Last year, the European Commission strengthened cybersecurity on wireless products and systems, introducing a delegated act on Radio Directive that will be mandatory starting from the 1st of August, 2025 (updated).
Although harmonised standards have not been published yet, manufacturers that want to stay ahead of the curve and gain market competitiveness can already certify their cybersecurity product with an accredited Notified Body, such as Applus+ Laboratories. Here’s what you need to know.
The new cybersecurity requirements apply to several types of radio devices, particularly those connected to the internet directly – like phones, laptops or IoT Devices – or indirectly – like smartwatches and other wearables. However, it makes special emphasis on connected toys and child-related devices such as baby monitors.
The new delegated act has introduced an additional essential requirement on cybersecurity (3.3), complementing the existing requirements on Health and Safety, EMC and Efficient Use of Radio Spectrum.
The requirement 3.3 linked to Cybersecurity requirements takes in consideration three aspects:
Taking advantage of our long experience in cybersecurity evaluations, we have become the first Notified Body accredited (09/02/2023) for new articles 3.3 d/e/f of RED on cybersecurity.
As mentioned above, harmonised standards are still in development by CEN-CENELEC designated committees but, according the information already released, they will be based on already existing standards. Inside the category of Consumer IoT standards these include ETSI EN 303 645, and for Industrial IoT, IEC 62443-4-2. Both standards, inside the scope of our accredited labs.
Being an accredited Notified Body gives us a great advantage, which could be beneficial for cybersecurity product manufacturers and suppliers that want to take the lead in the market. In fact, we don’t need to wait for the harmonised standards publication; we can start assessing cybersecurity against the current state-of-the-art. We have decades-long experience in cybersecurity evaluations with high assurance requirements, including electronic payments solutions mentioned in the 3.3 (f) article, on fraud protection.
Contact us now to prepare for this new regulatory framework, or get ahead of competition and demonstrate your product’s cyber resilience before it becomes mandatory.