Milan – 27.11.2025 – Euranet, a company specialized in Compliance Management with more than twenty years of experience, today announces a strategic partnership with CAST, global leader in Software Intelligence. This collaboration aims to provide essential support to companies manufacturing machinery with digital components and medical devices in managing the growing complexity of cybersecurity regulations introduced by European Union legislation and FDA regulations for medical devices.
The Cyber Resilience Challenge in the Regulated Industry
Digitalization and connectivity have become fundamental features of an increasing number of products, including industrial machinery and medical devices. Manufacturers of these products are subject to stringent obligations to ensure the cybersecurity of embedded software, essential to protect the availability, integrity, and confidentiality of data.
The partnership combines Euranet's extensive expertise in information security, business continuity, asset protection, and cybersecurity standards and regulations with CAST's Software Intelligence technology, which allows organizations to prevent operational risks and accurately measure software productivity and security.
The objective is to support customers in managing complex compliance requirements, particularly those arising from:
1. The New Machinery Regulation (Regulation (EU) 2023/1230) and the Cyber Resilience Act (Regulation (EU) 2024/2847 - CRA): manufacturers of machinery falling within the scope of the New Machinery Regulation whose products are also considered products with digital elements under CRA must comply with:
- The essential cybersecurity requirements of the CRA, applicable to the design, development, and manufacturing of products with digital elements, as well as to vulnerability handling processes. Cyber resilience principles and tools such as Software Bills of Materials (SBOMs) are essential for managing risks and vulnerabilities throughout the entire product lifecycle.
- The essential health and safety requirements of the Machinery Regulation, particularly those relating to protection against corruption and to the security and reliability of control systems.
2. Directive (EU) 2022/2555 (NIS2) that establishes measures for a high common level of cybersecurity across the Union.
3. EU Medical Devices Regulation (MDR, Regulation (EU) 2017/745): This regulation requires that software incorporated into medical devices, or software that is itself a medical device, is designed and manufactured in accordance with software development lifecycle principles, risk management (including information security), verification, and validation. Manufacturers are required to establish, document, implement, maintain, and continuously improve a quality management system that ensures compliance.
4. FDA regulatory requirements for Medical Devices and Cyber Risk Management: In addition to European risk management requirements, Euranet's expertise also extends to supporting organizations in complying with applicable FDA cybersecurity requirements for medical devices.
The Value of the Partnership
This partnership combines CAST's Software Intelligence with Euranet's expertise and experience in the application of international standards (Euranet is an accredited GS1 partner) on asset protection and cybersecurity.
The services provided by Euranet and CAST ensure that:
- Industrial machinery and medical devices are placed on the market with fewer vulnerabilities and security is taken into account throughout the entire product lifecycle, including through the use of harmonized standards to support the presumption of conformity.
- Manufacturers of machinery and medical devices document the analysis and management of cybersecurity risks throughout the entire product lifecycle, as required by European and international regulatory frameworks.
- Manufacturers of products with digital elements implement vulnerability handling processes, including component documentation and the preparation of machine-readable SBOMs.
As Gianpaolo Sara, Managing Partner of Euranet, explains: "The new regulations reflect the digital evolution that industrial machinery and medical devices have undergone over the past 20 years. To ensure health and safety, as required by the Machinery Regulation, the new regulatory framework no longer assesses only the reliability of hardware but also requires manufacturers to carry out a cybersecurity risk analysis of software. Our expertise in Information Security and Business Continuity provides our customers with the skills needed to perform rigorous risk assessments and ensure security in line with European and international regulatory requirements."
This vision is shared by Cristiano Motta, Channel Director at CAST: "In an increasingly complex regulatory environment, companies need objective evidence of software security. The collaboration with Euranet combines our Software Intelligence with extensive regulatory expertise, providing manufacturers with practical support to demonstrate compliance, reduce risks, and turn digital security into a real competitive advantage.“
Profiles
Euranet is a company specialized in Compliance Management with more than twenty years of international experience across more than 10 countries, serving primarily medium-sized and large organizations. The company also provides consulting services in Information Security, Business Continuity, Asset Protection, Cybersecurity, and supports customers in managing and controlling organizational processes, enhancing the value of their assets, and achieving compliance with laws, regulations, and international standards.
CAST is a global leader in Software Intelligence that automatically analyzes software to identify vulnerabilities, critical components, and compliance risks. CAST's solutions support manufacturers of smart machinery by providing objective evidence of software security. Through integration with GenAI, CAST enhances application data analysis, facilitating the automated generation of SBOMs, the identification of vulnerabilities, and the improvement of cyber resilience throughout the entire product lifecycle.