Regulatory updates in the UK

Extension of recognition of the CE mark and new cyber security regulation keep the UK top of mind.

01 November 2023

There seems to be new information on the topic of UKCA coming out constantly. Most recently, in the beginning of August 2023, the UK Department Business and Trade announced their decision to extend recognition of the CE mark for placing most goods on the market in Great Britain indefinitely. So, the old deadline for acceptance of the CE mark in Great Britain of 31 December 2024 is no longer valid.

The decision to extend the recognition of the CE marking and declaration has been made in an effort to make life easier and save costs for both UK and EU manufacturers and applies to the following 18 regulations under the UK Department for Business and Trade: 

  • toys
  • pyrotechnics
  • recreational craft and personal watercraft
  • simple pressure vessels
  • electromagnetic compatibility
  • non-automatic weighing instruments
  • measuring instruments
  • measuring container bottles
  • lifts
  • equipment for potentially explosive atmospheres (UKEX)
  • radio equipment
  • pressure equipment
  • personal protective equipment (PPE)
  • gas appliances
  • machinery
  • equipment for use outdoor
  • aerosol dispensers
  • low voltage electrical equipment

Please bear in mind, though, that your electrical product may fall under other UK sector-specific legislation which may still require the UKCA mark and a declaration of conformity to enter the UK market. These sector-specific legislations include:

  • medical devices
  • rail products
  • construction products
  • civil explosives
  • marine equipment
  • cableways
  • ecodesign
  • transportable pressure equipment
  • hazardous substances (RoHS).

In addition, for all electrical products to be placed on the UK market, it is still required that either the importer is located in the UK, or has an authorised representative located there. So, if you are placing a CE-marked product on the UK market, I strongly recommend that you include the name and address of either of these economic operators in your product documentation.

Cyber Security in the UK market

The second regulatory update for the UK concerns cyber security, a hot topic in the EU as well, with the 2022 Cyber Resilience Act and the upcoming cyber security requirements in the EU Radio Equipment Directive. 

On April 29, 2024, the UK consumer connectable product security regime will come into effect. This legislation is based on the UK Code of Practice for Consumer IoT security and the ETSI EN standard 303 645 and, in summary, will include the following requirements:

Password protection. Software pre-installed or installed by the user must be protected with a unique password or a password specified by the user. The legislation also includes detailed requirements for the password. It should, for example, not be easy to guess.

Information on how to report security issues. Manufacturers must appoint at least one point of contact to allow for feedback on security issues related to software.

Information on minimum security update periods. The manufacturer must publish a defined period for free-of-charge software support.

The three requirements above can be fulfilled by complying with clause 5.1-1 (2) of ETSI EN 203 645 with regards to passwords and by complying with clause 5.2-1 of the same standard with regards to the reporting of security issues. If a manufacturer complies with the requirements in clause 5.3-13 of ETSI EN 303 645 they will also fulfill the requirement for minimum security updates.

Further reading

UKCA

https://www.gov.uk/guidance/using-the-ukca-marking

UKCA marking: roles and responsibilities - GOV.UK (www.gov.uk)

Cyber security 

The draft statutory can be found at: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1153566/The_Product_Security_and_Telecommunications_Infrastructure__Security_Requirements_for_Relevant_Connectable_Products__Regulations_2023.pdf

More general information on the subject can be found at:
The UK Product Security and Telecommunications Infrastructure (Product Security) regime - GOV.UK (www.gov.uk)

Fredrik Wennersten, 
Chief Certification Officer at Intertek’s NCB (National Certification Body) in Sweden

 

In this role, I am responsible for Intertek’s S-mark – a third party conformity assessment certification scheme founded back in 1926 – issued ENEC 14 licenses under the European Testing Inspection Certification System ETICS as ENEC Certification Body and issued IECEE CB Scheme certificates issued under the National Certification Body Intertek SEMKO AB. I am also responsible for Intertek’s European Notified Body 0143 for the EU Radio Directive (RED) and EMC Directive and for Intertek’s GSO (Gulf Standardization Body) G-mark Notified Body 0017.

I am a member of several working groups and boards in the global and regional conformity assessment arena, including the Conformity Assessment Board of the global standardization organization IEC, monitoring the IECs four different conformity assessment systems IECEE, IECEx, IECRE and ICEQ. 

For Europe, I am a member of the board of ETICS, the organization running the European certification schemes ENEC and HAR, and for the Gulf Region, I am a member of the GSO (the standardization body for the Gulf region) G-mark Notified Body forum.

For Sweden, I have a close working relationship with Svensk Elstandard, the organization responsible for the publication of all Swedish standards in the electrotechnical area. I am a member of their Electrotechnical Board as well as the Chairman of their Conformity Assessment Board.

This blog will feature my own personal reflections on different topics related to electrical products and their regulatory requirements, directives and standards, as well as on conformity assessment systems and their internal organizational structure and functions.