The CUSTODES project was presented during the “CSA & CRA: Mandatory Cybersecurity Requirements for Digital Products in the EU” workshop, organised within the PatrasIQ Innovation and Technology Transfer Exhibition. The workshop gathered researchers, industry representatives, and SMEs interested in understanding the upcoming European cybersecurity regulations and their impact on digital products and services.

During the session, the CUSTODES platform was introduced.

The presentation highlighted how the platform can contribute to strengthening cybersecurity practices and improving compliance readiness for organisations operating in advanced connectivity ecosystems.

A key focus of the workshop was the Cyber Resilience Act (CRA) and the Cybersecurity Act (CSA)—two major EU regulatory frameworks shaping the future of cybersecurity in Europe.

To watch the workshop session, see the video below:

The CUSTODES project was presented at the globally renowned Mobile World Congress 2026, held in Barcelona, Spain and organised by GSMA. As one of the most influential events in the telecommunications and digital connectivity ecosystem, the congress brought together industry leaders, technology providers, policymakers, and research organisations working on the future of global connectivity.

Within this dynamic environment, CUSTODES was disseminated by the consortium partner i2CAT Research Center through printed project flyers displayed and distributed at the organisation’s booth. The materials introduced visitors to the project’s objectives, technological approach, and expected impact, highlighting its role in enabling secure and resilient communications in space-enabled and hybrid network environments.

During the event, the CUSTODES initiative was also presented through bilateral meetings and informal discussions with industry representatives, research organisations, and technology stakeholders visiting the booth. These exchanges provided an opportunity to explain the project’s vision and discuss its potential contribution to secure next-generation connectivity infrastructures, particularly in the context of satellite communications and Non-Terrestrial Networks (NTN).

Participation in MWC 2026 allowed CUSTODES to reach a broad international audience, including telecom operators, satellite service providers, technology vendors, and innovation stakeholders interested in the evolution of 5G/6G and space-enabled communications.  

Overall, the event provided significant added value for CUSTODES. Being present at such a high-profile global gathering for telecommunications innovation enabled the project to position itself within the rapidly evolving landscape of next-generation connectivity and secure communication infrastructures. 

For more information about the event, visit the official website of Mobile World Congress 2026.

Introduction

Across Europe, cybersecurity has become a defining priority as products with digital elements permeate every aspect of society and the economy. The Cyber Resilience Act (CRA) represents one of the EU’s most significant regulatory initiatives in this area, aiming to ensure that products with digital elements are designed, developed, and maintained with security in mind. Complementing this regulatory effort is a number of standardization activities now underway, which will provide the technical guidance and for the basis for manufacturers to fulfil the CRA’s requirements. Together, these developments mark a major step toward strengthening cyber-resilience across the EU.

Understanding the Cyber Resilience Act

The CRA establishes a unified set of cybersecurity obligations for products with digital elements placed on the European market. Its purpose is to ensure that such products enter the market without any vulnerabilities and that manufacturers take responsibility for cybersecurity throughout the product lifecycle.

The regulation emphasizes secure-by-design and secure-by-default practices, requiring manufacturers to integrate cybersecurity considerations from the earliest stages of development. It also mandates processes for vulnerability handling, transparency for users, and timely security updates. By harmonizing rules across EU Member States, the CRA reduces fragmentation and improves trust in the internal market. Ultimately, it shifts cybersecurity from a patch-based, reactive activity to proactive and continuous responsibility.

The Techritory Forum is bringing together innovators, SMEs, and industry leaders for the Cyber Security & Resilience Workshop, and CUSTODES is thrilled to be part of it. With cyber threats on the rise and new EU regulations like the Cyber Resilience Act (CRA) coming into play, this workshop is a great opportunity for SMEs to explore tools that make cybersecurity certification easier and more affordable.

Hosted at the ATTA Centre in Riga from 10:30 to 16:00, the workshop is co-organized by p-NET, a CUSTODES partner from Greece, and features four EU-funded projects: NATWORK, SAND5G, CURIUM, and CUSTODES. The event splits into two parts: the first dives into securing future 5G/6G networks for critical sectors like healthcare and energy, with SAND5G and NATWORK showcasing risk assessment and AI-driven resilience tools. The second part, where CUSTODES participates, focuses on certification solutions to help businesses meet EU standards.

The workshop also features a Demo Exploration Hour, a hands-on session to test Cybersecurity Certification with CUSTODES, designed specifically for SMEs looking to navigate CRA and EU Cybersecurity Act requirements. Here’s what you’ll get to do:

• Demo the Platform: See how the CUSTODES platform simplifies assessing and certifying ICT products for cybersecurity compliance.
• Test It Out: Try the platform in our restricted testing environment with sample scenarios, offering a safe way to understand the certification process.
• Give Feedback: Share your thoughts through short questionnaires to help us tailor the platform to SMEs needs.

