Compliance — UK CSR Bill, EU CRA, NIS2, PSTI | SIMSY
Compliance

Managed connectivity that meets compliance by design

Because SIMSY integrates security, monitoring, and logging into the network layer itself, compliance evidence is generated as a byproduct of how the platform operates.

Why This Matters

Network-layer security is different

Most security approaches operate at the application or device level. If an attacker compromises the device, they can change firewall rules and access controls. SIMSY enforces security at the network layer, routing policies, traffic restrictions, and CPL isolation operate below the device. Even if a device is compromised, the network security posture remains unchanged.

This distinction matters for compliance. Regulators are increasingly looking for security controls that cannot be circumvented by a single point of failure.

Regulatory Landscape

Current and upcoming regulations

EU Cyber Resilience Act

Upcoming

All products with digital elements sold in the EU

Timeline
Sept 2026 / Dec 2027
Maximum penalty
Up to €15M or 2.5% turnover

EU NIS2 Directive

Active

Essential/important service operators, 18 sectors

Timeline
In force
Maximum penalty
Up to €10M or 2% turnover

UK PSTI Act

Active

Consumer connectable products sold in the UK

Timeline
In force since Apr 2024
Maximum penalty
Up to £10M or 4% turnover

UK Cyber Security & Resilience Bill

Upcoming

Data centres, MSPs, EV networks, critical suppliers

Timeline
Expected ~2028
Maximum penalty
Up to £17M or 4% turnover
Technical Standards

Standards referenced by regulation

ETSI EN 303 645

Baseline standard for consumer IoT security, underpinning UK PSTI and informing CRA harmonised standards

IEC 62443

International standard for industrial automation cybersecurity, requiring zones, conduits, and security levels

NIST Cybersecurity Framework

Identify, Protect, Detect, Respond, Recover

OWASP IoT Top 10

Practical vulnerability checklist used in procurement and audit

How SIMSY Helps

Built into the connectivity, not bolted on

These are not add-on compliance features. They are how SIMSY's managed connectivity works by default.

Deploy Secure

Devices provisioned with hardened settings, unique credentials, and private network enrollment automatically via the Edge API. Default-deny architecture active from the moment a SIM connects. No factory defaults. No public exposure.

Stay Monitored

Real-time device and network monitoring, anomaly detection, automated alerting, remote updates. Network-native data collection captures telemetry without device agents. Continuous visibility that satisfies monitoring requirements.

Stay Auditable

Every event logged automatically via the SIMSY event system. Full device inventory via API. Configuration history always available. LAN device discovery records. Evidence on demand.

Understand your compliance obligations

Tell us about your connected devices and we will help you understand which regulations apply and how SIMSY can help.

Talk to usDownload the compliance guide