ETSI EN 303 645 is a world class standard for the security of Consumer IoT products. The new tool conformXpert allows to easily perform conformance assessments based on ETSI EN 303 645 with the test methodology of ETSI TS 103 701. The tool e.g., enables the simple creation of an Implementation Conformance Statements (ICS) and automatically generates the necessary IXITs for requesting documentation. conformXpert helps you complete the IXITs with guidance. The CRA product requirements will be closely aligned with EN 303 645. Therefore, you can use the tool to prepare yourself for the CRA.

Confidential Computing secures data-in-use by leveraging hardware-based Trusted Execution Environments (TEEs) and Remote Attestation. This session explores how the technology reduces the trust gap in cloud and edge environments, covering TEE architecture principles, attestation flows, and secure secret provisioning patterns. Real-world use cases and practical implementation considerations are examined. The presentation provides security professionals with foundational knowledge for understanding and building robust Confidential Computing solutions.

Post‑quantum cryptography (PQC) migration poses significant strategic and operational challenges, as current RSA‑ and EC‑based systems risk becoming vulnerable with the advent of large‑scale quantum computers. Organizations must weigh short‑term mitigation measures against their limited long‑term effectiveness. A sustainable approach requires adopting PQC‑capable infrastructures, which includes redesigning key management architectures, updating chip‑card–based processes, and renewing the public key infrastructure. The transition introduces substantial complexity, particularly regarding certificate renewal cycles, key custodianship models, and the re‑encryption of sensitive archived documents.

A Trusted Execution Environment (TEE) is a secure area of the main processor of a connected device that ensures sensitive data is stored, processed, and protected in an isolated and trusted environment. A TEE is a key component to enable secure applications such as identification and payment. However, there are currently no suitable & mature TEE solutions for RISC-V, and current TEEs are also not yet secure against the threat of quantum computers. This talk will present our ongoing research work on enabling post-quantum security for TEEs on RISC-V, based on the open-source RISC-V SoC framework Chipyard and the open-source TEE framework Keystone. This includes algorithm selection, implementation optimization and hardware acceleration. Our results show that a post-quantum secure TEE is feasible for RISC-V, though more work is needed for a mature commercial solution.