Cybersecurity Solutions for RED: ETSI EN 303 645 and EN 18031 Standards

The One Lab: A Leading Cybersecurity-Only Lab for EU Standards

The One Lab is a specialized cybersecurity laboratory focused on European standards. As experts in this field, we are particularly dedicated to the new cybersecurity requirements under the Radio Equipment Directive (RED), set to be enforced in August 2025. Below, we provide an overview of two key standards related to these cybersecurity requirements: ETSI EN 303 645 and the EN 18031 series.

ETSI EN 303 645: Cybersecurity for IoT Products

In 2019, ETSI TC CYBER introduced the first cybersecurity standard for consumer IoT products, which later evolved into ETSI EN 303 645. This standard aims to set baseline security requirements for consumer IoT products, outlining 13 security guidelines and 68 provisions to protect against large-scale attacks on smart devices. It also forms the foundation for future IoT certification programs.

ETSI EN 303 645 primarily provides security guidelines, while ETSI TS 103 701 details specific methods for testing and evaluation. Over time, EN 303 645 has proven to be an effective standard through extensive testing and has guided the security assessment of other electronic products. Many countries have referenced this standard when developing their own cybersecurity regulations, such as the UK’s PSTI and Singapore’s Cybersecurity Labelling Scheme.

EN 18031 Series: Comprehensive Cybersecurity Standards

The EN 18031 series is specifically designed to meet the new requirements of the RED and aims to become a harmonized standard for these regulations. The forthcoming Cyber Resilient Act (CRA) is also expected to adopt the EN 18031 series as its baseline requirement.

Approved by the European Union as an official EN standard, the EN 18031 series goes beyond IoT products covered by ETSI EN 303 645, including all network-connected radio equipment such as laptops, smartphones, and routers. It offers a more comprehensive set of testing and assessment methods, making it a crucial standard for all connected devices.

The One Lab’s Expertise in Cybersecurity Standards

The One Lab has obtained TAF certification for EN 303 645 and is on track to achieve certification for the EN 18031 series by Q1 2025. With our extensive expertise and solutions, we are well-equipped to support clients with various IoT products in navigating these cybersecurity standards. If you have any questions about your products, please reach out to us for guidance on planning for the European cybersecurity market.

By incorporating ETSI EN 303 645, EN 18031 series, cybersecurity, and RED into our services, The One Lab ensures your products meet the latest European cybersecurity requirements.

[Partnership Announcement] Congratulations to THE ONE and Eurofins on Signing a Cybersecurity MOU

We are thrilled to announce that THE ONE has officially entered into a partnership with Eurofins. With ONELAB’s cutting-edge cybersecurity technology combined with Eurofins’ extensive customer base, we are committed to providing the highest quality cybersecurity testing services to our partners across various sectors of the electronics industry.

This collaboration also signifies that THE ONE‘s laboratory capabilities have reached a world-class standard, allowing us to establish profound partnerships with multinational corporations.

On the day of the agreement signing, THE ONE was represented by our Cybersecurity Lab Director, Mr. Norton, who signed the cybersecurity partnership agreement alongside Mr. Thami, the NB representative from Eurofins Germany, and Mr. Ethan, the representative from Eurofins Taiwan.

Through this partnership, we are dedicated to delivering the most professional testing and customer service, ensuring that your products can achieve cybersecurity certification and be sold globally.

If you have electronic products intended for export and are uncertain about the need for cybersecurity certification, we warmly invite you to reach out to us at service@theonelab.co for further inquiries.

IoT cybersecurity

【EDM】New challenges in the IoT market

IoT cybersecurity

As the Internet of Things (IoT) market rapidly expands, so do the associated security risks. This year, countries around the world have begun to establish stringent cybersecurity regulations for IoT products, including:

  • The UK’s PSTI  (effective from April 29, 2024)
  • Europe’s EN 303645 and EN18031  (effective from August 2025)
  • The USA’s Cyber TrustMark initiative (currently in planning)
  • India’s BIS cybersecurity requirements  (requirements for CCTV, DVRs, etc. already implemented)

This means that IoT product manufacturers will need to quickly respond to these significant demands.

 

Our Value

The One Cybersecurity Lab was founded for this very purpose. As a leading IoT cybersecurity expert, we provide cutting-edge security solutions to help you navigate the challenges of new regulatory environments, protecting your products and users from cyber threats.

