A series of new IoT cybersecurity certifications is coming into force in markets across the globe, increasing compliance obligations for enterprises. New requirements include the EU’s CE RED Article 3.3, the EU Cyber Resilience Act (2027), the US Cyber Trust Mark, and the US Department of Commerce Connected Vehicle Rule. These create new challenges but also opportunities for companies that act now to ensure they will be compliant with new measures.

Quectel has been ahead of the game, working with penetration testing and analysis specialist Finite State to rigorously test Quectel’s IoT modules, in a process that reveals the security rating of the modules determined by Finite State’s risk assessment. This has enabled Quectel to release software bill of materials (SBOM) and vulnerability exploitability exchange (VEX) documents for its IoT modules. The program thereby empowers developers to simply and quickly identify the security status of each module.

This ability feeds into developer efforts to comply with modern IoT cybersecurity certification requirements. There is now far more at stake than simply testing to demonstrate security attributes. Modern certifications require comprehensive documentation of the sort that Quectel provides, along with full supply chain transparency. These testing and documentation requirements demand specialized expertise to navigate efficiently. A properly integrated approach covers consulting, testing, reporting, and certification assistance.

Quectel’s work with Finite State has helped to strengthen the security of its modules through rigorous testing, enhanced supply chain visibility and comprehensive risk management, addressing evolving regulations and the growing demand for verifiable secure development practices to give customers greater peace of mind. Quectel believes that by investing in IoT cybersecurity certification today, it can enable early adopters to use certifications to achieve differentiation in the marketplace.

Customers can also avoid the risk of rushed work and potential delays as deadlines approach. The US Department of Commerce Connected Vehicle Rule illustrates the high stakes, with non-compliance blocking entire product lines from the US market.

These and other cybersecurity certification challenges were detailed in a recent Quectel Masterclass titled ‘How to achieve IoT cybersecurity certification across the EU, US and global markets’. The Masterclass shares how, by working with Quectel, organizations can achieve certification and gain access to established testing protocols and expert guidance on evolving requirements. Quectel’s offering also provides streamlined processes that reduce time-to-market.

The Masterclass, presented by Seungryoul Yoon, the certification director (North America) at Quectel, and Matt Wyckhouse, the founder and CEO of Finite State, provides an overview of converging global regulations over the 2025-2030 period, sets out a timeline of mandatory compliance dates and their market impacts and details the shift from optional to mandatory cybersecurity requirements.

In addition, the Masterclass details the technical requirements across SBOMs, security testing and vulnerability management across hardware and software. The Masterclass also provides real world examples of certification processes and timelines and introduces Quectel Certification Services across testing, reporting, certification and assistance.

The Masterclass can be viewed here.