This session is part of Pilot 3’s preparatory phase, where we’re inviting external SMEs to test the CUSTODES platform and sign up for deeper validation activities, like tailored mentoring and workshops. It’s a chance to save time and costs, build customer trust, and stay competitive in a secure digital market.

Join us in Riga to test our tools and connect with others shaping Europe’s digital future. The event is free, but registration is required via the Techritory website dedicated form. Want to know more about CUSTODES or how to be involved in the tailored mentoring activities? Contact Esther Garrido at [email protected]

In today’s fast-moving digital landscape, having the right environment to test and validate new technologies is just as important as the innovations themselves. The CUSTODES Project benefits from advanced Test and Experimentation Facilities (TEFs), such as p-NET’s. Purpose-built for experimentation, p-NET offers a carrier-grade 5G Standalone (SA) environment that combines commercial-grade robustness with flexibility for research, development, and pre-commercial testing.

A Complete 5G Playground

At its core, the TEF provides a complete 5G testbed designed to accelerate innovation. The facility brings together all the components needed to evaluate complex use cases under real-world conditions:

Cybersecurity in the Internet of Things: conformity self-assessment of an Ambient Intelligence System with CUSTODES

In today’s highly connected society, the Internet of Things (IoT) is all around us. More and more, connected devices are found not only in industrial scenarios, but also in everyday life. Many objects and devices are now equipped with sensors, software and other technologies that enable them to connect with each other and with the Internet, allowing for data storage and exchange.

Specifically, there is a broader transformation occurring in the context of home and building automation. The deployment of new technologies and advanced equipment can improve the quality of daily life, provide easy access to many functions remotely, or allow the use of natural interfaces, such as motion and gestures, for controlling lighting, climate, door automation or appliances. These advancements contribute to better living conditions, higher quality, accessible, more affordable, and sustainable housing.

From a security perspective, the deployment of IoT devices and services in a smart home or building environment raises several important issues such as data privacy, user profiling, and physical security.

Special attention should be given to the sensitive data stored and transmitted within the IoT network in the context of home automation. Without proper security measures implemented during device development, this information could be vulnerable to potential attacks.

Moreover, the EU has recently introduced the Cyber Resilience Act (CRA), a regulatory framework aimed at strengthening cybersecurity requirements for products with digital elements. The CRA obliges manufacturers to ensure that connected products are designed, developed, and maintained with appropriate security measures throughout their lifecycle. This includes vulnerability management processes, regular software updates, and transparent security documentation. This regulation aims to reduce cybersecurity risks and enhance user trust by ensuring a higher baseline of digital resilience across the EU market.

As a result, the conformity self-assessment of these Information and Communication Technology (ICT) products, services or processes becomes a critical need.

The role of i2CAT

The i2CAT Foundation (https://i2cat.net/) is a technological research and innovation centre that leads R&D&i activities around advanced digital technologies including their architecture, applications, and services. Since 2003, the research centre has been dedicated to designing, building and promoting the digital society of the future through the knowledge generated in the development of projects and activities in the fields of 5G/6G, IoT, immersive and interactive technologies, cybersecurity, artificial intelligence, blockchain, space communications and digital society technologies.

i2CAT’s activities are structured around three main areas:

• Research, playing a key role in the EU Framework Program for Research and Innovation.
• Strategic Projects, leading local initiatives that strengthen the digital policies of public administration.
• Technology Transfer, fostering R&D collaboration with companies to develop innovative market-oriented solutions.

I2CAT contributes to the CUSTODES project by providing a Use Case on its Ambient Intelligence service. This service involves the deployment of various IoT sensing and actuator devices, as well as an IoT gateway/edge device, inside a home environment. These components collect environmental and contextual data, which are then sent to an application capable of making intelligent decisions or triggering actions (e.g., increase the heat) in an individual or cooperative manner. The IoT sensing and actuator devices include various physical sensors, such as temperature, presence, microphone sensors, and among others. Specifically, a sensing device is equipped with a camera that supports AI-based       proximity detection. The IoT gateway/edge device serves as the central hub of the system and is responsible for data collection, aggregation, and local processing.

As an illustration of the architecture of the use case, the following figure depicts the different IoT sensor and actuator devices and how they interact, connect and collaborate to provide an Ambient Intelligent service.

What does CUSTODES do?

Given the need for secure ICT Products, Services and Processes and in line with regulatory frameworks like the CRA, CUSTODES aims to provide trustworthy, cost-effective, agile and portable conformity assessment capabilities. In this pilot, CUSTODES will focus on providing the means and the implementation of conformity self-assessment of the Ambient Intelligence service by following an innovative approach that:

• Derives a statement of conformity of composite ICT service / product based on conformity self-assessment. 
• Utilises existing information of the certification status of the building blocks to facilitate the composite conformity self-assessment. 
• Carries out a cybersecurity conformity self-assessment involving AI. 

