New cybersecurity requirements for market approval in the EU
The Radio Equipment Directive (RED) 2014/53/EU sets the legal framework for all products using radio technologies. Key defined requirements are health and safety, electromagnetic compatibility and efficient use of radio frequencies. Manufacturers and suppliers of these products must demonstrate compliance with RED in the EU market by providing type examination based on technical documentation (TD) or declaration of conformity (DoC) and CE marking.
Recently, Delegated Regulation EU 2022/30 was published in the Official Journal of the EU. This regulation supplements parts of Article 3.3 of the RED and thus acquires relevance for manufacturers of products with wireless technologies who wish to place their products on the market in the EU.
The Delegated Regulation EU 2022/30 defines requirements in the area of cybersecurity for products covered by the RED. This concerns in particular sections d) to f) of Article 3.3:
d) Radio equipment does not harm the network or its functioning nor misuse network resources, thereby causing an unacceptable degradation of service
e) Radio equipment incorporates safeguards to ensure that the personal data and privacy of the user and of the subscriber are protected
f) Radio equipment supports certain features ensuring protection from fraud
What does this mean for manufacturers or distributors?
With a transition period of 30 months (beginning January 2022), manufacturers are required to test their products to the new cybersecurity requirements and declare compliance based on these specifications. However, this only affects devices that are newly approved and not devices that are already on the market.
The problem with the current situation, however, is that the cybersecurity requirements based on the new regulation have not yet been harmonized and therefore no accredited tests are possible yet.
If you have any questions, please do not hesitate to contact us: https://cetecomadvanced.com/en/contact/