- ARC EV Processors are fully programmable and configurable IP cores that are optimized for embedded vision applications
- BLE 5.0, BT Dual Mode, WiFi, ZigBee, NFC, GSM, LTE, RISC CPU for IoT applications
- Bluetooth LE v5.3 / IEEE 15.4 RF IP in TSMC 40nm & SMIC 55nm (Silicon proven IP)
- Bluetooth LE v5.3 / Zigbee 3 RF/PHY for Global Foundry 55nm (Silicon proven IP)
- Bluetooth low energy v5.3 Baseband Controller, Protocol Software Stack and Profiles IP
- Bluetooth low energy v5.3 Software based Linklayer IP
- More Products...
|
IP-SOC DAYS 2025 IP-SOC DAYS 2024 IP-SOC DAYS 2023 IP-SOC DAYS 2022 IP-SOC DAYS 2021 IP-SOC 2024 IP-SOC 2023 IP-SOC 2022 IP-SOC 2021
|
|||||||
|
|
||||||
Ensuring IoT Designs Comply With the Cyber Resilience Act—and Are Seen to Do So
- Award-winning, Nordic-powered outdoor asset tracker supports sustainable logistics
- Embedded World, Nuremberg: Nordic Semiconductor's Strategy for Secure and Efficient IoT Connectivity
- Qualcomm to Bolster AI and IoT Capabilities with Edge Impulse Acquisition
- Nordic Semiconductor partners with Skylo for IoT expansion
- STMicroelectronics Announces Two New Generations of Microcontrollers (MCUs) for IoT Devices
- Perforce Partners with Siemens for Software-Defined, AI-Powered, Silicon-Enabled Design (May. 16, 2025)
- Semidynamics: From RISC-V with AI to AI with RISC-V (May. 16, 2025)
- TSMC Board of Directors Meeting Resolutions (May. 16, 2025)
- Arm Evolves Compute Platform Naming for the AI Era (May. 16, 2025)
- Secafy Licenses Menta's eFPGA IP to Power Chiplet-Based Secure Semiconductor Designs (May. 15, 2025)
- See Latest News>>
Adapting to new cybersecurity regulations can be challenging for embedded developers. Here, we discuss these challenges and introduce some tools for meeting them.
allaboutcircuits.com, May. 01, 2025 –
Internet of Things (IoT) devices and ecosystems are increasingly attracting state, national, and supranational regulation that encourages developers to ensure their cybersecurity. The challenge for IoT developers is threefold:
- Discovering all the regulations that apply to their IoT devices and ecosystems.
- Interpreting the regulatory requirements and implementing sound responses.
- Being recognized as having done so by regulators and the market.
In this article, we’ll explore these challenges in the context of the European Union’s Cyber Resilience Act (CRA). We’ll then discuss the role that independent third parties can play in validating developers’ efforts to meet its requirements.
The Cyber Resilience Act
The CRA requires that digital products and services that connect to other devices or networks be secure by design and resilient against cyber threats. Additionally, they must offer cybersecurity protections throughout their lifetime.
Many of the CRA’s technical requirements are what you would expect: implementing cybersecurity-by-design strategies, offering secure-by-default configurations, and adding appropriate levels of encryption and access control. However, the CRA also requires that manufacturers carry out risk assessments and keep them updated to address any vulnerabilities throughout the product’s life.
The CRA calls on manufacturers to apply due diligence when integrating third-party components or services into their products. As well, it asks for comprehensive documentation, including a declaration of conformity with the regulations.
The CRA entered into force on December 10, 2024. It’s being implemented in three phases:
- By June 11, 2026, EU member states must give the Commission the names of the bodies within their jurisdiction that plan to offer CRA conformity assessments.
- By September 11, 2026, manufacturers must be able to meet the CRA’s requirements for reporting actively exploited vulnerabilities and severe incidents.
- On December 11, 2027, all other requirements of the CRA will become mandatory.
For some, these deadlines represent a challenge that they would prefer not think about. However, the costs for failing to address the CRA’s requirements can be high. These include fines of up to 2.5% of the manufacturer’s global annual turnover, restrictions on selling the product, and even product recalls.
Dealing With the Challenge of Compliance
Thoughtfully structured tools can help IoT developers consider the requirements of the CRA and how they should adjust their design processes in response. Such tools can also highlight areas in which their best efforts alone will be insufficient for meeting all the CRA’s requirements—for example, when the cybersecurity of the physical design is reliant upon an external service.
Back
Contact Us
Partnership Offers