Knowledge base

Glossary: Terms for App Development & Industry 4.0

29 terms explained from authoritative sources — from GDPR and MDR through cross-platform and microservices to MES and predictive maintenance. Every entry shows the date of last verification and links the original sources.

Jump to

Regulatory & Compliance 8

Architecture & Technology 10

Industrial & B2B 6

Project & Methodology 5

Regulatory & Compliance

Data Sovereignty

#

The ability of an organisation to keep storage, processing, and access to its data under its own control — including choice of providers, locations, and encryption keys.

Data sovereignty is not a single piece of legislation but an architectural principle. It combines layers: legal sovereignty (which jurisdiction can access the data?), operational sovereignty (who manages the infrastructure?), and technical sovereignty (encryption, key management, open-source components). In practice for DACH this often means: hosting within the EU, customer-managed keys (BYOK / HYOK), avoiding transfers to jurisdictions with US CLOUD Act access, and preferring European hyperscaler alternatives or self-managed infrastructure. Initiatives such as Gaia-X formalise assessment criteria.
Why it matters

In the DACH Mittelstand, data sovereignty is increasingly a hard procurement criterion — especially in mechanical engineering, healthcare, and public sector.

Sources

Verified 2026-04-30

EU AI Act

#

Regulation (EU) 2024/1689 governing artificial intelligence. Applies in phases between August 2024 and August 2027.

The EU AI Act entered into force on 1 August 2024. Its provisions apply in stages: 2 February 2025 — prohibitions of certain AI practices (Art. 5) and AI literacy obligations (Art. 4); 2 August 2025 — obligations for providers of general-purpose AI models (Art. 51–56); 2 August 2026 — most obligations for high-risk AI systems under Annex III, transparency obligations under Art. 50, and penalties; 2 August 2027 — high-risk AI embedded in regulated products (Annex I). The Commission's "Digital Omnibus" proposal (November 2025) may move the Annex III deadline to 2 December 2027 — Council and Parliament approval is pending.
Why it matters

Anyone integrating AI components into apps (LLM-based assistants, automated decisions in HR or credit) must check whether the application qualifies as a high-risk system — and meet the corresponding risk-management, data-governance, and transparency obligations.

Sources

Verified 2026-04-30

EU Battery Passport

#

Digital product passport under Regulation (EU) 2023/1542. Mandatory from 18 February 2027 for EV batteries, LMT batteries, and industrial batteries above 2 kWh.

The EU Battery Passport is part of the EU Battery Regulation (Regulation (EU) 2023/1542), which has applied since 18 February 2024. From 18 February 2027, all electric-vehicle batteries, light-means-of-transport (LMT) batteries (e.g. e-bikes), and industrial batteries above 2 kWh must — at the moment of being placed on the market — carry a battery passport. It contains structured data on material composition, carbon footprint, recycled content, lifecycle, repairability, and supply-chain accountability. Access is via a QR code with role-based visibility for end customers, recyclers, and market surveillance authorities.
Why it matters

Manufacturers of in-scope batteries need a data backend by 2027 with an immutable birth snapshot per unit, a role-based QR interface, and integration with recycling and service partners.

Related in our services
Sources

Verified 2026-04-30

EU Data Act

#

Regulation (EU) 2023/2854 on harmonised rules for fair access to and use of data — applicable from 12 September 2025.

The EU Data Act entered into force on 11 January 2024 and has been fully applicable since 12 September 2025. It grants users of connected products (smartwatches, machinery, vehicles) the right to access, use, and share the data generated through their use of those products. Manufacturers must design devices and related services so this data access is technically possible — and provide the data on fair, reasonable, and non-discriminatory terms. For cloud and SaaS providers, the Data Act additionally governs provider switching and prohibits unfair data clauses in contracts.
Why it matters

Industrial products with telemetry (IoT sensors, connected machines, vehicle fleets) must offer a self-service data access interface — typically implemented as a customer portal with structured data export.

