The demands on IT and OT security are rising faster than many industrial companies can operationally implement. NIS2 and CRA significantly increase the pressure. A CLM system (Certificate Lifecycle Management) is a key component for the secure and autonomous implementation of cryptographic processes and key structures.
The focus of the solution is on the technically simple and data-sovereign implementability of complex regulatory requirements.
(Image: MTG AG)
Regulatory density is increasing: With the second Network and Information Security Directive (NIS2) and the Cyber Resilience Act (CRA), the EU is redefining what "state of the art" means in cybersecurity. For the German mechanical and plant engineering industry, this is about far more than ticking off compliance checklists. The secure identity of machines, sensors, and control units is becoming a critical factor for operational capability. In view of shortened certificate lifetimes and geopolitical risks, manufacturers need to fundamentally rethink their strategy for cryptographic keys and certificates, moving towards greater automation and European data sovereignty.
While critical infrastructure operators have long been in focus, the new NIS2 and CRA directives now bring large parts of the mechanical engineering and supplier industry into scope. This applies at least if, for example, they count companies from the food, chemical, or pharmaceutical industries among their clientele or target them. The EU's goal is to create a European legal framework that obligatorily defines how digital infrastructures and connected products are to be secured.
The current geopolitical situation also brings a crucial realization for the export nation Germany: implementing these requirements is not only about technical security but also about data sovereignty. The protection of private keys and control over cryptographic processes must remain permanently in one's own hands to prevent industrial espionage and third-party interference. A central component for this is the reliable use of a Public Key Infrastructure (PKI) in combination with efficient Certificate Lifecycle Management.
Secure Identities for the Smart Factory
PKI technologies are established as a proven standard, but their field of application is exploding in the context of Industry 4.0. Certificates no longer merely secure web servers or VPN access for employees wishing to connect to the network from outside. They represent the digital identity of every connected component: They authenticate communication between information and operational technology (OT), validate software updates for machine controls, and secure data transmission to the cloud.
With the increasing connectivity of the shop floor, the number of required certificates is growing exponentially. At the same time, the environment is changing drastically: the lifespan of public TLS certificates is currently still 398 days. However, the Certificate Authority Browser Forum (CA/B Forum) plans to gradually reduce this duration. The target is specified as 50 days.
The Risk of "Accidental Downtime"
For machine builders and manufacturing SMEs, this development is alarming. In a production hall where hundreds of sensors and controls communicate securely, manually exchanging certificates every 90 or even 50 days is hardly economically viable or error-free, increasing process risk. A single expired certificate can result in remote maintenance no longer being possible or a production line coming to a standstill because components can no longer authenticate each other.
Shorter lifetimes therefore make an automated CLM, which centrally manages both public and private certificates, such as for internal M2M communication, indispensable. The strength of a CLM lies in significantly simplifying the introduction, monitoring, and smooth operation of certificate processes. When it comes to monitoring and renewing numerous certificates, a CLM's automations demonstrate their strength. Costly downtimes due to expired certificates and the repetitive tasks of IT departments then become a thing of the past.
Structural Hurdles in Medium-Sized Businesses
For medium-sized mechanical engineering companies, building their own secure PKI, including CLM, represents a significant hurdle. There is often a lack of specialized personnel to maintain the required infrastructure in the long term. While Microsoft PKI is widespread in many companies, it often lacks native functionality for manufacturer-independent CLM, which can automatically renew certificates on non-Windows devices, as is typical in OT.
In addition, there is the aspect of independence. When Microsoft services were blocked for actors of the International Criminal Court in The Hague, it became evident how quickly dependence on US hyperscalers can become a risk. Therefore, German SMEs should, out of self-interest, ensure that cryptographic keys and identity data ideally remain under European control. The balance between data sovereignty, security, and manageable operational effort is becoming a decisive competitive factor.
Managed PKI: A Solution Approach "Made in Germany"
To resolve this dilemma, the cryptography specialist MTG AG and the infrastructure provider Darz GmbH developed a comprehensive managed PKI solution with integrated CLM, specifically tailored to the needs of SMEs. The focus is on making complex regulatory requirements such as NIS2 or CRA technically simple and data-sovereign to implement. Setting up a PKI technically is one thing; integrating it organizationally into production processes is another. The offering, therefore, includes the first managed PKI system with integrated CLM developed and hosted in Germany, which is also available as a free freemium version.
Date: 08.12.2025
Naturally, we always handle your personal data responsibly. Any personal data we receive from you is processed in accordance with applicable data protection legislation. For detailed information please see our privacy policy.
Consent to the use of data for promotional purposes
I hereby consent to Vogel Communications Group GmbH & Co. KG, Max-Planck-Str. 7-9, 97082 Würzburg including any affiliated companies according to §§ 15 et seq. AktG (hereafter: Vogel Communications Group) using my e-mail address to send editorial newsletters. A list of all affiliated companies can be found here
Newsletter content may include all products and services of any companies mentioned above, including for example specialist journals and books, events and fairs as well as event-related products and services, print and digital media offers and services such as additional (editorial) newsletters, raffles, lead campaigns, market research both online and offline, specialist webportals and e-learning offers. In case my personal telephone number has also been collected, it may be used for offers of aforementioned products, for services of the companies mentioned above, and market research purposes.
