Welcome to the third and final chapter of Behind the plug. In Part 1, we mapped out the players behind every charging session, from the EV, charger and charge point operator to the mobility service provider (MSP), roaming hub and payment service provider. In Part 2, we unpacked how the EV and the charger speak to each other, laying the foundation for safe and smart delivery of every kilowatt before the energy starts to flow.

But that conversation doesn’t end at the charger.

Today, we’re following the data as it travels deeper into the charging ecosystem. We’ll look at the kind of conversation that unfolds between charger and the cloud-based Charge Point Management System (CPMS), and how the CPMS orchestrates everything from authentication and billing via MSPs and roaming partners to responding to grid signals from the DSO to make sure the EV drivers’ mobility needs are balanced with the needs to operate a stable electricity grid. We’ll also shed light on the role of PKI operators (and what a PKI is) who ensure the entire communication chain remains secure and trustworthy.

This is where the industry’s complexity truly reveals itself: a multi-party digital network working behind the scenes so that, for drivers, charging remains as simple as “plug in and walk away.”

Let’s dive in and complete the picture, one protocol at a time.

Charging Station Management

A charging station needs to speak several languages flawlessly in order to deliver a pleasant charging experience.

On one side, we have the analogue or digital communication with the electric vehicle, which we explored in the previous article, Behind the plug: What really happens when your EV talks to the charger.

Each of these digital communication protocols spans hundreds of pages of technical requirements that both parties – the EV and the charger – must implement and interpret in exactly the same way for data to flow flawlessly. (And yes, no standard is ever perfect, there’s always room for interpretation.)

A decade of interoperability testing events – since 2019 orgainsed by CharIN under the name CharIN Testivals, focusing on CCS communication – proves just how challenging it is to get everything working flawlessly.

On the other side, the charger maintains a constant connection with a cloud-based Charge Point Management System (CPMS). This allows the system to monitor, control, and update the charger remotely – a crucial capability when it’s part of a wider network operated by what the industry calls a Charge Point Operator (CPO).

Over the past 15 years, the number of “languages” – or communication protocols – used for this charger-to-CPMS conversation has distilled from a mix of vendor-specific, proprietary solutions into a single de-facto global standard: the Open Charge Point Protocol (OCPP).

OCPP – The backbone between charger and cloud

Originally developed by the Dutch foundation ElaadNL, OCPP was created to ensure chargers and backends (a CPMS is often referred to as a ‘CPO backend’ or ‘backend’) from different vendors could communicate using an open, vendor-neutral protocol. It’s now maintained and governed by the Open Charge Alliance (OCA).

OCPP allows a Charge Point Operator (CPO) to:

• Monitor station health, availability, and transaction data

• Authenticate (who is it) and authorise (is he/she allowed to charge) the driver

• Start or stop sessions and unlock connectors remotely

• Push firmware updates and configuration changes

• Reserve connectors for drivers

• Change the availability status of a charger or connector

• Exchange dynamic pricing information

• Influence charging behaviour to optimise costs and/or help balance the grid (think: smart charging profiles)

The Evolution of OCPP

• OCPP 1.6 was published in 2015 and remains the most widely deployed version today. Its implementation has matured over time and it’s supported by basically all existing networks.

• OCPP 2.0.1, published in 2020, represents a major leap forward. It adds richer monitoring and control of all charger components (called the ‘device model’), enhanced event handling, a robust security framework, and native integration with ISO 15118 / Plug & Charge. It’s the version most networks are now transitioning toward, and I’ll unpack more about the benefits of OCPP 2.0.1 in a future post.
  
  If you have some time and want to dig deeper into the changes and benefits, then check out this OCPP 2.0.1 video tutorial published by the OCA.
  
  OCPP 1.6 follows a different application logic and isn’t compatible with OCPP 2.0.1, which has slowed down industry adoption. Unfortunately, many charger manufacturers seem to treat software development like a dentist appointment: they delay it until the pain is too big to ignore. Instead of embracing OCPP 2.0.1, a familiar pattern emerged: patching OCPP 1.6 with extensions that pretend to behave like it. Spoiler: that’s not how you build interoperable, future-proof solutions.

  Or, to borrow a perfectly fitting meme from the Electric Avenue newsletter:

  

  However, I’m now seeing clear signals that the pace is slowly picking up. In my view, one of the biggest advantages of OCPP 2.0.1 for CPOs is its new device model and native support for ISO 15118. I’ll likely dedicate one or more upcoming articles to exploring these benefits, it’s simply too important to overlook.

