Welcome to IT-Branschen – The Channel for IT News, Cybersecurity and Digital Trends

For Companies, Suppliers and Decision Makers in the IT Industry

Digital strategy and insights for decision-makers in the IT industry

Subscribe

Stay up to date with the most important news

By pressing the Subscribe button, you confirm that you have read and agree to our privacy policy and terms of use
Subscribe
Facebook Twitter Instagram LinkedIn Pinterest
Contact us
New cybersecurity rules - and now it's getting urgent New cybersecurity rules - and now it's getting urgent

New cybersecurity rules - and now it's getting urgent [column by Ulf Seijmer]

IT industrybyIT industry
April 14, 2025

Ulf Seijmer: It doesn’t take much scrolling through the news feed to realize that security issues have become increasingly important. But I’m not referring to bolting anchors to the bows of half-rotten boats floating around the Baltic Sea with unclear ownership – or putting up “no anchoring” signs in multiple languages. No, what I’m talking about is what’s much closer to us in everyday life: electronics, connected gadgets and hardware that now permeate our lives.

Now security is being stepped up. A new standard is to be introduced to tighten the requirements for Cybersecurity. From August 2025 (should have been 2024 but is now 2025) technology companies are facing a new reality. The EU's updated Radio Equipment Directive (RED) brings stricter rules for cybersecurity - rules that affect everything from smart watches to network equipment and IoT sensors. The tricky thing is that without this marking, your product does not meet the CE marking. And are you not ready? Then the consequences could be that you have to stop selling the product until you can prove that it does! As always with new regulations, the slime crawlers hide in the small details.

Ulf Seijmer, Chief Innovation Officer at Induo.
Ulf Seijmer, Chief Innovation Officer at Induo.

Beautiful promises and tough demands

The cybersecurity requirements are clear. From August 2025, radio equipment that handles personal data or is connected to networks must ensure the protection of the user's personal data and privacy. The aim is to prevent the equipment from becoming a threat to networks or users. In addition, robust mechanisms must be in place to combat cybersecurity threats.

Advertisement

For those who have not made their product journey with cybersecurity in mind, it may be about manufacturers working to close security holes and existing vulnerabilities, but in the long term it is about building solutions with "Security by Design", where security is included from the drawing board to launch.

There has been a great deal of uncertainty about which standard to certify against in order to meet the requirements. The EU Commission has dragged this out into the absurd. The uncertainty about what applies can be likened to building a house but not knowing exactly which building standards will apply. Should you wait and risk delays, or take a chance and risk building about everything? Until recently, most information was on the internet and it pointed towards a different standard than the one being hammered out. So it's like building a house based on Youtube videos, where you managed to get stuck in the wrong filter bubble and get recommendations that are completely wrong. That's the position that many developers have found themselves in until now.

To make life easier for everyone who works with hardware, a long time has been given to adapt the products, but it has not been clear what they should adapt to. A reasonable timeframe? Less than six months. Within this, all products that fall within the category must be tested and verified against the EN 18031–1:2024 standard, according to a statement from PTS. The aim is razor-sharp, but the timeframe feels as realistic as us building townhouses on the moon within five years (based on guides from YouTube). So here I introduce a real headache. Time. If you are going to do this for real, if you don't know yourself, you should bring in an accredited lab.

What is at stake?

The consequences of not being prepared can be costly. Without the correct CE marking, you will not be allowed to sell your products within the EU. Failure to comply can lead to fines and legal risks, and an unsafe product is not a good product – unfortunately, customers do not forget a breach. If you working with critical information has You probably already know this. Many of the companies in CCS have a head start. We've already had cybersecurity on the agenda for a while.

This is how you take control – right now

Don't wait. Start by analyzing your products and identifying which ones are covered by RED and how safe they are today. Talk to the manufacturer or make your own plans. Hiring test houses and certification bodies can help you verify your products and understand the requirements, if anyone even has time for your product. In addition, you should plan for the unexpected through risk analysis and preventative work.

But I also want to highlight that Cybersecurity requirements are not just about compliance. They are not about showing a certificate in August, but a continuous and arduous journey to keep the bad guys out of the jar you sell to your customer. And unfortunately, this is not about welding a few anchors to the bow of foreign ships, this is mined water with plenty of bottom, interference on the GPS and without an adequate nautical chart.

Share
Share
Pin it
Tweet
Share
Share
IT industrybyIT industry
Published

Stay up to date with the most important news

By pressing the Subscribe button, you confirm that you have read and agree to our privacy policy and terms of use
convendum banner
Advertisement

READ MORE