With Europe's 2027 CRA mandate, cybersecurity in EV charging infrastructure becomes a critical requirement. CyberQuanta is one of the few integrated platforms preparing for this mandate with post-quantum cryptography and hardware root of trust.
EV charging infrastructure market. 25%+ CAGR growth (BloombergNEF, IEA)
AFIR regulation — 3.5M publicly accessible charge points needed by 2030
No major EVSE manufacturer has implemented post-quantum cryptography yet
EV chargers are critical infrastructure. 2023 attacks on charging networks in UK and EU compromised payment data and user info. As connected devices grow, the attack surface expands.
Harvest-now-decrypt-later (HNDL) attacks threaten current RSA/ECDSA encryption. Quantum computers may break current encryption in 5-10 years. EV charging infrastructure has a 15-20 year lifecycle — making devices produced today vulnerable.
EU CRA (2024/2847) mandatory in 2027. SBOM, vulnerability mgmt, 5-year updates, 24h ENISA notification required. Non-compliance: €15M or 2.5% global revenue penalty. Most current manufacturers aren't ready.
Insecure firmware update mechanisms, inadequate dependency management, no SBOM. New CRA requires all digital products to document supply chain security.
NIST FIPS 203 (Kyber-1024) + FIPS 204 (Dilithium3). Hybrid TLS 1.3 for both classical and quantum security. Proactive HNDL protection.
13-article framework. SBOM pipeline (CycloneDX + VEX), 24h ENISA notification template, 5-year update commitment, coordinated vulnerability disclosure.
4 dedicated security chips: ATECC608B HSM, SLB9672 TPM 2.0, MH1905 security co-processor, STM32G474RE safety MCU. Multi-layer HW security designed in. (Integration in progress.)
9 repos, ~7,300 tests. Backend API + Firmware + 4 Frontends + Yocto BSP + SBOM + Monitoring. Single integrated solution — hardware to cloud.
Backend, 2 firmware, 4 frontend, Yocto BSP, monitoring
22 routers + 13 admin, CQRS/DDD architecture
Backend 4,888, firmware ~1,800, UI tests, compliance tests
IEC 61851, ISO 15118, OCPP, CRA, MID, CE, PQC, IEC 62443
13-article EU compliance framework
Architecture, risk, SBOM, CRA evidence, DPIA
Security platform license to EVSE manufacturers. Upfront license + annual maintenance.
Cloud-based CSMS, SBOM management, vulnerability scanning and update services.
CRA compliance consulting and integration services for existing EVSE manufacturers.
* Projections based on market growth estimates and comparable SaaS business models. Not guaranteed.
For hardware acquisition, engineering team expansion, certification processes and first customer acquisition. 18-month runway. Sufficient for production transition and first revenue.
Firmware, HW integration, certification
Dev kits, test equipment, prototype
IEC 61851, CE, MID, OCPP OCTT
First customers, pilot projects
i.MX8M Plus BSP, STM32 firmware, SPI/I2C drivers, real hardware integration. EVSE experience preferred.
PQC algorithm expert, HSM/TPM integration, secure boot, TLS configuration, penetration testing.
IEC 61851 / ISO 15118 certification process, CE marking, MID metrology, CRA audit preparation.
i.MX8M Plus supply chain delays. Mitigation: Parallel development with QEMU continues, alternative SoCs (Rockchip, Allwinner) can be supported.
IEC 61851 / CE certification may take 3-6 months. Mitigation: Software compliance tests pre-completed (112 tests). Early engagement with certification body.
Large EVSE manufacturers may develop own CRA solutions. Mitigation: PQC + CRA combo is unique. 12-18 month first-mover advantage.
~500K lines of source code. Mitigation: ~7,300 tests, CI/CD automation, 16 tech documents, modular architecture.
Acquisition by large EVSE manufacturers (ABB, Siemens, Schneider) or energy companies for security IP. 3-5 year timeframe.
Larger rounds at growth stage with valuation increase. Multiples based on SaaS metrics.
Regular royalty distribution to investors. Per-device license royalty model.