• OCPP 2.1, released in 2025, builds on 2.0.1 and introduces support for bidirectional power flow, making it the first OCPP version capable of managing Vehicle-to-Grid (V2G) and Vehicle-to-Home (V2H) use cases. It also brings improvements in smart-charging orchestration, enhanced extensibility for energy services, and tighter alignment with the new ISO 15118-20 features.

OCPP 2.1 extends OCPP 2.0.1 with additional functionality, so it’s 100% backwards-compatible. Care has been taken to make sure that all application logic developed for OCPP 2.0.1 will continue to work in OCPP 2.1.

In October 2024, OCPP 2.0.1 Edition 3 was officially adopted by the International Electrotechnical Commission (IEC) as IEC 63584, giving OCPP finally a full international standard status.

A word on EV charging software stacks

A charging station these days has to speak an impressive number of “languages” – from various versions of ISO 15118 to DIN SPEC 70121, and sometimes even CHAdeMO or NACS (North American Charging Standard)1, depending on the region, to OCPP 1.6 and newer. These protocols are complex enough to implement, but the real challenge begins afterward: interoperability testing. Every car manufacturer may have interpreted a technical requirement just a little differently, and ironing out those differences takes far more effort than writing the initial implementation. In fact, most of the work lies in testing, not in coding the standard itself.

And standards never stand still. Revisions, new editions, and feature-packed versions continue to emerge – each one nudging the industry forward but adding to the engineering load.

So it’s fair to ask: how much effort should a charger manufacturer really invest in reinventing the wheel, especially if software development isn’t part of their DNA? Today, there are mature, ready-to-use implementations that are battle-tested, certified, and have survived countless interoperability events. From open-source projects like Pionix’s EVerest to closed-source platforms such as EcoG OS (which, for those who remember, incorporates Switch’s former Josev stack).

EV drivers, and CPOs, will be thankful for a wider adoption of these battle-tested and certified solutions, as the impact will be a much more seamless charging experience.

Roaming – Charging everywhere with one contract

In the early days of e-mobility, the industry experimented with several roaming protocols, each trying to make EV charging networks talk to each other.

There was eMIP (promoted by Gireve) and the Open Clearing House Protocol (OCHP) used by e-clearing.net, and until early September 2025, Hubject had only supported its own Open InterCharge Protocol (OICP). Each worked well within its own ecosystem, but none achieved true universal coverage.

Over time, the industry converged on a single, open protocol that everyone could adopt: OCPI – the Open Charge Point Interface.

Maintained by the EVRoaming Foundation, OCPI has become the de facto global standard for roaming interoperability, enabling a consistent way for Charge Point Operators (CPOs) and Mobility Service Providers (MSPs) to exchange data, authorise sessions, and settle payments directly, without relying on a central clearing house.

Apparently, there’s an unwritten rule in the EV charging world: if your protocol name doesn’t contain O, C, and P, it’s not real.

OCPP, OCPI, OICP, OCHP, OCSP, OPNC… somewhere, there’s a secret committee ensuring we stay alphabetically confused. To clear up that confusion, check out my Acronym Survival Guide. Your go-to cheat sheet for all acronyms in the EV charging world.

Why roaming exists

In many regions, especially in Europe, the EV charging market is deregulated.
That means the CPO (who operates the chargers) and the MSP (who sells access to charging stations for drivers via electricity contracts) must be separate legal entities.

As an EV driver, you sign up with an MSP of your choice, much like choosing an electricity supplier for your home. The MSP gives you an electricity contract for your EV, together with an app or RFID card with which you can access hundreds of thousands of chargers through roaming agreements with CPOs.

The concept is similar to the mobile phone world: you can make calls abroad because your provider has roaming contracts with others.

What’s actually exchanged

Roaming protocols handle a wide range of data:

• Authentication tokens (to identify the driver or vehicle)

• Static data (charger location, type, power rating, amenities, accessibility)

• Dynamic data (real-time availability and pricing)

• Charge Detail Records (CDRs) for billing and reconciliation

This ensures a driver can find the right charge point along their way, possibly even reserve a charge point, plug in upon arrival, start charging, and get billed accurately – whether you’re charging in your home country or abroad.

Centralised vs peer-to-peer roaming

There are two main models for roaming:

1. Centralised platforms (clearing houses):
   Roaming platforms like Hubject or e-clearing.net act as intermediaries, brokering connections between many CPOs and MSPs.

   This saves everyone from negotiating endless bilateral contracts, which dramatically speeds up time-to-market and has proven especially useful in markets like Germany, where Hubject has deep roots among municipal utilities2. Enterprise SLAs and Hubject’s financial settlement offer may also be an incentive to join their hub, given their global footprint of 1,000,000+ connected charging stations.
   

