Applus+ Laboratories, first EU Notified Body accredited to certify cybersecurity on wireless products under the Radio Directive

24/02/2023

    Last year, the European Commission strengthened cybersecurity on wireless products and systems, introducing a delegated act on Radio Directive that will be mandatory starting from the 1st of August, 2025 (updated).  

    Although harmonised standards have not been published yet, manufacturers that want to stay ahead of the curve and gain market competitiveness can already certify their cybersecurity product with an accredited Notified Body, such as Applus+ Laboratories. Here’s what you need to know.  
     

    New regulation on Wireless Devices: to whom does it apply? 

    The new cybersecurity requirements apply to several types of radio devices, particularly those connected to the internet directly – like phones, laptops or IoT Devices – or indirectly – like smartwatches and other wearables. However, it makes special emphasis on connected toys and child-related devices such as baby monitors.

    The new delegated act has introduced an additional essential requirement on cybersecurity (3.3), complementing the existing requirements on Health and Safety, EMC and Efficient Use of Radio Spectrum. 

    The requirement 3.3 linked to Cybersecurity requirements takes in consideration three aspects:

    • (d) network protection
    • (e) personal data and privacy protection
    • (f) fraud protection 

    Taking advantage of our long experience in cybersecurity evaluations, we have become the first Notified Body accredited (09/02/2023) for new articles 3.3 d/e/f of RED on cybersecurity

    Accredited Lab for ETSI EN 303 645 and IEC 62443-4-2 standards. 

    As mentioned above, harmonised standards are still in development by CEN-CENELEC designated committees but, according the information already released, they will be based on already existing standards. Inside the category of Consumer IoT standards these include ETSI EN 303 645, and for Industrial IoT, IEC 62443-4-2. Both standards, inside the scope of our accredited labs.  

    Being an accredited Notified Body gives us a great advantage, which could be beneficial for cybersecurity product manufacturers and suppliers that want to take the lead in the market. In fact, we don’t need to wait for the harmonised standards publication; we can start assessing cybersecurity against the current state-of-the-art. We have decades-long experience in cybersecurity evaluations with high assurance requirements, including electronic payments solutions mentioned in the 3.3 (f) article, on fraud protection.  

    Contact us now to prepare for this new regulatory framework, or get ahead of competition and demonstrate your product’s cyber resilience before it becomes mandatory. 

    Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). You can accept all cookies by pressing the "Accept" button or configure or reject their use. Consult our Cookies Policy for more information.

    Cookie settings panel