When UNECE WP.29 came into force, it transformed the global automotive industry. For the first time, cybersecurity became a mandatory requirement for modern vehicles — not a marketing feature, not a technical add-on, but a regulated obligation. WP.29 forced manufacturers to rethink how vehicles were designed, updated and secured, requiring formal Cybersecurity Management Systems (CSMS) and Software Update Management Systems (SUMS) across the entire vehicle lifecycle. This marked a significant global regulatory shift, as vehicle regulations now establish mandatory cybersecurity management systems, compliance protocols, and safety standards to ensure the security and reliability of connected vehicles worldwide.

The automotive industry is undergoing a profound transformation. With vehicles now functioning as software-defined, connected platforms, manufacturers face unprecedented security challenges. From over-the-air (OTA) updates and telematics to ADAS, battery systems and mobility services, every vehicle today relies on digital identities and cryptographic trust.

Automotive programs are moving faster than many engineering teams planned for. Regulatory pressure — from UN R155/R156 (WP.29) and ISO/SAE 21434 to the forthcoming EU Cyber Resilience Act — is reshaping expectations for how identity, signing, and software integrity are managed across the entire ECU and OTA lifecycle. At the same time, SERMI is redefining workshop and diagnostic access, introducing strong authentication into processes that were previously loosely governed.

In a world where billions of devices now shape our connected reality, IoT security has evolved from an IT problem to a board-level priority. As the iot ecosystem grows—an interconnected network of devices, systems, and infrastructures—comprehensive iot security solutions have become essential to protect, manage, and scale these environments. Yet despite the growing awareness, one challenge remains stubbornly persistent — the management and protection of unmanaged devices. These devices, often invisible to traditional IT systems, create blind spots that attackers exploit with increasing precision.

As the Internet of Things (IoT) continues to expand across industries, risk management has become one of the most pressing challenges for security and compliance leaders. The convergence of AI and IoT (ai iot) is accelerating this transformation, introducing new opportunities but also creating a more complex risk landscape that requires advanced approaches to risk management. With billions of devices now interconnected — from industrial sensors and medical devices to vehicles and energy systems — cyber physical systems form the backbone of modern IoT deployments, further increasing the potential attack surface and vulnerability to cyber threats.

In 2025, machine identities outnumber human identities by a factor of 40 to 1. Every connected sensor, gateway, vehicle, and robot depends on a digital credential to prove its authenticity and secure its data. These digital credentials serve as unique identifiers for devices, enabling secure communications and access control.

In 2025, digital transformation has pushed operational technology (OT) and information technology (IT) closer than ever before. Manufacturing plants, hospitals, smart cities, and energy grids now depend on billions of connected devices — yet this connectivity has brought a complex new security challenge: maintaining visibility and control across every asset. The proliferation of many IoT devices within these environments complicates visibility and control, as organizations must now manage and secure an ever-growing number of endpoints.

Across every sector, from manufacturing and healthcare to automotive, energy and critical infrastructure, organisations are facing a rapidly growing challenge: how to secure millions of connected devices without expanding security teams, budgets or risk exposure. Machine identities have become the backbone of trust for IoT and OT ecosystems, yet most organisations still manage them manually or through fragmented, supplier-led processes. Business leaders must recognize that securing machine identities is a strategic business issue impacting compliance, financial outcomes, and overall business performance.

For many organisations, cybersecurity is viewed as a cost of doing business — a necessary but difficult-to-quantify expense. However, the initial investment required for IoT security is substantial and essential for achieving long-term value, innovation, and competitive advantage. Yet in the world of connected devices, security is not just a cost centre; it’s a measurable investment in resilience, efficiency, and compliance.