Delegated supplementary Regulation RED
02 mars 2022
EU strengthens the cybersecurity of wireless device and products
The world is changing and new threats and risks to our electrical products on the market arrives, in this case in form of cyber effractions and the need of products having incorporated cybersecurity if connected to the rest of the world through radio.
Towards the end of 2021, the EU Commission published a Delegated Regulation to the Radio Equipment Directive (RED), with the aim of improving the cybersecurity of wireless devices and products on the European market.
In short, the delegated act ((EU) 2022/30) consists of three amendments under the essential requirements set out in Article 3(3) point (d), (e) and (f) of the directive.
- Article 3(3), point (d), amending the requirements to ensure network protection for any radio equipment that can communicate itself over the internet, whether it communicates directly or via any other equipment.
- Article 3(3), point (e), amending the requirements to ensure safeguards for the protection of personal data and privacy for any radio equipment capable of processing personal data, traffic data and location data.
- Article 3(3), point (f), amending the requirements to ensure protection from fraud for any internet-connected radio equipment if the equipment enables the holder or user to transfer money, monetary value, or virtual currency.
The Commission Delegated Regulation (EU) 2022/30 of 29 October 2021 was published in the EU official Journal on 12 January 2022, will enter into force on 1 February 2022, and will be mandatory from 1 August 2024. The Regulation is binding in its entirety, and directly applicable in all European Member States.
At present, there are no European Harmonized standards published covering this new supplementary Regulation, but a draft standardization request was published on 10 January 2022.
This requests tasks ETSI (European Telecommunications Standards Institute) with creating standard(s) in support of the supplementary requirements under RED Article 3(3) within a time period of 12 months.
At Intertek, we strongly advise our customers to start preparing for the additional cybersecurity now in preparation as a lead up to placing equipment onto the EU and UK markets. As both a Notified Body under the radio equipment directive (NB 0413) and a UK Approved Body under the Radio Equipment Regulation (0359) we will continue to monitor the subject, especially the development of the above standard request.
In the meantime, Intertek is able to assist our customers with product cybersecurity systems development as we head towards its regulatory implementation.
Reference documents: