Definition
Open Charge Point Protocol (OCPP) is an open, royalty-free application-layer communication protocol that defines how EV charging stations (EVSE) exchange data with a central Charging Station Management System (CSMS). It is maintained by the Open Charge Alliance (OCA) and is implemented globally by charging station manufacturers, network operators, and software providers. Any organization may freely implement and use OCPP without licensing fees.
On This Page
Origin & Purpose
OCPP was initiated in 2009 by ElaadNL, a Dutch nonprofit organization established by the Dutch Distribution System Operators (DSOs). ElaadNL was planning to deploy 10,000 public charging stations across the Netherlands and needed to procure hardware from multiple vendors. With no existing interoperability standard, proprietary protocols from each manufacturer would have created siloed networks incapable of communicating with a common backend.
ElaadNL developed the first version of OCPP and published it freely in 2010. The Open Charge Alliance (OCA) was formally established in 2013, bringing together ElaadNL, Greenlots (North America), ESB (Ireland), and others to govern OCPP as a global open standard.[2]
The core problem OCPP solves remains unchanged from 2009: vendor lock-in. Before OCPP, a charging station could only communicate with its manufacturer’s own backend software. OCPP breaks that dependency — any OCPP-certified charger can connect to any OCPP-compatible CSMS, regardless of vendor.
Key Fact : OCPP is an application-layer protocol only. It defines what messages are exchanged and when — not the physical connector, the payment terminal, or the vehicle-to-charger communication layer. Those are governed by separate standards (IEC 61851, EMV/ISO 14443, ISO 15118).
Technical Architecture
OCPP uses a client-server architecture. The charging station acts as the client, initiating a persistent WebSocket connection to the CSMS server. The CSMS listens for incoming connections and responds to messages.
Technology Stack
| Layer | Technology | Notes |
|---|---|---|
| Transport | WebSocket (RFC 6455) over TCP/IP | Persistent full-duplex connection; replaces SOAP/HTTP polling used in OCPP 1.2/1.5 |
| Data format | JSON (JavaScript Object Notation) | OCPP 1.6J and all 2.x versions use JSON exclusively. OCPP 1.6 also supported SOAP; 2.0.1 dropped SOAP entirely. |
| Encoding | UTF-8 | Required encoding for all OCPP JSON messages per specification |
| Security (OCPP 1.6J) | TLS optional (typically 1.2) | No mandatory TLS requirement; deployments vary widely in security posture |
| Security (OCPP 2.0.1+) | TLS 1.2 minimum (TLS 1.3 recommended) | Mandatory TLS, X.509 certificate authentication, signed firmware updates |
Message Types & Communication Flows
OCPP defines structured message types for every operational scenario. Messages are categorized by function and direction of initiation:
Naming Change: 1.6J vs 2.0.1
OCPP 2.0.1 introduced significant message renaming as part of its architectural overhaul. For example, StartTransaction / StopTransaction in 1.6J become TransactionEvent in 2.0.1. ChangeConfiguration / GetConfiguration become SetVariables / GetVariables. These are not incremental changes — the two versions are not backward compatible at the message level.
Version History
OCPP 1.0 | 2010
First public release by ElaadNL. Basic communication between charging stations and management systems using SOAP/XML. Established the foundational concept of open protocol interoperability. No longer supported by OCA.[1]
OCPP 1.2 | 2010
Published shortly after 1.0. SOAP/XML transport. Added basic RFID authorization and transaction handling. No longer actively maintained by OCA.[2]
OCPP 1.5 | 2013
Introduced broader basic communication functions. Still SOAP/XML. OCA does not certify against 1.5, though some older deployments remain. No longer actively maintained.[3]
OCPP 1.6 / 1.6J | October 2015
A landmark release that became the de facto global standard for EV charging network communication. Key advances:[1][3]
- Introduced JSON over WebSocket support (alongside legacy SOAP). “OCPP 1.6J” specifically refers to the JSON-only subset, which is by far the most common deployment variant.
- Added Smart Charging profiles — enabling central and local load balancing
- Local Authorization List management
- Reservation functionality
- TriggerMessage (on-demand status polling)
- Better diagnostics and charge point status reporting
Status in 2026: Still the dominant deployed version globally, running on the majority of OCPP-connected chargers worldwide. However, it does not support TLS mandates, ISO 15118, or native Plug & Charge — features increasingly required by regulations and operators.
OCPP 2.0 | April 2018
Major architectural overhaul — introduced the Device Model, enhanced security framework, and smart charging improvements. OCA determined that version 2.0 required further development; it was updated and replaced by 2.0.1. Operators are advised not to implement 2.0.[4]
OCPP 2.0.1 | April 2020
The stabilized successor to OCPP 2.0. A comprehensive overhaul — not an incremental upgrade. Not backward compatible with OCPP 1.6. Key capabilities:[4][5]
- Device Model: Three-tier component model (Charging Station → EVSE → Connector) with granular monitoring, inventory reporting, and error state visibility
- Mandatory TLS: TLS 1.2+ required; TLS 1.3 recommended. X.509 PKI certificate management framework
- ISO 15118 integration: Native support for Plug & Charge (ISO 15118-2) — no workaround DataTransfer required
- Enhanced Smart Charging: External and Local profiles in addition to Central; supports EV-communicated charging needs
- Signed OTA firmware updates: Cryptographic verification of firmware integrity
- Granular transaction data: Per-period (not just per-session) metering — essential for accurate billing and regulatory compliance
- V2G basic support: ISO 15118-2 V2G messaging relay; full V2G control added in 2.1
Regulatory status: Required by US NEVI program (23 CFR 680) and California CALeVIP program. Adopted as IEC international standard IEC 63584 on October 20, 2024.[5] Published as a European standard by CENELEC in 2025.
