Cyber Regulation Insights

standards

The EN 40000 series explained

Discover Europe's groundbreaking EN 40000 cybersecurity standards designed to help manufacturers comply with the new Cyber Resilience Act requirements for digital products. Learn essential implementation strategies for vulnerability handling, threat modelling and security requirements that will impact importers, distributors and product developers across the EU market.

9 Mar 2026 15 minutes read

Read more →

legislation

EU funding for CRA compliance - apply now

The EU offers up to €30,000 funding through the SECURE project to help SMEs comply with the Cyber Resilience Act, covering security testing, consulting and process improvements. This Digital Europe Programme initiative specifically supports European manufacturers, particularly in mechanical and plant engineering sectors, who lack internal cybersecurity resources. Apply now to secure financial assistance for CRA implementation and strengthen your business's cyber resilience.

29 Jan 2026 4 minutes read

Read more →

legislation

Implementing regulation for the CRA clarifies product categories

The EU's new implementing regulation for the Cyber Resilience Act establishes technical descriptions for important and critical product categories based on core functionality rather than embedded components. A smartphone with password management features remains classified as a smartphone, not a password manager, under these new CRA guidelines. This clarification helps manufacturers understand how their products will be regulated under the cybersecurity framework.

29 Jan 2026 3 minutes read

Read more →

standards

EN 40000 series standards for the Cyber Resilience Act

Discover the EN 40000 series standards for the Cyber Resilience Act, including terminology, cyber resilience principles, and vulnerability handling requirements. Learn how these harmonised standards help manufacturers comply with EU cybersecurity regulations for digital products.

6 Jan 2026 8 minutes read

Read more →

legislation

Implementing the CRA with practical templates for manufacturers

Discover practical CRA templates designed specifically for manufacturers to implement the Cyber Resilience Act with structured processes and robust documentation. These ready-to-use templates help bridge the gap between existing product security measures and full CRA compliance requirements. Get the tools you need to document evidence and meet regulatory standards across your entire product lifecycle.

5 Jan 2026 5 minutes read

Read more →

standards

Cybersecurity standards from ISO 27001 to IEC 62443

Discover essential cybersecurity standards including ISO 27001 and IEC 62443 to protect your organisation from digital threats. Learn the differences between key security frameworks and find out which standards are most relevant for your business needs. This comprehensive guide helps you navigate the complex landscape of cybersecurity compliance requirements.

5 Jan 2026 7 minutes read

Read more →

standards

ISO 24882 cybersecurity for agricultural machinery and tractors

ISO 24882 sets cybersecurity requirements for agricultural machinery and tractors, bridging the gap between the Cyber Resilience Act and sector-specific standards. This standard translates horizontal cybersecurity requirements into practical guidelines for mobile work machines, linking to ISO/SAE 21434 and IEC 62443. Learn how this emerging standard enhances agricultural equipment security and compliance with the Machinery Regulation.

5 Jan 2026 7 minutes read

Read more →

industrial-security

CRA compliance for agricultural machinery

Discover how the CEMA guidance interprets the Cyber Resilience Act for agricultural machinery manufacturers, covering scope, supplier relationships, and compliance requirements. Learn about support periods and component integration rules as the CRA enters force from December 2027. Essential reading for agricultural equipment manufacturers preparing for EU cybersecurity regulations.

5 Jan 2026 11 minutes read

Read more →

standards

EN 50742 protection against machine tampering

Learn about EN 50742, the emerging standard designed to protect industrial machinery from tampering and cyberattacks under the new EU Machinery Regulation 2023/1230. Discover how this comprehensive framework safeguards safety-critical machine functions against both deliberate and unintentional corruption through physical, logical and indirect security measures. Essential reading for engineers and manufacturers seeking compliance with the latest machinery safety requirements.

3 Jan 2026 5 minutes read

Read more →

legislation

New EU machinery regulation and cybersecurity in mechanical engineering

The new EU machinery regulation makes cybersecurity a mandatory requirement for machines and systems. Learn about the specific security obligations for mechanical engineering manufacturers and practical steps to achieve compliance.

3 Jan 2026 8 minutes read

Read more →

legislation

UK PSTI explained requirements and conformity for IoT manufacturers

Discover the UK PSTI cybersecurity requirements for IoT manufacturers, including compliance obligations, product scope, and conformity assessment procedures. Learn how the Product Security and Telecommunications Infrastructure Act 2022 impacts connected consumer devices and what manufacturers must do to meet new security standards.

3 Jan 2026 5 minutes read

Read more →

standards

Cybersecurity in IoT all about ETSI EN 303 645

Discover ETSI EN 303 645, the essential cybersecurity standard for IoT device manufacturers covering requirements, testing, and certification. Learn how this comprehensive framework helps secure everything from smart home devices to connected vehicles against cyber threats. Essential reading for anyone involved in IoT device development and security compliance.

3 Jan 2026 6 minutes read

Read more →

compliance

Certification, approval and designation in product regulation

Discover the key differences between certification, approval, designation and accreditation in product regulation, including the vital role of TÜVs in quality assurance. Learn how independent certification bodies confirm compliance with standards while governmental approval processes ensure regulatory requirements are met.

3 Jan 2026 2 minutes read

Read more →

legislation

Implementing regulation on the CRA clarifies product categories

The new EU Implementing Regulation 2025/2392 provides crucial technical descriptions for classifying important and critical products under the Cyber Resilience Act. This regulation clarifies product categories based on core functionality and closes interpretative gaps for manufacturers. Understanding correct product classification is essential as it determines which conformity assessment procedures must be applied.

