Thursday, August 5, 2021

Cybersecurity risks bring new European regulations

 Cybersecurity risks to personal privacy, fraud, and the security of the open internet are of paramount concern for our interconnected, digitally dependent world, and the European Union is among the first economies to enact wide-reaching legislation to address the growing concerns of cybersecurity risks. 

Significant changes are coming concerning regulations and requirements for equipment covered by the EU Radio Equipment Directive (RED 2014/53/EU). To say significant may be an understatement. In today’s connected world virtually all personal electronics we use today are impacted by the changes coming one way or another, and most of them on the market would not meet these higher standards today.

Breakdown of the new requirements

  1. New delegated regulation and activation of additional Radio Equipment Directive essential requirements for certain categories or classes of specific types of radio equipment.
    1. Covering aspects of cybersecurity and internet-connected radio equipment, key points on the essential requirements are addressed.
      1. Protection from harm to the network - Art 3.3(d)
      2. protection of personal data, the privacy of users and subscribers - Art 3.3(e)
      3. protection from fraud- Art 3.3(f)
    2. Applicable to new categories or classes of equipment which are;
      1. All Internet-connected radio equipment
      2. Childcare radio equipment (internet-connected or not)
      3. Toys with radio functionality (internet-connected or not)
      4. Wearable electronics (internet-connected or not)
    3. Internet-connected means capable of communication over the internet, directly or indirectly such as using an intermediary, an example of which is a cell phone.
    4. Specific medical radio equipment and in vitro diagnostic medical devices falling under regulations (EU) 2017/745 and (EU) 2017/746 respectively, already have requirements to address these elements of cybersecurity and therefore are excluded from these new Radio Equipment Directive categories or classes.
    5. Regulations related to Vehicles, Civil Aviation, and electronic road toll systems address some elements of cybersecurity related to Art 3.3(e) and Art 3.3(f) and are therefore excluded from the Radio Equipment Directives requirements on these aspects.
  2. The exact technical requirements for compliance with these essential requirements are not defined at this time. The European Committee for Standardization (CEN), The European Committee for Electrotechnical Standardization (CENELEC), and the European Telecommunications Standards Institute (ETSI) shall prepare a work program indicating the standards and a timetable for implementation. A draft is expected 2 months after notification of the delegated regulation.
  3. The new regulations shall apply 30 months after entry into force which is estimated to be around April 2024

Instructions for US Stakeholders wishing to submit comments on these new requirements

How to Comment  

Please limit comments to the draft Delegated Act only.


No comments:

Post a Comment