Understanding the US Cyber Trust Mark

Mar 3, 2025 | Cyber resilience act, news

The United States is set to launch the US Cyber Trust Mark in 2025, a groundbreaking voluntary initiative aimed at enhancing the cybersecurity of wireless consumer IoT products sold in the U.S. market. This program marks a significant step in creating safer digital ecosystems by promoting transparency, security, and trust in smart devices.

As mentioned in our previous article, a CyberSafe Products Action Plan builds on existing cybersecurity frameworks. In the EU we have the Cyber Resilience Act (CRA) that establishes security requirements for digital products, while in the U.S. there is the Cyber Trust Mark Program. Let`s dive deeper to understand better this trust mark.

What is the US Cyber Trust Mark?

The US Cyber Trust Mark is a cybersecurity labeling program introduced by the Federal Communications Commission (FCC). Its goal is to help consumers identify IoT products that meet recognized cybersecurity standards, empowering them to make informed decisions about the devices they bring into their homes.

The program is designed to enhance the security of wireless consumer IoT products sold in the United States. The program applies to a wide range of devices, including smart home appliances, wearable technologies, and other connected products, ensuring comprehensive coverage of the consumer IoT market.

Participation in the initiative is voluntary, allowing manufacturers to demonstrate their commitment to cybersecurity by meeting established standards. With the program’s expected launch in 2025, businesses have time to align their products with the framework and prepare for compliance, showcasing their dedication to delivering secure and trustworthy technologies.

How Does the U.S. Cyber Trust Mark Work?

The program involves Cybersecurity Label Administrators (CLAs)– organizations authorized to assess IoT products for compliance with security standards. In December 2024, the FCC announced the conditional approval of 11 companies as CLAs, with UL Solutions selected as the Lead Administrator. These administrators will evaluate product applications, authorize the use of the label, and support consumer education.

Participating devices will feature a certification label with a shield logo and a QR code, allowing consumers to scan for detailed security information, including support periods, automatic software updates, and security patch details.

Bureau Veritas (7layers), a partner in the CRACoWi Project, is one of the organizations that can conduct these cybersecurity assessments under the U.S. Cyber Trust Mark framework through authorization as Lab for CSA-PSWG, CTIA IoT-Cyber and ioXt. With its expertise in testing, certification, and regulatory compliance, Bureau Veritas helps businesses navigate the certification process efficiently, ensuring they meet the necessary security requirements.

Global Streamlining

In a joint statement, the European Union (EU) and U.S. have emphasized their commitment to mutual recognition of cybersecurity standards, including the US Cyber Trust Mark and the EU’s Cyber Resilience Act (CRA). This alignment seeks to streamline compliance for global manufacturers, ensuring that IoT products meet shared security expectations across both markets. Read also our article on Transatlantic Cooperation for Cybersecurity and a Safer Future for IoT Products

Except initiatives introduced by national authorities, we can see some good examples of projects, like the CRACoWi Project, that play a vital role in improving cybersecurity awareness and resilience in IoT devices. By highlighting initiatives like the U.S. Cyber Trust Mark, CRACoWi helps manufacturers navigate global cybersecurity requirements and align with emerging standards.

The launch of the U.S. Cyber Trust Mark is a critical step toward securing the digital world. By adopting voluntary cybersecurity certifications, manufacturers can demonstrate their commitment to security and innovation, while consumers gain greater confidence in IoT technologies.

💡 Stay Connected:

Transatlantic Cooperation for Cybersecurity and a Safer Future for IoT Products

Feb 27, 2025 | news

In an era of growing cyber threats, the European Union and the United States have taken a major step toward enhancing global cybersecurity. On January 30, 2024, both sides signed an Administrative Arrangement on a Joint CyberSafe Products Action Plan, reinforcing their commitment to securing consumer IoT products. This collaboration aims to advance technical cooperation and work toward mutual recognition of cybersecurity requirements for IoT hardware and software, ultimately strengthening consumer protection while easing compliance for businesses.

This agreement builds on existing cybersecurity frameworks. In the EU, the Cyber Resilience Act (CRA) establishes security requirements for digital products, while in the U.S., the Cyber Trust Mark Program serves as a labeling system to help consumers identify secure IoT products. By aligning regulatory approaches, the EU and U.S. are working toward a seamless transatlantic market for trusted digital products, making it easier for companies to comply with consistent security standards while enhancing global cybersecurity.

As part of this initiative, both sides are committed to developing a shared cybersecurity lexicon and taxonomy, improving coordination in standards development, and exploring potential alignment of certification processes. The Action Plan highlights the importance of fostering collaboration between governments and industry players, ensuring that regulations remain effective and practical. European Commissioner Thierry Breton emphasized that this agreement brings “concrete benefits for consumers and businesses” and reinforces the shared commitment to strengthening cybersecurity across borders.

The CRACoWi project (Cyber Resilience Act Compliance Wizard) plays an essential role in supporting businesses – particularly SMEs – by helping them navigate cybersecurity regulations, assess compliance under the Cyber Resilience Act, and integrate security-by-design principles into IoT product development. By providing clear guidance on certification processes, CRACoWi ensures that companies can meet regulatory requirements without being overwhelmed by complexity.

With this agreement in place, the EU and U.S. are setting the stage for stronger cybersecurity cooperation. Their focus on harmonizing security standards, promoting international best practices, and fostering industry engagement will help shape a more resilient digital ecosystem. As the world becomes increasingly interconnected, initiatives like these are vital to ensuring the safety and trustworthiness of digital products.