BETA


2021/2956(DEA) Radio equipment: application of the essential requirements

Progress: Procedure completed - delegated act enters into force

RoleCommitteeRapporteurShadows
Lead IMCO
Lead committee dossier:

Events

2022/01/08
   EP - Delegated act not objected by Parliament
2021/11/10
   EP - Committee referral announced in Parliament
2021/10/29
   EC - Document attached to the procedure
2021/10/29
   EC - Document attached to the procedure
2021/10/29
   EC - Non-legislative basic document published
Details

This Commission Delegated Regulation supplements Directive 2014/53/EU of the European Parliament and of the Council on radio equipment as regards the application of the essential requirements referred to in Article 3(3)(d), (e) and (f) of that Directive. It aims at enhancing the security of internet-connected devices , most of which are expected to be part of the internet of things, and of wearable radio equipment.

Background

The European Parliament and the Council have repeatedly stressed the need to strengthen cybersecurity in the European Union, recognising the growing importance of connected devices, including the machines, sensors and networks that make up the Internet of Things (IoT) and related security concerns.

Numerous EU Member States and consumer organisations have flagged the absence of certain security features in equipment, which is placed on the market , highlighting the need to apply a minimum level of safety. In contrast to Directive 2014/53/EU on radio equipment, several relevant EU legislative texts do not address mandatory conditions for market access of products and do not allow Member States to take corrective measures regarding unsecure equipment.

Large numbers of radio equipment are used on a daily basis, not only by adult consumers or professional users, but also by vulnerable users like children.

In December 2016, the Norwegian Consumer Council had assessed the technical features of selected radio-connected toys . Its findings point to a possible lack in the protection of children’s rights to privacy, personal data protection and security.

Toys are just a part of a broader sector, which present similar risks. Smart appliances, smart cameras and a number of other connected radio equipment like mobile phones, laptops, alarm systems and home automation systems as well as wearable radio equipment (e.g. rings, wristbands, pocket clips, headsets, fitness trackers, etc.) are also examples of equipment at risk of hacking and of privacy issues when they are connected to the internet.

The main aim of this initiative is to enable Member States to verify that radio equipment placed on the EU market effectively contributes to the policy objectives of privacy, fraud protection and network security . Citizens, as well as professionals, should be confident that the products they use offer an increased level of protection.

This initiative should therefore allow only radio equipment on the EU market that is sufficiently secure.

With the general objectives in mind, the initiative intends to strengthen the respect of certain fundamental rights (e.g. privacy) and to support the policy objectives laid down in other pieces of EU law which do not allow market enforcement.

Another objective is to ensure a single market in the products concerned , unhampered by diverging local or national regulations that increase administrative burdens for smaller companies in particular. Clear and proportionate rules are necessary that are effectively and uniformly enforced across the EU.

Content

Article 3(3) sets out additional essential requirements that apply to categories or classes of radio equipment specified in a delegated act or acts adopted by the Commission. The following points of Article 3(3) are relevant to this initiative:

The RED empowers the Commission to adopt delegated acts in order to render applicable any of the essential requirements set out in Article 3 (3) of the RED, by specifying each of those requirements that shall concern categories or classes of radio equipment. The three points of the second subparagraph of Article 3 (3) are relevant for this initiative:

- Article 3 (3)(d), to ensure network protection ;

- Article 3 (3)(e), to ensure safeguards for the protection of personal data and privacy ;

- Article 3 (3)(f), to ensure protection from fraud .

The objective of this delegated regulation is to render applicable the essential requirements set out in Article 3(3)(d), (e) and (f) of the RED, which address elements of cybersecurity, to those categories of radio equipment that pose cybersecurity risks.

The delegated act:

- provides that Article 3(3)(d), (e) and (f) of the RED shall apply to internet-connected radio equipment , subject to certain exclusions as specified in the delegated act;

- provides that Article 3 (3)(e) of the RED shall apply to wearable radio equipment, toys which are also radio equipment, and radio equipment for childcare , whether internet-connected or not, subject to certain exclusions as specified in the delegated act.

The date of applicability of the delegated regulation is 30 months from its entry into force and the delegated regulation will therefore not affect radio equipment placed on the Union market before that date of applicability.

