Comply with the Cyber Resilience Act & UK Product Security
Experience a worry-free development process with i46 guaranteed compliance support for the Cyber Resilience Act and UK Product Security regime.
IoT devices put on the market after June 2024 have to comply with the CRA and the UK Product Security Regime!
i46 - Selected by:
Ensure Your Compliance Now
New cybersecurity regulations, like the EU's Cyber Resilience Act and the UK's PSTI regime , will force businesses to build more secure products. This means stricter requirements, potentially impacting software, hardware, and updates. While compliance will require investment and adaptation, it can also be a selling point, boosting trust and brand image. Overall, these regulations aim for a safer digital world, and businesses that embrace these changes will be well-positioned for the future.
Why is compliance hard to achieve?
The CRA and PSTI introduce never-seen-before requirements
Gone are the days of lax security – secure-by-design is now the law of the (development) land . Patching up vulnerabilities after the fact won't cut it anymore – proactive threat mitigation, vulnerability assessments, and secure updates become the norm. But with limited resources and entrenched development models, adapting to this paradigm shift will be no mean feat.
CRA and PSTI compliance must be continuously monitored
The European legislations grasp extend beyond initial compliance, demanding continuous monitoring throughout the device's lifespan. Newly discovered software vulnerabilities can render your once-compliant device or software into a potential threat. But ensuring this perpetual state of cybersecurity is daunting. Resources stretch thin, and hidden flaws can hide in the shadows.
Reaching compliance could be expensive
Internal resources, already stretched thin, may buckle under the burden of revamped processes, specialized expertise, and ongoing monitoring infrastructure. The CRA and PSTI are a feat made for security giants, not smaller innovator. Collaboration, innovative solutions, and regulatory support from i46 will be crucial to ensure CRA and PSTI compliance don't become a luxury.
This is about to change
How will i46 help you achieve compliance ?
Initial assessment
🕒1 day
Every journey begins with a single step.
With us, our path to CRA and/or PSTI compliance starts with a swift and thorough Initial Assessment. This first phase, lasting just one working day, is entirely free of charge and designed to quickly determine if your product aligns with our certification capabilities.
Full Assessment
🕒2 to 4 weeks
In Phase 2, we uncover the exact changes your product needs to undergo in order to become CRA and/or PSTI compliant. Our experts conduct a comprehensive assessment, leaving no stone unturned to ensure your product aligns with the stringent requirements of these European regulations.
Certification
🕒4 to 8 weeks
Reaching compliance is now within sight.
Phase 3, Certification, seals the deal, ensuring your IoT devices are not only secure but recognized as such.
During this phase we ensure that the issues identified in Phase 2 have been addressed and establish the EU Authorized Representative contract, fulfilling the requirement for non-EU companies to have a Representative in the EU.
Continuous monitoring
🕒device lifetime
In Phase 4, i46 focuses on continuous monitoring, ensuring your devices remain compliant with the Cyber Resilience Act throughout the lifetime of your devices. During this phase, we will conduct annual reviews of your product, and may exercise our mandate as EU Authorized Representatives if the occasion to do so arises.
↙
Includes EU Authorised Representative Services !
Initial Assessment
🕒1 day
Free
The Initial Assessment
Every journey begins with a single step. And with us, that first step towards compliance is remarkably swift, thorough, and completely free. The Initial Assessment a one-day dive into your product's security posture, designed to clarify your path forward.
Our dedicated experts will scrutinize your documentation, architecture, and development processes. Within a day, you will receive a clear roadmap for achieving a robust, CRA and/or PSTI-compliant future.
Requirements
• General product description
• Pictures of the device
• Architecture and operating system,
• Remote Access to one device.
Outcomes
• Certification Approval : In most cases, we will confirm your product's eligibility for i46 certification within one working day.
• Physical Product Request : For certain scenarios, we may ask you to deliver a physical unit to our lab for more in-depth analysis
Full Assessment
🕒2 to 4 weeks
up to 7,500 euros
The Full Assessment
The Full Assessment is a meticulous and comprehensive evaluation of your product or software, designed to provide you with a clear roadmap for achieving compliance.
