By now, most of us have heard the term Plug & Charge. What is it, and how beneficial is this technology, is it safe and secure? Is it the best solution? Let's dig in.
History
Ya, I know, this wasn't your favorite subject in school. But knowing a bit of history can help frame a subject, so here we go.
While we are still in the early days of EVs, we have already come a long way. We still have remnants of the original billing methods used for public charging, namely an app linked to your credit or debit card, and used only on public chargers operated by that particular company. While this is effective, it starts becoming complex when there are many networks, each with their own app, each requiring you to enter your credit or debit card info into the app, and maintain it every time you get a new card.
Further, each of these apps have maps to help you find their chargers, but not necessarily all chargers where you are headed. And once you do find a charger, each network tends to have slightly different processes you need to use to activate a charging session.
In short, the emerging problem is one of too many variables that make matters confusing to people who are already struggling to grasp the newness of the paradigm shift of driving EVs after a lifetime of driving ICE vehicles. So, how do we simplify things? That is where ISO15118 Plug & Charge (P&C) comes in.
In 2012, Tesla began installing their own network of chargers, using proprietary communication protocols, for exclusive use by those who purchased a Tesla. Tesla had the foresight to grasp a concept hidden deep in the draft CCS specifications, using a vehicle's unique identifier (VIN) passed during the handshake of a fast charging session to link the car to an account in their billing system. This idea was implemented in Tesla's early days, and was simply referred to as Plug & Charge because of the actions a driver went through to start charging, namely to plug in and charging would automatically start.
What Tesla "invented" was something a few other networks eventually implemented, and is generally referred to as AutoCharge. While it looks and feels like Plug & Charge in that the driver simply plugs in and magic happens, it still faces the challenges of maintaining accounts on each of the networks. Further, it lacked security, ie the VIN is sent over the connection between EV and EVSE in plain text. So, it was a partial solution, only addressing the activities at the "pump", but not solving the multiple account problem. For Tesla, this wasn't a problem, they had successfully convinced their customers that there was no need to go elsewhere for charging, just use the Tesla network, and you can go anywhere.
From the early days of CCS charging working groups, the IEEE sought to take on this problem in a more comprehensive way, one that would eliminate all the accounts, only requiring one account to charge everywhere. This work began in the early 2010's, and the specifications have been revised a few times, but the resulting ISO15118-20 Plug & Charge specification (adopted in 2018 I believe) is finally in an (almost) workable state.
What is the High Level Concept of Plug & Charge?
Conceptually, the idea is for drivers to be able to maintain a single account to pay for charging on every network. Simple concept, but a bit complex to do this in a secure manner. Here is a visual of the relationships between driver and networks:
![Image]()
Notice how the Automaker becomes a proxy for the driver in the P&C scheme. In business terminology, the Automaker becomes the party who is responsible for paying the network for charging fees, also commonly referred to as the "Billing Entity".
While only a few networks currently support ISO 15118 P&C, the goal is to eventually get all networks to get in on the solution. Throughout this article, I will focus on the end state, but know this may take several years to become reality.
How is this Accomplished Securely?
This gets a bit complicated, but hang in there, I will try to simplify it. In the computer world, e-commerce sites, banks, etc adopted the idea of using encrypted internet sessions for financial transaction. To accomplish this, they developed the use of certificates containing Public and Private Keys used in mathematical algorithms to generate dynamic encryption keys.
A Public Key Infrastructure (PKI) scheme was the mechanism that would enable unique encrypted keys, to be used in every secure session over public networks (the Internet). PKI methods are well understood by the professionals who maintain the system, but it is generally a pretty fuzzy concept for consumers. Suffice it to say, the methodology is as secure as anything humans have devised to date, I won't spend too much time digging into the details, but to those who are so inclined, there are many great resources available on the Internet that can help you learn more on the subject. For me, it took several years of using this technology to really gel in my mind, and I was responsible for an end to end infrastructure in a relatively small computer lab environment.
When the IEEE was searching for ways to securely manage a billing schema for P&C, they borrowed the concepts used in secure Internet solutions rather than create something on their own. This has a few benefits, not least of which is a full body of understanding and documentation to help Charge Point Operators (CPOs) and Automakers who would be setting up secure methods of handling billing on behalf of their customers.
