Guide

ISO 15118: The Complete Guide for Charge Point Operators and eMobility Providers

Quick summary

ISO 15118 is the international standard that defines how electric vehicles and charging stations communicate digitally over the charging cable. It’s the technical foundation for three of the most important capabilities in modern EV charging: Plug & Charge (automatic authentication without a card or app), smart charging (vehicle-aware energy optimization), and bidirectional power transfer (V2G, V2H, V2B, V2L).

For charge point operators and eMobility service providers in the EU, ISO 15118 is now a regulatory requirement. As of January 8, 2026, AFIR mandates ISO 15118-2 compliance for all newly installed public AC charging points. By January 1, 2027, the requirement extends to ISO 15118-20 for both public and private chargers, including full V2G capability. Meeting these deadlines requires coordinated changes across charger hardware, backend software (OCPP 2.0.1 or 2.1), and PKI infrastructure.

This guide covers everything CPOs and eMSPs need to know to plan and execute an ISO 15118 rollout: how the standard works, how Plug & Charge authentication is built on a Public Key Infrastructure, how ISO 15118 integrates with OCPP, what’s changed between ISO 15118-2 and ISO 15118-20, which vehicles and chargers support it today, and a six-step implementation roadmap to get compliant. It closes by noting that AMPECO’s platform supports ISO 15118 natively through Hubject Plug & Charge integration and OCPP 2.0.1/2.1.

What Is ISO 15118?

ISO 15118 is the international standard that governs digital communication between electric vehicles and charging stations. It unlocks three capabilities:

Automatic authentication without a card or app (Plug & Charge)
Intelligent energy management (smart charging)
Bidirectional power flow from the vehicle back to the grid (V2G)

As of January 8, 2026, the EU’s Alternative Fuels Infrastructure Regulation (AFIR) made ISO 15118 compliance mandatory for newly installed public AC charging points across the EU. By January 1, 2027, the requirement extends to ISO 15118-20 for both public and private chargers. For charge point operators, eMobility service providers, and EV manufacturers, understanding and implementing ISO 15118 is no longer optional — it’s a regulatory and competitive imperative.

Work on ISO 15118 began in 2010 as a joint effort by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), with the first parts of the standard published between 2013 and 2014. The standard enhances the analog signaling of IEC 61851-1 by adding a digital communication channel over Power Line Communication (PLC). IEC 61851 PWM signaling still manages basic safety functions like cable detection and maximum current indication, while ISO 15118 enables the higher-level data exchange that supports automatic authentication, dynamic energy management, and reverse power flow from the vehicle back to the grid.

In the United States, the NEVI (National Electric Vehicle Infrastructure) Program encourages ISO 15118 compatibility for federally funded charging stations but does not mandate it.

Key Terms in This Guide

Term	Definition
Plug & Charge	Automatic charging session authentication using digital certificates — no RFID card, app, or QR code required
V2G (Vehicle-to-Grid)	Bidirectional energy flow: the vehicle battery discharges back to the grid, a building (V2B), or a home (V2H)
EVCC	Electric Vehicle Communication Controller — the EV-side hardware running the ISO 15118 protocol stack
SECC	Supply Equipment Communication Controller — the charger-side hardware running the ISO 15118 protocol stack
PKI	Public Key Infrastructure — the certificate hierarchy that enables vehicles and chargers to verify each other’s identity
CCS	Combined Charging System — the dominant global standard for DC fast charging, combining AC and DC charging into a single connector; the physical and electrical foundation on which ISO 15118 communication runs.
CSMS	Charging Station Management System — the backend platform that manages charging stations, sessions, and energy data
OCPP	Open Charge Point Protocol — the standard governing communication between charging stations and the backend management system (CSMS)
OPCP	Open Plug&Charge Protocol — an open protocol for exchanging Plug & Charge–related information between market participants, enabling interoperable Plug & Charge services based on ISO 15118.
PLC	Power Line Communication — technology that sends digital data over the same wires used to carry electrical power, enabling rich data exchange between the EV and charger over the charging cable itself, replacing the simpler PWM signaling used by earlier standards.
TLS	Transport Layer Security — the cryptographic protocol that encrypts data in transit between two parties, the same standard that secures HTTPS web traffic.
CSR	Certificate Signing Request — a formatted request sent from a device to a Certificate Authority asking for a signed digital certificate. The request contains the device’s public key and identifying information; the CA validates it and returns a signed certificate that can be trusted by others in the ecosystem.

