General

Categories: General
Committee: NSAI/TC 2 (ICT )
Origin: NSAI
Close date: 24 Jul 2026
View moreView less
 

The present document defines Product Specific Requirements for Life Cycle Assessment (LCA) of Smartphones so that 
it is possible to compare the LCA between different smartphone models on SKU level (e.g. considering different 
memory configurations). The present document provides a methodology for evaluating the environmental impact of 
smartphones objectively and transparently and is based upon the Life Cycle Assessment (LCA) framework standardized 
in ETSI ES 203 199 [1] and IEC 63366 [i.1]. The purpose of the present document is to: 
• Provide smartphone-specific requirements, i.e. Product Specific Rules (PSR), in addition to those of ETSI 
ES 203 199 [1] and IEC 63366 [i.1] to ensure comparability of LCA studies of smartphones on SKU level. 
• Harmonize the LCAs of smartphones. 
• Increase the transparency and facilitate the interpretation of LCA studies of smartphones. 
• Facilitate the communication of LCA studies of smartphones on SKU level. 
The present document is valid for all types of smartphones. Moreover, the present document defines a set of 
requirements for which the LCA practitioners will comply. Comparisons of results from LCA studies of smartphones 
which belong to the same product family, including assessments which have been performed by different organizations, 
are within the scope of the present document.

Categories: General
Committee: NSAI/TC 2 (ICT )
Origin: NSAI
Close date: 24 Jul 2026
View moreView less
 

The present document specifies the accessibility requirements applicable to ICT products and services, together with a 
description of the test procedures and evaluation methodology for each accessibility requirement. 
The present document is intended for use by designers, developers, evaluators, manufacturers, market surveillance 
entities, procurers, researchers, and anyone else interested in the accessibility of ICT products and services. 
The present document is not intended to apply to assistive technologies that are designed specifically for use by people 
with disabilities, except for requirement 11.5.2.4 that requires assistive technologies to use the documented platform 
accessibility services, although making assistive technologies usable and applicable for people with multiple disabilities 
is desirable. The requirements do apply to the launch of assistive technologies since that is a function of the platform, 
not the assistive technology. 
The present document supports the implementation of Directive (EU) 2016/2102 on the accessibility of the websites 
and mobile applications of public sector bodies [i.27], and of Directive (EU) 2019/882 on the accessibility of ICT 
products and services [i.29]. The coverage of the essential requirements of these Directives is given in Annexes ZA and 
ZB. 
The present document contains the necessary accessibility requirements and provides a reference document such that if 
procedures are followed by different actors, the results of testing are similar and the interpretation of those results is 
clear. The test descriptions and evaluation methodology included in the present document are elaborated to a level of 
detail compliant with ISO/IEC 17007:2009 [i.14], so that conformance testing can give conclusive results. 

Categories: General
Committee: CEN/TC 278 (Intelligent Transport Systems)
Origin: CEN
Close date: 27 Jul 2026
View moreView less
 
Categories: General
Committee: CEN/TC 445 (Digital information Interchange in the Insurance Industry)
Origin: CEN
Close date: 27 Jul 2026
View moreView less
 
Categories: General
Committee: NSAI/TC 2 (ICT )
Origin: NSAI
Close date: 14 Aug 2026
View moreView less
 

The present document specifies the Service Information (SI) data which forms a part of Digital Video Broadcasting 
(DVB) bitstreams, in order that the user can be provided with information to assist in selection of services and/or events 
within the bitstream, and so that the Integrated Receiver Decoder (IRD) can automatically configure itself for the 
selected service. SI data for automatic configuration is mostly specified within ISO/IEC 13818-1 [1] as Program 
Specific Information (PSI). 
The present document specifies additional data which complements the PSI by providing data to aid automatic tuning of 
IRDs, and additional information intended for display to the user. The manner of presentation of the information is not 
specified in the present document, and IRD manufacturers have freedom to choose appropriate presentation methods. 
It is expected that Electronic Programme Guide (EPG) will be a feature of Digital TeleVision (TV) transmissions. 
The definition of an EPG is outside the scope of the present document (i.e. the SI specification), but the data contained 
within the SI specified in the present document may be used as the basis for an EPG. 
Rules of operation for the implementation of the present document are specified in ETSI TS 101 211 [i.1]. 

