Last week DEKRA members attended the RED Delegated Act meeting celebrated in Oslo.
As the world becomes increasingly connected, Cyber Security is becoming more and more important. In order to ensure a safe and secure online environment, the European Commission has established a number of new regulations for Cyber Security as the NIS2 Directive, the Cyber Resilience Act, the Digital Operational Resilience Act, and the RED Delegated Act. Since security is firmly anchored in our DNA, DEKRA is also allowed to actively participate in the development of these regulations.
What is RED-DA?
The Delegated Act of the Radio Equipment Directive (EU) 2022/30 was adopted by the European Commission, and it activated Articles 3(3)(d), (e), and (f). The products covered by this delegated act are specific kinds of radio equipment, such as wearable technology or portable equipment with a radio function, equipment used to transfer money or virtual currency, and child’s toy with a radio function, or other equipment used for childcare. The main objective of these articles is to improve Cyber Security, personal data protection, and privacy.
Who is developing/monitoring the RED-DA?
CEN/CENELEC (the European Committee for Standardization and the European Committee for Electrotechnical Standardization) established a working group of experts from across Europe (CEN/CENELEC JTC13/WG8) to develop harmonized standards according to RED-DA requirements.
This working group is formed by members of national standardization bodies, manufacturers, and testing laboratories as DEKRA experts. Their task is to develop a risk management methodology and at least three harmonized standards which will set the requirements and the corresponding test criteria that will be used to evaluate whether products with radio equipment capabilities that can connect directly or indirectly to the internet meet these requirements of the RED-DA.
During this latest meeting, the group finally reached an agreement on the requirements and started the draft of the test criteria.
Once the test criteria are defined, the next step of this working group will be to provide technical guidance on how to comply with the requirements set out in the RED-DA and will help to ensure that all radio equipment on the European Market meets these requirements.
Why it is important?
The work of this working group is essential in ensuring that Europe’s digital infrastructure is more secure and resilient against cyber threats. The harmonized standards developed by the working group will provide manufacturers with clear guidance on what is expected of them when it comes to meeting the requirements set out in the RED-DA. It will also allow market surveillance authorities to assess whether products meet these requirements through testing against agreed-upon criteria.
This process will create a level playing field for all manufacturers by ensuring that all products must meet certain security standards before they can be marketed in Europe. This encourages innovation while protecting consumers from cyber threats, allowing them to trust digital products that are safe and reliable to use.
With the RED-DA, the European Commission is taking strong steps towards protecting its citizens from cyber-attacks and data breaches. With CEN/CENELEC’s working group helping to develop harmonized standards that set out test criteria, manufacturers will have clear guidance on what is expected of them when it comes to meeting requirements set out in the Act. This process will foster innovation while providing consumers with confidence in the safety and reliability of their digital products – a win-win situation!
What will happen later?
Once completed and published by CEN/CENELEC, the harmonized standards need to be voted on and accepted before being sent to the EU Commission for evaluation. If it is determined that the standards comply with the scope of the standardization request and are acceptable to the EU Commission, they will be published in the Official Journal of RED harmonized standards.
What is DEKRA’s role in the creation of this regulation?
DEKRA experts in Cyber Security testing are part of this CEN/CENELEC working group. We provide our expertise and knowledge in developing Cyber Security standards and regulations and also as members of standards organizations and industry alliances.
This expertise and the work that is currently done in the development of the harmonized standards of the Delegated Act of the RED Directive will allow DEKRA to be ready and prepared for the accreditation process as the EU Notified Body for this Delegated Act. Right now, DEKRA is a Notify Body for the RED Directive as well as for telecommunications testing under the IECEE’s CB scheme with other regulations and standards applicable to radio equipment and devices.