Intertek provides complete Cybersecurity Certifications, Assurance, Testing and Inspection services assuring your product is cyber secure.

The Road to Successful Cybersecurity Certification: We recognize that product certifications are business enablers for our customers. As a result, we aim to not only certify your products, but do so in an efficient, time and cost-effective manner. Intertek has the right philosophical approach as well as the right expertise to position vendors to best meet challenging government cybersecurity certifications.

AMER Region

Argentina

General IoT
  • Argentine Data Protection Act no. 25326 (PDPA)
Financial/Bank
  • Argentine Central Bank issued regulation: Communication BCRA 6354 as amended by 6375
 
Brazil

General IoT
  • Brazilian Internet Law (Law no. 12,965/2014)
  • Regulatory Decree (no. 8.771/2016)
  • Brazilian Data Protection Law (August 2020)
  • National Data Protection Authority (Law no. 13.853/2019)"
Financial/Bank
  • Central Bank of Brazil Resolution No. 4.658/2018 (December 2021)
Telecoms
  • There are no cybersecurity specific laws for telecom in Brazil, though the country is discussing a National Cybersecurity Plan in Congress
  • The most up-to-date regulation that is most closely applicable would be: Decree 8771/2016
 
Canada

General IoT
  • National Cybersecurity Strategy
  • CyberSecure Canada Certification Program
  • Personal Information Protection and Electronic Documents Act (PIPEDA) - Nov 2018
Medical Devices
  • Health Canada published guidance on pre-market requirements for medical device cybersecurity applying to all risk classes
Financial/Bank
  • Personal Information Protection and Electronic Documents Act (PIPEDA) - Nov 2018
  • Bank of Canada's Cybersecurity Strategy 2019-2021
Vehicular
  • Motor Vehicle Safety Act (MVSA)
  • Strengthening Motor Vehicle Safety for Canadians Act (March 2018)
 
Untied States

General IoT
  • California SB327 (Jan 2020)
  • Oregon law (Jan 2020)
  • NIST Small Business Cybersecurity Bill (Jun 2018)
  • NIST Framework for Improving Critical Infrastructure Cybersecurity Verion 1.1 (Apr 2018)
Medical Devices
  • FDA [Guidance extract]
Gov't Purchasing Standards
  • Gov requirements (S.734 - Internet of Things Cybersecurity Improvement Act of 2019)
Financial/Bank
  • [? FIPS ?]
  • US FSSCC Financial Services Sector Cybersecuri-ty Profile Overview and User Guide (Oct 2018)
  • New York Cybersecurity Requirements for Financial Services Companies (Mar 2017)
Telecoms
  • CTIA [Not currently mandatory]
Vehicluar
  • USDOT recommends adopting NIST standards.
 

EMEA Region

European Union

General IoT
  • Cybersecurity Act (March 2019)
  • GDPR (EU) 2016/679
  • EC IACS Cyersecurity Certification Frame-work (ICCF) (April 2018)
Medical Devices
  • Cybersecurity Act (March 2019)
  • GDPR (EU) 2016/679
  • EU's medical technology trade association issued new recommendations and encour-ages the adoption of the EU's new Manufacturer Disclosure Statement for Medical Device Security (MDS2) form
  • NIS DIrective (EU) 2016/1148
  • MDR Regulation (EU) 2017/745
  • IVDR Regulation (EU) 2017/746
Telecoms
  • Cybersecurity Act (March 2019)
  • GDPR (EU) 2016/679
Vehicluar
  • Cybersecurity Act (March 2019)
  • GDPR (EU) 2016/679
  • ENISA recommends manufacturers incorporate cybersecurity into the design of smart car security measures
 
France

General IoT
  • National Digital Security Strategy (Oct 2015)
 
Germany

Medical Devices
  • German Cybersecurity Requirements for Network-connected Medical Devices
Financial/Bank
  • BaFin Specifies BAIT (Feb 2018)
  • BaFin consultation on Circular or bank regulato-ry requirements for IT Systems (March 2017)
Telecoms
  • DRAFT: German IT Security Act 2.0 (IT-SiG, 2.0)
  • German Federal Office for Information Security Act (Aug 2009)
 
Russia

Financial/Bank
  • CBR Central Bank of Russia Standard for Maintenance of Information Security of the Russian Banking System Organizations - General Provisions (Jun 2014)
  • Russian Banking system standard on information security maintenance (Apr 2014)
  • CBR Standard for Information Security of Russian Banking Insitutions Information Security Audit (May 2007)
 
Saudi Arabia

General IoT
  • Essential Cybersecurity Controls (ECC - 1:2018) Standard
  • Anti-Cyber Crime Law
Gov't Purchasing Standards
  • Controls of the Use of Computers and Information networks in Government Entities (Government Mandate No. (81) - 191430/3/H
  • Information Security Policies and Procedures Development Framework for Government Agencies (the Framework)
Financial/Bank
  • SAMA Cybersecurity Framework (May 2017)
Telecoms
  • Controls of the Use of Computers and Information networks in Government Entities (Government Mandate No. (81) - 191430/3/H
  • Information Security Policies and Procedures Development Framework for Government Agencies (the Framework)
  • Resolution No. 555 of 2019
 
South Africa

General IoT
  • Protection of Personal Information Act 4 (POPI Act)
  • Cybercrimes & Cybersecurity Act
  • South Africa National Cybersecurity Policy Framework (Dec 2015)
Financial/Bank
  • Electronic Communications and Transactions Act 25 (ECT Act)
  • South African Reseave Bank (SARB) Guidance to banks on cyber resilience (May 2017)
Telecoms
  • Controls of the Use of Computers and Information networks in Government Entities (Government Mandate No. (81) - 191430/3/H
  • Information Security Policies and Procedures Development Framework for Government Agencies (the Framework)
  • Resolution No. 555 of 2019
 
