SHERIDAN, WYOMING - November 28, 2025 - As the global electric vehicle charging ecosystem races to standardize secure Plug & Charge and other transaction models, the SAE Industry Technologies Consortia's Electric Vehicle Public Key Infrastructure (EVPKI) Consortium has launched a Production Certificate Trust List (CTL) that brings multiple certificate authorities and OEMs into a shared, interoperable security framework.
Production CTL Marks Milestone for Interoperable EV PKI
The newly announced Production CTL is built to enable real-world quality assurance testing with six EVPKI root certificates from major PKI providers and automotive OEMs, including DigiCert, Hubject, Irdeto, ISS, General Motors and Tesla. Using the EVPKI production testing platform, the consortium can now validate its PKI interoperability model against a diverse set of roots that reflect the emerging EV charging market structure.
"This is a major success in the Consortium's mission to create the world's first interoperable PKI solution for the global EV Charging ecosystem," said Tim Weisenberger, SAE ITC EVPKI Director. "Through the leadership and exhaustive efforts of our industry members we now have a Production SAE EVPKI Certificate Trust List with six compliant PKI roots that we can now begin testing". For charging point operators, mobility service providers and OEMs, this marks a critical step away from fragmented, proprietary security schemes toward a common trust fabric for EV charging transactions.
CTL Requirements Version 2 Sets the Framework
The launch of the Production CTL is enabled by the publication of SAE EVPKI Certificate Trust List Requirements (CTL) Version 2. This requirements document defines how PKI roots must be configured and governed to qualify for inclusion in the trust list, and is available free of charge to the entire industry via the EVPKI web page.
With a clear and open set of requirements, PKI providers and OEMs can:
- Align their certificate issuance and lifecycle policies with the consortium's interoperability model.
- Prepare for onboarding into the operational EVPKI CTL.
- Reduce integration complexity for charging infrastructure partners and platform providers.
QA Testing Roadmap to Operational EVPKI in 2026
The EVPKI Policy Authority will oversee quality assurance testing of the Production CTL, focusing initially on onboarding and validating multiple PKI roots on the Operational EVPKI CTL through Q1 2026. Once this testing phase is complete, the EVPKI solution will be rolled out to the broader ecosystem.
At that point, the operational EVPKI CTL is expected to:
- Secure EV charging transactions across diverse charging networks and roaming arrangements.
- Enable Plug & Charge and other automated authentication methods at scale.
- Support the emergence of a competitive PKI supply market that does not meaningfully exist today.
For Automotive & Mobility stakeholders, this timeline is directly linked to their 2026 product, infrastructure and service roadmaps, making now the critical window for technical and commercial alignment.
Strategic Impact for OEMs, CPOs and PKI Suppliers
By creating a neutral, interoperable trust framework, the EVPKI Consortium aims to de-risk long-term investments in EV charging security. Rather than relying on one-off integrations and bilateral trust relationships, OEMs, charging point operators, roaming platforms and PKI vendors can plug into a common governance model.
This has several strategic implications:
- OEMs gain a scalable way to support secure charging across different networks and geographies.
- Charging operators can offer Plug & Charge and similar services without locking into a single PKI provider.
- PKI suppliers can compete on service, performance and value-added features within a shared ruleset.
In parallel, the operational CTL can support regulatory and policy goals around cybersecurity, as authorities increasingly scrutinize identity and transaction security in EV charging infrastructure.
Membership-Driven Governance for a Global EV Charging Ecosystem
The consortium emphasizes that its strength lies in industry participation and governance. "Our strength is in our Membership. We need industry leaders to drive our testing and development and prepare us to operationalize the SAE EVPKI solution in 2026. The Consortium relies on Members to input their requirements to ensure a robust and practical PKI that encourages economical and efficient charging solutions at scale."
For companies operating in the EV charging value chain-from global OEMs and Tier 1 suppliers to PKI providers, backend platforms and CPOs-joining the consortium offers a direct channel to shape the requirements and operational practices that will govern future EV charging security.
For full CTL Requirements details and membership information, visit https://www.sae-itc.com/programs/evpki.