Automakers are pushing hard to deliver software-defined vehicles with full over-the-air functionality. But many programmes are hitting delays and complications that have little to do with software quality or hardware design. The problem is identity, specifically, how manufacturers handle cryptographic keys, certificates, and trust across every electronic component and software process in the vehicle.
This used to be a security issue. Now, it is a production and operations issue, directly affecting rollout speed, servicing, and regulatory compliance. As vehicles become more connected and updates more frequent, identity management is turning into a core constraint that affects timelines and scale. Automotive platforms are struggling to keep cryptographic assets consistent across multiple suppliers, regions, and ECU generations. That inconsistency can block updates, break rollback mechanisms, and prevent legitimate servicing.
The UN’s WP.29 cybersecurity requirements, together with ISO 21434 and upcoming legislation like the EU Cyber Resilience Act, are putting formal pressure on OEMs to prove their vehicles are secure, traceable, and tamper-proof throughout their lifetime. Even authorised servicing now demands stricter identity and access control, forcing manufacturers to rework how they handle keys and certificates from factory to workshop.
Device Authority is one such company helping OEMs manage identity at scale. Its platform supports automated certificate provisioning, policy enforcement, and compliance tracking across ECUs, software components and servicing tools.
Tern plc (LON:TERN) backs exciting, high growth IoT innovators in Europe. They provide support and create a genuinely collaborative environment for talented, well-motivated teams.
