Group Actions
Engagement
  • Author Author: nwieland
  • Date Created: Date Created
  • Views 193 views
  • Likes 4 likes
  • Comments 0 comments
Related
Recommended

Internet of Things

nwieland
Internet of Things

Internet of Things

IoT Cybersecurity regulations

image

The rapid expansion of IoT technology has been matched by an increased focus on securing these devices against cyber threats. Recent years have witnessed the maturation of the IoT regulatory environment, with lawmakers focusing on two primary objectives:

  • Enhancing IoT cybersecurity to make connected devices more resilient against cyber threats.
  • Safeguarding personal information privacy within the IoT realm.

Different regulatory frameworks govern various aspects of IoT deployment, from data creation to infrastructure and business operations.

image

RED Delegated Act

On 29 October 2021, the European Commission adopted the RED Delegated Act activating Article 3.3 (d), 3.3 (e) and 3.3 (f) for both consumer and professional/industrial products (C(2021) 7672 1). On 12 January 2022, this supplement to the RED was officially published in the Official Journal of the European Union.
Article 3 of the RED Directive: 2014/53/EU will mandate the following essential requirements regarding cybersecurity:

  • (d) Radio equipment does not harm the network or its functioning nor misuses network resources, thereby causing
    an unacceptable degradation of service;
  • (e) Radio equipment incorporates safeguards to ensure that the personal data and privacy of the user and of the
    subscriber are protected;
  • (f) Radio equipment supports certain features ensuring protection from fraud.

By means of this Delegated Act, these three sub articles of the RED are now activated, and the indication is that compliance will become mandatory from the 1st August 2025.

How to go through the compliance process?

For compliance to Article 3.3 of the RED, the directive states the following: ‘Where, in assessing the compliance of radio equipment with the essential requirements set out in Article 3(2) and (3), the manufacturer has not applied or has applied only in part harmonized standards the references of which have been published in the Official Journal of the European Union, or where such harmonized standards do not exist, radio equipment shall be submitted with regard to those essential requirements to either of the following procedures: (a) EU-type examination that is followed by the conformity to type based on internal production control set out in Annex III; (b) conformity based on full quality assurance set out in Annex IV.’

This means that there are two routes which can be followed in order to be compliant with the articles:

ROUTE 1: Harmonized standards

The first route is via Module A and self-assessment procedure. This route is only possible when there are harmonized standards available and published in the official journal of the EU. At the moment, the CEN/CENELEC is developing three standards (with the goal of these standards eventually becoming harmonized).

ROUTE 2: EU-type examination by a notified body

The second route which can be followed by manufacturers is module B+C, in which an EU-type examination certificate (Module B) will be issued by a Notified Body and the manufacturer must guarantee and declare internal production control (Module C). The notified body choose one of the below mentioned standards based on the application to perform type examination.

image

If you want to read more find here the whole Product Guide.