DTS/CYBER-00147 - ETSI TS 104 120 - Requirements for internet-connected radio equipment
Horizontal Standards for security requirements
What does the work you will carry out for the CYBERSTAND SSP consist of?
The main scope of this work item is to create a technical standard—ETSI TS 104 120—that will provide guidance in using ETSI EN 303 645 and describe the related correlation with the requirements and evaluation activities included in the Radio Equipment Directive (RED) (Article 3.3 d,e,f) harmonised standards (with restrictions) EN 18031-1:2024, EN 18031-2:2024, and EN 18033-1:2024
What is the expected result and impact of this activity?
Manufacturers of internet-connected radio equipment that wish to comply with the Radio Equipment Directive (RED) (Article 3.3 d,e,f) leveraging ETSI EN 303 645 and the respective notified bodies that will need to be involved for the conformity assessment do not share any specific shared guidance that can align or provide support in the interpretation for their respective conformity assessment obligations. The lack of clear guidance on how to use ETSI EN 303 645 to meet the cybersecurity requirements of the RED (Article 3.3 d,e,f) and how it aligns with EN 18031-X:2024 creates significant obstacles, leading to time-to-market delays, increased compliance costs, and inconsistent interpretations between market surveillance, manufacturers and notified bodies. ETSI TS 104 120 aims to streamline the compliance journey for Internet-connected radio equipment in the consumer domain by providing a well-defined approach to cross-map with the consumer standard the facto ETSI EN 303 645 and the set of Radio Equipment Directive (RED) Article 3.3 d,e,f harmonised standards EN 18031-1:2024, EN 18031-2:2024, EN 18031-3:2024.
Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
ETSI TS 104 120 aims to become a solid building block for calibrating the compliance procedures for Internet of Things (IoT) consumer products of the future related Cyber Resilience Act (CRA) horizontal standards and for all those products that fall under the CRA's default category.
What does the work you will carry out for the CYBERSTAND SSP consist of?
The main scope of this work item is to create a technical standard—ETSI TS 104 120—that will provide guidance in using ETSI EN 303 645 and describe the related correlation with the requirements and evaluation activities included in the Radio Equipment Directive (RED) (Article 3.3 d,e,f) harmonised standards (with restrictions) EN 18031-1:2024, EN 18031-2:2024, and EN 18033-1:2024
What is the expected result and impact of this activity?
Manufacturers of internet-connected radio equipment that wish to comply with the Radio Equipment Directive (RED) (Article 3.3 d,e,f) leveraging ETSI EN 303 645 and the respective notified bodies that will need to be involved for the conformity assessment do not share any specific shared guidance that can align or provide support in the interpretation for their respective conformity assessment obligations. The lack of clear guidance on how to use ETSI EN 303 645 to meet the cybersecurity requirements of the RED (Article 3.3 d,e,f) and how it aligns with EN 18031-X:2024 creates significant obstacles, leading to time-to-market delays, increased compliance costs, and inconsistent interpretations between market surveillance, manufacturers and notified bodies. ETSI TS 104 120 aims to streamline the compliance journey for Internet-connected radio equipment in the consumer domain by providing a well-defined approach to cross-map with the consumer standard the facto ETSI EN 303 645 and the set of Radio Equipment Directive (RED) Article 3.3 d,e,f harmonised standards EN 18031-1:2024, EN 18031-2:2024, EN 18031-3:2024.
Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
ETSI TS 104 120 aims to become a solid building block for calibrating the compliance procedures for Internet of Things (IoT) consumer products of the future related Cyber Resilience Act (CRA) horizontal standards and for all those products that fall under the CRA's default category.