Additionally, my consent also includes the processing of my email address and telephone number for data matching for marketing purposes with select advertising partners such as LinkedIn, Google, and Meta. For this, Vogel Communications Group may transmit said data in hashed form to the advertising partners who then use said data to determine whether I am also a member of the mentioned advertising partner portals. Vogel Communications Group uses this feature for the purposes of re-targeting (up-selling, cross-selling, and customer loyalty), generating so-called look-alike audiences for acquisition of new customers, and as basis for exclusion for on-going advertising campaigns. Further information can be found in section “data matching for marketing purposes”.
In case I access protected data on Internet portals of Vogel Communications Group including any affiliated companies according to §§ 15 et seq. AktG, I need to provide further data in order to register for the access to such content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here. This does not apply to data matching for marketing purposes.
Right of revocation
I understand that I can revoke my consent at will. My revocation does not change the lawfulness of data processing that was conducted based on my consent leading up to my revocation. One option to declare my revocation is to use the contact form found at https://contact.vogel.de. In case I no longer wish to receive certain newsletters, I have subscribed to, I can also click on the unsubscribe link included at the end of a newsletter. Further information regarding my right of revocation and the implementation of it as well as the consequences of my revocation can be found in the data protection declaration, section editorial newsletter.
This freemium approach is strategically chosen: It allows mechanical engineers to set up test environments without financial risk, run proof-of-concepts for new machines, and gain experience in automated certificate management. Operations take place in multiple certified German data centers using Hardware Security Modules (HSM). These modules guarantee that private keys do not leave German jurisdiction. This is particularly essential for sensitive design data and production secrets and represents a deliberate countermodel to the major US platforms, aiming to establish "Made & Managed in Germany" as a trust anchor.
Future Security: Quantum Computers and Longevity
One aspect that deserves special attention in mechanical engineering is the longevity of products and machine lifetimes spanning decades. Alongside current regulations, a technological turning point is approaching with quantum computers, which will break today's encryption methods. The German Federal Office for Information Security (BSI) predicts that powerful quantum computers could become a reality as early as the 2030s. This means that data encrypted and transmitted or stored today could likely be decrypted by powerful quantum computers in the near future.
The principle "Harvest now, decrypt later" thus already threatens long-lasting capital goods and their designs. Organizations that now adopt an agile PKI solution are preparing for this future. A modern architecture enables a later switch to quantum-resistant algorithms, known as post-quantum cryptography, without needing to rebuild the entire IT landscape.
Compliance as a Quality Feature
Certificates are no longer merely an IT issue in modern mechanical engineering but the foundation for connected production and digital services. Their sovereign management determines competitiveness and compliance. European manufacturers would do well to leverage their location advantages and rely on security solutions that combine data sovereignty and automation. This turns regulatory obligations into a strategic advantage that secures long-term digital independence.
:quality(80)/p7i.vogel.de/wcms/bd/5b/bd5b7444481cfe00cd39cb85a480ff13/newsimage417012-1746x982v1v1.png "A worker forming a test piece. Thanks to the measuring system, the use of test templates can be dispensed with during forming. (Image:Fraunhofer IOF)")
:quality(80)/p7i.vogel.de/wcms/b5/71/b571e2d86b81dd30060dd753686b57bd/0128926026v1-800x450v1.jpeg "The Graz-based (Austria) company Andritz has announced the acquisition of Sanzheng, a Chinese expert in induction heating for steel processing. Read here why this step was taken...
