Quectel Modules Demonstrate Compliance Readiness for EU Cyber Resilience Act Regulatory Requirements

Quectel Wireless Solutions, a global end-to-end IoT solutions provider, today reiterates that its cybersecurity program for its module portfolio supports compliance with the European Union’s Cyber Resilience Act (CRA), ahead of the 11 September 2026 deadline. Quectel’s best practice product security ensures customers can meet the CRA’s mandatory requirements for security by design, SBOM availability and vulnerability disclosure and incident reporting, reinforcing Quectel’s commitment to delivering secure, future-ready IoT solutions for the European and global markets.

Quectel has worked closely with Finite State, a leader in connected device and software supply chain security, to ensure Quectel’s product portfolio is both secure and compliant for the EU CRA and other industry standards globally. The partnership reinforces a clear focus on transparency, regulatory alignment and a commitment to maintaining industry-leading cybersecurity standards.

“Finite State has been Quectel’s third party cybersecurity firm for over four years, underlining our commitment to module security,” commented Willis Yang, Senior Vice President, Quectel Wireless Solutions. “Compliance and security have been a critical element in our approach to product design. Having Finite State to test and verify the security of our products is another critical part to ensure our customers are served with high quality and high security products.”

Quectel’s approach to cybersecurity and the partnership with Finite State enables Quectel customers to move forward with the confidence that their products are aligned with the requirements of the EU Cyber Resilience Act. By integrating Finite State’s security validation, Quectel IoT modules are delivered pre-tested and audit-ready, supported by comprehensive security documentation, including Software Bills of Materials (SBOMs), VEX files, and detailed vulnerability reporting.

“Our partnership with Quectel demonstrates a clear and measurable commitment to regulatory-grade cybersecurity,” said Matt Wyckhouse, CEO of Finite State. “By integrating continuous security testing throughout the product lifecycle and providing full transparency through Software Bills of Materials, Quectel has been leading the module industry in its cybersecurity approach for over four years. This disciplined, standards-based approach enables customers to meet mandatory security and reporting obligations with greater confidence and reduced risk.”

Under the CRA, manufacturers must ensure the security of their devices throughout the entire product lifecycle, including the provision of timely updates and effective vulnerability management. Compliance must also be demonstrable, supported by comprehensive technical documentation and verifiable evidence to satisfy regulatory scrutiny and market surveillance requirements.

Through its collaboration with Finite State, Quectel continues to strengthen its module security across three critical pillars: rigorous, independent security testing that goes beyond internal validation to provide externally verifiable assurance; full software supply chain visibility, delivering transparency into every software component embedded within its modules to support customer compliance and audit requirements; and comprehensive risk management, underpinned by continuous monitoring and structured remediation processes designed to keep pace with an increasingly complex regulatory environment and rapidly evolving cybersecurity threats.

About Quectel

Quectel’s passion for a smarter world drives us to accelerate IoT innovation. A highly customer-centric organization, we are a global end-to-end IoT solutions provider backed by outstanding support and services.

With a worldwide team of over 5,800 professionals, we lead the way in delivering end-to-end IoT solutions, spanning cellular, GNSS, satellite, Wi-Fi and Bluetooth modules, high-performance antennas, value-added services and full turnkey offerings including ODM services and system integration.

With regional offices and support across the globe, our international leadership is devoted to advancing IoT and helping build a smarter world.

For more information, please visit: www.quectel.com or LinkedIn.

About Finite State

Finite State is the Product Security Automation Platform for connected devices. We help manufacturers secure every release and prove compliance continuously by turning firmware, source code, and supplier inputs into a single, reviewable system for inventory, exposure prioritization, remediation workflows, and audit-ready evidence. Through a combination of automation and hands-on security services, Finite State helps organizations operationalize product security programs, scale security and compliance workflows, and deliver consistent, defensible outcomes across complex device portfolios.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260309391098/en/