search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
TEST & MEASUREMENT


The General Product Safety Directive – filling the cyber security gap


By Richard Poate, senior manager at TÜV SÜD


currently underway, with the European Commission planning to amend the existing Directive or adopt a new Regulation in the second quarter of 2021. This could have significant consequences for designers and manufacturers who will have to rethink their safety approach.


The review is looking at several key areas including:


he General Product Safety Directive 2001/95/EC (GPSD) covers the safety of any products that do not fall under other European Union (EU) Directives. Following Brexit, the GPSD is enacted in the UK as The General Product Safety Regulations. It defines a safe product as one that ‘does not present any risk, or only minimum risks compatible with the product’s use, considered to be acceptable and consistent with a high level of protection for the safety and health of persons.”


T


However, the GPSD is 20 years old and while technology has moved on, the Directive has not and it does not address technological developments that have become widely adopted in modern products. For example, the prevalence of Internet connected devices and the introduction of Artificial Intelligence (AI) both have the potential to negatively impact product safety.


Consequently, the GPSD is currently undergoing a review in the EU. As part of the review process, the public consultation closed on 6 October 2020, which was the opportunity for stakeholders to influence any updates. An evaluation of the GPSD and an impact assessment of policy options is


• New Technologies - a product can become dangerous if it is not robustly protected in terms of cybersecurity. • Online sales channels – third-party marketplace sellers are now prevalent and may well be located outside of the UK/EU, which introduces additional uncertainties with unclear responsibilities with regards to product safety. Authorities are currently inadequately equipped to deal with this and have limited powers available to them. • Recall effectiveness - recall rates are woefully low, meaning that potentially dangerous products remain in circulation. • Market surveillance - current rules are ineffective, which can lead to high numbers of dangerous products flooding the market (as our own tests have proven). Because products now often include software, insufficient cybersecurity can leave end-users open to potentially dangerous hacker attacks and loss of personal data. The definition of a product should therefore encompass software, including when it has been downloaded after the device has been sold, because malfunctioning software can lead to significant damage.


Cybersecurity and privacy should also become part of the GPSD’s minimum safety requirements, which should be based on European standards, such as EN 303 645 - Cybersecurity for Consumer IoT. Many industry commentators also believe that compliance could be demonstrated through certification at an adequate level, which is identified through a risk assessment. Security requirements should also apply to any update features of a product. Products that could be modified using software updates or machine learning must also be subject to these new cyber related safety requirements. This should


mean that conformity assessments will need to be repeated over the lifetime of a product to ensure that safety is never compromised.


These new technologies also impact the EU and UK’s definition of when a product is placed on the market. The current definition states that “a product is placed on the market when it is made available for the first time on the market, i.e. when it is first supplied for distribution, consumption or use on the market in the course of a commercial activity, whether in return for payment or free of charge. This can be either when a new manufactured product, or a product imported from a third country (new or used), is made available on the market for the first time.” However, if a product subsequently changes due to a software update, this definition becomes less certain. The GPSD’s technology-neutral stance is therefore becoming irrelevant and needs to change. The GPSD encompasses a Rapid Alert System which enables national authorities of EU and EEA countries and the Commission to quickly exchange information on dangerous products, so that they can be traced and swiftly taken off the market. However, a 20 per cent recall of such products is currently considered to be at the better end of the scale. The GPSD revision is therefore intended to also improve the effectiveness of product recalls, so that fewer dangerous products remain in the hands of end-users.


Our best advice is for designers and manufacturers think outside of the box as product safety risks are changing in nature and as the technology evolution advances, those risks are likely to become more obscure but just as dangerous. Good risk assessments will be the key to help you avoid putting end-users, your business and the reputation of your brands at risk. One thing that is certain - technology is now advancing at light speed and regulation often lags. You must therefore ensure that you are aware of all potential risks and foreseeable product use situations, which is no easy task!


TÜV SÜD www.tuvsud.com/uk


MAY 2021 | ELECTRONICS TODAY 65


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74