By Marc Kavinsky, Lead Editor at IoT Enterprise Information.
With the EU Cyber Resilience Act set to make long-term safety updates necessary, Nordic Semiconductor is repositioning firmware upkeep as a predictable, upfront price by introducing a lifetime flat-rate FOTA and gadget administration license inside nRF Cloud.
For connected-device makers promoting into Europe, the dialog round firmware updates has shifted from “nice to have” to “non-negotiable.” The EU Cyber Resilience Act (CRA) would require producers to supply safety updates for recognized vulnerabilities all through a tool’s lifetime, and the compliance burden will not be solely technical. It is usually monetary and operational: sustaining replace infrastructure, planning staged rollouts, and producing proof of due diligence can create a protracted tail of price that many product groups traditionally underestimated.
Nordic Semiconductor is now attempting to make that lengthy tail simpler to price range. The corporate has launched a one-time, upfront “lifetime” license for Firmware Over-the-Air (FOTA) and gadget administration in nRF Cloud, positioning it as a means for patrons to organize for CRA necessities beginning in 2027.
François Baldassari, founding father of Memfault and VP Software program Companies at Nordic Semiconductor, framed the transfer in compliance phrases: “Preparing for compliance with the EU Cyber Resilience Act is going to add significant operational overhead and project complexity for device manufacturers,” he stated.
What Nordic is definitely providing
On the core is a pricing and packaging change: as a substitute of treating FOTA and gadget administration as an ongoing cloud subscription or forcing clients to construct and function their very own infrastructure, Nordic says nRF Cloud now affords a lifetime mannequin primarily based on a single upfront charge per gadget.
The corporate describes nRF Cloud as being pre-integrated on Nordic-based units and positioned as a turnkey basis for CRA and U.S. Cyber Belief Mark readiness, citing safe updates, auditability, and long-term help because the pillars of that strategy. Nordic additionally says the providing is out there throughout its low-power wi-fi portfolio.
From an implementation standpoint, Nordic factors to integration with its nRF Join SDK and calls nRF Cloud a “chip-to-cloud” FOTA resolution. The press launch lists capabilities that embody MCUboot (constructed into the nRF Join SDK), a worldwide FOTA supply community “optimized for low-power devices,” libraries for gateway-based updates, staged rollouts with analytics and rollback, a fleet administration console, and governance capabilities comparable to approval workflows and immutable audit logs.
Availability, as acknowledged by Nordic, covers nRF54, nRF53, and nRF52 Collection Bluetooth Low Power SoCs, in addition to nRF91 Collection mobile IoT modules. Nordic says pricing begins at $1 per gadget, relying on fleet dimension and undertaking necessities.
Why lifetime licensing issues for IoT groups
FOTA has lengthy been a technical requirement for safety and have upkeep, however regulation is popping it right into a product obligation that should survive past the preliminary deployment part. What adjustments below CRA-style expectations will not be merely that updates should exist; it’s that replace supply, traceability, and organizational course of must persist over the gadget lifecycle.
That creates friction in procurement and product planning. Subscription-based gadget administration could be simple at pilot stage, however turns into more durable to forecast as fleets develop and gadget lifetimes stretch. By providing a one-time license, Nordic is successfully proposing a special budgeting mannequin: shift a recurring operational expense into an upfront, per-device line merchandise that may be baked into BOM-adjacent economics and long-term help planning.
For OEMs and system integrators, the sensible impression will probably be felt in three locations. First, it could scale back the stress to construct and preserve a bespoke replace backend merely to fulfill compliance necessities. Second, it might simplify buyer contracts by clarifying who pays for safety maintenance over time. Third, it places extra emphasis on selecting silicon and SDK ecosystems that already embody a workable secure-update path, slightly than bolting one on late in a program.
Nordic’s announcement additionally displays a broader sample in IoT: silicon distributors more and more promote “systems” that mix {hardware}, software program tooling, and cloud providers to scale back time-to-market and lifecycle threat. In Nordic’s case, it’s leaning on the infrastructure it acquired with Memfault in 2025, stating that the nRF Cloud FOTA mannequin is constructed on infrastructure initially developed by Memfault and has been field-tested “across millions of devices.”
Whether or not lifetime FOTA turns into a brand new norm will rely upon how clients weigh flexibility in opposition to predictability. However with CRA enforcement getting nearer, the market is clearly transferring towards replace mechanisms that aren’t simply technically sound, but additionally operationally sustainable—and that’s the place Nordic is aiming this new nRF Cloud licensing mannequin.
