ETSI has released version 3.1.3 of its EN 303 645 standard, establishing high-level, outcome-focused security provisions for consumer IoT devices to address growing cybersecurity and data protection concerns. The guidelines offer a flexible framework that allows manufacturers to tailor security solutions to specific products while ensuring baseline protections for smart home assistants, connected appliances, and health trackers. Key features include fundamental security requirements, implementation guidance, and alignment with GDPR standards, with future revisions expected to transition these recommendations into mandatory provisions. By accounting for the resource constraints of IoT hardware, the document aims to foster a safer ecosystem where security is prioritized by design.
Keywords: IoT security, GDPR compliance, security by design, consumer devices, vulnerability mitigation