[Press Release] Microservice Store Launches EU CRA and UK PSTI Autonomous Compliance Solution for IoT
- Murat Cakmak
- 5 days ago
- 3 min read
Updated: 2 days ago
"Automated SBOM, vulnerability disclosure, incident reporting, and update-governance workflows, powered by iSM and embedded Microservices"
Cambridge, UK, 28 January 2026 Microservice Store today announced its EU CRA and UK PSTI Compliance Automation Framework, a device-to-cloud capability designed to operationalise key legislative obligations through its integrated Security Manager (iSM) and the Microservice Store Cloud platform. The framework is built to execute compliance workflows as a platform function, including evidence capture, SBOM handling, update governance, and regulatory reporting, rather than leaving them as manual, manufacturer-run processes.
Meeting EU CRA Obligations with Automated Evidence and Reporting
From 11 September 2026, the EU Cyber Resilience Act introduces mandatory, lifecycle-wide cybersecurity obligations for products with digital elements. These include security-by-design, maintaining an SBOM, providing security updates, and notifying the authorities of actively exploited vulnerabilities and severe incidents, including an early warning within 24 hours submitted through the CRA Single Reporting Platform to the relevant CSIRT and ENISA.
Microservice Store’s approach is to automate these duties using microservice-level software identity on the device and orchestrated workflows in the cloud. On-device, iSM enforces secure boot, secure updates with rollback protection, policy-based access control, isolation, secure storage, and attestation, then produces signed security evidence and event reports. For SBOM, each embedded Microservice is an independently identifiable binary, represented by a Unique ID, Name, Version, Hash, access rights, and certification details, depending on the market, and iSM can generate a protected attestation token that includes this inventory. In the cloud, Microservice Store correlates device evidence with SBOM metadata, triggers triage and remediation workflows, and produces reporting-ready outputs, including structured incident and vulnerability reports aligned with CRA notification timelines, when configured by the manufacturer.
Automating UK PSTI requirements for consumer connectable products
The UK PSTI regime has been in effect since 29 April 2024, and requires manufacturers to meet minimum security requirements, including unique per-product passwords or user-defined passwords, a clear mechanism for reporting security issues with acknowledgement and status update expectations, and published minimum security update periods, including an end date, in a consumer-friendly format. Microservice Store is designed to automate these requirements by maintaining per-device and per-microservice evidence, surfacing disclosure and support-period information, and orchestrating update delivery at microservice granularity so remediation can be targeted and auditable.
From monolithic firmware to auditable compliance
Microservice Store’s compliance framework is enabled by “embedded Microservices”, which break the traditional single-image firmware model into independently versioned, hashed, and upgradeable modules. This supports auditable inventory, targeted remediation, and verifiable update trails that are difficult to achieve in monolithic RTOS environments.
“Legislation is raising the baseline for every connected product, SBOM discipline, vulnerability disclosure, update transparency, and rapid incident reporting are now expected,” said M Cakmak, Founder of ZAYA. “Our goal is to make these obligations operational by default, with device-enforced evidence from iSM and automated workflows in the Microservice Store platform, so teams spend less time building compliance plumbing and more time building secure products.”
Availability
The EU CRA and UK PSTI Compliance Automation Framework is available as part of Microservice Store, powered by iSM within the Embedded Microservice Runtime.
Email: info@microservicestore.com
About Microservice StoreMicroservice Store is a marketplace and runtime ecosystem for embedded devices, enabling plug-and-play microservices that are isolated, updateable, and governed by policy, with compliance workflows designed to be automated from device to cloud.
![[Press Release] Microservice Store Announces Security Manager (iSM) for Embedded Systems](https://static.wixstatic.com/media/0cfa32_8e9871b651e748c2b9f52fe36c19a815~mv2.png/v1/fill/w_980,h_762,al_c,q_90,usm_0.66_1.00_0.01,enc_avif,quality_auto/0cfa32_8e9871b651e748c2b9f52fe36c19a815~mv2.png)
![[Press Release] Embedded Microservices](https://static.wixstatic.com/media/0cfa32_16024e27fdfe44218994afce22d10327~mv2.png/v1/fill/w_980,h_653,al_c,q_90,usm_0.66_1.00_0.01,enc_avif,quality_auto/0cfa32_16024e27fdfe44218994afce22d10327~mv2.png)