by Darron Antill, CEO Device Authority

Across the automotive and wider manufacturing industry, conversations around PKI and key management have moved from technical design discussions to board-level priorities.

Regulatory frameworks such as UNECE WP.29, ISO 21434, and the emerging EU Cyber Resilience Act are fundamentally reshaping how OEMs and supply chain partners must think about cryptographic control. At the same time, vehicle architectures are becoming increasingly software-defined, connected, and supply-chain dependent.

What we are seeing is clear: cryptographic key management is no longer a supporting function. It is becoming structural infrastructure.

And yet many OEMs remain constrained by fragmented supplier-controlled PKIs, limited audit visibility, manual production processes, and inconsistent key lifecycle governance.

This is precisely why we created our Industry Proof of Value (PoV).

The Purpose of the Industry PoV

The PoV is designed to move the conversation from theory to execution.

Rather than discussing high-level architecture in isolation, the PoV allows OEMs and Tier 1 suppliers to test and validate:

• Secure device identity provisioning
• PKI certificate lifecycle management
• Secure key generation, storage and distribution
• Bring Your Own Key (BYOK) models
• Fully audited key management across pre-production, production and post-production

It provides a structured, measurable environment to prove regulatory alignment and operational feasibility — without the risk or complexity of full-scale deployment. In short, it demonstrates how an OEM-defined secure supply chain can operate in practice.

Mapping Compliance to Technical Control

A critical objective of the PoV is regulatory alignment.

The program explicitly maps technical outcomes to emerging and mandatory compliance requirements. OEMs must now demonstrate:

• Cryptographic governance
• Traceable certificate issuance
• Secure key lifecycle controls
• Production auditability
• Rapid revocation and update capabilities

The PoV validates these capabilities within a live architecture — including secure CSR signing, mutual TLS authentication, device registration, and centralized CA operations. It answers a simple but increasingly urgent question: Can you evidence control of trust across your vehicle ecosystem?

From Fragmentation to OEM-Defined Control

Historically, cryptographic key management has often been distributed across suppliers. While workable at smaller scales, this model introduces visibility gaps, regulatory exposure, and operational bottlenecks as ecosystems expand.

Our PoV demonstrates a different model — one where:

• Keys are securely generated or imported under OEM governance
• Tier 1s securely fetch and flash keys in online or offline production environments
• Every key event — generation, usage, flashing, editing, deletion — is auditable
• The OEM retains full lifecycle visibility

This is not about replacing suppliers. It is about establishing cryptographic trust as an OEM-defined control plane.

A Structured, Time-Bound Engagement

The Industry PoV is intentionally designed as a focused, one-month engagement.

Within that period, we define scope, implement architecture components, test operational workflows, and measure against agreed success criteria. Outcomes are clear, measurable, and aligned to business and regulatory objectives.

For many manufacturers, this approach resonates because it de-risks strategic change. It provides evidence before investment. It transforms compliance discussion into operational clarity.

What Comes Next

The automotive industry is entering a phase where market access, regulatory defensibility, and production scalability are directly linked to cryptographic governance.

OEMs and supply chain partners that define and control their key management infrastructure will not only meet compliance requirements — they will unlock operational efficiency, supply chain resilience, and scalable trust.

Cryptographic control is no longer optional infrastructure. It is strategic capability and our Industry PoV is designed to help organisations take that first decisive step.

Find out more about what the PoV includes and get started today.