PKI relies on a hierarchy of Certificate Authorities (CA), the entities that are widely trusted, and are responsible for issuing and maintaining certificates used in the PKI systems. In the computer world, there are many public and private trusted Authorities, and modern Operating Systems install and maintain the Public "Root" certificates in the computer's "Trust Store" on behalf of end users.
A variation of the public PKI is a Private PKI where a company (say your employer) issues certificates. This requires some additional work to insert the employers root certificate into the computer's trust store, and if used widely, becomes complicated to maintain. Most of the complication simply because once it is setup, you tend to forget about it, but certificates have start and end dates, so if they expire...you get it.
When the IEEE defined the PKI schema for Vehicle to Grid and Plug & Charge (they both use the same certificate hierarchy), they struggled with defining a top level certificate authority (CA) for the entire schema. Initially, a German charge point operating (CPO) company, Hubject was to assume this role, but competing CPOs, and players in other regions (Asia, North America, etc) were hesitant to accept this CA.
In the grand scheme of PKI stands the concept of a Top Level CA, and intermediary or so called subordinate CAs. The ultimate solution, easy for those responsible for maintaining things is a single trusted Top Level CA (aka the Top Level Root CA). Until mid-2024, no such Root CA had been agreed to for North America, though EU and perhaps other regions were using the original Hubject Root CA.
Several years ago, EA started offering ISO15118 P&C to a select number of automakers (Ford, VW Group, and a few others). As there was no agreement on an acceptable Root CA, Electrify America inserted itself as the root authority, much like your employer might do in a private PKI schema mentioned above. While this worked, it meant that the next network that wanted to adopt P&C would need to create their own private PKI, and automakers would need to say on top of them all.
Where Does it Stand Now?
In North America, the parties involve in the NEVI initiative of federally subsidized public chargers got together and came to an agreement on a Top Level Root CA. I don't know who this is, and it doesn't really matter for this discussion anyway. So, there is now a public framework to proceed to a universal system of ISO15118 P&C.
Currently, I am only aware of 3 networks embracing the Public version of the PKI schema, these are Tesla, Ionna, and Mercedes (partnering with Chargepoint). As mentioned above, EA also offers P&C, but using a Private Root CA schema, which is likely to convert to a Public Root CA at some point in the future.
Given recent political changes, NEVI is likely to wind down its role as a Government force to coordinate expansion of public charging. But the promise of a simpler method still exists, and I expect other networks will eventually get on board.
Does ISO15118-20 P&C Solve All of the Problems?
No, not really. Sorry!
While ISO15118 P&C solves the multiple account problems, not all networks participate (yet). Further, because the nature of having the Automakers coordinating the transactions, there is anonymity for the driver, which may sound great, but also has a drawback.
Some CPOs offer premium membership plans, pay a monthly fee and get discounted charging rates for the month. These include Electrify America (EA) Pass+, Tesla, and EVgo. To enjoy the benefits of these plans, the CPO needs to know it is you that is authorizing charging. So, the anonymity of P&C obscures this, they don't know it is you, they just know your automaker (Hyundai) is authorizing payment on behalf of someone. This also holds true for those who want to use ChargePoint credits at Ionna.
Can the premium plan problem be solved? Sure, but it probably isn't currently a priority. As mentioned before, VIN is passed to the EVSE during the handshake with the charger. But that isn't a secure transaction. Ultimately, it may take some additional coordination between OEMs and CPOs to come up with a method of premium discounted services within the P&C schema. If I were to guess, Ionna will lead the way on this. Why? Because of the relationship between the OEMs investing in Ionna, and the CPO itself. Tesla could also be an influencer in a solution to this problem.
Deep within the details of PKI is another piece of data that could be used to determine premium account status. Bear with me, this one is a bit in the weeds...
Each Leaf Certificate (the certificate Auto makers issue to your car) contains a unique serial number. This, along with the serial numbers of the issuing authorities (the Root and Subordinate CAs) are the basis for how certificates are validated. If your certificate serial number were somehow linked to your account with the network, it would be possible to extend discounted pricing...but that is probably way too complicated due to the transient nature of certificates (they expire, are revoked if you don't pay your bills, or are canceled if you sell the car). It would be overly complicated for CPOs to stay on top of it.
The more likely method might be a premium membership with your Automaker. This, coupled with some sort of revenue sharing with CPOs of the membership fee for the premium service might enable a discounted method. We don't need to dig into the how's for this, suffice it to say it is conceptually possible, but not currently a priority. That might be a future enhancement, and might even come in the form of an IEEE revision to the ISO15118 P&C specifications.
