New EU legislation to prevent cybercrime through 'smart' consumer electronics

Thermostats, doorbells, security cameras and other 'smart' products that do not meet minimum cybersecurity requirements are expected to be banned from the European market from 2024. This is the result of new EU legislation that was recently adopted, aiming to ensure that European consumers are better protected against cybercrime via web connected electronics.

The new legislation is laid down in a so-called 'Delegated Act', an extension of the Radio Equipment Directive (RED) (2014/53/EU), the European legislation for radio and other broadcasting equipment. This Delegated Act stipulates that products intended for the European market must comply with Articles 3.3 d, e and f of the RED. With this new legislation the EU wants to:

• Improve network security: Wireless products must include features that prevent communication networks from being damaged and disrupt the functionality of websites or other services.
• Better protect consumer privacy: Wireless products must have features that ensure the protection of personal data (particularly that of children). Manufacturers must take measures to prevent unauthorised access to or transfer of personal data.
• Reduce the risk of financial fraud: Wireless products must include features to minimise the risk of fraud in electronic payments, for example better authentication checks to prevent fraudulent payments.

Transition period

The new legislation provides for a transition period of 30 months. This enables manufacturers and other industry parties to adapt relevant products. Before the transition period starts, there is a further two-month scrutiny period during which the European Council and the European Parliament can still object. Basically all IoT equipment that will be on the market in the EU from mid-2024, should comply with the new regulations.

Demonstrate compliance

Conformity assessment standards have yet to be harmonised. However, manufacturers who want to move forward can demonstrate the conformity of their products by having them assessed by independent testing, inspection and certification bodies. For example, Kiwa has already performed conformity assessments according to the new legislation on an IoT product. Kiwa is also currently optimising its cybersecurity test laboratory, so that IoT consumer electronics can soon be tested even better and more efficiently.

How Kiwa can help

For more information on IoT product testing by Kiwa, please check the following page ETSI EN 303 645: security of IoT consumer electronics.