Applus+ Laboratories is an ISO/IEC 17025 accredited laboratory and provides testing services for IoT consumer devices following ETSI EN 303 645, a global benchmark in the IoT industry.
The introduction of wireless connectivity in consumer electronics has opened a wide landscape of new features and new applications, from smart watches that monitor health data to biometric identification for door access, to contactless payment using wearables. The transmission of highly sensitive personal data, both over the air and through the internet, has raised the stakes on potential cyber risks on electronic apparel.
This ETSI standard provides a baseline security to help manufacturers prove that their products meet a certain level of cybersecurity resilience to boost consumer trust and avoid reputational damage.
Our lab is accredited to evaluate ETSI EN 303 645 compliance and can guide you through the conformity assessment process defined in the ETSI TS 103 701.
This process involves:
Most of the regulations and codes in development by governments around the world have directly adopted ETSI EN 303 645 or at least use it as a baseline to develop their standards (Finland, Singapore, UK, India, USA, EU, Australia, to mention a few ).
Each regulation might have its technical specificities and calendar, but manufacturers that comply with ETSI EN 303 645 will be halfway through to comply with future mandatory requirements worldwide.
To access the EU market, wireless device manufacturers shall meet essential Radio Equipment Directive (RED) requirements before CE marking their product. The European Commission introduced 2022 the RED Delegated Act, activating Articles 3.3 (d), 3.3 (e), and 3.3 (f) that cover cybersecurity aspects like network protection, personal data, and privacy or fraud protection.
The Commission delegated the task of issuing new harmonized standards to CEN-CENELEC, but the first drafts of those standards are yet to be published. These new standards will contain, at least, most of the requirements already included in the ETSI EN 303 645. Compliance with RED cybersecurity requirements was initially set to become mandatory on August 2024 but it has recently been extended to August 2025.
As a Notified Body for RED, Applus+ Laboratories can certify new wireless equipment against all the essential requirements including cybersecurity ones. By doing so, manufacturers can prepare their products for the future CEN/CENELEC harmonized standards and demonstrate early compliance with cybersecurity requirements before they become mandatory. Until the harmonized standards are in place, evaluating the product against ETSI EN 303 645 is an optimal way to show the product complies with the requirements set up by the EU, paving the way toward its certification.
We support IoT developers with testing and certification solutions to ensure an adequate level of security of their solutions, adapted to their business goals and market requirements.