SEALSQ is dedicated to maintaining the highest standards of cybersecurity to safeguard its operations, assets, and stakeholder interests. In an era where digital threats continue to evolve, SEALSQ recognizes the paramount importance of cybersecurity in preserving the integrity, confidentiality, and availability of its critical information and systems.

SEALSQ’s commitment to cybersecurity is rooted in a proactive and strategic approach that aligns with the Semiconductor industry’s best practices and regulatory standards. SEALSQ views cybersecurity not only as a compliance requirement but as an integral component of its corporate responsibility to protect the trust of its shareholders, customers, and partners place in SEALSQ.

Below is an overview of SEALSQ’s cybersecurity governance, policies, and practices. SEALSQ aims to demonstrate its resilience against cyber threats, articulate the measures it has in place to mitigate risks, and emphasize its ongoing investments in cybersecurity to adapt to the evolving threat landscape.

By integrating cybersecurity into SEALSQ’s corporate culture, SEALSQ strives to maintain a secure and resilient environment, fostering trust and confidence among stakeholders. SEALSQ believes that transparency in its cybersecurity practices enhances its overall risk management strategy, and it remains committed to continuously improving its defenses against cyber threats.

Overview

SEALSQ recognizes the critical importance of cybersecurity in today’s digital landscape. As an integral aspect of its risk management strategy, SEALSQ maintains a comprehensive approach to cybersecurity to protect its operations, data, and stakeholder trust.

Policies and Procedures:

Under its global security policy, SEALSQ has implemented robust cybersecurity policies and procedures that address the identification, protection, detection, response, and recovery from potential cyber threats. SEALSQ’s EDM-QMS (Quality Management System) contains over 60 policies and procedures for IT and security. Its policies and procedures are reviewed once a year, at minimum, and updated to align with the semiconductor industry’s best practices and current threats. These policies and procedures are systematically asked for on each ISO or customer audit.

Incident Response Plan:

SEALSQ has a well-defined incident response plan to effectively manage and mitigate the impact of cybersecurity incidents. With SEALSQ’s partner InQuest, a leader in cyber-defense, it has defined a main policy called Cybersecurity Response Plan to define all actions and plans to perform in case of cyberattack. It is a skeleton plan that refers to more specific procedures to help SEALSQ to take the right actions in a timely manner and address all fields, including detection, containment, investigation, rebuild and communication.

Cybersecurity Investments

SEALSQ continually invest in cybersecurity technologies, infrastructure, and training programs to enhance its ability to defend against evolving cyber threats. These investments are designed to fortify its cyber defenses and ensure the resilience of SEALSQ’s information systems. In 2025, SEALSQ spent approximately 32% of the IT budget for cybersecurity. This is expected to increase to over 38% for cybersecurity investment in its budget plan for 2026 loss.

Compliance and Regulations

SEALSQ complies with all applicable cybersecurity laws and regulations. With over 17 years of history, SEALSQ has been ISO/IEC 27001 certified, and its products have been certified under Common Criteria at EAL5+ level since 2003.

SEALSQ continuously monitors changes in regulatory requirements and promptly adapts its cybersecurity best practices to remain aligned with evolving semiconductor and security standards, including ISO/IEC 27001 (versions 2005, 2013, and the latest 2022 revision).

In addition, SEALSQ follows the recommendations and regulatory developments of Eurosmart and actively contributes to industry working groups. SEALSQ is a member of several key committees, including:

Through these engagements, SEALSQ actively contributes to the development of cybersecurity standards and ensures alignment with emerging European certification frameworks.

Third-Party Relationships

SEALSQ manages cybersecurity risks associated with third-party vendors and partners through due diligence, contractual obligations, and periodic assessments. Each year external audits are performed to SEALSQ’s main suppliers. This includes requirements for third-parties to adhere to its cybersecurity standards.

Training and Awareness

To foster a cybersecurity-aware culture, SEALSQ conducts at least yearly training programs for all employees and subcontractors to enhance their understanding of cybersecurity risks and best practices. Security induction sessions are also provided for all new employees or contractors. This ensures that SEALSQ’s workforce is a critical line of defense against potential threats.

Additionally, SEALSQ enhances its training efforts by conducting phishing campaigns through KnowBe4, a leading European provider for cybersecurity awareness training. This approach simulates real-world scenarios, helping employees identify and respond to phishing attempts effectively, while reinforcing the importance of vigilance in everyday interactions.

Cybersecurity Performance Metrics

SEALSQ monitors key performance metrics related to cybersecurity, including, but not limited to, firewalls, IPS probes (to track the number and nature of attacks), web and application usage by end users, and activity monitoring for VPN access. These metrics are reviewed weekly by the IT Director to drive continuous improvement. Additionally, general and file access control, account management, and power-user activities are monitored using the Log360 add-on from ManageEngine. In 2025, SEALSQ enhanced its infrastructure monitoring capabilities by increasing Zabbix probes by 30%, providing a more comprehensive view of its IT infrastructure. Furthermore, critical vulnerabilities are now consistently reduced to near-zero levels through weekly reviews conducted by the IT Director. All these metrics, along with other insights, are consolidated and presented during the SEALSQ Security Board meetings.

Future Outlook

SEALSQ is committed to staying ahead of emerging cyber threats and technologies. Leveraging its seat on the Eurosmart committees, it remains informed of the latest incidents, attacks, and technological advancements. SEALSQ’s future outlook involves ongoing investments in cybersecurity, proactive risk assessments, and collaboration with the semiconductor industry and cybersecurity experts, such as Inquest, to address new and evolving challenges. It is also focused on enhancing network performance by upgrading its core switches from 10Gbit to 25Gbit technology, significantly improving speed and reliability. In addition, storage capacity and performance will be improved with the implementation of a new NETAPP storage bay for hot data. Finally, SEALSQ aims to track and reduce high vulnerabilities by 70%, further strengthening its security posture.

By integrating cybersecurity into SEALSQ’s corporate culture, SEALSQ strives to maintain a secure and resilient environment, fostering trust and confidence among stakeholders. SEALSQ believes that transparency in its cybersecurity practices enhances its overall risk management strategy, and it remains committed to continuously improving its defenses against cyber threats.

Cybersecurity Governance

SEALSQ’s board of directors and management are actively involved in overseeing cybersecurity matters. The board of directors is responsible for reviewing on a regular basis and assessing cybersecurity risks and ensuring the adequacy of its cybersecurity measures.

SEALSQ’s security processes are piloted by a Global Security Director, under the supervision of a Security Board, which includes the top management of SEALSQ. Once a year, the Global Security Director reassesses SEALSQ’s cybersecurity risks and proposes to the Security Board a plan of action and budget for the year to come.