nRF Connect SDK is a unified and flexible software development kit for building products based on all of Nordic’s nRF54, nRF53, nRF52, nRF70 and nRF91 Series wireless devices. It is based on the open source Zephyr project combined with Nordic proprietary software, offered as a single package optimized for Nordic’s portfolio of wireless products.
In this blog post, we will discuss an important milestone marked by the version 3.4.0: the Long-term support (LTS).
Table of Contents
Background
nRF Connect SDK is a fork of the Zephyr project, fine-tuned to get the best of Nordic parts. At the moment, the frequency of releases is once per quarter. Each new version is actually a big delta from the previous one, due to both Nordic specific updates and upstream Zephyr updates.
On top of that, every new feature added to the SDK starts with an Experimental status, and is upgraded to Supported (and as such, ready for production), after a stabilization period of one or more future releases.
This approach presents some problems to customers who need stability. Moving to a new version just for a specific bugfix or security upgrade comes with a lot of other changes Each new version has new features coming from Zephyr upstream, new features in the Nordic specific code, library and internal module version upgrades, etc - representing a big, discrete step. And sometimes these are actually breaking changes. This means changes in APIs, libraries, modules, dependencies, etc, that are not direct replacements, and require changes in the application to build and work correctly.
This can have side effects in product validation, acceptance tests, and certifications, etc. It can also mean riskier updates if doing over the air to products in the field. The usual procedure for customers is to do an assessment, weigh the pros and cons, and make a decision about whether the bug or security fix was worth the effort and risk.
Introducing Long-term support for nRF Connect SDK
To improve the customers developer experience, we are adding Long-term support (LTS) to the nRF Connect SDK. Long-term support for the nRF Connect SDK means a commitment from Nordic Semiconductor to periodically release patch-level versions, containing only bug and critical security fixes, for a period of 5 years.
The nRF Connect SDK version 3.4.0 will be the first LTS release. The patch-level versions will be version 3.4.1, 3.4.2, etc. Because these patch versions will be based on the same branch, they will not have unrelated breaking changes that could be coming from upstream Zephyr, or changes in libraries and protocol versions. This will ensure customers a simpler integration path, and quicker response times to deal with issues related to critical security vulnerabilities affecting devices in the field.
Addition of new devices and boards
Patch-level releases will not limited to just bugs and fixes for security vulnerabilities. Support for new Nordic SoCs and boards can also be added to the LTS with a new patch-level release.
Today, devices and boards are added at upstream Zephyr first, and then make their way to the SDK with every new fork for a release. Adding new devices in patch level releases of the LTS gives a solid software foundation from day one, and does not hold customers back until a new fork for a release is done.
It’s important to highlight that the new devices and boards may also be in parallel ported to upstream Zephyr, to contribute with the community and keep the the upstream project updated with latest Nordic Semiconductor parts.

Simplified diagram of how porting a fix from upstream (orange), adding a Nordic fix (blue), or a new board to the LTS, will look like, based in the same LTS branch
When should LTS be used?
Moving forward, the LTS version of the nRF Connect SDK should be the default version used for every new project, as long as the following conditions are meet:
- The device is
ActiveorMaintentance - The software features maturity is
Supported
Although this is in line with the current set of recommendations, it’s worth highlighting it again, as the evolution of the product portfolio, and the software protocols and features can create scenarios where these are not met.
Developers can check the device status in the corresponding release.yaml file
Roadmap of LTS patch-level versions
There is no predefined calendar for patch-level releases, as they will depend on when security vulnerabilities or major bugs are discovered, reported, and their severity. Even though these could be patched in the source code tree very quickly, it does not mean a new full patch-level release will be created every time a new single vulnerability is reported. It’s more likely releases will be created periodically, when a certain number of fixes is reached, while keeping the interval within the legal required timeframe.
Users can expect to find information about issues at the TechDocs Security Advisories section. Such information will contain a description of the affected products, if it is linked with a public item listed in Common Vulnerabilities and Exposures (CVE), its base score as indicative of the severity, etc. It will also contain a way to address it, or a version where this problem was fixed.

