September 2026 triggers 24‑hour vulnerability reporting under the EU CRA. See why that date, not 2027, is your real deadline—and how to get ready in time.

IoT compliance has evolved from a checkbox to a strategic imperative. Learn how specialized compliance management tools transform regulatory burden into competitive advantage for IoT manufacturers.

Discover how to translate IoT vulnerabilities into concrete financial risk, avoid costly recalls and fines, and turn product security into a high-ROI, board-level investment decision

The EU Cyber Resilience Act doesn't just regulate IoT hardware—it includes your backend too. Learn when cloud platforms become part of your product and what compliance requirements you must meet.

Test of Things is end-to-end connected system cybersecurity compliance and testing platform covering devices, back-ends and for example mobile applications.
Stay compliant continuously and ship with confidence.

IEC 62443-4-1 provides a proven framework for IIoT and OT manufacturers to meet most EU CRA requirements. Learn how this secure development lifecycle standard accelerates your CRA compliance journey.

The EU CRA introduces strict 24/72-hour vulnerability reporting for manufacturers, demanding rapid response, proactive testing, and transparent communication—or risk heavy fines and lost trust.

Why IoT company boards must treat cybersecurity as a core fiduciary duty. Any oversight is no longer optional in today's risk-driven regulatory landscape

The core challenge? Scaling security to match your product's complexity.

If your team is still relying on manual, point-in-time penetration testing, every new product variant, every minor firmware update, and every regional configuration change adds exponential overhead. This leads to a dangerous trade-off: compromising on the depth or frequency of testing to meet tight launch deadlines.

What do EU CRA fines really mean for your business? This post reveals the true financial risks of non-compliance—and the steps smart IoT companies take to stay protected. Find out how to avoid penalties before it’s too late

In the competitive world of IoT, CEOs and CFOs often view cybersecurity through the narrow lens of cost—the expense of compliance, audits, and security teams. This perspective is outdated, especially as connected devices become integral to customers’ lives and businesses.

For Product and Engineering Managers in IoT manufacturing, navigating the complex landscape of cybersecurity compliance is a constant challenge. Among the most asked standards, IEC 62443-4-2 stands out, defining technical security requirements for control system components.

Read this post how to transform compliance from a reactive, laborious process into a proactive, efficient, and deeply integrated part of your development lifecycle.

Compliance officers at IoT device manufacturing organizations must act immediately to prepare for the EU Radio Equipment Directive (RED) and its new cybersecurity requirements, which became mandatory on August 1, 2025. The new EN 18031 series of standards provides the framework for demonstrating compliance. A successful strategy focuses on proactive integration of these requirements into the product lifecycle.

The alarm clock rang on August 1st, 2025, and everything changed. Europe's IoT compliance shifted from voluntary to mandatory overnight. With RED requirements now enforced and CRA coming in 2027, IoT manufacturers face a new reality: get compliant or lose market access. Discover why smart companies are turning compliance challenges into competitive advantages.

The European Union has taken decisive action to address cybersecurity issues by introducing new regulations like the Radio Equipment Directive (RED) and the Cyber Resilience Act (CRA). We are proud to be supported by the European Union in developing our innovative technology further.

The goal is to develop a product prototype that is easy to use and allows users to self-assess their product’s compliance with the security standards and regulations. The grant empowers us to further our mission of protecting customers and society from cyber incidents by making IoT cybersecurity testing easy and automated. 

In the Internet of Things, attackers try to find the weakest links wherever possible. We, the security testers, should also look at the whole system. Unfortunately, assessments often stop at the device itself, excluding backend cloud services and applications.

Software Bill Of Materials (SBOM) is hailed as the solution to managing cybersecurity. It brings transparency to the used software components and allows you to check if published vulnerabilities may be present in your system. This is great, but SBOM leaves many aspects of product security unaddressed.

The security of an Internet of Things (IoT) product, or any networked system, has two dimensions. First, there are security functions such as user authentication and data encryption. Second, there is the quality aspect of security, as low-quality software easily contains vulnerabilities.

Informal history of network protocol security: from Garden of Eden to Zero Trust.

IoT cybersecurity regulations are essential for protecting users and infrastructure, but they can also create significant barriers to entry for companies in the IoT industry. Here's a breakdown of the key challenges

Summer of Things

At Test of Things, we are building the future platform for securing the Internet of Things. We are looking for two interns for the summer 2025. Trainers would work in the R&D team on tasks like security assessment of IoT devices, development of security testing tools, participation in evaluation projects, and working with our open-source platform Toolsaf (https://github.com/testofthings/toolsaf).