Since cybersecurity requirements are relatively new to our industry, please refer back to this 
page regularly as we will be updating it as soon as more information becomes available.

D.L.S. performs cybersecurity compliance testing and evaluation services for devices and equipment that have Bluetooth, Wi-Fi or other wireless connectivity in them and require additional confirmation of secure communications and network protection and useability.

These requirements are becoming more formalized in the various countries that utilize IoT devices, equipment, and technology. Current aspects are referenced below:

United States

The FCC is currently creating the “U.S. Cyber Trust Mark” to eventually be implemented for IoT products sold in the U.S. There is no word at this time as to the contents and when it will take effect.

On December 11, 2024, the Federal Communications Commission’s Public Safety and Homeland Security Bureau announced the agency’s voluntary cybersecurity labeling program for wireless consumer Internet of Things (IoT) products. 

“The program will allow qualifying consumer smart products that meet critical cybersecurity standards to display a label, including a new U.S. government certification mark (“U.S Cyber Trust Mark”), which will help consumers make informed purchasing decisions, easily identify trustworthy products, and encourage manufacturers to prioritize higher cybersecurity standards.  The voluntary program will be a collaborative effort between the public and private sectors, with the FCC retaining ultimate oversight and control of the program and authorized third-party administrators managing activities such as evaluating product applications, granting permission to use the label, and educating consumers.” 

This program is still in its infancy, but additional updates will be forthcoming.

Canada

Canada is currently creating the “CyberSecure Canada Mark” for products sold in Canada. There is no word at this time as to the contents and when it will take effect.

European Union

Radio Equipment Directive (RED) Cybersecurity Requirements

On August 1, 2025, the Radio Equipment Directive (RED) Cybersecurity Requirements for the European Union will go into effect for selling products placed into the market in Europe. These requirements are referenced below as part of Article 3 of the directive.

The three points of the second subparagraph of Article 3 (3) are relevant for compliance under the cyber security requirements:

 3(3)(d) to ensure network protection

 3(3)(e) to ensure safeguards for the protection of personal data and privacy

 3(3)(f) to ensure protection from fraud

The following IoT/Wireless products must comply:

  • Devices capable of communicating over the Internet (either directly themselves or through another device, like a smartphone)
  • Toys and childcare equipment
  • Wearables (smartwatches, etc.)

For today’s consumer products, the EU has provided a common standard ETSI EN 303 645 for manufacturers to follow for cybersecurity requirements. The current version can be found at:
https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf

Other standards for industrial products and controls, machinery, and other product categories are in development.

There are exemptions for specific products, and if your product is in one of the “vertical standards”, then there will be a special ETSI TS standard for you. We can help you figure this out, and also which provisions of the standard you must comply with.

More details can be found at:
Cybersecurity Requirements under the Radio Equipment Directive (RED) 2014/53/EU

EU Machinery Directive

Cybersecurity requirements for the EU Machinery Directive are planned to go into effect in 2027.