OCPP 2.1 | January 23, 2025
Released by OCA on January 23, 2025. Adopted as IEC standard IEC 63584-210:2025. Backward compatible with OCPP 2.0.1 — unlike the 1.6 → 2.0.1 migration, this is an evolutionary update.[6] New capabilities:
- ISO 15118-20 support: Enables full bidirectional power transfer (V2X) communication at the protocol level
- Bidirectional Charging functional block: Native V2G and V2X energy flow control — EVs can be commanded to export energy to the grid
- DER Control functional block: Treats high-capacity chargers as distributed energy resources; enables frequency response and reactive power control
- Battery swapping support: New message flows for two- and three-wheeler battery swap stations
- Local cost calculation: Charging station calculates session cost locally, reducing CSMS latency dependence
- New authorization options: Prepaid cards, ad-hoc credit/debit payment, secure dynamic QR codes
- Extended transaction options: Fixed-cost, fixed-energy, or fixed-time transactions; transaction resume after forced reboot
Version Feature Comparison
| Feature | 1.6J | 2.0.1 | 2.1 |
|---|---|---|---|
| Transport | WebSocket / JSON | WebSocket / JSON | WebSocket / JSON |
| SOAP support | ~ Optional | ✗ Dropped | ✗ Dropped |
| Remote transaction control | ✓ | ✓ | ✓ |
| Smart Charging profiles | ~ Central only (basic) | ✓ Central + Local + External | ✓ Enhanced + Dynamic mode |
| TLS encryption | ~ Optional (not mandated) | ✓ Mandatory (TLS 1.2+) | ✓ Mandatory (TLS 1.3 recommended) |
| X.509 certificate management | ✗ | ✓ Full PKI framework | ✓ |
| Device Model (3-tier) | ✗ | ✓ | ✓ |
| ISO 15118-2 / Plug & Charge | ✗ No native support | ✓ Native support | ✓ |
| ISO 15118-20 (V2G HLC) | ✗ | ✗ | ✓ Native support |
| Bidirectional / V2G control | ✗ | ~ Basic relay only | ✓ Full functional block |
| DER Control functional block | ✗ | ✗ | ✓ |
| Signed OTA firmware updates | ~ Vendor-defined | ✓ Standardized + cryptographic | ✓ |
| Per-period metering data | ✗ Per-session only | ✓ Per-period granularity | ✓ |
| Local cost calculation | ✗ | ✗ | ✓ |
| Battery swapping support | ✗ | ✗ | ✓ |
| Backward compatibility | — | ✗ Not compatible with 1.6 | ✓ Compatible with 2.0.1 |
| IEC standard status | No | IEC 63584:2024 | IEC 63584-210:2025 |
| US NEVI mandate | ✗ | ✓ Required (23 CFR 680) | Not yet mandated |
Security Model
Security capabilities differ significantly across OCPP versions. The evolution reflects the growing recognition that EV chargers are connected infrastructure exposed to both physical and cyber threats.
OCPP 1.6J — Network-Dependent Security
The OCPP 1.6 specification does not mandate TLS or any formal security framework. Encryption is optional and implementation-defined. In practice, many 1.6J deployments rely on VPN tunnels, network segmentation, or basic HTTP authentication. There is no standardized mechanism for certificate lifecycle management, secure firmware signature verification, or security event logging. This creates significant variation in the actual security posture of 1.6J-based networks.
OCPP 2.0.1 — Mandatory TLS & PKI Framework
Security is a foundational requirement in 2.0.1, not an optional add-on. The specification defines three security profiles, of which Profile 3 (TLS 1.2+, mutual certificate authentication) is the target for production deployments. Key mechanisms: mandatory TLS transport encryption; X.509 certificate-based device authentication; standardized certificate provisioning, renewal, and revocation flows; cryptographically signed firmware updates (preventing malicious OTA injection); and security event logging with CSMS notification.
OCPP 2.1 — Grid-Scale Security & DER Compliance
Inherits the full 2.0.1 security framework and extends it for grid services contexts. The DER Control functional block places high-capacity chargers in the same regulatory category as grid-scale assets, requiring compliance with applicable grid codes. ISO 15118-20 communication for V2G is secured end-to-end through the PKI infrastructure established in 2.0.1.
Known Risk
OCPP 1.6J chargers without network-layer security are exposed to man-in-the-middle attacks, unauthorized remote start/stop commands, and firmware injection. The OCPP 1.6 Security Whitepaper (published by OCA) provides guidance for hardening 1.6J deployments, but these are mitigations — not equivalents to the built-in 2.0.1 security model.
