Increasing Compliance with EU Cybersecurity Rules


Non-compliant products imported into the European Union (EU) bear significant safety risks for consumers and negatively affect fair competition. A workshop series of the German Ministry for Economic Affairs and Climate Action (Bundesministerium für Wirtschaft und Klimaschutz - BMWK) and Chinese customs authorities on the safety of ICT (information and communications technology (ICT) products tackles these problems at the source.

Expert Dominik Röske (BMWK) presents on minimum requirements for cybersecurity. © GPQI-GIZ
Expert Dominik Röske (BMWK) presents on minimum requirements for cybersecurity. © GPQI-GIZ

During the kick-off workshop on 21 April 2022 Dominik Röske, a BMWK expert for radio equipment regulation, presented the recently enacted EU delegated regulation on minimum requirements for cybersecurity to over 160 participants. Röske has a broad range of experience in the fields of radio spectrum policy, radio equipment regulation and emergency preparedness. Moreover, he is well acquainted with IT-security issues and general regulatory and standardisation matters, related to telecommunications, security and safety at national, international and EU-level.


The Delegated Regulation (EU) 2022/30 affects most internet-connected devices

With the development of the EU digital economy and society, internet-connected devices play an increasingly important role in the daily lives of EU consumers. Along with these changes, the definition of what constitutes a safe product must be updated to also consider cybersecurity risks.


To ensure protection of the network and its functioning from harm, of personal data and privacy of users, as well as protection of consumers from fraud, the EU Commission enacted a delegated regulation under the EU Radio Equipment Directive (Delegated Regulation (EU) 2022/30). From August 2024 most internet-connected devices (so called “internet-connected radio-equipment”) will have to ensure conformity with essential cybersecurity requirements. This affects for example smart home devices or smart watches. To facilitate conformity assessment with those requirements, the European Commission will soon task the European Telecommunication Standards Institute (ETSI) with developing voluntary harmonised standards.


Cyber security requirements with global relevance

Like the impact of the EU General Data Protection Regulation, this ground-breaking EU regulation has the potential to shape global requirements for cybersecurity. It is therefore not only of great significance for all manufactures of internet-connected devices active in the EU market, but for consumers worldwide. The number of participants in the workshop and the range of questions show that Chinese companies are well aware of how significant the regulation and its compliance implications are.


During the workshop, the participants addressed topics covering a wide field from smart watches, smart home devices and in-house certification to specific cybersecurity standards and international harmonisation.  As a result of the workshop, Chinese enterprises are better enabled to meet the EU cyber security requirements for ICT products – which is not only in the interest of European consumers and compliant competitors but also benefits consumers all over the world.



Go back