USA: Voluntary cybersecurity label published by the Federal Communications Commission in the USA

Launch of certification program for wireless IoT products possible in 2024

The European Union (EU) has already adopted legal regulations that apply to all radio devices that can connect directly or indirectly to the internet. These regulations are binding for all products with a radio and internet connection that are placed on the market in the EU from August 1, 2025.

In the United States, there is still no legal regulation in this area, but it is being actively worked on. Nevertheless, on March 14, 2024 the Federal Communications Commission (FCC) published the final version of a voluntary certification program for radio devices that can connect to the internet. This program, known as the Cybersecurity Labeling Program for Smart Devices, has been available in draft form for some time.

The products in question are equipped with wireless interfaces such as Wi-Fi, mobile communications or similar and are therefore directly or indirectly connected to the internet. They are used by private end users and belong to the category of smart devices in the so-called “Internet of Things” (IoT). These products should be protected against possible misuse and targeted attacks. 

The exact requirements that these products must meet are not yet fully known or defined. However, they will be based on the National Institute of Standards and Technology (NIST) guidelines, the link to which is provided below. Before a manufacturer can label its product, a certificate from the Federal Communications Commission (FCC) will be required. The FCC will provide a database to manage the certifications.

The label, which is available in different colors, has already been defined and can be viewed via the link below. The FCC aims to enable the certification process by the end of 2024.


What impact could this program have in the USA?

In the United States, citizens place greater value on voluntary quality labels than their EU counterparts. Among the best-known examples are the UL mark, the WiFi logo and the Energy Star label. One example of this is the rare use of the term “WLAN” among Americans, who almost exclusively use the term “WiFi” instead. The WiFi label identifies conventional WiFi devices that have undergone a voluntary, fee-based program that includes interoperability testing in WiFi-certified labs.

The FCC compares the Cybersecurity Label to the Energy Star Label for computer monitors and similar devices. This is intended to provide end users with an easy way to obtain safety-related information about products. If the Cybersecurity Label becomes as established as the author expects, all manufacturers offering smart devices for the end consumer market in the USA will probably not be able to avoid this certification.

We will keep you up to date and will be happy to provide you with further information.

Author

Dipl.-Ing. (FH) Torsten Sahm
Senior Product Compliance Consultant 

Published on 30.04.2024
Category: Cybersecurity, Focus Automotive, Fokus Electrical and Wireless, Compliance

Compliance News

The latest developments in all areas of market authorization and product compliance.

Comprehensive expertise in Standards Management
More News
The new EU Product Liability Directive 2024/2853

Extensive legal changes on the horizon

Read more

And now there is the AI Act

Does it really prevent innovation?

Read more

Listing of the cybersecurity standards EN 18031 series and outlook

When and how does the OJEU listing take place?

Read more

Login
x

In accordance with the EU ePrivacy (Cookie) Directive (2009/136/EG), we would like to inform you that our website uses cookies. By using our website, you accept and agree to our Privacy policy. Please view our Privacy policy to find out what cookies we use and how to disable them.

OK