ETSI EN 303 645 Cybersecurity Standard for Consumer IoT Devices

With the widespread deployment of consumer IoT, the increase of cybersecurity attacks worldwide, and the growing number of emerging regulations affecting connected products (such as the Delegated Acts of the Radio Equipment Directive (RED) Article 3(3), it has never been more important for connected consumer IoT products to meet the industry baselines for cybersecurity, including ETSI EN 303 645.

Intertek’s Cyber Assured Program is also closely aligned with the baseline cybersecurity requirements of ETSI EN 303 645.

What is ETSI EN 303 645?

ETSI EN 303 645 is a globally applicable standard for consumer IoT cyber security; it covers all consumer IoT devices while establishing a good security baseline. The standard is based on 13 high-level recommendations, used to establish 68 provisions, 33 mandatory requirements and 35 recommendations.

Why is ETSI EN 303 645 Important?

ETSI EN 303 645 was developed to provide the foundation of the “basic”-level IoT assurance under the EU Cybersecurity Act (CSA). It is also likely to form part of the basis for a future harmonized standard to meet the RED Article 3(3) regulatory requirements. The UK consumer IoT security legislation mandatory requirements also align with several provisions of the standard.

Your ETSI EN 303 645 Partner

Our expertise and experience in product security assessments can be put to use, helping you understand the impacts this standard will have on your connected consumer IoT products. We seek to engage with you early in the process, identifying a potential non-compliance early, fixes are discussed and planned, testing methodology is defined in advance to allow your teams to ensure our progress is in step with production time frames.

Speak to our experts to learn more about ETSI EN 303 645, have your products assessed, and certified under Intertek’s Cybersecurity Private Certification Program.