General
The present document specifies vulnerability handling activities, technical requirements and corresponding assessment
criteria for routers, modems intended for connection to the internet, and switches related to cybersecurity. The products
with digital elements in scope:
• are specified within the "technical description" of the "category of product" in Class I, point 12 by the
Commission Implementing Regulation (EU) 2025/2392 [i.2] of 28 November 2025 on the technical
description of the categories of important and critical products with digital elements pursuant to
Regulation (EU) 2024/2847 of the European Parliament and of the Council [i.1] as: - - -
"Routers are products with digital elements that establish and control the flow of data between different
networks by selecting paths or routes using routing protocol mechanisms and algorithms, typically
operating at the network layer.
This category includes but is not limited to wired and wireless routers, virtual routers and routers with or
without modems.";
"Modems intended for the connection to the Internet are hardware products with digital elements that use
digital modulation and demodulation techniques to convert analogue signals from and to digital signals
for IP-based communication.
This category includes but is not limited to fibre modems, Digital Subscriber Line (DSL) modems, cable
(DOCSIS) modems, satellite modems and cellular modems.";
"Switches are products with digital elements that provide connectivity between networked devices
through traffic forwarding mechanisms typically implemented at the data link layer.
This category includes but is not limited to managed switches, smart switches, multilayer switches,
virtual security switches, programmable switches for software-defined networking and bridges such as
wireless access points.";
• are only covered within the product context described in clause 4.
The present document covers those products to demonstrate compliance with the essential cybersecurity requirements
of Regulation (EU) 2024/2847 [i.1], Annex I Part I, under the conditions identified in Annex A.
NOTE 1: The term "internet" refers to any public network accessible beyond organizational boundaries. Public
networks are accessible to multiple organizations or the general public. Private networks operate under
single organizational control.
Routers, modems intended for connection to the internet, and switches fall within the scope of the present document
when they provide management capabilities. This applies to all deployment forms such as dedicated hardware, virtual
machines, containerized applications, and cloud-native network functions. The intended purpose or reasonably
foreseeable use is to process, forward, or manage network traffic between devices, network segments, or between public
and private networks.
NOTE 2: Unmanaged products with fixed functionality and no configuration interface are excluded from scope, as
they lack the interfaces needed to implement the security controls of the present document.
The present document does not specify protocol conformance requirements, performance specifications, QoS metrics,
or interoperability testing. Security controls for protocol implementation and vulnerability management remain within
scope.
NOTE 3: Products that integrate particular wireless or wired communication technologies, such as Wi-Fi®, cellular,
DECT, and DECT-2020 NR remain within scope when they function as routers, modems intended for
connection to the internet, or switches
Routers, modems intended for connection to the internet, and switches intended for use in the industrial Operational
Technology (OT) domain are excluded from the scope of the present document, see prEN 50770-5 [i.14].
The present document specifies test severities and methods for the verification of the required resistibility of equipment
according to the relevant environmental class.
The tests in the present document apply to stationary use of equipment at weatherprotected locations covering the
environmental conditions stated in ETSI EN 300 019-1-3 [1].
The present document specifies technical characteristic and methods of measurements for Very Small Aperture
Terminal (VSAT) equipment which has the following characteristics:
• the VSAT is operating in one or more frequency ranges within the following bands allocated to the Fixed
Satellite Service (FSS), shared with other services, e.g. the Fixed Service (FS) and the Mobile Service (MS): - - -
5,850 GHz to 7,075 GHz (Earth-to-space);
3,400 GHz to 4,200 GHz (space-to-Earth);
4,500 GHz to 4,800 GHz (space-to-Earth);
• the VSAT uses linear or circular polarization;
• the VSAT operates through a geostationary satellite at least 2° away from any other geostationary satellite
operating in the same frequency band and covering the same area;
• the VSAT antenna diameter does not exceed 7,3 m, or equivalent effective area;
• the VSAT is either: - - -
a transmit-only VSAT: designed for transmission-only of radio-communications signals in the frequency
band (earth-to-space) specified in the present clause; or
a transmit-and-receive VSAT: designed for transmission-and-reception of radio-communications signals
in the frequency bands specified in the present clause; or
a receive-only VSAT: designed for reception-only of radio-communications signals in the frequency
band (space-to-Earth) specified in the present clause;
• the VSAT is designed for unattended operation;
• the VSAT is operating as part of a satellite network (e.g. star, mesh or point-to-point) used for the distribution
and/or exchange of information between users; the VSAT is controlled, and monitored for the transmit
functionality, by a Centralized Control and Monitoring Facility (CCMF). The VSAT has to implement Control
and Monitoring Functions with either Class A or Class B (structures of the radio states). The specifications
associated to the CCMF facility are outside the scope of the present document.