How ISO 15118 Fits into the EV Charging Ecosystem

ISO 15118 operates at the vehicle-to-charger layer: it governs the communication that happens over the charging cable (or wirelessly) between the EV’s Electric Vehicle Communication Controller (EVCC) and the charging station’s Supply Equipment Communication Controller (SECC). It does not replace OCPP or OCPI — rather, it complements them:

OCPP (Open Charge Point Protocol) handles the communication between the charging station and the backend Charging Station Management System (CSMS).
OCPI (Open Charge Point Interface) handles roaming between different charging networks.

ISO 15118 is the layer beneath both, ensuring that the vehicle and charger can identify each other, negotiate a charging session, exchange energy data, and manage security certificates — all before the backend systems ever get involved.

Together, these three protocols form the communication stack of modern EV charging infrastructure: ISO 15118 at the charger-vehicle interface, OCPP at the charger-backend interface, and OCPI at the backend-to-backend roaming layer.

image of how ISO 15118 fits into the EV charging ecosystem

Key Features of ISO 15118

ISO 15118 defines three core capabilities that distinguish it from earlier charging protocols:

Automatic session authentication without a card or app (Plug & Charge)
Dynamic energy management based on real vehicle data (smart charging)
Bidirectional power transfer between the vehicle and the grid (V2G)

Here’s how they work in practice.

Plug & Charge: How Automatic Authentication Works

Plug & Charge is the most visible feature of ISO 15118 for end users. It eliminates the need for RFID cards, mobile apps, or QR codes.

The mechanism relies on a chain of trust anchored by V2G Root Certificate Authorities (Root CAs). When an EV owner signs a charging contract with a Mobility Operator, the EV first presents its OEM Provisioning Certificate to identify itself. A Contract Certificate is then provisioned to the vehicle, signed by the Mobility Operator’s sub-CA (which in turn is signed by the V2G Root CA). This certificate acts as the vehicle’s digital identity. The charging station holds its own certificate from the Charge Point Operator’s sub-CA (again signed by the V2G Root CA).

When a driver connects the charging cable, the charging station presents its certificate and establishes a TLS handshake with the EV, after which the vehicle presents its contract certificate to the charging station. The station sends it to its backend, which verifies the contract certificate against a Public Key Infrastructure (PKI), authorizes the session, and charging begins — all within seconds and without any driver interaction beyond plugging in.

image of how automatic authentication works with ISO 15118

Smart Charging: Optimizing Energy Use and Costs

ISO 15118 enables a level of smart charging that goes far beyond simple time-of-use scheduling. Because the vehicle can communicate its state of charge (SoC), requested energy amount, and desired departure time directly to the charging station, the backend system can calculate individually optimized charging schedules.

The standard supports two control modes. In the Scheduled mode (available since ISO 15118-2), the CSMS provides the vehicle with a charging schedule — a series of time-power pairs — and the vehicle follows it.

In the Dynamic mode (introduced in ISO 15118-20), the vehicle yields control to the charging station, which provides real-time power setpoints. This is particularly valuable for demand response scenarios where the grid operator or energy aggregator needs to adjust charging loads in real time based on grid conditions, electricity spot prices, or renewable energy availability.

For CPOs operating large charging sites — depots, commercial hubs, or residential complexes — smart charging via ISO 15118 facilitates local load management, preventing grid overload, reducing demand charges, and maximizing the use of on-site solar or battery storage.

Vehicle-to-Grid (V2G) and Bidirectional Charging

Perhaps the most transformative capability enabled by ISO 15118 is bidirectional power transfer — the ability for energy to flow not just from the grid to the vehicle, but also from the vehicle back to the grid, building, or home. This takes three forms:

V2G (Vehicle-to-Grid) returns energy to the electrical grid to support stability and balancing.
V2H (Vehicle-to-Home) and V2B (Vehicle-to-Building) supply a residential or commercial building, providing backup power or improved energy management.
V2L (Vehicle-to-Load) powers external devices directly — tools, appliances, equipment — without involving a building or the grid.