3 Jan 2026 3 minutes read

Read more →

legislation

Data Act for manufacturers quick implementation

The Data Act requires manufacturers to provide secure data access through standardised APIs by 12 September 2025, covering technical interfaces and legal compliance. This guide offers practical implementation solutions for IoT manufacturers and machine builders to meet regulatory requirements. Learn how to prepare your data systems and ensure seamless third-party access before the deadline.

3 Jan 2026 8 minutes read

Read more →

legislation

CRA amendment 2025 clarification of obligations and sanctions

The EU's July 2025 CRA amendment clarifies that manufacturers only need to provide security updates during the support period, not the entire product lifetime. Small and medium enterprises also receive exemptions from fines for certain missed compliance deadlines. This important correction significantly reduces cybersecurity obligations and potential penalties for businesses across Europe.

3 Jan 2026 3 minutes read

Read more →

standards

ISO 8102-20 cybersecurity for elevators and escalators

ISO 8102-20 establishes comprehensive cybersecurity requirements for elevator and escalator systems throughout their entire lifecycle, from development to decommissioning. Learn how this industry-specific standard protects vertical transportation equipment connected to external networks and cloud services.

3 Jan 2026 3 minutes read

Read more →

threat-intelligence

IEC 63074 unites cybersecurity and functional safety

IEC TS 63074 provides clear requirements for cybersecurity in safety-related control systems, transitioning from a technical report to a binding technical specification. This important standard unites cybersecurity and functional safety practices, offering concrete requirements and best practices for compliance and implementation. Discover all the key changes and implications for your safety-critical systems.

3 Jan 2026 5 minutes read

Read more →

legislation

The Cyber Resilience Act deadlines at a glance

The Cyber Resilience Act is now official, bringing new cybersecurity requirements for manufacturers, importers and distributors of digital products including IoT devices and software. This comprehensive guide outlines all essential CRA deadlines and compliance requirements affecting companies across the EU. Understand what the legislation means for your business and when key obligations take effect.

3 Jan 2026 2 minutes read

Read more →

standards

Cybersecurity maturity model certification - an overview

Discover the Cybersecurity Maturity Model Certification (CMMC) and its vital role in US federal procurement. Learn how CMMC connects to NIST SP 800-171 standards and the specific security requirements it places on Department of Defense suppliers. Essential guidance for organisations seeking compliance with federal cybersecurity regulations.

3 Jan 2026 4 minutes read

Read more →

legislation

IoT regulation in the United States

Discover comprehensive guidance on navigating cybersecurity regulation for IoT products in the United States, including federal laws, executive orders and agency standards. This complete overview helps manufacturers understand complex compliance requirements across multiple regulatory layers. Essential reading for IoT businesses operating in the American market.

3 Jan 2026 8 minutes read

Read more →

legislation

EU publishes answers to frequently asked questions on the CRA

The European Commission has released a comprehensive 66-page FAQ document addressing key questions about the Cyber Resilience Act, which entered into force on 10 December 2024. The guidance clarifies crucial aspects including product scope, manufacturer obligations, and implementation requirements for companies placing digital products on the EU market.

4 Dec 2025 4 minutes read

Read more →

legislation

Implementing regulation clarifies product categories under CRA

The new Implementing Regulation (EU) 2025/2392 clarifies how products are classified under the Cyber Resilience Act, using core functionality as the decisive criterion. This essential guidance helps manufacturers determine the correct conformity assessment procedures for their products. The regulation addresses critical interpretation gaps left by the original CRA legislation.

3 Dec 2025 3 minutes read

Read more →

standards

EN 40000 norm series for the Cyber Resilience Act

Discover how EN 40000 harmonised standards support compliance with the Cyber Resilience Act, including terminology guidelines and cyber resilience principles. Learn about the regulatory framework and transition period as CEN and CENELEC develop standards that provide manufacturers with presumption of conformity for cybersecurity requirements.

20 Oct 2025 4 minutes read

Read more →

standards

Horizontal CRA standards EN 40000-1-1 & EN 40000-1-2

Discover the new horizontal CRA standards EN 40000-1-1 and EN 40000-1-2 that establish the cross-product framework for risk management and cybersecurity activities. These CEN/CENELEC standards provide the essential baseline for all product categories under the Cyber Resilience Act. Learn how these horizontal standards complement existing vertical standards to create comprehensive cybersecurity requirements across different product types.

20 Oct 2025 3 minutes read

Read more →

standards

CRA standards ETSI publishes first drafts

ETSI has published the first draft standards for CRA compliance covering password managers, antivirus software, boot managers and network interfaces. These groundbreaking drafts establish concrete security requirements and testable measures for cybersecurity resilience across multiple technology sectors. Industry professionals can now access detailed technical specifications through ETSI's Open Consultation Platform to prepare for upcoming regulatory compliance.

20 Oct 2025 4 minutes read

Read more →

standards

Profile for industrial firewalls - IEC 62443-4-2 clarified

The TeleTrusT Industrial Firewall Profile clarifies abstract IEC 62443-4-2 requirements to enable consistent security assessments for industrial firewalls. This methodological template addresses divergent standard interpretations and serves as a proposal for the upcoming IEC 62443-5 series. Learn how this standardisation creates a uniform assessment basis for industrial cybersecurity.

