Consumer IoT
device cybersecurity

ETSI EN 303 645 - The European Standard on consumer IoT device security
get a free consult

Companies who chose us

ETSI EN 303 645 is the first globally applicable Cybersecurity
Standard for Consumer IoT Devices.

IoT cybersecurity solutions

Reduce the risk of cyber-attacks and ensure the security of IoT devices.

IoT devices often perform data collection, data exchange, data processing, and data reaction tasks. The IoT device market is rapidly growing, with a large number of devices being deployed in a wide range of sectors, including healthcare (IoMT), manufacturing (IIoT), energy (IoT), and transportation.

One of the key challenges in the IoT device market is cybersecurity. Because IoT devices are connected to a network, they are vulnerable to cyber attacks that can compromise the confidentiality, integrity, and availability of the device, and the information it processes.

This can have serious consequences, especially for devices that handle sensitive information or are critical to the operation of a system.To address these challenges, manufacturers and other stakeholders need to implement robust cybersecurity measures and follow relevant regulations and standards. This can help to reduce the risk of cyber-attacks and ensure the security of IoT devices.

Number of internet of Things (IoT) connected devices worldwide from 2019 to 2021, with forecast from 2022 to 2030 (in billions).

IoT Security Standards are regulatory standards for the security of IoT devices.  

ETSI EN 303 645 - The Cybersecurity Standard for Consumer IoT Devices

ETSI EN 303 645 is a technical specification developed by the European Telecommunications Standards Institute (ETSI) that provides guidelines for the security of Internet of Things (IoT) devices.

ETSI EN 303 645 is the first globally applicable Cybersecurity Standard for Consumer IoT Devices. Consumer IoT Products are internet-connected devices that any person can have at home nowadays. This standard covers consumer IoT devices that are connected to network infrastructure and their interactions with associated services, like smart tv’s, CCTV cameras, speakers, connected home automation devices, IoT gateways, base stations, HUBs, wearable health trackers, baby monitors, IoMT devices, connected home appliances like smart refrigerators and washing machines, or connected alarm systems, door locks, smoke detectors, among many others.  The ETSI 303 645 standard aim is to prepare these devices to be protected against the most common cybersecurity threats and to prevent large-scale attacks against connected devices.

It provides a basis for future IoT certification schemes. ETSI EN 303 645 contains a set of 13 cybersecurity categories and some provisions specifically focused on Data Protection.
In addition to providing guidelines for device security,
ETSI EN 303 645 also includes recommendations for the management of security risks, including the identification and assessment of risks, the implementation of controls to mitigate those risks, and the ongoing monitoring of risks.
The standard contains regulations to improve device security and minimize cyber threats. It helps manufacturers of consumer IoT devices to provide a range of features that protect their customers' personal data while complying with privacy laws and regulations (e.g. GDPR). It is the foundation of future IoT certification systems.

The definitive guide to crafting Compliant IoT Devices and high-quality developer documentation for ETSI EN 303 645 Certification

Facing challenges?

Are you finding it difficult to navigate the complexities of ETSI EN 303 645 for securing your IoT devices?

Wondering if your existing product documentation meets the stringent standards set out by this cybersecurity benchmark?

Do you feel that meeting ETSI's security requirements is an intricate and overwhelming task?

Whether you're gearing up for your first dive into the Internet of Things (IoT) security certification, or you're looking to refine your approach to compliance with ETSI EN 303 645 without unnecessary expenditure of time and resources,

This course is your key to unlocking simplicity in compliance.

Enroll now

Download our ETSI EN 303 635 infographics today and learn about the product certification process for this consumer IoT device cybersecurity standard.

ETSI  EN 303 645 infographics for Consumer IoT devices

download it here
ETSI  EN 303 645 infographics for Consumer IoT devices

How to comply with the ETSI EN 303 645 standard?

Manufacturers must implement the requirements defined by the ETSI EN 303 645 standard in their products to get them certified. The ETSI EN 303 645 standard includes 33 cybersecurity requirements and 35 cybersecurity recommendations.


CCLab will support your documentation needs by providing you the templates of the DUT (Device Under Test) Identification, the  Implementation Conformance Statement (ICS), and the Implementation of eXtra Information for Testing (IXIT), with guidelines on how to fill them out.


Get your product tested by CCLab. We evaluate your product and issue an evaluation report of your product at the end of the project. The issued Statement of Conformity can be a good basis for further certification.

What ETSI EN 303 645 compliance services does CCLab offer?

How can we help?
  • Training/Consultancy - We offer workshops to guide developers on their journey to ETSI EN 303 645 compliance. We provide insights and document templates for preparing the ICS, IXIT, and additional documentation needed for an evaluation.

