Why does the Radio Equipment Directive now include cybersecurity requirements?
Until now, the Radio Equipment Directive (RED) has included requirements for electromagnetic compatibility (EMC), safety, health and the efficient use of the radio spectrum. But recently, the European Commission decided to also add cybersecurity requirements to the Directive for certain categories of radio equipment by adopting a Delegated Act that covers consumer wireless devices and products, such as mobile phones, tablets, toys, childcare equipment, wearable devices, among others. What is the purpose behind this decision? To ensure a higher level of cybersecurity of such devices before entering the European market.
What are these cybersecurity requirements and how are they expected to prevent security vulnerabilities and threats? Read further to find out:
- Make networks more resilient to cyberattacks: We all know that cyber-attacks are becoming more frequent every day and getting complex and diverse. Therefore, it is a must that devices become highly resistant to possible cyberattacks as well as failures, disruptions and any other operational issues that may compromise their secure and safe operating levels.
- Improve the protection of personal data and consumer privacy: We are used to providing our personal information, like our name, e-mail, location, phone number and even our bank account details, to use many devices and apps daily. However, this data is precious and can be used for illegal purposes by cyber attackers. For this reason, all personal data must be properly protected.
- Reduce the risk of monetary fraud: Electronic payments have become the most used and preferred way of payment for many people, and the majority of devices, apps and online platforms support it. However, this is one of the areas where security is critical and necessary, since they often require us to provide our bank details to internet-connected radio equipment. If they are not correctly secured to ensure protection from fraud, hackers could use the data to access our money. This kind of situation does not only concern us as individuals, but also the society as a whole.
As you can see, these measures bring important benefits for all of us. The Delegated Act will enter into force in August 2024. However, it's highly recommended that manufacturers, importers, exporters and distributors of wireless products start preparing for these new security requirements, as this will help them to save time and to be prepared for when it becomes mandatory, as well as to contribute people to enjoy a more secure wireless ecosystem.
Are you wondering what the best timing is to start with the preparation for the Delegated Act and how to do it? At DEKRA we are an independent laboratory that offers you one-stop-shop services to evaluate if your products are prepared to meet RED requirements. We invite you to consult our cybersecurity services for RED and to contact us with any questions.