Tag Archives: IoT


IoT device security to become part of CE marking by 2024

November 3, 2021
, , , ,
No Comments

The security and safety of wireless IoT devices took another step towards becoming part of EU CE compliance last Friday. The EU Commission announced its adoption of the delegated act to the Radio Equipment Directive https://ec.europa.eu/growth/news/commission-strengthens-cybersecurity-wireless-devices-and-products-2021-10-29_en.

As a result, this act will create legal requirements for the security of wireless IoT devices. This change to the Radio Equipment Directive has significant implications for the CE marking of wireless IoT devices.

In simple terms this will make certain cyber security measures mandatory as part of wireless IoT device CE compliance and marking. This is the route that Craig Ormerod from TUV SUD and I suggested that the EU might be expected to follow, in our presentation at the IoTSF’s 23rd Plenary back in 2019. The key requirement is that there are safeguards in the IoT device to protect the users’ personal data and privacy, along with fraud prevention measures.

Demonstrating compliance and Standards

Demonstrating compliance is normally done against standards, in some cases market specific ones. The Commission is asking the European Standardisation Organisations to develop relevant standards. However, there are some existing standards that are likely to be appliable:

In the Consumer market some or all of the 13 controls in the ETSI standard EN 303 645 ” CYBER; Cyber Security for Consumer Internet of Things: Baseline Requirements ” [1] are likely to mandated. Associated with this ETSI Consumer cybersecurity standard is it’s partner test standard EN 103 701 “CYBER;  Cyber Security for Consumer Internet of Things:  Conformance Assessment of Baseline Requirements” [2].

For the Industrial sector a likely standards family which could be used to to demonstrate compliance would be EN IEC 62443 “Security for industrial automation and control systems” [3].

Where there are no standards for a specific sector then it will be necessary to seek the opinion of a Notified Body, as to whether the security mitigations are sufficent to ensure the product is compliant. Hopefully this lack of standards situation will not last to long. Ahead of standards, there are also other sources of support for demonstrating security compliance. A a good example being the IoTSF’s Assurance Framework [4], of which Xitex’s Richard Marshall was a lead author.

Compliance methods will be the same as the existing compliance approach with the Radio Equipment Directive, either through self assessment or independent third party assessment.


Unless the EU Council and Parliament raise no objections, the delegated act will come into force after a two month scrutiny period. Once the act comes into force, manufacturers will have a 30 months to make their products compliant, i.e. by mid 2024. In conclusion, with typical product development lifecycles being between 12 to 24 months, their security requirements need to be considered now for new and existing products.

Richard Marshall is Director and Managing partner at Xitex

Other useful related links:

[1] ETSI Standard ETSI 303 645 ” CYBER; Cyber Security for Consumer Internet of Things: Baseline Requirements” https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf

[2] ETSI Standard ETSI TS 103 701 ” CYBER; Cyber Security for Consumer Internet of Things:  Conformance Assessment of Baseline Requirements” https://www.etsi.org/deliver/etsi_ts/103700_103799/103701/01.01.01_60/ts_103701v010101p.pdf

[3] EN IEC 62443 Standard “Security for industrial automation and control systems” https://webstore.iec.ch/searchform&q=62443

[4] IoTSF “Assurance Framework” 3.0 https://www.iotsecurityfoundation.org/best-practice-guidelines/

Xitex IoT Security and regulation blog post: http://www.xitex.uk/2018/11/26/being-regulation-ready/

Further information

If you have specific queries around IoT device security please contact us at: sales@xitex.co.uk

Image courtesy of Shutterstock.com

IoT Hardware from Prototype to Production

DigiCatapult, Xitex, Arrow, SonyUKTEC & Microsoft have detailed the entire process of IoT hardware new production introduction

March 15, 2020
, , , , , ,
No Comments

The internet of things represents one of the biggest current business opportunities, as it underpins the digitisation of our economy, a transition towards what is hailed as the fourth industrial revolution. Digital Catapult, Xitex, Microsoft & Arrow recently published a guide ” “IoT Hardware from Prototype to Production Guide” for #startups and #scaleups.

Xitex is delighted to have been the lead author in the project in conjunction with the @DigiCatapult.

About the IoT Hardware from Prototype to Production Guide

Taking wireless IoT based products into production involves a variety of challenges. This paper is intended to provide guidance to navigate the entire process of IoT hardware production from the building of a basic prototype up to production at volume and end of product life. For each of these hardware manufacturing stages, the report highlights important considerations such as where to focus energy and provides a clearer understanding of the expectations that design and manufacturing partners may have, so an engagement with these can become more successful.

Target Audience

Digital Catapult’s IoT hardware from prototype to production guide is designed for UK entrepreneurs, startups and scaleups who are keen to launch hardware based IoT products and services.

Link to guide, which opens in a new tab can be found here: https://www.digicatapult.org.uk/wp-content/uploads/2021/11/20190903_DC_109_IoT_Production-to-Product_Report_Digital_1___1.pdf

Other resources and whitepapers on IoT development and security can be found at http://www.xitex.uk/resources/

Layout mode
Predefined Skins
Custom Colors
Choose your skin color
Patterns Background
Images Background