Compliance, cybersecurity, 5G. Each offering is scoped, priced and staffed by the same team that runs our research lab.
Find the gap; close the gap. We work to TR-3183 and adjacent EU regulation; starting with a complimentary diagnostic, ending with a notified-body-ready documentation package.
Begin with a complimentary gap diagnostic; continue, only if you want to, into the full TR-3183 dossier: assessment and documentation by the same team that does the certification work.
Continuous CRA compliance for your deployed IoT fleet. A lightweight on-device agent and a central console: CVE tracking, fleet inventory, automated risk reporting.
Hardware without a Secure Element can still meet CRA. Detection systems without realistic data still don't catch real attacks. Two products that close both gaps.
Automated full-disk encryption for Raspberry Pi and similar IoT hardware lacking a Secure Element. Each device gets a unique image and a unique LUKS key, fetched at boot from your secure key server.
Real-world IoT network captures and attack patterns for training, validating and red-teaming AI-based detection systems.
Stand-alone 5G/LTE: for ultra-secure deployments where the public network is a liability, and for lab work where you need to break a device before the open internet does. Same hardware, two operating modes.
A stand-alone 5G/LTE network in a box. Air-gapped communications for bunkers, mines and high-security facilities; and a realistic lab for DDoS, pen-testing and vuln assessment of IoT devices.
Test your 5G/6G application on Europe's premier testbed: from underground mines to underwater facilities. We provide the hardware; you focus on the software. Zero infrastructure cost.
We'll tell you which i46 product you actually need to meet your compliance and cybersecurity objectives.
Two phases, one engagement. Start with a complimentary diagnostic; continue, only if it makes sense, into the full TR-3183 dossier: assembled by engineers, and ready for acceptance by EU notified bodies.
Most clients begin with the free diagnostic and only commission the full dossier once they know what's actually at stake. You can stop after phase one. You can hand the report to another lab. You can come back six months later. The diagnostic is yours either way.
A complimentary top-level analysis. Structured report mapping your product to each TR-3183 / CRA Annex I requirement. Results are: met, partial, or not met; with priority ranking and effort estimate. ~5 business days.
The complete notified-body package: technical file, architecture documentation, test methodology and results from our Prague lab, SBOM, vulnerability-handling policy, and conformity declaration. Fixed-scope quote based on phase 1.
For products already on market, pair the dossier with WATCH46, our continuous monitoring platform, to keep the conformity declaration honest across the device lifecycle. See P02.
30 minutes. We learn your product class, target markets, and certification deadline. Scope is agreed.
Day 0Send us your technical documentation, architecture, firmware notes and interface map. We review against TR-3183.
Day 1–4Engineers map each clause to your implementation. 45-minute walkthrough; written report delivered. Phase 1 ends here.
Day 5Lab testing in Prague, technical file, SBOM and conformity-declaration assembly. Notified-body-ready package.
Week 2–10One week. No cost to start. Every assumption made explicit.
Professional-grade security monitoring for your entire IoT fleet. From CVE tracking to automated risk reporting: everything you need to meet the Cyber Resilience Act in production, not just at certification.
Article-21 obliges manufacturers to monitor security throughout the product lifecycle, handle vulnerabilities as they emerge, and report incidents within tight timelines. A point-in-time conformity declaration cannot satisfy a continuous obligation. WATCH46 makes the obligation operational.
A lightweight software agent lives on each device, paired with a centralised management server. It gives you the oversight you need without taxing your device's resources or your team's time.
Tiny native binary. Reports installed packages, firmware version, runtime SBOM, integrity attestation and anomalous-process telemetry. Minimal CPU and memory cost; works on constrained devices.
Fleet inventory, per-device risk score, CVE-feed correlation, automated risk reports for regulators and internal audit. Role-based access; SSO; full audit trail.
Continuous correlation between your live SBOM and the NVD / vendor advisories. The moment a new CVE drops, you know which devices in your fleet are affected.
Securely hosted in the EU for instant deployment across global fleets. No infrastructure on your side beyond the agent. Available immediately after onboarding.
For sovereign-data and air-gapped operators: the same console deployed inside your perimeter. No telemetry leaves your network.
From CVE tracking to automated risk reporting: all in one place.
Automated full-disk encryption for Raspberry Pi and similar IoT hardware. Hardware-agnostic, CRA- and GDPR-compliant, with a unique image and a unique LUKS key per device: no hardware changes required.
CRA compliance is no longer optional; it is a prerequisite for the EU market. But devices built on hardware lacking a Secure Element (Raspberry Pi being the most common example) cannot pass mandatory CRA and GDPR audits for data-at-rest. DISK46 closes the gap in software, hardware-agnostic, without redesigning the product.
The device image is encrypted at rest using standard Linux LUKS, with a unique key generated per unit. No two devices share the same key.
At provisioningThe decryption key is held on a secure i46-managed key server (cloud EU, on-prem, or sovereign deployment), associated with the device's hardware identifier.
In your key infrastructureAt every boot, the device authenticates and retrieves its key automatically over a secure channel. LUKS unlocks the volume. The end user sees no friction.
At every bootCRA and GDPR require data-at-rest protection. DISK46 goes further: by giving each device a unique encryption key and a unique disk image, we eliminate the "break one, break all" failure mode of shared-key fleets. Stronger cryptographic isolation, no extra manufacturing complexity.
DISK46 requires an internet connection to decrypt on boot. Behaviour under degraded conditions is explicit and bounded.
Hosted on AWS Europe by default; supports CE-certified device fleets out of the box. Low operational burden on you.
For high-security clients, the key server runs in your environment. Built to adapt to evolving international cybersecurity mandates.
