← ← Back to blog

Article

6 min read

European and Swiss regulations on cyber-resilience for connected devices are transforming smart homes. With casasmooth, your home remains sovereign and compliant today.

Connected home devices with Swiss flag and padlock symbol for security

Smart Home: Sovereignty Is No Longer a Choice, It's Soon the Law

European Cyber Resilience Act, Swiss cyber-resilience draft law, Matter standard: three converging movements. casasmooth has been aligned since day one.

Attacks on connected devices increase every year. Hacked cameras, compromised doorbells, vacuums mapping your home for unknown servers. This is no longer a specialist topic—it's becoming regulated.

Brussels Leads, Bern Follows

The Cyber Resilience Act (CRA), enacted in December 2024, will be fully enforced by December 11, 2027. It mandates for all connected products sold in the EU: secure default configuration, encryption, free security updates throughout the support period, complete software bill of materials (SBOM), vulnerability management across the entire lifecycle. Penalties up to €15 million or 2.5% of global revenue.

In Switzerland, the Federal Council tasked the DDPS, OFCOM, and SECO on August 20, 2025, to prepare an equivalent draft law by fall 2026. Direction: alignment with CRA and NIS-2, potential import bans for insecure IoT devices. Switzerland refuses to become a dumping ground for EU-rejected gadgets.

Matter: The Unexpected Convergence

Simultaneously, the Matter standard is gaining ground. Backed by the Connectivity Standards Alliance (Apple, Google, Amazon, Samsung, ~200 members), it isn’t EU-mandated—the CRA remains technology-neutral—but was designed from the outset with principles the CRA will enforce: local operation by default, end-to-end encryption, strong authentication, open interoperability.

Manufacturers adopting Matter are already partly CRA-compliant. Those clinging to closed clouds without long-term support will pivot or disappear from the European and Swiss markets.

Sovereignty: The Forgotten Pillar

Regulatory cybersecurity is only part of the problem. The deeper issue is sovereignty: Who truly owns your connected home?

When your thermostat consults an overseas server to turn on heating, when your lock sends logs to a company that might be sold tomorrow, when a voice assistant constantly listens under terms changing every six months—the question becomes political, not technical.

Sovereignty in practice: Your data stays with you, your home keeps working if the internet fails or the manufacturer shuts down, you set the rules, you can expand and replace components without permission. This is a profoundly Swiss value. We apply it to energy, defense, finance. It’s time to apply it to homes.

What casasmooth Has Done Since Day One

casasmooth wasn’t designed to preempt the CRA. It was designed because these principles were right. Regulation is now simply codifying them.

Local-first by design. Control logic runs on your box, in your home. Internet down? casasmooth keeps working. Local, encrypted protocols—Zigbee, Thread, Matter, segmented Wi-Fi. No unencrypted traffic to third-party servers, no silent telemetry, no mandatory accounts with foreign providers.

Native Matter support. Matter-certified devices connect directly. You gain open interoperability; casasmooth gains automatic alignment with the emerging CRA framework.

Managed open-source foundation. casasmooth is built on Home Assistant, the world’s most widely adopted open-source smart home platform, on an equally open Linux base. Globally auditable code, vulnerabilities fixed in days—not months. No black boxes, no dependency on a single manufacturer that might change ownership.

But open source alone isn’t enough—it must be well-chosen. casasmooth enforces strict selection—only official Home Assistant core integrations, validated and maintained by the Open Home Foundation project. No exotic custom_components, no unvetted third-party code. This enables an honest SBOM—the CRA’s cornerstone requirement—and distinguishes a professional product from a hobbyist setup.

What This Means for You

A solution relying on closed proprietary clouds risks becoming incompatible with Swiss or EU markets by 2028. A local, open, Matter-compatible, user-controlled architecture is already compliant with upcoming legal requirements. And incidentally, you’ll sleep better.

Digital sovereignty wasn’t ideological posturing. It’s simply what remains when everything else falls.

casasmooth provides a local, secure, and sovereign smart home platform, designed in Switzerland for Swiss households. Learn more