(Source: Andritz)")
:quality(80)/p7i.vogel.de/wcms/a0/0b/a00b0dd27d4a09882d3d6adba4b0d041/0128920602v1.jpeg "Klöckner has a long history and thousands of employees. Now the Düsseldorf-based company is likely to be taken over by a US corporation. (Image:Klöckner & Co SE)")
:quality(80)/p7i.vogel.de/wcms/f2/af/f2af678854664143c1d3a886cbfb7e5f/0128694427v1.jpeg "Position, angle, inclination, acceleration, vibration: Key measurements for precise productions (Image:Michael Heßhaus/abj/Midjourney)")
:quality(80)/p7i.vogel.de/wcms/df/f3/dff30c5de63d1bad70cb7151099603c1/0128907889v1.jpeg "The focus of the solution is on the technically simple and data-sovereign implementability of complex regulatory requirements. (Image:MTG AG)")
:quality(80)/p7i.vogel.de/wcms/90/85/9085f8716e1a5c459ae3b7e261df7002/0128992085v1.jpeg "Humanoid robots are entering the factory floors, fully autonomous factories organize themselves. What is still a thing of the future could shake up the industry significantly in the coming years. (Image: ©Gorodenkoff - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/d5/3a/d53a34b0254d245b624d8e3558ccd471/0113143253v1.jpeg "In our China Market Insider, we regularly provide you with relevant information directly from China. (Image:© Eisenhans - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/31/80/3180f0e34eb074c20db21026f71032ab/0128943015v1-800x450v1.jpeg "EVE Energy manufactures cylindrical batteries in Jingmen, China. Since the company began focusing on AI and digitalization, its energy consumption and CO2 emissions have decreased. This success has now led to its inclusion in the Global Lighthouse Network... (Source: EVE Energy)")
:quality(80)/p7i.vogel.de/wcms/a0/3c/a03cfd21fde8dd98ba9039ec32668954/0128850767v1.jpeg "In engineering, powerful workstations are the be-all and end-all to be well-prepared for the AI era. (Image:Dell Technologies)")
:quality(80)/p7i.vogel.de/wcms/28/0e/280e8d339fc5b4553140c1fb2742916b/tum-hyperloop-student-team-blog-hero-917x515v1v1.jpeg "Virtual methods make it possible in complex projects to identify technical risks early and reduce development times. (Image:(Image: TUM))")
:quality(80)/p7i.vogel.de/wcms/40/81/4081416bd0e6fe78912919417b543928/0128935043v1.jpeg "The new light-performance wheels from Handtmann weigh up to 20 percent less than conventional low-pressure cast wheels. (Image:Albert Handtmann Metallgusswerk GmbH & Co. KG)")
:quality(80)/p7i.vogel.de/wcms/46/5b/465bfc4297df5d51da3e8dd4db25b916/0128924879v1.jpeg "AI-based systems are restructuring traditional process flows in the interaction between design, prototyping, and manufacturing. (Image:Meviy)")
:quality(80)/p7i.vogel.de/wcms/6c/3b/6c3b348d3d8b50900dd5df06d55869dd/0128845456v1.jpeg "The combination of magnets without rare earths and synchronous reluctance motors for main and auxiliary drives enables a wide performance range. (Image:Astemo)")
:quality(80)/p7i.vogel.de/wcms/5a/40/5a40f9a0f2694fd5ba3fcda47c7efc60/0128999689v1.jpeg "The SOP for the electric Macan (here at the Porsche plant in Leipzig) has been postponed multiple times. This is common for new electric cars in Europe and a problem for local suppliers, according to a recent Berylls study. (Image:Porsche AG)")
:quality(80)/p7i.vogel.de/wcms/c1/2b/c12bbdda6f95d1ba2099aca2e06e7048/0128949571v1.jpeg "The new Volvo EX60 is equipped with Google's Gemini; computing power is provided by Qualcomm and Nvidia chips. (Image:Volvo)")
:quality(80)/p7i.vogel.de/wcms/9a/5e/9a5e5df1b6a71beb6ce60696dc82ca45/0128937660v1.jpeg "On a private aircraft, passengers use smartphones, laptops, tablets and smartwatches, all of which are connected to the aircraft's Wi-Fi network. This fundamentally changes the risk profile of the aircraft. (Image:freely licensed at Pexels)")
:quality(80)/p7i.vogel.de/wcms/95/9a/959aa9590fd5a3954ab0ab2a6edfbec9/0128962648v1.jpeg "Electrochemical analysis: With the help of slurry analysis, efficiency in the development of lithium-ion batteries can be increased. Using suitable hardware, developers can determine the ideal ratio between active material and conductive additives. (Image:Hioki)")
:quality(80)/p7i.vogel.de/wcms/99/53/99534c852090d9b7021f64e766c6462b/0128958235v1.jpeg "In Hefei, much is expected from the memory manufacturer CXMT. (Image:Dall-E / AI-generated)")
:quality(80)/p7i.vogel.de/wcms/1c/67/1c679355990809cd9880cf7fe5e6912e/0128948116v1.jpeg "Nvidia's business in China has recently been severely restricted due to the US export bans. And the company's products apparently remain a pawn in geopolitical differences. (Image:Nvidia)")
:quality(80)/p7i.vogel.de/wcms/a1/21/a121288070c3316903760a9f2e2067c6/0128930835v1.jpeg "Amazon Web Services is working on building a sovereign cloud for the EU, the European Sovereign Cloud. (Image:Dall-E / AI-generated)")
:fill(fff,0)/images.vogel.de/vogelonline/companyimg/76800/76895/65.jpg "FAULHABER_120mm.jpg ()")
:quality(80)/p7i.vogel.de/wcms/ab/a4/aba4c74c2d43808c68cc2251edeca633/0128019914v1.jpeg "With every networked machine, the number of machine identities in the smart factory grows and with it the security risk. (Picture: ©stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/49/29/4929e9145217933764207c891eab9024/0126622587v1.jpeg "In the future, companies must establish effective risk management focused on network security, access control, and incident response. (Image:Softing Industrial)")