History
Ya, I know, this wasn't your favorite subject in school. But knowing a bit of history can help frame a subject, so here we go.
While we are still in the early days of EVs, we have already come a long way. We still have remnants of the original billing methods used for public charging, namely an app linked to your credit or debit card, and used only on public chargers operated by that particular company. While this is effective, it starts becoming complex when there are many networks, each with their own app, each requiring you to enter your credit or debit card info into the app, and maintain it every time you get a new card.
Further, each of these apps have maps to help you find their chargers, but not necessarily all chargers where you are headed. And once you do find a charger, each network tends to have slightly different processes you need to use to activate a charging session.
In short, the emerging problem is one of too many variables that make matters confusing to people who are already struggling to grasp the newness of the paradigm shift of driving EVs after a lifetime of driving ICE vehicles. So, how do we simplify things? That is where ISO15118 Plug & Charge (P&C) comes in.
In 2012, Tesla began installing their own network of chargers, using proprietary communication protocols, for exclusive use by those who purchased a Tesla. Tesla had the foresight to grasp a concept hidden deep in the draft CCS specifications, using a vehicle's unique identifier (VIN) passed during the handshake of a fast charging session to link the car to an account in their billing system. This idea was implemented in Tesla's early days, and was simply referred to as Plug & Charge because of the actions a driver went through to start charging, namely to plug in and charging would automatically start.
What Tesla "invented" was something a few other networks eventually implemented, and is generally referred to as AutoCharge. While it looks and feels like Plug & Charge in that the driver simply plugs in and magic happens, it still faces the challenges of maintaining accounts on each of the networks. Further, it lacked security, ie the VIN is sent over the connection between EV and EVSE in plain text. So, it was a partial solution, only addressing the activities at the "pump", but not solving the multiple account problem. For Tesla, this wasn't a problem, they had successfully convinced their customers that there was no need to go elsewhere for charging, just use the Tesla network, and you can go anywhere.
From the early days of CCS charging working groups, the IEEE sought to take on this problem in a more comprehensive way, one that would eliminate all the accounts, only requiring one account to charge everywhere. This work began in the early 2010's, and the specifications have been revised a few times, but the resulting ISO15118-20 Plug & Charge specification (adopted in 2018 I believe) is finally in an (almost) workable state.
What is the High Level Concept of Plug & Charge?
Conceptually, the idea is for drivers to be able to maintain a single account to pay for charging on every network. Simple concept, but a bit complex to do this in a secure manner. Here is a visual of the relationships between driver and networks:
Notice how the Automaker becomes a proxy for the driver in the P&C scheme. In business terminology, the Automaker becomes the party who is responsible for paying the network for charging fees, also commonly referred to as the "Billing Entity".
While only a few networks currently support ISO 15118 P&C, the goal is to eventually get all networks to get in on the solution. Throughout this article, I will focus on the end state, but know this may take several years to become reality.
How is this Accomplished Securely?
This gets a bit complicated, but hang in there, I will try to simplify it. In the computer world, e-commerce sites, banks, etc adopted the idea of using encrypted internet sessions for financial transaction. To accomplish this, they developed the use of certificates containing Public and Private Keys used in mathematical algorithms to generate dynamic encryption keys.
A Public Key Infrastructure (PKI) scheme was the mechanism that would enable unique encrypted keys, to be used in every secure session over public networks (the Internet). PKI methods are well understood by the professionals who maintain the system, but it is generally a pretty fuzzy concept for consumers. Suffice it to say, the methodology is as secure as anything humans have devised to date, I won't spend too much time digging into the details, but to those who are so inclined, there are many great resources available on the Internet that can help you learn more on the subject. For me, it took several years of using this technology to really gel in my mind, and I was responsible for an end to end infrastructure in a relatively small computer lab environment.
When the IEEE was searching for ways to securely manage a billing schema for P&C, they borrowed the concepts used in secure Internet solutions rather than create something on their own. This has a few benefits, not least of which is a full body of understanding and documentation to help Charge Point Operators (CPOs) and Automakers who would be setting up secure methods of handling billing on behalf of their customers.
PKI relies on a hierarchy of Certificate Authorities (CA), the entities that are widely trusted, and are responsible for issuing and maintaining certificates used in the PKI systems. In the computer world, there are many public and private trusted Authorities, and modern Operating Systems install and maintain the Public "Root" certificates in the computer's "Trust Store" on behalf of end users.
