At the draft notification stage, CENELEC in the EU has proposed a revised version of EN 62368-3:2027, intending to add mandatory security clauses for wireless firmware updates to industrial and consumer sensor devices with wireless communication functions. The matter is currently in the public consultation period for the draft standard and has not yet been officially released; the new regulation is expected to take effect in the first quarter of 2027, but starting from July 2026, new certification applications will already need to submit security architecture documentation in advance. Relevant manufacturing and trading enterprises exporting industrial sensors, smart home appliances, IoT terminals, building automation equipment, and similar products to the EU should pay close attention.

Event Overview

According to CENELEC's latest draft notification, the revised version of EN 62368-3:2027 will mandatorily require all industrial and consumer sensor devices equipped with wireless communication functions to implement OTA (Over-the-Air) firmware signature verification, rollback protection mechanisms, and secure boot chain authentication. This standard is a specialized supplementary standard within the EN 62368 series for the safety of audio-video, information, and communication technology equipment, and this revision focuses on security safeguards in the wireless firmware update process. It is currently at the draft notification stage and has not yet completed the voting and publication procedures; the new regulation is planned to officially take effect in the first quarter of 2027, but the transitional arrangement is clear: starting from July 2026, all newly submitted CE certification applications must simultaneously submit device security architecture documentation in advance.

Which Sub-sectors Will Be Affected

Direct Trading Enterprises

Traders of sensor products exported to the EU will be directly subject to the new certification market entry threshold. The impact is mainly reflected in the following: models that cannot provide compliant security architecture documentation or have not passed TEE (Trusted Execution Environment) solution verification will not be able to obtain a declaration of conformity under the new version of EN 62368-3, thereby losing the basis for CE marking authorization, resulting in customs clearance obstacles or order cancellations.

Processing and Manufacturing Enterprises

Enterprises engaged in ODM/OEM production of industrial sensors, smart temperature controllers, wireless environmental monitoring modules, and similar products need to integrate secure boot modules during the hardware design stage, and embed signature verification and version rollback control logic in firmware development. The impact is mainly reflected in extended R&D cycles, increased BOM costs (such as the need to add SE security components or upgrade the main control MCU to support TEE), and the addition of secure boot chain verification steps in production line testing.

Supply Chain Service Enterprises

Third-party institutions providing CE certification consulting, EMC/safety testing, and OTA system integration services will face growing customer demand for new service capabilities such as "security architecture documentation preparation" and "TEE solution adaptation verification". The impact is mainly reflected in the need to supplement existing service catalogs with new service modules such as secure boot chain assessment, firmware signing process audits, and compliance testing of rollback strategies.

What Key Points Should Relevant Enterprises or Practitioners Focus On, and How Should They Respond at Present

Pay Attention to Subsequent Official Wording or Policy Changes

Closely monitor the final text of EN 62368-3:2027 published on the CENELEC official website and the announcements in the Official Journal of the European Union (OJEU), with particular focus on comparing the final wording in the draft regarding "secure boot chain authentication levels", "mandatory requirements for signature algorithms (such as ECDSA vs RSA)", and "rollback protection trigger thresholds", so as to avoid overcommitting resources based on early drafts.

Pay Attention to Changes in Key Product Categories, Key Markets, or Key Business Links

Give priority to sorting out the list of sensor products already exported or planned for export to the EU that have wireless functions such as Wi-Fi/Bluetooth/Zigbee, and identify models using general-purpose MCUs (such as Cortex-M0/M3 without TEE capability) or relying on manufacturers' proprietary OTA protocols. Such products are difficult to modify and require long adaptation cycles, and should be listed as the first batch for evaluation and upgrading.

Differentiate Between Policy Signals and Actual Business Implementation

The current draft has not yet taken effect, and there is still room for clarification of technical details, so enterprises should not immediately replace existing hardware platforms across the board; a more practical approach is to begin preparing security architecture documentation templates, organize R&D teams to conduct feasibility studies on TEE solutions (such as ARM TrustZone, the OP-TEE open-source framework, or commercial TEE SDKs), and confirm SoC-level secure boot support with chip manufacturers.

Prepare Procurement, Supply Chain, Communication, or Contingency Plans in Advance

Send formal inquiries to key component suppliers (such as MCU and Secure Element manufacturers) to confirm the native support status of their products for secure boot chains, firmware signature verification, and rollback protection, as well as mass production delivery schedules; at the same time, reserve a security solution verification cycle in internal project planning (it is recommended to be no less than 3 months), and communicate in advance with downstream customers regarding possible BOM cost changes and negotiated cost-sharing mechanisms.

Editorial Viewpoint / Industry Observation

From an industry perspective, this draft revision of EN 62368-3 is more like a clear regulatory signal rather than an immediately implemented outcome. It reflects that the EU is extending cybersecurity requirements from the IT/OT integrated system level down to the fundamental firmware update process of end-device sensing-layer equipment, marking a further shift forward in lifecycle security control for IoT devices. Analytically, this draft is not an isolated action, but forms a technical response to the software update obligation requirements of the EU Cyber Resilience Act, and similar security mechanisms may in the future be extended to other EN standard systems. What is currently more noteworthy is its effect of raising the "implicit technical threshold" for mid- and low-end sensor products——mature platforms without TEE or secure boot capabilities may accelerate their exit from the EU compliance market.

Conclusion: This draft revision of EN 62368-3 marks the EU's security regulation of wireless sensor devices entering a stage of in-depth control at the firmware level. Its industry significance lies not in immediate compliance pressure taking effect, but in sending a long-term trend signal that "secure boot + OTA verification" will become a foundational capability for export-oriented smart sensing terminals. At present, it is more appropriate to understand it as a technological compliance evolution process requiring phased responses: 2024–2025 focuses on identification and assessment, from Q2 2026 enters the preparation period for advance submission of documentation and solutions, and after Q1 2027 is formally included within the scope of mandatory certification.

Information source note:
Main source: the draft notification document for EN 62368-3:2027 published on the CENELEC official website (number: CENELEC/TC 108/2024-XXX, the specific number is subject to the official website announcement).
Parts requiring continued observation: technical details in the final standard text regarding secure boot chain authentication levels, mandatory types of signature algorithms, and specific implementation methods of rollback protection, among others, still need to be confirmed after CENELEC voting approval and publication in the Official Journal of the European Union.