate director at The Energy and Resources Institute (TERI), a non-profit think tank

Another senior executive at an EV charging infrastructure firm, speaking on condition of anonymity, said connections between the charger’s connector and the vehicle’s battery management system are particularly sensitive and EV makers have to decide how much information the battery management software can provide to the charging connector, the person said.

While India has not seen large-scale attacks yet, cybersecurity risks for EV chargers have been observed globally. In 2023, Electrify America saw some of its chargers hacked via weaknesses in the operating system, and Tesla’s wall chargers were compromised twice at the Pwn2Own Automotive 2025 contest in Tokyo, highlighting potential vulnerabilities in widely used EVSE systems.

Queries to EV makers Tata Motors, Mahindra & Mahindra, Hyundai Motor India, Kia Motor India, and JSW MG Motor India on 15 October seeking comment remained unanswered.

Several OEMs have raised concerns and are now pushing for greater localization of critical parts to avoid potential recall costs, said the senior executive from an EV charging infrastructure firm.

India EV ecosystem

India’s EV sector is expanding rapidly. Sales rose 17% in FY25 to 1.9 million units, according to the government’s Vahan registry. Market intelligence firm Mordor Intelligence estimates the domestic EV industry, currently valued at $137 billion, could grow to $203 billion by 2030, reflecting a compound annual growth rate of 8.2%.

The surge in adoption makes the question of charger security more urgent. Of the roughly 1.9 million vehicles sold in FY25, 4.8% (around 95,000) were electric cars, up from 2.6% (about 100,000 cars) a year earlier. India currently has about 29,200 public EV chargers as of August-end, according to data tabled in the Lok Sabha.

Yet for manufacturers, the path to localization remains slow. The PMP allows imports of certain charger components and spare parts up to a cut-off date to help build domestic capacity. But both software and hardware elements remain heavily dependent on overseas suppliers.

Using locally made components helps manufacturers not only qualify for government incentives but also win business from charge-point operators (CPOs), which increasingly demand secure, India-made systems.

“Our chargers run on Exicom’s own operating system, firmware, and controller architecture, all developed in India, giving us complete command over performance, protection, and updates. Every layer is rigorously tested, encrypted, and vetted to ensure that every connected node is safe by design. It is a rigor few manufacturers follow, but one we consider non-negotiable, and charge-point operators increasingly recognise it as a key differentiator in building a network people can truly trust," said Divyanshu of Exicom.

Manasvi Sharma, CEO, EVERTA, an EV charger manufacturer, says that the focus of EV charging players is on hardware and how to localize it effectively.

“The government is putting in place very robust mechanisms which check the quality of the hardware as well as test it for safety. Companies have to work and are already working on localizing the hardware to cut down the risk of cyber attacks. Importantly, the guidelines and safety mechanisms at companies should keep evolving as the technological threat will also increase," Sharma said.

With the government’s push to expand public charging infrastructure, India’s dependency on Chinese-made hardware poses a twin challenge—reducing costs while securing the backbone of its green mobility transition. The coming years, experts say, will test whether India can build a truly indigenous and cyber-secure EV ecosystem before the grid goes fully electric.