Cybersecurity Certification Obtained by Suprema under CE RED Program
The European Union has announced a revised Radio Equipment Directive (RED), set to enforce stricter cybersecurity requirements for Internet of Things (IoT) devices from August 1, 2025. These requirements apply to various wireless and connected devices, including smart home products, wearable tech, connected toys, and appliances that interface with networks.
The key cybersecurity mandates under Article 3.3(d/e/f) of the RED for IoT devices are as follows:
- Article 3.3(d): Protection from Unauthorized Access - Devices must be designed so that their radio networks or any associated networks cannot be hacked or accessed without authorization.
- Article 3.3(e): Protection of Personal Data and Privacy - IoT devices must implement mechanisms to safeguard users’ personal data and privacy, preventing violations.
- Article 3.3(f): Protection Against Fraud or Misuse - Devices should prevent misuse of network resources, including avoidance of fraudulent communications or denial of service attacks.
In addition, manufacturers must demonstrate security-by-design principles throughout the product lifecycle, ensuring that security is embedded from development to production. Compliance with harmonized standards, such as EN 18031, is required before products can bear the CE mark that certifies conformity to these regulations.
Non-compliance may lead to significant penalties, including fines up to €15 million or 2.5% of global turnover.
In a recent development, Suprema Inc., a company specializing in biometrics and security solutions, has announced that its facial authentication access control devices, BioStation 3 and BioEntry W3, have obtained CE RED certification under the European Union's updated Radio Equipment Directive (RED). These devices, which run deep-learning-based facial authentication algorithms locally on the device, support a variety of authentication methods, including Bluetooth, NFC-based mobile credentials, RFID cards, providing flexible authentication options.
The updated CE RED requirements cover network protection, personal data and privacy safeguards, and fraud prevention for wireless access control systems. Suprema has formally demonstrated that its solutions comply with the next generation of cybersecurity standards for wireless access control systems under the updated CE RED requirements.
The BioStation 3 and BioEntry W3 are designed to meet the increasing worldwide regulations around privacy and cybersecurity for wireless and IoT devices. The CE RED certification for Suprema’s devices not only confirms compliance with cybersecurity standards but also demonstrates Suprema’s commitment to staying ahead of evolving regulatory requirements.
The updated CE RED directive applies to IoT devices that use wireless technologies such as Wi-Fi, Bluetooth, smart door locks, and payment terminals, in addition to facial authentication access control devices like Suprema’s BioStation 3 and BioEntry W3. The revised CE RED certification process applies to all Suprema devices supporting various access authentication methods.
The BioStation 3 and BioEntry W3 are AI edge devices, meaning they perform computations locally on the device rather than relying on cloud-based servers. The updated CE RED certification process will be enforced starting August 1, 2025.
- The updated CE RED certification for Suprema's facial authentication access control devices, such as the BioStation 3 and BioEntry W3, signifies that these devices meet the stricter cybersecurity requirements set by technology, including protection from unauthorized access, safeguarding personal data and privacy, and prevention against fraud or misuse, as dictated by the European Union's revised Radio Equipment Directive (RED).
- Under the updated CE RED directive, Suprema's AI edge devices, like the BioStation 3 and BioEntry W3, are required to comply with technology-driven cybersecurity regulations set to enforce stricter requirements for Internet of Things (IoT) devices from August 1, 2025, including network protection, personal data and privacy safeguards, and fraud prevention for various wireless and connected devices.
