Cyber Security
With the increasing digitization across all sectors and industries, critical infrastructure is now built on complex, interconnected digital systems — making them attractive targets for cyber threats.
Cyber Resilience Act
From smart-home devices to industrial IoT to consumer wearables – with its new cybersecurity regulations, European Radio Equipment Directive (RED) and Cyber Resilience Act (CRA), the EU mandates stricter cybersecurity requirements throughout the lifecycle of products with digital elements.
Important Deadlines
The time for implementing the new requirements mandated by the EU is running. Non-compliance might lead to significant consequences such as: severe fines, market access restrictions or the need for product recalls.
08/2025
RED Cybersecurity
Requirements from ISO/EN 18031 have to be met for new products.
09/2026
Vulnerability Reporting
Obligation to report vulnerabilities and security incidents starts.
12/2027
Full CRA Compliance
All requirements of the Cyber Resilience Act (CRA) have to be complied with.
Which products are affected?
The CRA applies to all connected products with digital elements. A wide range of products fall under this broad scope, for example: industrial & embedded systems, IoT devices, many software applications, connected energy devices such as (micro-)inverters and batteries, smart home and many other tech consumer products.
Products are categorized into different classes based on their importance and associated risk. Products with higher risks have more stringent requirements regarding the conformity assessment.
We offer risk assessments, reviewing your product security and CRA & RED compliance, covering threat modelling, vulnerability management, and security‑by‑design principles. We also assist with documentation, technical files, and conformity assessment preparation.
Energy Security
The transition towards a decentralized, smart grid, flexibilities and new regulations such as § 14a EnWG have a big potential – they can help significantly reduce the immediate costs for the expansion of our grid. At the same time, we face new challenges in terms of cyber & energy security.
Traditional energy technologies are becoming progressively more connected to modern, digital technologies and networks. The increasing digitalization in the energy system makes it smarter and enables us to better benefit from innovative energy services and potentials such as flexibilities in the grid, but it also creates significant risks, as an increased exposure to cyberattacks and cybersecurity incidents can jeopardise the security of energy supply.
For the energy industry, we offer top-level management consulting services, assessment of complex digital energy system architectures, and hands-on cybersecurity testing & review of energy systems.
Embedded Security
As embedded and IoT devices become deeply integrated into critical infrastructure, consumer products, and industrial environments, their security has a direct impact on safety, privacy, and operational continuity.
We help our customers design & implement secure embedded systems and IoT infrastructures, including establishing a root of trust, secure boot, secure roll-out of OTA updates, signing and encryption and other embedded security best practices.
We offer a comprehensive risk assessment of your product, identifying the most critical security risks and providing concrete, actionable measures to address them. Beyond this, we support you in designing, implementing, and refining your security architecture — at every level of your product.
Security is not an afterthought. It must be considered from the initial design stages, not just when vulnerabilities are discovered. Our cyber security experts help you design, review and implement secure products and system architectures.