EV Charge Point Regulations

As part of the new 2023 regulations for EV charge points we are required to inform you about certain specifications which have been mandated as part of the OZEV regulations and how Hydra EVC products comply with them. Please see the below legislation requirements and our solutions:

Passwords

Requirement	Solution adopted by HYDRA EVC to meet the requirement
A relevant charge point must be configured so that where passwords are used on it. • The password is unique to that relevant charge point and not derived from, or based on, publicly-available information, or is set by the owner; and • The password cannot be reset to a default password applying to both that relevant charge point and other charge points.	The Hydra Zodiac has no physical interface on the unit, so no password is required

Software

Requirement	Solution adopted by HYDRA EVC to meet the requirement
A relevant charge point must incorporate software which is able to be securely updated. Securely updated means updated using adequate cryptographic measures to protect against a cyber-attack.	When downloading any software this needs to be completed via our app which in turn communicates with our platform, the platform is on a HTTPS which is a secure way to transfer data online
A relevant charge point must be configured so that: • When it is first set up by the owner, and periodically thereafter, whether there are security updates available for it • It verifies the authenticity and integrity of each prospective software update by reference to both the data’s origin and its contents and only applies the update if the authenticity and integrity of the software have been validated • By default, it provides notifications to the owner about prospective software updates • If an unauthorised change to the software is detected, it notifies the owner and does not connect to a communications network other than for the purposes of this notification	Our app has added a firmware which notifies the customer via a push notification if there’s an update available. The firmware is digitally signed and verified when downloading the firmware. Software updates are easily accessible via the relevant app store (Apple Store or Google Play Store). If an unauthorised firmware update is reported through the security log, the connection used for unauthorised firmware updates will be disconnected and the user is advised.

Requirement

Solution adopted by HYDRA EVC to meet the requirement

A relevant charge point must incorporate software which is able to be securely updated. Securely updated means updated using adequate cryptographic measures to protect against a cyber-attack.

When downloading any software this needs to be completed via our app which in turn communicates with our platform, the platform is on a HTTPS which is a secure way to transfer data online

A relevant charge point must be configured so that:
• When it is first set up by the owner, and periodically thereafter, whether there are security updates available for it
• It verifies the authenticity and integrity of each prospective software update by reference to both the data’s origin and its contents and only applies the update if the authenticity and integrity of the software have been validated
• By default, it provides notifications to the owner about prospective software updates
• If an unauthorised change to the software is detected, it notifies the owner and does not connect to a communications network other than for the purposes of this notification

Our app has added a firmware which notifies the customer via a push notification if there’s an update available.
The firmware is digitally signed and verified when downloading the firmware.
Software updates are easily accessible via the relevant app store (Apple Store or Google Play Store).
If an unauthorised firmware update is reported through the security log, the connection used for unauthorised firmware updates will be disconnected and the user is advised.

Secure Communication

Requirement	Solution adopted by HYDRA EVC to meet the requirement
The charge point must be configured so that communications sent from it are encrypted.	The communication between pile and platform is encrypted through TLS (wss)

If you have any concerns or problems identified regarding the security of your charge point including the vulnerability to cyber-attack please contact us – support@hydraev.co.uk

Please see scan the QR code provided in your Zodiac’s information leaflet for guidance on how to setup the unit with the app.

You can delete any personal data at any point by going into the settings on the app and deleting your account (please note that any data relating to your account will be lost).