Categories: General
Committee: NSAI/TC 2 (ICT )
Origin: NSAI
Close date: 15 Aug 2026
View moreView less
 

The present document specifies technical cybersecurity product requirements and corresponding assessment criteria for 
boot managers. The products with digital elements in scope, there after "the products": 
• are specified within the technical description of the category of product number 8 by the Commission 
Implementing Regulation (EU) 2025/2392 [i.2] as: - 
"Software products with digital elements that manage the process of initial system startup after power 
on/restart by initialising hardware, loading or transferring control to the operating system environment or 
system resources, and selecting boot options. This category includes but is not limited to UEFI firmware, 
single-stage and multi-stage boot loaders." 
• are only covered within the product context described in clause 4. 
The scope covers software and firmware components that manage the boot process from power-on through 
establishment of the chain of trust to handoff to the boot target. Products in scope include boot management software 
and firmware regardless of distribution model or integration level. These are: 
• System firmware that performs hardware initialisation and boot management. 
• Bootloaders that manage boot target selection, verification, and loading. 
• Embedded boot firmware in IoT and embedded devices. 
• Network boot implementations enabling remote boot capabilities. 
• Boot managers that integrate with hardware security components for chain of trust establishment. 
NOTE 1: Boot managers may be single-stage (direct loading) or multi-stage (staged verification). 
NOTE 2: For microcontrollers (MCUs) and microprocessors (MPUs): 
• Silicon-integrated immutable firmware: Mask ROM, fused code, or boot firmware integrated during chip 
manufacturing is assessed as part of MCU/MPU hardware under semiconductor standards. 
• Updateable boot managers: Boot software in flash storage (including OTP programmed post-manufacture) is 
assessed using the present document when distinctly identifiable or independently updatable. 
NOTE 3: Runtime services executing after boot target handoff (such as secure monitor mode handlers or attestation 
services) are in scope only if they provide verification or attestation services to the boot process itself, not 
to the boot target. 
The present document covers those products to demonstrate compliance with essential cybersecurity requirements in the 
Regulation (EU) 2024/2847 [i.1], Annex I Part I under the conditions identified in Annex A. 

Categories: General
Committee: NSAI/TC 2 (ICT )
Origin: NSAI
Close date: 16 Aug 2026
View moreView less
 

The present document specifies technical requirements and corresponding assessment criteria for Virtualisation 
Execution Stack (VES) and Container Execution Stack (CES) products, including hypervisors and container runtime 
systems, related to cybersecurity. The products with digital elements in scope, thereafter referred to as the "product": 
• are specified within the "technical description" of the "category of product" in Class II, point 1 by the 
Commission Implementing Regulation (EU) 2025/2392 [i.2] as: 
"Hypervisors and container runtime systems that support virtualised execution of operating systems and 
similar environments"; 
• are only covered within the product context described in clause 4. 
The present document covers those products to demonstrate compliance with essential cybersecurity requirements in the 
Regulation (EU) 2024/2847 [i.1], Annex I, Part I  under the conditions identified in Annex A. 
Commission Implementing Regulation (EU) 2025/2392 [i.2] identifies hypervisors and container runtime systems as 
core components. However, actual market products typically include additional elements beyond the hypervisor kernel 
or container runtime binary. These additional components provide essential management, orchestration, and operational 
capabilities that are necessary for real-world deployment and are therefore included within the scope of the present 
document. 
The present document addresses the CRA Class II, point 1 product category within the following product contexts: 
• Virtualisation Execution Stack (VES) for hypervisor-based environments; and 
• Container Execution Stack (CES) for container-based environments. 
The corresponding terms and definitions are provided in clause 3. The architectural decomposition, in-scope 
components, and security-relevant environmental dependencies are specified in clause 4. 
Accordingly, the present document defines security requirements not only for the core execution systems identified in 
the CRA but also for the broader product context in which these systems are deployed, ensuring alignment with market 
reality and comprehensive coverage of security risks. The Management and Orchestration (M&O) System, Container 
Engine (CE), and Container Orchestrator (CO) are covered by the present document and are in scope only where they 
are developed or provided by the manufacturer, or under the responsibility of the manufacturer, as part of the declared 
product. 
Any usage of AI agents is out of scope of the present document. 
Where the product includes or depends on components that are outside the scope of the present document, the 
applicable requirements are to be addressed through the relevant operational-environment provisions or other relevant harmonised standards, as identified in clause 4.3. 

