In an increasingly connected world, cybersecurity isn’t optional — it’s a necessity. That’s clear to all of us, isn’t it? But instead of just talking about it, we’re actually implementing it, and TÜV Rheinland has confirmed our efforts with IEC 62443 certificates.

Our secure product development process has been recertified according to IEC 62443-4-1, covering seven business units. Additionally, our mGuard security routers have achieved IEC 62443-4-2 certification. These certifications highlight our commitment to the high security standards and compliance with the latest EU regulations.

Comprehensive Certifications for Maximum Security

Since our first TÜV certification in 2018, we’ve laid a solid foundation for our cybersecurity measures. Today, we celebrate the certification of seven business units to Maturity Level 3 according to IEC 62443-4-1. This achievement is a key part of our 360-degree security concept, making sure our products and systems stay secure throughout their lifecycle.

Our journey doesn’t stop there. In 2021, our PLCnext Control became the first controller on the market to achieve IEC 62443-4-2 SL2 certification. We’ve since applied Secure by Design development processes to a range of products, including controllers, firewalls, switches, routers, and power supplies. And guess what? Our mGuard router’s recent IEC 62443-4-2 certification confirms that it meets the high security standards for production facilities, maintaining Security Level Capability SL-C 2 through regular firmware updates and software maintenance.

With a double-digit number of IEC 62443-4-2 compliant products in 2025, we ensure that systems you plan today will meet the high-security standards even after new cybersecurity laws such as the CRA come into effect. This gives you the planning certainty you need to meet the increasing security requirements in the future.

The Role of Our PSIRT

Another milestone is the certification of our Product Security Incident Response Team (PSIRT). This team is responsible for identifying and analyzing security vulnerabilities, coordinating internal product experts, and publishing security advisories. The certification confirms our ability to respond quickly and effectively to security incidents and provide the best possible protection. For you, this means the assurance that our products are developed according to the highest security standards and that security incidents are handled quickly and effectively. Your automation systems are thus well protected.

Meeting the Latest Legal Requirements

Increasing networking in industry means that machine and plant manufacturers are faced with growing cyber security requirements. The IEC 62443 series has been an established security standard for the industry for many years. In particular, the use of IEC 62443-4-2 certified products is increasingly helping companies to meet legal requirements efficiently. The EU cybersecurity laws, such as the Cyber Resilience Act (CRA), the EU Machinery Regulation (MVO), and the NIS2 Directive, set high demands for cybersecurity.

The Cyber Resilience Act (CRA) establishes common cybersecurity standards for products with digital elements and requires manufacturers to ensure their products are secure throughout their entire lifecycle. The EU Machinery Regulation (MVO) emphasizes the importance of cybersecurity in relation to functional safety in machine design, requiring machines to be protected against cyber threats throughout their lifecycle. The NIS2 Directive aims to ensure a high common level of cybersecurity across EU member states, defining coordinated security measures, risk management, and incident reporting for a large number of companies in the EU.

A legal framework has been created at European level to increase the resilience of products to cyber threats within the European Union. These include the aforementioned Cyber Resilience Act (CRA), the Radio Equipment Directive (RED) and the Machinery Directive for machinery. For all of these laws, the standards from the IEC 62443 series are used to meet harmonized standards.

In summary, following the IEC 62443 standards already fulfills a large part of the cybersecurity requirements defined at European level for products and industrial systems. In addition, certified products and systems not only offer the highest level of security, but also provide a basis for compliance with European requirements for operators, such as the NIS 2 Directive.

Ready for the Future

With the IEC 62443 certifications, we demonstrate our commitment to meeting the high security standards and complying with EU cybersecurity laws, such as the Cyber Resilience Act (CRA), the EU Machinery Regulation (MVO), and the NIS2 Directive. The certifications are an essential part of our 360° security concept, which aims to ensure the security of our products and systems throughout their entire lifecycle. We understand cybersecurity holistically, from product development to implementation in solutions and secure network designs to regular security gap reviews. In short: we think about security holistically for you.

Want to dive deeper?

In case you want to read more about industrial cybersecurity we welcome you to Phoenix Contact’s main page about industrial security. Discover the full potenial of a 360-degree security concept and get inspired by the holistic product and service portfolio of Phoenix Contacts Industrial Security.