News
HOME > COMPANY > News
Latest developments in international certification
Date:2021/6/11  Clicks:950
European related information

When will the EU RED certification increase cyber security assessment?
The European Commission plans to formulate cyber security-related requirements in accordance with Article 3(3)(d-f) of the EU Wireless Equipment Directive. Because the Article 3(3)(d-f) of the RED Directive has not yet taken effect, the application for RED certification has not yet requested relevant information on network security compliance.
RED Directive Article 3 Article 3(d)-(f) The relevant cybersecurity provisions are:
• 3(3) (d)-network connection (such as connecting to an IoT device)
• 3(3) (e)-personal data and user privacy
• 3(3) (f)-Prevent fraud

Discussions related to Article 3 of Article 3 have already begun. As mentioned earlier, the EU is planning to activate the requirements of these clauses to reduce the risk of attacks. At present, the "appointment law" is still a draft, and the requirements for standardization are still "documents at work." After the above-mentioned cybersecurity-related provisions take effect, standardization requests will be sent to CENELEC and ETSI to start standard writing.

The existing standards are the EU general standards EN 303 645 and IEC 62443-4-2. However, these standards are only general guidelines and do not provide specific requirements, so they are not allowed to be listed as harmonized standards. The specific requirements are still unknown. The standards group must first receive a standardization request with specific instructions before it can begin to write specific harmonized standards. These standards will provide a unified assessment plan for all devices that are applicable to the assessment of network security requirements. As for the specific devices, it has not yet been defined. It is not clear when these requirements will be issued, and the scope of these requirements, whether they are general requirements or specific threats, and what types of equipment will be covered.

The current estimate is that it usually takes two years for the formulation of coordinated standards, and it takes two years for manufacturers to rectify their products to meet the standard requirements. Therefore, from now on, the start-up time of authorized actions related to cybersecurity is estimated to be five years. year.

Korea certification update
The mandatory KC certification for electrical products entering the Korean market not only requires compliance with safety standards, but also compliance with EMC.
In the newly issued Korean KC certification from May 8, 2021, EMC/RF testing standards must use a new nomenclature and add a year after the standard version. For example, the Korean anti-interference standard KS 61000-6-1 is now renamed KS C 9610-6-1:2019. The technical content of the standard has not changed. Therefore, certificates that have been obtained using the old standards do not need to be renewed. It can continue to be used during the validity period of the certificate.

In terms of telecommunications and communication equipment, countries often have their own certification systems, their own test methods and certification procedures. As this is a major obstacle to trade activities between countries, countries will also sign mutual recognition agreements MRAs to shorten the test cycle and certification costs through mutual recognition of conformity assessment results.

So far, South Korea has established mutual recognition agreements with many countries. The agreement distinguishes different phases. The first phase of the agreement is the mutual recognition test report, and the second phase of the agreement is the mutual certification. At present, South Korea and the United States, the European Union, the United Kingdom, Vietnam, and Chile are the first phase agreement mutual recognition test reports. South Korea and Canada are the second phase of mutual certification model, but it is limited to EMC.

Customs Union EAC certification supplementary requirements
The electrical products on the list of compulsory certification in the technical regulations of the Customs Union, before entering the Customs Union, including: Russia, Belarus, Kazakhstan, Kyrgyzstan, Armenia and other countries, need to apply for compulsory certification from a designated accredited certification body EAC CoC certification. Other products within the scope of technical regulations can prove compliance with technical standards through SDoC.

According to the requirements of Decree No. 1856 of the Russian Government, for products that have obtained compulsory CoC certification, after issuing the CoC certificate, the issuing agency shall conduct an inspection and monitoring IM (Inspection Monitoring) of the certified product manufacturer once a year. In the unified FGIS certification system of the various certification agencies of the Customs Union, each CoC certificate file must contain an independent numbered IM report. This means that every CoC certification needs to upload IM to the FGIS system.

UK issues regulations on cybersecurity of IoT products
In July 2020, both the European Union and the United Kingdom issued draft regulations on Internet of Things cybersecurity. Now, the British government has issued relevant regulations, responding to calls to "ensure safety by design" and change the law to allow consumers to use safer "smart" products, such as connected TVs, cameras and household appliances.

The main points of the regulation are:
• At the time of sale, customers must be informed of the duration of the smart device receiving security updates.
• It is forbidden to use universal default passwords in the factory settings of the device: such as "password" or "admin".
• Manufacturers need to provide a public point of contact so that anyone can report vulnerabilities in a timely manner.

The newly issued cyber security regulations will apply to all connected consumer devices provided to British consumers, whether they are provided through gifts, physical sales or online sales, they also need to comply with regulatory requirements. Related products include but are not limited to: smart phones, networked cameras, TVs and speakers, networked children's toys and baby monitors, smart home assistants, base stations and hubs for the Internet of Things,-networked home appliances (such as washing machines, refrigerators, etc.). Some products are not within the scope of this regulation, such as:-ordinary computers,-self-driving cars and-industrial products.

Products within the scope must comply with the specified safety requirements and guidelines listed in the regulations, or specified standards. The recently released ETSI EN 303 645 is one of the available standards on the "Specified Standard List". It is expected that over time, the "designated standard list" will continue to increase to help companies simplify their work.

Law enforcement agencies will have the power to investigate and take measures to ensure that products comply with regulatory requirements. The concept of conformity assessment is largely similar to the existing European directives (such as the Low Voltage Directive), which requires a responsible domestic manufacturer or a responsible importer/authorized representative to issue a Declaration of Conformity (DoC). The European Union is also expected to promulgate corresponding regulations soon. 

Add.:Room703、705/7F, Development Building, Tian An Hi-Teck Ecological Park, No.555 North Road Panyu Avenue, Panyu District, Guangzhou City, 511400, China 
Tel.:020 - 39211670   Fax:020 - 39211640 E-mail:info@certitek.cn