Last updated: August 2023
After long time of uncertainty, it has finally been decided to include cyber security into the European Radio Equipment Directive (RED), which apply to most wireless products. The RED’s Article 3 has in fact always included cyber security, but relevant requirements have not been implemented while awaiting methods to verify compliance.
As hearing of the Commission’s draft text for implementing the Article 3 requirements ended in December, from 1 January 2022 the countdown started for the cyber security requirements to be included after 30 months, i.e., in medio 2024. This was in July 2023 extended by 12 months so the new date for implementation is 1 August 2025.
In simple terms, the essential safety requirements in Article 3 of RED are:
- Not to harm or misuse networks, causing unacceptable reduction of service.
- Protection of personal data and privacy.
- Protection from fraud.
As for other European safety directives (such as the Low Voltage Directive, LVD), the essential safety requirements are not specific, so European standards with detailed requirements for testing/assessment and acceptance limits for compliance are needed before the requirements can be effectively implemented.
The European Standardisation Organisations, ETSI, CEN and CENELEC have been asked to make the necessary technical standards. These may take at least one year to complete, so it is recommended that designers and manufacturers take appropriate action already now to be prepared for meeting the new cyber security requirements.
Nemko offers for assisting to ensure cyber security can be seen here.
And for those making IoT products - to find out the degree of having control with the security, do a 2-minute quiz by clicking the image below. Do you have cause to be smiling or to be a little worried?
For further information, on how to prepare for the RED update please contact Geir.Horthe@nemko.com
(Article is based on the text provided by Geir Horthe, edited by T.Sollie)