Nordic Semiconductor Introduces Lifetime Fixed Fee FOTA Solution for Cyber Resilience Act Compliance

Introduction

In an era of increasing cybersecurity threats, maintaining the integrity of connected devices is more critical than ever. Recognizing this urgency, Nordic Semiconductor, a renowned leader in low-power wireless connectivity solutions, has unveiled an innovative solution tailored to aid manufacturers in adhering to the newly established Cyber Resilience Act (CRA) in Europe. By providing a lifetime fixed-fee Firmware Over-the-Air (FOTA) solution, Nordic aims to streamline the update process, substantially easing the compliance burden on device makers.

Understanding the Cyber Resilience Act

The Cyber Resilience Act, which comes into effect in 2027, mandates that manufacturers of connected devices in Europe must provide security updates for any vulnerabilities encountered throughout the device's lifetime. As regulatory frameworks grow increasingly complex, businesses must navigate the operational challenges associated with compliance, making it imperative to implement effective solutions.

Nordic’s Innovative Solution

Nordic's nRF Cloud now offers an all-in-one FOTA service that enables rapid compliance with the CRA. This service is pre-integrated into Nordic's IoT devices, allowing manufacturers to assure security updates in a matter of minutes rather than months. François Baldassari, Vice President of Software Services at Nordic Semiconductor, emphasized the operational complexity introduced by the CRA and how Nordic's solutions aim to simplify this challenge for manufacturers.

Key Features of nRF Cloud’s FOTA Solution

Nordic’s offering includes a comprehensive set of features designed to support manufacturers:

- MCUboot Integration: The nRF Connect SDK comes pre-equipped with MCUboot, a bootloader optimized for low-power devices.
- Global Distribution Network: A dedicated FOTA distribution network is optimized for low-power devices, ensuring seamless updates.
- Ready-to-Use Libraries: Developers can access straightforward libraries for gateway-based updates, reducing development time.
- Automated Deployment and Rollback: The solution supports staged deployments with status monitoring and rollback options, ensuring smooth updates.
- Intuitive Fleet Management Console: Users can manage and track updates through an easy-to-navigate dashboard.
- Immutable Audit Logs: All approval workflows and logs are preserved securely, which aids in compliance verification.

Cost Efficiency and Long-Term Support

Nordic's lifetime FOTA model challenges the traditional continuous cloud fees associated with firmware updates. Instead, a single upfront fee covers all secure updates and device management throughout its lifecycle. This change not only guarantees continuous support but also positions long-term device maintenance as a competitive advantage for manufacturers. Baldassari noted that maintaining device security and adding features without financial or operational complications is now achievable.

By integrating silicon, software, and cloud services, Nordic aims to make regulatory preparedness feasible from day one and sustainable for years to come. This approach significantly reduces overall ownership costs while accelerating time-to-market for connected products.

Leveraging Memfault’s Technology

The FOTA model established by nRF Cloud builds on the robust infrastructure of Memfault, an IoT observability platform acquired by Nordic in 2025. The integration of Memfault’s technology into nRF Cloud not only enhances lifecycle maintenance efforts but also simplifies regulatory compliance. This cohesive offering allows clients to bring connected products to market more efficiently while ensuring their longevity and compliance.

Availability and Pricing

Nordic's FOTA and device management solutions are currently available for a range of low-power Bluetooth® SoC series (including nRF54, nRF53, nRF52) and the nRF91 cellular IoT modules. Starting at just $1 per device based on fleet size and project requirements, this offering provides an accessible entry point for manufacturers looking to enhance their compliance strategies.

Conclusion

As the digital landscape evolves, so do regulatory demands. Nordic Semiconductor’s lifetime FOTA solution presents a forward-thinking approach that not only addresses the immediate compliance needs of the Cyber Resilience Act but also supports manufacturers in keeping their products secure and functional throughout their lifespan. With governance and security at the forefront, Nordic is paving the way for the future of connected devices.

For manufacturers attending the Embedded World event, more insights about Nordic Semiconductor will be shared from March 10 to 12, 2026, in Nürnberg, Germany. Nordic Semiconductor will showcase their offerings at Pavilion 4A, Stand 310.