For our USO team, embedded world was new territory. This was my first time attending the international gathering of the embedded community in Nuremberg. I took in everything I could related to safety and security in industry—and I’m happy to share a few key takeaways.

embedded world in beautiful Nuremberg is considered one of the world’s leading meeting points for the embedded community. The audience—made up of experienced developers, project managers, and product managers—is eager to learn, on the lookout for new ideas, interested in innovation, and ready to dive into in-depth discussions. What makes the event so appealing is its balanced mix of exhibition and technical conference. It combines theoretical insights with practical perspectives.

Traditionally, the trade fair has a strong technical focus—microcontrollers, embedded software, real-time operating systems, and hardware platforms dominate many conversations. Forward-looking products in these areas are presented, and process optimization is a major topic. But this year, one thing stood out especially clearly: one topic ran through almost every area of the event—security.

The main reason is the growing risk created by the sheer number of tools and technologies now in use. As machines, sensors, and IT systems become increasingly interconnected, the attack surface in industrial environments keeps expanding. Where production systems once operated largely in isolation, they are now part of complex digital ecosystems. Machines communicate with cloud platforms, data flows between companies, and digital services access production-related information.

Regulatory developments are also playing an important role. European initiatives such as the Cyber Resilience Act (CRA), along with stricter requirements for software supply chains, are forcing manufacturers to integrate security considerations more deeply into their development processes.

One message came through again and again: security is no longer a downstream IT issue. Security strategies and measures are now a fundamental prerequisite for digital industrial applications. And in many cases, they do not just provide protection—they also deliver an efficiency boost. Anyone developing industrial systems in the future will not be able to avoid these topics.

Regulations such as NIS2 and the CRA were just as prominent as the EU’s requirements for battery lifecycle management. Congratulations once again to Markus Soppa and Sven Feuchtmüller from ioncentric GmbH, whose very first product won an award right away.

But the CRA was clearly in the spotlight. The acronym was displayed at a wide range of booths. That made one thing obvious: awareness around topics such as software supply chain security, vulnerability management, and the related documentation—including Software Bills of Materials (SBOMs) and risk assessment—has grown significantly. That said, industry is not left to deal with these challenges alone. Providers such as our partner ReversingLabs, which is a leader in software supply chain security and especially in the SBOM space, can offer fast support.

Device identity and its protection also appeared repeatedly at chip manufacturers such as Infineon, NXP, and Renesas. The range went from very simple “serial number on a chip” products all the way to dedicated TPM chips and secure elements featuring tamper protection and cryptographic methods for validating authenticity. Have these technologies already reached broad adoption? From my perspective, not yet—the unit costs still seem too high for this kind of physical trust anchor for digital systems to become a real standard.

What surprised me most was the topic of line-speed encryption without key exchange. A Chinese vendor presented an inline encryption solution for production networks with minimal latency and without the shared-key problem. The bold claims on the booth display had caught my attention, but I was highly skeptical about whether the concept had actually been implemented in a meaningful way. After speaking with the CTO and founder, though, I was genuinely impressed by how innovatively the solution had been built. Respect. As a German electronics provider, I personally would still hesitate to integrate a proprietary cryptographic system from a Chinese vendor—but it was impressive nonetheless.

Pablo’s presentation also made an important point: the visually flashy 3D digitization of entire production facilities is often simply digital overkill and consumes too much energy. I think the limited-reality approaches from FERAL make sense, even though I still believe the so-called “world models” being pursued by AI vendors are generally the better path. Rather than trying to simulate the entire world, it would be far more efficient for AI to understand fundamental physical principles.

My personal highlight came on the final day. As part of the Digital Twin Track, I had the opportunity to take the stage first thing in the morning and draw attention to an important topic. Have you heard of the Asset Administration Shell, or AAS? If not, you are in good company. Although digital twins are already widely discussed, there is still a lack of standards that would take connectivity to a much more efficient and secure level.

That is exactly why the AAS was developed as a standard. If you would like to learn what the AAS does and what advantages it offers, take a look at the blog post by umbrella.associates: “Security First: Why Digital Twins Need a Trusted Foundation.”

• Digitalization is only just beginning.
• Digital twins, asset administration shells, and simulation are the future—but every simulation has its limits, as the Formula 1 example shows.
• Real-world physical testing under real conditions—whether in the Arctic or the desert—will remain essential.