20 Oct 2025 5 minutes read

Read more →

legislation

AI Act 2024 overview for mechanical engineers and product manufacturers

Discover how the EU AI Act 2024 affects mechanical engineers and product manufacturers with this comprehensive guide to the world's first AI regulation. Learn practical implementation steps and compliance requirements for your AI-powered products. Stay ahead of the regulatory changes and ensure your business meets the new European standards.

20 Oct 2025 10 minutes read

Read more →

legislation

Most important questions and answers about the Cyber Resilience Act

Learn everything you need to know about the Cyber Resilience Act (CRA), the new EU regulation setting cybersecurity standards for digital products. Discover what the CRA means for your business and how to prepare for compliance with clear, actionable answers.

20 Oct 2025 11 minutes read

Read more →

standards

EN 50742 protection against manipulation of machines

Discover EN 50742, the essential standard for protecting machines against tampering and cyberattacks under the EU Machinery Regulation 2023/1230. Learn how this developing standard ensures machines are designed to prevent both unintentional and deliberate interference with safety-critical functions. Essential reading for manufacturers and safety professionals implementing robust machine protection strategies.

20 Oct 2025 5 minutes read

Read more →

legislation

What manufacturers need to know about the Data Act

The EU Data Act introduces sweeping changes for manufacturers offering products or services in Europe, covering everything from IoT devices to industrial machines. Discover the essential requirements and practical steps to ensure your company complies with this broad regulation. Learn how the Data Act impacts your business operations and what you need to do to prepare effectively.

20 Oct 2025 4 minutes read

Read more →

standards

IEC 62443-4-1 explained secure product development in industry

Discover how IEC 62443-4-1 mandates secure product development in industrial environments through security by design principles, threat modelling, and comprehensive testing requirements. Learn about defence in depth strategies and how this critical cybersecurity standard integrates with other industry regulations. Essential guidance for implementing robust security throughout your entire development lifecycle.

20 Oct 2025 7 minutes read

Read more →

legislation

NIS-2 directive explained

The NIS-2 directive expands EU cybersecurity requirements across essential sectors including energy, transport, banking and healthcare with stricter reporting obligations and broader entity coverage. This comprehensive guide explains the directive's scope, concrete security requirements and relationship to the Cyber Resilience Act. Essential reading for businesses preparing for enhanced cybersecurity compliance under the updated EU framework.

20 Oct 2025 7 minutes read

Read more →

legislation

New EU machinery regulation on cybersecurity in machine engineering

The new EU machinery regulation makes cybersecurity mandatory for machine engineering, introducing concrete requirements to protect networked industrial equipment from cyberattacks. Discover the specific compliance requirements and practical implementation strategies to safeguard your machines from cyber threats whilst ensuring regulatory compliance. Learn how these new cybersecurity standards will impact machine safety and production continuity across European industry.

20 Oct 2025 9 minutes read

Read more →

standards

ISASecure certification for industrial cybersecurity

ISASecure certification provides industrial cybersecurity validation based on IEC 62443 standards, covering SDLA, CSA, ICSA, SSA and ACSSA certifications. Learn about the requirements and application areas for each ISASecure certification type to enhance your industrial control systems security. Discover how ISASecure helps companies demonstrate compliance with internationally recognised cybersecurity best practices.

20 Oct 2025 7 minutes read

Read more →

legislation

Cyber Resilience Act & open source requirements and obligations

The Cyber Resilience Act introduces specific requirements for open source software, with FOSS generally placed in the self-assessment category facing less stringent obligations than proprietary products. Learn how the CRA affects open source projects, including risk categorisation and compliance requirements for FOSS stewards. Understand your obligations under this new EU regulation governing cybersecurity standards for digital products.

20 Oct 2025 4 minutes read

Read more →

legislation

UK PSTI explained requirements and compliance for IoT manufacturers

New UK PSTI cybersecurity rules require IoT manufacturers to meet strict security requirements for connected consumer products. Discover the essential compliance obligations under the Product Security and Telecommunications Infrastructure Act 2022 and learn how to ensure your IoT devices meet the mandatory security standards for the UK market.

20 Oct 2025 4 minutes read

Read more →

industrial-security

UKCA replaces CE - what you need to know

Discover essential information about the UKCA marking system that replaces CE marking in Great Britain following Brexit, including scope, implementation details and current transition arrangements. Learn how these post-Brexit product marking requirements affect your business and what steps you need to take to ensure compliance with the new regulations.

20 Oct 2025 5 minutes read

Read more →

standards

ISO/IEC 15408 Common Criteria for IT security explained

Discover how ISO/IEC 15408 Common Criteria provides a comprehensive framework for evaluating IT security through structured assessment procedures and international certification processes. Learn about this essential cybersecurity standard's core concepts and its crucial role in the EU Cybersecurity Certification Scheme for harmonising security across Europe.

20 Oct 2025 15 minutes read

Read more →

standards

Managing vulnerabilities effectively ISO/IEC 29147 and 30111 explained

Learn how ISO/IEC 29147 and ISO/IEC 30111 standards provide comprehensive guidance for effective vulnerability disclosure and handling processes. These international cybersecurity standards help vendors implement best practices to strengthen product security and manage vulnerabilities systematically. Discover practical approaches to enhance your organisation's vulnerability management framework with proven ISO guidelines.

