Enabling you to identify and mitigate the intrinsic risk in your operations, supply chains and business processes.
Evaluating how your products and services meet and exceed quality, safety, sustainability and performance standards.
Validating the specifications, value and safety of your raw materials, products and assets.
The RED Directive has revised its scope to include cybersecurity related concerns to radio interfaces which become mandatory in August, 2024. Our cybersecurity experts incorporate radio equipment to ensure data safeguards, fraud protection, and misuse of network function.
With the emergence of Wi-Fi, Bluetooth and NFC, more products are interconnected and behaving like radio equipment. Consequently, the radio spectrum and its efficient use has become a bigger part of day-to-day life. This has changed the design of many products from vacuum cleaners and cooking appliances to the phones we carry every day.
Concern for cybersecurity of these devices has now caused the Radio Equipment Directive (RED) to revise their scope, including Article 3.3, which addresses security of radio interfaces. The change takes effect February 1, 2022. It becomes mandatory August 1, 2024 for all new and existing products which must comply in order to achieve CE marking.
There are 3 distinctive sections of Article 3.3 specific to cybersecurity:
The impact will be on all manufacturers who devices are declaring to the Radio Equipment Directive.
The RED cybersecurity requirements apply to:
The RED cybersecurity requirements are not in scope for smart meters, 5G network equipment, medical devices, as well as vehicles and their systems and components.
To date there are no harmonized standards. However EU Commission has indicated that standards maybe released 10 months prior to effective date (August 1, 2024). It is likely that the harmonized standard will be based on existing standards such as ETSI EN 303 645 and IEC 62443.
Manufacturers may consider testing products to existing standards such as EN 303 645 (Consumer Products) or IEC 62443 (Industrial). As the likely basis for future harmonized standards, aligning and testing products sold in the EU market to these standards will help ensure preparedness for the future harmonized standards and the August 2024 deadline.
Also the manufacturers who are declaring to the Medical Device Regulation will need to follow the requirements of MDR Annex 1 Essential Requirements for cybersecurity.
As a Notified Body in the EU to the Radio Equipment Directive (RED) and Competent Body in the U.S., we can test to all of the RED parameters, including the 3 new cybersecurity additions, to determine if your product is in compliance with the Directive and suitable for CE Marking.
Need help or have a question?