  • Gap Analysis: - We assess the products to determine the differences between the current security implementation and the provisions defined in ETSI EN 303 645.

  • Product Evaluation: - We evaluate the product based on the applicable provisions of the ETSI EN 303 645 and will issue a conformance evaluation report as well as the identified security gaps.

  • Statement of Conformity - CCLab issues a Statement of Conformity when the evaluated product meets the requirements defined in ETSI EN 303 645.

Webinar on Consumer IoT security solutions

Do you want to know more about Consumer IoT Cybersecurity?

Securing Connections: Decoding UK PSTI Act Webinar
Levente Cseh
March 12, 2024

Securing Connections: Decoding UK PSTI Act Webinar

Last-minute guidance to connected device manufacturers- the upcoming webinar by QIMA & CCLab

Due to the upcoming deadline, QIMA and CCLab are organizing a joint webinar to familiarize registrants with the details of PSTI, which products it affects, to whom it applies and to present its relevant services.

Practical Approach to Consumer IoT Cybersecurity CCLab on-demand webinar
Levente Cseh
November 6, 2023

Practical Approach to Consumer IoT Cybersecurity CCLab on-demand webinar

This webinar presents the background of consumer IoT, the importance of relevant cybersecurity regulations, and the challenges faced by manufacturers.

As the IoT device market is rapidly growing, one of the most important challenges in the IoT device market is cybersecurity. Because these devices are connected to a network, they are vulnerable to cyberattacks that could compromise the confidentiality, integrity, and availability of the device and the information it processes. This can have serious consequences.


You don’t have enough information about Consumer IoT Cybersecurity?

check our faq

Do you need support to evaluate your consumer IoT device? Contact us!



Kenneth Lasoski

Kenneth Lasoski

Versa Networks

Evaluation team was extremely reasonable and flexible with resolution to findings and was helpful in finding agreeable solutions for CB comments. Consultation team was always responsive and helped shape the documentation for easier evaluation, and provided useful recommendations on satisfying SFR/SARs.

Thierry Bonda

Thierry Bonda


CCLab was well prepared, flexible during the whole evaluation process, and supported us with continuous communication and guidance. Many lessons were learnt during the project and CCLab has always been looking for solutions, supporting our developers the best way they could. The new Swiss evaluation methodology was a good and professional basis to work with, but both parties had to learn how to deal with it.

Jake Nelson

Jake Nelson

Corsec Security Inc.

The relationship between Corsec and CCLab has been instrumental in helping product vendors successfully complete the Common Criteria certification process. As a Common Criteria consultant to the product vendor, Corsec relies on CCLab’s responsiveness and expertise to quickly and thoroughly complete the testing component of the process. CCLab has been essential in managing multiple projects, their professionalism has helped ensure product vendor satisfaction and ultimate project success.

Alexander Testov

Alexander Testov

AO Kaspersky Lab.

"I would definitely recommend CCLab to anyone in need of Common Criteria certification. Our cooperation was comfortable, well organized and efficient. I am totally satisfied with the result."

Dayton Marcucci

Dayton Marcucci

HID Global

The CCLab team gave us full support to adapt to the changes during product development. Whatever the challenges faced they could keep the due dates and we were able to complete the process quickly and efficiently. The real agile lab helped our success. We are going to work with them again. I highly recommend them to anyone wanting to get its product certified.

Jaime Chica

Jaime Chica

NXP Semiconductors

It was a well-managed project which achieved success in an effortless manner.

Kalev Pihl

Kalev Pihl

SK ID Solutions

We needed a lab that works quickly but with high work morale and quality of work. CCLab is exactly like that! It was good cooperation experience to work with them. The project was rather complex and our expectations maybe even too high, but the team was committed to the common goals and could keep the milestones; therefore we were able to deliver what was needed. I highly recommend CCLab team to anyone for their great team spirit, quality orientations, agility and reasonable pricing.

Israr Ahmed

Israr Ahmed

Ascertia Ltd.

On behalf of Ascertia, accept my appreciation for the excellent job done by CCLab team over the past several months in achieving the Common Criteria Certificate for ADSS Server SAM solution. It was an enormous undertaking but went smoothly and efficiently! Thanks to your leadership and dedication combined with your staff's teamwork and energy, we achieved our target. You and your employees should take great pride in this accomplishment. We look forward to extend our work with you for our next certification milestone and hope will continue to get such excellent service.

Zsolt Rózsahegyi

Zsolt Rózsahegyi

I4P Informatics Ltd.

Thanks to the agile processes we've been able to add new features to the product during the evaluation that made it even more valuable to customers. CCLAB efficiently supported us throughout the whole change management process. The predictability, accurate scheduling, and supportive mindset helped us to finish the project in time.