ONEKEY vs DEKRA
ONEKEY
ONEKEY operates the ONEKEY Product Cybersecurity & Compliance Platform, which performs automated firmware analysis, SBOM generation, vulnerability detection, and zero-day discovery. Its Compliance Wizard maps product evidence against the CRA and other frameworks, and its CRA Fast Start program structures readiness assessment, SBOM creation, vulnerability management, and continuous monitoring. ONEKEY (formerly IoT Inspector) is part of PwC Germany's investment portfolio.
Pros
- Automated, platform-driven firmware/binary analysis rather than purely manual consulting
- Purpose-built CRA Compliance Wizard covering multiple product-security regulations in one tool
- Strong European product-security positioning, backed by PwC Germany investment
- Continuous monitoring across the product lifecycle, not a one-time audit
Cons
- Software/platform-led: provides tooling and evidence, not formal conformity assessment or CE certification (not a notified body)
- No public pricing
- Technical product analysis focus; legal/organizational process consulting lighter than at full TIC firms
Pricing: Custom (contact sales)
DEKRA
DEKRA is the world's largest non-listed testing, inspection, and certification body, with a product-cybersecurity practice covering the full product lifecycle. It provides CRA readiness strategy, training, and turnkey projects, plus evaluation services mapped to harmonized and draft standards. DEKRA is an accredited ITSEF and Certification Body for the EUCC scheme and is set to become a CRA Notified Conformity Assessment Body, with notification beginning June 2026.
Pros
- Accredited EUCC ITSEF and Certification Body, directly relevant to CRA higher-assurance routes
- Prior Notified Body experience under the RED Delegated Act
- Broad scheme coverage: EUCC, Common Criteria, FIPS 140-3, SESIP, IEC 62443, EN 18031, MDSCERT
- World's largest non-listed inspection body (~48,000 employees) with dedicated cybersecurity labs
Cons
- CRA Notified-Body notification only begins June 2026 — formal CRA conformity certificates not issuable before then
- Large enterprise TIC firm with formal, certification-led engagements
- No public pricing
Pricing: Custom (contact sales)