UK legislation requirements

The Electric Vehicles (Smart Charge Points) Regulations 2021 took effect on June 30, 2022, with additional security requirements starting December 30, 2022. This legislation applies to non-public electric vehicle charge points under 50kW sold in England, Wales, and Scotland.

Regulations 5 to 11 outline the smart charging functionality, while Regulation 12 focuses on how charge points must ensure the security of the smart charging functionality ("Schedule 1").

How to use UK Smart Charging features

If your charger supports UK Smart Charging, then you can find out how to set your preferred charging schedule in this article: Using the UK Smart Charging features.

Zaptec's statement of compliance

Zaptec Go (UK 7kW variant) with serial number ZGB000533 or higher and Zaptec Pro (MID variant) are fully compliant with Regulations 5 through 12, provided they are used with one of the following versions of the Zaptec app:

• Zaptec app for iOS version 5.7.2 or higher (released February 2023)
• Zaptec app for Android version 5.8.3 or higher (released February 2023)

All other Zaptec charge points are compliant with regulations 5 through  11, provided they have the following firmware version:

• Zaptec Go: firmware version 1.1.0.5 or higher (released 14th September 2022)
• Zaptec Pro: firmware version 4.5.0.6 or higher (released 24th October 2022)

Ensuring compliance during installation

To ensure compliance, it is necessary for installers to:

1. Select the United Kingdom in the Zaptec app when installing Zaptec products. 
2. Verify that the installed firmware version meets the compliance requirements, updating if necessary.
3. Zaptec app version 5.4.5 or higher (released September 2022) is required to select the United Kingdom in the Advanced settings of the charger. 

If you have installed a non-compliant charger since 30th June 2022 and could not upgrade to a compliant firmware version, please contact uksupport@zaptec.com. Our support team will assist with the firmware upgrade.

UK Smart Charging cyber security (Schedule 1)

The statements below apply to all models of Zaptec charger. The relevant Technical File for each model of Zaptec charger is also available on request by visiting https://zaptec.com/help.

The charge point is designed and configured to prevent harm to or disruption of the electricity system and charge point, and to provide appropriate protection of the personal data of the owner and any other end-user of the charge point. This is achieved though the adoption of the security measures described in this section:

• Passwords
  Access to the charge point configuration requires the use of a PIN. All charge points are shipped with a randomly generated PIN that is not derived from or based on any publicly available information. The PIN cannot be rest to a default that's shared with other charge points.
  
  
• Software updates
  The charge point incorporates software that can be securely updated. Software updates are provided via a secure over-the-air mechanism that uses cryptographic measures to verify the origin and integrity of the update. The charge point verifies the authenticity and integrity of each prospective software update by checking:
  • The origin of the update using the TLS certificate
  • The integrity of the update using a checksum
  • The update is only downloaded if the origin is verified using TLS certificates and only applied if the checksum test is successful. Additional measures to prevent the installation of non-verified software may be present, depending on the model of charger.
    
    
• Sensitive security parameters
  The software does not use hard-coded security credentials. The encryption and protection of sensitive security parameters depend on the charger model.
  
  
• Secure communication
  All communication via MQTT and HTTPS is encrypted using SSL.
  
  
• Data inputs
  All data inputs are subject to validation. The inputs are discarded if they do not meet the validation criteria.
  
  
• Ease of use
  The charge point is designed for simple configuration using the minimum number of inputs from the owner for set-up and operation. To request the removal of any personal data from Zaptec systems, visit https://zaptec.com/help and request for your account to be deleted
  
  
• Protection against attack
  The charge point outer cover is secured using either a Zaptec SmartKey or Torx screws, depending on the model of charger. The internal electronics are further protected by a non-removable internal cover. Depending on the model of charger, active tamper detection may also be present to notify the owner of any attempt to access the tamper protection boundary.
  
  
• Security log
  The charger records and transmits an electronic, timestamped record of the following security-related events to the Zaptec portal:
  • Charge authorisation (success/fail)
  • OTA firmware update (success/fail)
  • Certificate update (success/fail
  • Depending on the model of charger, additional security events may also be recorded.

• Provision of information
  Every Zaptec charger is designed to provide the highest possible level of security. The user manual supplied with the charger provides details of how it should be configured.
  If you have any concerns or problems regarding the security of your charger, please notify us by visiting https://zaptec.com/help.

The current statement of compliance for Zaptec Go and Zaptec Pro can be downloaded from the links below:

• evscp-regulations-2021-statement-of-compliance - Zaptec Pro.pdf
• evscp-regulations-2021-statement-of-compliance - Zaptec Go (UK 7kW).pdf

A summary of any relevant Enforcement Undertaking can be downloaded from the link below. Full details of Enforcement Undertakings are published by OPSS here: https://www.gov.uk/guidance/regulations-enforcement-undertakings-accepted-by-opss

Updated 10 December 2024 11:25