About us

Compliance Guides from SafeShark

June 2024

Upcoming changes to the RED in the EU

In this exclusive new guide from SafeShark we ensure you are ready for the shifting requirements in EU law around consumer devices. We explore changes to the Radio Equipment Directive and cut through the complexity and uncertainty surrounding the standards you will need to meet. With all the information and advice on what to do plus timelines for next steps, download it today.
Updated April 2024

Your Guide to UK vs EU Cyber Security Legislation

Get our exclusive walkthrough of connected device legislation, which affects all connected products on the UK and EU markets. Updated with enhanced guidance for manufacturers, distributors and retailers following the conformance regime deadline for the Product Security and Telecoms Infrastructure Act.

The security and safety of connected products is not only a customer-critical issue, it is now a legislative compliance issue for all manufacturers, importers and distributors.

UK Cyber Security Standards

In the UK, the Product Security and Telecoms Infrastructure (PSTI) Bill became law in December 2022, with further secondary legislation outlining exact smart home cyber security requirements and enforcement to follow shortly.

It sets out cyber security requirements, to ensure consumer security, as a condition for market entry for all internet or network-connected devices, underpinned by the European ETSI EN 303 645 standard.

The new requirements will impact all stakeholders throughout the supply chain – not just the manufacturers. While fundamentally ensuring all internet-connected equipment is tested for cyber security performance before it can access the market, responsibility (and therefore liability) also lies with importers, and distributors to ensure that the requisite tests have been done by the manufacturer.

European Cyber Security Standards

In the EU, recently activated articles within the Radio Equipment Directive (RED), will mandate cyber security requirements for all internet-connected devices and a new standard is being developed by CEN-CENELEC for manufacturers to test their products against to demonstrate conformity.

This will be followed by the Cyber Resilience Act, first published in September 2022. As in the UK, new requirements will apply not just to manufacturers, but also importers and distributors.

This exclusive guide to cyber security standards and assurance outlines the precise tests that products and manufacturers need to pass, what they need to do, when they need to do it by and the implications for not acting swiftly enough or for non-compliance.

While (most) manufacturers clearly take security seriously, the nature of products in this market – which contain multiple software components from different sources – means it is much harder for manufacturers to have an overall comprehension of the cyber security performance of their products.

The common failure factor in each test case is that the manufacturer was not aware of the identified issues, much less their contravention of new standards and IoT requirements, despite their commitment to security and internal processes. It is therefore equally hard to determine PSTI device compliance without independent, verified device testing.

SafeShark’s independent testing service, backed by DTG’s London testing house and the British Standards Institute (BSI), gives manufacturers a true understanding of their product performance against UK and international standards. This cyber security certification, assurance and external verification provides clear proof of IoT device compliance. It provides a straightforward route to market and the confidence needed by those in the onward chain to the consumer.

5th Floor
89 Albert Embankment
Vauxhall, London
©2022 SafeShark Limited | All rights reserved | Terms and Conditions | Privacy Policy
Site by Fortico