Quectel Wireless Solutions has announced that its cybersecurity program for its IoT module portfolio now meets the requirements of the European Union’s Cyber Resilience Act (CRA), well ahead of the regulatory deadline of September 11, 2026. By aligning its product security framework with the CRA’s requirements, Quectel aims to help customers deploy IoT devices with built-in security, transparent software documentation, and structured vulnerability management. This milestone reinforces the company’s commitment to delivering secure, reliable, and future-ready IoT solutions to both European and global markets.

As IoT deployments continue to expand across industries such as manufacturing, healthcare, automotive, and smart infrastructure, cybersecurity requirements are becoming increasingly strict. The European Union introduced the Cyber Resilience Act to ensure that connected devices maintain strong security controls throughout their entire lifecycle. Consequently, manufacturers must now demonstrate compliance through clear documentation, vulnerability reporting, and continuous security updates. Quectel’s proactive compliance approach enables customers to meet these regulatory expectations without additional complexity.

Cyber Technology Insights: Asimily Adds Enhanced IoT Password Management and Device Patching

To achieve this milestone, Quectel has worked closely with Finite State, a recognized leader in connected device and software supply chain security. Through this partnership, the companies have focused on ensuring that Quectel’s IoT modules align with the EU Cyber Resilience Regulation and other international cybersecurity standards. Additionally, the collaboration highlights Quectel’s commitment to transparency, regulatory alignment, and continuous security improvement.

“Finite State has been working with Quectel as an external cybersecurity firm for more than three years, which underscores how important module security is to us,” said Willis Yang, Senior Vice President, Quectel Wireless Solutions. “Compliance and security are key elements of our product design approach. Having Finite State test and verify the security of our products is another important aspect that ensures our customers receive high-quality and extremely secure products.”

Furthermore, Quectel’s cybersecurity strategy integrates rigorous testing and validation throughout the product lifecycle. IoT modules undergo comprehensive security validation conducted by Finite State, ensuring that each module is pre-tested before reaching customers. In addition, these modules are delivered with auditable security documentation, including software bills of materials (SBOMs), Vulnerability Exploitability eXchange (VEX) files, and detailed vulnerability assessment reports. This documentation enables organizations to clearly understand the software components within devices and maintain compliance with regulatory audit requirements.

“Our partnership with Quectel demonstrates a clear, measurable commitment to cybersecurity that meets regulatory requirements,” said Matt Wyckhouse, CEO of Finite State. “By conducting continuous security testing throughout the product lifecycle and providing complete transparency through software bills of materials, Quectel has been a leader in the module industry with its cybersecurity approach for well over four years. This disciplined, standards-based approach enables customers to meet their security and reporting obligations with greater confidence and security.”

Cyber Technology Insights: Variscite & Check Point Partner to Boost IoT Security

Under the EU Cyber Resilience Act, manufacturers must maintain security throughout the entire lifecycle of their devices. This includes providing timely software updates, managing vulnerabilities effectively, and maintaining documentation that proves compliance with regulatory standards. As a result, companies must implement robust processes that address both development and post-deployment security responsibilities.

Through its collaboration with Finite State, Quectel has strengthened its cybersecurity capabilities in three critical areas. First, the company conducts rigorous independent security testing that goes beyond internal validation, allowing external experts to assess and verify device security. Second, Quectel provides complete visibility into the software supply chain by documenting every component integrated within its modules, ensuring transparency and regulatory compliance. Finally, the company maintains comprehensive risk management processes supported by continuous monitoring and structured remediation strategies.

Overall, these efforts enable Quectel to stay ahead of evolving regulatory frameworks and cyber threats. By proactively aligning with the EU Cyber Resilience Act, the company not only protects its customers’ IoT deployments but also contributes to building a more secure and trustworthy global connected device ecosystem.

Cyber Technology Insights: Mavenir & Terrestar Make First Satellite Voice Call on NB-IoT

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com