Red Alert Labs - Bringing Trust to the Internet of Things

Top 5 IoT Compliance Mistakes That Could Cost You in 2025

Sun, 08 Mar 2026 10:52:12 -0700

The IoT compliance landscape isn't what it used to be. As we navigate through 2025, what once was a set of "nice-to-have" guidelines has transformed into a mandatory gateway for getting your connected products to market. Standards like ETSI EN 303 645, the EU Cyber Resilience Act, and the updated RED Directive aren't just industry jargon anymore—they're your product's passport to global markets.

And the stakes? They've never been higher. When compliance falls short, you're not just risking a slap on the wrist. You're looking at potentially devastating financial penalties, products blocked from major markets, and the kind of brand damage that keeps executives up at night.

Years of experience working with IoT manufacturers reveal that critical mistakes are often repeated within the industry. Let's break down these five compliance pitfalls that could derail your business in 2025, and more importantly, how you can avoid them while keeping your innovation engine running.

Mistake #1: The "Set It and Forget It" Compliance Approach

Here's a scenario seen far too often: A team works tirelessly to achieve certification, celebrates their success, and then… nothing. The documentation gets filed away, and everyone moves on to the next project. Sound familiar?

This "certify and forget" mindset is perhaps the most dangerous in today's dynamic threat landscape. The EU's Cyber Resilience Act doesn't just care about security at launch—it demands ongoing vigilance. The RED Directive now requires regular security updates throughout a product's lifecycle. Standing still...Read More

Red Alert Labs: Advancing Continuous Trust for Connected Medical Devices in ENTRUST

Wed, 17 Dec 2025 08:02:53 -0800

Red Alert Labs: Advancing Continuous Trust for Connected Medical Devices in ENTRUST

Within the ENTRUST project, Red Alert Labs (RAL) is contributing to a central ambition: making cybersecurity and trust for Connected Medical Devices (CMDs) measurable, continuous, and practicable for real-world healthcare environments.

Our work is mainly focused on three complementary areas:

1. CMD trust and risk models tailored to reality
RAL has helped build a CMD-specific security and trust profile that links medical regulations (such as MDR and MDCG 2019-16) with established cybersecurity and risk standards. This profile captures how devices are actually developed, deployed and maintained, and it provides a structured way to describe threats, controls and assurance levels throughout the device lifecycle. It serves as a backbone for several ENTRUST Key Exploitable Results (KERs) related to trust assessment and conformity.

2. From one-off assessments to continuous conformity
Traditional approaches often treat cybersecurity as a checkbox at certification time. In ENTRUST, RAL works with partners to move towards continuous conformity, where evidence can be collected, updated and reused as devices evolve. We contribute to methods and toolchains that:

Red Alert Labs is excited to announce our participation in European Cyber Week 2025, taking place from 17 to 20 November 2025 in Rennes, France. This premier European forum brings together leading voices in cybersecurity, digital sovereignty, and defense AI. The event features over 20 parallel tracks, live Capture-The-Flag labs, investor pitch sessions, and 140+ exhibitors, making it a hub for innovation and collaboration in cyber defense.
We are delighted to share that Tomas Tello Loli, our Technical Business Development Manager, will be attending the event. Tomas looks forward to connecting with fellow professionals to discuss emerging threats, OT/IIoT security challenges, and potential partnership opportunities.
For more information about the event, visit the official website: https://www.european-cyber-week.eu/en
Read More

Red Alert Labs at the INCIBE International Business Forum (IBF) 2025

Mon, 03 Nov 2025 02:18:23 -0800

Red Alert Labs was proud to participate in the International Business Forum (IBF) 2025, organized by INCIBE, Spain’s National Cybersecurity Institute, held in León, Spain, on October 14–15.

Representing the company, Tomas, Technical Business Development Manager at Red Alert Labs, engaged with industry leaders and cybersecurity innovators from over 15 countries. The event offered a unique opportunity to explore new avenues for collaboration and international growth.

The IBF is a premier platform for cybersecurity companies, investors, and organizations seeking to expand their operations across borders. By participating, Red Alert Labs reinforced its mission to build trust in connected devices and empower secure digital transformation worldwide.

This participation underscores Red Alert Labs’ commitment to strengthening its presence across Europe and fostering strategic partnerships. The company continues to advance IoT and IIoT security excellence, helping industries secure their connected systems and accelerate innovation safely.

Access to international decision-makers and industry leaders across cybersecurity sectors.
Opportunities for cross-border collaboration and market expansion.
Strengthening Red Alert Labs’ visibility and thought leadership in IoT and IIoT cybersecurity.

Red Alert Labs looks forward to continuing its international engagement and leveraging these connections to support clients and partners...Read More

Red Alert Labs participe aux Premières Cyber-Rencontres : Sécuriser l’IoT industriel et la supply chain

Fri, 31 Oct 2025 06:41:12 -0700

L’IIoT apporte d’immenses gains d’efficacité aux entreprises industrielles, mais il expose également la chaîne d’approvisionnement à de nouveaux risques. Aux Premières Cyber-Rencontres, nous explorerons comment combler cet écart et renforcer la résilience des organisations face aux menaces de l’IoT industriel.

Notre contribution à l’événement

Red Alert Labs est fier de participer aux Premières Cyber-Rencontres, qui se tiendront le 28 novembre au Campus Cyber de Puteaux.

Mohamed D. Diouf, IoT Security Evaluator chez Red Alert Labs, animera une session intitulée :
« Minimiser les erreurs humaines liées à l’utilisation des IoT industriels : Former pour mieux prévenir ».