 

Categories: General
Committee: NSAI/TC 2 (ICT )
Origin: NSAI
Close date: 21 Aug 2026
View moreView less
 

The present document specifies technical requirements and corresponding assessment criteria for password managers 
related to cybersecurity. The products with digital elements in scope, thereafter "the product": 
• are specified within the "technical description" of the "category of product" number "NN" by the Commission 
Implementing Regulation (EU) 2025/2392 [i.2] as:  
"Products with digital elements that store passwords, locally on a device or on a remote server, including 
activities such as generation of passwords as well as password sharing and integration with local or third
party applications for usage of passwords. 
This category includes but is not limited to local password managers, password managers provided as 
browser extensions, enterprise password managers as well as hardware-based password managers". 
• are only covered within the product context described in clause 4. 
The present document covers those products to demonstrate compliance with essential cybersecurity requirements in the 
Regulation (EU) 2024/2847 [i.1], Annex I Part I under the conditions identified in annex A. 
Password Managers: a subset of identity and access management systems.For other types of authentication mechanisms, 
see the IAM standard prEN 40000-10 [i.10] currently drafted by CEN TC 224. Consult clause 3.1 for the product definition. 

Categories: General
Committee: NSAI/TC 2 (ICT )
Origin: NSAI
Close date: 21 Aug 2026
View moreView less
 

The present document defines classes of environmental conditions and their severities to which telecommunication
equipment may be exposed. The severities specified are those which will have a low probability of being exceeded;
generally less than 1 % of the time of a transport.
The present document applies to equipment being transported from one place to another after being made ready for
dispatch from the manufacturer's works. The most commonly used methods of transportation have been taken into
account, i.e. ground, water and air transport. Loading and unloading as well as temporary storage, have been included.
Where the equipment is packaged the environmental conditions apply to the packaged equipment.
NOTE: Normal transportation time is considered to be 30 days or less. Where the total transportation time
exceeds 30 days then additional storage or packaging precautions should be considered.
The tests applicable to verify the compliance with the transportation and handling environmental classes of the present
document, are defined in ETSI EN 300 019-2-2 [i.5].

Categories: General
Committee: NSAI/TC 2 (ICT )
Origin: NSAI
Close date: 21 Aug 2026
View moreView less
 

The present document applies to the following radio equipment type: 
• User Equipment for Evolved Universal Terrestrial Radio Access (E-UTRA). 
This radio equipment type is capable of operating in all or any part of the frequency bands given in tables from 1-1 
through 1-5. 
Table 1-1: E-UTRA UE operating bands 
E-UTRA Band Direction of UE transmission E-UTRA operating bands Related EC/ECC 
decision 
1 Transmit 1 920 MHz to 1 980 MHz [i.21] and [i.22] Receive 2 110 MHz to 2 170 MHz 
3 Transmit 1 710 MHz to 1 785 MHz [i.19] and [i.20] Receive 1 805 MHz to 1 880 MHz 
7 Transmit 2 500 MHz to 2 570 MHz [i.24] and [i.25] Receive 2 620 MHz to 2 690 MHz 
8 Transmit 880 MHz to 915 MHz [i.19] and [i.20] Receive 925 MHz to 960 MHz 
20 Transmit 832 MHz to 862 MHz [i.6] and [i.7] Receive 791 MHz to 821 MHz 
22 Transmit 3 410 MHz to 3 490 MHz [i.26] and [i.27] Receive 3 510 MHz to 3 590 MHz 
28 
(see note 6) 
Transmit 703 MHz to 748 MHz [i.14] and [i.15] Receive 758 MHz to 803 MHz 
31 Transmit 452,5 MHz to 457,5 MHz [i.16] Receive 462,5 MHz to 467,5 MHz 
32 
(see note 1) 
(see note 2) 
Transmit N/A  
Receive 1 452 MHz to 1 496 MHz [i.17] and [i.18] 
33 Transmit and Receive 1 900 MHz to 1 920 MHz [i.22] 
34 Transmit and Receive 2 010 MHz to 2 025 MHz [i.22] 
38 Transmit and Receive 2 570 MHz to 2 620 MHz [i.24] and [i.25] 
40 Transmit and Receive 2 300 MHz to 2 400 MHz [i.23] 
41 (note 7) Transmit and Receive 2 496 MHz to 2 690 MHz [i.24] and [i.25] 
42 Transmit and Receive 3 400 MHz to 3 600 MHz [i.26] and [i.27] 
43 Transmit and Receive 3 600 MHz to 3 800 MHz [i.26] and [i.27] 
46 
(see note 3) 
(see note 4) 
Transmit and Receive  5 150 MHz to 5 925 MHz [i.29] and [i.30] 
65 
(see note 5) 
Transmit 1 920 MHz to 2 010 MHz [i.21], [i.22] and [i.28] Receive 2 110 MHz to 2 200 MHz 
67 Transmit N/A  
Receive 738 MHz to 758 MHz [i.14] and [i.15] 
68 Transmit 698 MHz to 728 MHz [i.14], [i.15] and [i.31]  Receive 753 MHz to 783 MHz 
69 
(see note 1) 
Transmit N/A  
Receive 2 570 MHz to 2 620 MHz [i.24] and [i.25] 
72 Transmit 451 MHz to 456 MHz [i.16] Receive 461 MHz to 466 MHz 
87 Transmit 410 MHz to 415 MHz [i.16] Receive 420 MHz to 425 MHz 
88 Transmit 412 MHz to 417 MHz [i.16] Receive 422 MHz to 427 MHz 
 
