1. Home
  2. Digital Sovereignty & Regulation

Zero Trust, Edge AI, and Confidential Computing — The Technologies Redefining Edge Security

The security architecture being built for the edge is fundamentally different from what came before. Perimeter defence — the logic of a hard external wall and a trusted interior — does not work when the “perimeter” is a sensor on a wind turbine, a camera on a factory floor, or a controller on a substation. These devices sit in physically uncontrolled environments, often connected via public networks, and there are too many of them to manage individually. The industry is converging on a new model built around three core technology trends.

Zero Trust is the foundational shift. In a Zero Trust architecture, no interaction between an edge device and its gateway is assumed safe: every request must be authenticated and authorised, regardless of where it originates or what it claims to be. For edge environments with hundreds or thousands of endpoints, this is architecturally demanding — but it is increasingly the baseline expectation set by both regulators and enterprise customers. NIS2 and the CRA effectively mandate Zero Trust principles without using the term.

Edge AI is making Zero Trust operationally viable at scale. The ENISA Threat Landscape 2024 documents that edge devices such as routers and IoT hardware are prime targets precisely because of outdated firmware and limited local monitoring capabilities. Running AI-native threat detection models directly on the edge node — rather than routing raw telemetry to a central Security Operations Centre — addresses this structural weakness head-on: a smart meter or industrial gateway can apply lightweight anomaly detection locally, flagging suspicious behaviour in milliseconds without transmitting sensitive operational data to the cloud.

In many industrial and healthcare contexts, local inference is the only architecture that simultaneously meets latency, bandwidth, and data sovereignty requirements.

Confidential Computing addresses a different but equally critical problem: what happens when sensitive workloads must run on third-party infrastructure? Hardware-based Trusted Execution Environments (TEEs) — such as Intel SGX — process data inside an encrypted enclave, meaning the infrastructure provider physically cannot access the raw data being computed. This allows organisations to use shared or commercial edge infrastructure without surrendering data confidentiality — a capability that is increasingly essential as edge deployments scale beyond what any single organisation can own outright.

Two further developments are reshaping the threat landscape itself. Private 5G Networks combined with Multi-access Edge Computing (MEC) enable compute to be placed at mobile base stations, offering high security through physical isolation of industrial traffic from public networks. ModelOps Security (AI TRiSM) is emerging as a response to adversarial attacks that target not the network infrastructure, but the integrity of the AI model itself. Recent incident analysis of cloud-edge deployments documents cases where attackers manipulated communication links between edge and cloud nodes to modify sensor data — underscoring that in environments where AI drives automated decisions, securing the model pipeline is as critical as securing the network.

These technologies are not on the horizon. They are being deployed now, in real industrial environments, by the same organisations that CyberNEMO works with.

Read More

Who Secures Europe’s Edge? A Map of the Key Players

The European edge security market is not dominated by a single category of player. It is a fragmented, competitive landscape where global hyperscalers, European industrial giants, telecom operators, and specialist security firms are all competing — and sometimes partnering — to own different layers of the stack. Understanding who does what, and where the tensions lie, is essential for anyone operating in or procuring from this market.

Hyperscalers — Microsoft (Azure IoT Edge), AWS (Greengrass), and Google Cloud (Distributed Cloud) — dominate the software stack and developer ecosystems. Their “cloud-to-edge” integration is technically seamless and benefits from enormous R&D investment. But they carry a structural liability in the European context: exposure to the US Cloud Act creates trust and sovereignty friction that no product feature can fully resolve, particularly for government, defence, and critical infrastructure customers.

The counterweight is a group of European Industrial and Security Sovereigns. Siemens Industrial Edge offers measured boot and digital signatures to ensure only authorised software runs on edge devices. Bosch IoT Suite provides secure Over-the-Air (OTA) updates. Thales leverages its defence background for high-grade encryption and identity management. Eviden (Atos) focuses on cybersecurity, encryption technologies, and trusted digital infrastructures aligned with European security requirements. These companies hold a structural “home court advantage”: deep OT expertise, long-standing relationships with EU institutions, and a trusted status that no marketing spend can replicate.

Telecommunications providers — Deutsche Telekom, Orange Business, and Telefónica — occupy a distinct strategic position: they own the network (5G/fibre) and the physical edge locations. They are moving up the value chain toward “Managed Edge Services,” bundling connectivity with security. Orange Business combines its network with Orange Cyberdefense to offer SASE (Secure Access Service Edge) and Virtual Network Edge solutions. Deutsche Telekom promotes Campus Networks for Industry 4.0, packaging connectivity and security together for industrial customers.

Providers like OVHcloud, T-Systems, and CloudFerro are carving out a distinct niche, capitalising on enterprise distrust of hyperscalers by offering sovereign cloud and edge infrastructure with contractual guarantees of data residency. This segment is growing directly in proportion to regulatory pressure — every new NIS2 enforcement action is, indirectly, a sales event for sovereign infrastructure providers.

