European industrial CyberSecurity standards

Development of standards for cybersecurity and data protection covering all aspects of the evolving information society including but not limited to: - Management systems, frameworks, methodologies - Data protection and privacy - Services and products evaluation standards suitable for security assessment for large companies and small and medium enterprises (SMEs) - Competence requirements for cybersecurity and data protection - Security requirements, services, techniques and guidelines for ICT systems, services, networks and devices, including smart objects and distributed computing devices Included in the scope is the identification and possible adoption of documents already published or under development by ISO/IEC JTC 1and other SDOs and international bodies such as ISO, IEC, ITU-T, and industrial fora. Where not being developed by other SDO's, the development of cybersecurity and data protection CEN/CENELEC publications for safeguarding information such as organizational frameworks, management systems, techniques, guidelines, and products and services, including those in support of the EU Digital Single Market.,FSP_LANG_ID:2307986,25

Its scope is to contribute, support and coordinate the preparation of international standards for systems and elements used for industrial process measurement, control and automation at CENELEC level. To coordinate standardisation activities which affect integration of components and functions into such systems including safety and security aspects. This CENELEC work of standardisation is to be carried out for equipment and systems and closely coordinated with IEC TC65 and its subcommittees with the objective of avoiding any duplication of work while honouring standing agreements between CENELEC and IEC.

While oriented in the first place to consumer devices,  ETSI EN 303 645, a standard for cybersecurity in the Internet of Things is relevant for manufacturing considerations. The standard establishes a security baseline for internet-connected consumer products and provides a basis for future IoT certification schemes. Based on the ETSI specification TS 103 645, EN 303 645 went through National Standards Organization comments and voting, engaging even more stakeholders in its development and ultimately strengthening the resulting standard. The EN is a result of collaboration and expertise from industry, academics and government.

ETSI EN 303 645 specifies 13 provisions for the security of Internet-connected consumer devices and their associated services. IoT products in scope include connected children’s toys and baby monitors, connected safety-relevant products such as smoke detectors and door locks, smart cameras, TVs and speakers, wearable health trackers, connected home automation and alarm systems, connected appliances (e.g. washing machines, fridges) and smart home assistants. The EN also includes 5 specific data protection provisions for consumer IoT.


  • ETSI M2M

    Helps to produce the specifications to enable users to build platforms by which devices and services can be connected, regardless of the underlying technology used.



    The Smart Applications REFerence (SAREF) ontology is a shared model of consensus that facilitates the matching of existing assets in the smart applications domain. SAREF provides building blocks that allow separation and recombination of different parts of the ontology depending on specific needs.

  • ETSI TS 103 410-5 SAREF4INMA

    SAREF4INMA, an extension of SAREF that was created for the industry and manufacturing domain. SAREF4INMA was created to be aligned with related initiatives in the smart industry and manufacturing domain in terms of modelling and standardization, such as the Reference Architecture Model for Industry 4.0 (RAMI), which combines several standards used by the various national initiatives in Europe that support digitalization in manufacturing.

    These initiatives include, but are not limited to, the platform Industrie 4.0 in Germany, the Smart Industry initiative in the Netherlands, Industria 4.0 in Italy, the 'Industrie du future initiative' in France and more.

    It extends SAREF with 24 classes (in addition to a number of classes directly reused from the SAREF ontology and the SAREF4BLDG extension), 20 object properties (in addition to a number of object properties reused from the SAREF ontology and the SAREF4BLDG extension) and 11 data type properties. SAREF4INMA focuses on extending SAREF for the industry and manufacturing domain to solve the lack of interoperability between various types of production equipment that produce items in a factory and, once outside the factory, between different organizations in the value chain to uniquely track back the produced items to the corresponding production equipment, batches, material and precise time in which they were manufactured.