   As a CPO, you have the option to set up offer-to-all pricing arrangements that apply to all MSPs on the roaming platform. You can also establish bilateral agreements with select MSPs, where those specific terms override the general offer-to-all pricing.

2. Peer-to-peer connections:
   OCPI takes a more decentralised approach, allowing CPOs and MSPs to connect directly. This streamlines communication for specific features they may want to enable, and provides more control over their data and commercial agreements. MSPs also save the transaction handling fees that come with a roaming hubs.

So which roaming protocol should you implement?

If you’re a CPO or MSP, the practical answer so far been depending on your target market. Most major players today implement OCPI for peer-to-peer interoperability, but many also keep OICP to access Hubject’s network of partners.

However, in September 2025, Hubject finally announced their support of OCPI. Their dual-stack approach allows their customers to leverage both OCPI and OICP protocols and protocol versions. Hubject’s long-term goal is to help foster one global roaming standard – OCPI – while helping companies transition away from OICP in their own speed.

Roaming may sound like a niche technical detail, but it’s one of the biggest enablers of driver convenience and network growth. Without it, EV charging would still be a patchwork of closed networks.

Like the early days of mobile phones, when you couldn’t call outside your carrier’s network. Thankfully, just as telecom roaming made global communication effortless, EV roaming is doing the same for electric mobility.

Grid operator link – DSOs and the protocols that keep the power balance

The Distribution System Operator (DSO) – sometimes just called the utility or grid operator – plays the unsung role of maintaining the “traffic lights” for electricity. They watch the load on the low-voltage grid (to which most chargers connect), and ensure that power generation equals consumption, so the frequency stays within safe bounds (50 Hz in Europe, 60 Hz in the U.S.).

Picture the grid as a see-saw that must stay perfectly level: every car plugged in, every charging station active, adds weight. But leveraged smartly, EV’s can act as essential mobile batteries that reduce the stress on the grid or even power the grid when needed (think: smart charging and Vehicle-to-Grid – or V2G – technology). The rules that govern this balance are called grid codes, which is an exciting topic of its own and one I’ll make sure to cover as well.

Since the CPMS (the CPO’s backend) is managing large clusters of chargers, there must be a communication link between the CPMS and the DSO to exchange forecasts, capacity constraints, and control instructions. After all, charging needs to fit into the grid without triggering a blackout.

In practice, three main protocol families are currently being used for this DSO ←→ charger/aggregator link, depending on the region:

• OpenADR (Open Automated Demand Response)

• IEEE 2030.5 (formerly known as Smart Energy Profile 2.0)

• IEC 61850‑90‑8 (a data exchange profile of IEC 61850 tailored for EV charging/grid-interaction)

OpenADR

OpenADR is the go-to standard for communicating demand response events. Think: “Please reduce your power draw now” or “You may resume”. Especially in the U.S. and increasingly in Europe (e.g., Dutch DSOs implementing Grid-Aware Charging), OpenADR enables DSOs to send signals to CPOs or aggregators, who then throttle or schedule EV charging to avoid overloads.

It’s like the DSO telling the chargers: “Hey, ease up, traffic’s piling up on the power highway.”

IEEE 2030.5 (SEP 2.0)

While OpenADR is focused on demand response messaging to coordinate energy usage, IEEE 2030.5 provides a comprehensive communication standard for directly controlling and managing a wide range of smaller distributed energy resources (DERs), such as solar, battery storage, or EV chargers.

It’s particularly strong in the U.S., where utilities are pushing for secure, two-way communication with chargers that can act as grid resources — for example, in Vehicle-to-Grid (V2G) use cases. U.S. power grids are notoriously vulnerable to weather events such as wildfires and blizzards, often leaving millions without electricity because much of the infrastructure is built above ground. That’s why the ability to use your EV to power your home — known as Vehicle-to-Home (V2H) — has attracted so much attention. Ford’s F-150 Lightning, for instance, became a hit after a Super Bowl commercial showed it instantly lighting up a house during a (fictional) blackout.

IEC 61850-90-8

This lesser-known standard is part of the IEC 61850 family (used in substations), with profile 90-8 tailored for EV charging/data exchange between DSOs and charging infrastructure. It’s mainly European in traction.

Bottom line for CPOs

The industry has not yet settled on a single communication standard for the DSO ←→ CPO link. Meaning: if you’re operating chargers at scale, you’ll want to be compatible with at least one of these protocols (depending on region) because:

• DSOs increasingly mandate smart-charging behaviour (e.g. grid-aware profiles, dynamic curtailment).

• Being “grid-friendly” means you avoid bottlenecks, get quicker access to power infrastructure without needing to wait for capacity upgrades, and can even monetise flexibility (see for example Pacific Gas & Electric’s Flex Connect program).

