From complexity to compliance: simplifying global cybersecurity regulations for IoT manufacturers

Cybersecurity within IoT is gaining momentum by the day. Major regulations are coming into effect across the globe, that affects IoT device manufacturers. 

u-blox, in collaboration with NXP, will host a webinar focusing on the cybersecurity requirements these regulations impose on IoT device manufacturers.

The aim is to make sure you have all the fundamentals you need to get ready for all the upcoming regulations and help you select the correct hardware for building compliant IoT devices.

You will have a chance to ask questions from experts in the field of cybersecurity and take away a transcript of the webinar as well as any supporting prepared content.

Whether you are a IoT business owner, a certification manager, a product owner, or a software architect, there is something for everyone in this webinar.

Topics covered

1. EU CRA vs US CTM, Two different approaches to a similar problem
    
2. How conformance to RED using EN 18031 prepares manufacturers for other upcoming regulations
   • How we certified our modules for RED and what you can do to certify yours
   • Purchased a RED compliant module? What you should do as a module integrator.
   • What are the new requirements in CTM and CRA (that are not already covered in RED)?
3. When and how to use NXP EdgeLock® and EdgeLock® 2GO to comply with regulations
    
4. How other component level certifications can help with upcoming regulations
   • Role of SESIP
   • Role of PSA Certification

Join the extensive Q&A session at the end and address your questions directly to our experts – They can also reply to you offline after the webinar if you prefer.

Takeaways: Our goal is that this webinar equips you with the knowledge needed to make more informed, well-considered decisions.

Speakers

				Jenirathese Nadar Regional Marketing Manager - IoT Security and MCUs at NXP Semiconductors Jenirathese Nadar is a Regional Marketing Manager for Security and NFC at NXP Semiconductors, overseeing strategic initiatives across the EMEA region. With over a decade of experience in the security domain, Jenirathese currently focuses on secure microcontrollers and authentication technologies.  LinkedIn
				Hari Vigneswaran Senior Product Manager – IoT and cybersecurity at u-blox Hari Vigneswaran is a Senior Product Manager for IoT wireless modules and is responsible for cybersecurity of u-blox short range radio product portfolio. With more than 10 years of experience in the short-range wireless communications industry, Hari has extensive expertise in Bluetooth, Wi-Fi, Thread, and embedded security. LinkedIn

Watch the webinar now!

We’ve selected some of the most insightful and thought-provoking questions from the Q&A session at the end of our webinar. Your curiosity and engagement truly made the conversation shine - thank you! 

🎥 Missed the webinar or want to revisit the highlights? 
📖 Curious to dive deeper into the discussion? 
🔍 Looking for solutions that match your needs? 
👉 (Re)watch the webinar, explore our dedicated blog post for expert insights or discover the full u-blox portfolio to see how our technology can power your next innovation.

1. Are RED requirements applicable to existing products already in production?

   Yes. According to the EU Blue Guide, manufacturers place individual product units on the market. Any product unit placed in the market after 2025 August 1st, must comply with RED Cybersecurity regulations. For full details and definitions of a “product” and “placing a product on the market”, please refer to the EU Blue Guide. 

2. Are there pre-built security components from u-blox or NXP that fully meet RED and CRA requirements?

   No. No single component from any manufacturer can satisfy all RED or CRA requirements. Cybersecurity compliance is typically managed at the system level within the final product. While pre-certified components can significantly reduce effort, end-product manufacturers must still design and implement cybersecurity measures for the complete solution. 

3. Are GNSS products affected by cybersecurity requirements? 

   No. u-blox GNSS chips and modules are receivers only and do not connect directly or indirectly to the Internet. Therefore, they are not subject to RED cybersecurity regulations. For more details, see our official statement on GNSS products [PDF]. 

4. Does RED enforce OTA updates?

   Not exactly. RED mandates secure updates, but not specifically OTA (Over-the-Air) updates. Updates can also occur via wired connections, provided they are secure. Implementing secure boot across all product subcomponents is an effective way to meet this requirement. For more details, check the requirement documents from EN 18031 and our guidance document [PDF]. 

5. Do RED Cybersecurity requirements apply to Evaluation Boards (EVB/EVK)?

   No. Evaluation kits are intended for testing and evaluation, not production. They are typically discarded before the final product enters production.

6. Do u-blox GNSS products include spoofing or jamming protection?

   Yes. u-blox recently participated in Jammertest2025, and we will share the results soon. 

7. Which parts of EN 18031 are mandatory?

       EN 18031 consists of three parts:  

• EN18031-1 → RED Article 3(3)(d)  
• EN18031-2 → RED Article 3(3)(e)  
• EN18031-3 → RED Article 3(3)(f)  

       The applicable parts depend on your product’s functionality. 
       Review one or all sections as required. For more information, please review 
       our dedicated blogpost or guidance document [PDF].