IoT cybersecurity audits target the security of all devices on the Internet of Things (IoT). These devices include sensors and actuators as well as back-end connections and optionally communicate with gateways and smartphone apps – security measures to protect against threats should be set up accordingly.
Digital networking in particular makes applications and components of mobile or static IoT devices vulnerable to attacks. To access a networked device, three main targets are attacked: the device itself, the network and the infrastructure (app, cloud). However, the security of the networked environment, for example in industry, can prevent such external access or IoT attacks. Elements of holistic IoT cybersecurity include:
With our cetecom advanced IoT cybersecurity services, we verify the current security status of your networked devices – an important milestone in the market launch of your products. Benefit from our many years of experience in the regulatory certification of products with wireless technologies.
The Radio Equipment Directive (RED) 2014/53/EU sets the legal framework for all products that use radio technologies. The main defined requirements are health and safety, electromagnetic compatibility and efficient use of radio frequencies. Manufacturers and suppliers of these products must demonstrate compliance with RED in the EU market by providing a type examination based on technical documentation (TD) or a declaration of conformity (DoC) and CE marking.
In January 2022, Delegated Regulation EU 2022/30 was published in the Official Journal of the EU. This regulation supplements parts of Article 3.3 of the RED and thus becomes relevant for manufacturers of products with wireless technologies who want to place their products on the EU market.
Delegated Regulation EU 2022/30 defines requirements in the area of cybersecurity for products covered by the RED. This relates in particular to letters d) to f) of Article 3.3:
“d) They do not have a harmful effect on the network or its operation, nor do they cause misuse of network resources, which would cause an unacceptable degradation of service.
e) They have security devices to ensure that personal data and the privacy of the user and subscriber are protected.
f) They support certain fraud protection features.”
|Essential Requirements||Applicable Radio Equipment||NOT Applicable Radio Equipment|
|RED Article 3.3 point (d)
(does not harm the network)
|any internet-connected radio equipment
(directly or via any other equipment)
|RED Article 3.3 point (e)
(personal data and privacy are protected)
|capable of processing personal data, traffic data or location data
|RED Article 3.3 point (f)
(protection from fraud)
|any internet-connected radio equipment to transfer money, monetary value or virtual currency (Directive (EU) 2019/713)
From August 1, 2024, manufacturers must test their products for the new cybersecurity requirements and declare compliance with Delegated Regulation EU 2022/30. This affects both devices that are newly approved and devices that enter the EU market after August 1, 2024.
The current problem, however, is that the cybersecurity requirements based on the new regulation are not yet harmonized and therefore accredited testing is not yet possible. Nevertheless, our Notified Bodies under the Radio Equipment Directive (RED) can support you in making reliable statements on the conformity of your products.
Do you have any questions about cybersecurity tests according to the Radio Equipment Directive (RED)?
Contact us, we look forward to your inquiry: email@example.com / Phone: +49 2054 9519 0
Based on the cetecom advanced test report, you will receive an IoT cybersecurity certification from CTIA according to the latest CTIA requirements.
Based on the cetecom advanced test report, you will receive the CyberSecurity Certified (CSC) label
from TÜV NORD and certification according to the latest CSC cybersecurity requirements.