IoT News

GlobalPlatform’s SESIP aligns with EU Cyber Resilience Act for IoT security

December 19, 2024

Posted by: Magda Dabrowska

Conceptual of security with wooden blocks, paper settings icon on sage color background flat lay. horizontal image

Image by 8photo on Freepik

GlobalPlatform has called for manufacturers of connected devices and components to adopt its “Security Evaluation Standard for IoT Platforms” (SESIP) methodology to demonstrate conformance with the European Union’s new Cyber Resilience Act (CRA), which comes into force this month. The CRA aims to strengthen and harmonise cybersecurity across the EU by creating a new legal framework for all products that connect to the internet.

The enactment of the CRA puts into place mandatory cybersecurity rules that span the entire lifecycle of a digital product sold in the EU. The CRA was published in the Official Journal of the European Union last month and becomes law on December 11, 2024. Product manufacturers will have 36 months to fully comply with the legislation. The Act will eventually require all relevant products to comply with the rules in order to obtain the CE marking, a mandatory market requirement for issuing products in Europe.

As an internationally recognised standard for IoT security evaluation, SESIP is key to meeting the requirements mandated by the CRA. It provides manufacturers with a proven methodology for conducting security evaluations of software and hardware components across their products and supply chains. SESIP is recognised as a standard by CENELEC, the European Standardisation Organisation, as EN 17927. It also aligns with many other legislation and vertical certification schemes around the world, including the Cyber Trust Mark in the US.

The methodology is being used to certify components, platforms, and modules from a range of companies and is supported by a growing ecosystem of security providers, certification bodies (CBs), security laboratories,] and other stakeholders. GlobalPlatform continues to support the growth and governance of the SESIP ecosystem. SGS Brightsight has recently been accredited as a SESIP CB following approval from the Spanish national accreditation body (ENAC), becoming the second SESIP CB after TrustCB.

“Industry support for SESIP is building at this critical juncture for IoT manufacturers operating in Europe,” said Gil Bernabeu, the CTO of GlobalPlatform. “The Cyber Resilience Act is vital to protecting consumers and businesses by embedding security features into the heart of the connected devices we use every day, providing a cybersecurity framework that spans the design, development, and maintenance of digital products.

For more information on SESIP please visit: https://globalplatform.org/sesip/

Comment on this article below or via X: @IoTGN and visit our website IoT Global Network