The present document applies to the VSAT with its ancillary equipment and its various terrestrial ports, and when
operated within the boundary limits of the operational environmental profile defined for the intended use of the VSAT
including all equipment as brought to the market.
The present document does not contain any requirement, recommendation or information about the installation of the
VSAT.
All parts of the indoor unit related to reception, processing and presentation of the received information except the
control channel are not within the scope of the present document. The syntax of the control channel messages is outside
the scope of the present document. The present document is intended to cover the provisions of Directive 2014/53/EU
(Radio Equipment Directive) [i.5] article 3.2.
NOTE: The relationship between the present document and essential requirements of article 3.2 of
Directive 2014/53/EU [i.5] is given in annex A.
The present document specifies vulnerability handling activities, technical requirements and corresponding assessment
criteria for firewalls, intrusion detection systems, and intrusion prevention systems related to cybersecurity. The
products with digital elements in scope:
• are specified within the "technical description" of the "category of product" in Class II, point 2 by the
Commission Implementing Regulation (EU) 2025/2392 [i.2] of 28 November 2025 on the technical
description of the categories of important and critical products with digital elements pursuant to Regulation
(EU) 2024/2847 of the European Parliament and of the Council [i.1] as: - - -
"Firewalls are products with digital elements that protect a connected network or system from
unauthorised access by monitoring and restricting data communication traffic to and from that network.
This category includes but is not limited to network firewalls and application firewalls such as web
application firewalls or filters and anti-spam gateways.";
"Intrusion detection systems are products with digital elements that monitor traffic once it has entered the
network environment for suspicious activity and detect or identify that an intrusion has been attempted,
is occurring, or has occurred on a connected network or system.
This category includes but is not limited to network-based intrusion detection systems and host-based
intrusion detection systems.";
"Intrusion prevention systems are products with digital elements composed of an intrusion detection
system that actively responds to an intrusion to a connected network or system.
This category includes but is not limited to network-based intrusion prevention systems and host-based
intrusion prevention systems.";
• are only covered within the product context described in clause 4.
The present document covers those products to demonstrate compliance with the essential cybersecurity requirements
of Regulation (EU) 2024/2847 [i.1], Annex I Part I, under the conditions identified in Annex A.
Firewalls, intrusion detection systems, and intrusion prevention systems fall within the scope of the present document,
whether deployed as physical appliances or software. The present document applies when the intended purpose or
reasonably foreseeable use involves monitoring, analysing, or controlling network traffic for security purposes.
Products that detect access attempts made without authorisation, identify malicious activity, or enforce traffic controls
to protect networks and systems from intrusions are within scope.
Firewalls, intrusion detection systems, and intrusion prevention systems intended for use in the industrial OT
(Operational Technology) domain are excluded from the scope of the present document, see prEN 50770-1 [i.7].
The present document does not specify how products detect threats, classify traffic, or implement inspection algorithms.
Detection accuracy rates, false positive thresholds, and signature effectiveness metrics are outside scope. Security
requirements for the robustness of protocol parsing engines, the integrity of inspection processes, and vulnerability
management remain within scope.