[Press Release] Microservice Store Launches EU CRA and UK PSTI Autonomous Compliance Solution for IoT

"Automated SBOM, vulnerability disclosure, incident reporting, and update-governance workflows, powered by iSM and embedded Microservices"

Cambridge, UK, 2nd February 2026 Microservice Store today announced its EU CRA and UK PSTI Compliance Automation Framework, a device-to-cloud capability designed to operationalise key legislative obligations through its integrated Security Manager (iSM) and the Microservice Store Cloud platform. The framework is built to execute compliance workflows as a platform function, including evidence capture, SBOM handling, update governance, and regulatory reporting, rather than leaving them as manual, manufacturer-run processes.

Meeting EU CRA Obligations with Automated Evidence and Reporting

From 11 September 2026, the EU Cyber Resilience Act introduces mandatory, lifecycle-wide cybersecurity obligations for products with digital elements. These include security-by-design, maintaining an SBOM, providing security updates, and notifying the authorities of actively exploited vulnerabilities and severe incidents, including an early warning within 24 hours submitted through the CRA Single Reporting Platform to the relevant CSIRT and ENISA.

Microservice Store’s approach is to automate these duties using microservice-level software identity on the device and orchestrated workflows in the cloud. On-device, iSM enforces secure boot, secure updates with rollback protection, policy-based access control, isolation, secure storage, and attestation, then produces signed security evidence and event reports. For SBOM, each embedded Microservice is an independently identifiable binary, represented by a Unique ID, Name, Version, Hash, access rights, and certification details, depending on the market, and iSM can generate a protected attestation token that includes this inventory. In the cloud, Microservice Store correlates device evidence with SBOM metadata, triggers triage and remediation workflows, and produces reporting-ready outputs, including structured incident and vulnerability reports aligned with CRA notification timelines, when configured by the manufacturer.

Automating UK PSTI requirements for consumer connectable products

The UK PSTI regime has been in effect since 29 April 2024, and requires manufacturers to meet minimum security requirements, including unique per-product passwords or user-defined passwords, a clear mechanism for reporting security issues with acknowledgement and status update expectations, and published minimum security update periods, including an end date, in a consumer-friendly format. Microservice Store is designed to automate these requirements by maintaining per-device and per-microservice evidence, surfacing disclosure and support-period information, and orchestrating update delivery at microservice granularity so remediation can be targeted and auditable.

From monolithic firmware to auditable compliance

Microservice Store’s compliance framework is enabled by “embedded Microservices”, which break the traditional single-image firmware model into independently versioned, hashed, and upgradeable modules. This supports auditable inventory, targeted remediation, and verifiable update trails that are difficult to achieve in monolithic RTOS environments.

“Legislation is raising the baseline for every connected product, SBOM discipline, vulnerability disclosure, update transparency, and rapid incident reporting are now expected,” said M Cakmak, Founder of ZAYA. “Our goal is to make these obligations operational by default, with device-enforced evidence from iSM and automated workflows in the Microservice Store platform, so teams spend less time building compliance plumbing and more time building secure products.”

Beyond Compliance: ​The IoT Transparency Portal: Beyond Compliance​

Moving beyond the constraints of static regulatory requirements, the newly launched IoT Transparency Portal marks a definitive shift toward a safer, connected future. This centralised hub serves as the cornerstone of the "Transparent IoT Era," offering unprecedented real-time security insights and vulnerability disclosures. By leveraging sophisticated edge-to-cloud automation, the portal delivers granular, module-level Software Bill of Materials (SBOMs) and live vulnerability intelligence for authorised products. More than just a compliance tool, the platform integrates directly with our embedded Microservice Runtime to proactively identify and quarantine threats at the source. This fusion of public transparency and autonomous protection redefines device integrity, empowering stakeholders with the data-driven confidence required for a modern connected world.

Watch the Product and Microservice Vulnerability Statuses Live Here: https://console.microservicestore.com/IoTTransparencyPortal

Availability

The EU CRA and UK PSTI Compliance Automation Framework is available as part of Microservice Store, powered by iSM within the Embedded Microservice Runtime.

Email: info@microservicestore.com 

About Microservice Store: Microservice Store is establishing new industry norms for how embedded and connected products are built and evolved. We are creating a digital marketplace that connects product vendors, developers, IP providers, and tool partners through a trusted supply chain for reusable software components. By making proven functionality discoverable, deployable, and governable at scale, Microservice Store enables faster innovation, stronger ecosystem collaboration, and a more transparent, security-led standard for connected devices across industries.