Kempower has released technical details on the cybersecurity architecture of its electric vehicle (EV) charging station management system, ChargEye. This is the first time the company has publicly outlined elements of the system’s security design and governance framework.
ChargEye is developed in Finland by Kempower’s internal software teams and is managed under an information security framework certified to ISO 27001. The certification applies to the platform’s development processes and information security management practices.
Kempower first received ISO 27001 certification in 2024 and recently completed a follow-up audit to maintain certification for a second year. The certification covers areas including cybersecurity controls, data protection, risk management, and internal security procedures.
The company states that the disclosure is intended to support broader awareness of cybersecurity considerations within EV charging infrastructure, as charging networks become more interconnected and operationally critical.
It’s also relevant to North American EV charging deployments, where networked charging infrastructure and remote management software are increasingly standard.
Highlights include:
- ISO 27001 certification: ChargEye’s software development lifecycle is managed under an ISO 27001-certified information security management system.
- Secure data handling: Data processed by ChargEye is managed in accordance with the EU General Data Protection Regulation.
- Developed in Finland: Kempower maintains direct control over software development and security oversight for the platform.
ChargEye follows OWASP best practices to mitigate common software vulnerabilities and incorporates vehicle-to-grid public key infrastructure encryption to support secure communication between electric vehicles and grid-connected systems.
V2G PKI encryption is used to authenticate and protect data exchanges in applications where vehicles may both draw power from and supply power back to the grid.
The platform includes continuous system monitoring, defined uptime targets, and an incident response process. Kempower also conducts internal security testing, including structured penetration testing exercises. The company recently held a controlled testing event involving external security specialists to identify potential vulnerabilities.
ChargEye is subject to recurring third-party security audits as part of Kempower’s ongoing cybersecurity governance process.
A technical white paper titled Certified cybersecurity with ChargEye charging station management system is available here.
Filed Under: Charging, Technology News