New draft RED standards through the first review phase

SafeShark has been taking part in the latest standards development work in CEN/CENELEC, preparing for the introduction of the RED cyber security requirements in Aug 2025.

Three new standards have been developed EN 18031-1, -2, -3 which cover:

Part 1 common security requirements for internet connected radio equipment;
Part 2 internet connected radio equipment that processes personal, traffic, or location data, as well as products for childcare, toys, and wearables; and
Part 3 internet connected radio equipment that enables the holder or user to transfer money, monetary value or virtual currency.

The first review involved national administrations e.g. BSI in the UK, reviewing the drafts and submitting comments. The comments are now being triaged and responded to before a second round of review.

Through our involvement in the work SafeShark is ensuring that its customers will have plenty of notice as to how they can prepare for the RED requirements.

Report: 90% of technology decision-makers deem security a 'business priority'

According to the PSA Certified 2022 Security Report, 90% of its technology decision-maker respondents have increased the importance placed on security in the past 12 months, making it one of their top three business priorities.

The annual report, now in its second year, surveyed 1,038 technology decision-makers across Europe, USA, and APAC. They found that a third of companies believe that the risk of IoT hacks has risen during the pandemic due to widespread distributed working. A further 31% of respondents identified cost as the major inhibitor from implementing more stringent security measures.

The desire for guidance is also higher than ever, with 96% of respondents saying they would be interested in an industry-led set of guidelines on IoT best practices – considerably higher than the 84% in 2021.

Security frameworks and step-by-step guides were ranked as the most useful tools for deploying secure products to market, underlining the critical nature of education and support in shaping a more secure IoT.

Read the full report here.

Cyber security requirements for the EU market under discussion

IoT cybersecurity standards for connected products and devices are coming.

SafeShark is active in European activities to scope requirements for new cyber security standards. The new standards will demonstrate cyber security performance of consumer IoT and industrial products so that the products can be placed on the EU market.

The roadmap for this involves European standards bodies ETSI and CEN/CENELEC agreeing the scope of a standards request from the EC, then developing the standards ready for use.

Products compliance deadline for the new standards is currently 30 months from October this year, meaning requirements would come into force around May 2024.

The new requirements will be part of the Radio Equipment Directive which outlines requirements for CE marking.

SafeShark will ensure that any new standards are part of its assurance scheme.

In the meantime assurance against current consumer IoT cyber security standard EN 303 645 will ensure that your product is prepared for these up-coming changes.

Contact us now or sign up for legislation alerts to stay in the loop.