
New Requirements for Going Abroad
IoT ProductsCybersecurity Certification
Developed by Authoritative Professional Institutions
One Test | Two Reports | Dual Certification

Background
With the rapid development of IoT technology, humanity has entered the “Era of Everything Connected”. Consumer IoT products such as home cameras, routers, smart displays, translators, VR glasses, smart robots, and smart speakers provide convenience to users, but the potential security vulnerabilities can threaten user information, property, and even personal safety. IDC predicts that by 2025, the global IoT market size will reach $1.1 trillion, and the number of global IoT connections will reach 25.1 billion, maintaining a growth rate of over 12%.
Many countries or organizations are gradually making cybersecurity a mandatory requirement. For example, the UK will enforce the PSTI Act for directly or indirectly connected products on April 29, 2024; starting August 1, 2025, the EU will mandatorily add cybersecurity-related clauses as part of the RED certification. Recently, the European Parliament voted to pass the Cyber Resilience Act (CRA) to protect all digital products in the EU from cyber threats. Among them, IoT products are an important component of the “digital products” covered by this act, and they will face new requirements after its implementation. To purify the IoT network environment and protect users’ personal privacy rights, manufacturers of IoT terminal devices in our country must prepare in advance and enhance the security shield for their products going abroad by obtaining cybersecurity certification!
01
Scope of Application
This certification applies to products including but not limited to the following:
-
Networked children’s toys, child monitoring devices, and children’s monitors;
-
Networked smoke detectors, smart locks, and window sensors;
-
IoT gateways, routers, and hubs that can connect multiple devices;
-
Smart cameras, TVs, smart speakers, and smart displays;
-
Wearable health trackers, devices, and clothing;
-
Networked home automation and alarm systems, especially their gateways and hubs;
-
Networked smart home appliances, such as washing machines and refrigerators, and smart home assistants.
02
Certification Models
Certification Model 1:Product Inspection
• Certificate validity period is 1 year, cannot affix the mark
Certification Model 2: Product Inspection + Initial Factory Inspection + Post-Certification Supervision
Certification Model 3: Product Inspection + Post-Certification Supervision
• For models 2 and 3, the certificate validity period is five years, maintained through supervision
03
Business Highlights
Business Highlights: Bundled Services
CQC and Nemko strive to maintain their respective processes unchanged, seeking consistent solutions in application acceptance, costs, certificate issuance efficiency, and supervision frequency, providing clients with dual certification for domestic and international markets without significant changes in client costs and timeliness.

One Test, Two Reports, Two Certificates

CQC certificate and exclusive mark for IoT product cybersecurity

Nemko certificate and export certification mark for Europe
For business consulting and processing, please contact:
Wuxi Software Association Intellectual Property One-Stop Service Center
0510-68566089, 18901522543
END
