Testing the cyber security of wireless devices for the EU market

TÜV SÜD Product Service has been registered in the EU’s NANDO database as a Notified Body for conformity assessments in compliance with the EU’s Radio Equipment Directive. Starting from August 2023, the international service provider’s scope has been expanded to include conformity assessment in accordance with cyber security regulations. Manufacturers can refer to the database to find organisations authorised to conduct the necessary tests and certifications. Product conformity is a mandatory requirement for placing radio equipment on the EU market.

Many of the devices that consumers use on a daily basis, from baby monitors to smart lighting systems, are connected to the Internet. In a Forsa survey1, 80 per cent of respondents admitted to being unaware of the level of protection offered by their smart devices against cyber attacks. This finding underscores the importance of ensuring that products comply with the requirements of the EU’s Radio Equipment Directive. “Manufacturers and companies aiming to place connected products falling under the Radio Equipment Directive on the EU market are urged to perform timely assessment of their new developments for conformity with the directive. Starting from August 20252, all new products placed on the EU market must comply with the directive”, warns Florian Wolff von Schutter, Head of IT Security of CIoT products at TÜV SÜD Product Service.

In January 2022, the EU made the Radio Equipment Directive more specific by adding the aspect of cyber security and data protection to Article 3 (3) lit. d, e, and f. The new provisions stipulate that every internet-enabled radio device must provide a certain level of protection to ensure network security, protect its users’ personal data and privacy and offer fraud protection. From 1 August 2025, these requirements set forth in delegated regulation (EU) 2022/30 will become mandatory for every new internet-enabled product on the EU market. Manufacturers and other companies can present their prototypes and design blueprints to TÜV SÜD.

New Approach Notified and Designated Organisations

NANDO is short for New Approach Notified and Designated Organisations. The associated database lists the EU Notified Bodies that are authorised to conduct conformity assessments in accordance with the Radio Equipment Directive and other EU Directives. Application of the “New Approach” in the EU is aimed at simplifying the registration and approval of new products and promoting free movement of goods. For this reason, EU Directives such as the Radio Equipment Directive focus on setting out essential requirements rather than detailed technical regulations.

Voluntary cyber security certification

In addition to meeting legal requirements, manufacturers and other companies have the option of acquiring voluntary certification to demonstrate the cyber security of their products, such as smart TVs or other smart household appliances. TÜV SÜD’s “TÜV CyberSecurity Certified” (CSC) certification allows manufacturers and other companies to showcase their commitment to meeting their customers’ high expectations, stand out from competitors and use the cybersecurity certification mark in their advertising. The certification is based on internationally recognised codes and standards including ETSI EN 303 645 V2.1.1. Additional services including IoT Security quick checks and penetration tests enable companies to identify and close potential vulnerabilities and security gaps in their IT products.

Further information at: Product certification for IoT devices and CyberSecurity Certified certification.

https://www.tuev-verband.de/en/news-release/consumers-want-smart-home-devices-to-be-independently-assessed

2 Originally, the directive was to become mandatory in August 2024. However, the EU Commission has extended the transition period by one year.

Über die TÜV SÜD AG

Founded in 1866 as a steam boiler inspection association, the TÜV SÜD Group has evolved into a global enterprise. More than 26,000 employees work at over 1.000 locations in about 50 countries to continually improve technology, systems and expertise. They contribute significantly to making technical innovations such as Industry 4.0, autonomous driving and renewable energy safe and reliable. http://www.tuvsud.com/

Firmenkontakt und Herausgeber der Meldung:

TÜV SÜD AG
Westendstraße 199
80686 München
Telefon: +49 (89) 5791-0
Telefax: +49 (89) 5791-1551
http://www.tuvsud.com/de

Ansprechpartner:
Dirk Moser-Delarami
Pressesprecher
Telefon: +49 (89) 5791-1592
Fax: +49 (89) 5791-2269
E-Mail: Dirk.Moser-Delarami@tuvsud.com
Für die oben stehende Pressemitteilung ist allein der jeweils angegebene Herausgeber (siehe Firmenkontakt oben) verantwortlich. Dieser ist in der Regel auch Urheber des Pressetextes, sowie der angehängten Bild-, Ton-, Video-, Medien- und Informationsmaterialien. Die United News Network GmbH übernimmt keine Haftung für die Korrektheit oder Vollständigkeit der dargestellten Meldung. Auch bei Übertragungsfehlern oder anderen Störungen haftet sie nur im Fall von Vorsatz oder grober Fahrlässigkeit. Die Nutzung von hier archivierten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Eine systematische Speicherung dieser Daten sowie die Verwendung auch von Teilen dieses Datenbankwerks sind nur mit schriftlicher Genehmigung durch die United News Network GmbH gestattet.

counterpixel