ETSI 
Final draft ETSI EN 301 908-13 V13.4.1 (2026-06) 14 
E-UTRA Band Direction of UE transmission E-UTRA operating bands Related EC/ECC 
decision 
NOTE 1: Restricted to E-UTRA operation when carrier aggregation is configured. The downlink operating band is 
paired with the uplink operating band (external) of the carrier aggregation configuration that is supporting the 
configured Pcell. 
NOTE 2: In Europe, according to [i.17] and [i.18], radio equipment in band 32 operates between 1 452 MHz and 
1 492 MHz. 
NOTE 3: This band is an unlicensed band restricted to licensed-assisted operation using Frame Structure Type 3. In 
Europe according to [i.29] and [i.30], radio equipment in band 46 operates between 5 150 MHz and 
5 725 MHz as in table 1-1A. 
NOTE 4: In this version of the present document, restricted to E-UTRA DL operation when carrier aggregation is 
configured. 
NOTE 5: A UE that complies with the E-UTRA Band 65 minimum requirements in the present document also complies 
with the E-UTRA Band 1 minimum requirements. This band includes two frequency ranges that are 
harmonised in Europe:  
a) According to [i.21] and [i.22], radio equipment in band n65 operates between 2 110 MHz and 2 170 MHz 
for the transmitter (FDL_low = 2 110 MHz and FDL_high = 2 170 MHz), and between 1 920 MHz and 
1 980 MHz for the receiver (FUL_low = 1 920 MHz and FUL_high = 1 980 MHz). 
b) Based on [i.29], radio equipment in band n65 operates between 2 170 MHz and 2 200 MHz for the 
transmitter (FDL_low = 2 170 MHz and FDL_high = 2 200 MHz) and between 1 980 MHz and 2 010 MHz for 
the receiver (FUL_low = 1 980 MHz and FUL_high = 2 010 MHz) as the Complementary Ground 
Component (CGC) of a Mobile-satellite service by reference to the present Harmonised Standard. 
NOTE 6: In Europe, according to [i.14], [i.15] and [i.31], radio equipment in band 28 operates between 703 MHz to 
736 MHz for the transmitter (FUL_low = 703 MHz and FUL_high = 736 MHz) and between 758 MHz to 791 MHz 
for the receiver (FDL_low = 758 MHz and FDL_high = 791 MHz). 
NOTE 7: In Europe according to [i.24] and [i.25], radio equipment in band 41 operates between 2 570 MHz and 
2 620 MHz (FDL_low = 2 570 MHz and FDL_high = 2 620 MHz). 
 
