The Concept

The IoTAC – Security By Design IoT Development and Certificate Framework with Front-end Access Control – project aims to deliver a secure and privacy-friendly IoT architecture that will facilitate the development of more resilient IoT service environments. Our system, comprising of a secure gateway, runtime security applications and cloud-based service platforms, will provide comprehensive protection for service environments of various industry domains. The technology will not only protect new deployments but can also enhance the security level of legacy operations.

Read more

USPs outline

What is this solution offering that’s different?
Advanced security

The IoTAC architecture comprises high security level components and solutions like the use of chip cards, PKI encryption, root of trust, secure booting, audit logs and many more. Security is assured all through the design, implementation and operation phases.

Modular architecture

The IoTAC architecture comprises multiple hardware and software components which will allow flexible configuration options to support diverse service environments of various security levels. Underlying core features will be supported with optional add-ons.

Multi-layer approach

Security countermeasures will be implemented both at hardware- and at software-level, comprising a secure gateway, front-end access control, honeypots, checkpointing, AI&ML algorithms and a runtime monitoring system.

The IoTAC framework

The IoTAC framework comprises the Security Baseline as the foundation, the IoTAC Software Security by Design (SSD) principles and the Security Assurance Model (SAM) platform, which will unite in a formal Certification procedure exposed as a service.

Use Cases

Proof of domain independence 


use case

Smart home

Industrial /


use case

Prosumer cell


use case

Drone operation



use case

Automated car

Latest news

Mix of research updates, blog content and white papers

Cyber Incident Reporting around the World, Part 3: The NIS2 Directive

“If you can’t measure it, you can’t manage it.” Peter Drucker The Directive on Security of Network and Information Systems across the EU (NIS Directive), the first piece of EU-wide legislation on cybersecurity, was adopted in 2016. Since, the threat landscape has changed considerably, and it has become necessary to…

IoTAC at the ETSI IoT Week 2022

ETSI IoT Week 2022 is taking place in Sophia Antipolis, between 10 and 14 October 2022. Our colleague, Miltiadis Siavvas, from our partner The Centre for Research and Technology-Hellas (CERTH) will participate both in the IoT Conference and in the IoT Demonstrations. He will demonstrate the IoTAC Software Security-by-Design (SSD)…

Cyber Incident Reporting around the World, Part 2.

“If you can’t measure it, you can’t manage it.” Peter Drucker In this post, we are looking at current cyber reporting requirements in the US and the latest progress in this field. The US government largely relies on voluntary reporting, which only captures a fraction of the attacks that occur.…


Stay in the know and receive all the latest updates straight to your inbox.