The establishment of The One Cybersecurity Lab stems from our deep understanding of the increasing need for digital security. With the global proliferation of IoT devices, these devices have become prime targets for cyberattacks. To address this challenge, we have assembled a team of seasoned cybersecurity experts, engineers, and researchers committed to developing and providing solutions that meet the highest security standards.

 

Our Services

Our range of services covers the extensive cybersecurity needs of IoT products, including home automation devices, smart appliances, and connected products. The One Cybersecurity Lab offers professional security assessments and solutions based on rigorous international standards and is accredited by the Taiwan Accreditation Foundation (TAF) (Accreditation No.: 4248) to ensure that our security measures meet and exceed the industry’s most stringent requirements.

In the global market, our services extend beyond Europe to Southeast Asia, the USA, India, and other regions. Our team has a deep understanding of the unique needs and security challenges of various markets, and we have developed targeted security strategies to ensure our clients maintain a leading position in any market.

We sincerely invite you to learn more about The One Cybersecurity Lab and look forward to the opportunity to collaborate with you to advance the future of IoT product security.

For more information or to discuss collaboration, please feel free to contact us. The One team is always at your service.

UK PSTI

Cybersecurity News – Latest Requirements of the UK’s Product Security and Telecommunications Infrastructure (PSTI) Act

UK PSTI

UK PSTI

The UK’s Product Security and Telecommunications Infrastructure (PSTI) Act primarily targets the cybersecurity requirements for smart devices. This mandatory requirement was implemented in April 2024.

Below is a detailed explanation of the types of products that need PSTI testing, exceptions, and how to meet PSTI requirements.

PSTI testing applies to a wide range of internet-connected devices, including but not limited to:

  • Smart home devices (such as smart bulbs, smart locks, smart thermostats)
  • Consumer electronics (such as smart TVs, smart speakers, smartwatches)
  • Connected toys and baby monitors
  • Smart health and fitness devices (e.g., fitness trackers)
  • Other Network-connected devices

Manufacturers should conduct cybersecurity risk assessments for their products according to the specific terms of the PSTI and take necessary technical measures to mitigate these risks. By following these steps and requirements, manufacturers can ensure their products meet the PSTI cybersecurity standards, providing consumers with a safer user experience.

Exceptions

The following categories of devices are not covered by PSTI testing:

  • Enterprise-level network equipment
  • Industrial control systems
  • Devices with simple functions and no network connectivity
  • Personal computers and laptops

These products typically have specialized security standards and regulatory bodies for testing and certification, so they do not need to comply with PSTI requirements.

PSTI Requirements

To meet PSTI requirements, manufacturers should follow these steps:

  1. Firmware Update Mechanism: Ensure the device can receive and automatically install security updates to patch known vulnerabilities.
  2. Unique Default Passwords: Each device should use a unique default password or require users to set a strong password upon first use.
  3. Vulnerability Reporting Channel: Establish an easily accessible vulnerability reporting mechanism, allowing users and security researchers to report security issues with the device.

The cybersecurity testing laboratory at the One provides testing and certification services that meet the latest PSTI cybersecurity requirements. We continuously monitor the latest regulatory developments and offer appropriate cybersecurity testing services in line with regulatory changes, providing our clients with up-to-date cybersecurity testing and certification solutions.

For further information, please contact:

Email: service@theonelab.co

Cybersecurity test training for EN303645

The EN 303645 standard is highly related to the upcoming cybersecurity requirements in the European Union, the UK, and the US. Therefore, our company has specially invited cybersecurity experts from Canada to conduct a series of training for our team, aiming to provide professional and reliable services to our clients.

In the process of establishing a laboratory。。。

In order to establish a cybersecurity laboratory that complies with ISO 17025 requirements, our company is actively acquiring various experimental instruments and adjusting laboratory environmental conditions, among other efforts. Please stay tuned.

Establishment of The ONE

With advancements in AI, IoT, new regulations will also emerge. THE ONE is officially established today and begins constructing a cybersecurity laboratory to embrace the wave of AI, IoT, and other products. Meanwhile, the company has also forged close partnerships with Glodacert and ECTest, jointly striving towards the digitization of the TIC industry and enhancing the testing capabilities of small and medium-sized laboratories.