20 Oct 2025 11 minutes read

Read more →

compliance

Mastering cybersecurity regulation, certifications and standards

Learn how to navigate complex cybersecurity regulations including the Cyber Resilience Act and Radio Equipment Directive whilst achieving essential certifications like IEC 62443. Discover expert strategies to streamline compliance, pass audits successfully, and future-proof your product development processes. Get practical guidance on building a clear roadmap for cybersecurity standards that protects your business and meets regulatory requirements.

20 Oct 2025 2 minutes read

Read more →

compliance

EU Cybersecurity Act certification for secure products

The EU Cybersecurity Act strengthens ENISA's mandate whilst establishing comprehensive certification schemes to ensure products meet robust security standards across Europe. Learn how this European framework enhances cybersecurity through standardised certification processes and expanded agency responsibilities. Discover the key requirements and benefits for businesses operating within the EU's digital security landscape.

20 Oct 2025 5 minutes read

Read more →

legislation

Notified bodies as guarantors of product safety

Discover how notified bodies serve as essential guarantors of product safety within the EU framework, ensuring technical competence through accreditation processes. Learn about the vital role these institutions play in conformity assessment, from laboratories to certification bodies, in maintaining reliable product standards. Explore how accreditation and NANDO systems work together to facilitate the free movement of goods across European markets.

20 Oct 2025 3 minutes read

Read more →

compliance

Accreditation as a foundation for quality and trust

Discover how accreditation bodies like Germany's DAkkS establish quality infrastructure and ensure competence of assessment organisations under EU standards. Learn the fundamental role of accreditation in building trust and maintaining integrity across conformity assessment processes.

20 Oct 2025 7 minutes read

Read more →

standards

IoT cybersecurity everything about ETSI EN 303 645

Discover everything about ETSI EN 303 645, the essential cybersecurity standard for IoT device manufacturers covering security requirements, testing procedures and certification processes. Learn how this comprehensive standard helps protect smart home products, connected vehicles and other IoT devices from cyber threats and vulnerabilities.

20 Oct 2025 5 minutes read

Read more →

compliance

IEC 62443 certification as a competitive advantage in industry

IEC 62443 certification provides companies with a powerful marketing advantage and competitive edge in industrial automation markets. Discover the comprehensive benefits, certification processes, costs and requirements for this internationally recognised cybersecurity standard. Learn how obtaining IEC 62443 certification can differentiate your business from competitors and enhance credibility with clients across various industries.

20 Oct 2025 20 minutes read

Read more →

compliance

Certification, approval and designation all about product regulation

Learn the key differences between certification, approval, designation and accreditation in product regulation. Discover how these quality assurance processes work and understand the important role of TÜV in ensuring compliance with standards and regulations.

20 Oct 2025 2 minutes read

Read more →

compliance

EU product safety CE marking and NLF explained

Learn everything about CE marking and the New Legislative Framework for EU product safety compliance. This comprehensive guide explains the essential requirements for manufacturers and distributors placing products on the European market. Discover how the NLF strengthens market surveillance, improves conformity assessment, and clarifies CE marking obligations.

20 Oct 2025 7 minutes read

Read more →

industrial-security

Cyber regulation experts for product safety & OT security

Navigate cyber security regulations with confidence through our expert guidance on the Cyber Resilience Act, IEC 62443 standards and OT security certifications. We combine technical expertise with regulatory knowledge to help your company implement practical security solutions efficiently. Get professional support for product safety compliance and cybersecurity requirements today.

20 Oct 2025 1 minutes read

Read more →

standards

Cybersecurity for radio equipment - everything about the new EN 18031

Discover comprehensive guidance on EN 18031, the groundbreaking EU cybersecurity standard for radio equipment under the Radio Equipment Directive. Learn about essential requirements, testing procedures, and compliance obligations for manufacturers in the evolving regulatory landscape. Stay ahead with expert insights on implementing robust cybersecurity measures for radio devices across European markets.

20 Oct 2025 11 minutes read

Read more →

standards

Cybersecurity norms from ISO 27001 to IEC 62443

Discover essential cybersecurity standards including ISO 27001, IEC 62443, and EN 18031 to determine which norms are most relevant for your company's security framework. Learn how these internationally recognised standards enhance quality, safety and efficiency whilst providing reliable governance structures. Expert guidance on navigating cybersecurity compliance requirements for businesses across all industries.

20 Oct 2025 7 minutes read

Read more →

legislation

Radio equipment directive (RED) requirements for radio equipment

The Radio Equipment Directive (RED) governs safety standards for radio equipment including mobile phones, Wi-Fi routers and radio remote controls across the EU. Discover essential requirements for scope, conformity assessment and harmonised standards EN 18031 to ensure compliance for your radio communication devices.

20 Oct 2025 4 minutes read

Read more →

standards

IEC 62443 explained - standards for secure control systems

IEC 62443 provides comprehensive cybersecurity standards for industrial automation and control systems, covering policies, system security, and component protection. Learn about the six-category structure including general requirements, procedures, and evaluation methods for securing critical infrastructure. Discover how these internationally recognised standards help protect industrial networks from cyber threats.

20 Oct 2025 16 minutes read

Read more →

legislation

Cybersecurity regulation what companies need to know

Discover essential cybersecurity regulations like NIS2, CRA, RED and CSA that impact your business operations and compliance requirements. Learn how EU law-making processes affect your company and get practical guidance on implementing these critical security frameworks. Stay ahead of regulatory changes and protect your organisation with expert insights on navigating complex cybersecurity legislation.