Earlier versions of the standard, particularly ISO 15118-2, primarily focused on secure communication and Plug & Charge functionality for unidirectional charging. The newer ISO 15118-20 specification extends these capabilities and introduces native support for bidirectional energy transfer between the vehicle and the power system.

ISO 15118-20 is currently the only international standard that natively specifies the communication messages required for bidirectional charging use cases. It enables the vehicle and charger to negotiate discharge schedules, energy limits, and price signals — turning a fleet of EVs into a distributed energy resource.

The economic and grid implications are significant. V2G-enabled vehicles can provide ancillary grid services such as frequency regulation, peak shaving, and load balancing. They can participate in energy arbitrage — charging when electricity is cheap (e.g., midday solar surplus) and discharging when prices are high (e.g., evening peak).

At scale, millions of V2G-capable EVs could function as a decentralized virtual power plant, providing grid stabilization capacity that would otherwise require dedicated stationary battery installations.

Security — TLS Encryption and PKI Certificates

Security is foundational to ISO 15118. Because the standard connects the vehicle to backend payment and energy systems, it must protect against man-in-the-middle attacks, certificate forgery, and unauthorized session initiation.

ISO 15118-2 made TLS 1.2 optional and authenticated the charger to the vehicle — but not the other way around. (TLS, Transport Layer Security, is the same encryption protocol that protects HTTPS web traffic.) In practice, this meant the vehicle had no cryptographic guarantee that it was talking to a legitimate charger, and the charger had no way to verify the vehicle’s claimed identity.

ISO 15118-20 closes that gap: TLS 1.3 is mandatory, and both parties must verify each other’s certificate chains before any energy flows. The standard also introduces crypto-agility, so cryptographic algorithms can be swapped without breaking interoperability if vulnerabilities emerge in the ones used today.

ISO 15118-2 vs. ISO 15118-20 — What Changed?

image comparing ISO 15118-2 vs ISO 15118-20

ISO 15118-20 is a substantial evolution, not a minor revision. The two versions are not backward-compatible: a charger or vehicle that needs to support both must implement both protocol stacks and negotiate the version at the start of each session.

For CPOs planning infrastructure investments, the practical implication is that both versions must coexist. A newly installed charger should support ISO 15118-2 to serve the existing vehicle fleet, and ISO 15118-20 to be AFIR-compliant from 2027 and to support V2G-capable vehicles. This requires hardware that can run both protocol stacks — specifically, PLC chips and processors with sufficient capacity.

Feature	ISO 15118-2 (2014)	ISO 15118-20 (2022)
TLS version	TLS 1.2, optional	TLS 1.3, mandatory
Authentication	One-way (EVSE authenticates to EV)	Mutual (both EV and EVSE authenticate)
Bidirectional power transfer (V2G)	Not natively supported	Native BPT support for V2G, V2H, V2B
Wireless charging (WPT)	Not supported	Supported (supplementing IEC 61980)
Automated Connection Device (pantograph)	Not supported	Supported (bus/fleet depot charging)
Control modes	Scheduled only	Scheduled + Dynamic
Crypto-agility	No	Yes — configurable algorithms
Communication multiplexing	No	Yes — parallel communication channels
Multiple contracts	Single contract per session	Multiple contract handling
Backward compatible	N/A	Not compatible with ISO 15118-2

The PKI Behind Plug & Charge

The Public Key Infrastructure (PKI) is the trust backbone of ISO 15118’s Plug & Charge feature. It is a hierarchical system of digital certificates that allows vehicles and chargers to verify each other’s identities without any user interaction.

How Digital Certificates Enable Seamless Charging

At the top sits the V2G Root Certificate Authority (Root CA), which is the ultimate trust anchor. Below it, sub-CAs are issued to Vehicle OEMs (OEM-CAs), Charge Point Operators (CPO-CAs), and Mobility Operators (MO-CAs). These sub-CAs then issue leaf certificates to individual vehicles (provisioning certificate), chargers (SECC certificates) and charging plans (contract certificates).

