Eurosmart, the voice of the digital security industry welcomes the European Commission (DG GROW) proposal to strengthen the security approach of internet-connected radio equipment and wearable radio equipment.
Reaching a trustworthy and secure IoT market is paramount for the achievement of the European Digital Single Market. By 2025, the projected IoT connections are expected to exceed the 25 billion of units’ threshold . In the meantime, consumer IoT devices will account for over half of these connections. However, Europe will only represent the 3rd IoT market with 4.9 billion units, far behind the Asia-Pacific (10.9 billion units) and the U.S.-Canada ones (5.8 billion units). In this context the challenge for Europe is to place on the market consumer IoT devices which has not been specifically designed for its own market, but which respect the European philosophy and exigences in terms of security, privacy and safety. Throughout the evolution of the Digital Single Market,
Eurosmart has been advocating for the strengthening of the digital security as an essential precondition for consumer confidence and the European digital industry growth in a global market where Europe doesn’t hold the balance of power.
Hence, in this context, Eurosmart and its members pay a particular attention to the security of the IoT devices placed on the European market, which must respect our fundamental values of data privacy and resistance to potential attacks (Cybersecurity).
For these reasons, Eurosmart strongly recommends a cybersecurity approach for the potential Delegated act of the Radio Equipment directive. The NLF-Safety approach is designed to assess static targets whereas cybersecurity is a matter of anticipation and moving security target. The European Cybersecurity Certification Framework as defined by the Cybersecurity act, has been designing to evaluate cybersecurity resistance level of products, it is the only viable process to fulfil this task. Due to the interconnected and sensitive nature of a consumer IoT device and as stated by the Inception Impact Assessment, Eurosmart urges the European Commission to propose a certification scheme at the level “substantial” for “Internet-connected radio equipment and wearable radio equipment”, and thus, based on trustworthy European Standards to be defined. This adopted certification scheme shall be referenced in the foreseen Delegated Act of the Radio Equipment Directive to support the intended purposes pursuant both Articles 3(3)(e) and (f).
The views and opinions expressed here are entirely those of the author(s) and do not reflect the official opinion of the European Commission. The Commission cannot guarantee the accuracy of the information contained in them. Neither the Commission, nor any person acting on the Commission’s behalf, may be held responsible for the content or the information posted here. Views and opinions that violate the Commission’s feedback rules will be removed from the site.