News TechnologyThe estimated reading time is 8 minutes

Pavona Launches With Meta, Qualcomm, and a 2027 EU Compliance Clock

MasonMason Miller
0 Comments

GlobalPlatform launched Pavona, a new open-silicon consortium, on May 26 with twelve founding members on the masthead, including Meta, Qualcomm Technologies, Tenstorrent, Analog Devices, the Max Planck Institute for Security and Privacy, and the University of Oxford. The roster tells you more about why the consortium exists than any press release does.

Pavona ships a starting kit of open-hardware modules built around OpenTitan, the first open-source silicon design to reach validated commercial chips back in February 2024. The signatories face two regulatory deadlines that arrive before the end of the decade: the European Union’s Cyber Resilience Act (CRA, the bloc’s first horizontal cybersecurity law for connected products), with mandatory conformity assessment from December 11, 2027, and the United States CNSA 2.0 schedule (Commercial National Security Algorithm Suite, the National Security Agency’s post-quantum standard), which expects new National Security System deployments to comply from January 1, 2027.

The Twelve Names on Pavona’s Masthead

Five categories of organization signed on as founders, and the mix is the signal.

Chip-design firms with serious production volume (Qualcomm Technologies, Tenstorrent, Analog Devices) sit alongside specialist analog and memory players (Agile Analog, Baochip, CrossBar, Winbond Electronics), one platform giant (Meta), two academic security labs (Max Planck Institute for Security and Privacy, University of Oxford), one open-cryptography nonprofit (the SIMPLE Crypto Association), and zeroRISC, the startup running point on OpenTitan’s commercial path. Documentation of the founding cohort sits on GlobalPlatform’s Pavona project page.

  • Meta, hyperscaler that builds its own data-center accelerators
  • Qualcomm Technologies, top-three mobile and Internet-of-Things silicon vendor
  • Tenstorrent, Jim Keller’s RISC-V AI-accelerator firm
  • Analog Devices, automotive and industrial mixed-signal incumbent
  • Baochip, Andrew “bunnie” Huang’s open-hardware startup
  • Winbond Electronics, Taiwanese memory and OpenTitan production partner
  • Max Planck Institute for Security and Privacy and the University of Oxford, academic cryptography research
  • SIMPLE Crypto Association, open hardware-cryptography nonprofit
  • zeroRISC, OpenTitan commercialization startup chairing the governing board

Jim Keller, the chip architect behind AMD’s Zen cores, Tesla’s autopilot silicon, and Apple’s A4 and A5, runs Tenstorrent and is named as the founding member from that company. His presence matters more than the press release frames it. Keller has spent the last five years arguing that the moat around proprietary instruction sets is overpriced, and Tenstorrent ships RISC-V designs at production volume.

One absence is worth flagging. Synopsys and Arm, the two firms that together hold roughly 54 percent of the silicon-IP market, are not on the list.

Pavona open silicon launch driven by EU Cyber Resilience Act 2027 deadline.
Pavona open silicon launch driven by EU Cyber Resilience Act 2027 deadline.

Two Regulatory Clocks Set the Schedule

The case for open-source security silicon is partly ideological and partly inspectable cryptography, but in 2026 the more immediate driver is a calendar problem.

The EU Cyber Resilience Act

The CRA entered into force on December 10, 2024 and lands in three tranches. From June 11, 2026 the rules for conformity-assessment bodies apply. From September 11, 2026 manufacturers must report actively exploited vulnerabilities to the European Union Agency for Cybersecurity (ENISA, the EU’s cyber agency) within 24 hours. The main obligation, the one that locks products out of the European market if missed, arrives December 11, 2027: every product with digital elements sold into the EU must carry CE marking from a conformity assessment, with documented technical files, no known exploitable vulnerabilities, and a secure-by-default configuration. The full schedule is laid out in the European Commission’s CRA summary.

Non-compliance is priced at €15 million (about $16 million) or 2.5 percent of global annual turnover, whichever is greater. For Qualcomm or Meta that is a meaningful number; for a small connected-device maker that is an existential one. An auditable open-silicon root of trust shortens the conformity assessment.

