The EU Cyber Resilience Act flips security responsibility onto manufacturers. Learn what “secure by default” really demands for configurations, updates, features, and data collection.

What's actually running in your product? Most teams don't know. Learn how to generate an SBOM — from source code to binaries — and why the CRA requires it.

What “no known exploitable vulnerabilities” actually means under the CRA—and how SBOMs, risk assessment, and automation help you meet the new security and reporting duties.

Turn CRA’s abstract risk assessment requirement into a concrete, 3‑step process: define scope, identify assets, and prioritize risks by likelihood and impact to guide secure product design.

Learn how to tell if CRA applies to your product by clarifying intended purpose, core and essential functions, and mapping product boundaries, components, and external dependencies.

Test of Things, a cybersecurity startup, has just raised a €1.2 million pre-seed funding round to help connected product manufacturers to automate cybersecurity testing and compliance management.

A research-backed look at 16 IoT cybersecurity requirements—where they align, where they clash, and how to build one practical, testable baseline for secure, compliant connected products.

New research shows most IoT vulnerabilities are not in the device, but in cloud backends, web frontends, and mobile apps—revealing why HTTP and injection flaws drive real-world IoT attacks.

September 2026 triggers 24‑hour vulnerability reporting under the EU CRA. See why that date, not 2027, is your real deadline—and how to get ready in time.

IoT compliance has evolved from a checkbox to a strategic imperative. Learn how specialized compliance management tools transform regulatory burden into competitive advantage for IoT manufacturers.

Discover how to translate IoT vulnerabilities into concrete financial risk, avoid costly recalls and fines, and turn product security into a high-ROI, board-level investment decision

The EU Cyber Resilience Act doesn't just regulate IoT hardware—it includes your backend too. Learn when cloud platforms become part of your product and what compliance requirements you must meet.

Test of Things is end-to-end connected system cybersecurity compliance and testing platform covering devices, back-ends and for example mobile applications.
Stay compliant continuously and ship with confidence.

IEC 62443-4-1 provides a proven framework for IIoT and OT manufacturers to meet most EU CRA requirements. Learn how this secure development lifecycle standard accelerates your CRA compliance journey.

The EU CRA introduces strict 24/72-hour vulnerability reporting for manufacturers, demanding rapid response, proactive testing, and transparent communication—or risk heavy fines and lost trust.

Why IoT company boards must treat cybersecurity as a core fiduciary duty. Any oversight is no longer optional in today's risk-driven regulatory landscape

The core challenge? Scaling security to match your product's complexity.

If your team is still relying on manual, point-in-time penetration testing, every new product variant, every minor firmware update, and every regional configuration change adds exponential overhead. This leads to a dangerous trade-off: compromising on the depth or frequency of testing to meet tight launch deadlines.

What do EU CRA fines really mean for your business? This post reveals the true financial risks of non-compliance—and the steps smart IoT companies take to stay protected. Find out how to avoid penalties before it’s too late

In the competitive world of IoT, CEOs and CFOs often view cybersecurity through the narrow lens of cost—the expense of compliance, audits, and security teams. This perspective is outdated, especially as connected devices become integral to customers’ lives and businesses.

For Product and Engineering Managers in IoT manufacturing, navigating the complex landscape of cybersecurity compliance is a constant challenge. Among the most asked standards, IEC 62443-4-2 stands out, defining technical security requirements for control system components.

Read this post how to transform compliance from a reactive, laborious process into a proactive, efficient, and deeply integrated part of your development lifecycle.

Compliance officers at IoT device manufacturing organizations must act immediately to prepare for the EU Radio Equipment Directive (RED) and its new cybersecurity requirements, which became mandatory on August 1, 2025. The new EN 18031 series of standards provides the framework for demonstrating compliance. A successful strategy focuses on proactive integration of these requirements into the product lifecycle.