Guidelines for the EU standardisation process related to cybersecurity for radio equipment .

In essence, this is how I would describe the situation. Radio equipment placed on the EU single market must comply with the essential requirements of the Radio Equipment Directive (RED). European Commission (EC) activated Article 3.3 d, e, f essential requirements in a delegated act on 29.10.2021. Some of the essential requirements activated in the RED articles 3(3) (d/e/f) aim at the protection of personal data and privacy, the protection from fraud and ensuring compliance of reconfigurable radio systems. The standards responding to the Article 3.3 do not yet exist.

An important element that is currently overlooked is the guideline describing the method and the process to produce the standardisation deliverables. While this might seem unlikely - after all the EU Harmonised European Standards were produced for a number of decades, the change in the domain of essential requirements coupled with a change in the EC legal view create a significant challenge for the timely production of European Norms.

Starting with the multidisciplinary aspects of this challenge, there are a number of issues that need to be solved in order for the standards covering these essential requirements to be produced. Hence the importance of discussing how to produce the standards and this discussion that may start drafting ways to guide the effort of standardisation for Harmonised European Norms.