
How to achieve IoT cybersecurity certification across the EU, US, and global markets
30.10.2025
12:00 - 13:00 EDT (New York)
16:00 - 17:00 GMT (London)
The IoT industry stands at a critical juncture as cybersecurity certification transitions from best practice to legal mandate across markets. Manufacturers now face an accelerating timeline of compliance obligations. Beginning with the EU's CE RED Article 3.3 requirements in August 2025, these will fundamentally reshape market access. The convergence of regulations - including the EU Cyber Resilience Act (2027), US Cyber Trust Mark, and US Department of Commerce Connected Vehicle Rule creates both unprecedented challenges and opportunities for forward-thinking companies. Those who act now to establish robust IoT cybersecurity certification processes will ensure the compliance they need for deployment. They will also gain competitive advantages in market access, customer trust, and operational efficiency.
Modern IoT cybersecurity certification extends far beyond testing. It also requires comprehensive documentation, including software bills of materials (SBOMs), continuous vulnerability management, and supply chain transparency. Independent software supply chain security solutions provider Finite State uniquely addresses these multifaceted requirements. Quectel works with Finite State to strengthen the security of its modules through rigorous testing, enhanced supply chain visibility, and comprehensive risk management, addressing evolving regulations and the growing demand for verifiable secure development practices to give customers greater peace of mind.
While most certifications require only firmware updates rather than hardware changes, testing and documentation requirements demand specialized expertise to navigate efficiently. A properly integrated approach covers consulting, testing, reporting, and certification assistance. Through our work with Finite State, we help manufacturers meet diverse regulatory requirements across jurisdictions without duplicating efforts.
Investing in IoT cybersecurity certification today delivers returns that extend beyond mere compliance. Early adopters can use certifications for marketing differentiation. They can also avoid the risk of rushed work and potential delays as deadlines approach. The US Department of Commerce Connected Vehicle Rule illustrates the high stakes, with non-compliance blocking entire product lines from the US market.
Meet IoT cybersecurity certification requirements at speed
By working with Quectel to achieve certification, manufacturers gain access to established testing protocols and expert guidance on evolving requirements. The service also provides streamlined processes that reduce time-to-market. As the IoT ecosystem becomes increasingly regulated, companies building cybersecurity certification into their product development lifecycle will find themselves with expanded market access. They will further enjoy enhanced customer trust and a significant competitive edge over those scrambling to meet last-minute compliance deadlines. Join this Masterclass to hear from both Quectel and Finite State, learning how cybersecurity regulations are changing and what you will need to stay on top of testing and certification in the years ahead.
Add to calendar
Add to your preferred calendar below:
Please be aware that you will still need to register for this Masterclass.
Speakers

Matt Wyckhouse
Matt Wyckhouse is an embedded device security expert. As Founder and CEO of Finite State, he leads the company in its mission to protect our connected world through better software supply chain risk-management, working with product and supply chain security teams around the world to help them build scalable vulnerability and risk-management solutions for complex product portfolios.
Job title:
Founder and CEO
Company:
Finite State

Seungryoul Yoon
Seungryoul Yoon’s impressive career in technology spans three decades and three continents. A certification specialist, Seungryoul is currently responsible for taking care of the company’s module certification and supporting its customer end device certification.
Job title:
Certification Director (North America)
Company:
Quectel

Larry Pesce
Larry Pesce is Vice President of Services at Finite State. In his role, he serves as a senior consultant, providing expert guidance and services to product security teams worldwide, including for product security program design and development, product red-teaming and penetration testing, software supply chain risk management, and vulnerability management. Outside of this, Larry also serves as an instructor and course author at the SANS Institute and co-hosts a popular security podcast.
Job title:
Vice President of Services
Company:
Finite State
Agenda
Overview of converging global regulations 2025-2030
Timeline of mandatory compliance dates and their market impacts
The shift from optional to mandatory cybersecurity requirements
Technical requirements: SBOMs, security testing, vulnerability management
Software vs. hardware implications across different regulations
Real-world examples of certification processes and timelines
Quectel Certification Services: consulting, testing, reporting, certification assistance
ROI of proactive certification vs. reactive compliance