SciTransfer
CUSTODES · Project

Agile Cybersecurity Certification Platform for Complex ICT Products and Services

digitalPilotedTRL 6

Imagine trying to get a safety certificate for a Lego castle where every brick comes from a different company. Instead of checking every single brick one by one every time you add a new one, this tool lets you reuse previous checks and share them securely. It acts like a trusted digital bridge where the maker and the inspector can agree on security rules without leaking secrets.

By the numbers
18
Total partners
11
SMEs in consortium
3
Validation pilots
72%
Industry ratio
The business problem

What needed solving

Cybersecurity certification for complex ICT products is currently too slow, expensive, and rigid. Vendors struggle to maintain certifications when updating individual components of a composite system.

The solution

What was built

A Composite Inspection and Certification (CIC) platform featuring a Dynamic Risk Assessment (DRA) component and a cryptographically enforced Trusted Execution Environment.

Audience

Who needs this

ICT product manufacturersCybersecurity certification bodiesSaaS providersEmbedded AI developers
Business applications

Who can put this to work

Consumer Electronics
SME
Target: Smart Home Device Manufacturer

If you are a manufacturer dealing with complex products made of multiple third-party components — this project developed a Composite Inspection and Certification system that makes the certification process more agile and less costly.

Artificial Intelligence
any
Target: AI Software Vendor

If you are a vendor dealing with embedded AI components that need strict security validation — this project developed a platform with a Dynamic Risk Assessment component that helps generate security profiles quickly.

Cloud Computing
enterprise
Target: SaaS Provider

If you are a service provider dealing with the need for continuous security updates and maintenance — this project developed a trusted execution environment that ensures a secure chain of custody during assessment.

Frequently asked

Quick answers

How does this reduce the cost of certification?

The platform enables information sharing and re-use of certification data for building blocks, which makes the process more efficient and less expensive for the industry.

Can this be scaled to different types of ICT products?

Yes, it is designed for composite ICT products, services, and processes across multiple assurance levels, including those with embedded AI.

Who owns the IP or how is it licensed?

Based on available project data, specific licensing terms are not mentioned, but the project involves 18 partners including 11 SMEs.

Does this help with EU law compliance?

Yes, it specifically targets the requirements introduced by the EU Cybersecurity Act (EUCSA) and the Cyber Resilience Act (CRA).

What is the timeline for deployment?

The project runs from 2023-10-01 to 2026-09-30, with a first prototype already developed as of month 18.

How does it integrate with existing vendor tools?

The platform is designed to overlap and interact with existing risk management and continuous integration tools used by vendors.

Consortium

Who built it

The consortium is heavily industry-driven with a 72% industry ratio, comprising 13 industrial partners, 11 of which are SMEs. This strong commercial presence, combined with 3 Conformity Assessment Organizations and leadership by RISE, suggests the output is designed for immediate market utility rather than purely academic research.

How to reach the team

Contact RISE Research Institutes of Sweden AB

Next steps

Talk to the team behind this work.

Contact us to connect with the CUSTODES consortium for pilot opportunities.