PROFINET Forum

Robbie_B wrote: ↑14 Apr 2025, 22:47 With the EU's new Cyber Resilience Act phasing in, is there any guidance regarding how this legislation will affect PROFINET devices? For example, will it become mandatory that all data is encrypted in transit, etc? Is there any official guidance from PROFIBUS and PROFINET International regarding how manufacturers of devices prepare to comply with the CRA?

XSPN wrote: ↑04 Feb 2026, 17:31

Robbie_B wrote: ↑14 Apr 2025, 22:47 With the EU's new Cyber Resilience Act phasing in, is there any guidance regarding how this legislation will affect PROFINET devices? For example, will it become mandatory that all data is encrypted in transit, etc? Is there any official guidance from PROFIBUS and PROFINET International regarding how manufacturers of devices prepare to comply with the CRA?

PROFIBUS & PROFINET International (PI) has published official guidance on this topic. According to their latest press release, PROFINET already provides the foundational technical mechanisms required for CRA compliance, and manufacturers can extend existing devices step‑by‑step with additional security features depending on their risk assessment (e.g., Secure Cell, Secure Access, Secure Realtime). Full encryption of all traffic is not mandated by default but depends on the assessed security level and use case.
You can find the official PI statement here: https://www.profibus.com/newsroom/press ... compliance