The European Union Artificial Intelligence Act (EU AI Act) is set to be fully implemented in 2026, and the Cyber ？？Resilience Act (CRA) is scheduled for 2027. Adding the Radio Equipment Directive Delegated Act (RED-DA) already took effect on August 1, 2025, those three legislative measures collectively emphasize mandatory requirements for information security and cybersecurity.These regulations strengthen the comprehensive lifecycle management mechanisms for critical applications, IT components and telecommunications, impacting corporate strategies for complying with international information security standards while providing new opportunities for next-generation technological innovation. As a globally leading standards testing and certification  organization, TUV NORD combines multiple international standards to meet comprehensive regulatory requirements, helping global enterprises address major challenges in AI, cybersecurity, and information security regulations.Eric Behrendt, Global Key Account Manager of TUV Information stechnik GmbH (TUVIT), and Chia-Hung Lin, Director of the Information Security Business Division at TUV NORD Taiwan, were jointly interviewed. This interview coincided with the relocation of TUV NORD Taiwan's testing laboratory to its new address in Kaohsiung City. Taking advantage of the new facility's inauguration. In addition to inviting industry customers to celebrate together, they introduced TUVIT's global organizational developments and its comprehensive assessment and verification services, helping Taiwan customers understand new information security standards and the laboratory's development to seize new market opportunities.TUVIT is an independent subsidiary within the TUV NORD Group, dedicated to the Digital and Semiconductor Business Unit, focusing on information security and data infrastructure resilience technologies. Established in 1995, TUVIT provides cybersecurity verification, testing, and consulting services, specializing in establishing information and networking security technology, testing hardware, software and certifying information security management systems. With the global industry's growing emphasis on and attention to semiconductor chips and network equipment information security standards compliance, TUVIT has established a robust information security environment to advance technological progress and ensure digital security.In partnership with TUV NORD Taiwan, TUVIT assists Asian semiconductor, electronics manufacturing, and OEM/ODM manufacturers in obtaining certifications for various international and national information security standards. This will include Germany Federal Office for Information Security (or named BSI) IT Baseline Protection to enhance cybersecurity with a structured framework for organizations to protect their IT systems effectively.TUV NORD Taiwan laboratory offers services for CC, FIPS 140, and FIDOTUV NORD Taiwan, together with TUVIT, has collaborated to help assisted 12 semiconductor customers in the Asia-Pacific region (across more than 20 factories) achieving the German BSI Common Criteria safety certification. TUV NORD Taiwan's Kaohsiung testing laboratory is the only laboratory in Taiwan equipped to certify three major international cybersecurity standards including Common Criteria (CC), the U.S. National Institute of Standards and Technology (NIST) FIPS 140-3 standard, and the Fast Identity Online (FIDO) standard.TUV NORD Taiwan has further expanded its services to include financial and industrial PC sectors, in addition to its existing work in semiconductors and networking, to help Taiwanese electronics manufacturers meet global compliance requirements. This expansion offers a broader range of services like product safety, information technology, and vendor assessment audits to support companies in navigating complex global standards.Meanwhile, TUVIT also has expanded more actively into emerging fields such as artificial intelligence and quantum computing certification services, which are key technologies poised to redefine problem-solving, innovation, and competitive landscapes. TUVIT supports companies in implementing these new requirements and contributes to the safety and reliability of emerging technologies in the post quantum era.As AI technologies become increasingly integrated into everyday business operations, ensuring ethical, transparent, and secure AI systems is very important. The AI Act is the first legal framework on AI, which addresses the risks of AI and positions Europe to play a leading role globally. Since 2018, BSI has reacted quickly to the rapid development in the field of artificial intelligence and created a framework that keeps pace with technological developments. This also includes intensive testing and the implementation