A variation of the public PKI is a Private PKI where a company (say your employer) issues certificates. This requires some additional work to insert the employers root certificate into the computer's trust store, and if used widely, becomes complicated to maintain. Most of the complication simply because once it is setup, you tend to forget about it, but certificates have start and end dates, so if they expire...you get it.
When the IEEE defined the PKI schema for Vehicle to Grid and Plug & Charge (they both use the same certificate hierarchy), they struggled with defining a top level certificate authority (CA) for the entire schema. Initially, a German charge point operating (CPO) company, Hubject was to assume this role, but competing CPOs, and players in other regions (Asia, North America, etc) were hesitant to accept this CA.
In the grand scheme of PKI stands the concept of a Top Level CA, and intermediary or so called subordinate CAs. The ultimate solution, easy for those responsible for maintaining things is a single trusted Top Level CA (aka the Top Level Root CA). Until mid-2024, no such Root CA had been agreed to for North America, though EU and perhaps other regions were using the original Hubject Root CA.
Several years ago, EA started offering ISO15118 P&C to a select number of automakers (Ford, VW Group, and a few others). As there was no agreement on an acceptable Root CA, Electrify America inserted itself as the root authority, much like your employer might do in a private PKI schema mentioned above. While this worked, it meant that the next network that wanted to adopt P&C would need to create their own private PKI, and automakers would need to say on top of them all.
Where Does it Stand Now?
In North America, the parties involve in the NEVI initiative of federally subsidized public chargers got together and came to an agreement on a Top Level Root CA. I don't know who this is, and it doesn't really matter for this discussion anyway. So, there is now a public framework to proceed to a universal system of ISO15118 P&C.
Currently, I am only aware of 3 networks embracing the Public version of the PKI schema, these are Tesla, Ionna, and Mercedes (partnering with Chargepoint). As mentioned above, EA also offers P&C, but using a Private Root CA schema, which is likely to convert to a Public Root CA at some point in the future.
Given recent political changes, NEVI is likely to wind down its role as a Government force to coordinate expansion of public charging. But the promise of a simpler method still exists, and I expect other networks will eventually get on board.
Does ISO15118-20 P&C Solve All of the Problems?
No, not really. Sorry!
While ISO15118 P&C solves the multiple account problems, not all networks participate (yet). Further, because the nature of having the Automakers coordinating the transactions, there is anonymity for the driver, which may sound great, but also has a drawback.
Some CPOs offer premium membership plans, pay a monthly fee and get discounted charging rates for the month. These include Electrify America (EA) Pass+, Tesla, and EVgo. To enjoy the benefits of these plans, the CPO needs to know it is you that is authorizing charging. So, the anonymity of P&C obscures this, they don't know it is you, they just know your automaker (Hyundai) is authorizing payment on behalf of someone. This also holds true for those who want to use ChargePoint credits at Ionna.
Can the premium plan problem be solved? Sure, but it probably isn't currently a priority. As mentioned before, VIN is passed to the EVSE during the handshake with the charger. But that isn't a secure transaction. Ultimately, it may take some additional coordination between OEMs and CPOs to come up with a method of premium discounted services within the P&C schema. If I were to guess, Ionna will lead the way on this. Why? Because of the relationship between the OEMs investing in Ionna, and the CPO itself. Tesla could also be an influencer in a solution to this problem.
Deep within the details of PKI is another piece of data that could be used to determine premium account status. Bear with me, this one is a bit in the weeds...
Each Leaf Certificate (the certificate Auto makers issue to your car) contains a unique serial number. This, along with the serial numbers of the issuing authorities (the Root and Subordinate CAs) are the basis for how certificates are validated. If your certificate serial number were somehow linked to your account with the network, it would be possible to extend discounted pricing...but that is probably way too complicated due to the transient nature of certificates (they expire, are revoked if you don't pay your bills, or are canceled if you sell the car). It would be overly complicated for CPOs to stay on top of it.
The more likely method might be a premium membership with your Automaker. This, coupled with some sort of revenue sharing with CPOs of the membership fee for the premium service might enable a discounted method. We don't need to dig into the how's for this, suffice it to say it is conceptually possible, but not currently a priority. That might be a future enhancement, and might even come in the form of an IEEE revision to the ISO15118 P&C specifications.
