EMC China Lab

What is the ETSI EN 303 645 Testing Standard?

Views :
Update time : 2025-04-24

Introduction to ETSI EN 303 645: Enhancing IoT Device Security and Privacy

 

With the rapid growth of connected devices, concerns over their security and privacy are also increasing. The lack of proper security measures in these devices has led to numerous high-profile cyberattacks, resulting in data breaches and other serious consequences. To address these issues, the European Telecommunications Standards Institute (ETSI) developed a new standard known as ETSI EN 303 645.

 

What Does This Standard Cover?

ETSI EN 303 645 is a comprehensive standard aimed at defining cybersecurity requirements for consumer-grade IoT devices. Key aspects include:

 

1. Identification and Authentication

- Devices must support secure and unique identification.

- Authentication mechanisms should be robust and resistant to common attacks.

 

2. Secure Boot and Software Updates

- Devices should have secure boot mechanisms to ensure only trusted software runs.

- Software updates must be authenticated and checked for integrity to prevent unauthorized modifications.

 

3. Data Protection

- Strong encryption must be used for both data in transit and data at rest.

- Only authorized entities should be allowed access to sensitive data.

 

4. User Privacy

- Clear information must be provided about data collection, processing, and sharing.

- Users should have control over their data, including the right to request deletion.

 

5. Lifecycle Management

- Manufacturers must provide security updates throughout the entire lifecycle of the device.

- A clear disposal process should be in place to prevent devices from becoming security risks.

 

6. Secure Default Settings and Configuration

- Devices should come with secure default settings.

- Users should be able to easily configure security options.

 

7. Information Transparency and User Support

- Manufacturers should provide clear, understandable explanations of security features.

- Users should be informed of potential risks and how to mitigate them.

 

8. Resistance to Common Attacks

- Devices should be able to resist common cyberattacks such as Denial of Service (DoS), Man-in-the-Middle, and Replay attacks.

 

Scope of ETSI EN 303 645

Applicable to a wide range of consumer IoT devices, including:

- Smart toys and baby monitors;

- Smart smoke detectors, door locks, and window sensors;

- IoT gateways, base stations, and hubs connecting multiple devices;

- Smart cameras, TVs, and speakers;

- Wearable health trackers;

- Connected home automation and alarm systems, along with associated gateways and hubs;

- Connected appliances such as washing machines and refrigerators;

- Smart home assistants.

 

As of August 2, 2023, ETSI EN 303 645 has been officially incorporated into the CB scheme.

 

Who Is It For?

This standard applies to manufacturers of IoT devices sold or used in Europe. It is also relevant to both consumers and enterprise users.

 

Impact on the IoT Industry

- Improves device security and enhances user trust in IoT products.

- Elevates product quality and reliability.

- May increase compliance costs for manufacturers, potentially affecting product pricing.

 

ETSI EN 303 645 represents a significant step toward ensuring the security and privacy of IoT devices. Despite the challenges in implementation, the benefits are substantial. As the IoT industry continues to evolve, this standard marks a crucial move toward building a more secure digital ecosystem.

 

JJR Laboratory in China is equipped with advanced software and hardware cybersecurity testing capabilities (including standards such as EN 303 645), enabling clients to meet international cybersecurity baseline requirements for both software and hardware in their products.


Email:hello@jjrlab.com


Leave Your Message


Write your message here and send it to us


Related News
Read More >>
Power Adapter UL1310 Certification Power Adapter UL1310 Certification
07 .03.2026
JJR LAB provides professional UL1310 testing standard certification for Class 2 power adapters and c...
Standard for Air Conditioners and Dehumidifiers: I Standard for Air Conditioners and Dehumidifiers: I
07 .03.2026
JJR LAB provides expert testing for the new IEC 60335-2-40:2024 standard. Ed 8 updates safety rules ...
Guide to Children's Product Safety and Compliance Guide to Children's Product Safety and Compliance
07 .01.2026
Ensure children‘s product safety and compliance for toys and apparel by meeting strict testing stand...
US Mattress Compliance Certification US Mattress Compliance Certification
07 .01.2026
US Mattress Compliance Certification by JJR Lab: Products must meet 16 CFR 1632 & 1633 standards...
Canadian Site Mattress Compliance Testing Canadian Site Mattress Compliance Testing
06 .30.2026
Canadian site mattress compliance testing: JJR Laboratory provides mattress testing to SOR/2016-183 ...
Compliance for US Lithium-Battery-Powered Househol Compliance for US Lithium-Battery-Powered Househol
06 .30.2026
USA lithium-battery household appliance compliance: JJR Lab provides tests to UL 499, UL 1017, UL 98...
Canada Lithium Battery Home Appliances Compliance Canada Lithium Battery Home Appliances Compliance
06 .30.2026
Canada Lithium Battery Home Appliances Compliance: JJR Lab provides CSA, UL 1642/2054, CSA 62133-2 a...
EAC Certification for Electronic and Electrical Pr EAC Certification for Electronic and Electrical Pr
06 .27.2026
EAC certification is mandatory for exporting electronic and electrical products to the EAEU. JJR Lab...

Leave Your Message