of countermeasures. TUVIT carried out these tests and began developing and applying initial testing methods for AI applications at an early stage, Behrendt highlighted. He proudly stated that TUVIT continues to work closely with BSI to ensure compliant in AI devices keeping pace with rapid technological advancements.NIST Post-Quantum Cryptography Standards become a key role in Information security certificationUsing Quantum Key Distribution (QKD) technology as an example, Behrendt noted that the threat of quantum computer attacks on classical cryptographic mechanisms must be considered to ensure future-proof protection of information. QKD offers a promising solution by harnessing the principles of quantum mechanics to establish secure keys. TUVIT assists enterprises in following NIST-adopted Post-Quantum Cryptography (PQC) standards, providing industry testing and certification services to ensure their systems can withstand future quantum computer attacks.Of course, this also involves enterprises' information systems requiring continuous assessment and upgrades to adapt to the practical operational needs of new PQC algorithms. Current cutting-edge technological developments involving data transmission and remote data exchange all require secure certification mechanisms for assurance. TUVIT is working with global technical partners to develop testing technologies and equipment, enabling related certification work and standard development to proceed in parallel.Beyond facing new challenges such as QKD technology, customers currently face multiple certification requirements including CRA and EU AI Act standards, which inevitably leaves them feeling overwhelmed. Behrendt recently participates in three or more technical consultation meetings with customers regarding CRA standards almost every week. He observes that many customers neglect preparations from the initial stages of product design planning. He especially reminds customers of the importance of a secure internal product development framework that considers information security planning.Large or middle scale manufacturers meet multiple product line launch requirements by leveraging a common product development or manufacturing platforms that incorporates information security standards from the start. This enhances the security of specific environments and allows for the reuse of verification results when certifying products manufactured in those environments, thereby simplifying subsequent product certification processes, saving time and costs.Furthermore, regarding CRA and AI Act, he provides several strategic recommendations. First, priority attention should be given to CC for IT security evaluation and IEC 62443 for industrial automation system information security standards. Currently, these fundamental cybersecurity standards have become prerequisites for new products entering international markets. Furthermore, for consumer electronics product cybersecurity requirements, all security requirement items will require to follow ETSI/EN 303 645 IoT network security standards as important cybersecurity requirement guidelines.Since Taiwan's electronics industry consists major OEM/ODM manufacturers for global brands, TUV NORD Taiwan supports Taiwan's electronics supply chain by providing premium testing, inspection, certification, and consulting services to meet the specifications requested by global branding customers. These services help ensure that products comply with safety , quality, and cybersecurity standards across various industries, and contribute to market access and customer confidence.Behrendt sincerely advises Taiwan OEM/ODM customers that from the first day of designing products under CRA, they must consider security and information security design. If these requirements are not considered, ultimately they will still need to go back to resolve these compliance challenges. Once these basic requirements are overlooked, regulatory agencies for these new standards will impose high penalty as punishment, which will cause product brand name value and enterprises to suffer significant losses. Therefore, he recommends that enterprises need to take seriously and genuinely prepare response plans early and avoid violations. Passing certification and presenting evidence of proven effectiveness is the best product compliance strategy.FIPS 140-3 Cryptographic Module and Software Testing Compliance GuidelinesGovernment agencies in the United States and Canada require FIPS 140-series certification for cryptographic products, while Taiwan's requirements align with this international standard. This certification is mandatory for products used to protect sensitive information and ensures that cryptographic modules have been independently tested and validated for security.Since cryptographic