Documents
2021/10/29
   EP/CSL - Initial period for examining delegated act 2 month(s)

Documents

  • Document attached to the procedure: EUR-Lex
  • Document attached to the procedure: SWD(2021)0302
  • Document attached to the procedure: EUR-Lex
  • Document attached to the procedure: SWD(2021)0303
  • Non-legislative basic document published: C(2021)07672
  • Document attached to the procedure: EUR-Lex SWD(2021)0302
  • Document attached to the procedure: EUR-Lex SWD(2021)0303

History

(these mark the time of scraping, not the official date of the change)

procedure/subject/1.20.09
Protection of privacy and data protection
procedure/subject/2.10.03
Standardisation, EC/EU standards and trade mark, certification, compliance
procedure/subject/3.30.03
Telecommunications, data transmission, telephone
procedure/subject/3.30.04
Radiocommunications, broadcasting
events/3
date
2022-01-08T00:00:00
type
Delegated act not objected by Parliament
body
EP
procedure/stage_reached
Old
Awaiting committee decision
New
Procedure completed - delegated act enters into force
docs/0
date
2021-10-29T00:00:00
docs
url: https://webgate.ec.europa.eu/regdel/web/delegatedActsLinks/C(2021)07672 title: C(2021)07672
type
Non-legislative basic document
body
EC
events/0/summary
  • This Commission Delegated Regulation supplements Directive 2014/53/EU of the European Parliament and of the Council on radio equipment as regards the application of the essential requirements referred to in Article 3(3)(d), (e) and (f) of that Directive. It aims at enhancing the security of internet-connected devices , most of which are expected to be part of the internet of things, and of wearable radio equipment.
  • Background
  • The European Parliament and the Council have repeatedly stressed the need to strengthen cybersecurity in the European Union, recognising the growing importance of connected devices, including the machines, sensors and networks that make up the Internet of Things (IoT) and related security concerns.
  • Numerous EU Member States and consumer organisations have flagged the absence of certain security features in equipment, which is placed on the market , highlighting the need to apply a minimum level of safety. In contrast to Directive 2014/53/EU on radio equipment, several relevant EU legislative texts do not address mandatory conditions for market access of products and do not allow Member States to take corrective measures regarding unsecure equipment.
  • Large numbers of radio equipment are used on a daily basis, not only by adult consumers or professional users, but also by vulnerable users like children.
  • In December 2016, the Norwegian Consumer Council had assessed the technical features of selected radio-connected toys . Its findings point to a possible lack in the protection of children’s rights to privacy, personal data protection and security.
  • Toys are just a part of a broader sector, which present similar risks. Smart appliances, smart cameras and a number of other connected radio equipment like mobile phones, laptops, alarm systems and home automation systems as well as wearable radio equipment (e.g. rings, wristbands, pocket clips, headsets, fitness trackers, etc.) are also examples of equipment at risk of hacking and of privacy issues when they are connected to the internet.
  • The main aim of this initiative is to enable Member States to verify that radio equipment placed on the EU market effectively contributes to the policy objectives of privacy, fraud protection and network security . Citizens, as well as professionals, should be confident that the products they use offer an increased level of protection.
  • This initiative should therefore allow only radio equipment on the EU market that is sufficiently secure.
  • With the general objectives in mind, the initiative intends to strengthen the respect of certain fundamental rights (e.g. privacy) and to support the policy objectives laid down in other pieces of EU law which do not allow market enforcement.
  • Another objective is to ensure a single market in the products concerned , unhampered by diverging local or national regulations that increase administrative burdens for smaller companies in particular. Clear and proportionate rules are necessary that are effectively and uniformly enforced across the EU.
  • Content
  • Article 3(3) sets out additional essential requirements that apply to categories or classes of radio equipment specified in a delegated act or acts adopted by the Commission. The following points of Article 3(3) are relevant to this initiative:
  • The RED empowers the Commission to adopt delegated acts in order to render applicable any of the essential requirements set out in Article 3 (3) of the RED, by specifying each of those requirements that shall concern categories or classes of radio equipment. The three points of the second subparagraph of Article 3 (3) are relevant for this initiative:
  • - Article 3 (3)(d), to ensure network protection ;
  • - Article 3 (3)(e), to ensure safeguards for the protection of personal data and privacy ;
  • - Article 3 (3)(f), to ensure protection from fraud .
  • The objective of this delegated regulation is to render applicable the essential requirements set out in Article 3(3)(d), (e) and (f) of the RED, which address elements of cybersecurity, to those categories of radio equipment that pose cybersecurity risks.
  • The delegated act:
  • - provides that Article 3(3)(d), (e) and (f) of the RED shall apply to internet-connected radio equipment , subject to certain exclusions as specified in the delegated act;
  • - provides that Article 3 (3)(e) of the RED shall apply to wearable radio equipment, toys which are also radio equipment, and radio equipment for childcare , whether internet-connected or not, subject to certain exclusions as specified in the delegated act.
  • The date of applicability of the delegated regulation is 30 months from its entry into force and the delegated regulation will therefore not affect radio equipment placed on the Union market before that date of applicability.