Turkey

General IoT
  • Turkey does not have any dedicated cybersecurity laws… however, there is data protection legislation which includes the Personal Data Protection Law No. 6698 (the PDPL)
  • Turkey National Cybersecurity Strategy and Action Plan (2016)
Medical Devices
  • Turkish Ministry of Health (TMH) recently published a draft regulation to update its current, EU aligned MDR
Financial/Bank
  • Electronic Commerce Law No. 6563 (e-Commerce Law)
  • Banking Law No. 5411 (Banking Law)
  • Regulation on the Information Systems of Banks and Electronic Banking (DRAFT regulation published Feb 2019)
  • Institutions in the banking sector must comply with the Control Objectives for Information and RElated Technology (COBIT) standards
  • Payment Systems Law No. 6943 - Makes special certification (ISO 27001 and PCI DDS) mandatory
Telecoms
  • Use of ISO/IEC 27001 mandatory for entities providing electronic communicatoin services, electronic networks and infrastructure and energy facilities
 
United Kingdom

General IoT
  • California SB327 (Jan 2020)
  • Oregon law (Jan 2020)
  • NIST Small Business Cybersecurity Bill (Jun 2018)
  • NIST Framework for Improving Critical Infrastructure Cybersecurity Verion 1.1 (Apr 2018)
Financial/Bank
  • UK Financial Conduct Authority (FCA) Consulta-tion on extending Individual Accountability Regime (Jul 2017)
  • UK Open Banking Initiative
  • Bank of England - UK CBEST Intelligence-led Cybersecurity Assessment 2.0 (2016)
Vehicluar
  • PAS 1885:2018
 
Switzerland

General IoT
  • Swiss National Strategy for Protection of Switzerland Against Cyber Attacks (Apr 2018)

APAC Region

Australia

General IoT
  • Cybersecurity Strategy
Medical Devices
  • Australian's Therapeutic Goods Administration (TGA) published medical device cybersecurity guidance for all device risk classes, applicable to industry as well as users
Vehicular
  • Australia is aming to have end-to-end regulation in place by 2020 to support the safe, comercial deployment and operation of autonomous vehicles at all levels of automation
China

General IoT
  • Cybersecurity Law (June 2017)
  • Regulations on Internet Security Supervision and Inspection by Public Security Organs (Nov 2018)
  • Guideline for Internet Personal Information Security Protection (Guideline) (April 2019)
  • International Strategy of Cooperation on Cyberspace (Mar 2017)
Medical Devices
  • The National Medical Products Administra-tion (NMPA) published draft guidelines for standalone medical device software including cybersecurity requirements
Financial/Bank
  • CBRC Guidelines on the Risk management of Commercial Banks' Information Technolo-gy
India

Financial/Bank
  • Institute for Development and Research in Banking Technology (IDRBT) Cybersecurity Checklist (July 2016)
  • RBI Circular to Establish Cybersecurity Framework in Banks (Jun 2016)
Indonesia

Medical Devices
  • Article 57 of Law No. 36 of 2009
Financial/Bank
  • Regulation No. 1/POJK.07/20136
  • Article 25 of Bank Indonesia Regulation No. 18/40/PBI/2016
Telecoms
  • Article 40 of Law No. 36 of 1999
Japan

General IoT
  • [Law understood to come into effect 1 April 2020?]
  • Japan's National Center of Incident Readiness and Strategy for Cybersecurity (Sept 2015)
  • Japan's Basic Act on Cybersecurity (2014)
Financial/Bank
  • JSFA Policy Approaches to Strengthen Cybersecurity in the Financial Sector (Jul 2015)
South Korea

General IoT
  • Personal Ifnormation Protection Act (PIPA)
  • Act on the Promotion of IT Network Use and Information Protection Act (Network Act)
  • The Act on the Protection and Use of Location Information (Location Information Act)
Medical Devices
  • In-vitro Diagnostic Medical Device Act (May 2020)
  • South Korean Ministry for Food and Drug Safety (MFDS) issued guidelines for medical device cybersecurity risk management based on US FDA guidance and recommendations
Financial/Bank
  • Electronic Financial Transactions Act (EFTA)
  • Regulations on Supervision of Electronic Financial Transactions (RSEFT)
  • Credit Information Use and Protection Act (Credit Information Act)
Telecoms
  • Action on the Promotion of IT Network Use and Information Protection Act (Network Act)
  • Protection of Information and Communica-tions Infrastructure Act (PICIPA)
Singapore

General IoT
  • Cybersecurity Act (March 2018)
  • CSA Singapore Cyber Landscape (Jun 2018)
Medical Devices
  • Cybersecurity Act (March 2018)
Gov't Purchasing Standards
  • Cybersecurity Act (March 2018)
Financial/Bank
  • Cybersecurity Act (March 2018)
  • MAS mandated financial institutions must comply with risk management guidelines within the next 12 months (since Aug 2019) in an effort to strengthen the cyber resilience of organizations
Telecoms
  • Cybersecurity Act (March 2018)
Vehicluar
  • Cybersecurity Act (March 2018)
  • TR 68 - a set of guidelines covering areas such as vehicle behavior, safety, and cybersecurity for FULLY autonomous vehicles (2019)
  • Road Traffic Act (2017)
Contact Intertek