Tern Plc (LON:TERN), the investment company specialising in supporting high growth, early-stage, disruptive Internet of Things technology businesses, notes that Device Authority Limited, a company in which Tern currently holds 25.3% of the equity, has today announced further momentum in the automotive sector, securing a new OEM customer alongside the expansion of an existing Tier 1 automotive deployment.
The update from Device Authority confirms the addition of a significant new automotive OEM customer, together with the expansion of an existing Tier 1 automotive deployment. Device Authority considers that the new and expanded programmes support a shift by automotive manufacturers towards OEM-owned cryptographic key management, providing centralised governance of keys, certificates and signing operations across multiple vehicle platforms and supplier tiers. Device Authority considers that this approach is intended to strengthen cybersecurity, simplify compliance with evolving regulatory frameworks across globally distributed automotive supply chains.
Extracts from the Device Authority announcement:
Device Authority, a leader in identity and key lifecycle automation for connected devices, today announced it has secured a significant new automotive customer as well as expanded an existing automotive deployment, as manufacturers move to bring cryptographic key management under direct OEM ownership to strengthen cybersecurity, simplify mandatory compliance, reduce supply chain risk and comply with new market expansion.
As modern vehicles continue to become increasingly software-defined and connected, making cryptographic trust foundational to safety, secure software updates, and long-term platform integrity are key. Also, as regulatory expectations intensify-via frameworks including UN R155/R156, ISO/SAE 21434, and the EU Cyber Resilience Act, automotive manufacturers are prioritising centralized, OEM-governed control over cryptographic keys, certificates, and signing operations across globally distributed supply chains.
The latest OEM to select Device Authority did so to support an OEM-owned model for cryptographic key governance across multiple vehicle platforms and supplier tiers. The programme is designed to provide centralized lifecycle control over keys and certificates used for core automotive security functions, including software/firmware signing, secure communications, and device identity across vehicle and cloud systems.
In parallel, Device Authority has expanded its work with an existing automotive customer, extending coverage to additional production lines and supplier integrations. The expansion reflects growing operational demand for unified cryptographic policy enforcement, accelerated supplier onboarding into a consistent trust framework, and evidence-ready audit trails that can support cybersecurity management and software update management workflows, across many millions of identities and across hundreds of thousands of vehicles.
Historically, many OEMs permitted suppliers to generate and manage keys independently. However, fragmented key ownership can create audit blind spots, slow incident response, and complicate certificate revocation or algorithm changes at fleet scale-particularly across the 10-20 year lifecycle of vehicles. Centralized key management restores OEM authority by enabling real-time visibility into certificate and key lifecycles, automated rotation and revocation, and consistent cryptographic standards across suppliers and components.
Darron Antill, Device Authority CEO, said: “Automotive manufacturers are under increasing pressure to demonstrate control over cryptographic integrity, software update provenance and vulnerability response, particularly as they enter and expand into more regulated markets. These customer wins underscore the industry’s shift toward OEM-owned key management as a strategic requirement and competitive advantage – not just a technical preference. And the impact of the CRA is coming up more and more, and it is a good thing companies are responding.”