How certificates get issued

Two commissioning flows keep the ecosystem running. The driver can enable Plug & Charge through the mobility operator’s app, or directly at a charge point. In either case, the vehicle uses its OEM provisioning certificate (the PCID) to request a contract certificate (the EMAID). The PKI validates the request, signs the certificate, and the vehicle stores it as its charging identity

image of how a vehicle gets its contract certificate (EMAID)

When a new charge point is commissioned, the CSMS installs the V2G root certificate on the device. The charge point then generates a certificate signing request (CSR), which the CSMS forwards to the PKI for validation and signing. Once signed, the SECC certificate is pushed back to the charge point, giving it a verifiable identity in the ecosystem.

inline image of how a charge point gets its SECC certificate

V2G Root CAs and the Ecosystem

Hubject has operated the world’s first productive V2G Root CA since 2018, with the underlying platform provided by Nexus (IN Groupe). The Root CA’s certificates are distributed through certificate pools — shared registries where all ecosystem participants can access the certificates they need for verification.

Critically, the PKI is not a single-vendor system. The Open Plug & Charge Protocol (OPCP), published by Hubject on GitHub, defines how different ecosystem operators can interoperate. A vehicle with a contract from Mobility Operator A can charge at a station operated by CPO B, with both trusting certificates rooted in the same (or cross-certified) V2G Root CA. This is what makes Plug & Charge work across networks rather than locking drivers into a single provider.

Certificate Lifecycle Management

Certificates have defined lifetimes and must be renewed, revoked, or replaced as needed. Done manually, this would be an operational headache — an AFIR-scale rollout could involve hundreds of thousands of certificates across a CPO’s fleet.

In practice, a compatible CSMS handles most of this automatically. The Hubject PKI, for example, automatically publishes newly created certificates to the certificate pools, removes revoked certificates during regular checks, and cleans up expired certificates via batch jobs. For CPOs, this means the operational burden of certificate management is largely abstracted away through the CSMS integration.

How ISO 15118 and OCPP Work Together

ISO 15118 and OCPP are complementary standards that address different communication links in the charging ecosystem.

ISO 15118 governs the EV-to-charger dialogue; OCPP governs the charger-to-backend dialogue. Together, they facilitate end-to-end intelligent charging.

OCPP 2.0.1 and ISO 15118 Integration

OCPP 2.0.1 is the first OCPP version with native support for ISO 15118. It introduces several features that enable the integration of ISO 15118-based communication between the electric vehicle, the charging station, and the central management system (CSMS). These capabilities include:

Transporting the contract certificate from the vehicle to the CSMS for Plug & Charge authorization
Forwarding the vehicle’s state of charge and energy request to the backend to enable smart charging calculations
Installing and updating ISO 15118 certificates on the charger
Identifying vehicles via the EVCCID (Electric Vehicle Communication Controller Identifier), which corresponds to the MAC address of the vehicle’s communication controller and may be propagated to the backend as an OCPP IdToken

The EVCCID represents the vehicle communication hardware, whereas user authorization and billing in Plug & Charge scenarios rely on the eMAID (E-Mobility Account Identifier) associated with the charging contract.

Through this integration, when a vehicle initiates a Plug & Charge session, the charging station forwards the vehicle’s contract certificate to the CSMS via OCPP. The CSMS validates the certificate chain and confirms the associated contract with the Mobility Operator (MO) before authorizing the charging session. Once authorized, the CSMS can use information provided by the vehicle, such as state of charge and expected departure time, to generate an optimized charging profile. This profile is then sent to the charging station through OCPP and communicated to the vehicle using ISO 15118.

OCPP 2.0.1 Edition 3 was approved as an IEC standard (IEC 63584) in 2024, further reinforcing its role as the industry-standard backend protocol for EV charging infrastructure.

OCPP 2.1 Enhancements for V2X

OCPP 2.1 extends the ISO 15118 integration to include ISO 15118-20 features, most notably bidirectional power transfer (V2X).

It adds support for managing reverse energy flows, integration with distributed energy resources (DER), enhanced smart charging profiles that account for both charging and discharging, and battery swap station management. For CPOs planning V2G deployments, OCPP 2.1 paired with ISO 15118-20 provides the full communication stack needed from vehicle to grid operator.