applications involving information exchange and sharing are not limited to hardware or software, as long as they participate in encryption and decryption operations, they need to pass FIPS 140-3 certification. For example, the systems including operating system software, semiconductor chips, network routers, firewalls, and other hardware devices all require to grant the requiring certification.TUV NORD Taiwan's cryptographic module testing laboratory in Kaohsiung is the only local laboratory specifically providing testing and consulting services for this standard. Teddy Tsui, Senior Manager and FIPS 140 Lab Director, introduced that TUV NORD Taiwan laboratory obtained FIPS laboratory certification in 2014. This laboratory is also the only one in Taiwan recognized by NIST, serving ASIA customers for over ten years with expertise in the cybersecurity field. Currently, the laboratory can perform FIPS 140-3 testing for three types of cryptographic validation including hardware cryptographic modules, software algorithms, and entropy sources. Meanwhile, this lab also provides customer consulting and educational training.Credit: TUV NORDTsui explained that the Cryptographic and Security Testing (CST) laboratory only conducts testing and issues test reports for a FIPS 140 standard certification. But the NIST is the authority that issues the formal certification or validation. Talking about the time consuming for hardware cryptographic modules, the process will include checking design process documentation, functional testing, and even code inspection are required.The average time for a FIPS 140-3 certification for hardware cryptographic modules is approximately from 18-month to 2-year, largely due to a backlog caused by the transition from FIPS 140-3 and the high volume of requests, which contributes to the extended waiting period. But software algorithm testing is relatively faster. The laboratory uses software verification programs, expecting to complete testing in two to three weeks. Since NIST released three PQC standards for algorithms that can resist quantum computer attacks in August 2024: FIPS 203 (for key encapsulation), FIPS 204 (for digital signatures), and FIPS 205 (for hash-based digital signatures). These algorithms are now available for certification testing.NIST estimates that quantum computers could threaten current cryptography in the next 10 years, leading to risks for long-term sensitive data through the "harvest now, decrypt later" attack. This involves attackers collecting encrypted data today and decrypting it in the future when a powerful enough quantum computer becomes available.Tsui also frankly stated, FIPS 140 standards for software algorithm testing will require re-testing when PQC algorithms are updated. Customers will face challenges in migrating their systems. The main challenges include the complexity of inventorying all cryptographic systems, integrating the new algorithms into products, and the long timeline for the transition, which requires careful management and strategic planning.TUV NORD Taiwan Leverages Localization Advantages with Rich Experience Serving Taiwanese ManufacturersFurthermore, Chia-Hung Lin, Director of the Information Security Business Division at TUV NORD Taiwan, especially emphasized the importance of information products passing CC verification. The requirement starts from the entire product development lifecycle to ensure cybersecurity every stage of the manufacturing process receives complete protection.The evaluation process of CC certification will include Site Certification where product development or manufacturing occurs. This is ensuring that the physical and procedural environment where a product is developed or manufactured meets security standards, protecting design data and products throughout their lifecycle. These audits are crucial steps in the evaluation, as it validates the developer's claims about product security and confirms the integrity of the entire supply chain, not just the final product itself. Meanwhile, Site Certification also saves time and money for re-audits by allowing a single certification to cover multiple products developed or manufactured at that site. Currently, the major semiconductor fabs and OSAT vendors in Taiwan have obtained Site Certification with TUV NORD Taiwan's assistance.Among the experience of serving Taiwanese customers for decades, most notably, Lin pointed out one real case for customer support in Taiwan. The COVID-19 pandemic induced systemic disruptions by semiconductor shortage for the auto industry during the years in 2020. At that time, Taiwan government has implemented strict border quarantine for all passengers. A Taiwanese semiconductor fab manufacturing automotive chips urgently needed certification but caused delays for the quarantine policy with TUVIT German auditors and professionals. TUV NORD Taiwan's team overcame difficulties and communicated with the government, resulting in a breakthrough that allowed German auditors perform audits on time to certify this Taiwanese customer. This case becomes an important case in TUV NORD Taiwan's customer support history.TUV NORD Taiwan maintains an important market reputation and actively maintains long-term relationships with customers. Combined with the unique and important value demonstrated by the localized laboratory - not just testing equipment, but also the extensive practical experience and know-how accumulated over the years - TUV NORD Taiwan's services have earned customer trust. With Global information security product opportunities to increase Asian manufacturing by helping companies diversify supply chains, TUV NORD Taiwan aims to partner with Taiwan clients to leverage new business opportunities that arise from information security standards. This partnership focuses on helping customers to seize the critical business opportunities on the growing importance of cybersecurity by ensuring compliance with standards, protecting sensitive data, and maintaining business resilience.Credit: TUV NORD

NEXCOM International, a global leader in rugged edge computing platforms, and Stereolabs, a pioneer in AI vision and 3D perception,  announced a long-term collaboration to deliver cutting-edge AI vision solutions for B2B organizations across mobility, robotics, and industrial automation sectors. The integration of Stereolabs' ZED X series cameras with NEXCOM's ATC series Edge AI computers makes deploying intelligent visual systems faster, more reliable, and more scalable than ever.Stereolabs' latest ZED SDK 5.1, powered by TERRA AI, offers breakthrough perception capabilities, optimizing spatial awareness and system efficiency. These enhancements make the ZED X series ideal for advanced AI vision applications where precision and responsiveness are mission-critical:5x faster depth sensing and up to 300% processing load reduction on NVIDIA Jetson platformsSharper depth accuracy in challenging conditions such as low light, fog, or reflective surfacesMagellan, Stereolabs' new localization technology, delivering centimeter-level precision both indoors and outdoors NEXCOM's ATC series of Edge AI computers are built for extreme environments where ruggedization and reliability are essential. This, along with NEXCOM's expertise in designing tailored solutions for physical AI deployments, makes for a powerful integration with Stereolabs' solutions for some of the most complex needs of industrial organizations. Key features of NEXCOM's ATC series include:IP67-rated design: Resistant to dust, water, vibration, and extreme temperatures,AI acceleration: Powered by NVIDIA Jetson modules for real-time edge inference,Industry compliance: Certified with E13 and EN50155 standards for transportation and industrial applications,Vehicle integration: Built-in IGN control and smart power management,Multi-camera support: Capable of processing high-speed, low-latency video streams.Accelerating AI vision across key B2B industriesNEXCOM's and Stereolabs' collaboration empowers critical use cases for B2B organizations across industrial and mobility sectors seeking to introduce AI Vision to drive efficiency and safety:Public transit: Mobile surveillance, infotainment systems, and passenger analytics,Robotics: industrial robots, robotic arms, AMR, Quadruped, and humanoid visual sensors,Public safety: static/mobile ANPR, enforcement monitoring, civil/emergency services,Industrial automation: predictive maintenance, defect detection, blind-spot monitoring,Material handling: enhanced monitoring for ports, warehouses, and fleet operations,Earth moving & mining: rugged AI deployments in construction, agriculture, and mining environmentsBy combining NEXCOM's ruggedized hardware with Stereolabs' advanced AI vision technology, businesses can accelerate AI implementation in complex real-world environments. This collaboration reduces technical barriers and enables scalable deployment of AI vision systems tailored for industrial and commercial success."This collaboration comes at the right time," said Jay Liu, Vice President, NEXCOM. "By combining NEXCOM's ATC edge computing platform with Stereolabs' ZED AI vision stack, we're enabling robust perception solutions that transition seamlessly from prototype to large-scale deployment,""With ZED SDK 5.1 and TERRA AI, we're pushing the boundaries of physical perception: enabling cameras that not only see better in complex environments, but also understand the world with unprecedented intelligence, paving the way for new classes of smarter systems," said Cecile Schmollgruber, CEO of Stereolabs.The integration of Stereolabs' ZED X series cameras with NEXCOM's ATC series Edge AI computers makes deploying intelligent visual systems faster, more reliable, and more scalable than ever. Credit: NEXCOM

