FAQs Cybersecurity - how secure is your product?

Why is cybersecurity important?

Cybersecurity is one of the key security topics of the future. The desire for more automation, centralization and digitalization has led to more and more devices having interfaces to the Internet. In addition to many advantages, however, this also causes an important disadvantage: they are suddenly vulnerable to attack from the outside.

Numerous cases of industrial espionage and sabotage, as well as blackmail with losses running into millions, have prompted the European Union to push the issue of cybersecurity with vigor. As a result, specific requirements for products will first come into force in the Radio Equipment Directive on August 1, 2025. Others will quickly follow.
As a manufacturer and developer, you must therefore quickly and bindingly address the cybersecurity of your products.

We have answered some basic questions for you on this page:

What is the meaning of cybersecurity and why is ist now regulated via directives?

Cybersecurity describes the protection of devices, networks and systems against malicious attacks e.g. via internet. Damages are e.g. data theft, disclosure of information, damage of hardware, software or data, blackmail, and many more.
The new EU directive in the delegated act Article 3.3 D, E and F on cybersecurity is intended to provide basic protection for wireless products that communicate directly or indirectly with the Internet.

For which products is Cybersecurity relevant?

All (radio) products with direct or indirect Internet access.
Direct access Examples: PC, router/gateway, etc.
Indirect access examples: Bluetooth headset, In the car with devices that communicate via the main unit etc.

Is cybersecurity not only an IT and software issue?

Due to the implementation in the Radio Equipment Directive, cybersecurity will affect all final products (hardware) that have integrated wireless communication.

Why is my product affected by cybersecurity?

Nowadays, many technical devices already have communication interfaces for remote maintenance, software updates, analysis and remote control. They therefore communicate with a network, which in turn is usually connected directly or indirectly to the Internet.
However, communication is not a one-way street and can therefore also be used by hackers to cause damage. According to the motto "a chain is only as strong as its weakest link" - a minimum level of protection is to be achieved through EU-wide standards. In individual cases, this standard will certainly be further tightened by the legislator or manufacturer.
If your product falls under the Radio Equipment Directive, there will be a new requirement to place it on the market from mid-2025 that you will have to meet.
Existing products will be affected as well as new products.

What are the deadlines to be observed?

The new Regulation (EU) 2022/30 comes into force on 01.08.2025. From then on, all devices that fall under the Radio Equipment Directive must meet the new cybersecurity requirements.

Your device has already been approved according to RED and will continue to be sold after August 1, 2025? Then this product must also meet the new requirements!

When do I need to take action?

As early as possible before the deadline of 01.08.2025 expires!
From our experience, a run on cybersecurity services can be expected in early 2025.
So act in good time so that you do not suffer any disadvantages.

How do I need to take action?

As a manufacturer, you need to perform an analysis/assessment of your product according to the new requirement for RED. Article 3.3. D,E and F.
The requirements are already known. We will be happy to help you clarify how they specifically apply to your products.

How can Phoenix Testlab help me?

Qualification - Testing - Approval. We will be happy to support you with our radio expertise in safely implementing the new requirements for your product.
Specifically: Preparation for the harmonized standards Article 3.3. D,E and F by taking into account the current state of the art.
Based on this, also testing by our laboratory and approval by our Notified Body.

How does the process "fit for cybersecurity" work?

You as a customer have to consider the following three steps:

  1. Qualification and test case planning of your products
  2. Testing of the test cases according to test plan ETSI EN 303 645/ IEC 62443-4-2 and TS 103 701 in the laboratory of Phoenix Testlab
  3. Approval by our Notified Body RED

My product is sold worldwide - what requirements do I have to meet?

Europe is currently a pioneer in the field of cybersecurity. It can be assumed that the rest of the world will develop similar requirements that closely follow these standards. As soon as there is something binding on this, we will be happy to inform you.

Just contact us:

Dipl.Ing. (FH) Harald Rost
Dipl.-Ing. Dietmar Frei
Head of Business Development

Keep track and follow us on LinkedIn.