Aligned with the guidelines of the Cybersecurity Act and the existing guidance on cybersecurity for medical devices, ENTRUST envisions a Trust Management Architecture intended to dynamically and holistically manage the lifecycle of connected medical devices, strengthening trust and privacy in the entire medical ecosystem. Even from the proposal stage, ENTRUST has identified gaps and necessary revisions of the current guidance (e.g., absence of post-market conformity and certification, real-time surveillance and corrective mechanisms – see 1.2.2). Towards that ENTRUST will leverage a series of breakthrough solutions to enhance assurance without limiting the applicability of connected medical devices by enclosing to them cybersecurity features. The project will introduce a novel remote attestation mechanism to ensure the device’s correct operation at runtime regardless of its computational power; will be efficient enough to run in also resource-constrained real-time systems such as the medical devices. This will be accompanied by dynamic trust assessment models capable of identifying the Required Level of Trustworthiness (RTL) per device and function (service) that will then be verified through a new breed of efficient, attestation mechanisms (to be deployed and executed during runtime). This will also enable us to be aligned with the existing standards on defining appropriate Protection profiles per device (especially considering the heterogeneous types of medical devices provided by different vendors with different requirements) including Targets of Validation Properties to be attested during runtime. The motivation behind ENTRUST is to ensure end-to-end trust management of medical devices including formally verified trust models, risk assessment process, secure lifecycle procedures, security policies, technical recommendations, and the first-ever real-time Conformity Certificates to safeguard connected medical devices.

AIDPATH (Artificial Intelligence-driven, Decentralized Production for Advanced Thera-pies in the Hospital) is a high-energy EU consortium, dedicated to enable and to augment the next-generation of personalized medicine at EU hospitals through the use of AI tech-nology. The exemplary embodiment of gene-engineered immune cells in AIDPATH will be T cells expressing a synthetic chimeric antigen receptor (CAR-T). These cells are already a revolutionary novel treatment in hematology and oncology, and will also be useful for treating infections and autoimmune diseases. Conventional CAR-T therapy is complicated by complex logistics from centralized manufacturing facilities, inflexible manufacturing and clinical use schemes that disregard patient and cell characteristics, thus limiting patient access and therapeutic outcome. AIDPATH will apply top-notch AI technology to integrate patient-specific data and biomarkers in CAR-T therapy, and apply flexible manufacturing schemes to obtain CAR-T cell products with optimal fitness and anti-tumor potency. AI technology will be applied in pre- and in-process controls to reduce cost and hospital resource utilization and to augment patient access. AIDPATH will establish a role model that integrates the hospital in a smart manner, incorporating aspects of logistics, capacity planning, data management and cybersecurity by design. The project is designed to enable smart ‘bedside’ provision of personalized treatments and to accomplish end-to-end automation of hospital-based CAR-T manufacture. A key deliverable in AIDPATH will be an integrated cyberphysical infrastructure for rapid dissemination of the ‘smart CAR-T manufacturing and clinical use’ concept to hospitals throughout the EU. AIDPATH brings together a world-class consortium to address these challenges, consisting of key opinion leaders in science and translational medicine, innovative SMEs and commercial partners, patient advocates, policy makers and regulatory experts.

COBALT proposes the introduction of a Common Certification Model (CCM) for European industries, leveraging existing standards and composing a unified cybersecurity namespace for ICT processes. The proposal will uphold the paradigm of Digital Twinning (DT) via the creation of Digital Threads and extend it in a vertical agnostic approach across different industries, including Quantum computing (involving FHG’s Quantum Computer) and I4.0. The COBALT DT will explore technology disruption mainly focusing on AI and High-Performance Computing (HPC) via the analysis and certification of Quantum Processing Oracles (a Quantum Computer exposure operation that is used as input to another algorithm), and how different enablers of these paradigms can be certified in a vertical agnostic manner. Quantum is destined to play a pivotal role in Europe’s AI and Computing sovereignty, thus protecting such infrastructure and its relevant processes (Quantum Oracles), should be of top priority. Along with common information models, COBALT acknowledges the importance of trusted information exchange a critical feature for an effective certification process across different industries, especially regarding cybersecurity. Therefore, COBALT will focus on the integration of International Data Spaces (IDS) primitives as a basis for the data sharing platform across different stakeholders. IDS currently proposes different models and procedures to share information and data across different spaces in a trusted manner between two parties, this can facilitate the process to build a trusted end-to-end certification framework across different industry stakeholders. Finally, COBALT aims to build a decentralized solution to further accelerate technology adoption and harmonization for the different use cases to be adopted. For the proposed CCM to function as a long term and sustainable European solution for certification, it needs to adapt and flex according to different environment conditions.

Cybersecurity certification as introduced by the EU Cybersecurity Act (EUCSA) will play a crucial role in increasing the trust to and security of ICT Products, ICT Services and ICT Processes. Cybersecurity certification is a complex process, posing a variety of challenges to the different interested parties. This proposal introduces the CUSTODES, a system comprised of a variety of components with the aim to provide trustworthy, cost-effective, agile and portable conformity assessment capabilities, to a variety of interested parties, covering multiple Assurance levels of Composite ICT products or ICT services. The CUSTODES system will discover and translate certification information of the Building Blocks of the composite ICT products or Services under evaluation, will provide Certification information to the interested parties and will share information on newly identified vulnerabilities related to the specific blocks or composite products as needed increasing transparency, re-usability and trust. It will also utilize a Restricted & Trusted Execution (RTE) Environment, to ensure the chain of custody of the product under assessment. CUSTODES will be validated in three pilots, a) one of two Class I composite products with digital elements, b) one of an ICT product with an embedded AI component and c) a final one of the as-a-service functionality through EIT Digital extensive digital ecosystem. The CUSTODES project is built on a collaboration of 17 organisations from 11 EU member states and third countries. The Consortium which includes 3 Conformity Assessment Organizations is composed by 10 SMEs, 3 large industry partners, 2 research organizations, and 2 public organizations/associations. The Consortium is led by RISE which has extensive experience in national and European research projects, and numerous collaborations with industrial partners.

Along the whole value chain in using data for economic purposes, guidelines and tools are required to make the business of the different stakeholders successful, and the end-users confident that none of their rights are endangered. CERTAIN addresses these needs and delivers solutions for data holders, dataspaces and AI systems providers, and AI systems deployers, which are the primary actors of the data and AI value chain. They must be compliant with applicable European regulations, must reach this compliance in a timely manner, and at reasonable cost. CERTAIN delivers guidelines and technical tools to help with compliance, to assess data quality, to measure biases in datasets, and to protect privacy. CERTAIN sets the foundation of AI certification: it translates the regulations to business terms, builds a directory of certification entities per business, develops a platform to streamline the certification process, and tools for AI system providers and certification entities so that they could respectively prepare and run a certification process. In case of security breach, not only privacy may get compromised, but also AI models may become useless and lead to extremely damageable decisions. To make sure that AI-based products are of high quality and reliability, CERTAIN develops security tools and methods, specifically suitable for dataspaces and AI systems. CERTAIN addresses the environmental footprint of the AI value chain. Innovative techniques are elaborated to reduce energy consumption when building and running AI systems. This is beneficial not only for the green deal but to reduce cost for AI stakeholders. As importantly, CERTAIN considers the end-users perspective, and provides templates and guidelines that may be used by AI systems deployers to reassure end-users on the use of their private data. The project tests its results on seven operational pilots in six different business areas, considering all the actors along the AI value chain.