The EC has today (October 29th) adopted the delegated act for RED (Radio Equipment Directive) which relates to cyber security.
This means that by the end of this year, the European standards bodies like ETSI will begin work on creating consumer IoT cyber security standards that can be used to demonstrate conformity to these acts.
The delegated act will come into force following a two-month scrutiny period, should the Council and Parliament not raise any objections.
There will then be a 30-month transition period, including standards development and review, before it is mandatory to conform as part of market access in the EU, likely mid-2024.
New standards will be derived from the existing IoT Cyber Security Standard EN 303 645 and its test specification TS 103 701, which are comprehensively covered on all devices by SafeShark’s BSI-backed certification scheme.