Related in our services
Sources

Verified 2026-04-30

GDPR-compliant App · DSGVO / GDPR

#

An app whose data processing meets the requirements of the EU General Data Protection Regulation (Regulation (EU) 2016/679) — including lawful basis, purpose limitation, data minimisation, data-subject rights, and accountability.

The GDPR has been directly applicable in all EU member states since 25 May 2018. For mobile applications, GDPR compliance means more than a privacy policy in the app-store listing — it requires Privacy by Design and Privacy by Default (Art. 25 GDPR), a documented lawful basis for every processing activity, a record of processing activities (Art. 30), active implementation of data-subject rights (access, erasure, portability), data-processing agreements with all third parties, and where applicable a Data Protection Impact Assessment. The location of processing matters: transfers to third countries require an additional transfer mechanism (e.g. Standard Contractual Clauses, following the CJEU Schrems II ruling).
Why it matters

Fines can reach up to €20 million or 4% of global annual turnover — and DACH Mittelstand customers require GDPR compliance as a standard contractual warranty in every app project.

Related in our services
Sources

Verified 2026-04-30

IEC 62304

#

International standard for the software lifecycle of medical devices. The currently published consolidated edition is IEC 62304:2006/AMD1:2015.

IEC 62304 defines lifecycle requirements for medical software — from requirements analysis through architecture, implementation, verification, and release to maintenance. It classifies software into three safety classes (A, B, C) based on potential harm. Class A means no possible injury or damage; Class C means possible death or serious injury. Higher classes require more detailed architectural plans, unit tests, integration tests, and documentation of SOUP (Software of Unknown Provenance — i.e. third-party components). IEC 62304 is recognised in the EU as a harmonised standard for the MDR — conformity provides a presumption of conformity with the MDR's software requirements.
Sources

Verified 2026-04-30

ISO/IEC 27001

#

International standard for Information Security Management Systems (ISMS). Current edition: ISO/IEC 27001:2022 (3rd edition).

ISO/IEC 27001 was published in its third edition on 25 October 2022. It defines requirements for establishing, operating, and continually improving an ISMS — a documented, audited structure for managing information-security risks. The transition period from the old edition (ISO/IEC 27001:2013) ended on 31 October 2025; all currently valid certificates are based on the 2022 edition. Annex A contains 93 controls organised into four themes (organisational, people, physical, technological). An amendment (ISO/IEC 27001:2022/Amd 1:2024) integrates climate-related considerations.
Why it matters

Enterprise customers (insurers, banks, regulated industries) require ISO 27001 certification from their software suppliers — or at minimum the ability to respond to a security audit questionnaire that mirrors its controls.

Sources

Verified 2026-04-30

MDR (Medical Device Regulation) · MDR

#

Regulation (EU) 2017/745 on medical devices. Software with a medical purpose qualifies as a medical device and is subject to a risk-class-based conformity assessment.

The MDR has applied since 26 May 2021 and replaces the old Directives 90/385/EEC and 93/42/EEC. Software as a Medical Device (SaMD) is classified under the MDR's classification rules — in particular Rule 11. Most clinical decision-support apps fall at least into Class IIa, which requires a conformity assessment by a Notified Body, an ISO 13485 quality-management system, clinical evaluation, and post-market surveillance. Regulation (EU) 2024/1860 (in force since 9 July 2024) extended the transitional periods for legacy devices and introduced an obligation to give advance notice of supply interruptions.
Why it matters

Anyone bringing a medical app to market must demonstrate classification, clinical evaluation, risk management (ISO 14971), and software lifecycle (IEC 62304) — shaping architecture, documentation, and release process from day one.

Sources

Verified 2026-04-30

Architecture & Technology

Backend-as-a-Service · BaaS

#

Managed backend platforms providing authentication, database, storage, functions, and push services as a cloud service — e.g. Firebase, Supabase, AWS Amplify.