Is ISO 15118 Mandatory?

ISO 15118 is now mandatory in the EU under AFIR, with two hard deadlines:

January 8, 2026: All newly installed or substantially renovated publicly accessible AC charging points must implement EN ISO 15118-2:2016. This means digital communication via Power Line Communication (PLC) must replace or supplement basic PWM signaling.
January 1, 2027: All newly installed or renovated publicly accessible and private Mode 3 (AC) charging points must implement EN ISO 15118-20:2022. This extends the mandate to include full V2G capability, enhanced security, and wireless charging support.

AFIR applies directly in all EU member states without national transposition. It is also tightly coupled with the Cyber Resilience Act (CRA), NIS2 directive, and GDPR, creating a comprehensive regulatory framework around charging infrastructure security and data handling.

For many charger manufacturers, this represents a fundamental hardware redesign. Existing AC chargers that rely solely on PWM signaling under IEC 61851-1 cannot be made compliant through software updates alone — they require PLC-capable chips and upgraded processors.

U.S. NEVI Program Requirements

The National Electric Vehicle Infrastructure (NEVI) Formula Program, established under the Bipartisan Infrastructure Law, funds the buildout of EV charging along U.S. highway corridors. While NEVI does not mandate ISO 15118, it encourages ISO 15118 compatibility as a best practice for future-proofing federally funded stations.

CharIN Conformance Testing and Certification

Supporting ISO 15118 on paper is one thing; actually working with every vehicle that pulls up to your charger is another. That’s the gap CharIN exists to close.

CharIN e.V.(Charging Interface Initiative) is the industry body that runs ISO 15118 conformance testing. With around 300 members ( including 14 of the top 20 global car brands), it’s the closest thing the ecosystem has to a neutral referee. Two programs matter most for CPOs planning deployments:

CharIN organizes Testivals — hands-on, multi-day events where EV manufacturers, charger OEMs, and component suppliers physically test their ISO 15118 implementations against each other. These events have been held across North America, Europe, and Asia.

The CharIN CCS Test System (CCTS) is a reference test device designed to act as the industry’s “golden standard” for ISO 15118 conformance. The value for CPOs: instead of every OEM testing against every charger manufacturer individually, implementations can be validated against CCTS — which dramatically reduces the combinatorial testing burden.

CharIN has also defined the CharIN CCS Test System (CCTS) — a reference test device intended to serve as the industry’s “golden standard” for ISO 15118 conformance, reducing the need for every OEM to test against every charger manufacturer individually.

CharIN’s conformance program itself is organized into two tiers. CCS Basic covers fundamental AC and DC charging functions, including High Power Charging (HPC). CCS Extended adds smart charging, local and online load balancing, Plug & Charge, payment app options, RFID, credit card authentication, and V2X grid integration. If you’re procuring new chargers, confirming which tier a vendor has certified to is a useful due-diligence checkpoint.

Which Vehicles and Chargers Support ISO 15118?

The list of vehicles supporting ISO 15118 Plug & Charge is growing rapidly, driven by regulatory pressure and consumer demand for seamless charging. Notable models include:

Early Adopters (2021+): Porsche Taycan, Mercedes-Benz EQS, Lucid Air, Ford Mustang Mach-E.
BMW (2024+): BMW i4, i5, i7, iX.
Hyundai/Kia/Genesis: Hyundai Ioniq 5 and 6, Kia EV6 and EV9, Genesis GV60.
Volkswagen Group (MEB Platform): VW ID.4, ID. Buzz, Cupra Born (software 3.1+), Škoda Enyaq, Audi Q4 e-tron.
Tesla: All Tesla vehicles since 2012 support a proprietary version of Plug & Charge on the Tesla Supercharger network. Tesla’s implementation predates ISO 15118-2 and uses a proprietary protocol, though Tesla has been moving toward CCS compatibility in some markets.
V2G-Capable Models (ISO 15118-20): Hyundai Ioniq 5 and 6 (800V), Kia EV6 and EV9, Ford F-150 Lightning, BYD Atto 3 and Dolphin, Renault 5 E-Tech electric.

