loading page

Current challenges of implementing ETSI EN 303 645 as a baseline security standard for consumer IoT security certification
  • +2
  • Felix Körner ,
  • Pascal Schäfer,
  • Holger Zwingmann,
  • Bettina Schnor ,
  • Samim Ahmadi
Felix Körner
Author Profile
Pascal Schäfer
Holger Zwingmann
Bettina Schnor
Author Profile
Samim Ahmadi


Consumer IoT devices are primarily used by people who have limited understanding of cybersecurity. For this reason, it is incumbent upon the manufacturer to set up the consumer IoT device securely. However, implementing such measures is costly and often not done voluntarily by manufacturers. Since regulation is necessary, several standardization organizations worldwide are working on security certification of Consumer IoT devices. This paper provides an overview of the current challenges in certifying consumer IoT devices according to the specifications based on the ETSI EN 303 645 and TS 103 701. We present the assessment of two Consumer IoT devices, which gives an insight into the different involved certification players and exposes challenges and weaknesses of the certification process. Furthermore, interviews were conducted with certification bodies that provide consumer IoT security certification. The interviews highlighted some further challenges and suggestions for improvement of the ETSI EN 303 645 ecosystem.