GlobalPlatform is calling for manufacturers of connected devices and components to adopt its Security Evaluation Standard for IoT Platforms (SESIP) methodology to demonstrate conformance with the European Union’s new Cyber Resilience Act (CRA).

The act comes into force this month. It aims to strengthen and harmonise cyber security across the EU by creating a legal framework for all products that connect to the internet.

The enactment of the CRA puts into place mandatory cyber-security rules that span the entire lifecycle of a digital product sold in the EU. The CRA was published in the Official Journal of the European Union last month (www.europeansources.info/record/proposal-for-a-regulation-on-horizontal-cybersecurity-requirements-for-products-with-digital-elements-and-amending-regulation-eu-2019-1020) and became law on December 11, 2024.

Product manufacturers have 36 months to comply fully with the legislation. The act will eventually require all relevant products to comply with the rules to obtain the CE marking, a mandatory market requirement for issuing products in Europe.

As an internationally recognised standard for IoT security evaluation, SESIP is key to meeting the requirements mandated by the CRA. It provides manufacturers with a proven method for conducting security evaluations of software and hardware components across their products and supply chains. SESIP is recognised as a standard by European standards organisation Cenelec, as EN 17927. It also aligns with many other legislation and vertical certification schemes around the world, including the Cyber Trust Mark in the USA.

The methodology is being used to certify components, platforms and modules from a range of companies and is supported by a growing ecosystem of security providers, certification bodies (CBs), security laboratories and other stakeholders. GlobalPlatform continues to support the growth and governance of the SESIP ecosystem. SGS Brightsight has recently been accredited as a SESIP CB following approval from the Spanish national accreditation body ENAC, becoming the second SESIP CB after TrustCB.

“Industry support for SESIP is building at this critical juncture for IoT manufacturers operating in Europe,” said Gil Bernabeu, CTO of GlobalPlatform. “The Cyber Resilience Act is vital to protecting consumers and businesses by embedding security features into the heart of the connected devices we use every day, providing a cyber-security framework that spans the design, development and maintenance of digital products. However, this landmark legislation presents a range of compliance challenges for manufacturers of connected devices and the components used in these products. SESIP simplifies conformity with the new regulations by providing a unified framework for comprehensive security evaluation, reducing cost, risk and time to market. We look forward to expanding the SESIP ecosystem to help multiple industry sectors meet the requirements of the new European regulations. It will also enable international manufacturers to reuse their security evaluation investments to demonstrate conformance to non-European regulations.”

The SESIP methodology is already mapped to other standards and regulations such as ETSI, ISO/IEC, RED, UNECE WP.29 and NIST. It is also being used by schemes such as PSA Certified, and standardisation bodies including the Car Connectivity Consortium and the Wireless Power Consortium. In addition to Europe, SESIP is being adopted around the world in markets such as China, where an agreement was recently reached between GlobalPlatform and China’s National Financial Technology Certification Center (NFTC).

GlobalPlatform (globalplatform.org) has a number of initiatives in place to help accelerate SESIP adoption. A training programme has been launched and available for any interested party. It has also launched the SESIP Adopters (globalplatform.org/wp-content/uploads/2024/02/SESIP_Adopter_Agreement_090224.pdf) community to give non-members the ability to keep up to date with relevant technical documents and showcase certified SESIP products.

For more information on SESIP visit globalplatform.org/sesip.