| | EN
Location:Home - > Europe > European Union - Responding to Cybersecurity Threats,Act (EU) 2022/30 came into being


European Union

Voltage: 230V
Frequency: 50Hz
Official Language: English

1.Close cooperation and connection with the certification body
2.Thoughtful aftersales assistance
3.Rich practical experience guidance for kinds of product

Responding to Cybersecurity Threats,Act (EU) 2022/30 came into being

As mobile phones, smartwatches, fitness trackers and wireless toys are more and more present in our everyday life, cyber threats pose a growing risk for every consumer. Thus, the Commission has taken action to improve the cybersecurity of wireless devices available on the European market. It is precisely for this reason that Delegated Act (EU) 2022/30 was born, which aims to make sure that all wireless devices are safe before being sold on the EU market.


I believe that someone will have doubts about the implementation of the certification of the new Delegated Act (EU) 2022/30. So let me list some common problems in the form of Q/A for your reference. Please refer to below.


Q1: When does the Act (EU) 2022/30 enter into effect?

A1: This Act shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union. That is, it will take effect on February 2, 2022.


Q2:When will the Act (EU) 2022/30 be enforced?

A2: This act, which will give manufacturers a 30-month buffer period, will come into effect on August 1, 2024, as part of the RED certification, which will be enforced.


Q3:What section of the RED Directive does this Act relate to?

A3: The Act is related to Section 3.3 of the RED Directive: Article 3.3 (d), (e) and (f).


Q4:What is the goal or purpose of the Act?

A4: The Commission's initiative aims to achieve the following objectives:

  ● Make networks more resilient: The equipment will have to incorporate features to avoid their misuse to harm communication networks (Article 3.3 d).

  ● Improve the protection of personal data and consumers'      privacy: The equipment will incorporate features to guarantee the protection of personal data and privacy (Article 3.3 e).

  ● Reduce the risk of monetary fraud: The equipment will have to include features to minimize the risk of fraud when the equipment is used to make electronic payments (Article 3.3 f).


Q5:What devices are concerned?

A5: The legislation is applicable to the following equipment:

  ● Devices capable of communicating via the Internet: Examples of such equipment include electronic      devices such as smartphones, tablets, electronic cameras;      telecommunication equipment as well as equipment that constitutes the  ‘internet of things'. Due to insufficient security, such devices present a risk that third parties can improperly access and share personal data, including for fraud purposes, or that such equipment is misused to harm the network.

  ● Toys and childcare equipment: Toys and baby monitors can be vulnerable to cybersecurity threats that monitor or collect information about children. Therefore, the protection of children's rights constitutes an essential element of this legislation.

  ● Wearables: Devices like smartwatches and fitness trackers are more and more present in our lives and they collect biometric data.

 

Q6:Are there any exemptions?

A6: Motor vehicles, electronic road toll systems, equipment to control unmanned aircraft remotely as well as non-airborne specific radio equipment that may be installed on aircrafts are exempt from the requirements regarding the protection of personal data and protection against fraud. Furthermore, none of the requirements apply to medical and in-vitro medical devices.

Cybersecurity of these categories of products is guaranteed by existing pieces of dedicated EU legislation.


Q7:What testing standard to use?

A7: No harmonized Standard yet. It is recommended to use ETSI EN 303 645 as the RED reference standard.


Q8:What is the certification method, must a certification body NB to participate in the equipment certification audit?

A8: Through the following RED conformity assessment process, CE certification can be very clear. Since there is no harmonized standard, the certification method is Annex III: Module B+C (with NB) or Annex IV: Module H (with NB). Therefore, a Notified Body is required to participate in the issuance of certificates before the implementation of the harmonized standards.

image.png


Q9:How to apply for NB certification for products involving network security?

A9: 1.The new original project can be submitted to NB for review together with other reports such as Radio. That is, compared with the previous new project, one more network security test data is needed.

    2.For certified product, Article 3.3(d) (e) (f) needs to be added.

    a. Products that have not been sold in the EU market yet.

    b. Products that have been sold in the EU market but still need to be imported again after August 1, 2024.

 

Q10:What will happen with old devices?

A10: The delegated act will apply to all devices placed on the market once it becomes applicable. Old devices, which have already been placed on the EU market, can continue to be used without the need for specific adaptations until the end of their life cycle.

 

If you want to know more about CE certification, please feel free to contact the BTL team at any time, and BTL will share the most professional and comprehensive information with you.

LINK: GCFPTCRB

Copyright © 2008-2019 BTL Inc. All Rights Reserved ICP NO.18145055粤ICP备18145055号