SGS vs pi3g

SGS

SGS is the world's largest testing, inspection, and certification company. Its cybersecurity arm, SGS Brightsight, runs accredited security-evaluation laboratories (including a facility in Graz, Austria) that assess digital products against CRA requirements and RED cybersecurity standards. SGS develops tailored CRA service packages and operates a Notified Body that can issue EU type certificates for RED Article 3(3) using EN 18031.

Pros
  • Massive global scale (~99,500 employees; ~2,500 labs/offices in 115 countries)
  • Brightsight is a top-tier security-evaluation lab with deep Common Criteria and high-assurance expertise
  • Notified Body able to issue EU type certificates for RED cybersecurity (EN 18031)
  • Accreditations including ISO/IEC 17025, plus IEC 62443 and EN 18031 capability
Cons
  • Large enterprise TIC firm — formal certification-led engagements, less suited to small or early-stage manufacturers
  • No public pricing
  • Evaluation/certification focus rather than ongoing in-house remediation engineering

Pricing: Custom (contact sales)

pi3g

pi3g GmbH & Co. KG is a Leipzig-based firm with 16+ years building IoT devices, with a focus on embedded Linux. For pi3g the Cyber Resilience Act is an essential upcoming part of CE certification, and they help small and medium manufacturers of connected devices, firmware, and software components understand and meet its requirements. The service spans a fixed-price readiness assessment, hands-on engineering implementation support, and a full compliance package backed by legal-partner review and a single point of contact.

Pros
  • Genuine hardware/embedded background — pi3g's core business is European Raspberry Pi distribution and IoT development, so CRA advice comes from people who build the products
  • Combines technical engineering implementation with compliance, not just paper-based consulting
  • Legal review via partners adds an attestation layer beyond pure engineering
  • Free initial consultation and fixed-price readiness assessment reduce engagement risk
Cons
  • Consulting and engineering engagements with no public pricing (custom quotes only)
  • Deliberately narrow scope: embedded Linux, firmware, and IoT/SME software (not Android/iOS apps, SAP/ABAP, or Windows embedded)
  • Primarily a German/EU-market practice; not a notified or conformity-assessment body

Pricing: Free initial consultation; fixed-price readiness assessment; custom engineering engagements

Related

SGS Alternativespi3g AlternativesSGS Overviewpi3g Overview