Enterprise Security
05.Jul.2023
DEKRA launches the first Pilot Program for the Delegated Act of RED Directive
As the world becomes increasingly connected, Cyber Security is becoming more and more important. In order to ensure a safe and secure online environment, the European Commission has established a number of new regulations for Cyber Security as the NIS2 Directive, the Cyber Resilience Act, the Digital Operational Resilience Act, and the RED Delegated Act. Since security is firmly anchored in our DNA, DEKRA is actively participating in the development of these regulations.
DEKRA is an EU Notified Body for the Radio Equipment Directive and is recognized for radio and telecommunications testing, and as a testing and certification body under the IECEE’s CB scheme.
In 2020, the European Commission adopted a Delegated Act to activate Articles 3(3)(d), (e) and (f) of the RED. These articles, as it is explained in our article, concern cybersecurity and the protection of personal data, and their activation is an important step in ensuring the security of radio equipment and the data it processes.
Additionally, the Delegated Act sets out requirements for the certification and testing of radio equipment to ensure that it meets these cybersecurity standards. Notified Bodies must be accredited and notified by the relevant national authorities. DEKRA’s Notified Body is in the process of being one of the first to be accredited and notified for the RED Delegated Act covering RED cybersecurity essential requirements.
With the proliferation of connected devices and the growing use of wireless technologies, ensuring the security of radio equipment is essential to protect personal data and prevent cyberattacks.
This is the main reason why the Delegated Act has been welcomed by industry stakeholders, who have recognized the importance of ensuring the security of radio equipment in the face of emerging cybersecurity threats. DEKRA is actively participating in the creation of this regulation and is completely concerned that once the standards and requirements for cybersecurity are settled, the Delegated Act will provide greater confidence to consumers and businesses that the radio equipment they use is safe and secure.
As the standards mentioned above are currently being developed, and the RED Delegated Act is set to become mandatory from August 1st, 2024, manufacturers are increasingly aware of how they can comply with this regulation. DEKRA launches a Pilot Program for the RED Delegated Act to support manufacturers in complying with future security requirements.
In 2020, the European Commission adopted a Delegated Act to activate Articles 3(3)(d), (e) and (f) of the RED. These articles, as it is explained in our article, concern cybersecurity and the protection of personal data, and their activation is an important step in ensuring the security of radio equipment and the data it processes.
Additionally, the Delegated Act sets out requirements for the certification and testing of radio equipment to ensure that it meets these cybersecurity standards. Notified Bodies must be accredited and notified by the relevant national authorities. DEKRA’s Notified Body is in the process of being one of the first to be accredited and notified for the RED Delegated Act covering RED cybersecurity essential requirements.
With the proliferation of connected devices and the growing use of wireless technologies, ensuring the security of radio equipment is essential to protect personal data and prevent cyberattacks.
This is the main reason why the Delegated Act has been welcomed by industry stakeholders, who have recognized the importance of ensuring the security of radio equipment in the face of emerging cybersecurity threats. DEKRA is actively participating in the creation of this regulation and is completely concerned that once the standards and requirements for cybersecurity are settled, the Delegated Act will provide greater confidence to consumers and businesses that the radio equipment they use is safe and secure.
As the standards mentioned above are currently being developed, and the RED Delegated Act is set to become mandatory from August 1st, 2024, manufacturers are increasingly aware of how they can comply with this regulation. DEKRA launches a Pilot Program for the RED Delegated Act to support manufacturers in complying with future security requirements.
The main benefits that this Pilot Program presents are the following:
- Gap analysis will be performed between the product security provisions and the drafted requirements (based on the latest CEN/CENELEC JTC 13/WG 8 Working Draft).
- Testing strategy will be defined by focusing on the articles that apply to the manufacturer’s products.
- The evaluated product will comply with future RED Delegated Act requirements and the harmonized standards.
- The evaluated product will be evaluated by DEKRA following the requirements of the RED Delegated Act, and once DEKRA’s Notified Body is accredited and notified by national authority, the client may request for RED EU-Type Examination Certificate under RED Directive.
- All the necessary re-assessments are included until August 1st, 2024.
- This evaluation is the baseline for compliance with other standards and certification programs (like ETSI EN 303 645, IEC 62443-4-2 or NIST IR 8425).
Source