Note: There is no single authoritative database of all ISO 15118-compatible vehicles. Compatibility depends on model year, software version, and regional variant. Check with the OEM for specific vehicle support.

What Hardware Do Chargers Need for ISO 15118?

For a charging station to support ISO 15118, four hardware components are required:

PLC communication module (HomePlug Green PHY), which allows digital communication over the charging cable
ISO 15118-capable processor that runs the full protocol stack, including TLS encryption
Hardware Security Module (HSM) or secure element, which handles certificate storage and cryptographic operations
OCPP 2.0.1-compatible firmware, which connects the charger to a CSMS with the ISO 15118 functional block enabled

Major DC charging networks, including Ionity (Europe) and Electrify America (United States), already support Plug & Charge. AC charging station support is hardware-ready in many newer units, though the software ecosystem for AC Plug & Charge is still maturing.

Implementation Roadmap for CPOs and eMSPs

Becoming ISO 15118-ready requires coordinated changes across charger hardware, backend software, and PKI infrastructure — typically completed in six steps, from auditing existing assets to validating interoperability against real vehicles.

Steps to ISO 15118 Readiness

1. Audit existing infrastructure. Determine which installed chargers have PLC-capable hardware, which can be upgraded via firmware, and which must be replaced. Chargers relying solely on PWM signaling under IEC 61851-1 will require hardware replacement.

2. Upgrade or select an ISO 15118-capable CSMS. Your backend platform must support OCPP 2.0.1 (or 2.1 for V2G) with the ISO 15118 functional block enabled. This includes certificate management, contract certificate forwarding, and smart charging profile generation based on vehicle SoC data.

3. Establish PKI integration. Connect to a Plug & Charge ecosystem either directly through a V2G Root CA operator like Hubject, or through your CSMS provider if they offer managed PKI services. This involves obtaining CPO sub-CA certificates and configuring your chargers to receive and verify contract certificates.

4. Integrate with Mobility Operators. Ensure that your roaming agreements and eRoaming hub connections support Plug & Charge contract certificate exchange. This allows vehicles with contracts from any participating Mobility Operator to authenticate at your stations.

5. Test for interoperability. Participate in CharIN Testivals or use the CharIN CCS Test System (CCTS) to validate your ISO 15118 implementation against real vehicles and reference devices. Interoperability testing is critical because firmware mismatches, certificate handling errors, and protocol negotiation failures are common in early deployments.

6. Plan for ISO 15118-20. If you are investing in new hardware, ensure it supports both ISO 15118-2 and ISO 15118-20. This future-proofs your infrastructure for the January 2027 AFIR deadline and enables V2G services when the market matures.

Common Challenges and How to Overcome Them

Challenge	Mitigation
Challenge: PKI complexity and cost.	For CPOs without in-house PKI expertise, managed PKI services (such as those offered through Hubject or your CSMS provider) significantly reduce the operational burden. The key is to choose a CSMS that abstracts PKI complexity behind a clean integration.
Cross-industry coordination	Engage OEMs, eMSPs, and roaming hubs early; select a CSMS with established Plug & Charge partnerships already in place.
Slow vehicle-side adoption	CPOs should plan for a transition period where chargers must support both ISO 15118 Plug & Charge and fallback authentication methods (RFID, app-based). While regulatory mandates are driving charger-side compliance, not all vehicles in the market support ISO 15118.
Firmware and interoperability issues.	Run regular firmware updates, participate in CharIN Testivals, and use a CSMS with proactive ISO 15118 session failure monitoring
Offline certificate verification	CPOs should define a clear policy for offline behavior and ensure their chargers support CRL caching. If a charger cannot reach the Certificate Authority to check revocation status, it must either deny the session (secure but poor UX) or fall back to a cached Certificate Revocation List (CRL).

How AMPECO Supports ISO 15118

AMPECO’s platform provides native ISO 15118 support through Plug & Charge integration with the Hubject ecosystem, full OCPP 2.0.1 ISO 15118 functional block implementation, and a V2G-ready architecture for bidirectional energy management.

Plug & Charge in the AMPECO Platform

AMPECO’s EV charging management platform provides native support for Plug & Charge, integrating with the Hubject Plug & Charge ecosystem for seamless certificate management for CPOs and eMSPs.

