Choose another country to see content specific to your location

//Select a site

ETSI EN 303 645 Testing

The exponential increased number of connected IoT assets is creating new a paradigm where more powerful threats are emerging in numbers. Cybersecurity issues related cost has become one of the obstacles restricting the widespread deployment of IoT services and the main concern for manufacturers and vendors. National governments in various regions across the world are formulating and promulgating new IoT security regulations such as ETSI EN 303 645.  

What is ETSI EN 303 645?

The European Telecommunications Standards Institute, or ETSI standard released a new standard ETSI EN 303 645 in 2019, which brings together widely considered good practice in security for Internet-connected consumer devices in a set of high-level outcome-focused provisions. This standard is to support all parties involved in the development and manufacturing of consumer IoT with guidance on securing their products. Its focus is on the technical controls and organizational policies that matter most in addressing the most significant and widespread security shortcomings. Overall, a baseline level of security is considered; this is intended to protect against elementary attacks on fundamental design weaknesses such as the use of easily guessable passwords. 

OUr services at a glance

Our experts are intimately familiar with the cyber fraud and data privacy regulations in specific markets and a deep understanding of the cyber threat field, working with customers around the world to fully unlock the potential of the digital future. Cyber security and data protection are one of our core capabilities. From product design, manufacturing to operations, we provide you with intimate support at every step to reduce the cybersecurity and data privacy disclosure risk. 

Below is a quick overview of the services that TÜV SÜD provides: 

  • ETSI EN 303 645 testing and evaluation service
  • NIST 8259 Test report and AoC
  • IoT basic security check
  • Vulnerability Assessment and Penetration Testing
  • Code Review (APP or/and IoT software)
  • Data protection assessment to support your GDPR compliance


This is a non-exhaustive list of examples of consumer IoT devices that we can do testing for: 

  • Network and network device and related system
  • Smart home assistants
  • Connected children's toys and baby monitors
  • Connected smoke detectors, door locks and window sensors
  • IoT gateways, base stations and hubs to which multiple devices connect
  • Smart cameras, TVs and speakers
  • Wearable health trackers
  • Connected home automation and alarm systems
  • Connected household appliances, such as washing machines and fridges
  • Smart home assistants 

WHY is ETSI EN 303 645 important?

ETSI EN 303 645 is one of the first cohesive global standard for IoT cybersecurity. The standard presents an achievable, single target for manufacturers and IoT stakeholders to attain. The ETSI EN 303 645 also helps with consumer confidence in the security of everyday products that connect to the internet. As consumers are unlikely to understand the technicalities of their connected wearables or connected products, having products comply to ETSI EN 303 635 is an indicator that the product has meet some cybersecurity standards to ensure a degree of safety from cyber threats.

Why choose TÜV SÜD for ETSI EN 303 645?

TÜV SÜD has multiple information security testing centers around the world to provide customers with optimized information security testing solutions and information security certifications. Our cyber security expert team is constantly learning the latest network security vulnerabilities and defense technologies. Senior experts play an active role in the standardization committee and international industry activities, understand the latest industry development trends, provide enterprises with more information security related tests services to reduce the risk of business information technology systems.

Your benefits at a glance

  • Gain competitive edge - by certifying your products as it is critical in competing with other well-established security products have already been evaluated.
  • Minimise risks - by certifying your products with a well-established cybersecurity standard such as ETSI EN 303 645
  • Proof of quality - by signaling to customers the cyber security of your products.


Consumer Products and Retail Essentials

Consumer Products & Retail E-ssentials

Consumer trust is key when you manufacture or retail products that are part of everyone’s daily life

Learn more

Consumer IoT Security

Consumer IoT Security

How can we ready ourselves in the face of cyber attacks?

Learn more

Introduction to IoT vulnerabilities teaser

Next Steps

Site Selector





Middle East and Africa