Matter 1.6 Extends Security Certification to Apps and Gateways, Not Just Devices
The Connectivity Standards Alliance's Product Security 1.1 now certifies entire IoT systems—apps, gateways, and remote processes—shifting procurement from point-solution testing to platform-level assurance.
Certification scope expands beyond hardware
The Connectivity Standards Alliance released Matter 1.6 and Product Security 1.1 on June 17, 2026, extending security certification from individual devices to complete IoT systems. Product Security 1.1 now covers apps, gateways, and remote processes, adding independent testing pathways that enterprise buyers can treat as due-diligence evidence. This shifts the procurement model for smart buildings, access control, and energy management from custom security audits to certified platforms.
Matter 1.6 is a focused feature release that improves device interaction across ecosystems, better adaptation to user preferences, and deeper visibility into device status and telemetry. The CSA ecosystem includes over 2,000 certified products and more than 300 member companies, with backing from Apple, Google, Amazon, and Samsung—platforms that collectively serve hundreds of millions of endpoints.
What this means for RFPs and vendor selection
Enterprises modernizing campuses, retail environments, or commercial buildings can now mandate "Matter 1.6 + CSA Product Security 1.1 certification" in RFPs. This provides a concrete procurement checkbox that aligns with emerging EU Cyber Resilience Act and US FCC Cyber Trust Mark requirements, lowering compliance overhead across jurisdictions.
The expansion to system-level certification changes the cost structure. Buying certified platforms reduces spend on custom security testing and shifts budget from point solutions to integrated stacks. Because Product Security 1.1 includes independent testing, risk teams can use it as evidence for due-diligence, accelerating approval cycles and reducing duplicated internal testing.
Matter 1.6's interoperability focus allows enterprises to mix Apple, Google, Samsung, and other vendor stacks without committing to a single proprietary protocol. This weakens the lock-in advantage of vendors still relying on closed IoT protocols. For buyers evaluating building automation or access control platforms, the ability to prove full Matter and Product Security 1.1 compliance becomes a differentiator that directly impacts integration costs and lifecycle risk.
Competitive pressure on legacy protocols
Matter 1.6 competes with and displaces legacy Zigbee and Z-Wave stacks in smart buildings and smart home deployments. It also challenges proprietary vendor-specific protocols from building automation and security vendors. For industrial environments, Matter complements rather than replaces OPC UA and MQTT, which remain dominant for IIoT and cloud telemetry.
On the security certification side, Product Security 1.1 competes with national and regional schemes such as EU Cyber Resilience Act implementations and US FCC Cyber Trust Mark labeling. CSA's coverage of apps, gateways, and remote processes positions it as a cross-jurisdiction meta-framework. Vendors can use it to demonstrate compliance across markets instead of implementing region-specific schemes individually.
Aliro targets physical access control
CSA also highlighted Aliro, an industry-standard communication protocol for mobile credentials that turns smartphones and wearables into universal keys for doors and openings. Aliro is positioned for connected access spanning commercial and industrial spaces, not just consumer smart locks. The global electronic access control systems market exceeds $10 billion annually, and Aliro targets this installed base plus emerging IoT-enabled access scenarios.
Aliro competes with proprietary mobile-credential stacks from HID Mobile Access, Allegion, and security-platform OEMs. Its differentiation is its aim to be a single open standard across commercial and industrial access, comparable to how Matter unified smart home device control.
What to watch
Enterprises planning badge system refreshes, smart locks, or integrated OT/IT access over the next 3–5 years should ask vendors whether their hardware or platforms plan Aliro support. Early adoption can lower long-term integration costs by standardizing mobile credentials across different building systems.
For smart building and access control tenders starting in the next 12 months, Matter 1.6 and Product Security 1.1 can be hard requirements. The shift from device-only to system-level certification changes how buyers evaluate vendor security posture and how much they should budget for integration versus certified platforms. Vendors that cannot demonstrate compliance will face longer approval cycles and higher perceived risk in enterprise procurement.
Technology decisions, clearly explained.
Weekly analysis of the tools, platforms, and strategies that matter to B2B technology buyers. No fluff, no vendor spin.
