Updates to the Radio Equipment Directive
The Radio Equipment Directive (RED) is an important piece of legislation that affects the products of all LPRA members. Since its introduction in 2016, the RED has brought about extensive delays in the publication of Harmonised Standards in the OJEU caused both by the new focus on receiver requirements and changes in drafting requirements to confer legal certainty to these Standards.
The EC is now planning to extend the legal scope of the RED by drafting ‘Delegated Acts’ to embody additional requirements concerning safeguarding of personal data, privacy & protection from fraud included within Articles 3.3 and 4. Although legitimate, these newly proposed changes risk delaying this process even more. The LPRA council would like to draw the implications of this to the attention of its members, as follows.
Several European Governments have rightly expressed concerns about the security of some consumer devices that have the capability of causing harm to their users or users of the Internet as a whole. Examples include web cams that can be turned into ‘botnets’ – allowing groups of such devices to be used to launch attacks on targeted websites and institutions, or baby monitors that can give malicious individuals access to young children.
The LPRA understands these concerns and supports the need to clamp down on this type of activity. Nevertheless, we have consistently aired our concerns about the role that the RED can play in this process and believe that great care should be exercised to avoid unintended consequences. The LPRA believes that security concerns could better be addressed as part of other legal instruments including the Cybersecurity Act and ePrivacy legislation, which would apply to all internet-connected equipment, not just internet-connected radio equipment.
ETSI TC Cyber, coincidentally, is writing specifications that are aimed at this space and, although well meaning, we are concerned that they may form the basis for expensive mandatory security assessments under the RED or shift the liability for security breaches entirely onto the shoulders of radio manufacturers.
The LPRA believes that ETSI should work with the wider standards framework, including CEN/CENELEC and encourage the EC to request security standards linked to this other legislation – not just the RED.
The council is watching and influencing developments closely and will, therefore:
Continue to lobby the EC: to ensure that new delegated acts are in the interests of our members as well as the wider community
Engage with ETSI TC Cyber and other Standards Development Organisations (SDOs): and ensure that any security-related standards are fit for purpose
Monitor the studies and proposals coming out of DG GROW: to understand the impacts on our members and lobby against any undesirable developments
We would strongly encourage LPRA members to engage with this process: we are strongest when we act together.
We are planning an education campaign to explore this topic in more detail. We will produce a short video setting out our concerns that we will make widely available via open platforms such as YouTube.
We also plan a members’ webinar to describe these developments in more detail.
The webinar will:
Set out developments so far including preparatory work in SDOs, intelligence from the Expert Group on RED (which we attend) and the results of studies that have been published on behalf of the EC.
Explain the concept of Delegated Acts and examine what these acts and the subsequent Standards Mandate might contain.
Highlight the probable and possible implications of the Delegated Acts
Brief you on how you can help to shape these outcomes.
We strongly advise you to make the time to attend this webinar, which is likely to take place in October 2020, in which our experts will be on hand to answer questions in real time. If you are interested in principle, please send an email titled, ‘RED Delegated Acts Webinar’ to the LPRA Secretariat : firstname.lastname@example.org
We will of course keep you full informed of all developments.
As always, we welcome your comments.