Sample of a security advisory notification
Getting notifications about new bugs and security vulnerabilities
Instead of periodically checking the TechDocs website, customers can also get notifications about new issues relevant to their projects by using the myNordic service.
myNordic is the single sign-on and notification hub now being rolled out across Nordic Semiconductor platforms. Users can control what notifications they can subscribe to, depending on the hardware or software component used in their project.

Sample of a myNordic e-mail notification
Security fixes might have breaking changes
Although the premise of an LTS is to not have breaking changes, there can be exceptions, if a high severity security issue requires such type of changes. It is hard to predict if such a scenario will occur, and it’s also important to highlight it should only happen as a last resort, if there is no alternative for fixing the problem.
However, security takes priority over continuity and portability: if fixing the security vulnerability requires, for example, upgrading a library to a newer version, and that version has changes that are not compatible, unfortunately the breaking changes are inevitable.
Roadmap of future LTS releases
Although nRF Connect SDK 3.4.0 is the first Nordic release with Long-term support, it is based in Zephyr 4.4, which is not a Zephyr LTS release itself. The next Zephyr LTS release scheduled for April 2027, and will be Zephyr version 4.6.
The Zephyr project has a policy to freeze and not change APIs in the two releases previous to an LTS release. Which means version 3.4.0 of nRF Connect SDK will also be API compatible with the upcoming Zephyr LTS release. In the future, the LTS versions of nRF Connect SDK will be aligned with the LTS versions of Zephyr.
Feature complete devices
Having a version of nRF Connect SDK with Long-term support also makes it possible to declare some devices and SoC series feature complete. This means that specific version of the SDK will be the last one containing support for these devices. This does not mean the device is being phased out, or discontinued. Feature complete means that in future versions of the SDK, the device/s will not receive new features. They will still be actively supported in the LTS branch, and will continue to receive bug and security fixes during the support period, so customers can plan, design, and create new applications with them, having the peace of mind they will get support and help for a long period of time.
The nRF Connect SDK version 3.4.0 will declare the nRF52 Series as feature complete, as well as the nRF9131 and nRF9160 devices. As such, any future project that uses, for example, the popular nRF52840, can use this SDK version as the latest and most updated one, and get long-term support for security vulnerabilities and bug fixes, for the 5 years period. At the same time, in future releases the specific code and config files for these devices will be removed from the applications and samples, and a compiler warning will be raised to make the user aware that version of the SDK should not be used for that specific device.
Existing nRF5 SDK users starting new projects
Customers still using the nRF5 SDK for developing with the nRF52 Series might see a benefit on migrating to nRF Connect SDK 3.4.0 for new projects and designs, as a side effect of the series being declared feature complete. Doing the migration will bring the peace of mind of support and simple updates for the 5 year period, and the benefit of a more modern, stable and mature code base.
European Cyber Resiliency Act implications
The EU Cyber Resilience Act (CRA) is a major regulation setting mandatory cybersecurity and vulnerability-handling standards for all hardware and software products with digital elements sold in the European Union.
It defines timelines and requirements for manufacturers to ensure the cybersecurity aspects of connected devices are managed properly during the entire lifecycle of the product, including things like reporting vulnerabilities, assessing their risk, and supplying remediation actions.
Although it does not explicitly require using software labeled as Long-term support, some of its requirements are well aligned with the characteristics of a Long-term support SDK, like the possibility to have updates that do not introduce new features, for a prolonged period of time.
It’s important to make it clear that, using an LTS version of nRF Connect SDK is not enough to ensure compliance with the EU CRA by itself. But it can definitely help and make compliance simpler, as there is some overlap in the requirements and expectations, like stability over time and easy access to security fixes.
Customers using an LTS version of nRF Connect SDK are going to be in the best possible position when the CRA comes in place.
Conclusion
The nRF Connect SDK 3.4.0 represents a big milestone for Nordic Semiconductor, as it’s the first LTS version of the popular SDK. Customer support has been a pillar of the success of Nordic Semiconductor, and we are very proud of being able to reinforce the commitment and support to our customer base for a long period of time.
Users can now design, manufacture and deploy products using our SoCs, with the peace of mind the devices will be working in the field for a long time, not only because of their market-leading hardware low-power performance, but also for their software long-term support as well.