Au cours de cette session, il partagera des enseignements pratiques sur :

Les vecteurs d’attaques les plus courants visant l’IoT industriel
Les bonnes pratiques pour sécuriser l’IoT dans la supply chain
L’importance de la formation et de la sensibilisation pour une résilience durable

Aux côtés d’experts du secteur

Nous aurons l’honneur de contribuer aux côtés de :

Sylvain Guilley, CTO, Secure-IC – sur la sécurisation de l’intégration IoT dans la supply chain
Thierry Pasquelin, DSI, CHSF – sur la protection des objets connectés dans les environnements de santé

Ensemble, nous aborderons la cybersécurité de l’IoT sous ses dimensions techniques, organisationnelles et humaines.

Pourquoi cet événement est essentiel

Plus de 60 % des violations de sécurité liées à l’IoT sont dues à une erreur humaine. Sécuriser uniquement la technologie ne suffit pas : les organisations doivent développer les compétences de leurs équipes, renforcer la...Read More

RED & CRA: How to Comply Without Running Your Own Lab

Thu, 30 Oct 2025 02:31:01 -0700

Imagine a mid-sized smart device manufacturer gearing up to launch in Europe. New EU rules demand that connected products meet rigorous cybersecurity requirements, but the company actually doesn’t have an advanced security lab or a team of compliance auditors on staff. Lower-risk gadgets can sometimes be self-assessed by the manufacturer, but anything deemed higher-risk (like Class II under the upcoming Cyber Resilience Act) must be tested or audited by an independent lab. Building an in-house ISO 17025-accredited lab isn’t realistic for most vendors. The result: Looming compliance crunch of how can manufacturers meet the Radio Equipment Directive delegated act (RED-DA) and Cyber Resilience Act (CRA) mandates without running their own lab?

Why This Matters Now

In recent years, the EU has raised the bar for product cybersecurity. The Radio Equipment Directive’s delegated regulation (EU) 2022/30 activated new essential requirements (RED Articles 3.3 (d), (e), (f)) - covering network protection, data privacy, and fraud prevention - for any wireless or IoT device that connects to the Internet. These provisions became mandatory by August 2024, meaning many radio-connected consumer products must now include cybersecurity safeguards or risk being pulled from the market. In parallel, the Cyber Resilience Act (CRA) was adopted at the end of 2024 and will impose baseline security obligations on all “products with digital...Read More

Red Alert Labs Featured on IoT For All: Sharing Insights on IoT Security and Compliance

Mon, 27 Oct 2025 06:37:01 -0700

We’re excited to announce that Red Alert Labs has joined IoT For All, the leading global hub for IoT innovation, insights, and community. Our latest articles are now featured on their platform, allowing us to share our expertise with a broader audience of innovators, engineers, and decision-makers shaping the connected world.

At Red Alert Labs, our mission is to make IoT security and compliance accessible, practical, and future-ready. Being part of IoT For All gives us a valuable opportunity to share our insights and help the community stay informed about the latest trends, challenges, and solutions in IoT security.

Red Alert Labs to Speak at DEKRA’s Digital Trust Conference 2025

Wed, 15 Oct 2025 06:07:44 -0700

Are you joining DEKRA’s Digital Trust Conference online this October?

Don’t miss this major international event dedicated to trust, safety, and security in the digital world.

On October 29th at 2:30 PM CET, our Managing Director Roland Atoui will take part in a panel discussion titled:

This session will explore how manufacturers and stakeholders can navigate the evolving regulatory landscape-specifically the shift from the Radio Equipment Directive Delegated Act (RED-DA) to the Cyber Resilience Act (CRA). Attendees will gain insights into the challenges and practical strategies for ensuring compliance and building digital trust across connected ecosystems.

Panel Details:

Moderator: José Emilio Rico
Speakers: Roland Atoui, Carlos Serratos, Razvan Gavrila

Event Overview:

Name: DEKRA’s Digital Trust Conference 2025
Dates: October 29–30, 2025
Format: Online

The conference will bring together leading experts, policymakers, and industry representatives to discuss the latest regulations, cybersecurity standards, IoT security, and strategies for strengthening resilience in an increasingly connected society.

Learn more about the event

Exploring AI-Driven IoT Compliance at ETSI Security Conference 2025

Tue, 14 Oct 2025 03:12:32 -0700

The ETSI Security Conference 2025 served as an outstanding platform for professionals to explore the latest trends in IoT cybersecurity and regulatory compliance.

On October 9th, our Lead Cybersecurity Expert, Isaac Dangana, delivered a presentation titled:
“Mastering EU IoT Compliance: How AI Simplifies Cyber Resilience Act Obligations Through Standardisation.”

During his session, Isaac showcased real-world case studies illustrating how AI can help organizations efficiently navigate Cyber Resilience Act (CRA) compliance. His insights covered the full compliance journey: from risk assessment to operational implementation, all while ensuring alignment with emerging standards.

We extend our sincere thanks to the conference organizers and all attendees for their engagement, thought-provoking discussions, and shared insights. Events like these are invaluable for advancing AI-driven solutions that support secure, compliant IoT ecosystems.

Red Alert Labs at the Cyber Ireland National Conference 2025

Mon, 13 Oct 2025 02:19:21 -0700

On October 9th, Red Alert Labs had the privilege of participating in the Cyber Ireland National Conference 2025, Cyber Ireland’s flagship event connecting cybersecurity leaders from industry, academia, and government.

Our CEO & Founder, Roland Atoui, joined the panel discussion “Turning Compliance into Opportunity” alongside:

Joseph Stephens, Director of Resilience at the National Cyber Security Centre (NCSC)
Julie Austin, Legal Advisor

The panel explored the evolving landscape of EU cybersecurity regulations, with a focus on the Cyber Resilience Act (CRA). Discussions highlighted how organizations can leverage these regulations to:

Enhance operational resilience
Meet new compliance standards