• These protocols turn chargers from passive consumers into active grid participants. This is a key enabler to unlock timely buildout of EV infrastructure and, as a result, accelerate EV uptake. Additionally, this capability adds new revenue streams for CPOs as they can bundle their EV chargers into what we call virtual power plants (VPPs) to participate in the energy and flexibility markets (e.g. intraday and day-ahead trading, or frequency containment reserve).

Public Key Infrastructure operator

The last part of the EV charging ecosystem shown in the map above has become an increasingly important one, both with respect to user convenience and cybersecurity.

With ISO 15118’s Plug & Charge adoption rising quickly, user convenience is taking centre stage, providing the same seamless experience that Tesla drivers have enjoyed for years. And as EV charging networks increasingly form part of critical infrastructure that must be protected from malicious actors at all times, cybersecurity is shifting from a nice-to-have feature – often overlooked in the early days – to a key topic on industry and government agendas.

A Public Key Infrastructure (PKI) is the framework that makes secure digital communication possible. It relies on cryptographic key pairs – one public, one private – and digital certificates issued by trusted authorities to prove that each party in a communication is who they claim to be.

In the context of EV charging, PKI ensures that the information exchanged between the EV and the charger (such as authentication credentials, contract certificates or charging profiles) and between the charger and the backend system (like charging data, pricing, or firmware updates) remains encrypted, tamper-proof, and verifiable.

This system of digital certificates allows all actors — the vehicle, the charger, and the backend — to trust one another automatically, without manual intervention. It’s the foundation that enables secure features such as Plug & Charge, where the EV identifies itself and authorises payment seamlessly the moment it’s plugged in.

The charging-related information exchanged between EV and charger is encrypted via Transport Layer Security (TLS), guaranteeing confidentiality. Additionally, sensitive information that is exchanged between the charging station and its cloud-based CSMS is digitally signed to guarantee both the integrity of the information and the authenticity of the sender. Confidentiality, data integrity and authenticity are the three cornerstones of a secure charging and billing process. All this is made possible through a PKI.

The Plug & Charge ecosystem actually comprises several market roles which, for brevity’s sake, I subsumed under the term “Public Key Infrastructure operator”. As I’m writing this article, there’s only one established PKI operator, namely Hubject. Hubject currently takes on several roles from issuing, distributing and revoking digital certificates to operating data pools that are necessary to guarantee a smooth and secure exchange of information between the stakeholders in a Plug & Charge ecosystem.

There are other PKI operators coming to the e-mobility market, namely Irdeto and roaming hub operator Gireve. In June 2025, the three companies announced a Plug & Charge partnership, providing mutual access and integrations to each other’s platforms. In practice, this means CPOs, EMPs, and even vehicle OEMs are free to pick whichever Plug & Charge provider they prefer, while still gaining interoperability with the other two ecosystems.

The Sustainable Transport Forum (STF), an expert body advising the European Commission on e-mobility, is working to define a common EU-wide governance framework that will ensure truly interoperable EV charging infrastructure across all market players.

There’s a lot to unpack when it comes to Plug & Charge and the underlying PKI. The image above shows just how many entities are involved in this ecosystem. Enough material to fill an entire day of training, as I’ve done in the past. I’ll dive deeper into this diagram and share that knowledge in my upcoming articles dedicated to Plug & Charge. If there’s a particular aspect you’d like me to cover, let me know – I’d love to tailor it to what you find most interesting.

Open Plug & Charge Network Communication Protocol (OPNC)

Early 2022, Hubject introduced an open-source protocol called Open Plug and Charge Protocol (OPCP). The purpose of the OPCP protocol is to provide an open, international, supplier-agnostic API framework that enables seamless interoperability across Plug & Charge systems, linking multiple PKI ecosystems, CPOs, MSPs and OEMs so that EVs, chargers and backend networks can operate together smoothly.

In 2024, CharIN e.V. established a task force to take over the governance of this open-source project and changed the protocol name to Open Plug & Charge Network Communication Protocol, or OPNC (link to GitHub repo) for short. Did I mention already that this industry just loooves using O’s, P’s and C’s in protocol names?

All right, you now have a pretty complete overview of the market roles and communication protocols at play, working in concert around the clock to ensure you have the most seamless and secure charging experience possible.

It’s not perfect, and I’m sure there are people out there who may wonder why it appears to be so complex. Although I tried to shed some light and reduce any confusion, I’m sure your head is still spinning with all the roles, protocols, and acronyms.

If anything remains unclear, please don’t hesitate to leave a comment on this article, or respond directly to my email. I’ll be happy to explain further.

In next week’s article, we’ll start pulling back the curtain on the magic behind Plug & Charge. Stay tuned, and have a great week!