Cybersecurity Services
for Consumer IoT (Connected Devices)


The onset of Web 3.0 has brought with it an exponential growth in the number of connected consumer devices, as the Internet of Things becomes all-encompassing in personal, business and societal lives.

For a long time, these connected products have only been rated on functionality and price – however, in today’s modern World, the challenges for manufacturers and suppliers extends to their resilience to Cyber-attack.

Consumer IoT Vulnerabilities

Cyber-attacks on Consumer devices are becoming more prevalent, demonstrating the need for stronger Cybersecurity to protect consumer private data and in some cases, consumer personal health. Furthermore, these Cyberattacks have the ability to connect to other devices connected to the same network, giving access to more devices and data, and ultimately a higher security risk.

Suppliers need to ensure the security of their devices in order to protect consumers and networks – international standards and best practices represent the most effective method to ensure the implementation of cybersecurity.

Bureau Veritas’ network of global Cybersecurity labs and expertise ensures support with testing and certification based on important international standards for consumer products.

Consumer IoT Certification

Because of the always-connected nature of Consumer IoT devices, security assessments and certification must be extensive, but efficient, in order to protect networks and consumers, but also remain in-step with the fast-pace of software updates and the development of Cyberattack techniques.

Cybersecurity Certification for IoT consumer products (based on Common Criteria or ETSI EN 303 645)  is of increasing importance to countries globally, and more legislation will come into effect in key markets in 2024, for example, the European Union’s Radio Equipment Directive.

Furthermore, there are international discussions on mandating (by regulation) a minimum of security features linked to these connected products. For example, in the EU, the Radio Equipment Directive (RED) incorporates requirements linked to cybersecurity. These requirements will ask for protection of software updates, confidentiality of personal data, as well as protection against malicious impact on the other components connected to the same network.

Bureau Veritas supports its’ clients and businesses in achieving Certification across ETSI EN 303 645 and Common Criteria, as well as tailored testing in line with the security requirements of the RED.


Support and Preparation

- Design Reviews
- Security Requirements Development
- Threat Modeling
- Vulnerability Assessments and Penetration Testing of Hardware, Software and Infrastructure

Compliance and Testing

- ETSI EN 303 645


- IoXT
- ETSI EN 303 645
- Common Criteria Certification
- Radio Equipment Directive (RED)
- EUROSMART IoT Certification

Get in touchwith us
Would you like to receive marketing communication from Bureau Veritas?
Would you like to receive marketing communication from Bureau Veritas?