UK EV charging technology supplier Versinetic has launched a free EV Charger Cloud Security Assessment Tool, a self-assessment covering 24 checkpoints across four risk areas for charge point operators (CPOs), local authorities and manufacturers. The tool is designed to help organizations evaluate cybersecurity risks across cloud-connected charging infrastructure, extending scrutiny beyond charger hardware to the cloud platforms, customer data environments and operational systems that support it. The launch comes as local authorities continue to deploy charging infrastructure through programs such as the UK’s Local EV Infrastructure (LEVI) fund, placing greater emphasis on supplier due diligence and long-term operational resilience. Recent cybersecurity incidents affecting the sector have reinforced the importance of cloud security and highlighted the need for greater scrutiny around compliance and procurement due diligence as charging infrastructure becomes more widespread and interconnected.
Highlights
- Free self-assessment spans 24 checkpoints across four areas: Regulatory & Legal Compliance, Architecture, Operations, and Process & Governance
- Built for charge point operators, local authorities and manufacturers assessing cloud-connected charging infrastructure
- Targets common weak points, including inadequate separation of customer and operational data, poorly controlled remote access pathways, gaps in certificate management, and shortcomings in incident response preparedness
- Covers readiness for the shift to TLS 1.3 and future ISO 15118-20 ecosystems, alongside existing standards such as the UK’s Smart Charge Points Regulations 2021, ETSI EN 303 645, and OCPP 2.0.1 security profiles
What the Assessment Covers
The self-assessment is built around four categories: Regulatory & Legal Compliance, Architecture, Operations, and Process & Governance. It is designed to surface common weaknesses in cloud-connected charging environments — among them inadequate separation of customer and operational data, poorly controlled remote access pathways, gaps in certificate management processes, and shortcomings in incident response preparedness.
The tool also evaluates organizational readiness for evolving requirements, including the industry’s transition toward TLS 1.3 and future ISO 15118-20 ecosystems, both of which increase the emphasis on certificate management and authenticated communications.
Other EV charging suppliers have built comparable protections directly into their products. Zerova’s AW48 charger ships with chipset-based security and PEN-tested firmware, while ChargeLab’s OpenOCPP software stack builds in OCPP 2.0.1 Security Profile 2 by default — the same protocol generation Versinetic’s checklist uses as a baseline for API authentication.
Why Versinetic Built the Tool
Dunstan Power, Managing Director at Versinetic, said procurement teams have grown skilled at comparing charging hardware but have less visibility into the systems behind it: “Many procurement teams know how to compare charging hardware but have less visibility into the cloud platforms that manage customer data, operational systems and remote access. Procurement teams have become very good at comparing charging speeds, hardware specifications and commercial models. What is often less clear is how to assess the security of the cloud platforms sitting behind those networks.”
“Questions around data segregation, access controls, certificate management and incident response are becoming increasingly important, yet they don’t always form part of the procurement conversation,” Power said. “We developed this assessment to help organisations ask those questions earlier and more consistently.”
Regulatory Backdrop
The initiative reflects growing attention on cybersecurity standards and regulatory requirements, including the UK’s Smart Charge Points Regulations 2021, ETSI EN 303 645, OCPP 2.0.1 security profiles, and emerging TLS 1.3 requirements within future EV charging ecosystems.
Availability
The EV Charger Cloud Security Assessment Tool is available free of charge. Operators, manufacturers and local authorities can use it as part of supplier evaluations, procurement exercises and internal security reviews.
Sign up for our popular weekly email to catch all the latest EV news!







