On 2026年4月25日, the EU officially released the revision draft of EN 62368-3:2026, mandating that all sensor products equipped with wireless OTA functionality (including industrial, medical, and IoT terminals) comply with firmware signature verification, rollback protection, and secure boot authentication. This provision will be mandatorily implemented starting from the first quarter of 2027, directly affecting China’s exports to Europe of sensor modules, smart transmitters, and edge sensing devices. Companies in segmented fields such as industrial automation, medical electronics, smart instruments, and IoT devices need to pay close attention to its compliance progress.

Event Overview

On 2026年4月25日, the EU released the revision draft of EN 62368-3:2026. This document explicitly incorporates wireless firmware update (OTA) security mechanisms into mandatory compliance requirements, covering all sensor products with wireless OTA capability, including industrial sensors, medical sensing terminals, and IoT edge sensing devices. The core technical requirements include firmware signature verification, rollback protection mechanisms, and secure boot authentication. The new regulation is planned to be mandatorily implemented in the EU market starting from the first quarter of 2027. Products that fail to obtain the relevant certification will face customs clearance rejection or removal from shelves if already on sale. Relevant alerts have already been issued to overseas buyers, and they are advised to verify suppliers’ compliance progress in advance.

Which Segments Will Be Affected

Direct Trading Enterprises

Trading companies engaged in exporting sensor-type electronic equipment to Europe will be directly subject to customs clearance and market access restrictions. The impact is mainly reflected in: export order delivery cycles may be extended; signed orders may face performance risks due to certification delays; some customers may list certification status as a prerequisite in contracts.

Processing and Manufacturing Enterprises

Manufacturers producing sensor modules, smart transmitters, and edge sensing devices with wireless OTA functionality need to reassess their existing product firmware architecture and boot processes. The impact is mainly reflected in: hardware design needs to reserve support for a trusted execution environment (TEE) or secure boot; firmware development processes must embed signing and version management mechanisms; production line testing needs to add secure boot and rollback verification items.

Channel Distribution Enterprises

Distributors, brand owners, and ODM service providers serving the European market will see their inventory turnover and channel stocking pace constrained by the new regulation. The impact is mainly reflected in: after 2027年Q1, uncertified inventory products may not be allowed to be listed for sale; some e-commerce platforms or offline channels may launch compliance reviews in advance; inquiries from channels regarding supplier certification status will increase significantly.

Supply Chain Service Enterprises

Third-party institutions providing services such as CE certification consulting, EMC/safety testing, and firmware security assessment will see changes in the structure of business demand. The impact is mainly reflected in: existing EN 62368-1 basic safety testing services will need to add OTA security modules; customer consultation priorities are shifting from single electrical safety to integrated verification capabilities of “secure boot + signature verification + rollback strategy”.

What Relevant Enterprises or Practitioners Should Focus On and How to Respond Now

Pay Attention to Subsequent Official Statements or Policy Changes

EN 62368-3:2026 is currently a revision draft and has not yet become a formal Harmonised Standard. Enterprises should continue to track announcements in the Official Journal of the European Union (OJEU) to confirm whether it is listed in the Official Journal and its corresponding effective date. The status of a harmonised standard determines whether it constitutes the legal presumption of conformity basis for CE marking.

Pay Attention to Changes in Key Product Categories, Key Markets, or Key Business Links

At present, priority should be given to sorting out the list of sensor products exported to the EU that have any wireless communication capability such as Wi-Fi, Bluetooth, Zigbee, LoRaWAN, or NB-IoT; focus on checking whether the product firmware supports signature verification, whether it has a non-bypassable secure boot chain, and whether it has the capability to force rollback to a known secure version. The absence of such functions constitutes a substantive compliance gap.

Distinguish Between Policy Signals and Actual Business Implementation

This revision draft is a typical forward-looking signal of technical regulation, reflecting the EU’s trend toward strengthening lifecycle security management for connected sensing devices. However, the specific test methods, certification pathways, and list of approved laboratories still await further clarification by CENELEC or the European Commission. Enterprises should not launch comprehensive modifications solely based on the draft text, but should instead conduct preliminary assessments in combination with the security mechanism framework listed in Annex D (informative annex) of the published EN 62368-3:2026.

Prepare Procurement, Supply Chain, Communication, or Contingency Plans in Advance

It is recommended that enterprises already conducting business with Europe immediately launch internal cross-department coordination: the hardware team should confirm whether the SoC/MPU supports secure boot; the firmware team should sort out the signing key management process; the quality department should connect with testing institutions to confirm coverage of OTA security testing capabilities; the foreign trade team should simultaneously update customer communication scripts to explain compliance progress milestones and transition arrangements.

Editor’s Viewpoint / Industry Observation

From an industry perspective, the revision draft of EN 62368-3:2026 is more like a clear technical compliance signal rather than a result already fully implemented. It marks that the EU is extending cybersecurity requirements from the IT/OT system level down to underlying sensing terminals, with particular focus on firmware updates as a high-risk attack surface. From the analysis, this provision does not appear in isolation, but forms a technical echo with the EU Cyber Resilience Act (CRA), jointly building a full-lifecycle security baseline for connected devices. What deserves more attention at present is: whether different testing institutions have a consistent interpretation of “rollback protection”; whether small and medium-sized manufacturers can achieve cost-controllable compliance upgrades through modular solutions (such as integrating SE security elements); and whether transitional exemption arrangements will exist before 2027年Q1.

Conclusion
This revision draft represents an institutional upgrade in the EU’s security governance for sensor-type wireless terminals. Its core significance lies not in immediately causing export disruption, but in driving the industrial chain to evolve from “connectable” to “trusted connectivity”. At present, it is more appropriate to understand it as the launch of a compliance preparation period for market access in 2027. Enterprises should take technical feasibility assessment as the starting point and advance firmware security capability building in phases, avoiding misjudging policy signals as immediate implementation instructions.

Information Source Note
Main source: the EN 62368-3:2026 revision draft released by the European standardization organization CENELEC (published on 2026年4月25日);
Items requiring continued observation: whether this draft will be adopted as an official EU harmonised standard, whether the specific implementation timeline will be adjusted, and whether supporting testing guidelines will be issued.