20 Oct 2025 7 minutes read

Read more →

legislation

Cyber Resilience Act EU regulation for secure products

The EU Cyber Resilience Act introduces mandatory security requirements for digital products entering European markets, covering software-enabled devices with network connectivity. Discover how this groundbreaking regulation affects manufacturers through compliance obligations, CE marking requirements and product scope definitions. Learn essential CRA implementation strategies to ensure your connected products meet new EU cybersecurity standards.

20 Oct 2025 23 minutes read

Read more →

legislation

Cyber Resilience Act EU regulation for secure products

The Cyber Resilience Act (CRA) introduces comprehensive EU-wide security regulations for products with digital elements, covering manufacturer obligations and CE marking requirements. This new legislation applies to networked products and devices placed on the EU market, excluding those already regulated by sector-specific laws. Discover how the CRA will impact your business and ensure compliance with these essential cybersecurity standards.

20 Oct 2025 5 minutes read

Read more →

standards

EN 18031 & RED DA - reporting violations of radio equipment

Learn about reporting non-compliant radio equipment under the RED DA and EN 18031 standards, including BNetzA responsibilities and required documentation. Discover the essential procedural steps for market surveillance compliance and how to properly document violations of radio equipment regulations. This comprehensive guide covers Federal Network Agency requirements and EU directive implementation for businesses and regulatory professionals.

20 Oct 2025 3 minutes read

Read more →

standards

NIST SP 800-63 ends password rotation and mandatory special characters

The new NIST Digital Identity Guidelines revolutionise password security by ending mandatory rotations and complex character requirements in favour of length over complexity. Learn what changes for organisations and why IT administrators must abandon traditional 60-90 day password refresh cycles. Discover how these updated standards reshape cybersecurity best practices for modern digital identity management.

20 Oct 2025 3 minutes read

Read more →

legislation

Rapid implementation of the Data Act for manufacturers

Discover how IoT manufacturers and machine builders can rapidly implement the Data Act requirements through practical data analysis and API solutions to meet the 12 September 2025 compliance deadline. Learn about technical obligations for secure data interfaces and standardised access for users and authorised third parties. Essential guidance for manufacturers navigating new data sharing regulations.

20 Oct 2025 8 minutes read

Read more →

legislation

CRA amendment 2025 clarification on obligations and sanctions

The EU's 2025 CRA amendment clarifies that cybersecurity obligations for products only apply during the official support period, not the entire product lifetime. Micro and small enterprises receive important exemptions from fines for certain compliance deadlines under the revised Cyber Resilience Act.

20 Oct 2025 3 minutes read

Read more →

legislation

Penetration tests for mechanical engineering

Discover how penetration testing protects industrial systems from increasing cyberattacks through targeted security assessments for mechanical engineers. Learn essential methods, CRA compliance requirements, and IEC 62443 best practices to identify vulnerabilities before attackers exploit them. Essential guidance for machine builders implementing robust cybersecurity measures.

20 Oct 2025 9 minutes read

Read more →

legislation

Implementing CRA and the machinery regulation correctly in mechanical engineering

Learn how to implement the new Cyber Resilience Act and machinery regulation requirements for machine manufacturers in mechanical engineering. This guide provides a structured approach to meeting EU cybersecurity standards for products with digital elements throughout their lifecycle. Ensure compliance with essential CRA requirements for hardware and software on the EU market.

20 Oct 2025 5 minutes read

Read more →

standards

ISO 8102-20 cybersecurity for lifts and escalators

ISO 8102-20 sets cybersecurity requirements for elevator and escalator systems across their entire lifecycle from development to decommissioning. This comprehensive guide covers security standards for lift equipment that connects to external networks and building systems. Essential reading for elevator manufacturers, installers, and building operators seeking compliance with industry cybersecurity best practices.

20 Oct 2025 2 minutes read

Read more →

compliance

Advanced cryptography - opportunities and challenges

Advanced cryptography transforms data security in manufacturing through innovative techniques like homomorphic encryption and multiparty computation that enable processing encrypted data whilst maintaining privacy. Discover how these cutting-edge methods offer new opportunities for secure collaboration and data protection in industrial environments. Learn about the challenges and potential applications of advanced cryptographic solutions for modern manufacturing operations.

20 Oct 2025 3 minutes read

Read more →

threat-intelligence

IEC 63074 cybersecurity and functional safety combined

IEC TS 63074 establishes mandatory cybersecurity requirements for safety-related control systems, marking a significant shift from general guidance to concrete compliance standards. This technical specification bridges the gap between cybersecurity and functional safety, providing essential requirements for protecting critical industrial systems. Discover the key changes and implementation requirements that industry professionals need to understand for effective compliance.

20 Oct 2025 4 minutes read

Read more →

standards

ISO/IEC 42001 a management system for artificial intelligence

ISO/IEC 42001 is the first international standard for managing AI systems safely and effectively. Discover how it helps organisations meet regulatory requirements, manage risks and gain competitive advantages through structured AI governance.

20 Oct 2025 4 minutes read

Read more →

threat-intelligence

EMB3D 2.0 - updated threat model for embedded devices

The updated MITRE EMB3D 2.0 threat model helps manufacturers and operators systematically address embedded device security by linking device properties to threat scenarios. This comprehensive framework provides targeted countermeasures and design recommendations for each identified security risk. Learn how EMB3D 2.0 strengthens embedded system security through systematic threat analysis and proven defence strategies.

