5 Years of Working Together to Secure Connected Devices

Skip to content

Five years ago, we established PSA Certified because we believed that if industry leaders united, we could break down the barriers that stopped some companies from adequately protecting their products from cyberattacks. Our four-step framework and independent evaluation scheme were developed to help them build the right level of security into their devices and assure their customers that they were following best practice.

In the years that have followed PSA Certified’s launch, the industry has responded to the initiative with this same spirit of cooperation. So, earlier this month, we decided it was time to reflect on what we’ve achieved together so far. We travelled to Nuremberg in Germany for the embedded world exhibition and conference, which is where PSA Certified began in 2019. There, we held our first meet-up with some of the companies that have adopted the scheme.

We welcomed colleagues from 20 companies for networking and conversation about the status of security in connected devices, and what’s changed in the five years. It was great to hear about the collective progress we’ve made, and the perspectives on the challenges we’re facing and what more we can do to address them. Check out the highlights reel from the show below!

We were also proud to announce that, five years on, there are more than 90 partners involved with PSA Certified and more than 200 devices have been assessed and certified as having met the relevant security requirements. The products range from microcontrollers to modules, gateways to platforms, and Root of Trust components.

PSA Certified: the Numbers


PSA Certified was launched five years ago


PSA Certified now has four levels of certification


The number of PSA Certified certifications issued under the scheme


Different PSA Certified products in the PSA Certified catalogue


PSA Certified partners with PSA Certified certifications – one of the fastest growing and valuable security ecosystems


The number of security-conscious companies that maintain PSA Certified in the weekly steering meetings

To achieve certification at one of four levels companies must demonstrate how they’re protecting their devices from the most common cyberattacks. If successful, the endorsement they receive highlights their commitment to security and it provides further evidence of the importance of partnerships to securing the Internet of Things.

In this case, software developers and device manufacturers can leverage and build on the expertise of the certifying company by choosing to use the components that have been independently assessed as having security built in.

Recognising Progress at Different Levels of Robustness

The PSA Certified Levels enable right-sized security for all different use cases. In fact, we’ve seen adoption at all PSA Certified levels in the last twelve months, and at Embedded World it was fantastic to recognise partners who have achieved new levels in the last twelve months. They included:

PSA Certified Level 1 – aligns with industry best practice and cybersecurity regulations.

PSA Certified Level 2 Ready – pre-certification assessment for IP providers.

PSA Certified Level 2 – protects against scalable, remote software attacks.

PSA Certified Level 3 – protects high-value assets from significant software and hardware attacks.

PSA Certified Level 3 Root of Trust Component – IP offers substantial protection from hardware and software attacks.

Introducing Something New: PSA Certified Level 4

Other developments, also announced at embedded world, included the addition of a fourth level of certification for PSA Certified, which was included in response to advances in artificial intelligence (AI).

At PSA Certified Level 4 iSE/SE, a secure enclave or secure element is used to safeguard AI models and data from sophisticated attacks. Infineon, a partner we’ve worked with from the outset of PSA Certified, is the first company to design for this new standard. Its PSOC™ Edge E8x MCU product family is currently being evaluated. Erik Wood, Senior Director, IoT Secure MCU Products at Infineon said in a recent media release:

In the age of AI, the risks of insecurity are immense and increasing. I’ve backed PSA Certified since launch and I am impressed by its success in uniting the technology ecosystem around the common goal of improving trust and security within the connected device ecosystem, while aligning to emerging government standards and legislation. The launch of PSA Certified Level 4 iSE/SE takes that one step further. With this new level, the electronics industry is better able to protect against the growing advancement of attack methods driven by the explosion of machine learning, generative AI and LLM.

Erik Wood, Senior Director, IoT Secure MCU Products at Infineon

Looking to the Future

Embedded World is an important event for us – not just because of the developments highlighted above but also because it gives us a chance to hear from our partners. This year, many people told us that they’re preparing for the new cybersecurity security laws and baseline requirements that are being introduced, in the UK and EU, in particular.

PSA Certified Level 1 helps companies align with the major security requirements worldwide, and we saw many examples of certified components that comply with those regulations at embedded world. It was a reminder of our partners’ proactive approach to securing connected devices and the progress we’ve made as an industry over the past five years.

We’d like to thank everyone who helped to make the event in Nuremberg a huge success. We look forward to meeting our partners and new collaborators in Germany again next year.

In the meantime, the conference may have ended, but we have a lot more security-focused content on the way. Keep in touch with us to learn more.