Data I/O to Acquire IAR Security Assets, Prepares for EU Cyber Act Deadline
DAIO•Data I/O has signed a non-binding LOI to acquire IAR’s embedded security IP and related assets—including the Embedded Trust and eSecIP platforms—and will take full ownership of the certificate authority, provisioning infrastructure and engineering equipment. This move centralizes security provisioning in-house and positions the company to meet EU Cyber Resilience Act requirements by December 2027.
1. Proposed Acquisition Details
Data I/O and IAR have executed a non-binding letter of intent under which Data I/O will acquire IAR’s embedded software security IP and related assets. The transaction encompasses software, source code, hardware, intellectual property, engineering infrastructure, manufacturing equipment and certifications, though financial terms and closing timing remain undisclosed.
2. Integration of Security Platforms
The acquired assets include the Embedded Trust and Secure Deploy platforms, the eSecIP toolchain, and IAR’s certificate authority and provisioning infrastructure. Full ownership will allow Data I/O to embed security provisioning directly into its programming and provisioning platforms without relying on third-party integrations.
3. Strategic and Regulatory Impact
By internalizing the complete security stack, Data I/O gains direct control over its product development roadmap, release cadence and device support. The acquisition aligns with upcoming EU Cyber Resilience Act mandates—requiring security-by-design, lifecycle updates and SBOM reporting for compliance by December 2027—giving the company a competitive and regulatory edge.
4. Ongoing Partnership and Next Steps
Data I/O will assume customer support for the acquired products and continue its commercial collaboration with IAR to deliver unified security provisioning from design through manufacturing. Following closing, the companies will maintain their strategic partnership while Data I/O advances its Programming-as-a-Service strategy with enhanced in-house security capabilities.




