Regulation. Safety. Engineering.

Adopted to consolidate physical-security obligations that were previously scattered across sector-specific BSI ordinances. Operators of critical infrastructure must demonstrate state-of-the-art protective measures, register incidents within tight reporting windows, and submit to periodic audits.

For perimeter security, the act elevates autonomous detection and audit-defensible incident logs from a nice-to-have to a baseline expectation. Operators using only patrol staff or static cameras will struggle to evidence parity with the technical state of the art.

Article 21 mandates risk-management measures including physical security. Article 34 sets the corporate fine ceiling. National implementations (in Germany the NIS2UmsuCG) extend personal liability to management board members and require documented incident response.

For perimeter operations the directive forces a shift from procedural to evidence-based: every measure has to be demonstrable, every incident has to be retrievable, and the audit trail has to satisfy a regulator who has not seen the site.

Quarero acts as processor under Art. 28 for any imagery captured during patrol. Before deployment we sign a data-processing agreement with the customer, deliver a model DPIA aligned to the site, and provide signage templates for the affected zones.

Biometric identification is disabled by default. Recordings without an event are deleted within 48 to 72 hours. Defined zones can carry differing retention windows, and sensitive areas (changing rooms, medical zones) are masked automatically.

Article 13 requires transparency: every detection must come with a reasoning path that an operator can interpret. Black-box AI is not compliant for high-risk use cases.

Quarero ships with documented reasoning traces per detection — not just a confidence score, but the feature contributions and the policy that fired. This is what the August 2026 deadline actually requires, and what insurance and audit teams will ask for.

Applies to autonomous mobile platforms including security robots. CE marking under this regulation is the entry-level proof that a machine has been risk-assessed and conforms to harmonised safety standards.

Quarero QR-2 Mk1 is CE-marked under the regulation, with the conformity-assessment file kept by Quarero Robotics Deutschland GmbH and available on regulator request.

Defines hazards specific to robots that share space with people: collision risk, unexpected motion, hazardous power output, restart logic, emergency-stop reachability. Compliance is evidenced through risk assessment plus design-and-test records.

QR-2 inherits the safety architecture required by ISO 13482 — speed-limited drive, ultrasonic plus LiDAR collision envelope, automatic safety-stop on sensor failure, hardware emergency-stop reachable on the chassis.

IP65 is the practical baseline for outdoor industrial machinery in DACH. It survives rain, wind-driven debris, hose-down cleaning at low pressure, and most weather conditions short of a high-pressure jet wash or full immersion.

QR-2 chassis is IP65-rated end-to-end. Sensor heads, compute enclosure and battery bay are individually sealed so a compromised seal never propagates.

QR-2 carries an edge GPU sized for real-time multi-stream sensor fusion. Detection happens in milliseconds without leaving the device. Only events of interest plus a thumbnail are uplinked over TLS 1.3.

This matters operationally because connectivity is the single most common failure surface for security systems in the field. An edge-AI device keeps detecting and recording even when the uplink is degraded.

RaaS converts a fleet decision from a multi-year capex project into a procurement-style monthly line item. The provider keeps fleet ownership, refreshes hardware on its own schedule, and absorbs the obsolescence risk.

Quarero RaaS starts at €3,200 per month for QR-1 Basis, with a 24-month minimum. Discounts up to −20 percent combined volume plus term. Pilot clause 14 days at €0 risk built into every contract.

Quarero operates as a DACH service. Engineering and operations sit in Filderstadt (DE). The holding sits in Zug (CH). Sales is direct in all three countries — Michaela Stich (DE), Fabian Kaufmann (AT, Lead Sales DACH), Marcus Köhnlein (CH, Founding Partner).

Customers benefit from contract templates that already reconcile German, Austrian and Swiss data-protection regimes, and from a sales team that does not hand off across borders.