Regulation & Privacy Data Management
Several cybersecurity regulations are already applicable.
In the USA, regulations in California & Oregon in force from January 2020 require products to have a ‘reasonable’ level of cyber security. Laws are already applicable in Finland & Japan.
In Europe the GDPR is already applicable. The NSCS UK code of conduct is mandatory since 2020.
The Cyber Security Act was defined in 2019 in Europe to cover cybersecurity certification schemes that will be applicable defining 3 levels: High, Substantial and Basic.
The RED directive will include requirements to cover basic cybersecurity applicable to connected objects, will be mandatory in 2021.
The class 1 of “Bureau Veritas cybersecurity certification for IoT devices” has been designed to verify that product did considered the key minimum requirements from these regulations. i.e.
- A secure configuration ready to use
- Signed code & secure updates,
- Protection against exploitation of faults and known vulnerabilities.
- Personal data Management
LCIE can also verify individually “Personal Data Management”
- Consumers shall be informed on processing performed on their personal data
- Consumers shall provide their consent
- Consumers have the possibility to delete their personal data
To know More: Download our referential
To know More: