As AI-driven cyberthreats surge and cybersecurity regulations tighten, secure by design is no longer optional.
Zyxel Networks, a leader in delivering secure and AI-powered cloud networking solutions, today announced its enhanced framework for product security governance, reinforcing its long-term commitment to helping small and medium-sized businesses (SMBs) and managed service providers (MSPs) navigate an increasingly complex cybersecurity and compliance landscape.
The EU Cyber Resilience Act (CRA), which starts to come into force in September 2026, has redefined product accountability, demanding transparent and verifiable security governance throughout the entire product lifecycle. This regulatory shift comes as research from Mandiant highlights software exploits as the top initial attack vector, noting that threat actors are now leveraging AI to accelerate these attacks. For resource-constrained SMBs and MSPs, choosing trusted vendors with mature security governance capabilities has become more critical than ever.
Following a series of recent enhancements across its portfolio, Zyxel Networks brings together its security capabilities into a more unified approach to product security governance, delivering built-in protection for SMB customers and MSP partners.
“Cybersecurity today can no longer rely on promises alone,” said Edward Yu, Chief Information Security Officer of Zyxel Group. “As cyberthreats intensify and global regulations such as the EU CRA raise expectations for product accountability, trust must be earned through verifiable, day-to-day security governance. Transparency across the product lifecycle helps organizations reduce blind spots, make more informed decisions, and strengthen overall cyber resilience.”
“SMBs and MSPs are under growing pressure to strengthen cyber resilience while managing increasingly complex IT environments,” said Ken Tsai, President of Zyxel Networks. “Embedding out-of-the-box security across the entire network infrastructure minimizes the costly, time-consuming manual hardening afterwards. This empowers our partners to deploy faster, simplify compliance audits, and deliver a resilient network foundation that wins client trust.”
Turning secure by design into operational commitment
Rather than treating cybersecurity as an afterthought, Zyxel Networks integrates secure by design principles across product development, vulnerability management, and lifecycle governance through three foundational commitments:
· Secure by design implementation across products and services
As the first company in Taiwan and the first global SMB networking vendor to sign CISA’s Secure by Design pledge, Zyxel Networks continues to introduce SMB-focused security initiatives designed to reduce operational risk and simplify secure deployment.
These efforts include passwordless login support for Zyxel accounts and Multi-Factor Authentication (MFA) across the company’s product portfolio and extended services, including wireless access, administrator logins, and remote VPN access. The company also aligns with core CISA principles by eliminating default passwords and actively reducing entire classes of vulnerabilities during product development.
· Industry-leading security governance
Established for nearly a decade, the Zyxel Group’s Product Security Incident Response Team (PSIRT) works closely with global security researchers through a transparent Vulnerability Disclosure Policy and coordinated remediation process.
Recognized for its rigorous security governance standards, the Zyxel Group is among a select group of networking industry CVE Numbering Authorities (CNAs) to have achieved dual Provider Acceptance Levels, alongside leading peers such as Cisco, Juniper, and F5.[footnoteRef:1] The Zyxel Group was also recently approved as a full member of the Forum of Incident Response and Security Teams (FIRST), strengthening its ability to collaborate globally on coordinated vulnerability response and cybersecurity incident management. [1: The acceptance level data was accurate as of June 2026.]
· Transparent product lifecycle management
To help customers reduce long-term security exposure, Zyxel Networks maintains a transparent product lifecycle management policy, ensuring products receive timely security updates and support based on clearly defined maintenance timelines.
By making support phases and deprecation timelines visible, Zyxel Networks empowers customers to plan long-term technology investments with greater confidence, transition from aging products and insecure network protocols before they introduce avoidable risk, and maintain cyber resilience in alignment with upcoming requirements under the EU CRA.
For more information, please visit https://www.zyxel.com/global/en
Daniele Barilli
EMEA Market Development Manager - Cybersecurity at Zyxel Networks
Edward Yu
Chief Information Security Officer at Zyxel Group
Ken Tsai
President at Zyxel Networks

