EU: Cybersecurity – Product Compliance for Radio Equipment

Status quo of standardization

When we talk about cybersecurity in the area of product compliance, we mean protecting our product from human access. We want to restrict unauthorized access to our IT system.

But what is so worth protecting? In a nutshell:

  • Privacy
  • Personal data (data protection)
  • Product security
  • Communication networks
  • Information worth protecting (information protection)
  • Monetary values
  • ...and much more!

On the one hand, the will to protect can come from safety reasons. For example, we want to prevent the induced overload of our product and the misuse. On the other hand, it could cause damage to subjects, e.g. people or pets.  

We want to prevent our communication network from being overloaded by misuse. But not only that. We also want to protect our monetary values in financial transactions. 

In addition, we want to protect our privacy, or personal data. Besides this specific regulated data worth protecting (data protection), there is other information (information protection) which needs to be protected.  

There are many other reasons to protect our systems. This mixture of what is worth protecting now ensures that we receive a large number of legal acts with various protection goals.  

Specifics for wireless systems and the Internet of Things

With the protection of privacy, personal data, the communication network and monetary values, we already have everything together that will be required in the future for radio systems that are directly or indirectly connected to the Internet. This will be bindingly applicable by August 2024 through the Delegated Regulation (EU) 2022/30 of the EU Commission.


In the EU, we already have some standards at hand that support us in the implementation of abstract protection goals in legal acts. The following standards are currently the most widely used:

  • EN IEC 62443 family of standards on IT security for industrial automation systems.
  • ETSI EN 303 645 and related ETSI publications on cybersecurity for consumer Internet of Things:
    essential requirements.
    • Example ETSI publications are:
      ETSI TS 103 701 (Conformity Assessment),
      ETSI TS 103 848 (specific requirements for "home gateways"), and
      ETSI TR 103 621 (guideline incl. implementation examples).
  • ISO/IEC 27000 family of standards for information security.
    • From this series, the IoT-specific standards stand out
      ISO/IEC 27400 Cybersecurity – IoT security and privacy – Guidelines
      ISO/IEC 27402 Cybersecurity – IoT security and privacy – Device baseline requirements (draft)
      ISO/IEC 27403 Cybersecurity – IoT security and privacy – Guidelines for IoT-domotics (draft)


Standards for radio equipment (RED 2014/53/EU)

The European Standardization Organization CEN/CENELEC has been mandated by the EU Commission - until September 30, 2023 - to develop cybersecurity requirements for Internet-connected radio equipment (M/585, C(2022) 5637 final of 05.08.2022).

We are looking forward to the developments in the working group: CEN/CLC/JTC 13/WG 8 – Special Working Group RED Standardization Request.

Should you have any need for discussion on this topic, please do not hesitate to contact us or attend our webinar on the topic (see below, in German)!


Published on 30.11.2022
Category: Fokus Consumer Goods & Retail, Fokus Electrical and Wireless, Compliance, Standards

Breaking News in Standards and Product Compliance

The world of standards and market authorization requirements may turn slowly, but it does turn.  Regular updates, revisions and reforms prove it.  We'll keep you posted!

And in other news, here's the latest on Standards and Product Compliance
Donate instead of sending - also in 2021

Christmas tradition continues

Read more

GLOBALNORM supports vaccination campaign


Read more

New Release: Practical Guide Radio Equipment Directive 2014/53/EU

New specialized book by Dipl.-Ing. (FH) Michael Loerzer

Read more

Changes to the HAS assessment for publication in the European Official Journal

Read more

New ETSI EN 301 489-3 (2023-01) EMC for Short Range Devices published

Listing to the Radio Equipment Directive with restrictions

Read more

EU/UK Post-Brexit: Comparison of designated standards and harmonized standards for radio equipment

Great agreement

Read more

USA: FCC update on radio/EMC – local representative is required

Valid without transition period

Read more

Changes to the HAS assessment for publication in the European Official Journal

Read more

New ETSI EN 301 489-3 (2023-01) EMC for Short Range Devices published

Listing to the Radio Equipment Directive with restrictions

Read more


In accordance with the EU ePrivacy (Cookie) Directive (2009/136/EG), we would like to inform you that our website uses cookies. By using our website, you accept and agree to our Privacy policy. Please view our Privacy policy to find out what cookies we use and how to disable them.