Security Certifications

Espressif Systems is committed to delivering secure-by-design solutions for the Internet of Things (IoT). As part of this commitment, we pursue and maintain multiple security certifications across our product portfolio spanning both Xtensa and RISC-V architectures. These certifications validate the robustness of our platform security and assure customers that Espressif SoCs meet recognized industry security standards.

This section highlights the key security certifications achieved across Espressif SoCs and Products:

Espressif Security Certifications Summary

SoC/Product

Architecture

PSA Level 1

PSA Level 2

CLS-Ready

CSA Verified Mark

ESP32-C3 Series (includes ESP-Zerocode Light Bulb)

RISC-V

ESP32-S3 Series

Xtensa

ESP32-H2 Series

RISC-V

ESP32-C6 Series

RISC-V

Platform Security Certifications

PSA Certified Level 1

PSA Certified Level 1 (PSA-L1) is an industry-recognized certification that demonstrates a platform’s adherence to best security practices and the implementation of essential security features. It assures that the platform includes critical security mechanisms such as secure boot, software update, secure storage, and cryptographic services.

The following Espressif SoCs have achieved PSA Certified Level 1 (PSA-L1) certification:

PSA Certified Level 2

PSA Certified Level 2 (PSA-L2) provides advanced assurance by validating a platform’s resistance to scalable software attacks and the robustness of its secure execution environment. This level involves independent evaluation of runtime security features and isolation boundaries.

The following Espressif SoCs have achieved PSA Certified Level 2 (PSA-L2) certification:

CLS-Ready Certification

CLS-Ready certification, issued by the Cyber Security Agency of Singapore (CSA), confirms that a platform meets the security component evaluation criteria of the CLS-Ready framework. This certification streamlines the process for downstream product certifications and demonstrates compliance with regional security standards.

The following Espressif SoCs have achieved CLS-Ready certification:

CSA PSWG Verified Mark

The CSA Product Security Working Group (PSWG) Verified Mark is awarded to products that have been evaluated against the CSA PSWG’s global IoT security baseline. This mark indicates adherence to best practices in IoT security and provides assurance to customers regarding the product’s security posture.

The following Espressif product has received the CSA PSWG Verified Mark:

RED-DA Compliance Support

EU Radio Equipment Directive Delegated Act (RED-DA)

The EU RED Delegated Act establishes mandatory cybersecurity requirements for radio equipment sold in the EU market, with compliance required by August 1, 2025. Espressif provides comprehensive support to help manufacturers achieve RED-DA compliance through platform security features and streamlined documentation processes.

Key Compliance Requirements:

  • Network Connection Protection: Secure communication protocols and access controls

  • Personal Data Privacy: Data protection mechanisms and privacy safeguards

  • Financial Fraud Prevention: Authentication and authorization security measures

Espressif RED-DA Support:

  • Pre-Certified Firmware Platforms: ESP-AT, ESP-ZeroCode, and AWS IoT ExpressLink with built-in compliance features

  • Three Compliance Pathways: Self-declaration using Espressif templates, consultancy-assisted assessment, or full conformity assessment via approved testing labs

  • Documentation Templates: Ready-to-use risk assessment and technical specification templates

  • Partner Ecosystem: Collaboration with Brightsight and CyberWhiz for end-to-end compliance support

  • Hardware Security Foundation: Secure boot, flash encryption, and cryptographic accelerators aligned with EN 18031 standards

Implementation Resources:

Note

Certification details are subject to updates. Please contact Espressif support channel for the most recent status.