The cyber security of companies and products is playing an increasingly important role in the EU and in Germany.
Starting with the promotion of cybersecurity, through the enactment of EU legal acts, over the formulation of the EU cybersecurity strategy to the development of EU-wide certification systems, to the fight against cybercrime through programs such as EC3-Europol and funding through Horizon Europe.
In addition, there are constant developments at the national level:
Be it the critical infrastructures that will have to use attack detection systems in the near future or the obligation to take appropriate measures that should be state of the art.
Increasingly, this scope of regulated companies is being expanded, for example through the new KritisV, but also through inclusion of companies in the public interest (UBI).
PHYSEC closely follows the developments of the unified European certification framework according to the Cybersecurity Act (CSA) and adapts product strategies and consulting services in this respect.
Especially the certifications for products are significantly changed by the certification framework of the CSA for the development of European certification schemes and for the award of certificates.
As a manufacturer of secure hardware, we are also intensively considering the associated developments at national level, such as the issuing of IT security marks by the BSI, accelerated security certification (BSZ), and other product-centric certifications and proofs.
Changes to the Telecommunications Act, the Telemedia Act and the IT Security Act (as an article law) will change fundamental rights and obligations of regulated companies and use cases.
We do not focus on the legal intricacies and implications, but rather on the practical and technical implications that these changes may entail.
From new technical protection measures and their analysis, to security concepts and general documentation requirements, we have included the requirements at this technical and concrete level firmly in our business processes.
As a member of various task forces, committees, working groups and more, we actively participate in the discussion on future information security requirements.
From the evaluation of technological requirements to the opening of methodologies and legislation, we advocate on a wide range of topics.
In doing so, objectivity and compatibility with the latest research findings is one of our highest priorities.