From TSMC to SK hynix, every Q3 2025 earnings call delivered the same sobering message, the AI build-out is being throttled by three physical choke points that no amount of 2025 capex can fix fast enough. Leading-edge foundry, HBM memory, and advanced packaging are all sold out, not just for next quarter, but for the next three to five years. Here’s exactly where the wall is.High-Bandwidth Memory (HBM): The New KingmakerHBM has become the single most important component in the AI hardware stack and the scarcest. It’s no longer something you buy. It is something you reserve 18–24 months in advance and hope your allocation sticks.Reading the Q3 reports, Industry leaders have been blunt:SK hynix CFO Kim Jae-joon: "We have already sold out our entire 2026 HBM supply… supply expected to remain tight compared to demand into 2027."Micron CEO Sanjay Mehrotra: "Our HBM capacity for calendar 2025 and 2026 is fully booked."Samsung Memory: "Customers' demand for next year will exceed our supply, even considering our investment and capacity expansion plan."The consequences are cascading across the industry.The ripple effects are hitting the whole industry. Next-gen platforms like Blackwell Ultra, Rubin, AMD MI400, and everything coming after are now stuck behind memory limits. GPU and AI server lead times have stretched to 12–18 months, BOM costs are climbing, and procurement teams are buried in broker spreadsheets.Even worse, HBM expansion is eating into conventional DRAM. DDR5, LPDDR5, and even older DRAM lines are getting squeezed, setting up surprise shortages in laptops, smartphones, and cars through 2026.HBM has officially become the choke point for the entire AI sector.CoWoS Advanced Packaging: The Real Limit on GPU SupplyYou can have perfect 3 nm chiplets and pristine HBM stacks but without a CoWoS slot, you're holding an extremely expensive paperweight.TSMC’s CoWoS-L/S/R processes are what bind chiplets and HBM cubes using massive interposers and through-silicon vias. That assembly step, not silicon, is now the single most critical governor on AI GPU output.TSMC CEO C.C. Wei: "Our CoWoS capacity is very tight and remains sold out through 2025 and into 2026."NVIDIA CEO Jenson Huang: "CoWoS assembly capacity is oversubscribed through at least mid-2026," directly delaying volume Blackwell Ultra ramps.TSMC is expanding CoWoS capacity by roughly 60% in 2025 and 50% in 2026, but every new cleanroom module is spoken for long before it opens. AMD, Broadcom, Google, Amazon, Meta, everyone is fighting over the same finite packaging slots.Leading-Edge Foundry (3 nm/2 nm): Locked Up Until Late 2020sIf you didn't secure N3E or N2 production capacity back in 2023, you're effectively locked out.TSMC has been explicit:TSMC CEO C.C. Wei: "Frontend and backend capacity for leading-edge nodes is extremely tight… Customers' demand for the next year will exceed our supply, even considering our investment and capacity expansion plan."Apple consumed the bulk of N3 capacity for 2024–2025. What remained was divided among NVIDIA, AMD, Broadcom, and a handful of hyperscalers. TSMC's upcoming 2 nm fabs in Arizona and Kaohsiung won't reach meaningful output until late 2026 or early 2027, and much of that is already pre-allocated.Samsung's GAA roadmap is still trailing on yield and power efficiency, leaving nearly the entire industry dependent on a single geographic region.For any AI startup or any new chip program that didn't book capacity during the 2023–2024 scramble, the earliest possible tape-out now lands around 2028–2029.The Zero-Slack Era: 2026–2027 Demand Already 30–50% Above Planned SupplyThe most chilling part? Every CEO said the same thing, almost word-for-word:TSMC: "We are working very hard to narrow the gap between demand and supply."SK hynix, Micron, Samsung, Intel, NVIDIA-all echoed that even after $200 billion+ of collective capex, supply will still fall 20–50% short of demand in 2026 and 2027.If you are tired of hearing "fully booked through 2027" and watching your roadmaps slip quarter after quarter, talk to Fusion Worldwide. We specializes in AI ICs procurement, providing real-time visibility into ICs availability across all major manufacturers. Our E-commerce platform delivers instant availability checking, automated quote management, and rapid fulfillment capabilities that help procurement teams secure critical storage components even in constrained markets.Don’t wait for the next earnings call to tell you the gap got worse. Get Out In Front, Move now.(Article Sponsored by Alan Chew, Global Director of Strategic Accounts, Fusion Worldwide, Singapore)