GDPR, NIS2 and Cyber Resilience Act

Requirements when working with Industrial IT, IoT, and Edge Computing

IT Security and Compliance in Industrial IT, IoT, and Edge Computing

At Nord Technology, we closely follow developments in data and cybersecurity, and we see a clear trend: Industrial equipment must increasingly comply with stricter data protection requirements and relevant EU legislation.”

Do you work with IoT devices, edge computers, or networking equipment in your business?

If so, here are some questions for you.

  • Is the equipment secure against cyberattacks?
  • What should I do to comply with regulations like GDPR, NIS2, and the new Cyber Resilience Act?
  • Who is responsible in the event of a security breach?

We help you find solutions that are technically robust and developed and configured with a strong focus on security and regulatory compliance.

IoT-enheder, edge computere or networking equipment

This is why you should consider cybersecurity when choosing hardware:

The EU has introduced new regulations that directly impact the procurement, operation, and maintenance of digital industrial equipment:

  • The NIS2 Directive requires that you maintain control over access management, network security, backups, and incident handling – even if you’re ‘just’ using standard equipment.
  • The upcoming Cyber Resilience Act requires that IoT and edge devices be secure ‘by design’ and support updates throughout their entire lifecycle. Responsibility increasingly lies with both the supplier and the user.
  • Together with GDPR, these regulations establish a common requirement for data protection, transparency, and documentation.
IT Security and Compliance in Industrial IT, IoT, and Edge Computing

Let us help

When you choose equipment from Nord Technology, you’re choosing a solution where cybersecurity and compliance are built in from the start. We can support you with:

  • Products that meet the latest EU requirements – including CE marking and ongoing security updates.
  • Overview and guidance on compliance risks in both operations and the supply chain.
  • Technical consulting on access control, network segmentation, and securing IoT devices.
  • Well-designed solutions that protect both system data and personal data.

We understand the complexity of modern industry and help you find hardware that meets both technical requirements and regulatory standards.

IT Security and Compliance in Industrial IT, IoT, and Edge Computing

Open Source and Linux as Cornerstones of Modern Data Security

Nord Technology has worked professionally with Linux and Open Source since 2001 – and these technologies continue to play an increasingly important role in data security, digital sovereignty, and compliance with NIS2 and the Cyber Resilience Act.
We are proud members of Danske Open Source Leverandører (DOSL) and have entered into a strategic partnership with Prevas – the Nordic region’s leading expert in embedded Linux and Board Support Packages (BSP).
For us, Open Source is a strategic foundation that enables secure, future-ready solutions for IoT gateways, edge computing, and industrial systems.

Open Source and Linux as Cornerstones of Modern Data Security

GDPR, NIS2 and Cyber Resilience Act

The GDPR legislation requires all companies that process personal data to have clear procedures in place. This includes documentation for handling customer data and employee information, from receipt and storage to deletion and data minimization. It is crucial that your company can demonstrate how this data is handled securely and complies with data protection legislation. You must also have a clear understanding of how personal data moves through your systems. By showing proactivity and an overview of these processes, you strengthen your company’s data security profile and show the authorities that you meet all the requirements of the GDPR.

The NIS2 Directive (EU Directive 2022/2555) aims to significantly strengthen cybersecurity across the EU and targets sectors that are of particular importance to the functioning of society and economic stability. Compared to the previous NIS1 Directive, both the number of covered sectors and the obligations for companies are expanded. The directive imposes stricter requirements for the implementation of cybersecurity measures, risk management, and incident handling. At the same time, national authorities are granted increased powers to supervise and ensure compliance.

In Denmark, the responsibility for implementation lies with the Danish Defence Intelligence Service’s Center for Cybersecurity (CFCS). NIS2 has been nationally implemented as law on July 1, 2025, and it is crucial that affected companies begin or upgrade their cybersecurity strategies now – both to ensure compliance and to be better prepared against future threats.

The Cyber Resilience Act (CRA) is an upcoming EU regulation that sets requirements for all digital products with software or network connectivity – including edge computers, IoT gateways, sensors, and industrial connected devices.
The CRA mandates that cybersecurity must be integrated into the design and development of these products – not merely added later through updates. Manufacturers will be required to provide security updates and relevant cybersecurity information throughout the entire product lifecycle.
If you resell, integrate, or use edge and IoT devices in your solutions, you will also share responsibility for ensuring that these products comply with CRA requirements – including proper cybersecurity documentation and product liability.

Do you have any questions?

Feel free to reach out to us by phone, email, or through the contact form.

Please complete the form, and we will respond within two business days.

8 + 2 =