Evolving Standards for Evolving Threats: A Lifecycle-Based Approach to IoT Cybersecurity Part 2
Vertical standards for security requirements
What does the work you will carry out for the CYBERSTAND SSP consist of?
The project consists of providing procedural, coordination, and technical support to ETSI TC CYBER EUSR for the development of European vertical cybersecurity standards responding to the Cyber Resilience Act standardisation request. In my capacity as Secretary of ETSI TC CYBER EUSR, I support the delivery of the vertical work items, covering smart home general-purpose virtual assistants, smart home products, internet-connected toys, and personal wearable products. The activity focuses on strengthening governance, coordination, and documentation processes to ensure that these standards are delivered on time, with high quality and full procedural compliance. The work includes managing and documenting weekly EUSR plenary and leadership meetings through the preparation of official minutes, decisions, and follow-up actions; supporting the drafting, consolidation, and harmonisation of the assessment methodology across all vertical standards; managing public-enquiry and internal review processes through the structured collection, classification, and resolution of stakeholder comments; facilitating cross-communication and consistency among the different vertical work items; and supporting international coordination, building on dialogue initiated through CYBERSTAND-supported activities.
What is the expected result and impact of this activity?
The activity will strengthen the governance and operational capacity of ETSI TC CYBER EUSR, improve documentation quality, decision traceability, and transparency throughout the drafting and adoption process, and ensure consistency and harmonisation of assessment methodologies across different product categories. It will also facilitate effective incorporation of stakeholder feedback, including input from industry, SMEs, regulators, and civil society, and enhance international alignment between European CRA implementation and global cybersecurity assurance initiatives. From a broader European perspective, the impact includes increased legal certainty for manufacturers, reduced fragmentation of cybersecurity assessment practices, lower compliance costs, and strengthened trust in European harmonised standards. The work also reinforces Europe’s leadership in international cybersecurity standardisation and contributes to the global visibility and adoption of CRA-aligned standards.
Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
The activity focuses on the development of European harmonised cybersecurity standards supporting the implementation of the Cyber Resilience Act across multiple connected product categories. The contribution concentrates on ensuring that the CRA requirements are translated into coherent and consistent vertical standards, covering secure-by-design and secure-by-default principles, vulnerability handling and coordinated disclosure processes, post-market cybersecurity obligations, transparency towards users, and alignment with conformity assessment and market surveillance expectations. Emphasis is placed on procedural coherence, consistency of structure and terminology across standards, and alignment with ETSI processes, so that the resulting deliverables provide clear, practical, and legally robust guidance for manufacturers, authorities, and other stakeholders involved in CRA compliance.