For more information, visit the CUSTODES Project website (https://custodes-project.eu) 

On March 12th, 2025, CUSTODES was presented during the Cybersecurity Cluster Synergies Webinar, organized by the COevolution project. The event aimed to foster collaboration among Horizon Europe projects working in cybersecurity, with a focus on knowledge exchange and aligning strategies across initiatives.

Representing the CUSTODES consortium, Simon Bouget from RISE Research Institutes of Sweden introduced the project’s objectives and approach to certification-driven cybersecurity for IoT and edge devices. His presentation highlighted CUSTODES’ role in contributing to a more secure and trusted digital environment through automation, conformity assessment support, and alignment with EU cybersecurity frameworks, including the Cyber Resilience Act (CRA).

The webinar featured multiple Horizon Europe-funded projects — including COevolution, CyberSecDome, and TRUSTEE — and encouraged dialogue around shared challenges, research goals, and potential synergies across domains such as risk assessment, secure architectures, and regulatory compliance.

For a full summary, visit the COevolution website:
https://coevolution-project.eu/fostering-eu-collaboration-coevolution-joins-cybersecdomes-cluster-synergies-webinar/

Stay connected as CUSTODES continues to engage with fellow EU cybersecurity initiatives to amplify collective impact and promote secure digital transformation across Europe.

On April 30th, 2025, Trustilio, a member of the CUSTODES consortium, participated in the “AI & Security” webinar hosted by the Smart Networks and Services Joint Undertaking (SNS JU). The event focused on the intersection of artificial intelligence and cybersecurity within the evolving landscape of smart networks and digital infrastructure.

Dr. Nineta Polemi, representing Trustilio, contributed to the expert discussion, which brought together EU-funded research projects addressing critical security challenges in AI-enabled systems. The webinar provided a valuable platform for exchanging insights on securing intelligent, interconnected environments.

During the session, CUSTODES was presented as a relevant EU-funded initiative working toward certification-driven security for IoT and edge devices, in alignment with emerging European regulatory frameworks such as the Cyber Resilience Act (CRA) and EUCC.

Further details and agenda available on the SNS JU website:
https://smart-networks.europa.eu/ai-security-webinar-on-30-april-2025-at-1300-cest/

Stay tuned to our news section for more updates on CUSTODES participation in key European cybersecurity events.

We are excited to share that Red Alert Labs, a core member of the CUSTODES consortium, showcased the CUSTODES project during the prestigious InCyber Forum 2025, held in Lille, France.

The InCyber Forum is one of Europe’s leading events in cybersecurity, bringing together policymakers, industry leaders, researchers, and innovators. Red Alert Labs took the stage to introduce the project’s vision and objectives to a diverse international audience, highlighting its contribution to securing the connected world through certification-driven security for IoT and edge systems.

The session emphasized the growing need for harmonized cybersecurity assurance frameworks and how CUSTODES is aligning with upcoming EU regulations such as the Cyber Resilience Act (CRA) and the EUCC. It also underlined the project’s strong technical foundation and its potential to shape future European cybersecurity certification schemes.

For more details, you can read Red Alert Labs’ event recap here:
https://www.redalertlabs.com/blog/presenting-custodes-project-at-incyber-2025

Stay tuned as CUSTODES continues to build momentum through key events and stakeholder engagement across Europe.

In June 2025, DEKRA, a core member of the CUSTODES consortium, contributed to the IEEE ICE25 Conference in Valencia, Spain by presenting research on the automation of cybersecurity certification for complex ICT systems.

Dr. Jasmin Cosic delivered the presentation, which focused on using semantic technologies and rule-based reasoning to enhance the scalability and transparency of certification processes. The research is closely aligned with the objectives of CUSTODES, supporting the development of a composite certification framework that addresses the challenges of modern, interconnected digital infrastructures.

The session emphasized how automation, when applied thoughtfully, can help align certification procedures with evolving EU cybersecurity legislation, such as the Cyber Resilience Act (CRA) and EUCC. This approach also contributes to reducing time and resource burdens while maintaining assurance quality.

DEKRA’s involvement underlines the importance of integrating industry expertise with academic and policy-driven innovation — a key strength of the CUSTODES project. Their long-standing experience in testing and certification adds strong practical grounding to the project’s efforts.

More information available on the DEKRA website:
https://www.dekra.com/en/dekra-cybersecurity-ieee-ice25-conference/

CUSTODES continues to engage with the research and industry community to push forward agile and future-proof approaches to cybersecurity assurance in Europe.