SGS Brightsight is the largest independent security evaluation lab in the world. Our mission is to support our customers to achieve conformance with the latest security regulations and requirements, ready for the market in time.
Cyber threats are becoming a greater concern to all consumers as mobile phones, smart watches, fitness trackers, connected toys and other wireless devices become more common in our daily lives. Therefore, the European Commission (EC) has taken measures to strengthen the cybersecurity of wireless devices and products sold on the European market by adopting a delegated act to the Radio Equipment Directive (RED). This act aims to introduce new legal requirements for developers of wireless devices and products at risk of cyber attacks and privacy issues in the following categories:
- Devices capable of communicating via the Internet: Examples of such equipment include electronic devices such as smartphones, tablets, electronic cameras; telecommunication equipment as well as equipment that constitutes the ‘internet of things’.
- Toys and childcare equipment: Toys and baby monitors can be vulnerable to cybersecurity threats that monitor or collect information about children.
- Wearables: Devices like smartwatches and fitness trackers.
New RED Legislative Requirements
According to Article 3 (3) of Directive 2014/53/EU (RED), the new legislative requirements will ensure network protection, protection of personal data and privacy, and protection from monetary fraud. These elements are essential to ensure protection against cybersecurity risks.
These regulations will be enforced from August 1st, 2024 and will be mandatory for all wireless devices and products being sold on the European market.
The manufacturers, when performing the conformity assessment procedures before placing their products on the EU market, will have the choice between two possibilities:
- Perform a self-assessment, when their product has been designed in accordance with harmonised standards, currently under development.
- Rely on a third-party assessment performed by an independent inspection body, regardless of whether or not a harmonised standard was used.