Delegated supplementary Regulation RED

EU strengthens the cybersecurity of wireless device and products

02 March 2022

The world is changing and new threats and risks to our electrical products on the market arrives, in this case in form of cyber effractions and the need of products having incorporated cybersecurity if connected to the rest of the world through radio.

Towards the end of 2021, the EU Commission published a Delegated Regulation to the Radio Equipment Directive (RED), with the aim of improving the cybersecurity of wireless devices and products on the European market.

In short, the delegated act ((EU) 2022/30) consists of three amendments under the essential requirements set out in Article 3(3) point (d), (e) and (f) of the directive.

  • Article 3(3), point (d), amending the requirements to ensure network protection for any radio equipment that can communicate itself over the internet, whether it communicates directly or via any other equipment.
  • Article 3(3), point (e), amending the requirements to ensure safeguards for the protection of personal data and privacy for any radio equipment capable of processing personal data, traffic data and location data.
  • Article 3(3), point (f), amending the requirements to ensure protection from fraud for any internet-connected radio equipment if the equipment enables the holder or user to transfer money, monetary value, or virtual currency.

The Commission Delegated Regulation (EU) 2022/30 of 29 October 2021 was published in the EU official Journal on 12 January 2022, will enter into force on 1 February 2022, and will be mandatory from 1 August 2024. The Regulation is binding in its entirety, and directly applicable in all European Member States.

At present, there are no European Harmonized standards published covering this new supplementary Regulation, but a draft standardization request was published on 10 January 2022.

This requests tasks ETSI (European Telecommunications Standards Institute) with creating standard(s) in support of the supplementary requirements under RED Article 3(3) within a time period of 12 months.

At Intertek, we strongly advise our customers to start preparing for the additional cybersecurity now in preparation as a lead up to placing equipment onto the EU and UK markets. As both a Notified Body under the radio equipment directive (NB 0413) and a UK Approved Body under the Radio Equipment Regulation (0359) we will continue to monitor the subject, especially the development of the above standard request.

In the meantime, Intertek is able to assist our customers with product cybersecurity systems development as we head towards its regulatory implementation.

 

Reference documents:

 

Fredrik Wennersten, 
Chief Certification Officer at Intertek’s NCB (National Certification Body) in Sweden

 

In this role, I am responsible for Intertek’s S-mark – a third party conformity assessment certification scheme founded back in 1926 – issued ENEC 14 licenses under the European Testing Inspection Certification System ETICS as ENEC Certification Body and issued IECEE CB Scheme certificates issued under the National Certification Body Intertek SEMKO AB. I am also responsible for Intertek’s European Notified Body 0143 for the EU Radio Directive (RED) and EMC Directive and for Intertek’s GSO (Gulf Standardization Body) G-mark Notified Body 0017.

I am a member of several working groups and boards in the global and regional conformity assessment arena, including the Conformity Assessment Board of the global standardization organization IEC, monitoring the IECs four different conformity assessment systems IECEE, IECEx, IECRE and ICEQ. 

For Europe, I am a member of the board of ETICS, the organization running the European certification schemes ENEC and HAR, and for the Gulf Region, I am a member of the GSO (the standardization body for the Gulf region) G-mark Notified Body forum.

For Sweden, I have a close working relationship with Svensk Elstandard, the organization responsible for the publication of all Swedish standards in the electrotechnical area. I am a member of their Electrotechnical Board as well as the Chairman of their Conformity Assessment Board.

This blog will feature my own personal reflections on different topics related to electrical products and their regulatory requirements, directives and standards, as well as on conformity assessment systems and their internal organizational structure and functions.

Fredrik Wennersten

 

Blogg