BaaS solutions significantly accelerate time-to-market: instead of building your own backend stack (API, auth, database, workers), you adopt the platform's stack. The trade-off is lock-in — your data model, auth system, and functions follow the platform's semantics; switching usually means a full backend migration. Firebase (Google) and Supabase (an open-source PostgreSQL-based alternative) are the most-used options in cross-platform app projects. BaaS fits MVPs, cost-sensitive early phases, and products without complex domain-specific logic. As complexity, regulatory load, or specialised backend logic grows, a custom backend becomes more economical.
Related in our services

Verified 2026-04-30

Cross-Platform App Development

#

A development approach in which a single codebase produces both iOS and Android apps (and sometimes web/desktop) — typically via frameworks such as Flutter or React Native.

Cross-platform frameworks dominate the modern mobile market: per Statista, around 46% of cross-platform developers worldwide used Flutter in 2024, followed by React Native (35%), Xamarin (15%), and Ionic (4%). The main benefit is 70–95% code reuse across iOS and Android, typically cutting development cost and time-to-market by 30–40% versus two native builds. Cross-platform is not synonymous with "hybrid" or "web-view" — modern frameworks like Flutter compile to native code and deliver native performance.
Related in our services
Sources

Verified 2026-04-30

Edge Computing

#

Moving data processing to the edge of the network — as close as possible to the data source (device, machine, sensor) — rather than centrally in the cloud.

Edge computing reduces latency, bandwidth needs, and cloud costs, and enables applications with real-time constraints or limited connectivity. Examples: predictive-maintenance models running directly on an industrial gateway; CDN edge functions for personalised web content (Vercel Edge, Cloudflare Workers); on-device inference for ML models (Apple CoreML, Android NN-API). In Industrie 4.0 contexts the edge gateway often sits as a buffer between machine buses (Modbus, OPC UA, MQTT) and the cloud — handling data normalisation, pre-aggregation, and security authentication. Edge is not a cloud replacement but complementary: edge handles time-critical, local tasks; cloud handles aggregation, model training, and long-term storage.

Verified 2026-04-30

Headless CMS

#

A content-management system without a tightly coupled frontend. Content is delivered via an API and can be consumed by any client (mobile, web, voice, IoT).

Unlike monolithic CMSs such as WordPress, which render HTML directly, a headless CMS delivers content exclusively as structured data (typically JSON via REST or GraphQL). Examples include Strapi (open source), Contentful, Sanity, Storyblok, Directus. Benefits: one editorial system feeds multiple frontends (marketing site, mobile app, partner portal); clean separation between content and presentation; better performance via static-site generation at the frontend. Trade-offs: preview and WYSIWYG experiences for editors need separate implementation. Pairing with Astro, Next.js, or Nuxt is common.

Verified 2026-04-30

Microservices

#

An architectural pattern in which a backend is decomposed into multiple independently deployable services that communicate over well-defined interfaces (HTTP, messaging).

Microservices are the counter-pattern to the monolith, where the whole backend ships as a single deployment artefact. Benefits: independent deployment, independent scaling, technology diversity per service, organisational scaling across multiple teams. Trade-offs: substantially higher operational complexity (distributed tracing, service discovery, consistency guarantees), interface versioning, and data consistency. Microservices are not a default — for most B2B app backends with one to ten engineers, a well-structured "modulith" (modular monolith) is the better choice, which can be decomposed later if needed.

Verified 2026-04-30

Native vs. Hybrid Apps

#

Native apps are written and compiled in the platform-native language (Swift/Kotlin). Hybrid apps wrap a web application in a platform-native container (Cordova, Capacitor).

"Hybrid" and "cross-platform" are often conflated. Strictly, hybrid means HTML/CSS/JavaScript in a WebView, augmented by bridges to native APIs (e.g. Apache Cordova, Capacitor). Cross-platform frameworks like Flutter or React Native are technically not hybrid — they render directly to native UI primitives or via their own rendering engine. The distinction matters for performance, App Store acceptance, and maintenance. Native remains the reference for compute-intensive applications (AR, games, advanced audio/video pipelines); cross-platform dominates B2B and Mittelstand projects; hybrid is increasingly being displaced by PWAs.

Verified 2026-04-30

OAuth 2.0 & OpenID Connect · OIDC

#

OAuth 2.0 (RFC 6749) is the standard protocol for delegated authorisation. OpenID Connect is an identity layer on top of OAuth 2.0 that standardises authentication.

OAuth 2.0 lets an application access a resource on behalf of a user without knowing the user's password — e.g. "Sign in with Google". OpenID Connect (OIDC) extends OAuth 2.0 with a standardised ID token (JWT) carrying identity information. For modern apps, the Authorization Code Flow with PKCE (RFC 7636) is the secure default; the Implicit Flow is obsolete. OAuth 2.1 (in progress) consolidates best practices. In B2B settings, OIDC is often paired with identity providers such as Authentik, Keycloak, Auth0, or Microsoft Entra ID; multiple providers in parallel are possible via a multi-auth guard in the backend.
Sources

Verified 2026-04-30

Progressive Web App · PWA

#

A web application that uses standardised browser APIs (Service Worker, Web App Manifest, Web Push) to replicate native-app behaviour — installable, offline-capable, with push notifications.

PWAs are delivered through the browser and need no app store. A correctly implemented PWA can be added to the home screen, run fullscreen, perform background sync, and receive push notifications (on iOS since Safari 16.4, i.e. iOS 16.4 / 2023). Benefits: no app-store review delays, no platform tax, single codebase. Constraints: limited access to some native APIs (NFC with limitations, Web Bluetooth only in Chrome/Edge, restricted background processing on iOS) and the missing app-store presence still hurts in some B2B procurement contexts. Suitable for tools, dashboards, and content platforms without hard hardware requirements.
Sources

Verified 2026-04-30

SPA vs. SSR

#

SPA (Single Page Application) loads the app once as JavaScript and renders client-side. SSR (Server-Side Rendering) delivers fully rendered HTML pages — important for performance and SEO.

Pure SPAs (classic React with Create-React-App, old Angular setups) are rarely the first choice today: search-engine crawlers struggle with JS-rendered content, first-load performance suffers, and Core Web Vitals scores drop. SSR renders pages on the server in advance — either at build time (Static Site Generation, SSG) or per request (classic SSR) — and ships HTML immediately. Modern frameworks like Next.js, Nuxt, Astro, Remix, or SvelteKit combine hybrid strategies: static where possible, server-rendered where dynamic, with hydration to the client. Astro uses "Islands Architecture": the page ships statically and JavaScript islands hydrate selectively. This is the standard for SEO-relevant public content.

Verified 2026-04-30

WebSocket

#

A protocol (RFC 6455) for persistent, bidirectional connections between client and server over a single TCP connection — suitable for real-time updates and low latency.

WebSockets enable applications like chats, live dashboards, telemetry streams, or collaborative editors where the server needs to push data to the client at any moment. Unlike classic HTTP polling, there are no repeated requests; the connection stays open. Alternatives include Server-Sent Events (SSE) — simpler but unidirectional — and long-polling as a legacy fallback. In B2B IoT contexts, WebSockets are often paired with MQTT (over WebSocket transport). For low-bandwidth edge connections, MQTT directly is more suitable; in the browser, WebSocket remains the standard.
Sources

Verified 2026-04-30

Industrial & B2B

Bluetooth Low Energy · BLE

#

Low-power variant of the Bluetooth standard for sensors, wearables, and IoT devices. Current specification: Bluetooth Core 6.1 (April 2025), introducing Channel Sounding for distance measurement.

