IoT cybersecurity standard into CB certification

First international IoT cybersecurity certification scheme

IoT products are on the market by the billions, and like for all other connected products, cybersecurity is a concern. Many manufacturers do take security very seriously, but they have yet to be able to demonstrate this by any international certification scheme using international standards. This is now changing as the standard ETSI 303 645 is being implemented in the scope of CB certification.

What is the CB Certification scheme?

Regarding electrical product certification, the CB certification scheme of IECEE is the world’s largest, with more than one hundred thousand certificates annually. This scheme is used by manufacturers world-wide to demonstrate compliance for their buyers and national authorities.
The vast majority of these certificates cover electrical safety standards, whilst cybersecurity standards are limited to industrial cybersecurity only, and the number of such certificates is less than 100 per year.

What is ETSI 303 645?

This standard, named “Cybersecurity for consumer Internet of Things” was published in 2020 and is already adopted and used in many organizations and countries world-wide. Some countries are referring to the standard explicitly, while others have introduced requirements covered by the standard. And although the standard is European, it is widely used outside of Europe.

The consequences of the standard coming into the CB scope

Imagine making a product having no international standard for electrical safety. How would you document that your product is safe to use? How would you convince your customers in various countries that you meet their expectations – or the requirements of national authorities?

That has been the case for IoT cybersecurity. No international standard. No international certification schemes.

With this change in the scope of CB certification, IoT manufacturers have access to a scheme with 54 member countries – and are recognized in many more, with a total of almost one hundred certification bodies and more than five hundred test laboratories. Many of these are, just like Nemko, now applying to extend their scope to include this new standard. However, it is possible today to apply for testing according to ETSI 303 645, giving first a Nemko certificate convertible to a CB certificate pending the scope extension.

Contact Nemko for more information, a quote, or book a free guidance meeting.