The platform handles contract certificate forwarding, authorization, and session management — abstracting the PKI complexity so operators can focus on their charging business.

OCPP 2.0.1 / 2.1 Native Support

AMPECO supports OCPP 2.0.1 with full ISO 15118 functional block integration, for smart charging based on vehicle SoC data, certificate installation and updates, and comprehensive session management.

The platform is also preparing for OCPP 2.1 to support V2X use cases.

V2G-Ready Infrastructure

As V2G moves from pilot to production, AMPECO’s platform architecture is designed to support bidirectional energy flows, dynamic control mode charging profiles, and integration with energy management systems — providing CPOs with the backend capabilities needed to offer V2G services as the market and regulations mature.

Frequently Asked Questions

These answers cover the most common questions CPOs, eMSPs, and EV drivers have about ISO 15118, including Plug & Charge, V2G, the difference between ISO 15118-2 and 15118-20, and regulatory compliance timelines.

What is ISO 15118 in simple terms?

ISO 15118 is the international standard that defines how electric vehicles and charging stations talk to each other digitally. It enables automatic identification and payment (Plug & Charge), intelligent energy management (smart charging), and the ability for EVs to send energy back to the grid (V2G).

What is Plug & Charge?

Plug & Charge is an ISO 15118 feature that allows an EV to automatically authenticate and start a charging session the moment the cable is connected — no app, card, or QR code needed. It uses encrypted digital certificates for secure, instant identification

What is the difference between ISO 15118-2 and ISO 15118-20?

SO 15118-2 (2014) established foundational digital communication for wired charging, with optional security and Plug & Charge. ISO 15118-20 (2022) makes TLS 1.3 encryption mandatory, adds mutual authentication, and introduces native support for bidirectional charging (V2G), wireless charging, and dynamic control modes. The two are not backward-compatible.

Is ISO 15118 mandatory?

In the EU, yes, increasingly so. AFIR requires ISO 15118-2 for all new public AC charging points from January 8, 2026, and ISO 15118-20 for all new public and private chargers from January 1, 2027. In the U.S., NEVI encourages but does not strictly mandate ISO 15118 support.

Which vehicles support Plug & Charge?

A growing list including the Porsche Taycan, Mercedes-Benz EQS, BMW i4/i5/i7/iX, Hyundai Ioniq 5/6, Kia EV6/EV9, VW ID.4/ID. Buzz, Lucid Air, Ford Mustang Mach-E, and others. Tesla uses a proprietary version of Plug & Charge on its Supercharger network.

What is the relationship between ISO 15118 and OCPP?

ISO 15118 handles communication between the EV and the charging station. OCPP handles communication between the charging station and the backend management system. OCPP 2.0.1 has native ISO 15118 support for Plug & Charge and smart charging; OCPP 2.1 adds ISO 15118-20 and V2X support.

What is V2G, and how does ISO 15118 enable it?

V2G (Vehicle-to-Grid) allows EVs to discharge stored energy back to the grid, a building, or a home. ISO 15118-20 is the only standard that specifies the complete communication protocol for bidirectional power transfer, including discharge scheduling, energy limits, and price signals.

What is the role of PKI in ISO 15118?

The Public Key Infrastructure provides the chain of digital certificates that enables Plug & Charge. A V2G Root CA sits at the top of the trust hierarchy, with sub-CAs for Mobility Operators, CPOs, and OEMs. This way, vehicles and chargers can verify each other’s identity automatically and securely.

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.

Cookie	Duration	Description
__hstc	1 year 24 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_131368643_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This is a Hotjar cookie that is set when the customer first lands on a page using the Hotjar script.
_hjIncludedInPageviewSample	2 minutes	No description available.
_hjTLDTest	session	No description available.
CONSENT	16 years 3 months 14 days 11 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
_lfa	2 years	This cookie is set by the provider Leadfeeder. This cookie is used for identifying the IP address of devices visiting the website. The cookie collects information such as IP addresses, time spent on website and page requests for the visits.This collected information is used for retargeting of multiple users routing from the same IP address.
AnalyticsSyncHistory	1 month	No description
cookielawinfo-checkbox-functional	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
li_gc	2 years	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.