22 March 2022

Kiwa accredited for ETSI EN 303 645 cybersecurity testing

Kiwa was recently accredited by the Dutch accreditation council RvA as the first Notified Body (NoBo) for testing and assessing the cybersecurity of IoT consumer products. By independently assessing the cybersecurity of 'smart' devices such as doorbells, thermostats, tv’s and lighting, manufacturers can ensure that consumers are less likely to become victims of cybercrime.

Kiwa's accreditation is based on ETSI EN 303 645 and the underlying ETSI TS 103 701. The RvA statement expands Kiwa's L021 accreditation scope. The accreditation confirms that the competence, impartiality and consistency of Kiwa's business operations are well guaranteed. This has been determined by the RvA after independent and expert research and assessment based on internationally recognized quality standards such as NEN ISO 17025.


Consumers want to be able to trust that the products and services they use are safe and reliable. TIC organizations such as Kiwa play an important role in establishing that trust. Accreditation of these TIC organizations by a national supervisory body such as the RvA ensures that confidence in Kiwa's certifications and assessments is justified. Kiwa is one of the first organizations in Europe to be accredited for the ETSI EN 303 645.

Benefits for manufacturers

Testing according to the standard ETSI EN 303 645 has an important goal: to guarantee a basic level of cybersecurity for consumer IoT. Manufacturers of IoT consumer electronics who have their products tested under accreditation by Kiwa according to this standard therefore enjoy the following benefits:

  • The certainty that products are correctly and correctly assessed and tested. By meeting the requirements of the RvA and by the annual reassessment for this scope, the consistency of the quality delivered by Kiwa is also guaranteed;
  • The ETSI EN 303 645 is one of the standards that can be used to demonstrate compliance according to articles 3.3 (d), (e) and (f) of the Radio Equipment Directive (RED 2014/53/EU). Compliance according to these cybersecurity-related articles is mandatory from August 1, 2024. For European market access, it is therefore necessary to also test a product according to these articles in the RED. Read more here.

Notified body RED

Kiwa is a notified body for the RED and can help customers to obtain RED certificates. Of course Kiwa also helps with the implementation of the other articles of the RED (EMC, RF and electrical safety tests, etc.). From August 1, 2024, manufacturers must comply with the aforementioned articles from the RED 2014/53/EU. Kiwa can already support manufacturers in their efforts to be compliant under all mandatory articles (including 3.3 d, e and f) of the RED. We help customers to enter the market quickly, via our one-stop-shop, extensive lab capacity, short lead times, etc.

Mandatory cybersecurity compliance

Kiwa also has an IoT cybersecurity label available. After a product has been successfully tested in accordance with ETIS EN 303 645, a manufacturer may provide it with this label. This way he demonstrates that the product has been independently tested and approved and that it already meets the cybersecurity requirements that will be mandatory from August 2024.