Device Authority, a leader in identity and key lifecycle automation for connected devices, today announced it has secured a significant new automotive customer as well as expanded an existing automotive deployment, as manufacturers move to bring cryptographic key management under direct OEM ownership to strengthen cybersecurity, simplify mandatory compliance, reduce supply chain risk and comply with new market expansion.

As modern vehicles continue to become increasingly software-defined and connected, making cryptographic trust foundational to safety, secure software updates, and long-term platform integrity are key. Also, as regulatory expectations intensify—via frameworks including UN R155/R156, ISO/SAE 21434, and the EU Cyber Resilience Act, automotive manufacturers are prioritising centralized, OEM-governed control over cryptographic keys, certificates, and signing operations across globally distributed supply chains.

The latest OEM to select Device Authority did so to support an OEM-owned model for cryptographic key governance across multiple vehicle platforms and supplier tiers. The programme is designed to provide centralized lifecycle control over keys and certificates used for core automotive security functions, including software/firmware signing, secure communications, and device identity across vehicle and cloud systems.

In parallel, Device Authority has expanded its work with an existing automotive customer, extending coverage to additional production lines and supplier integrations. The expansion reflects growing operational demand for unified cryptographic policy enforcement, accelerated supplier onboarding into a consistent trust framework, and evidence-ready audit trails that can support cybersecurity management and software update management workflows, across many millions of identities and  across hundreds of thousands of vehicles.

Historically, many OEMs permitted suppliers to generate and manage keys independently. However, fragmented key ownership can create audit blind spots, slow incident response, and complicate certificate revocation or algorithm changes at fleet scale—particularly across the 10–20 year lifecycle of vehicles. Centralized key management restores OEM authority by enabling real-time visibility into certificate and key lifecycles, automated rotation and revocation, and consistent cryptographic standards across suppliers and components.

“Automotive manufacturers are under increasing pressure to demonstrate control over cryptographic integrity, software update provenance, and vulnerability response, particularly as they enter and expand into more regulated markets” said Darron Antill, CEO at Device Authority. “These customer wins underscore the industry’s shift toward OEM-owned key management as a strategic requirement and competitive advantage — not just a technical preference.  And the impact of the CRA is coming up more and more, and it is a good thing companies are responding.”

With regulatory timelines tightening and attacker capabilities increasing, OEMs are also focused on cryptographic agility—ensuring the ability to rotate keys, re-issue certificates, and evolve algorithms over time, including future transitions such as post-quantum cryptography readiness. A centralized key management approach helps OEMs reduce long-term risk, improve operational efficiency, and maintain leverage across supplier ecosystems by standardising the trust model rather than inheriting fragmented, vendor-specific processes.

To learn why OEM-owned cryptographic key management is becoming essential—and how centralized visibility and control can support compliance, incident response, and long-term crypto agility—download this whitepaper, “OEM-Owned Cryptographic Key Management in Automotive Supply Chains.”