20 Oct 2025 2 minutes read

Read more →

standards

EN 18031 harmonized with restrictions

The EU has harmonized EN 18031 for the Radio Equipment Directive with significant restrictions on presumption of conformity. Manufacturers must involve notified bodies when devices allow operation without passwords under clauses 6.2.5.1 and 6.2.5.2. Understanding these new compliance requirements is crucial for radio equipment manufacturers navigating the updated standards.

20 Oct 2025 2 minutes read

Read more →

legislation

The Cyber Resilience Act key deadlines at a glance

The Cyber Resilience Act brings new requirements for manufacturers, importers and distributors of digital products including IoT devices and software. This guide outlines the essential deadlines and compliance requirements companies must meet under the CRA legislation. Stay informed about key dates and action areas to ensure your business meets these important cybersecurity standards.

20 Oct 2025 2 minutes read

Read more →

standards

ISO/IEC 24772-1 - how to avoid common programming errors

Learn how the new ISO/IEC 24772-1 international standard helps developers identify and prevent common programming vulnerabilities through practical mitigation measures. This comprehensive guide explains why the transition from Technical Report to full standard matters for secure software development in safety-critical industries.

20 Oct 2025 3 minutes read

Read more →

standards

Cybersecurity maturity model certification overview

Discover the Cybersecurity Maturity Model Certification (CMMC) requirements for US defence suppliers and its crucial connection to NIST SP 800-171 standards. Learn how CMMC impacts federal procurement through the Defense Federal Acquisition Regulation Supplement and what compliance measures your organisation needs to implement.

20 Oct 2025 4 minutes read

Read more →

legislation

Australia's cyber security bill 2024

Australia's Cyber Security Bill 2024 introduces mandatory security standards for smart devices and strengthens digital protection through comprehensive reforms. This overview explores the key provisions and objectives designed to make Australia a global cyber security leader by 2030. Learn how these changes will impact businesses and consumers across the digital landscape.

20 Oct 2025 4 minutes read

Read more →

legislation

Cyber Resilience Act all about the new regulation

The EU Cyber Resilience Act introduces new cybersecurity requirements for hardware and software products across design, development, manufacturing and marketing. This comprehensive regulation aims to enhance digital security, close regulatory gaps and create a more coherent legal framework for businesses. Discover what the CRA means for your organisation and how to ensure compliance with these essential cybersecurity standards.

20 Oct 2025 2 minutes read

Read more →

standards

IEC 62443 security level explained - guide to implementation

Learn about IEC 62443 security levels from SL 0 to SL 4 and discover how these defined tiers protect industrial systems and components against cybersecurity threats. This comprehensive guide covers fundamentals and practical implementation strategies for manufacturers seeking to enhance their operational technology security.

20 Oct 2025 7 minutes read

Read more →

standards

ISO/IEC 27001 vs IEC 62443 - standards for manufacturers

Discover how ISO/IEC 27001 and IEC 62443 standards help manufacturers create secure products whilst protecting their development environments from cyber threats. Learn the key differences between these essential information security frameworks and understand which standard best suits your manufacturing organisation's specific requirements.

20 Oct 2025 4 minutes read

Read more →

legislation

IoT regulation in the US

Discover comprehensive cybersecurity compliance requirements for IoT manufacturers navigating the complex multilayered regulatory landscape in the United States. This complete guide covers federal laws, executive orders, and NIST standards essential for IoT product compliance.

20 Oct 2025 8 minutes read

Read more →

legislation

Maritime cybersecurity IACS UR E26 & E27 explained

Discover the essential maritime cybersecurity standards IACS UR E26 and E27 that govern shipping security requirements across international and EU waters. Learn how these critical regulations integrate with European legal frameworks to protect vessels from cyber threats. Essential reading for maritime professionals navigating modern cybersecurity compliance in the shipping industry.

20 Oct 2025 7 minutes read

Read more →

legislation

Secure software lifecycle according to BSI - everything about TR-03185

Discover everything about BSI TR-03185, the comprehensive technical guideline that establishes secure software lifecycle requirements in line with the EU Cyber Resilience Act. Learn how this framework helps manufacturers implement robust security standards throughout software development and maintenance phases. Essential reading for understanding cybersecurity compliance obligations and improving software security across entire product lifecycles.

20 Oct 2025 3 minutes read

Read more →

legislation

Implementing the Cyber Resilience Act with IEC 62443 and ETSI EN 303 645

Learn how to achieve compliance with the Cyber Resilience Act by implementing IEC 62443 for process requirements and ETSI EN 303 645 for technical specifications. This comprehensive guide explains how these established standards work together to meet CRA obligations for cybersecurity in digital products. Discover the essential framework for manufacturers seeking robust cyber resilience implementation.

20 Oct 2025 7 minutes read

Read more →

standards

IEC 62443-4-1 templates for secure product development

Discover comprehensive IEC 62443-4-1 template packages for secure product development, including detailed market analysis and pricing from leading providers like Exida. Our guide helps manufacturers choose the right templates for efficient compliance implementation, covering everything from configuration management plans to threat models and secure development processes.

