How Quectel is Already Shaping the Future of IoT Security
04. July 2025 | Planegg
EU Cyber Resilience Act 2024: How Quectel Sets New Standards for Product Security with a Security-First Approach
With the entry into force of the EU Cyber Resilience Act (CRA) in 2024, the European Union is setting new benchmarks for product security, data protection measures, and the safeguarding of connected devices throughout the entire product lifecycle. While many manufacturers are still catching up, Quectel is leading by example – through a security-first approach that already meets the requirements of tomorrow.
Maximum Cybersecurity for IoT Devices: Quectel Meets CRA Requirements with International Security Standards and Independent Testing
The CRA obliges device OEMs to conduct comprehensive cyber risk assessments both before market launch and for up to ten years after placing products on the market. Quectel meets these requirements through an experienced security team that implements international standards such as ETSI EN 303 645 and EN 18031. A clearly structured PSIRT process guarantees rapid response to vulnerabilities, with reaction times well below the industry average. This ensures that data and systems remain secure at all times.
Another key element is cooperation with third-party security firms such as Finite State. More than 94% of all Quectel modules for the US market have been independently assessed and offer above-average threat protection against known and emerging threats.
Transparency is more than just a buzzword. Customers regularly receive transparency reports, SBOMs, and VEX documents that guarantee seamless traceability. Additionally, regular security updates ensure long-term protection of sensitive data during device use, storage, and transmission.
For OEMs, these measures mean one thing above all: building trust. They enable trustworthy secure connections, robust wireless communication, and future-proof solutions for critical IoT deployments. Quectel demonstrates that those who take security seriously take responsibility – actively shaping a trustworthy digital future.
Cyber Security FAQ
Quick answers on cybersecurity, compliance, and product safety.
1. What is the EU Cyber Resilience Act (CRA) 2024 and why is it relevant for IoT devices?
The EU Cyber Resilience Act (CRA) is a new European regulation that, from 2024 onwards, imposes mandatory cybersecurity requirements on connected products and their entire lifecycle. Its aim is to enhance product security, data protection, and the resilience of IoT devices against cyber threats. In particular, manufacturers of IoT solutions are required to assess and continuously address cyber risks.
2. How is Quectel already implementing the CRA requirements today?
Quectel follows a security-first approach that meets all current and future CRA requirements. Our experienced security team implements international standards such as ETSI EN 303 645 and EN 18031. Through regular independent testing and a clearly structured PSIRT (Product Security Incident Response Team), we ensure rapid response to vulnerabilities and the highest product security.
3. What role do independent security assessments play at Quectel?
Independent security assessments are a central element of our security concept. Over 94% of all Quectel modules for the US market have already been evaluated by external security firms such as Finite State. These assessments ensure that our products withstand both current and future threats.
4. How does Quectel ensure transparency towards OEM customers?
Transparency is essential for us. We regularly provide transparency reports, Software Bill of Materials (SBOMs), and VEX documents. These documents enable seamless traceability of the software components and security measures used – a crucial advantage for OEMs who need to demonstrate compliance.
5. How does Quectel respond to discovered security vulnerabilities?
The PSIRT process guarantees a structured and rapid response to security vulnerabilities. Reaction times are significantly below the industry average. We provide regular security updates and proactively inform our customers about relevant measures.
6. What benefits do Quectel solutions offer OEMs in relation to the CRA?
OEMs benefit from future-proof, robust, and trustworthy IoT solutions. Our modules support secure wireless communication and comply with all regulatory requirements of the CRA – today and in the future. This gives our customers the confidence to reliably and lawfully place their products and services on the market.
7. How does Quectel support long-term security throughout the entire product lifecycle?
We offer security updates and services for up to ten years after the product is placed on the market. This not only meets legal requirements but also enables our customers to sustainably secure their IoT deployments.
8. Why is collaboration with external partners like Finite State important for Quectel?
Partnerships with leading security firms are an integral part of our security strategy. They enable independent evaluation, increase credibility, and ensure that our solutions meet the highest international security standards.
9. How does Atlantik Elektronik support the implementation of the CRA as a partner?
As an experienced technology partner, we offer comprehensive consulting, design-in services, and support in selecting and integrating secure Quectel solutions. We accompany our customers along the entire value chain – from product development to lifecycle management.
10. Where can companies obtain further information and advice on IoT security and the CRA?
For further information and individual advice, the Atlantik Elektronik team is happy to assist you. Contact us at: info@atlantikelektronik.com or by phone at +49 89 89 505-0. We support you in making your IoT projects secure and future-proof.
