Supporting rapid compliance with RED / EN 18031 while reducing vulnerability verification workload by 70–80%
VicOne, a leading automotive cybersecurity company, has released a case study detailing how JRC Mobility Co., Ltd. successfully implemented VicOne’s automotive SBOM (Software Bill of Materials) and vulnerability management system, “xZETA.” Through this implementation, JRC Mobility achieved compliance with the European Radio Equipment Directive (RED) and the harmonized standard EN 18031 within a short timeframe, while significantly improving operational efficiency.
Background and Challenges Behind JRC Mobility’s Implementation of “xZETA”
JRC Mobility develops a broad portfolio of mobility solutions centered on wireless technologies, including ETC products and mobile locators (positioning devices) for industrial vehicles such as construction machinery and trucks, radar technologies, and mobility infrastructure.
With the RED set to take effect on August 1, 2025, compliance with the EN 18031 series of harmonized standards has become an urgent requirement for maintaining and expanding business in the European market. Within a limited timeframe, JRC Mobility needed to demonstrate the security of its software update mechanisms and prove the proper implementation of vulnerability management processes in accordance with regulatory requirements.
However, the company had no prior track record in software vulnerability verification and had to proceed by trial and error in identifying requirements. Furthermore, the task of filtering through vast volumes of vulnerability information to identify high-risk items and determining response policies was difficult to handle manually, presenting significant challenges in both effort and quality. In addition, the forthcoming Cyber Resilience Act (CRA) is expected to mandate continuous vulnerability monitoring and enhanced SBOM management, making the establishment of a cybersecurity framework capable of meeting future regulatory requirements another important priority.
Against this background, JRC Mobility adopted VicOne's automotive SBOM and vulnerability management system "xZETA." The key factors that led to the adoption are as follows.
- Outstanding speed and flexibility compared to other vendors evaluated
- Robust support structure providing not only Japanese-language technical assistance but also expertise on vulnerability assessment criteria and filtering
- SBOM generation and vulnerability management capabilities tailored to the specific configurations of automotive software
Results Achieved Through "xZETA" Implementation
Following its implementation, JRC Mobility leveraged “xZETA” to significantly streamline and optimize the vulnerability verification processes required to comply with the European RED / EN 18031 regulations.
Key outcomes include:
- Achieved full regulatory compliance within the enforcement deadline
- Reduced the workload for vulnerability identification and assessment by an estimated 70–80% compared to manual processes
- Enabled highly accurate visualization and management of OSS (Open Source Software) used in products through automated SBOM generation and SBOM-based vulnerability detection
- Strengthened the company’s security foundation to address expanding information disclosure requirements across multiple countries
For more details about the case study, please click here.
Comment from JRC Mobility
We believe that cybersecurity-related legislation will continue to evolve—not only in Europe with the Cyber Resilience Act (CRA), but also in the United States and Japan—with increasingly stringent requirements. We recognize that security by design will become a fundamental principle across all products we develop, rather than a requirement limited to specific markets.
To address this, we are actively establishing a PSIRT (Product Security Incident Response Team) within the company. At the same time, we have identified enhancing the security awareness and expertise of every individual involved in design and development as a key strategic initiative.
We believe that VicOne’s support—extending beyond the provision of tools to include educational initiatives such as seminars on cybersecurity principles and practical countermeasures delivered by security experts—will strengthen our internal capabilities and enable us to maximize the value of the tools. We look forward to creating meaningful synergies through comprehensive support spanning both technology and education.
About JRC Mobility
JRC Mobility provides ETC products, location terminals, radar-related products, and communication infrastructure equipment based on wireless technology, contributing to the development of a mobile society. Leveraging its strengths in "manufacturing quality," "outstanding technical capabilities," and "customization flexibility," the company delivers solutions across a wide range of fields including automobiles, railways, and social infrastructure.
About VicOne
With a vision to secure the vehicles of tomorrow, VicOne delivers a broad portfolio of cybersecurity software and services for the automotive industry. Purpose-built to address the rigorous needs of automotive manufacturers and suppliers, VicOne solutions are designed to secure and scale with the specialized demands of the modern vehicle. As a Trend Micro subsidiary, VicOne is powered by a solid foundation in cybersecurity drawn from Trend Micro’s 30+ years in the industry, delivering unparalleled automotive protection and deep security insights that enable our customers to build secure as well as smart vehicles. For more information, visit vicone.com.
Media Contact
Ling Cheng
ling_cheng@vicone.com
