- Services
- Industries
- Automotive
- Battery
- Building inspection
- Fire alarms system testing
- Household appliances
- Installation materials
- Industrial machinery
- IT & audio video
- Laboratory, test & measurement
- Lighting equipment
- Maritime, oil & gas
- Medical & healthcare equipment
- Military & aerospace product testing
- Wireless & telecom
- Resources
- About
- Blog
- Events
February 2, 2024
Intro of cybersecurity requirements for connected products in Europe
Written by: Nemko
Serious cyberattacks on connected products are increasing. A recent horrible example is Russian military intelligence's hacking into Ukrainian privately owned online surveillance cameras to prepare for and adjust military strikes on Kyiv, thus turning everyday devices into espionage tools.
In the EU/EEA member countries, the Cyber Resilience Act (CRA) shall apply to all products that are connected either directly or indirectly to another device or to a network. This regulation is expected to enter into force early this year and then be mandatory after 36 months, i.e. early 2027.
As the UK, after Brexit in 2020, is no longer an EU member state, they are shaping their own legislation, also for
cybersecurity. On 29 April this year, the UK will implement mandatory cyber security requirements for several connected products, like IoT products.
These requirements are specified in the PSTI Act (Product Security and Telecommunications Infrastructure Act), which makes cyber security a legislative requirement for all digitally connected products and telecommunications infrastructure in the UK.
The PSTI Act is divided into two sections; the first is focused on smart product security, whilst the second part details the legislative framework around telecommunications infrastructure security regulations.
In Nemko’s cyber security webinar on 23 January, the contents of this new Act were presented and discussed,
including the scope, what is included and what is specifically excluded, the manufacturers’ responsibilities and how these may be addressed.
After Brexit, the UK has also implemented an alternative to the CE marking – the UKCA mark, which is relevant for manufacturers of connected products too.
During the webinar, it was also given an update on the UKCA mark, both in general and some special updates for
Radio Equipment, RoHS and Eco-design.
Recording of the webinar is available from this link.
For further information and/or assistance with assessment of products for compliance with the cyber security requirements in Europe as well as other countries worldwide, please contact Geir.horthe@nemko.com
(The article is based on the info provided by Gier Hørthe and edited by T.Sollie)