Compliance Reporting
Compliance evidence generated as a byproduct of normal operations. Every provisioning event, configuration change, and access event logged automatically, mapped to CRA, NIS2, PSTI, IEC 62443, and ETSI EN 303 645.
Regulatory context: A wave of regulation is arriving: the EU Cyber Resilience Act (CRA), NIS2 Directive, UK Product Security and Telecommunications Infrastructure Act (PSTI), and the UK Cyber Security and Resilience Bill. Penalties are significant and timelines are short. SIMSY generates the compliance evidence you need as a natural byproduct of platform operations.
Regulation is arriving and most businesses are not ready
CRA, NIS2, PSTI, and the UK Cyber Security and Resilience Bill are introducing mandatory security and reporting requirements for connected devices. The penalties are significant, the timelines are short, and most businesses do not know where to start.
- CRA, NIS2, PSTI, and UK CSR Bill all introduce mandatory requirements
- Penalties for non-compliance are significant and enforceable
- Most businesses do not know where to start with compliance evidence
- Manual compliance reporting is expensive and error-prone
Compliance evidence as a byproduct of operations
SIMSY logs every event automatically as part of normal platform operations. Provisioning records, configuration history, state transitions, and access events are all captured without any additional effort, and they map directly to regulatory frameworks.
- Every event logged automatically, no manual recording required
- Evidence maps directly to CRA, NIS2, PSTI, IEC 62443, and ETSI EN 303 645
- Compliance data generated as a byproduct, not a separate workstream
- Audit-ready records available on demand
What the platform delivers
Provisioning Logs
Every device provisioning event is recorded automatically. When a device was provisioned, what configuration it received, and what credentials were issued, all logged with timestamps.
Configuration History
Full history of every configuration change across your fleet. What changed, when it changed, and who or what triggered the change, all recorded and available for audit.
State Transitions
Every device state change is logged. Online to offline, carrier changes, session resets, firmware updates, a complete timeline of device behaviour for compliance evidence.
Access Events
Every remote access session, CLI command, and management action is logged. Who accessed what device, when, and what actions were taken, all recorded automatically.
Device Inventory
A live, accurate inventory of every connected device in your fleet. Device type, firmware version, configuration state, and connectivity status, always up to date.
Network Events
Carrier registrations, data sessions, network transitions, and connectivity anomalies, all logged at the network layer for a complete picture of device communications.
Before and after SIMSY
What this means for your operation
Frequently asked questions
SIMSY generates evidence that maps to the EU Cyber Resilience Act (CRA), NIS2 Directive, UK Product Security and Telecommunications Infrastructure Act (PSTI), IEC 62443 (industrial cybersecurity), and ETSI EN 303 645 (consumer IoT security).
No. SIMSY logs every relevant event automatically as part of normal platform operations. Provisioning, configuration changes, state transitions, and access events are all captured without any additional setup or manual recording.
Compliance records are available on demand through the SIMSY platform and API. You can pull event logs, configuration history, and device state data at any time without advance preparation.
Penalties vary by regulation. The CRA can impose fines up to 15 million euros or 2.5% of global turnover. NIS2 penalties can reach 10 million euros or 2% of turnover. PSTI enforcement is already active in the UK. The timelines and penalties make early preparation important.
Ready to simplify compliance?
Talk to us about generating compliance evidence automatically. No separate workstream, no manual recording, no last-minute audit preparation.