Manufacturers and importers of IoT devices should prepare for new regulations coming into force in 2024, advises SGS, the world’s leading testing, inspection and certification company.
“With ‘smart’ technology growing exponentially, through televisions, speakers, appliances, locks, exercise trackers and even games, the world is becoming ever more connected,” said Alex Rubert, of SGS Brightsight, the world’s leading cybersecurity evaluation laboratory network for chip-based security products. “There were an estimated 8.6 billion IoT-connected devices in the world in 2019 which had risen to 15.14 billion in 2023. The expectation is that growth will continue to reach 29.42 billion by 2030.[i] “Alongside the rise in IoT devices, we are seeing an increase in cyberattacks. A Check Point Research (CPR) report found a 38% increase in attacks between 2021 and 2022, with the most common targets being education, government and healthcare.[ii] A cyberattack could result in one of several outcomes. For example, a smart speaker could eavesdrop, hospital staff could be locked out of a life support system or bank details could be stolen.” SGS, which operates a global network of testing and certification laboratories to the wireless industry, currently provides compliance against a variety of global regulations – from the California Consumer Privacy Act (CCPA) and EU General Data Protection Regulation (GDPR) introduced in 2018 to the recent National Institute of Standards and Technology (NIST) Cybersecurity Framework (NISTIR 8259A-NIST 8425) in the US and Australia’s Demand-response Standard AS4755.2.
“There is a move towards more regulation which mirrors the increase in IoT devices and cyber threats,” added Alex. “Yet, because implementing new legislation can be slow and the speed of development in technology and threat is rapid, there is inevitably a regulatory lag. However, in 2024 it seems that cybersecurity regulation is about to catch up.” According to SGS, the new regulations and standards for consumer products expected to come into force in the coming months, include:
“Manufacturers and importers of IoT devices will need to make sure their products conform to these new regulations and be able to demonstrate compliance in an easy to recognize manner,” added Alex. Gaining an advantage in competitive markets requires a comprehensive, technical approach to compliance, which in the US means assessment against NIST 8259 and in Europe (RED and CLS) against ETSI EN 303 645. Through its global network, SGS can assess all products against required standards, including NIST, RED and CLS, and as a Notified Body, can issue EU-type certification for products destined for European Markets to show compliance with RED 3.3 (d), (e) and (f).
Compliant products can then carry the internationally recognized SGS Cybersecurity Mark, demonstrating to customers the adoption of best practice and product conformity to defined standards:
For further information on Cybersecurity Services from SGS visit http://www.sgsbrightsight.com [i] IoT connected devices worldwide 2019-2030 | Statista [ii] https://www.ncsc.gov.uk/ |
||
About SGS
We are SGS – the world’s leading testing, inspection and certification company. We are recognized as the global benchmark for sustainability, quality and integrity. Our 98,000 employees operate a network of 2,650 offices and laboratories, working together to enable a better, safer and more interconnected world. |