E-Mobility & Charging
Vehicles, chargers and the backend between them.
Charging infrastructure and the vehicles that use it form a connected system. Correlens watches the software across it, from the ECU to the charge-point backend, and scores what matters.
A connected systemVehicle, charger and backend software tracked together, not in silos.
Protocols in contextVulnerabilities scored for the interfaces and protocols your deployment actually uses.
A public-facing estateCharge points are exposed hardware with payment paths; their firmware is monitored like any ECU.
Evidence per operatorRecords split cleanly between what the manufacturer owes and what the operator owes.
The estate you defend
Every charge is a conversation between three parties.
The vehicle negotiates with the charge point, the charge point reports to a backend, and payment and roaming ride on top. Two very different owners share that surface: the maker of the hardware and the operator of the network.
- For EVSE manufacturers. Charger firmware and its OSS components carry product obligations; one library ships in every unit sold.
- For charge-point operators. Backends speak OCPP to thousands of public endpoints; a protocol-level vulnerability is a network-wide event.
- For both. A shared, enriched component inventory is the fastest way to answer "are we affected?" on either side.
What applies
Product law on one side, operator law on the other.
The split surface splits the obligations too.
EU CRA
Charge points and their software are products with digital elements; manufacturers carry SBOM, vulnerability-handling and reporting duties.
NIS2
Charging networks touch both transport and energy; operators can qualify as essential or important entities.
R155 / R156
The vehicle side of the plug still answers to type approval, including the software that talks to your charger.