20 Oct 2025 7 minutes read

Read more →

standards

From sensors to gateways IoT security with SESIP

The Security Evaluation Standard for IoT Platforms (SESIP) offers a flexible, scalable framework for assessing IoT device security, from simple sensors to complex gateways. Developed by GlobalPlatform, it provides structured evaluation levels that help manufacturers demonstrate security properties and build trust across the IoT supply chain. This article explores SESIP's scope, requirements and practical use cases for improving IoT security.

20 Oct 2025 5 minutes read

Read more →

legislation

Vulnerability management becomes mandatory in the USA

A new US bill would make vulnerability management mandatory for federal contractors, requiring them to implement NIST-aligned vulnerability disclosure policies. This Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024 could significantly impact procurement rules and cybersecurity standards across government suppliers.

20 Oct 2025 3 minutes read

Read more →

legislation

Mastering vulnerabilities with the FIRST PSIRT services framework

Learn how to implement the FIRST PSIRT services framework to build a robust security incident response system for your organisation. Discover best practices from the Forum of Incident Response and Security Teams for handling vulnerabilities and strengthening cybersecurity capabilities. Master the essential framework trusted by global Computer Security Incident Response Teams since 1990.

20 Oct 2025 7 minutes read

Read more →

standards

IEC 62443-2-1 edition 2 - milestone for OT security

The new IEC 62443-2-1 edition 2 addresses current operational technology security challenges with significant updates to the decade-old standard. Discover the key changes brought by this industrial cybersecurity milestone and understand how it impacts your company's OT security strategy. Learn why this comprehensive revision was essential for modern industrial systems facing evolving threats and increased interconnectivity.

20 Oct 2025 3 minutes read

Read more →

legislation

NIS-2 directive and cybersecurity in mechanical engineering

The NIS-2 directive introduces new cybersecurity requirements for mechanical engineering companies as Industry 4.0 and IoT technologies increase connectivity risks in production environments. This guide explores how machine builders can implement effective cybersecurity strategies to comply with NIS-2 regulations while protecting their cyber-physical systems. Discover the key challenges, requirements, and practical implementation approaches needed to safeguard modern manufacturing operations.

20 Oct 2025 8 minutes read

Read more →

legislation

NIS 2, CRA and CSA EU cybersecurity explained

Discover how the EU's key cybersecurity legislation NIS 2, Cyber Resilience Act and Cybersecurity Act work together to protect critical infrastructure and digital services. Learn about the scope, objectives and connections between these essential cyber regulations affecting energy, transport, banking and healthcare sectors. Essential reading for businesses navigating EU cybersecurity compliance requirements.

20 Oct 2025 4 minutes read

Read more →

legislation

Meeting PSTI requirements through ETSI & ISO

Learn how ETSI EN 303 645 and ISO/IEC 29147 standards can help you achieve PSTI compliance for connected products. Discover practical guidance for meeting cybersecurity requirements including secure passwords, vulnerability reporting processes, and security update transparency. Essential reading for manufacturers navigating the Product Security and Telecommunications Infrastructure Act regulations.

20 Oct 2025 3 minutes read

Read more →

legislation

NIS 2 directive in Europe implementation by country

Explore the current implementation status of the NIS 2 directive across EU member states with detailed country-by-country analysis and progress updates. Get comprehensive insights into national transposition timelines, regulatory changes, and compliance requirements for essential and important entities. Stay informed about Europe's evolving cybersecurity landscape and how the directive affects businesses in your region.

20 Oct 2025 6 minutes read

Read more →

standards

IEC 62443 training comparison

Compare IEC 62443 training programmes to find the right cybersecurity course for your industrial needs. Discover providers, certifications, and course content from fundamentals to expert level. Make an informed choice for OT security training that protects your critical infrastructure.

20 Oct 2025 10 minutes read

Read more →

standards

VDMA publishes OT risk cookbook

The VDMA working group Industrial Security has released a free OT risk cookbook providing practical guidance for securing operational technology systems and improving cybersecurity awareness. This comprehensive guide outlines key differences between IT and OT environments whilst offering adaptable recommendations for companies looking to strengthen their OT security posture.

20 Oct 2025 1 minutes read

Read more →

compliance

ENISA publishes eUICC specification and requests feedback

ENISA has released certification specifications for eUICC embedded SIM technology and opened a public consultation for stakeholder feedback. The specifications aim to build trust in this digital subscription management technology which allows mobile users to switch carriers without physical SIM cards. This development represents a significant step forward in standardising security for embedded SIM technology across mobile devices.

20 Oct 2025 1 minutes read

Read more →

threat-intelligence

MITRE ACID detects threats in OT

MITRE ACID is an open-source threat detection tool designed for operational technology environments, supporting S7, EtherNet/IP and BACnet protocols. Built on the ATT&CK framework for industrial control systems, it provides security professionals with standardised indicators to identify and communicate OT threats effectively.

20 Oct 2025 2 minutes read

Read more →

legislation

New draft for NIS2UmsuCG published

Germany's Federal Ministry has released a new draft of the NIS2UmsuCG legislation to implement the EU NIS-2 Directive and strengthen national cybersecurity measures. The updated version dated 24 June 2024 introduces key changes for organisations across critical sectors. Download the latest draft and discover how these new cybersecurity requirements may impact your business operations.

20 Oct 2025 1 minutes read

Read more →

standards

ISASecure ACSSA new certification for OT security

Explore ISASecure ACSSA, the new certification programme establishing a globally recognised standard for assessing operational technology security based on IEC 62443. This unified assessment framework serves operators, consultants, and certification bodies seeking comprehensive OT environment security evaluation. Learn how ACSSA aims to become the primary reference point for industrial cybersecurity assessment.

