Loading overlay
search
location/language
Menu button back to Home page
Header image Energie-to-Components
The Carlo Gavazzi Group
back

Cybersecurity

Information Security Statement – Carlo Gavazzi

Carlo Gavazzi Automation (hereinafter “the Company”) is a globally active organization specializing in the design, manufacturing, and marketing of electronic equipment for industrial and building automation. As a modern and forward-looking enterprise, the Company recognizes that ensuring the security and resilience of its operations is essential to delivering value to customers, partners, and stakeholders worldwide.

In an increasingly complex and interconnected digital environment, where cyber threats are growing in scale and sophistication, the protection of information through the preservation of its confidentiality, integrity, and availability is central to the Company’s strategy. This is especially relevant given the Company’s role as Important Entity under the NIS2 Directive.

To address these challenges and meet the expectations of regulators and clients, the Company has taken significant steps to strengthen its cybersecurity posture. Carlo Gavazzi has already achieved the IEC 62443-4-1 certification for its Operational Technology (OT) systems, demonstrating a high standard of industrial cybersecurity and it is now actively working towards an ISO/IEC 27001:2022 certification for its Information Technology (IT) systems, further reinforcing its commitment to a robust and holistic approach to information security.

To support this direction, the Company is committed to the following objectives:

  • Ensure the confidentiality, integrity, and availability of information processed within the organization, supporting the secure delivery of its technologies and services;
  • Protect the data and interests of customers, employees, third parties, and business partners;
  • Build long-term, trust-based relationships with clients and stakeholders, positioning the Company as a reliable and secure market player;
  • Proactively respond to the evolving cyber threat landscape, with particular focus on the prevention of data breaches and business disruptions;
  • Optimize resource allocation and security investments based on risk assessments to minimize operational impacts;
  • Comply with all applicable legal and regulatory requirements, including those set by the GDPR and the NIS2 Directive.

To achieve these goals, the Company has already implemented a comprehensive Information Security Management System (ISMS) aligned with the NIS2 requirements and inspired by the ISO/IEC 27001:2022 standard. This system is supported at the highest levels of the organization and is embedded across the Company’s R&D, Sourcing, and National Sales entities.

Our commitment to information security is not only a matter of compliance, but a key enabler of innovation, operational excellence, and long-term growth.

Cybersecurity: Protect the future of your automation

In today’s digital landscape, cybersecurity is a fundamental requirement—especially for critical applications such as energy management and industrial automation. Proactively preventing cyber threats is essential not only to reduce maintenance costs, but also to ensure robust data protection and secure system communications.

New regulations, such as the Cyber Resilience Act (CRA), are introducing stricter requirements that impact both end users and product manufacturers.

Our certified cybersecurity products and processes are designed to meet the highest industry standards and comply with the latest regulatory frameworks. We deliver reliable data protection and operational safety across a wide range of industrial applications, helping our customers safeguard their systems with confidence.

The importance of Cybersecurity in industrial markets

Cybersecurity has become a fundamental component in ensuring operational continuity and protecting sensitive data. The threat landscape is evolving rapidly:

Cyber threats intensified sharply from 2024 to 2025. Global cybercrime costs rose from $8 trillion in 2024 to $10.5 trillion in 2025, a 31% increase, reflecting the scale and sophistication of attacks.
While the average cost of a data breach slightly decreased (from $4.88M to $4.44M) due to faster AI‑driven incident response, the overall threat volume and complexity grew significantly

The impact of a cyberattack can be severe:

• Financial and technological losses
• Reputational impact
• Legal consequences and compliance risks

Carlo Gavazzi’s Cybersecurity solutions

At Carlo Gavazzi, we are committed to providing secure, innovative solutions that protect industrial infrastructures and support full regulatory compliance.
 

Certified products and processes

  • UWP 4.0 and UWP 3.0: Certified to UL IoT Security Rating - SILVER Level(UL Verified IoT Device Security Rating), ensuring a high level of cybersecurity protection for building automation and energy management applications.
  • EMS 1.0: Certified to UL IoT Security Rating – SILVER Level (UL Verified IoT Device Security Rating), ensuring a high level of cybersecurity protection for energy monitoring applications across industrial, commercial, and residential environments.
  • Certificate of IEC 62443-4-1 conformity: Carlo Gavazzi is certified for the development of cyber-secure products, ensuring compliance with internationally recognized industry standards and cybersecurity best practices.

Scalable and Certified Management

  • CERT@VDE: As an official Computer Emergency Response Team partner, we actively monitor and manage cyber threats and security incidents to protect our systems and customers.
  • MAIA Cloud: A secure remote access platform for fleet management and monitoring of EDGE devices, providing safe and reliable connectivity for industrial operations.

A Secure Ecosystem: EMS 1.0 + UWP 4.0 + MAIA Cloud

Together, EMS 1.0, UWP 4.0, and MAIA Cloud enable you to:

  • Manage secure remote access to the EMS 1.0 or UWP 4.0 embedded web server.
  • Perform remote configuration, maintenance, troubleshooting, and firmware updates at unit or fleet level for EMS 1.0 and UWP 4.0 devices.
  • Carry out advanced diagnostics on edge units (UWP 4.0 or EMS 1.0) or connected meters using UWP 4.0’s gateway functions and UCS (Universal Configuration Software).
  • Connect to third-party devices within the EMS 1.0 or UWP 4.0 local network via the integrated VPN gateway.

Why choose Carlo Gavazzi

Cybersecurity isn’t just a feature—it’s a continuous process. With Carlo Gavazzi, you benefit from:
 

  • Security by Design – Integrated security from the ground up, including advanced vulnerability management
  • Dedicated patching – Ongoing protection throughout the product lifecycle
  • Full compliance – With European and international cybersecurity regulations

Need Help or Experiencing a Cyber Threat?

Reach out to us using our dedicated email address: Itsecurity@gavazziautomation.com to report an issue or request support. Please specify the product or threat type to help us provide fast and relevant assistance.

Products’ certifications

UWP40RSEXXXSE

EMS10

UWP30RSEXXXSE