Claus Westenberger, DKE Project Manager Components & Technologies
| DKEVDE dialog: While VDE is currently outlining in its position paper “Hidden Electronics” what needs to be done to strengthen the chip industry in Germany and Europe, DKE is working within the EU project “Trusted Chips” on more regulation of this industry. A contradiction?
Claus Westenberger: No, quite the opposite. Political regulation, which sets the direction, and technical standardization, which ensures practical implementation, go hand in hand. They complement each other. At the moment, every company is working on its own solutions to fix problems. With Trusted Chips, we want to pool and coordinate these approaches. The goal is to define chips that can be trusted—chips that reliably do what they are supposed to do.
So standardization here is not a burden, but actually meant to help the industry?
Exactly. In this case, it’s first about creating a shared definition of what a trustworthy microchip actually is. Take the example of an airbag: it must not just deploy at 110 miles per hour simply because someone hacked the system. But it should definitely deploy if I drive into a wall. For this, we need clear definitions of when and how a product should function.
What exactly is the goal of the Trusted Chips project?
The project focuses on the standardization and certification of secure, trustworthy microchips. The aim is to define cybersecurity, authenticity, and reliability requirements for chips that play a key role in many safety-critical industries such as energy, healthcare, transportation, and IT. DKE is leading the project under the umbrella of the European standardization organizations CEN and CENELEC. The end goal is a kind of European roadmap that identifies standardization gaps and proposes concrete measures for a unified certification process—also in the context of the EU Cyber Resilience Act.
Is Trusted Chips just another buzzword, or will it really change something?
In many cases, standardization is part of a new movement that hasn’t yet spread across the entire market. I firmly believe that in five or ten years, Trusted Chips will be an established concept and that it will indeed make a difference. Which doesn’t mean the topic isn’t already highly relevant—microchips have been around for quite some time. I like to compare it to the term cybersecurity: the topic was already important back when we still called it IT security.
Where do you see the biggest challenges right now?
It’s about safety and reliability along the entire value chain—from development and production to use and even beyond. Keywords: reuse and recycling. Every company has its own quality standards. What’s missing is a shared foundation everyone can refer to. We don’t want to prescribe specific technology, but rather define requirements. That creates transparency: users should be able to verify whether a chip meets certain requirements and whether it has been tested.
Trust through transparency?
Exactly. If I know where a chip was manufactured, with what materials and under what conditions, I’m more likely to trust it. If I buy a component from a reseller that supposedly does everything but has never been tested, that’s a risk. Especially for critical applications, trust is essential.
So it depends on the application?
A chip in an electric toothbrush has different requirements than one in an airplane. You have to consider—and this applies to the Cyber Resilience Act as well—the level of security needed in each case. Otherwise, you risk overregulation. And, of course, there’s always a price tag attached: ideally, you’d have maximum security at zero cost, but that’s not how it works. You have to set priorities.
Who are the key players in the project?
We have a central project team and a steering committee that meets regularly. The project includes a balanced mix of experts from leading chip manufacturers, suppliers, and users, as well as smaller companies and associations. The idea is to jointly establish a solid first foundation for new standardization efforts.
The project runs until the end of the year. What will be achieved by then?
Our project is essentially phase one. We are laying the groundwork for the actual standardization work in phase two. This includes a definition of Trusted Chips, an analysis of existing standards—we’ve identified around 150 relevant ones—and an assessment of where the gaps are. The result will be a document that can serve as a foundation for standardization processes.
So the actual standardization work only begins after that?
Not exactly. Committees are already active and involved, even though our first phase isn’t fully completed or published yet. The field is simply developing very quickly, and the technology is advancing in parallel.
Doesn’t that mean standardization is inevitably lagging behind?
It may seem that way. But thanks to the direct involvement and expertise from the market, standardization is in fact up to date. Normally, developing a standard takes about two years because it requires broad stakeholder involvement—here, from across different EU countries. The process is complex, but necessary. Anyone trying to speed things up with a “quick and dirty” approach risks serious quality issues. Standards must be developed with the utmost care—they form the basis for safety, legal compliance, and marketability of technical products. A rushed process undermines their acceptance and long-term viability.