The CNSA 2.0 Schedule

The United States Commercial National Security Algorithm Suite 2.0, published in revised form in December 2024, sets the federal post-quantum timeline. From January 1, 2027 the National Security Agency expects new deployments in National Security Systems to comply with CNSA 2.0 algorithms. By December 31, 2030 all NSS equipment that cannot run CNSA 2.0 signatures must be phased out. By December 31, 2031 the algorithms become mandatory across the board, with custom and legacy applications carrying a 2033 deadline. The algorithm list itself is published in the NSA’s CNSA 2.0 algorithm suite document.

Two approved post-quantum algorithms matter most for hardware: ML-KEM (Module-Lattice Key Encapsulation Mechanism, NIST’s preferred quantum-safe key exchange) and ML-DSA (Module-Lattice Digital Signature Algorithm, the paired signature scheme). Both are computationally heavier than the ECDSA (Elliptic Curve Digital Signature Algorithm) and RSA primitives they replace. Without hardware acceleration, devices that need to run them at scale will hit power and latency walls.

The OpenTitan Starting Kit, Now Quantum-Aware

Pavona’s initial IP catalog centers on OpenTitan’s Earl Grey discrete chip, which taped out in mid-2023 and reached validated commercial silicon through zeroRISC, Nuvoton, and Winbond in February 2024. The OpenTitan commercial-availability milestone was the first open-source silicon project to ship validated chips. The new layer in the Pavona catalog is a set of extensions for the post-quantum primitives that CNSA 2.0 makes mandatory.

Researchers at zeroRISC, the Max Planck Institute for Security and Privacy, and Academia Sinica reported the numbers behind the asymmetric cryptography coprocessor at the launch. The coprocessor sits next to the OpenTitan big-number unit and accelerates the lattice arithmetic that ML-KEM and ML-DSA depend on. Full methodology runs in the zeroRISC research note on post-quantum acceleration.

  • 6x to 9x performance improvement on ML-KEM and ML-DSA operations versus baseline OpenTitan implementations
  • 36% to 75% increase in maximum operating frequency at near-zero additional silicon area
  • 41% faster ML-DSA verification than the equivalent ECDSA-P256 verification on the same core
  • Under 17% increase in cell count, representing less than 3 percent of full core area

Numbers like these matter to procurement teams, not just to open-hardware advocates. A device maker choosing between a proprietary security IP with a roadmap promise for post-quantum and an open IP with verified results on standardized algorithms now has something concrete to weigh.

A Composition Engine Between Arm and RISC-V

The architectural problem with open hardware has always been integration. A great open IP block is useless if dropping it into an Arm-based system-on-chip means rewriting the software stack.

zeroRISC’s contribution is what Rizzo calls an architectural composition engine, a software wrapper around the hardware modules that translates the interface to whichever core the integrator already uses.

A lot of the work we’re putting into Pavona has to do with the infrastructure and the architecture that connects all this stuff together, so it becomes much more like Legos, so you can use it in one configuration for a small IoT device and in another configuration for some large data-center system-on-a-chip.

That is Dominic Rizzo, CEO of zeroRISC and the founding chair of Pavona’s governing board, speaking to IEEE Spectrum. The Lego analogy does real work. It tells an SoC team that adopting Pavona will not force a re-architecture, and it tells a security auditor that the modules can be examined in isolation.

The composition engine is also the lever that lets the consortium expand past security silicon. Any module conforming to the engine’s interface can be dropped into the catalog. The stated direction is to layer additional functional blocks over time, with security as the entry wedge.

Why Open Hardware Has Lagged Open Software

WordPress runs more than 40 percent of the public web and Linux dominates the supercomputer Top500 list along with a clear majority of cloud servers. Open-source hardware has existed since the late 1990s and has nothing close to that share of any market it competes in. Andrew “bunnie” Huang, the hacker and Baochip founder who now sits on Pavona’s governing board, gave the cleanest explanation at the launch: “Hardware, when it’s built, requires atoms. Which requires logistics and payment.”