Finally, as the talent shortage bites across the board, Managed Security Service Providers (MSSPs) are becoming increasingly critical. The European managed security services market is valued at over $11 billion in 2025 and is projected to grow at a CAGR of approximately 10% through 2033, reflecting the reality that most organisations — and virtually all SMEs — cannot build in-house edge security expertise. MSSPs are, in practice, becoming the primary delivery mechanism for edge security for a large portion of the market.

Read More

CyberNEMO’s Alignment with ENISA NIS360 Objectives

NIS360 evaluates the cybersecurity maturity and criticality of sectors covered by the NIS2 Directive, focusing on areas such as risk management, operational preparedness, information sharing, institutional capacity, and the resilience of sectoral ecosystems. CyberNEMO demonstrates a strong alignment with the objectives of ENISA’s NIS360 framework in several sectors that are explicitly covered by both the project’s pilot activities and the NIS360 assessment. In particular, the project addresses cybersecurity challenges in healthcare, water services, public-sector digital services, and ICT-enabled critical infrastructures through a comprehensive Zero Trust architecture spanning the IoT–Edge–Cloud–Data continuum. By integrating AI-driven threat detection, continuous monitoring, policy enforcement, risk assessment, and incident mitigation capabilities, CyberNEMO contributes directly to the enhancement of cybersecurity preparedness, operational resilience, and risk management maturity that NIS360 identifies as priorities for these critical sectors.

The alignment is particularly evident in the healthcare and water domains, which NIS360 highlights as sectors requiring sustained efforts to improve cybersecurity maturity and resilience. CyberNEMO’s solutions support secure access management, protection of sensitive operational and personal data, continuous threat monitoring, and coordinated incident response across distributed infrastructures. Through its SAAM platform, the project also strengthens collaboration, information sharing, and cyber situational awareness among stakeholders, addressing key NIS360 objectives related to ecosystem cooperation and collective resilience across critical services.

CyberNEMO validates these capabilities through dedicated pilots operating in sectors that fall within the scope of NIS360. The healthcare pilot focuses on securing access to electronic health records and healthcare information systems using Zero Trust principles and advanced cyber-defence mechanisms. The energy pilot addresses the protection of operational technologies and critical service infrastructures against cyber threats, while cross-organizational federation scenarios demonstrate secure collaboration, threat intelligence exchange, and coordinated incident management among critical-sector stakeholders. These pilots provide practical evidence of how CyberNEMO technologies can support the improvement of cybersecurity maturity in sectors that NIS360 identifies as strategically important for the resilience of the European Union.

Read More

Regulation as a Market Force: How NIS2 and the Cyber Resilience Act Are Reshaping Edge Security in Europe

In order to understand why Europe’s approach to edge security looks different from the rest of the world, it is necessary to start with the regulation. Unlike the US market, where security investment is primarily driven by competitive pressure and incident response, Europe follows a “regulation-first” adoption curve — and two pieces of legislation are currently redefining what that means in practice.

The NIS2 Directive and the Cyber Resilience Act (CRA) are not simply compliance checkboxes. They are market forces. NIS2 converts cybersecurity from a technical option into a boardroom imperative with personal liability for executives. It also mandates supply chain security, meaning operators must ensure the integrity of every connected device in their network — not just their own perimeter. This is a significant expansion of scope: in an edge environment, where a single factory floor can host hundreds of connected sensors and controllers from dozens of vendors, tracing and verifying the security posture of every component is an enormous operational challenge. It is also, notably, the exact kind of challenge that creates demand for standardised, certifiable security solutions.

The CRA goes further. It requires “security by design” and mandates that vendors provide security updates for the entire expected product lifetime of a device. For manufacturers of low-cost IoT hardware — the category of devices most commonly deployed at the edge — this creates a near-prohibitive barrier. The economics of a €15 sensor do not readily support a 10-year software maintenance cycle, which means the CRA will likely consolidate the IoT vendor market toward larger players capable of absorbing that obligation.

The second structural shift reshaping the market is the convergence of IT and OT. Historically, industrial networks were “air-gapped,” physically isolated from the internet. Industry 4.0 has ended that era. Connecting factory machinery to the cloud for predictive maintenance and real-time analytics means that legacy OT systems — often running outdated, unpatchable operating systems — are now reachable from the public internet. The attack surface has expanded from corporate email servers to robotic arms on assembly lines, and the consequences of a breach have shifted from data loss to potential physical disruption of production.

The market response is moving toward micro-segmentation and Virtual Network Functions (VNFs) to recreate “virtual air gaps” in software — maintaining operational connectivity where needed while isolating critical systems from broader network exposure.

Taken together, these regulatory and technical pressures are fostering a uniquely European ecosystem of “Sovereign Edge” providers — companies aligned with initiatives like Gaia-X that prioritise data residency and immunity from extraterritorial laws (such as the US Cloud Act) over pure scalability. Regulation, in other words, is not slowing the market. It is shaping who wins it.

Read More