NOTE 1: The relationship between the present document and essential requirements of article 3.2 of 
Directive 2014/53/EU [i.2] is given in annex A. 
Table 1-1A: Sub-bands for band 46 
E-UTRA Band 
46a 
46b 
46c 
NOTE:  The sub-bands 46a and 46b are restricted to indoor use only. 
 
Table 1-2: E-UTRA UE Intra-band contiguous CA operating bands 
E-UTRA CA Band 
CA_1 
CA_3 
CA_7 
CA_38 
CA_40 
CA_41 
CA_42 
 
 
ETSI 
Final draft ETSI EN 301 908-13 V13.4.1 (2026-06) 15 
Table 1-3: E-UTRA UE Inter-band CA operating bands (two bands) 
E-UTRA CA Band 
CA_1-3 
CA_1-7 
CA_1-8 
CA_1-20 
CA_1-41 
CA_1-42 
CA_1-46 
CA_3-7 
CA_3-8 
CA_3-20 
CA_3-28 
CA_3-41 
CA_3-42 
CA_3-46 
CA_7-20 
CA_7-28 
CA_7-46 
CA_8-20 
CA_8-40 
CA_8-41 
CA_20-32 
CA_41-42 
CA_41-46 
CA_42-46 
CA_20-67 
 
Table 1-4: E-UTRA UE Inter-band CA operating bands (three bands) 
E-UTRA CA Band 
CA_1-3-8 
CA_1-3-20 
CA_1-7-20 
CA_3-7-20 
CA_3-41-42 
 
Table 1-5: Intra-band non-contiguous CA operating bands (with two sub-blocks) 
E-UTRA CA Band 
CA_3-3 
CA_7-7 
CA 41-41 
CA_42-42 
 
E-UTRA NB-IoT is designed to operate in the E-UTRA operating bands 1, 3, 8, 20, 28 and 65 defined in table 1-1. The 
present document covers requirements for E-UTRA FDD and E-UTRA TDD User Equipment from 3GPP™ Releases 8, 
9, 10, 11, 12, and 13 defined in ETSI TS 136 101 [3]. This includes the requirements for E-UTRA UE operating bands 
and E-UTRA CA operating bands from 3GPP™ Release 13 defined in ETSI TS 136 101 [3]. 
NOTE 2: For Band 20: 

 For user equipment designed to be mobile or nomadic, the requirements in the present document 
measured at the antenna port also show conformity to the corresponding requirement defined as 
Total Radiated Power (TRP), as described in Commission Decision 2010/267/EU [i.6] and 
ECC Decision (09)03 [i.7]. 

 For user equipment designed to be fixed or installed, the present document does not address the 
requirements described in Commission Decision 2010/267/EU [i.6] and ECC Decision (09)03 [i.7]. 
16
Final draft ETSI EN 301 908-13 V13.4.1 (2026-06)
NOTE 3:  TRP/TRS requirements only applicable to the devices wider than or equal to 56 mm and narrower than or 
equal to 92 mm.  
The present document contains requirements to demonstrate that radio equipment both effectively uses and supports the 
efficient use of radio spectrum in order to avoid harmful interference.

Categories: General
Committee: TC 111 (error)
Origin: IEC
Close date: 21 Aug 2026
View moreView less
 
Categories: General
Committee: CEN/TC 307 (Oilseeds, vegetable and animal fats and oils and their by-products - Methods of sampling and analysis)
Origin: CEN
Close date: 26 Aug 2026
View moreView less
 
Categories: General
Committee: NSAI/TC 2 (ICT )
Origin: NSAI
Close date: 28 Aug 2026
View moreView less
 

