ETSI EN 303 645 Cybersecurity for Consumer IoT

ETSI EN 303 645 Cybersecurity for Consumer IoT

Red Overlay
ETSI EN 303 645 Cybersecurity for Consumer IoT
ETSI EN 303 645 Cybersecurity for Consumer IoT
Red Overlay

To discuss your requirements with one of our industry experts fill in the form below.

Contact us

What is the ETSI EN 303 645 Cybersecurity for Consumer Internet of Things?

Released in June 2020 by the European Telecommunication Standards Institute (ETSI), the EN 303 645 standard sets out a cybersecurity baseline for internet enabled consumer products. 

ETSI EN 303 645 is one of the most important standards because this is first globally applicable cybersecurity standard for consumer IoT devices. The standard has been developed based on the feedback and expertise of global industry, academic and government players. 

What are the requirements of ETSI EN 303 645?

The cybersecurity standard is suitable for a wide range of consumer products including IoT gateways, wearables, monitors, door locks, televisions and speakers, and household smart appliances. 

The ETSI EN 303 645 cybersecurity standard outlines 13 provisions or requirements for consumer IoT as follows:

  • No universal default passwords
  • Implement a means to manage reports of vulnerabilities
  • Keep software updated
  • Securely store and transmit personal data
  • Minimize data collection
  • Ensure secure communication
  • Secure software 
  • Implement secure and documented communication
  • Implement secure and documented storage
  • Ensure software integrity
  • Conduct a privacy impact assessment
  • Define a secure lifecycle
  • Provide a vulnerability disclosure policy

In addition, the standard also outlines a data protection provision which requires manufacturers to provide features within consumer IoT devices that support protection of personal data.


How can BSI help?

Helping manufacturers prepare for these regulations and demonstrate that their consumer IoT devices put safety and security first, BSI has developed a scheme for cybersecurity testing and certification for Consumer IoT products.

The scheme demonstrates that a device meets baseline security controls, is compliant against ETSI EN 303 645 and supports you, the manufacturer throughout.


Why BSI?

Consumer IoT Verification from BSI gives consumers confidence that your product meets the legal requirement or is ready for legislation, having undergone relevant testing through a reputable and independent certification body.

Differentiating you from the competition, BSI’s robust, third-party certification and verification ensure your products stand out as being safe and secure in our digital and connected world.


Next steps

To talk to our experts about your requirements, please fill out and submit the form below with your details and a member of our team will be in touch.