Singapore and Germany sign mutual recognition agreement on cybersecurity labels for consumer smart products
October 20, 2022
SINGAPORE AND GERMANY SIGN MUTUAL RECOGNITION AGREEMENT ON CYBERSECURITY LABELS FOR SMART CONSUMER PRODUCTS
The Singapore Cybersecurity Agency (CSA) and the German Federal Office for Information Security (BSI) will today sign a Mutual Recognition Agreement (MRA) on the cybersecurity labels to be issued by the two countries .
2. CSA’s Cyber Security Labeling System (CLS) is the first tiered labeling system in the Asia-Pacific region. Under this program, smart devices will be evaluated according to their levels of cybersecurity provisions, from level 1 to level 4. Under the ARM, smart consumer products with the IT security label of Germany and the Cybersecurity Seal of Singapore will be mutually recognized in both countries. Products bearing the BSI label will be recognized by CSA as having met the CLS Level 2 requirements, while products with CLS Levels 2 and above will be recognized by BSI.
3. Mutual recognition of cybersecurity labels will apply to devices intended for consumer use such as smart cameras, smart TVs, smart speakers, smart toys, smart garden and home robots, gateways and hubs for home automation, health trackers, smart lighting, smart plug (smart outlet) and smart thermostats.
4. For starters, the MRA will not cover certain products such as smart door locks, fire/gas/water detectors1, and general computing devices such as computers, smartphones or tablets, which are designed to run any application without a predefined purpose. CSA and BSI will gradually work towards recognizing more product categories under the MRA.
5. Germany is the second country after Finland to formalize the mutual recognition of national cybersecurity labels with Singapore. At SICW 2021, CSA signed its first Memorandum of Understanding (MOU) with the Finnish Transport and Communications Agency (Traficom). Consumer IoT products bearing the Finnish Cybersecurity Label will be recognized as having met CLS Level 3 requirements, and vice versa2.
6. Manufacturers of smart consumer devices will benefit from these agreements as they save cost and time on duplicate testing and gain better access to new markets. Companies that have benefited from the Singapore-Finland MoU include Signify, Polar and ASUS. The first CLS Tier 3 labels under the MoU have been awarded to eight products from Signify’s smart lighting system and Polar Electro’s multisport watches3. Traficom’s first cybersecurity labels under the MoU have been awarded to seven ASUS Wi-Fi 6 router products4.
seven. As of October 2022, more than 200 products – ranging from routers to smart lighting to smart cameras – have been awarded the CLS label.
1 The list of product types is not exhaustive.
2 The CSA and Traficom labels are based on the same standard, ETSI EN 303 645.
3 Products from Signify and Polar Electro are Philips Hue Starter kit and Hue Bridge, and Polar Grit X, Polar Grit X pro, Polar Vantage V2, Polar Vantage M2, Polar Ignite 2 and Polar Unite
4 ASUS products are RT-AX88U, GT-AX11000, RT-AX82U, TUF-AX5400, TUF-AX3000, RT-AX58U and ZenWiFI XD6
About the Singapore Cyber Security Agency
Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace secure to support our national security, fuel a digital economy and protect our digital way of life. It oversees national cybersecurity functions and works with industry officials to protect Singapore’s critical information infrastructure. CSA also works with various stakeholders to increase cybersecurity awareness, create a vibrant cybersecurity ecosystem supported by a strong workforce, pursue international partnerships, and pilot regional cybersecurity capacity building programs.
The CSA is part of the Prime Minister’s office and is managed by the Ministry of Communications and Information. For more news and information, please visit www.csa.gov.sg.
About the Federal Office for Information Security (BSI)
The BSI, established in 1991 as part of the Federal Ministry of the Interior, is the federal cybersecurity agency and the chief architect of secure digitization in Germany. Its objective is the secure use of information and communication technologies in government, the economy and civil society as well as the protection of critical infrastructures in particular. IT security labels are one of the many ways to improve IT security awareness in German society. BSI takes up the global challenge of information security by actively participating in international bodies and by targeting bilateral and multilateral cooperation with other countries. For more information, visit www.bsi.bund.de.