SESIP is a methodology designed to evaluate the security of platforms that are the foundation of connected products such as mobile devices. This certification enables efficient evaluations through reusable security claims, adapted to the needs of the Internet of Things (IoT) ecosystem. The standard defines five assurance levels, with SESIP Level 5 representing the highest. At this stage, products must demonstrate resistance against highly skilled and well-funded attackers with access to high technical expertise, advanced tools and significant time.
The evaluation process comprised software only. As a first step, DEKRA cybersecurity experts, in collaboration with Google, identified the key security requirements and defined the scope of the evaluation. The following testing phase involved extensive and complex kernel-level analysis, which included creating specialized tools tailored to the process.
“Achieving the first SESIP Level 5 certification for a software component is a major achievement for both Google and DEKRA”, said Fernando Hardasmal, EVP DEKRA SD Digital & Product Solutions. “This evaluation demonstrates DEKRA’s capability and expertise to deliver the most demanding cybersecurity assessments and opens the way for future high-assurance certifications in the IoT industry.”
The pKVM is part of the Android Virtualization Framework (AVF), enabling secure isolation for sensitive workloads such as local artificial intelligence (AI) models, biometric authentication, and financial applications. The SESIP Level 5 certification of Google’s pKVM hypervisor is a landmark for mobile and IoT security, as it now provides the highest available security assurance to a component that is key to providing security for high-trust mobile applications.
“This certification is the cornerstone of the next-generation of Android’s multi-layered security strategy. Many of the Trusted Execution Environments (TEE) used in the industry have not been formally certified or have only achieved lower levels of security assurance. This inconsistency creates a challenge for developers looking to build highly critical applications that require a robust and verifiable level of security. The certified pKVM changes this paradigm entirely. It provides a single, open-source, and exceptionally high-quality firmware base that all device manufacturers can build upon”, explained Dave Kleidermacher, VP Engineering, Android Security & Privacy in Google.
By this milestone, DEKRA establishes a new reference in cybersecurity testing and certification, demonstrating the value of independent, high-assurance evaluations. This certification enables manufacturers and service providers to showcase the resilience of their critical mobile and IoT components, reinforcing digital trust in the technologies consumers rely on every day. The SESIP Level 5 evaluation of Google pKVM underlines DEKRA’s role as a global leader in advancing security standards and shaping a safer and more secure digital future.
DEKRA Digital Trust Conference
Building on this commitment, DEKRA’s upcoming Digital Trust Conference (29 to 30 October 2025) will address one of the defining questions of our time: are we controlling technology or is technology controlling us? Over two days of digital event, we will explore how the convergence of Artificial Intelligence, Cybersecurity, and Functional Safety can help foster a more resilient digital world.