India to ban foreign access to wind turbine data amid cybersecurity fears

The Ministry of New and Renewable Energy (MNRE) will soon prohibit the sharing of operational data from Indian wind energy installations with foreign countries. The decision follows recommendations from National Security Advisor (NSA) Ajit Doval and Niti Aayog, reported Moneycontrol. A formal notification is expected within three weeks.

The ban is part of a broader ‘cybersecurity clause’ in MNRE’s upcoming directive. Wind energy companies will be required to set up data and research centres within India within six months of the order. This applies equally to Indian and foreign firms operating in the country.

The draft cybersecurity rules, floated in April 2025, received pushback from several foreign manufacturers. However, MNRE is firm on implementing the data localisation mandate. “Relaxation in sourcing requirements for gearboxes and generators is still being evaluated, but there will be no compromise on cybersecurity,” one official said.

India currently hosts at least 14 wind turbine manufacturers with a combined installed capacity of 20 GW. Key domestic players include Suzlon Energy and the Adani group, while global firms such as Envision Energy (China), Sany Group (China), and companies from the US, Spain, Denmark, and Germany also operate in India.

The stricter rules stem from national security concerns. Wind turbines are considered more vulnerable to cyber threats than solar or thermal systems due to their reliance on remote monitoring and control. Their distributed configuration and use of intelligent controllers—specifically power plant controllers—make them potential gateways for cyberattacks.

A 2022 probe by NSA Doval and a subsequent Niti Aayog report flagged these risks. The report stated that attackers could access utility networks through wind turbines and compromise the power grid. It warned that many renewable energy assets are managed remotely by foreign-based owners, raising the risk of data breaches and national grid disruptions.

In May 2025, India blocked nearly 200,000 cyberattacks on its power sector during ‘Operation Sindoor’, according to Union Power Minister Manohar Lal Khattar.

Indian firms have largely supported the move. JP Chalasani, CEO of Suzlon Energy, said, “We wrote to the MNRE saying we fully comply with these conditions. With ongoing geopolitical tensions, cybersecurity is of the utmost importance.”

Some foreign firms have already begun adjusting their operations. Envision Energy, active in India since 2015, relocated its control and data centres from China to India in late 2024. “We took decisive action even before the draft notification. Our servers and data centres are now fully operational in India,” said RPV Prasad, CEO of Envision Energy India.