Next steps
To talk to our experts about your requirements, please fill out and submit the form below with your details and a member of our team will be in touch.
To discuss your requirements with one of our industry experts fill in the form below.
In our increasingly digital world, we rely on connected devices more than ever before. From smartphones to smart homes, these devices provide convenience and efficiency that have transformed the way we live and work. However, with the rise of connected devices, there has also been a growing concern over security and privacy. As we entrust more and more of our personal information to these devices, it becomes crucial to establish trust in their ability to protect that information.
To ensure a safe and secure online environment, the EU Commission published a Delegated Regulation Act (EU) 2022/30 on 12 January 2022, which relates to Articles 3.3 (d), 3.3 (e), and 3.3 (f) of the Radio Equipment Directive (RED). The main objective of these articles is to improve Cyber Security, personal data protection, and privacy for end users.
The Delegated Act to the Radio Equipment Directive adopted aims to address that IoT devices are safe before being sold onto the EU market. This Act lays down legal requirements for cybersecurity safeguards, which manufacturers will have to consider in the design and production of wireless-connected products. It will also protect consumer privacy and personal data, reduce the risk of financial fraud as well as ensure better resilience of communication networks.
The measures cover wireless and IoT devices such as mobile phones, tablets, and other products capable of communicating over the internet; toys and childcare equipment such as baby monitors; as well as a range of wearable equipment such as smart watches, wearables, or fitness trackers. Medical devices and motor vehicles, however, do not fall within the scope as cybersecurity provisions from other legislations are applicable for these products.
This means that the majority of global wireless Original Equipment Manufacturers (OEMs) placing IoT products onto the European market will be required to demonstrate compliance with these new requirements via testing. Currently, there are no harmonized standards in place; however, test standards are available such as ETSI EN 303 645 and IEC 62443-4-2, which are a good starting point on the journey to becoming ready to declare conformity to the upcoming cybersecurity requirements.
The Delegated Act will enter into force on 1 August 2025 after initial plans of August 2024. This 12 -month extension provides manufacturers with necessary time to fully understand the implications, prepare, and comply with the new regulations. This extension will also allow the European Commission more time for harmonized standards to be developed and provide a significant timeframe for manufactures to ensure that cybersecurity is considered in the design lifecycle of their products.
BSI, your digital trust testing and certification partner, is helping IoT manufacturers to attain confidence and trust that products will be compliant with these upcoming cybersecurity requirements by means of pretesting services against the available ETSI EN 303 645 standard, with a mapping against the new essential requirements using the recent publication ETSI TS 103 929.