EU wants to curb cybercrime through 'smart' consumer electronics
Thermostats, doorbells, security cameras and other 'smart' products that do not meet minimum cybersecurity requirements are expected to be banned from the European market from 2024. This is the result of new EU legislation that was recently adopted, aiming to ensure that European consumers are better protected against cybercrime via web connected electronics.
The new legislation is laid down in a so-called 'Delegated Act', an extension of the Radio Equipment Directive (RED) (2014/53/EU), the European legislation for radio and other broadcasting equipment. This Delegated Act stipulates that products intended for the European market must comply with Articles 3.3 d, e and f of the RED. With this new legislation the EU wants to:
- Improve network security: Wireless products must include features that prevent communication networks from being damaged and disrupt the functionality of websites or other services.
- Better protect consumer privacy: Wireless products must have features that ensure the protection of personal data (particularly that of children). Manufacturers must take measures to prevent unauthorised access to or transfer of personal data.
- Reduce the risk of financial fraud: Wireless products must include features to minimise the risk of fraud in electronic payments, for example better authentication checks to prevent fraudulent payments.
Transition period
The new legislation provides for a transition period of 30 months. This enables manufacturers and other industry parties to adapt relevant products. Before the transition period starts, there is a further two-month scrutiny period during which the European Council and the European Parliament can still object. Basically all IoT equipment that will be on the market in the EU from mid-2024, should comply with the new regulations.
Demonstrate compliance
Conformity assessment standards have yet to be harmonised. However, manufacturers who want to move forward can demonstrate the conformity of their products by having them assessed by independent testing, inspection and certification bodies. A product can comply to Articles 3.3 d, e and f of the RED by the ETSI EN 303 645 or IEC 62443 -4 -2 standards.
Kiwa has already performed conformity assessments according to the new legislation on several IoT products. We have equipped a state of the art cybersecurity testing laboratory, so that IoT Consumer Electronics as well as industrial IoT components can be tested effectively and efficiently to proof compliance to articles 3.3 d, e and f of the RED.
More information
For more information on IoT product testing, please check our product page on ETSI EN 303 645: security of IoT consumer electronics.
Learn more?
Would you like to know more about this topic? Call us at +31 (0)88 998 33 70 or fill out the contact form. Our experts will be happy to help you!
ETSI EN 303 645: security of IoT consumer electronics
Refrigerators, lighting, TV’s, smoke detectors, toys, fitness trackers... An ever-increasing number of everyday electronic consumer products is connected to the internet. These ‘smart’ devices make our lives more pleasant and often easier, but they also entail security risks.
IEC 62443 certification: Cyber Security for Industrial Automation & Control Systems (IACS)
Digitalization and the Internet of Things (IoT) offer great opportunities for manufacturing industries. However, if not properly secured they can cause vulnerability, leading to cybercrime and attacks by hackers. This can seriously damage daily operations and business continuity.
Remote Access for Remote Services (RARS) Certification Scheme
By taking the recent cybersecurity trends into account, Kiwa developed the Remote Access for Remote Services (RARS) scheme, also known as K21048. The RARS scheme is a collection of assessments set up by Kiwa that focusses on different types of systems that are remotely accessible.
