Arduino Portenta X8: The First System-on-Module to Achieve EU’s Cyber Resilience Act Compliance
The European Union’s Cyber Resilience Act (CRA) is set to revolutionize the way we approach cybersecurity in the IoT industry. As of 2025, all digital products in Europe must meet new security standards, with the exception of certain medical devices, aviation equipment, and motor vehicles. The CRA aims to establish standards for secure products with digital elements throughout the EU, focusing on security at every stage of a product’s life. This includes increasing user awareness of a product’s cybersecurity features and demanding that Original Equipment Manufacturers (OEMs) quickly address vulnerabilities in devices already in use.
Cybersecurity is a top priority in the EU’s Cyber Resilience Act
In this new regulatory landscape, the Arduino Portenta X8 has made history by becoming the first system-on-module (SoM) to achieve CRA compliance. This milestone was made possible through the collaboration between Foundries.io and Arduino, which integrated Foundries.io’s security software into the Portenta X8. This integration enables users to efficiently handle device security, data protection, and software management in a single, cloud-based environment.
“When deploying Linux-based edge devices, security cannot be an afterthought. That’s why we designed the Arduino Portenta X8 giving the highest priority to security features, end to end.” - Fabio Violante, CEO of Arduino
The Portenta X8 offers a suite of security functions, including secure boot, trusted execution environment, remote attestation, key installation, cloud authentication, and TUF-compliant secure OTA updating. Additionally, the X8 Board Manager tool provides a user-friendly visual interface, compatible with the familiar Arduino IDE.
The Arduino Portenta X8: a secure and compliant SoM
The EU estimates that the new CRA regulations could save €180-290 billion each year by reducing cyberattacks. As the IoT industry continues to evolve, the importance of cybersecurity cannot be overstated. The Arduino Portenta X8’s CRA compliance sets a new standard for security in the industry, paving the way for a safer and more secure future for IoT devices.
Cybersecurity is crucial in the IoT industry
In conclusion, the Arduino Portenta X8’s achievement is a significant milestone in the IoT industry, demonstrating the importance of prioritizing security in device development. As the EU’s Cyber Resilience Act takes effect, we can expect to see a shift towards more secure and compliant devices, ultimately leading to a safer and more secure digital landscape.
The future of IoT devices is secure and compliant