20 Oct 2025 3 minutes read

Read more →

threat-intelligence

MITRE EMB3D threat modeling for embedded devices

Discover the MITRE EMB3D framework, a specialised threat modeling system designed specifically for embedded devices that builds upon the established ATT&CK methodology. Learn how this new knowledge base addresses unique vulnerabilities in embedded systems and enhances security assessments for IoT and connected devices. Essential reading for cybersecurity professionals working with embedded technologies.

20 Oct 2025 2 minutes read

Read more →

legislation

Secure by design pledge - cyber regulation

Over 60 companies have committed to CISA's voluntary Secure by Design pledge, promising improvements in software security across seven key areas including multi-factor authentication and vulnerability reduction. This initiative offers an alternative approach to the EU's binding Cyber Resilience Act, highlighting different regulatory strategies for enhancing cybersecurity standards.

20 Oct 2025 2 minutes read

Read more →

industrial-security

VDMA publishes materials on supply chain security

The VDMA has released new guides for supply chain security to standardise cybersecurity requirements across industry sectors. These materials address the challenge of lengthy, unstandardised security questionnaires that cost businesses time and money. Learn how these uniform standards can make supply chains more efficient and secure for operators, machine builders and component manufacturers.

20 Oct 2025 2 minutes read

Read more →

industrial-security

OT security in focus - BSI updates ICS security compendium

The BSI has released an updated ICS security compendium providing comprehensive guidance on operational technology security for factory, process and building automation systems. This essential resource offers both foundational knowledge and practical approaches to securing industrial control systems for newcomers and experienced OT professionals alike. Learn about the latest security processes and best practices for protecting critical industrial infrastructure.

20 Oct 2025 1 minutes read

Read more →

standards

Buying standards online the best sources for ISO, IEC & etc.

Discover where to buy ISO, IEC and EN standards most cheaply with our comprehensive price comparison guide covering suppliers across Europe. We compare official sources including ISO and IEC online shops alongside national organisations to help you find the best deals. Save money on essential standards with expert recommendations for the most cost-effective purchasing options.

20 Oct 2025 2 minutes read

Read more →

standards

CRA mapping for various security standards

ENISA's new CRA mapping document provides crucial alignments between the Cyber Resilience Act and existing industry security standards. This essential resource helps manufacturers and security experts understand how to implement CRA requirements through compliance with established standards and norms.

20 Oct 2025 1 minutes read

Read more →

standards

New specification for IoT device security from the CSA

The Connectivity Standards Alliance has released a new IoT Device Security Specification that unifies global security standards for connected devices. This comprehensive framework combines requirements from international standards like ETSI EN 303 645 and NIST IR 8425 to create an overarching approach to IoT security certification. Discover how this specification could transform the industry by establishing consistent security requirements across different regions and markets.

20 Oct 2025 5 minutes read

Read more →

legislation

EU cybersecurity CRA and RED compared for manufacturers

Compare EU cybersecurity regulations CRA and RED to understand their different focuses and overlapping requirements. Learn how manufacturers should navigate both regulations covering digital products and internet-connected devices. Essential guidance for compliance with European cybersecurity standards.

20 Oct 2025 2 minutes read

Read more →

standards

Overview of the NIST SSDF

Discover NIST's Secure Software Development Framework (SSDF) from Special Publication 800-218 and learn how to strengthen your development processes whilst reducing security vulnerabilities. This comprehensive guide explains the structured approach to improving software security throughout the entire development lifecycle. Perfect for organisations seeking to meet industry standards and enhance their cybersecurity posture.

20 Oct 2025 4 minutes read

Read more →

standards

IEC 62443 cybersecurity for all industries

IEC 62443 provides essential cybersecurity standards for industrial systems across all sectors, becoming increasingly vital with new Cyber Resilience Act regulations. This comprehensive guide explores how companies can implement these standards effectively, comparing cybersecurity approaches to functional safety practices. Learn why robust cybersecurity foundations are crucial for modern industrial operations and regulatory compliance.

20 Oct 2025 3 minutes read

Read more →

legislation

EU Parliament adopts Cyber Resilience Act

The European Parliament has adopted the Cyber Resilience Act with a large majority, introducing stronger security measures for all digital products across the EU. This landmark legislation will protect everything from network devices to industrial machines, marking a significant step towards improved cybersecurity resilience. Learn about the implications of this important new law for digital security standards throughout Europe.

20 Oct 2025 1 minutes read

Read more →

legislation

EU strengthens cybersecurity - what the Cyber Resilience Act means

The EU's new Cyber Resilience Act will strengthen digital security by requiring compliance for CE marking of digital products. This regulation closes critical security gaps and applies directly across all member states without needing national implementation. Discover what these mandatory cybersecurity requirements mean for your business and how to prepare for compliance.

20 Oct 2025 3 minutes read

Read more →

legislation

ENISA report on the cybersecurity assessments market - Cyber Regulation

ENISA's latest report examines the cybersecurity assessments market for ICT products and cloud services between 2018 and 2022, revealing significant growth in assessment schemes and accredited testing laboratories. The comprehensive analysis highlights emerging market trends and external factors including the impact of COVID-19 on cybersecurity evaluation practices.

20 Oct 2025 2 minutes read

Read more →