Home/Services/ETSI IoT Security

ETSI EN 303 645 — IoT Security

Demonstrate that your consumer IoT device meets the European baseline cybersecurity standard with our expert assessment and testing services.

What Is ETSI EN 303 645?

ETSI EN 303 645 is the European baseline cybersecurity standard for consumer IoT devices. Published by the European Telecommunications Standards Institute (ETSI), it provides 13 provisions covering fundamental security practices that every consumer IoT product should implement.

The standard is referenced by the Radio Equipment Directive and is expected to serve as a key harmonised standard under the Cyber Resilience Act for default-category consumer IoT products.

The 13 Provisions

  1. No universal default passwords — unique per device or user-defined during setup
  2. Implement a vulnerability disclosure policy — public point of contact and timely acknowledgement
  3. Keep software updated — secure, timely updates with clear information to users
  4. Securely store credentials and security-sensitive data
  5. Communicate securely — use encryption and authentication for network communications
  6. Minimise exposed attack surfaces — disable unused services and ports
  7. Ensure software integrity — verify updates and detect unauthorised changes
  8. Ensure personal data is secure — appropriate protection of user data
  9. Make systems resilient to outages — graceful degradation and recovery
  10. Examine system telemetry data — security logging and monitoring
  11. Make it easy for users to delete personal data
  12. Make installation and maintenance of devices easy — clear guidance
  13. Validate input data — protect against malformed or malicious input

Our ETSI IoT Security Services

Gap Analysis

We review your IoT device against all 13 provisions and the associated test specification ETSI TS 103 701, identifying gaps and providing a prioritised remediation plan.

Compliance Testing

We execute the full test suite defined in ETSI TS 103 701, providing formal test results and evidence for your compliance documentation.

Implementation Support

Our team provides practical guidance on implementing security controls that satisfy each provision — working alongside your development team to address findings efficiently.

Ongoing Compliance Monitoring

IoT compliance isn't a one-off activity. We offer ongoing penetration testing and vulnerability scanning to ensure your devices remain secure throughout their lifecycle.

Which Products Need ETSI EN 303 645?

The standard targets consumer IoT devices including, but not limited to:

  • Smart home devices (speakers, thermostats, lighting, cameras)
  • Wearable health and fitness trackers
  • Connected toys and baby monitors
  • Smart appliances (fridges, washing machines, ovens)
  • Home automation gateways and hubs
  • Connected smoke detectors and door locks
"ETSI EN 303 645 sets the floor, not the ceiling, for IoT security. It's the minimum your customers and regulators expect."
Get an IoT Security Assessment Quote