Passenger WiFi isn’t a hardware project
CRA forces every stakeholder - OEMs, operators, authorities - to treat WiFi as an ongoing software project
Passenger Wifi in 2026 means: Vehicle types differ. Onboard communication hardware differs. Trains run for decades, while connectivity hardware and software lifecycles are much shorter. Maintenance windows are tight, integrators change, network providers change – and the “installed once” approach creates exactly the problems operators don’t want: inconsistent service quality, slow recovery, and changes that feel risky.
The broken status quo
“Install once” in a decades-long environment
The traditional model assumes updates are occasional (or avoided), documentation is a one-time deliverable, and issues can be handled “when the train is in the depot.” Often there’s no reliable software inventory, no consistent observability, and no safe fleet-wide rollout/rollback.
Operator reality
- Mixed fleets and different onboard comms hardware
- Train lifetimes > connectivity hardware/software lifetimes
- Tight maintenance windows and changing integrators/providers
- Outdated software with security vulnerabilities
Why CRA changes the buying conversation
And why now
Now add compliance pressure – especially the upcoming Cyber Resilience Act (CRA). “It works today” won’t be enough. Suppliers will increasingly be expected to prove lifecycle capabilities: defined support periods, patchability, vulnerability handling, and evidence. The practical impact is budgeting: lifecycle security is a continuous expense. The lowest-friction, lowest-cost path is treating Passenger WiFi as a managed service from day one.
CRA also increases pressure on hardware-level security capabilities (e.g., secure boot / trusted hardware). If those requirements show up in tenders, late upgrades get expensive – especially when Passenger WiFi was treated as a hardware purchase instead of a lifecycle-managed service.
Why Passenger WiFi fails in practice
CRA doesn’t mandate “stable uplinks,” but it raises the cost of instability: remote lifecycle management becomes non-negotiable.
Operator-grade KPIs to anchor on
- Captive portal + authentication availability
- Uplink availability & degradation behavior (0/1/2 links)
- Update adoption rate
- Uplink capacity utilization
The new path: build Passenger WiFi like a managed service
With Unwired, you don’t buy “a box.” You subscribe to a Passenger WiFi service that guarantees a defined functionality reliably over time – across hardware platforms – and takes over core responsibilities driven by CRA and NIS2, including incident readiness and reporting, security updates, and continuous software adaptation to regulatory and end-user device changes (e.g., new browser versions).
A reliable Passenger WiFi service needs three fundamentals:
- Reliable operations at fleet scale
Fleet-scale device management and configuration, documented OTA updates, staged rollouts with a clear blast radius, and rollback to last-known-good – improving MTTD/MTTR and reducing update risk. Enterprise-grade observability and APIs for everything enable integration into existing fleet operations. - Unbreakable connectivity
WAN bonding with rock-solid cellular modem management – and, where needed, true bonding across cellular and LEO satellite uplinks (e.g., Starlink) – to reduce dropouts, handle coverage variability predictably, and provide live connectivity telemetry plus secure channels for monitoring and updates. - Security and compliance built in
Full CRA- and NIS2-aligned operation: defined support period and update policy, secure updates with rollback, accurate fleet inventory (“what runs where”), and a vulnerability handling process (VDP, triage, advisories) – with auditable compliance evidence generated automatically, improving both service quality and security.
How Unwired Edge Cloud delivers this (and how to start)
That’s what Unwired Edge Cloud delivers: a managed Passenger WiFi service built for fleet reality – including lifecycle management, observability, and resilience by design.
What you get with Unwired
- Lifecycle management: leet-wide inventory, staged rollouts, rollback
- Secure updateability: OTA patching with documented workflows/li>
- Observability: shorter MTTD/MTTR, measurable service quality
- Uplink resilience: true WAN bonding + optional satellite integration (e.g., Starlink)
CRA isn’t a distant 2027 topic. The Sep 2026 reporting phase is next – which is why it’s important to validate your readiness now. To support your CRA preparation, we’re offering a free Passenger WiFi + CRA readiness review.
In a 45-minute readiness review, Unwired experts walk you through the key requirements that tenders and CRA-driven procurement will focus on - lifecycle management, evidence, updateability, and operational visibility. We’ll show practical examples (e.g., fleet monitoring with Unwired Edge Spider) and assess what you already have in place. You’ll leave with a clear list of next steps and priorities for your fleet.
FAQ
What does the EU Cyber Resilience Act (CRA) mean for Passenger WiFi in rail and public transport?
CRA shifts Passenger WiFi from a one-off install to a lifecycle obligation. Suppliers will need to demonstrate support periods, secure updateability, vulnerability handling, and compliance evidence. For operators, this shows up as tougher tender requirements and higher expectations for incident readiness and fleet operability.
How can rail operators make Passenger WiFi CRA-ready (support period, updates, vulnerability handling, evidence)?
Treat Passenger WiFi as a managed service. Build or buy capabilities for fleet inventory (“what runs where”), OTA updates with staged rollout and rollback, defined support periods/update policies, and a vulnerability handling process (VDP, triage, advisories). Add monitoring and reporting workflows so evidence is generated continuously, not assembled last minute.
Why does Passenger WiFi fail in practice even when bandwidth is sufficient?
Most issues are operational: unstable uplinks, captive portal/authentication failures, configuration drift across fleets, missing visibility, and risky updates because rollback isn’t safe. These cause drops and inconsistent user experience even if peak Mbps looks good.
What is WAN bonding for trains, and how does combining cellular and Starlink improve Passenger WiFi reliability?
WAN bonding combines multiple uplinks into a more stable connection. In rail, bonding multiple cellular links (and optionally a LEO satellite link like Starlink) reduces dropouts, smooths coverage variability, and provides more predictable service quality—especially for moving vehicles.
Unwired providesUnwired CloudLink, a fully managed, true WAN-Bonding Service
Which KPIs and monitoring data should operators track to run Passenger WiFi reliably at fleet scale?
Track captive portal/auth availability, uplink availability and degradation behavior (0/1/2 links), MTTD/MTTR, update adoption rate and version distribution, and uplink capacity utilization/headroom. Pair these with live telemetry and alerts so ops can detect issues before passengers do.
Unwired Edge Cloud includes a comprehensive observability stack, giving you continuous visibility into the KPIs that matter most.
