pi3g vs ONEKEY

pi3g

pi3g GmbH & Co. KG is a Leipzig-based firm with 16+ years building IoT devices, with a focus on embedded Linux. For pi3g the Cyber Resilience Act is an essential upcoming part of CE certification, and they help small and medium manufacturers of connected devices, firmware, and software components understand and meet its requirements. The service spans a fixed-price readiness assessment, hands-on engineering implementation support, and a full compliance package backed by legal-partner review and a single point of contact.

Pros
  • Genuine hardware/embedded background — pi3g's core business is European Raspberry Pi distribution and IoT development, so CRA advice comes from people who build the products
  • Combines technical engineering implementation with compliance, not just paper-based consulting
  • Legal review via partners adds an attestation layer beyond pure engineering
  • Free initial consultation and fixed-price readiness assessment reduce engagement risk
Cons
  • Consulting and engineering engagements with no public pricing (custom quotes only)
  • Deliberately narrow scope: embedded Linux, firmware, and IoT/SME software (not Android/iOS apps, SAP/ABAP, or Windows embedded)
  • Primarily a German/EU-market practice; not a notified or conformity-assessment body

Pricing: Free initial consultation; fixed-price readiness assessment; custom engineering engagements

ONEKEY

ONEKEY operates the ONEKEY Product Cybersecurity & Compliance Platform, which performs automated firmware analysis, SBOM generation, vulnerability detection, and zero-day discovery. Its Compliance Wizard maps product evidence against the CRA and other frameworks, and its CRA Fast Start program structures readiness assessment, SBOM creation, vulnerability management, and continuous monitoring. ONEKEY (formerly IoT Inspector) is part of PwC Germany's investment portfolio.

Pros
  • Automated, platform-driven firmware/binary analysis rather than purely manual consulting
  • Purpose-built CRA Compliance Wizard covering multiple product-security regulations in one tool
  • Strong European product-security positioning, backed by PwC Germany investment
  • Continuous monitoring across the product lifecycle, not a one-time audit
Cons
  • Software/platform-led: provides tooling and evidence, not formal conformity assessment or CE certification (not a notified body)
  • No public pricing
  • Technical product analysis focus; legal/organizational process consulting lighter than at full TIC firms

Pricing: Custom (contact sales)

Related

pi3g AlternativesONEKEY Alternativespi3g OverviewONEKEY Overview