The deeper structural point is that manufacturing itself is closed. A foundry’s process design kit, mask costs, and yield data sit behind hard non-disclosure agreements. Open-source hardware can extend up the stack to design verification, instruction-set architecture, system-level architecture, and firmware, but it cannot reach the fab. Frank Nagle, the Linux Foundation’s advising chief economist and a research scientist at MIT, frames the value of openness as the ability for private companies to collaborate on non-differentiating technology while still competing on the parts that do differentiate. Security silicon, he argues, sits squarely in that non-differentiating category.

Where Pavona Lands in an $8.4 Billion Market

The semiconductor silicon IP market was valued at $8.39 billion in 2026 and is growing at a 6.2 percent compound annual rate, on track to reach $11.33 billion by 2031, per Mordor Intelligence’s semiconductor IP market sizing. Two firms own most of that revenue.

Security IP licensing grew 22 percent year over year by recent count, and hardware root of trust is now mandatory in roughly 70 percent of automotive and aerospace applications. The table below sets Pavona’s position against the incumbents and shows why security IP is the natural beachhead.

Vendor Market share Primary IP categories Open or closed
Arm Holdings 41% CPU cores, interconnect, security Closed, royalty-licensed
Synopsys 13% Interface, security, analog, foundation Closed, royalty-licensed
Cadence Design Systems Top five Interface, memory, security Closed, royalty-licensed
Imagination Technologies Top ten GPU, RISC-V CPU Closed, royalty-licensed
Pavona (OpenTitan core) Pre-adoption Security root of trust, post-quantum Open, no royalty

Pavona’s target is not Arm’s CPU revenue but the slice of Synopsys’s security-IP catalog that maps to certification-bearing root-of-trust functions. That is a narrower target than the headline market size suggests, and it is the slice where regulatory compliance work concentrates.

What Could Stall Pavona Before December 2027

Three failure modes are in plain sight. None is fatal on its own; in combination any two could keep adoption below the regulatory threshold.

The ranking below puts governance friction first, but the certification question is the one that will determine whether Pavona’s first wave of products reaches CE marking before the CRA deadline.

  1. Governance friction at scale. Pavona’s charter borrows from Yocto and Zephyr, separating a funding governing board from an independent technical steering committee. The model works at thirty contributors and tends to drag at three hundred. The first contested module specification will test it.
  2. Certification labs treating open IP as novel. CE marking under the CRA runs through conformity-assessment bodies that have decades of experience with proprietary security IP and weeks of experience with open silicon. Until those bodies publish reproducible methodology, the certification timeline for a Pavona-based product is unknown.
  3. Foundry-side lock-in. The composition engine handles Arm versus RISC-V at the architecture layer but cannot abstract away the foundry’s process design kit. A design optimized for one foundry’s 22-nanometer node is not a free port to another, which bounds how much of the IP value actually transfers across customers.

Pavona’s defenders inside the consortium argue that these frictions are the same ones every open-source software stack faced in its first three years and that none proved permanent. The argument is reasonable.

It is also untested at silicon scale. The independent Technical Steering Committee that holds Pavona’s roadmap authority has not yet been seated with names, and whoever GlobalPlatform appoints will set the tone for the next eighteen months, which is the window in which CRA conformity work will be tested in the wild.

If the conformity-assessment bodies publish Pavona-compatible methodology before mid-2027 and at least two of the twelve founding members ship CRA-compliant production devices using OpenTitan-derived roots of trust, the December 11, 2027 deadline becomes the moment open silicon enters mainstream procurement. If the methodology slips or the founders default back to proprietary security IP for their first regulated launches, the consortium spends another cycle as a research artifact while Arm and Synopsys absorb the post-quantum upgrade through their existing roadmaps.

Author

Mason
Mason Miller is a versatile and experienced writer who has been working for Mind Cron. He covers a wide range of topics, from education and pets to religion and technology, with a keen eye for detail and a flair for storytelling. He has a passion for learning new things and sharing his knowledge with his readers. He has been writing articles for over 13 years, and has developed a loyal and engaged audience. He is always looking for new challenges and opportunities to improve his writing skills and expand his horizons. Mason Miller is a valuable asset to Mind Cron and a trusted source of information and entertainment for its readers.
Other Posts
  • Related Articles
  • More from Author

No related posts.

Leave a Reply

Your email address will not be published. Required fields are marked *