SEALSQ INeS is a managed Public Key Infrastructure (PKI) service designed for IoT device certificate lifecycle management. The platform provides PKI-as-a-Service capabilities that enable organizations to generate and manage digital certificates for IoT devices without maintaining in-house PKI infrastructure. The service delivers end-to-end security from chip to cloud based on a certified trust anchor. It supports certificate management independent of device manufacturing and supply chain processes, protecting devices throughout their entire lifecycle from initial deployment. INeS includes certificate management system (CMS) functionality with certificate templates, standalone and batch certificate creation, and CA management. The device provisioning service (DPS) handles device types, status tracking, device creation in standalone and batch modes, and inventory management. The platform integrates with public cloud services and supports RESTful and EST APIs. It provides code signing capabilities including signing certificates and signing services for embedded software. A lightweight agent available in C# and Python enables on-device identity lifecycle management and automation. The service supports zero-touch onboarding of devices into cloud environments and facilitates migration between different clouds during device lifetime. It accommodates various IoT device types from sensors to edge-computing platforms and supports late-stage device configuration in the field. INeS provides Device Attestation Certificates for Matter standard compliance and supports Wi-SUN powered devices for smart city and smart energy grid applications. The platform handles both factory batch requirements for offline environments and online certificate delivery.