Crypto Quantique Simplifies CRA Compliance for Embedded Security

By Luke James
Published 18 hours ago

As digital security threats continue to evolve, the landscape for cybersecurity compliance is becoming increasingly complex. One of the latest initiatives driving this change is the European Cyber Resilience Act (CRA), which mandates stringent security requirements for digital products within the European Union. In response to this challenge, Crypto Quantique has introduced a groundbreaking solution designed to streamline compliance for embedded device developers.

The QuarkLink Hybrid PQC Security Platform

Unveiled at Embedded World 2025, the QuarkLink Hybrid PQC security platform aims to simplify the compliance process associated with the CRA by automating critical security functions while integrating post-quantum cryptography (PQC). This innovative approach significantly reduces the time, cost, and risk typically associated with the security of embedded systems.

Dr. Shahram Mossayebi, founder and CEO of Crypto Quantique, emphasized the importance of this solution during an interview with Jeff Child from All About Circuits at the event. "We provide an abstract layer on the embedded side, connecting your application to the security features of your hardware and your cloud infrastructure," he explained. Mossayebi also pointed out that this security framework effectively "sandwiches" applications to enhance protection.

Navigating the EU Cyber Resilience Act

Passed in 2024 and set for full enforcement by December 2027, the CRA introduces rigorous cybersecurity requirements for hardware and software products that contain digital elements. Key requirements include secure firmware update capabilities, vulnerability management, incident reporting, and the use of proven cryptographic techniques. Failure to comply can result in severe penalties, including fines of up to €15 million or 2.5% of a company’s annual global turnover.

Many developers face daunting tasks as they work under tight deadlines with limited resources and outdated tools. To help alleviate these challenges, Mossayebi discussed how Crypto Quantique’s QuarkLink platform can serve as a game-changer in the industry.

Features of the QuarkLink Platform

QuarkLink is a versatile cloud-based software platform offering a comprehensive suite of embedded security solutions from the manufacturing phase to device decommissioning. The platform manages device identities, supports secure boot processes, allows for firmware-over-the-air (FOTA) updates, and undertakes cryptographic operations, including Public Key Infrastructure (PKI) and certificate management.

A notable enhancement in recent upgrades is the integration of hybrid post-quantum cryptography, combining X25519 and Kyber768Draft00 algorithms to offer robust security against both current and emerging cyber threats.

Importantly, QuarkLink is not designed to be hardware-agnostic; it supports an array of software development kits (SDKs) tailored to specific microprocessor and microcontroller platforms. This includes collaborations with industry giants like Renesas, STMicroelectronics, and Intel.

"We do the hard work once," said Mossayebi, referring to the extensive verification and testing involved in creating the SDKs. This allows developers to focus on application coding while trusting that the underlying hardware has been thoroughly vetted for security.

Facilitating CRA Compliance

The platform also directly addresses significant CRA requirements, such as secure FOTA capabilities that align with the September 2026 deadline for remote update readiness. QuarkLink is designed to facilitate continuous vulnerability monitoring and automated certificate management, making compliance over a product’s lifecycle less daunting for embedded engineers.

Beyond technical elements, the QuarkLink solution fosters organizational-wide cybersecurity management. It supports centralized device management and a zero-trust architecture. Managers benefit from a user-friendly dashboard that allows oversight of device activities, access controls, and more.

Mossayebi noted, "Embedded engineers aren’t usually trained in IT security. We make it easy to plug into your CI/CD toolchain with APIs and CLIs, helping to prevent costly mistakes like inadvertently pushing keys to public repositories, which can have disastrous consequences."

As the deadlines for CRA compliance loom, Crypto Quantique’s QuarkLink Hybrid PQC platform provides a timely and effective solution for embedded device manufacturers. By unifying complex security infrastructure, automating best practices, and incorporating future-proof cryptography, QuarkLink makes compliance both achievable and efficient.

In facing the significant challenges introduced by the CRA, solutions like QuarkLink are essential not only for ensuring regulatory compliance but also for safeguarding the digital landscape from evolving cybersecurity threats.

Share this article: