Can embedded platforms meet cybersecurity expectations? Platforms now integrate security, lifecycle management, and transparency to align with evolving compliance demands.
SYSGO has announced that its embedded software platforms, PikeOS and ELinOS, are being positioned to support compliance with the European Union’s Cyber Resilience Act (CRA). The company’s move reflects the growing need for manufacturers and system integrators to adapt to new cybersecurity requirements across industries such as automotive, aerospace, rail, medical, and defense.
The benefit of this alignment is that organizations working with embedded systems gain tools designed to help meet CRA obligations around security by design, vulnerability management, and supply chain transparency. For developers, this means greater confidence in building systems that can withstand long operational lifecycles while remaining compliant with evolving European regulations.
The approach lies in combining architectural assurance with lifecycle support. PikeOS, a real-time operating system and hypervisor, enforces separation between critical and non-critical functions, reducing potential attack surfaces and supporting independent verification. Its Common Criteria EAL5+ certification provides a recognized assurance level for conformity assessments. ELinOS complements this by offering a customizable embedded Linux environment with integrated security features such as cryptography, secure boot, and hardened configurations, helping reduce exposure to vulnerabilities.
The features supporting this strategy include long-term maintenance with extended security updates, structured vulnerability reporting, and documented incident response processes. SYSGO also emphasizes supply chain transparency through modular architecture and Software Bill of Materials practices, giving developers clearer insight into dependencies and third-party risks. These measures are intended to help manufacturers meet CRA requirements for continuous risk management and maintain resilience against emerging threats.
“CRA compliance is not just about ticking boxes, it is about engineering embedded systems that are secure, maintainable and resilient over decades,” says Bruno Coppens, Software Security Manager at SYSGO.
