Compliance and regulations

ST's new CRA webpage helps you understand your compliance obligations and how ST's products and expertise can support your journey.  If you're designing products with digital elements for the European market, the EU Cyber Resilience Act (CRA) is already on your radar. With reporting obligations starting September 11, 2026, and full compliance enforcement from December 11, 2027, the clock is ticking for manufacturers to get their processes in order.  To help you get ready, ST has launched a CRA resource hub designed specifically for developers and product teams.  What obligations the CRA brings and how ST helps you address them  The hub breaks down the key obligations you must address when shipping products with digital elements:  Secure by design: products must be designed with security from the outset, with minimal cybersecurity vulnerabilities  Conformity assessment: products must be assessed against essent

Security is now a core part of product development. The EU’s Cyber Resilience Act (CRA) and Radio Equipment Directive (RED) have set mandatory cybersecurity and safety standards for connected digital and radio devices. The CRA is a new EU law requiring connected digital products to meet strict cybersecurity standards throughout their lifecycle, protecting users and reducing cyber risks. The RED is an EU regulation ensuring radio and telecom devices are safe, free from harmful interference, and equipped with essential security features for reliable wireless communication. As developers, integrating these requirements early helps build secure, reliable products that protect users, avoid costly penalties, and maintain market access. These regulations are designed to close security gaps early in the product lifecycle, ensuring devices are secure by design, regularly updated, and capable of resisting attacks. Non-compliance not only risks user safety and data integrity b

Over the past decade, cybersecurity regulations have become increasingly stringent, especially in specific industries like aviation, medical, and automotive. The new European law Cyber Resilience Act (CRA), published in December 2024 and set to take effect in December 2027, will extend these regulations to all remaining application fields. A critical aspect of these regulations is the tracking of vulnerabilities. In this regard, a major milestone is the accurate tracing of the software bill of materials (SBOM) for all components of a product or system, which is integral to the DevSecOps process. STM32Cube ecosystem is providing, since long, the SBOMs in all its deliverables. However, until now, such a document was made to be readable and printable by humans. To meet these demands, ST has partnered with Black Duck® to integrate machine-readable SBOMs into the STM32 software ecosystem. This collaboration leverages Black Duck’s software composition analysis tools to streamline the securit

STMicroelectronics has unveiled STPay-Topaz-2, its next-generation contactless payment card system-on-chip (SoC), offering more flexibility to support a wider variety of payment brands and ease stock management for customers. The new auto-tuning feature ensures reader-independent connection quality for an enhanced user experience, while advanced cryptography strengthens security and prepares the platform for upcoming, stronger industry standards. ST has already supplied more than three billion STPay ready-to-use solutions to the payment market. STPay-Topaz-2 now introduces a specific feature which allows preloading the greatest quantity of payment applets per orderable part number in the market, which simplifies inventory management for card manufacturers. This innovation includes a unique product versioning which embeds the latest and most popular payment applets worldwide, including both VSDC2.8.1g1 and 2.9.2 Visa applets. “Contactless payment has been a huge hit with consumers and t

ST is one of the two first companies to achieve EUCC certification in France and Europe for its ST54 product family, an all-in-one NFC controller, eSIM, and secure element for connected devices. This milestone underscores ST's commitment to providing state-of-the-art security solutions that meet the stringent cybersecurity regulations now required in Europe. With the adoption of the EU Cybersecurity Act (CSA), the European Union (EU) has introduced a new security certification scheme called "EUCC" (EU Common Criteria). The EUCC scheme aims to harmonize cybersecurity standards across all 27 member states, replacing the previous SOG-IS scheme. The EUCC will become an essential certification reference for upcoming European regulations such as the Cyber Resilience Act (CRA) and the cybersecurity update for the Radio Equipment Directive (RED). Starting in 2026, developers of connected products sold in the EU will leverage this new "EUCC" scheme, which serves as the first reference for highe