Bluetooth Low Energy (BLE) was introduced with Bluetooth 4.0 (2010) and has since been the dominant wireless interface for battery-powered devices with low data throughput — heart-rate monitors, asset trackers, smart locks, or industrial sensors. Bluetooth Core 6.0 (September 2024) introduced Channel Sounding — a secure, precise distance-measurement method using phase-based ranging and round-trip time, suitable for Find-My applications and digital keys. Bluetooth Core 6.1 (April 2025) added Randomized Resolvable Private Addresses for improved privacy. In mobile, Flutter (via `flutter_blue_plus`) and React Native (via `react-native-ble-plx`) integrate BLE directly; Web Bluetooth is only available in Chromium browsers.
Related in our services
Sources

Verified 2026-04-30

Industry 4.0

#

Concept of the fourth industrial revolution: intelligent networking of machines, products, and processes via internet technologies. The term was coined in 2011 at the Hannover Messe.

"Industrie 4.0" was coined in 2011 by Henning Kagermann (acatech), Wolfgang Wahlster (DFKI), and Wolf-Dieter Lukas (BMBF) and is part of the German federal government's "High-Tech Strategy 2020". The Plattform Industrie 4.0 (jointly led by the Federal Ministry for Economic Affairs and Climate Action and the Federal Ministry of Education and Research) coordinates national implementation. In concrete terms, Industrie 4.0 covers cyber-physical systems, Internet of Things, digital twins, predictive maintenance, autonomous logistics, and individualised mass production ("lot size of one"). In practice, 2026's focus is industrial AI, edge computing, data sovereignty, and supply-chain transparency.
Sources

Verified 2026-04-30

Internet of Things · IoT

#

Networking of physical objects with the internet so they can capture, exchange data, and respond to instructions — from consumer products to industrial sensors.

IoT applications typically span four layers: devices (sensors, actuators), a connectivity layer (BLE, LoRa, NB-IoT, MQTT), a data layer (telemetry ingestion, time-series database), and an application layer (dashboard, alerts, automation). In B2B contexts, Industrial IoT (IIoT) platforms are particularly relevant — they connect machines to cloud services and enable predictive maintenance, remote control, and new business models like pay-per-use. Data protection and data sovereignty are central architectural decisions, especially since the EU Data Act became applicable on 12 September 2025.

Verified 2026-04-30

Manufacturing Execution System · MES

#

A system that controls and monitors production processes at the shop-floor level. In the IEC 62264 / ISA-95 model it sits at Level 3, between ERP (Level 4) and SCADA / machine control (Levels 1–2).

An MES manages orders, material flow, quality data, machine utilisation, and personnel planning in real time. It fills the gap between the highly aggregated business logic of the ERP (SAP, Microsoft Dynamics) and the hardware-near control of individual machines. The IEC 62264 standard (also known as ANSI/ISA-95) defines interfaces, data models, and activity models for integration. Mobile MES apps let shop-floor workers acknowledge orders on a tablet, document quality checks, or report incidents — a classic B2B app use case for cross-platform frameworks.
Sources

Verified 2026-04-30

Predictive Maintenance

#

Maintenance strategy that uses telemetry data and models to predict the optimal moment for service — before failure but after the point at which maintenance becomes economically necessary.

Predictive maintenance replaces two classical strategies: reactive maintenance (failure → repair, high consequential costs) and preventive maintenance (fixed intervals, often too early or too late). It requires a reliable telemetry pipeline with historical data for model training. Models range from simple threshold rules to time-series forecasting (ARIMA, Prophet) to deep-learning approaches (LSTM, Transformer) for complex pattern detection. In the DACH Mittelstand, hybrid approaches are common: simple rules at the edge augmented by model updates from the cloud. The economic impact is well documented — studies typically report 25–35% lower maintenance cost and 70–75% reduction in unplanned downtime.

Verified 2026-04-30

Telemetry

#

Automated measurement and transmission of data over large distances — typically from sensors or devices to a central analysis system.

Telemetry data streams are the backbone of modern IoT and mobile applications: devices continuously generate measurements (voltage, temperature, position, status) and transmit them to a backend platform. Architectural decisions turn on frequency (real-time vs. batch), protocol (MQTT, HTTP, CoAP), storage (time-series databases such as InfluxDB, TimescaleDB), aggregation, and alerting. In regulated industries (medical, energy), telemetry must additionally be stored auditably — typically as an append-only event log. A well-designed telemetry stack is the precondition for predictive maintenance, anomaly detection, and AI-driven analysis.

