Cybersecurity Certification Requirements for Connected Products – Global Developments
There is an emerging global consensus that basic cybersecurity requirements should be included in the type approval and certification standards for digital equipment. This white paper briefly outlines the recent developments in this area as well as existing and proposed standards.
This whitepaper covers:
Key points discussed in this whitepaper include:
- European Union delegated regulation (EU) 2022/30 to require cybersecurity protection for radio equipment under the Radio Equipment Directive;
- EU Cyber Resilience Act proposal to apply cybersecurity requirements to all equipment “with digital elements”;
- Brazil Act No. 77 of 2021. This law establishes basic cybersecurity requirements for connected devices subject to type approval;
- Indian Telecom Security Assurance Requirements (ITSAR) provide guidelines for the security of information products;
- China guidelines for the development of cybersecurity standards for IoT devices;
- ETSI (EN) 303 645 V2.1.1 (2020-06): Cyber Security for Consumer Internet of Things;
- ISO/IEC 27402 Cybersecurity — IoT security and privacy — Device baseline requirements
*This whitepaper was originally published on 4th April, 2023. Further regulatory developments may have occurred after publication. To keep up-to-date with the latest compliance news, sign up to our newsletter.
Aaron Green, Senior Regulatory Compliance Consultant, Compliance & Risks
Dr. Aaron Green, J.D., P.hD., is a senior regulatory compliance consultant who has been with Compliance & Risks since 2008.
His areas of expertise include wireless/connectivity, electromagnetic compatibility, and automotive regulations.
He received his juris doctor from the University of Wisconsin and his Ph.D. from T.U. Dublin. Prior to joining C&R, he practiced law in Minnesota (USA).