A convergence of pilot deployments, consortium activity, and emerging regulation is accelerating adoption of open, vendor-agnostic communication standards across industrial retrofit programs targeting legacy air, electrical, and process-control systems. Manufacturers are deploying protocols such as OPC Unified Architecture (OPC UA) and MQTT alongside open digital-twin frameworks to integrate sensors, edge compute nodes, and analytics platforms without reliance on proprietary stacks - a move driven by pressure to cut integration costs, shorten deployment timelines, and unlock AI-driven optimization across plant fleets.
Background
Today's industrial IoT landscape remains a patchwork of proprietary systems, competing protocols, and isolated data silos - digital islands that cannot communicate without expensive, custom-built bridges. This fragmentation has long constrained retrofit programs: transforming existing machines for networked production is difficult, and while modern systems ship with suitable interfaces, retrofitting legacy equipment is often complicated.1The European Union's Cyber Resilience Act | Open Regulatory Compliance Working Group
According to Gartner, 25% of industrial companies had already invested in an Industrial IoT platform to achieve digital transformation by 2025. According to Gartner, 25% of industrial companies had already invested in an Industrial IoT platform to achieve digital transformation by 2025. Despite this, a study by Accenture found that only about 40% of industrial manufacturers have achieved high interoperability, with over two-thirds citing technical complexity as a key barrier.
Regulatory pressure is compounding the urgency. The EU Cyber Resilience Act (CRA) entered into force on December 10, 2024, with vulnerability reporting obligations applying from September 11, 2026, and full compliance required by December 11, 2027. The CRA entered into force on December 10, 2024, with main obligations applying from December 11, 2027, and reporting obligations from September 11, 2026. The act addresses threats and vulnerabilities by establishing standardized cybersecurity requirements as part of a wider set of European product legislation. Analysts note this is already reshaping architecture decisions in operational technology (OT) retrofit projects, where security-by-design has become a procurement prerequisite rather than an afterthought.
Details
The Asset Administration Shell (AAS), an open standard and data-container model for industrial digital twins, has demonstrated material results in industry pilots. Partners in the Industrial Digital Twin Association (IDTA) report cost and time savings of up to 67% in engineering and up to 79% improvement in product lifecycle management (PLM) processes, attributable to standardized submodels replacing manual data handoffs. IDTA partners in AAS pilot programs reported engineering cost and time savings of up to 67% and PLM process improvements of up to 79% through standardized submodels. AAS is one of the key concepts originally developed by Plattform Industrie 4.0, a German consortium spanning industrial associations, academic research, and industry, and is currently the subject of international standardization as IEC 63278. Governance of the AAS specification and submodel templates has transferred to the IDTA, a non-profit organization founded in 2021 that now counts more than 80 mostly industrial members across multiple verticals and geographic markets. Approximately 30 standardized submodel templates are currently published, in review, or under active development.
On the connectivity layer, OPC UA and MQTT together form the backbone of modern connected manufacturing: OPC UA organizes the data; MQTT moves it. "The adoption of OPC UA in automation and control is driven by key technologies such as edge computing, cloud connectivity, and standardized communication," said Andreas Röck, Head of Product Management Nuremberg at Softing Industrial Automation GmbH. Technologies such as PubSub over MQTT and Time-Sensitive Networking (TSN) are accelerating OPC UA adoption by supporting real-time communication and enhancing data-flow efficiency.
For retrofit architectures specifically, modern manufacturing implementations place edge computing - where initial data processing occurs close to equipment - before results flow to cloud platforms for deeper analytics. OPC UA fits these hybrid architectures: edge devices can aggregate data from multiple OPC UA servers on the factory floor, perform local analytics such as anomaly detection, and publish summarized results to cloud platforms using OPC UA Pub/Sub over MQTT. Retrofitting legacy systems addresses compatibility issues with new devices and technologies, meets current process requirements, and strengthens security and regulatory compliance. The process begins with evaluating the legacy system's attributes and limitations, then integrating modern technologies to improve efficiency and interoperability while leveraging existing facilities to reduce costs.
Data exchange formats such as AutomationML describe plant components in a vendor-neutral manner, transferring information on geometry, kinematics, and logic - making them a key enabler for retrofit projects and digital twins alike.2EU Cyber Resilience Act – Open Source Security Foundation
Cybersecurity remains central to the architecture debate. With built-in encryption and authentication, OPC UA ensures secure data exchange, addressing security limitations of traditional industrial protocols. These systems also support scalability and interoperability by integrating with MQTT Sparkplug to balance poll/response and publish/subscribe architectures. "Together, these advancements enable engineers to design robust, secure, and scalable IIoT systems that bridge the gap between legacy infrastructure and modern industrial demands," according to industry experts cited by Industrial Ethernet Book.
| Standard / Protocol | Governing Body | Primary Role in Retrofit | Architecture Layer |
|---|---|---|---|
| OPC UA (IEC 62541) | OPC Foundation | Secure, semantic machine-to-machine data modeling | Edge -> Cloud |
| MQTT / Sparkplug B | Eclipse Foundation | Lightweight pub/sub messaging for data transport | Edge -> Cloud |
| Asset Administration Shell (IEC 63278) | IDTA / Plattform Industrie 4.0 | Standardized digital twin model for asset lifecycle | Device -> Enterprise |
| AutomationML | AutomationML e.V. | Vendor-neutral plant component engineering data | Engineering |
| OPC UA over TSN | OPC Foundation / IEEE | Deterministic real-time communication | Fieldbus -> Edge |
| IEC 62443 | IEC / ISA | OT cybersecurity framework for secure-by-design networks | Cross-layer Security |
Outlook
Wider adoption of OPC UA PubSub over TSN for deterministic cell networks, Sparkplug-native devices, and streaming analytics at the edge is expected to drive autonomous adjustments, with the stated goal of enabling data to be published once and consumed anywhere - with context and security intact. The EU CRA compliance timeline creates a hard deadline: manufacturers must meet vulnerability reporting requirements by September 11, 2026, with several additional deadlines following based on product classification. Analysts emphasize that successful scaling of open interoperability across retrofitted fleets will require robust data governance, unified namespace architectures, and security postures satisfying both IEC 62443 and emerging CRA requirements before plants connect OT networks to broader enterprise ecosystems.
