Sản phẩm tiêu dùng và bán lẻ

CONSUMER PRODUCTS AND RETAIL E-SSENTIALS

Your regular update for technical and industry information

Your regular update for technical and industry information

PUBLICATION IN THE OJEU OF THE RED DELEGATED REGULATION THAT ADDS NEW LEGAL REQUIREMENTS FOR CYBERSECURITY

JANUARY 2022

Most radio equipment including Internet of Things products and ICS (industrial control systems) are subject to the RED delegated regulation 2022/30 supplementing the Directive 2014/53/EU for their cybersecurity since its publication in the Official Journal of the European Union on January 12th, 2022.

The transition period is 30 months which means the obligations established therein will be applicable as of 1st of August 2024.

Regarding cybersecurity requirements there are 3 articles:

Articles (scope: any internet-connected devices):

  • 3(3)(d) “radio equipment does not harm the network or its functioning nor misuse network resources, thereby causing an unacceptable degradation of service”
  • 3(3)(e) “radio equipment incorporates safeguards to ensure that the personal data and privacy of the user and of the subscriber are protected” 
  • 3(3)(f) “radio equipment supports certain features ensuring protection from fraud”
 
Examples of properties that would help fulfil these requirements:

  • (d) System configuration of communication parameters can only be changed by an authorized user
  • (e) Factory default credentials are forced to be changed to unique credentials at first use
  • (f) Prevent replay attacks
 

As one can see the requirements are very broad and more details will be provided on the requirements when the request for standardization is issued in the coming months. At the proper time, European harmonized standards will be published in the Official Journal. 

To provide our customers with immediate reassurance, we can offer training, workshops and assessments to the following current standards:

  • ETSI EN 303 645 “Cyber Security for Consumer Internet of Things”
  • EN-IEC 62443-4-2 “Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components”
 

TÜV SÜD is a member of the RED Compliance Association and actively involved with the ETSI cybersecurity standards development and is a leader for consumer and industrial product cyber security testing and certification.

 

Bước tiếp theo

Chọn vị trí