Experts at 2N discuss how robust cybersecurity builds lasting trust beyond compliance ahead of the EU’s Cyber Resilience Act (CRA).
Cyber breaches directly affect physical security, which is why the EU’s Cyber Resilience Act (CRA) is set to redraw the rules for every digital intercom and access control device sold in Europe.
With 54% of organisations worldwide already experiencing an IoT‑related security breach and with 60% of those incidents linked to unpatched vulnerabilities, experts at 2N argued that simply meeting minimum requirements for regulatory compliance is not enough.
Companies will be required to report actively exploited vulnerabilities and major incidents for digital products from September 11 this year.
Violations can result in fines of 2.5% of a company’s worldwide annual turnover with a maximum fine of EUR 15 million.
Cybersecurity standards will be required to match the rich innovation of product features, improving product design, support lifecycles, slow patching and insecure default settings.
“We manage to stay on top”
Michal Kratochvíl, CEO of 2N commented: “Cybersecurity doesn’t start with technology, but with awareness and a culture of responsibility.
“By integrating robust frameworks and transparent vulnerability management processes, we manage to stay on top of regulation.
“New directives are usually in line with the practices we have been sustaining for years,” Kratochvíl concluded.
Secure by Design
CRA requirements can be met through a commitment to sourcing secure components and using EU-approved microchips and suppliers.
As the Access Control Market is expected to grow from USD 10.62 billion in 2025 to USD 15.80 billion by 2030 [MarketsandMarkets], customers are more inclined to invest in manufacturers committed to rigorous supplier due diligence and security assessments that ensure full supply-chain transparency.
2N’s systems not only exceed these expectations, but products like the 2N IP Verso intercom seamlessly integrate into a building’s existing infrastructure, with smart features allowing users to open doors using their smartphone, even when they are not at home.
When one of New York’s most high‑profile universities tasked 2N with developing a completely unified Security Centre for its 18,000 students, 2N’s priority was to deliver a cyber‑secure, remotely-controlled system that enabled dispatchers and campus police to monitor and manage incidents in real time, without the possibility of leaking sensitive biometric data.
The configuration and management of the complete access system is ensured by 2N Access Commander. Through the graphical user interface, access permissions and specific functions are set in bulk, such as who has access to specific doors or zones.
In due course, it would also be possible to add a time and attendance system which records the attendance of employees and can be viewed via the web interface or exported to an XLS or CSV file.
“Situationally aware of what’s happening on campus before, during and after”
Dave Martin, Security Infrastructure and Support Department for Binghamton University said: “Our device count continues to grow and evolve in response to the degree of threats we’re seeing on our campus and across the country.
“Our goal is to make sure the technology helps our university police department stay situationally aware of what’s happening on campus before, during and after any kind of critical incident.”
Vulnerability handling and building trust
CRA’s vulnerability reporting requirements will be mandatory from 11 September 2026 and will require manufacturers to establish formal processes for identifying, triaging and communicating security issues, creating accountability beyond simple fixes.
For manufacturers, showcasing vulnerabilities should no longer be seen as a weakness – it’s how you build trust with customers securing mission-critical environments.
Companies should embed this discipline into their operations ahead of regulatory timelines, maintain a dedicated vulnerability management section on their website and outline how researchers and customers can report issues.
2N revealed that it has recently became the first manufacturer in its field to be recognised by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
“Building even greater trust”
Kratochvíl added: “In recent years, we have been contacted by security researchers, agencies and customers reporting potential vulnerabilities in our products.
“By becoming a CNA, we can now respond faster and share verified information directly, building even greater trust with our partners.”
Commitment to long-term support
One of the most practical messages in CRA for buyers is simple: don’t buy connected products without clear update and support commitments. Companies must be clear about their long-term support, not just at the point of sale but over the entire lifecycle of the device. In access control, that means specifying how many years of security updates a product will receive, how end‑of‑support is handled and what mechanisms exist to deliver critical patches quickly and safely.
“Second-most successful intercom ever”
Tomáš Vystavěl, Chief Product Officer at 2N stated: “We offer a five-year warranty on all products.
“One of our newest products is 2N IP Force 2.0, an upgrade of 2N’s second-most successful intercom ever.
“From schools in New York to the F1 Circuit in Belgium, it found a global popularity due to its extreme resilience.”
He continued: “The new generation of 2N IP Force retains its trademark durability but has a range of new features thanks to the Axis ARTPEC-8 chipset, something our customers have been asking for.”
Why customers choose proven cybersecurity
Access control systems have not always been at front of mind when it comes to cybersecurity, but given the potential impact of cyber attacks on companies, it is vital to choose a system that includes the use of encryption to protect communications between devices, authorises access to the device and its API and ensures no back doors for ‘maintenance purposes’.
Data centres, office buildings and luxury build-to-rent structures use 2N’s systems for seamless guest access while protecting staff-only areas.
Thousands of schools rely on them for visitor management and emergency communication.
At high-profile sports venues like the Belgian Formula 1 track, Spa-Francorchamps, rugged outdoor intercoms withstand demanding conditions while remaining securely integrated.
Since becoming part of Axis Group in 2016, the Czech company said that it has been building systems around secure EU and NDAA-compliant components, long‑term support and transparent vulnerability handling, aiming to go beyond the baseline that CRA will enforce.