The present document applies to Mobile Earth Station (MES) radio equipment which have the following characteristics: 
• the MES has both transmit and receive capabilities and operate in a Satellite-Personal Communications 
Network (S-PCN). An S-PCN MES can be a handheld, portable, vehicle-mounted, host connected, semi-fixed 
or fixed equipment, or can be an element in a multi-mode terminal. It consists of a number of modules with 
associated connections and user interface, or can be a self-contained single unit; 
• these MESs are controlled and monitored by Control Monitoring Functions (CMF). The CMF is outside the 
scope of the present document; 
• if the MES is an element in a multi-mode terminal, unless otherwise stated in the present document, its 
requirements apply only to the S-PCN MES element of the terminal operating in the MSS frequency bands 
given in table 1; 
• the MES is capable in operating in all or part of the frequency bands shown in table 1. 
Table 1: Mobile Satellite Service (MSS) frequency bands 
MES 
MSS frequency bands 
Transmit 
Receive 
1 610 MHz to 1 626,5 MHz 
1 613,8 MHz to 1 626,5 MHz 
Receive 
2 483,5 MHz to 2 500,0 MHz 
NOTE: The relationship between the present document and essential requirements of article 3.2 of Directive 
2014/53/EU [i.3] is given in annex A.

Categories: General
Committee: NSAI/TC 2 (ICT )
Origin:
Close date: 28 Aug 2026
View moreView less
 

The present document specifies technical characteristics and methods of measurements for Mobile Earth Stations 
(MES) providing Low Bit Rate Data Communications (LBRDC) using Low Earth Orbit (LEO) satellites and which 
have the following characteristics: - - - - 
the MES as covered by the present document are a Based MES (BMES), a Vehicle mounted MES (VMES), or 
a Portable MES (PMES); 
the MESs operate through satellites in Low Earth Orbit (LEO) as part of a network providing Low Bit Rate 
Data Communications (LBRDC); 
these radio equipment are designed to operate in all or any part of the frequency bands given in table 1. 
The MESs have to be part of a satellite network and controlled and monitored by a Network Control Facility 
(NCF). The specification of the NCF is outside the scope of the present document. 
Table 1: Frequency ranges in Transmit and Receive frequencies 
MES Transmit frequencies and Service allocations 
(MHz) 
MES Receive frequencies and Service allocations 
(MHz) 
148 to 149,9 
MSS 
137 to 137,025 
149,9 to 150,05 
MSS 
137,025 to 137,175 
MSS 
235 to 322 
mss 
MSS 
137,175 to 137,825 
335,4 to 399,9 
MSS 
MSS 
137,825 to 138 
399,9 to 400,05 
mss 
MSS 
235 to 322 
335,4 to 399,9 
MSS 
MSS 
400,15 to 401 
MSS 
NOTE 1: The acronyms "MSS" and "mss" refer to mobile satellite service (See list of abbreviations). Capital letters 
"MSS" refer to Primary MSS service. Lower case "mss" refers to secondary MSS service.  
The present document is intended to cover the provisions of article 3.2 of Directive 2014/53/EU [i.3] (RE Directive). 
NOTE 2: The relationship between the present document and essential requirements of article 3.2 of the Directive 
2014/53 [i.3] is given in Annex A.

Categories: General
Committee: NSAI/TC 2 (ICT )
Origin: NSAI
Close date: 28 Aug 2026
View moreView less
 

The present document specifies technical characteristics and methods for measurements for satellite communications 
Earth Stations (ES) with the following characteristics: 
• The ES is designed for stationary operation. 
• The ES is operating as part of a satellite network (e.g. star, mesh or point to point) used for the distribution 
and/or exchange of information. 
• The transmit and receive frequencies are shown in Table 1. 
Table 1: Frequency bands 
Transmit (Earth-to-space) 1 
Frequency Bands/frequencies 
Transmit (Earth-to-space) 2 
27,5 GHz to 29,1 GHz  
29,5 GHz to 30,0 GHz 
Receive (space-to-Earth) 
17,3 GHz to 20,2 GHz 
• The ES transmits within the frequency range from 27,5 GHz to 29,1 GHz and 29,5 GHz to 30,0 GHz, which 
are bands allocated to the Fixed Satellite Services (FSS) (Earth-to-space) among other services. 
• At the national level, terminals covered by the present document, might operate on a co-frequency basis, with 
stations of other FSS networks / systems or with stations of other services. The present document does not 
cover requirements for ensuring protection of such services. 
• The ES receives within the range from 17,30 GHz to 20,20 GHz (FSS). 
• The ES uses linear or circular polarization. 
• The ES operates through non-geostationary satellites. 
• The ES is designed for unattended operation and it does not address specifications or requirements for earth 
stations operating as gateways or master earth station. 
• The ES is controlled and monitored by a Network Control Facility (NCF). This function may be performed 
centrally (e.g. for a network of ESs with a central hub) or it could be performed within the ES for autonomous 
control. The NCF is outside the scope of the present document. 
• The ES has one or more directive antennas that track satellites. 
The present document may also be applicable to the frequency bands 30,0 GHz to 31,0 GHz (Earth-to-space) and 
20,2 GHz to 21,2 GHz (space-to-Earth) subject to national regulation. 
The present document applies to the ES including its ancillary equipment and its various telecommunication ports, and 
when operated within the boundary limits of the operational environmental profile as defined by the intended use of the 
ES 
NOTE: The relationship between the present document and essential requirements of article 3.2 of Directive 
2014/53/EU [i.1] is given in annex A.

