Cybersecurity at ERIQ

The security of our industrial IoT solutions and the protection of our customers infrastructures are our top priorities. ERIQ was developed according to the principle of „security by design”. We follow strict international standards to not only connect industrial networks, but also actively harden them against tomorrow's threats.

1. Technical security architecture

Our protective measures are based on a multi-level defense strategy (defense-in-depth) to guarantee the integrity of your data at every level:

Zero Trust / Default Deny: Every component is provided in a completely closed state as a matter of principle. All communication channels and access permissions are blocked by default and must be explicitly authorized for each instance, each client, and each location as needed.
Hardware Root of Trust: We use TPM 2.0 (Trusted Platform Module) on physical hardware (ARM/x64) and in virtual environments (vTPM) to ensure the integrity of our ERIQ OS and measure deviations.
Identity & Access: Authentication is performed exclusively using asymmetric cryptography (e.g., TLS certificates, key pairs, OAuth2) via the secure ERIQ portal.
State-of-the-art encryption: All data flows between the edge and the cloud are encrypted using hardened TLS connections and tunneling methods. Unencrypted protocols are not permitted in our ecosystem.
Platform integrity: ERIQ gateways only accept cryptographically signed firmware updates and configurations. This prevents manipulated code (malware) from being introduced onto your devices.

2. Hosting & data sovereignty

The protection of your operating data is a matter of sovereignty. That is why we rely on an independent Swiss infrastructure:

Hosting in Switzerland: The ERIQ portal is operated in the ReyCloud within highly secure Swiss data centers.
Geopolitical independence: Thanks to our location in Switzerland, we guarantee data security independent of foreign access powers (e.g., US Cloud Act) or East/West political risks.
Data protection: We ensure strict compliance with the Swiss Data Protection Act (DSG) and the European GDPR.
Highly available infrastructure: ReyCloud is operated from Green's ISO 27001-certified data centers, which guarantee maximum operational reliability for critical industrial applications thanks to state-of-the-art security concepts and comprehensive redundancy.

3. Compliance & regulations

We are committed to complying with international security standards and are proactively preparing for upcoming legal requirements:

IEC 62443-4-1: Our product development process (lifecycle) is based on the international standard for secure industrial automation systems.
Cyber Resilience Act (CRA): We meet the cybersecurity requirements for products with digital elements, including the 24-hour reporting obligation for actively exploited vulnerabilities.
Radio Equipment Directive (RED): Our hardware complies with the delegated regulation (Art. 3.3 d, e, f) for the protection of network integrity and privacy.
NIS2 support: We offer maximum transparency in the supply chain to support our customers in fulfilling their NIS2 due diligence obligations.

4. Lifecycle guarantee & updates

Industrial plants are long-term investments. We offer you the necessary planning security:

5-year update guarantee: We guarantee the provision of critical security updates for every ERIQ hardware model for at least 5 years after the official end of sale.
Vulnerability management: We conduct continuous CVE monitoring and create a software bill of materials (SBOM) for each release.

5. Coordinated Vulnerability Disclosure (CVD)

Security is a collaborative process. Have you found a potential vulnerability? We value collaboration with security researchers and customers.

Report a vulnerability:

Please send technical details to: security@noSpameriq.swiss

Our promise:

Confirmation of receipt within 24 hours.
Transparent communication about the progress of analysis and remediation (triage).
Safe Harbor: We will not take legal action in cases of responsible reporting without malicious intent.