At the moment, certification of connected products (IoT) to the consumer market is voluntary, but the EU is working on assessments of whether such certifications should become mandatory. We belive a proof of quality based on a safety certification will add value as the buyer will be sure that the developer focuses on how to incorporate data protection principles, subject rights, and the requirements of the GDPR into every step of the process (Privacy by Design/Security by design) as well as Information security management systems (ISO/IEC 27001 standard).
Europe’s new data privacy and security law includes hundreds of pages’ worth of new requirements for organizations around the world. The Cybersecurity Act strengthens the EU Agency for cybersecurity (ENISA) and establishes a cybersecurity certification framework for products and services.
The cyber security regulation brings with it the EU Certification Framework. Within connected products (IoT), the certification is expected to be based on the ETSI EN 303 645 standard (Cyber Security for Consumer Internet of Things), as well as testing according to the ETSI TS 103 701-standard.
Finland is the first European country to certify safe smart devices – new Cyber Security label helps consumers buy safer products. More countries and US states are working on similar security label systems.