Security begins on the circuit board

Safety starts on the circuit board and is non-negotiable Cover image blog article

Why blind outsourcing becomes a strategic risk

Printed circuit boards are often regarded as commodities - interchangeable, comparable, price-driven.
But this view is dangerous. Because Modern electronics are safety-critical, and printed circuit boards are their physical foundation.

Current studies and statements from the industry, associations and security authorities clearly show this:
👉 Anyone who buys PCBs purely on the basis of price is putting their intellectual property, their ability to deliver and, in case of doubt, even national security interests at risk.

PANDA study X-ray image of the BSI
Source: BSI

Distributed manufacturing = distributed risk

The PANDA study by the German Federal Office for Information Security (BSI) analyzes in detail how hardware manipulations are possible along globally distributed manufacturing processes.

The key finding: manipulation can be carried out in almost every each phase The development of electronics can take place at any time - especially where external partners have access to design, layout or production data.

PCB production and assembly are particularly critical, as the complete circuit logic can be derived from layout and assembly data, the system architecture can be reconstructed and hidden additional components can be technically implemented.

Manipulation is not always evil - sometimes it's just „cheap“

An important point from the BSI study: not every vulnerability is intentional. Poorly understood designs, a lack of security know-how or inadequate process control can also make systems massively vulnerable. System-related vulnerabilities or inadequately controlled supply chains are often enough to create security-critical risks.

Thus, in Norway known that Chinese electric buses could theoretically be influenced or deactivated remotely via integrated diagnostic and update functions - simply due to their system architecture. (Source)

In Denmark suspicious, undocumented components on printed circuit boards for infrastructure technology for safety tests, even before the devices went into operation. (Source)

And current global analyses show that Attacks on hardware and electronics supply chains on the rise - often via firmware updates, hidden interfaces or insufficiently controlled manufacturing processes. (Source)

Price-driven outsourcing increases precisely these risks - regardless of the intention to spy.

The circuit board is IP - not „sheet metal with copper“

One point that has long been underestimated in the public debate is now being openly acknowledged.
Dieter G. Weiss (data4pcb / in4ma) explicitly warns against the Security implications of outsourced PCB manufacturing. This was triggered, among other things, by US investigations into Hidden communication modules in Chinese inverters, that could potentially influence electricity grids.

„If energy technology is already affected, the risk is exponentially higher for military or safety-critical electronics.“

Dieter G. Weiss

Europe continues to produce a significant proportion of its safety-relevant printed circuit boards outside its own legal and control area - a situation that exists neither in the USA nor in Russia.

Energy power supply units CU-IMS Application

Europe's blind spot: industrial dependency

The Report „Securing the Electronics Value Chain“ of the Global Electronics Associations (formerly IPC) shows the strategic dimension:

  • only 6 % of the defense-related printed circuit boards are manufactured in the EU
  • about 80 % of the PCB requirement of Europe are imported - predominantly from Asia, with China as the central production location.
  • Printed circuit boards are explicitly Strategic, IP-carrying components

Without in-house production, there is no real control or resilience, nor any technological sovereignty.

European printed circuit board manufacturer

„€5-PCBs“ - what is the real price?

Dirk Stans (Eurocircuits) sums it up drastically but aptly:
Extremely cheap or even free PCB offers are Not a business model - but a data collection model.

Because already PCB layouts, parts lists and assembly data reveal the functional principles, key components used and technological focuses of entire industries, according to the PANDA study. With thousands of European designs per week, this creates a Unique data pool on Europe's innovation landscape - including relevant technologies, leading developers and future products.

And that completely legal, because many companies transmit their data voluntarily - driven by price.

NIS-2: Supply chain security becomes mandatory, not optional

The ZVEI statement on the implementation of the NIS 2 Directive makes clear:
Cybersecurity no longer ends at your own IT - it includes the entire supply chain.

Key points:

  • Companies are liable for security risks at suppliers
  • Critical components must be transparently assessable
  • Suppliers must comply with verifiable safety measures

In concrete terms, this means for printed circuit boards:
👉 Origin, processes and data access become relevant for regulatory purposes.

Anyone who buys solely on price today risks compliance problems, liability issues and even exclusion from safety-critical projects tomorrow.

What you should ask yourself

As a PCB manufacturer, we see it as our responsibility to issue clear warnings. Not ideologically - but based on facts.
  • Who has access to my layout, parts list and assembly data?
  • In which jurisdiction is this data processed and stored?
  • Can my supplier demonstrate process security, traceability and confidentiality?
  • Is my purchasing department NIS-2 and CRA-compliant?
  • Am I really saving - or am I just shifting risks?

Our appeal

Printed circuit boards are not anonymous commodities. They are carriers of function, intellectual property and responsibility. Anyone talking about secure supply chains today has to talk about PCBs. And anyone talking about secure PCBs has to talk about manufacturing. As European printed circuit board manufacturer we are at this very interface every day: between design and product, between data and material, between efficiency and safety. We know from practical experience that layout data is sensitive, parts lists are strategic and process deviations are risks. The origin is not a detail. That is why Safe printed circuit board production For us, production in the European legal and security area with controlled, transparent processes to protect sensitive design and production data. Close coordination with our customers is particularly important to us - from development to series production.

Security is not an abstract value.
It is a result of attitude, vertical integration and responsibility.

Especially in times of geopolitical tensions, increasing regulation (NIS-2, CRA) and growing digital threats, Europe needs industrial substance, technological expertise and reliable partners.

We see ourselves as more than just a manufacturer of printed circuit boards.
We see ourselves as part of Europe's security infrastructure.

If you want to develop secure electronics, you need a partner,
security is not treated as an option - but as a prerequisite.

LinkedIn
E-Mail
Print

Contributed by

Bild von Tobias Behnert

Tobias Behnert

All contributions