Categories: General
Committee: NSAI/TC 2 (ICT )
Origin: NSAI
Close date: 30 Aug 2026
View moreView less
 

The present document specifies vulnerability handling activities, technical requirements and corresponding assessment 
criteria for routers, modems intended for connection to the internet, and switches related to cybersecurity. The products 
with digital elements in scope: 
• are specified within the "technical description" of the "category of product" in Class I, point 12 by the 
Commission Implementing Regulation (EU) 2025/2392 [i.2] of 28 November 2025 on the technical 
description of the categories of important and critical products with digital elements pursuant to 
Regulation (EU) 2024/2847 of the European Parliament and of the Council [i.1] as: - - - 
"Routers are products with digital elements that establish and control the flow of data between different 
networks by selecting paths or routes using routing protocol mechanisms and algorithms, typically 
operating at the network layer. 
This category includes but is not limited to wired and wireless routers, virtual routers and routers with or 
without modems."; 
"Modems intended for the connection to the Internet are hardware products with digital elements that use 
digital modulation and demodulation techniques to convert analogue signals from and to digital signals 
for IP-based communication. 
This category includes but is not limited to fibre modems, Digital Subscriber Line (DSL) modems, cable 
(DOCSIS) modems, satellite modems and cellular modems."; 
"Switches are products with digital elements that provide connectivity between networked devices 
through traffic forwarding mechanisms typically implemented at the data link layer. 
This category includes but is not limited to managed switches, smart switches, multilayer switches, 
virtual security switches, programmable switches for software-defined networking and bridges such as 
wireless access points."; 
• are only covered within the product context described in clause 4. 
The present document covers those products to demonstrate compliance with the essential cybersecurity requirements 
of Regulation (EU) 2024/2847 [i.1], Annex I Part I, under the conditions identified in Annex A. 
NOTE 1: The term "internet" refers to any public network accessible beyond organizational boundaries. Public 
networks are accessible to multiple organizations or the general public. Private networks operate under 
single organizational control. 
Routers, modems intended for connection to the internet, and switches fall within the scope of the present document 
when they provide management capabilities. This applies to all deployment forms such as dedicated hardware, virtual 
machines, containerized applications, and cloud-native network functions. The intended purpose or reasonably 
foreseeable use is to process, forward, or manage network traffic between devices, network segments, or between public 
and private networks. 
NOTE 2: Unmanaged products with fixed functionality and no configuration interface are excluded from scope, as 
they lack the interfaces needed to implement the security controls of the present document. 
The present document does not specify protocol conformance requirements, performance specifications, QoS metrics, 
or interoperability testing. Security controls for protocol implementation and vulnerability management remain within 
scope. 
NOTE 3: Products that integrate particular wireless or wired communication technologies, such as Wi-Fi®, cellular, 
DECT, and DECT-2020 NR remain within scope when they function as routers, modems intended for 
connection to the internet, or switches 
Routers, modems intended for connection to the internet, and switches intended for use in the industrial Operational 
Technology (OT) domain are excluded from the scope of the present document, see prEN 50770-5 [i.14].

Categories: General
Committee: NSAI/TC 2 (ICT )
Origin: NSAI
Close date: 30 Aug 2026
View moreView less
 

The present document specifies test severities and methods for the verification of the required resistibility of equipment 
according to the relevant environmental class. 
The tests in the present document apply to stationary use of equipment at weatherprotected locations covering the 
environmental conditions stated in ETSI EN 300 019-1-3 [1].