Our experts will delve into every aspect of your product: architecture, security posture, development processes, data handling, and potential vulnerabilities. No detail is overlooked as we analyze your product against the stringent CRA and PSTI standards.
The result is a personalized action plan, outlining the precise adjustments needed to ensure your product meets all compliance criteria.
Requirements
• Design documents (if available),
• Installation script for your software,
• Any other relevant document.
Outcome
• A detailed list of changes required for certification, pinpointing areas for improvement and ensuring compliance with the CRA and PSTI's robust security standards.
Certification
🕒4 to 8 weeks
up to 10,000 euros
The Certification
Building on the roadmap built in the previous phase, this phase takes your product on a transformative journey towards CRA and PSTI compliance.
We focus on two key objectives: ensuring that all identified vulnerabilities identified earlier have been fixed and generating comprehensive compliance documentation.
This phase is more than just technical wizardry; it is the guarantee of CRA and PSTI compliance At the end of this phase, we hand you the keys to compliance, empowering you to navigate the CRA and PSTI landscape with confidence and ease.
Requirements
• All issues uncovered during the assessment have been meticulously addressed,
• The i46 cybersecurity compliance script is seamlessly integrated.
• The EU Authorized Representative mandate is given to i46.
Outcomes
• Certification documents that attest to your device's compliance: EU Certificate of Conformity, Technical Documentation and CE marking,
• A new installer for your product
• Your very own i46.io compliance server, ready to continuously monitor your devicess compliance status.
Authorized Representative Services
Non-EU companies looking to sell their connected devices and software in the European market face a hurdle: the Cyber Resilience Act demands a designated EU Authorised Representative.
This trusted legal entity acts as your bridge to the EU, ensuring your products comply with the Act's reporting requirements and assessment requirements.
But what exactly does it mean to have an Authorised Representative ? Think of it as a business and technical partner. From handling technical documentation and conformity assessments to dealing with authorities and responding to incidents, your representative becomes your voice in the EU.
This is where i46 revolutionizes the game. Unlike other providers who charge hefty fees for this essential service, i46 includes EU Authorized Representation as part of its basic package. This means unparalleled accessibility and affordability – a game-changer for smaller companies and startups who might otherwise be priced out of the European market.
With i46 as your EU Authorized Representative, you gain an experienced partner, not just a compliance checkbox
Continuous monitoring
🕒device lifetime
10,000 euros per year + 1 euro per device
Continuous monitoring
Achieving CRA and/or PSTI compliance is a crucial first step, but ensuring your product remains compliant is a marathon, not a sprint.
In this phase, Continuous Monitoring, is where i46.io becomes your unwavering guardian, safeguarding your CE certification and, hence, CRA and/or PSTI compliance throughout your product's lifecycle.
Here's how we safeguard your CE certification:
• i46.io Server as Your Compliance Guardian: All CRA and/or PSTI-compliant devices leverage the i46.io server for continuous monitoring, ensuring timely detection and response to potential threats,
• No Unauthorized Access, No Exceptions: We uphold the integrity of your devices by strictly prohibiting unauthorized access, safeguarding CRA and/or PSTI compliance,
•Yearly Checkups, for Long-Term Health: We conduct annual certification reviews to verify that your devices maintain compliance with evolving cybersecurity standards,
•Swift Action in Critical Moments: In the rare event of a security issue that cannot be resolved by i46.io, we'll initiate an immediate response, including mandatory vulnerability report to EU authorities.
Outcomes
• Automatic Notifications, Keeping Everyone Informed : In case of a security issue, we automatically notify both end users and relevant authorities, aligning with legal requirements and fostering transparency,
• User Empowerment, One Opt at a Time: End users have the autonomy to opt in or out of certain security features; this is a requirement of the CRA and/or PSTI.
• B2B Visibility, When Needed: For business-to-business devices, we offer optional access to i46.io, enabling greater visibility and control over device security.
↙
Continuous compliance, guaranteed.
╰┈➤
English 
Chinese