Verified 2026-04-30

Project & Methodology

Agile / Scrum

#

Agile is a values framework for product development (Agile Manifesto, 2001). Scrum is a specific framework within the agile family with defined roles, events, and artefacts.

The Agile Manifesto (2001) prioritises individuals and interactions, working software, customer collaboration, and responding to change. Scrum (formalised by Ken Schwaber and Jeff Sutherland) concretises this through time-boxed sprints (typically 1–4 weeks), roles (Product Owner, Scrum Master, Development Team), events (Daily, Planning, Review, Retrospective), and artefacts (Product Backlog, Sprint Backlog, Increment). Criticism of Scrum usually targets "cargo-cult adoption" — the form without the substance. Success depends not on strict adherence but on continuous adaptation to the specific situation. Alternatives: Kanban (pull-based, no fixed sprints), Shape Up (Basecamp), combined hybrids.
Sources

Verified 2026-04-30

Build vs. Buy

#

The strategic decision to build a feature in-house (Build) or buy an existing product (Buy) — depending on differentiation, time-to-market, total cost of ownership, and lock-in risk.

Rule of thumb: build where the business differentiates; buy where it's a commodity. Authentication, payment processing, email delivery, analytics — overwhelmingly buy. Core business model, proprietary business logic, customer-specific workflows, regulatory compliance — overwhelmingly build. The decision should be examined across several axes: acquisition and licensing costs over five years, integration effort, vendor stability, data protection and data sovereignty, switching costs on exit, and roadmap alignment with your own needs. A common mistake is to choose "buy" without calculating integration costs and lock-in risk at the same level of detail as the build costs.

Verified 2026-04-30

CI/CD · CI/CD

#

Continuous Integration (CI) is the automated integration and testing of code changes. Continuous Delivery / Continuous Deployment (CD) automates the release process.

CI runs every code change through a standardised pipeline immediately: static analysis, unit tests, integration tests, build, optional UI tests. Continuous Delivery keeps the main-branch release artefact deployable at any moment — but a human decides when. Continuous Deployment automates that step too: every change to main goes to production automatically. In mobile there are additional steps: code signing, app-store submissions, TestFlight/Play Store beta channels, automated version bumps. Common tools: GitHub Actions, GitLab CI, Bitrise, Codemagic, Fastlane. A mature CI/CD pipeline is not optional — it's a prerequisite for safe, frequent releases and for compliance evidence (e.g. IEC 62304 requires traceable build and release processes).

Verified 2026-04-30

Minimum Viable Product · MVP

#

The smallest meaningful product version that lets real users experience the value proposition — and lets the team validate assumptions against real data.

The term originates in Eric Ries' book "The Lean Startup" (2011). An MVP is not "a prototype" or "the first bad version" — it's a deliberately reduced solution whose purpose is learning. In B2B settings, an MVP often means a single critical workflow for an initial pilot customer group, with real data and real support. What belongs in the MVP is a strategic decision, not a cost-reduction question. Common mistakes: thinking too big (months of building without validation) or too small (an MVP that proves nothing).

Verified 2026-04-30

Time-to-Market · TTM

#

The time from product idea to first market launch. A core competitiveness metric — especially in markets with short innovation cycles.

TTM is often equated with "fast", but the relevant question is: fast at what minimum quality for which target group? A pilot version for three lead customers has different TTM than a full multi-tenant platform. Levers for reducing TTM: cross-platform instead of two native codebases (typically -30 to -40%), BaaS instead of a custom backend in the early phase, off-the-shelf components (UI libraries, auth providers) instead of in-house development, clearly bounded MVP scope, continuous releases instead of big-bang launches. In B2B, TTM is often directly linked to cashflow: every month earlier means a month earlier of revenue and validation.

Verified 2026-04-30

Question about a term or a concrete project?

We build mobile and backend software for regulated and industrial B2B applications. Let's talk about your requirements.

Send email