DEKRA vs pi3g

DEKRA

DEKRA is the world's largest non-listed testing, inspection, and certification body, with a product-cybersecurity practice covering the full product lifecycle. It provides CRA readiness strategy, training, and turnkey projects, plus evaluation services mapped to harmonized and draft standards. DEKRA is an accredited ITSEF and Certification Body for the EUCC scheme and is set to become a CRA Notified Conformity Assessment Body, with notification beginning June 2026.

Pros
  • Accredited EUCC ITSEF and Certification Body, directly relevant to CRA higher-assurance routes
  • Prior Notified Body experience under the RED Delegated Act
  • Broad scheme coverage: EUCC, Common Criteria, FIPS 140-3, SESIP, IEC 62443, EN 18031, MDSCERT
  • World's largest non-listed inspection body (~48,000 employees) with dedicated cybersecurity labs
Cons
  • CRA Notified-Body notification only begins June 2026 — formal CRA conformity certificates not issuable before then
  • Large enterprise TIC firm with formal, certification-led engagements
  • No public pricing

Pricing: Custom (contact sales)

pi3g

pi3g GmbH & Co. KG is a Leipzig-based firm with 16+ years building IoT devices, with a focus on embedded Linux. For pi3g the Cyber Resilience Act is an essential upcoming part of CE certification, and they help small and medium manufacturers of connected devices, firmware, and software components understand and meet its requirements. The service spans a fixed-price readiness assessment, hands-on engineering implementation support, and a full compliance package backed by legal-partner review and a single point of contact.

Pros
  • Genuine hardware/embedded background — pi3g's core business is European Raspberry Pi distribution and IoT development, so CRA advice comes from people who build the products
  • Combines technical engineering implementation with compliance, not just paper-based consulting
  • Legal review via partners adds an attestation layer beyond pure engineering
  • Free initial consultation and fixed-price readiness assessment reduce engagement risk
Cons
  • Consulting and engineering engagements with no public pricing (custom quotes only)
  • Deliberately narrow scope: embedded Linux, firmware, and IoT/SME software (not Android/iOS apps, SAP/ABAP, or Windows embedded)
  • Primarily a German/EU-market practice; not a notified or conformity-assessment body

Pricing: Free initial consultation; fixed-price readiness assessment; custom engineering engagements

Related

DEKRA Alternativespi3g AlternativesDEKRA Overviewpi3g Overview