The proposed EU Cyber Resilience Act (CRA) increases security requirements for all kinds of digital products. It's expected that other jurisdictions will follow suit with similar legislation.
So far, the Digital Signage industry has not heard the call. But rest assured – we will not be exempt.
Digital Signage playout devices and SoC screens are very likely to fall under the proposed Class I regulations. PIDs (Public Information Displays) and all publicly visible displays make up the majority of Digital Signage screens. They might be considered "public key infrastructure", which means they fall under Class II regulations.
The liability encompasses both equipment manufacturers and Digital Signage network operators. They need to guarantee the security of their infrastructure throughout its whole life cycle. And life cycles are defined to be the "expected time of actual use", not based on manufacturer's business considerations.
Cingerine 4.0 is the first Digital Signage OS designed to be ready for the EU CRA:
Secure-by-default design drastically reduces the attack surface.Secure immutable Linux with a minimized component list.Continuous security updates throughout the whole life cycle.Timely and unattended upgrades of all software and firmware components.Traceable SBOM (Software Bill-of-Materials).Tracking and reporting of vulnerabilities and incidents.All network communication is authenticated, encrypted and firewalled.All content and playout control metadata is encrypted at rest.
CINGERINE DS816 will be the first playout device to be launched with Cingerine 4.0 in 2024.