OCPP vs. OCPI: Two Complementary Protocols
OCPP and OCPI (Open Charge Point Interface) address different layers of the EV charging ecosystem. They are frequently confused because both are open protocols with similar names and both are governed by organizations in the OCA/EV standards community.
A complete, interoperable EV charging deployment requires both protocols: OCPP for charger-to-backend communication, and OCPI for backend-to-backend roaming. The NEVI program, for example, mandates OCPP 2.0.1 for charger communication and OCPI 2.2.1 for network interoperability.
Relationship to Other Standards
OCPP defines the application-layer communication between charger and backend. It operates within a broader ecosystem of standards that govern hardware, physical connector communication, and vehicle-to-charger interaction.
IEC International Standard Status
Major Milestone
OCPP 2.0.1 Edition 3 was approved as IEC International Standard IEC 63584 on October 20, 2024 — the first time an EV charging communication protocol achieved formal IEC recognition. OCPP 2.1 followed, accepted as IEC 63584-210:2025.
IEC adoption has immediate regulatory consequences. National standards bodies in EU member states can now adopt IEC 63584 as a national standard via CENELEC, which published it as a European standard in 2025. Government procurement programs in Europe and North America increasingly cite IEC 63584 compliance as a tender requirement for new charging infrastructure.
| Standard | IEC Designation | Approval Date | Regulatory Impact |
|---|---|---|---|
| OCPP 2.0.1 Ed. 3 | IEC 63584:2024 | October 20, 2024 | US NEVI mandate; EU CENELEC adoption (2025); referenced in procurement tenders globally |
| OCPP 2.1 Ed. 1 | IEC 63584-210:2025 | 2025 | Emerging standard; V2G and DER control regulatory compliance pathway |
OCA Certification Program
The Open Charge Alliance operates a formal conformance testing and certification program for OCPP implementations. Certification verifies interoperability between products from different vendors — a vendor claiming “OCPP compliance” without OCA certification has not undergone independent third-party validation.
What Gets Certified
| Product Type | Certification Scope | Testing Body |
|---|---|---|
| EVSE (Charging Station) | Message compliance, security profiles, smart charging profiles, device model | Independent accredited labs (e.g., DEKRA, DNV) |
| CSMS / CPMS (Backend) | Message handling, authorization flows, configuration management, security | Independent accredited labs |
OCPP 2.0.1 Certification Profiles
OCA’s certification program for OCPP 2.0.1 uses a profile-based structure. The OCA Test Tool (OCTT) includes over 400 test cases for validating 2.0.1 compliance.[7]
| Profile | Coverage |
|---|---|
| Core Profile | Basic operations: BootNotification, Heartbeat, Authorize, TransactionEvent, MeterValues, StatusNotification, Reset |
| Smart Charging Profile | Charging profiles, composite schedules, power limits, EV-communicated charging needs |
| Advanced Security Profile | TLS implementation, certificate management, signed firmware updates, security event logging |
| ISO 15118 Profile | Plug & Charge (ISO 15118-2) message handling and certificate provisioning relay |
| Device Management Profile | Device Model compliance, component monitoring, configuration management via SetVariables/GetVariables |
Certified products are listed in the OCA Certified Products directory, which is publicly searchable and used by procurement teams to verify vendor claims.
Joint was among the early Chinese EVSE manufacturers to obtain OCA OCPP 2.0.1 certification for its commercial product line. All current JointCharging EVSE products — including the EVM, EVH, and EVD series — support both OCPP 1.6J and 2.0.1 via OTA firmware. The JointCharging MPO platform (CSMS) is OCPP 2.0.1 compliant and supports the full interoperability stack required for NEVI-funded deployments (OCPP 2.0.1 + OCPI 2.2.1 + ISO 15118-2).
See Also
- EVSE (Electric Vehicle Supply Equipment)
- CPO (Charge Point Operator)
- North American Charging Standard (NACS)
- SAE J3400 (NACS)
- V2G (Vehicle-to-Grid)
Sources & References
- [1] Open Charge Alliance, “Discover Our History,” openchargealliance.org/about-us/discover-our-history/
- [2] AMPECO, “The OCPP Handbook (2026),” ampeco.com/guides/complete-ocpp-guide/
- [3] ChargePanel, “OCPP 1.6 vs 2.0.1 — Key Differences & Updates,” chargepanel.com
- [4] Open Charge Alliance, “OCPP 2.0.1,” openchargealliance.org/protocols/ocpp-protocols/ocpp-2-0-1/
- [5] Open Charge Alliance, “OCPP Achieves International Standard Status (IEC 63584),” October 2024, openchargealliance.org
- [6] Open Charge Alliance, “OCPP 2.1 Accepted by IEC as IEC 63584-210,” 2025, openchargealliance.org; Monta, “OCPP 2.1 released January 23, 2025,” monta.com
- [7] EInfochips, “OCPP 2.0.1 as the Future of EV Charging Protocols,” einfochips.com
