Last year, the European Commission strengthened cybersecurity on wireless products and systems, introducing a delegated act on Radio Directive that will be mandatory starting from the 1st of August, 2025 (updated).
Although harmonised standards have not been published yet, manufacturers that want to stay ahead of the curve and gain market competitiveness can already certify their cybersecurity product with an accredited Notified Body, such as Applus+ Laboratories. Here’s what you need to know.
The new cybersecurity requirements apply to several types of radio devices, particularly those connected to the internet directly – like phones, laptops or IoT Devices – or indirectly – like smartwatches and other wearables. However, it makes special emphasis on connected toys and child-related devices such as baby monitors.
The new delegated act has introduced an additional essential requirement on cybersecurity (3.3), complementing the existing requirements on Health and Safety, EMC and Efficient Use of Radio Spectrum.
The requirement 3.3 linked to Cybersecurity requirements takes in consideration three aspects:
Taking advantage of our long experience in cybersecurity evaluations, we have become the first Notified Body accredited (09/02/2023) for new articles 3.3 d/e/f of RED on cybersecurity.
As mentioned above, harmonised standards are still in development by CEN-CENELEC designated committees but, according the information already released, they will be based on already existing standards. Inside the category of Consumer IoT standards these include ETSI EN 303 645, and for Industrial IoT, IEC 62443-4-2. Both standards, inside the scope of our accredited labs.
Being an accredited Notified Body gives us a great advantage, which could be beneficial for cybersecurity product manufacturers and suppliers that want to take the lead in the market. In fact, we don’t need to wait for the harmonised standards publication; we can start assessing cybersecurity against the current state-of-the-art. We have decades-long experience in cybersecurity evaluations with high assurance requirements, including electronic payments solutions mentioned in the 3.3 (f) article, on fraud protection.
Contact us now to prepare for this new regulatory framework, or get ahead of competition and demonstrate your product’s cyber resilience before it becomes mandatory.
Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). You can accept all cookies by pressing the "Accept" button or configure or reject their use. Consult our Cookies Policy for more information.
They allow the operation of the website, loading media content and its security. See the cookies we store in our Cookies Policy.
They allow us to know how you interact with the website, the number of visits in the different sections and to create statistics to improve our business practices. See the cookies we store in our Cookies Policy.