The device retries securely on a back-off schedule. In emergencies, manual decryption with the device-specific key is supported by the operator.
| Item | Onboarding | Notes |
|---|---|---|
| Standard DISK46 (32 GB) | €25 / device | Includes production rights & updates / support. |
| 64 GB image | €35 / device | Same scope, larger volume. |
| 128 GB image | €45 / device | Same scope, larger volume. |
| Programme onboarding (up to 100 devices) | €1,500 | One-time programme setup. |
| Each additional 100 devices | €750 | Linear scaling beyond the first 100. |
| Physical pre-flashed SD card | +€10 / device | Includes SD card & shipment. |
| Annual maintenance | 50% of onboarding | Updates, key-server operations, support. |
A demo image is available for multiple operating systems, with no functional limitations compared to production. Available in 32 GB images.
Note: the demo uses a static evaluation key. Production generates unique per-device keys to meet full CRA requirements.
No hardware changes. No friction at manufacturing. CRA, GDPR, on-prem-ready.
Over 300 million labelled records of real IoT network traffic and attack patterns; for teams building, validating and red-teaming AI-driven detection systems.
Most public datasets are old, enterprise-flavoured, or synthetic. Ours is collected from real fielded IoT devices across multiple geographies and device classes; the conditions an IoT security model actually has to generalise to.
Full packet captures with per-flow labelling. Ideal for protocol-level model training, packet classification and adversarial test generation.
Pre-extracted flow- and connection-level features in Parquet. Drop into your ML pipeline; reproducible feature schema documented.
Data-management plan, lawful-basis documentation, collection methodology, and a commercial licence that explicitly permits AI training.
| Field | Type | Description |
|---|---|---|
| ts_start | timestamp | Flow start, UTC microsecond precision. |
| duration_ms | int32 | Flow lifetime in milliseconds. |
| proto | enum | tcp · udp · icmp · mqtt · coap · custom. |
| device_class | enum | Anonymised: camera · sensor · gateway · meter · plc · other. |
| pkt_count | int32 | Packets in either direction. |
| byte_count | int64 | Total bytes transferred (both directions). |
| entropy_payload | float32 | Mean Shannon entropy of payload bytes, useful for tunnelling / exfil detection. |
| label | enum | benign · scan · ddos-volumetric · ddos-app · botnet · cnc · exfil · edge. |
| label_confidence | float32 | Labeller confidence ∈ [0, 1]; below 0.7 flagged as "edge". |
| campaign_id | string | Opaque collection-campaign identifier (for cross-validation splits). |
Mutual NDA, intended-use questionnaire (required for EU AI Act lawful-basis), and slice selection: device class, attack types, geography, time window.
Week 1A 1% representative sample is delivered for evaluation. Commercial licence and data-processing agreement are signed.
Week 2Full dataset delivered over SFTP or signed object storage. Hashed manifest, integrity check tool, and onboarding call included.
Week 3Start with a representative sample; commit to the full corpus only if it earns its place.
A stand-alone 5G / LTE solution for environments where external communications are unavailable, unreliable, or a security liability. Same hardware doubles as a realistic lab for DDoS, pen-testing and vulnerability assessment of IoT devices.
Unlike conventional commercial cellular networks, CELL46 operates over a controlled, localised infrastructure; closer in posture to a LAN than to a public cellular network. That design choice is the source of every advantage that follows.
Operating in a closed, localised manner drastically reduces electromagnetic emissions outside the defined physical boundary.
Minimal EM leakage makes the network practically invisible to external surveillance or signal-interception attempts: operational stealth, by design.
Even if a device inside the controlled environment is already compromised by mobile spyware, the network prevents external communication channels; rendering the spyware dormant or isolated.
Significantly extends coverage area and adds signal redundancy for larger facilities or complex physical environments.
Optional secure high-bandwidth external link if outside connectivity is occasionally required under defined operational procedures: flexibility, without weakening the core posture.
The same stand-alone network doubles as a controlled lab for subjecting IoT devices to realistic DDoS, protocol-abuse and application-layer attacks; the conditions they actually face in the field.
Government facilities, military installations and high-security data centres demanding control over all wireless communication.
Bunkers, mines and deep facilities that inherently lack commercial cellular coverage: instantly given a reliable, controlled communication infrastructure.
Organisations handling classified or highly confidential data: establish a communication air-gap and neutralise data-exfiltration risk even from compromised devices within the perimeter.
Subject IoT devices to realistic cellular conditions and adversarial traffic before they ever connect to a public network - pair with the Pan-European 5G Living Lab for cross-site validation.
Including the places no commercial network reaches, and the ones where commercial networks are the threat.
Accelerate your 5G and 6G innovation through Europe's premier testbed - built by a pan-European alliance of academic and industrial experts. We provide the hardware; you focus on the software.
5G and 6G applications fail or succeed in environments - not in lab racks. Underground mines, underwater facilities, dense urban canyons, isolated industrial sites. The Living Lab gives you a single gateway into all of them, so you can deploy and test where it actually matters and let your team focus on the software.
Tell us what your application does and which environments it needs. We match you to suitable testbed sites in the pan-European network.
Week 1Ship your software (or device) to the host site. The site provides the 5G/6G infrastructure, RF planning and operations; you keep your hands on the application code.
Week 2–3Run real-world experiments, collect measurements, iterate. Cross-site validation is possible: same application, different host environments, comparable telemetry.
OngoingIf you operate a 5G or 6G testbed, joining the alliance puts your facility in front of every researcher and team looking for the kind of environment you have. Lead the next wave of connectivity by becoming the network everyone tests on.
One gateway. Many testbeds. The hardware is on us.