VdTÜV Position: Regulatory improvement for safe and secure IoT products in Europe required

Functionalities, scopes and product features are significantly changing on the Internet of Things (IoT) and the complexity is increasing. Certain products which previously have not been required to undergo an independent conformity assessment because of the minimal risks they present need to be reassessed in regard to their risk potential and accordingly required functional safety measures/devices.
Industrie-40-Digitale-Transformation-smart-industry-factory
© Zapp2Photo / Shutterstock.com - Industrial internet of things

The connecting of devices and machines via the internet to complex systems leads to extended functionalities which can no longer be solely located within the individual product itself, but are instead located within the back end system and/or product network. As a result of these extended functionalities and the significantly greater number of digital connections, the potential exists for access by unauthorised parties, along with the accompanying threats and attack scenarios. These new functionalities and product features should be tested across all products.

With this, the issue of the “robustness”of IoT products against cyberattacks takes centre stage among the product safety aspects. It has to be established whether, and to what extent, “robustness” is to be added to the applicable safety requirements placed upon a product. Where it is imperative for an IoT product to be protected against cyber attacks by means of corresponding technical security measures, this would also need to be examined or, as the case may be, tested within the course of the required conformity assessment.